fbm affiliate program
Affiliate dashboard for a multi-product AI ecosystem. Real-time analytics for clicks, conversions, rebills, upsells, and commissions. 6-layer defense-in-depth security.
Overview
The fbm affiliate program provides affiliates with a comprehensive dashboard to track their performance across a suite of AI chatbot products. Affiliates can monitor clicks, conversions, rebills, upsells, and commissions in real-time. The unique tracking system allows affiliates to send traffic to any page of any partner app simply by appending /aff/{id} to any URL - all traffic is automatically tracked with detailed statistics available in the dashboard.
A key feature is the whitelabel solution that lets any affiliate create their own custom AI chatbot app within minutes - no coding required. This enables affiliates to build and brand their own products while leveraging the existing infrastructure.
Tech Stack
Application
- Ruby on Rails 8.0.2
- PostgreSQL 17 (multi-schema)
- Hotwire (Turbo + Stimulus)
- Tailwind CSS + shadcn/ui
Infrastructure
- Docker multi-stage builds
- DigitalOcean
- Puma + Nginx
- systemd + watchdog
Multi-Schema Architecture
PostgreSQL schema separation provides logical data isolation without multiple databases. The affiliate schema holds core business data (affiliates, clicks, conversions, payments), while logs stores the audit trail. Active Record models use table name prefixes for schema routing.
The tracking system spans multiple applications - partner apps (podruga.ai, etc.) handle click recording and conversion tracking, while this dashboard provides read-only reporting and payout management.
# PostgreSQL schema configuration
schema_search_path: "affiliate,logs,public"
# Model table routing
class Click < ApplicationRecord
self.table_name = 'affiliate.clicks'
end
class ApplicationLog < ApplicationRecord
self.table_name = 'logs.application_logs'
end
# Tracking flow
1. Affiliate gets link: https://podruga.ai/aff/{code}
2. User clicks -> partner app records click, sets cookie
3. User converts -> partner app records conversion
4. Affiliate views stats on fbmhdl.com (read-only)
Key Features
Real-Time Analytics
Dashboard with summary cards (clicks, conversions, commission, conversion rate), 14-day breakdown with unique IPs, per-app JSON API for drilling into individual products, and recent activity feed.
Multi-Product Tracking
Track conversions across multiple products with domain-based grouping. Single affiliate code works across podruga.ai and all partner apps with proper attribution.
Custom Authentication
Dual login (affiliate code OR email), remember-me with secure token generation, Flask BCrypt hash compatibility. 7-day persistent sessions with encrypted cookies.
Creative Distribution
Video and banner embeds with affiliate tracking. X-Sendfile acceleration for Nginx, inline serving, click-through tracking for banners, and access logging for analytics.
Rate Limiting
Rack::Attack with multi-layer protection: global limits (1000/hour), login throttling (5 attempts/20min by IP and username), registration abuse prevention, and API rate limiting.
Defense-in-Depth Security
Six-layer security architecture from network to application level:
Layer 1: Network - UFW firewall + SSL/TLS Layer 2: Rate Limit - Rack::Attack (IP + username) Layer 3: Validation - CSRF tokens Layer 4: Auth - BCrypt hashing, secure sessions Layer 5: Authorization - before_action guards Layer 6: Audit - ApplicationLog trail
Technical Challenges
Legacy Password Migration
Flask and Rails both use BCrypt with compatible hash formats. By using the bcrypt gem with matching cost factor, existing password hashes worked without modification - zero password resets required.
Multi-Product Attribution
Tracking conversions across multiple products with proper affiliate attribution. Implemented app codes with domain grouping - single affiliate code works across the entire product suite.
Creative Asset Tracking
Serving video/banner files while tracking which affiliate's embed was viewed. Custom embed controller with query parameter tracking and X-Sendfile acceleration for Nginx.