Southern Railway
Marker Terminal
Enterprise Isolated
An ultra-secure serverless platform and geodetic progressive web app engineered for Southern Railway contractors to catalog, verify, and lock physical railway markers with zero spoofing exposure.
The platform architecture isolates computing resources into three separate nodes to maximize security boundaries, withstand spike queries, and ensure zero public document exposure.
Administrative control desk for contractors to import CSV registries, audit updates, and manage assets.
Zero-install progressive web application enabling engineers to calibrate markers directly at track-sides.
Laravel API layer executed inside isolated AWS Lambda containers via Bref, ensuring zero server overhead.
Technical layout documents are locked inside private S3 containers, accessible only via temporary, signed URLs.
Built using React, TailwindCSS, and Outfit typography, the admin panel allows contractor managers to assign track segments, audit updates, and upload trench layouts.
Upload track coordinates lists containing thousands of records in a single action, instantly assigning cryptographically signed tags.
Dynamic dashboards group track masts by their status (Pending vs. Calibrated), giving managers live feedback on geodetic coverage.
The console strictly operates on official Southern Railway endpoints, preventing cross-site scripting and unauthorized data queries.
Every single blueprint download, parameter look up, and telemetry calibration is logged in a read-only historical ledger.
An offline-first geodetic terminal for field engineers, accessible instantly on any smartphone without visiting standard app stores.
Supports immediate local install prompts for Chrome (Android) and custom step-by-step setup modals for native Safari (iOS).
Maintains tab states across refreshes and maps view history. Pressing system back buttons swaps tabs instead of closing the app.
Service worker (`sr-track-v3`) caches UI templates, enabling field operations in tunnels with zero network connectivity.
Bypasses static file route mapping errors, loading geometries for complex references (e.g. 558/2-LB2) instantly.
Data integrity is strictly locked at the physical layer to shield coordinates databases from spoofing, tag tampering, and outer-domain manipulation.
Every track marker specification is cryptographically sealed during creation. Modifying any coordinate breaks the signature immediately.
QR code verification requires payloads to match official Southern Railway domain prefixes. Outer scans are rejected immediately.
Strict server-side origin policies deny non-aligned clients from triggering transactions, blocking data injections.
Restricts geodetic calibration and blueprint lookup capabilities strictly to authenticated site engineers.
Southern Railway's geodata assets are protected by top-tier transport layer privacy, auto-resilience recovery systems, and strict software standard compliance alignments.
Aligned with OWASP Top 10 guidelines to prevent injections, enforce secure direct object reference mappings, and sanitize all parameters.
Encrypts all operations-side telemetry in transit using strong TLS 1.3 cryptographic suites, preventing passive man-in-the-middle sniffing.
Database uses continuous hourly automated snapshot backups with a 30-day retention log, guaranteeing zero data loss on infrastructure failures.
API containers and server databases are hosted in isolated virtual networks (VPC) with continuous security scanning and dependency audits.
Engineered to isolate satellite parameters and calibrate precise marker positioning directly at track side.
Gathers sequential coordinates logs, filtering out distorted satellite samples to capture the highest-accuracy lock before committing.
Field engineers initiate localized proximity radar scans to find the 5 nearest masts, displaying distance and boundary offset guides.
Calibrated GPS positions are permanently patched to central database records, linking user ID, time, and coordinates.
Server verifies reported geometries against technical boundaries logs to flag layout anomalies during placement.
Every transaction, verification scan, blueprint request, and credential rotation is recorded in a read-only security vault, providing absolute contractor accountability.
Logs all physical QR HMAC code queries at trackside, identifying the site engineer's session and the specific marker.
Logs the multi-sample satellite lock details, GPS signal accuracy, and coordinates locked to database specifications.
Tracks all S3 blueprint pre-signed access URL requests, locking access timestamps and engineer IDs to prevent drawing leaks.
Rotations of security passcodes, user account provisioning, and contractor track sector mappings are logged in immutable entries.
Leverages isolated cloud microservices to withstand traffic spikes, separate resources, and prevent document leaks.
API layer is mapped to microservices using Laravel and Bref, scaling instantly to handle concurrent calibrations.
Layout PDF blueprints are sealed inside private S3 storage units, completely blocked from public directories.
Blueprint layout links are generated dynamically with a 10-minute expiration token, preventing download leaks.
Reference lookups run via JSON HTTP POST parameters to handle complex characters safely and prevent injection attacks.
The Geodetic Marker Roster and Telemetry system is fully synchronized, committed, and ready for deployment to Southern Railway Contractors.
Ready to process thousands of coordinates references en-masse.
Low-latency telemetry tracking with offline-first service worker cache.