= Cinnamon architecture
== Diagram
The following diagram shows the architecture of a Cinnamon system with its peripherals.

[[Image(wiki:Public/Docs/CinnamonArchitecture:Architecture.png, 50%)]]

== Components
=== Cinnamon Server
The server is the core Cinnamon component. Accessing all backend data and secondary services is exclusively done through the API. Thus, clients don't have and don't need access to the database, the content or the index directly, don't store backend credentials and can't bypass server functionality like permission checking. The API is complete in the sense that all client components like CDCplus, CAE or Change Trigger are implemented using API methods and nothing else. Likewise, the API exposes complete admin functionality for user accounts in the {{{_superusers}}} group.

The Cinnamon Server API is based on {{{http(s)}}}/{{{XML}}}. Find the documentation here: https://github.com/dewarim/cinnamon4/blob/master/docs/api.md

The API can be exposed through {{{http}}} or {{{https}}}. In the most simple case, the server listens on http, thus, client processes running on the same machine can access the server without encryption (avoiding issuing certificates for local traffix, which is convenient for test and development setups). By firewall settings, this can be restricted to local access and access from a web proxy and / or a VPN, where encryption is added. Alternatively, the server can be configured to listen only on {{{https}}} by itself. The API client supports both, including handling of self-signed certificates for internal traffic.

=== Database
Cinnamon uses a PostgreSQL database for structured storage of information like these:
* System data for folders and objects.
* Metadata for folders and objects.
* Relations between objects.
* Configuration and taxonomies.
* User / group / permission / lifecycle managemnent.

The database is exclusively accessed by Cinnamon Servers. All client applications must use the API.

=== Content
Content files are stored in the server (virtual) machine's file system, or on a separate volume mounted to the file system. Like the database, the content files can't be accessed directly from the clients, the API must be used, where e.g. permission checking applies.
The content files are not named and organized as they appear in the folder structure view in the client, rather Cinnamon Server stored them in a generated path and keeps the content path with the object in the database.

Backing up the server is done by backing up the content and a dump from the database. The data of a Cinnamon Server, including user accounts, permissions etc. can be completely restored from these data. The same technique can be used for duplicating a Cinnamon Server or for migration to a different machine.

=== Index

=== tika

=== CAE

=== Change Trigger

=== CDCplus

=== Web Client

=== Other Clients

=== Other Servers