QPhising

Operational web tracking, campaign simulation workflows, and actionable visitor analytics in one contract-first platform.

QPhising combines campaign lifecycle control, public landing telemetry, analytics dashboards, report exports, and security-aware auditability for teams that need reliable operational visibility.

View Docs Get Started GitHub

Analytics Overview

Total Visits18,420
Unique Visitors12,608
Top Page CTR31.4%
Active Campaigns14

Feature Highlights

Built from real platform capabilities in this repository, designed for secure and traceable operations.

Campaign Lifecycle Management

Create, schedule, start, pause, complete, cancel, and soft-delete campaigns with role-based permissions.

Tracking Page Operations

Manage publish/archive lifecycle, metadata, validity windows, templates, and privacy settings per tracking page.

Anonymous Visit Ingestion

Capture visits by ID or slug endpoints with deduplication support, request limits, and abuse-aware rate limiting.

Analytics & Trends

Observe total/unique visits, top pages, recent traffic stream, and trend buckets with bot-exclusion controls.

Report Center

Export analytics as CSV or PDF with global/selected scope, detail-level options, and localization-ready output.

Audit & Security Visibility

Track operational and security-relevant events while enforcing JWT, role policies, and correlation-driven logging.

Why QPhising

QPhising is designed backend-first with Clean Architecture, CQRS workflows, and generated API clients to keep contracts authoritative from API to UI.

Reporting Preview

Summary and detailed export modes provide executive-level views and operational detail for teams sharing evidence across stakeholders.

Admin Management Preview

Operators and admins manage campaigns, templates, tracking pages, and audit logs from a single consistent interface.

Architecture

Clean Architecture boundaries with a contract-first API and generated frontend proxies.

Frontend

Angular + PrimeNG dashboard modules consume generated OpenAPI clients and runtime-configurable gateway/auth endpoints.

API

ASP.NET Core API with MediatR CQRS handlers, validation, ProblemDetails middleware, and secure management endpoints.

Database

PostgreSQL via EF Core migrations with soft-delete semantics and query filters for write-side entities.

Deployment

Docker Compose stack for API, Gateway, frontend, and optional Redis profile with environment-driven startup configuration.

Authentication

JWT/OIDC integration (Keycloak authority), policy-based role authorization, and authenticated routing for admin surfaces.

Tracking Engine

Public `/p/{slug}` landing resolution plus anonymous visit capture, deduplication controls, and analytics/reporting pipelines.

Tech Stack

.NET 10

ASP.NET Core API and gateway services.

Angular 19

Modern standalone frontend architecture.

PostgreSQL 16

Primary operational data storage.

Ocelot Gateway

Edge routing and downstream forwarding.

Redis (Optional)

Optional transient readiness/cache layer.

QuestPDF + CSV

Professional reporting outputs.

Installation

Local Run

dotnet restore QPhising.slnx

dotnet build QPhising.slnx

# API

dotnet run --project backend/API/QPhising.Api.csproj

# Gateway

dotnet run --project backend/Gateway/QPhising.Gateway.csproj

# Frontend

cd frontend
npm ci
npm run start

Docker Compose

cp deploy/env/.env.local.example .env
docker compose up --build

# optional Redis profile

docker compose --profile redis up --build

Build & Test

dotnet build QPhising.slnx --configuration Release
dotnet test backend/API.Tests/QPhising.Api.Tests.csproj --configuration Release

cd frontend
npm ci
npm run build

Documentation

Project README API Contracts Tracking Analytics Architecture Analytics Definitions Runbook Audit Event Taxonomy Production Readiness Review

Roadmap

  • Expanded native analytics visualizations and richer trend explorations.
  • Scheduled and automated report delivery workflows.
  • Retention enforcement and cleanup orchestration for visit-event data.
  • Extended observability integrations (metrics/tracing backends).
  • Optional deployment manifests for advanced runtime targets.