Portal Overview
The Rockfish Portal is a self-service web application that combines the marketing website with license management. It provides:
- Marketing pages — product information, features, pricing
- Shop — dynamic pricing from Stripe with tier comparison
- Registration — passwordless email-based authentication (magic links)
- License management — purchase, download, and manage licenses
- Stripe integration — payment processing with webhook support
- License server integration — delegates license signing to the license server
Architecture
User → Portal (Axum) → Stripe (payments)
→ License Server (signing)
→ S3 (data persistence)
→ SMTP (email)
The portal is a single Rust binary (rockfish-portal) that serves both the static marketing site and the dynamic commerce functionality.
URL Structure
| Path | Description | Auth |
|---|---|---|
/ | Marketing landing page | Public |
/features.html | Feature overview | Public |
/shop | Dynamic pricing (from Stripe) | Public |
/enter | Email entry / login | Public |
/auth?token=... | Magic link authentication | Public |
/dashboard | License list | Logged in |
/dashboard/buy | Purchase a license | Logged in |
/checkout | Stripe checkout redirect | Logged in |
/webhook/stripe | Stripe payment webhook | Stripe |
/terms | Terms & Conditions | Public |
/privacy | Privacy Policy | Public |
Authentication
The portal uses passwordless magic link authentication:
- User enters email at
/enter - If email is new → account created automatically
- Magic link sent via SMTP
- User clicks link → session cookie set
- First-time users complete profile (name, company, accept terms)
- New users → redirected to Buy tab
- Returning users → redirected to Licenses tab
License Flow
- User selects a tier on the Buy tab
- Enters an Installation Name (min 5 characters, identifies the Suricata instance)
- Redirected to Stripe Checkout
- On payment confirmation:
- Stripe sends webhook to
/webhook/stripe - Portal asynchronously requests license from the license server
- License stored in DuckDB and synced to S3
- User can download or copy the license JSON from their dashboard
- Stripe sends webhook to
45-Day Enterprise Trial
Every license includes 45 days of Enterprise features from the issue date:
- The NDR engine checks
issued_atin the license - If within 45 days → grants Enterprise features regardless of tier
- After 45 days → settles to purchased tier
- Re-checked once per day
Tiers
| Tier | Price | Events/min | Features |
|---|---|---|---|
| Basic | $0.99/yr | 25,000 | GeoIP, Parquet to S3 export, Reports |
| Professional | $99/yr | 100,000 | + IP Reputation, MCP |
| Enterprise | $999/yr | Unlimited | + SIGMA, Hunt, ML, Anomaly |
Prices are fetched dynamically from Stripe and cached for 8 hours.
Portal Control
PORTAL_DISABLED=true— shows “Coming Soon” page, allows pre-registration but disables purchasing- When disabled, users can still log in and view existing licenses
Data Persistence
The portal uses DuckDB locally and syncs to S3 after every write:
- New user registration
- Profile completion
- License issuance
On startup, data is loaded from S3 into local DuckDB. This supports ephemeral environments like DigitalOcean App Platform.
CLI Commands
# Run the portal server
rockfish-portal
# List registered users
rockfish-portal --list-users
# List licenses
rockfish-portal --list-licenses
# Verbose mode
rockfish-portal -v