Skip to content

PalakVerma-code/ScaleCart

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

ScaleCart — Enterprise E-Commerce Management Engine

A production-ready, full-stack e-commerce platform built with Node.js, Express.js, React.js, MongoDB, and Redis. Features enterprise-grade JWT authentication, Redis caching, Cloudinary cloud storage, persistent cart management, role-based access control, and a complete admin dashboard.


Tech Stack

Frontend

  • React.js 18 — Component-based UI
  • Redux Toolkit — Global state management (cart, user, admin)
  • TailwindCSS — Utility-first responsive styling
  • Vite — Fast development build tool
  • Axios — HTTP client for API calls
  • React Router DOM — Client-side routing

Backend

  • Node.js + Express.js — RESTful API server
  • MongoDB + Mongoose — NoSQL database with schema validation
  • Redis (ioredis) — In-memory caching layer
  • JWT (jsonwebtoken) — Stateless authentication
  • Bcrypt — Password hashing
  • Multer + Cloudinary — File upload and cloud storage
  • Cookie-parser — HTTP-only cookie handling

Key Features

Security & Authentication

  • JWT authentication stored in HTTP-only cookies (XSS-proof)
  • Bcrypt password hashing with salt rounds
  • Role-Based Access Control (RBAC) — Admin and Customer roles
  • Protected routes enforced on both frontend and backend
  • Route guards using custom PrivateRoute and AdminRoute components

Performance Optimization

  • Redis caching on all GET product endpoints
  • Automatic cache invalidation on any write operation (create, update, delete)
  • MongoDB Aggregation Pipelines for real-time admin analytics
  • Server-side pagination — handles large product catalogs
  • Debounced search (300ms) — reduces unnecessary API calls

E-Commerce Core

  • Persistent cart — synced with MongoDB for logged-in users
  • Guest cart merge — guest cart merges seamlessly on login
  • Real-time stock management — stock reduces on order placement
  • Full order lifecycle — pending → processing → shipped → delivered
  • Product search and filter — by keyword, category, price range, sort order
  • URL-synced filters — shareable and refresh-safe filter state

Cloud Storage

  • Cloudinary integration — auto-resize and compress on upload
  • Multer middleware — handles multipart file uploads
  • Only image URLs stored in MongoDB (not the files themselves)

Admin Dashboard

  • Stats overview — total orders, revenue, product count, pending orders
  • Low stock alerts — automatic warning for products with stock < 5
  • Product management — full CRUD with image upload and inline editing

API Endpoints

Authentication — /api/auth

Method Endpoint Access Description
POST /register Public Register new user
POST /login Public Login + set JWT cookie
POST /logout Public Clear JWT cookie
GET /me Private Get logged-in user profile
PUT /profile Private Update name or password

Products — /api/products

Method Endpoint Access Description
GET / Public Get all (search, filter, paginate)
GET /:id Public Get single product
GET /categories Public Get all categories
POST / Admin Create product
PUT /:id Admin Update product
DELETE /:id Admin Delete product

Cart — /api/cart

Method Endpoint Access Description
GET / Private Get user's cart
POST / Private Add item to cart
POST /merge Private Merge guest cart on login
PUT /:productId Private Update item quantity
DELETE /clear Private Clear entire cart
DELETE /:productId Private Remove item

Orders — /api/orders

Method Endpoint Access Description
POST / Private Place new order
GET /myorders Private Get my orders
GET /:id Private Get single order
GET /stats Admin Dashboard statistics
GET / Admin Get all orders
PUT /:id/status Admin Update order status

Upload — /api/upload

Method Endpoint Access Description
POST / Admin Upload image to Cloudinary

Getting Started Locally

Prerequisites

  • Node.js v18+
  • MongoDB Atlas account (free tier works)
  • Redis — via WSL2 on Windows or native on Mac/Linux
  • Cloudinary account (free tier works)

1. Clone the Repository

git clone https://github.com/yourusername/scalecart.git
cd scalecart

2. Backend Setup

cd server
npm install

Create server/.env file:

PORT=5000
MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/scalecart
JWT_SECRET=your_super_secret_key_here
JWT_EXPIRE=7d
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
NODE_ENV=development

Run backend:

npm run dev

3. Frontend Setup

cd ../client
npm install
npm run dev

4. Start Redis

# Windows WSL2 / Ubuntu terminal
sudo service redis-server start
redis-cli ping        # should return PONG

# Mac
brew services start redis

# Linux
sudo systemctl start redis

5. Access the App

Service URL
Frontend http://localhost:5173
Backend API http://localhost:5000
Test API http://localhost:5000/api/products

Environment Variables

Variable Description
PORT Backend server port
MONGO_URI MongoDB Atlas connection string
JWT_SECRET Secret key for signing JWT tokens
JWT_EXPIRE Token expiry e.g. 7d
CLOUDINARY_CLOUD_NAME Your Cloudinary cloud name
CLOUDINARY_API_KEY Cloudinary API key
CLOUDINARY_API_SECRET Cloudinary API secret
NODE_ENV development or production

Core Technical Decisions

Why HTTP-only cookies for JWT instead of localStorage? localStorage is accessible by JavaScript and vulnerable to XSS attacks. HTTP-only cookies cannot be read by any script — even injected malicious code cannot steal the token.

Why Redis caching? Product catalog endpoints are read-heavy. A Redis cache with 1-hour TTL means MongoDB is queried only on the first request and after mutations. Cache keys are invalidated automatically using pattern matching whenever products are created, updated, or deleted.

Why persistent cart in MongoDB? Redux state resets on page refresh. Syncing the cart to MongoDB for logged-in users means the cart survives refreshes, tab changes, and device switches. Guest carts live in Redux and merge into the database automatically on login.

Why URL-synced filters? Filters stored only in component state reset on refresh and cannot be shared. URL query params make every filtered view bookmarkable, shareable, and browser-back-button compatible.

Why separate Admin and Customer routes? Security is enforced at two layers — frontend AdminRoute redirects non-admins before rendering, and backend adminOnly middleware blocks unauthorized API calls independently.


Resume Bullet Points

Copy these directly onto your resume under this project:

  • Architected a full-stack e-commerce engine using Node.js, Express.js, and React.js with Redux Toolkit for predictable global state management across 10+ pages.

  • Implemented secure JWT authentication via HTTP-only cookies with bcrypt password hashing and Role-Based Access Control (RBAC) separating Admin and Customer routes.

  • Optimized API read performance by integrating a Redis caching layer for frequently queried product endpoints with automatic cache invalidation on write operations.

  • Built a persistent cart system synced with MongoDB, supporting guest-to-user cart merging on login — maintaining cart state across devices and sessions.

  • Integrated Cloudinary SDK for cloud image storage with auto-resize and compression, handling multipart file uploads via Multer middleware.

  • Designed an Admin Dashboard using MongoDB aggregation pipelines for revenue analytics, low-stock alerts, and complete order lifecycle management.

  • Implemented server-side search, category filtering, price range filtering, and pagination with URL-synced state that is shareable and refresh-safe.


Author

Palak Verma B.Tech Computer Science Engineering — UIET, CSJM University Kanpur (2024–2028)

GitHub: https://github.com/PalakVerma-code LinkedIn: (https://www.linkedin.com/in/palak-verma-575a60314/)



Project Structure

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors