A production-ready, full-stack e-commerce platform built with Node.js, Express.js, React.js, MongoDB, and Redis. Features enterprise-grade JWT authentication, Redis caching, Cloudinary cloud storage, persistent cart management, role-based access control, and a complete admin dashboard.
- React.js 18 — Component-based UI
- Redux Toolkit — Global state management (cart, user, admin)
- TailwindCSS — Utility-first responsive styling
- Vite — Fast development build tool
- Axios — HTTP client for API calls
- React Router DOM — Client-side routing
- Node.js + Express.js — RESTful API server
- MongoDB + Mongoose — NoSQL database with schema validation
- Redis (ioredis) — In-memory caching layer
- JWT (jsonwebtoken) — Stateless authentication
- Bcrypt — Password hashing
- Multer + Cloudinary — File upload and cloud storage
- Cookie-parser — HTTP-only cookie handling
- JWT authentication stored in HTTP-only cookies (XSS-proof)
- Bcrypt password hashing with salt rounds
- Role-Based Access Control (RBAC) — Admin and Customer roles
- Protected routes enforced on both frontend and backend
- Route guards using custom
PrivateRouteandAdminRoutecomponents
- Redis caching on all GET product endpoints
- Automatic cache invalidation on any write operation (create, update, delete)
- MongoDB Aggregation Pipelines for real-time admin analytics
- Server-side pagination — handles large product catalogs
- Debounced search (300ms) — reduces unnecessary API calls
- Persistent cart — synced with MongoDB for logged-in users
- Guest cart merge — guest cart merges seamlessly on login
- Real-time stock management — stock reduces on order placement
- Full order lifecycle — pending → processing → shipped → delivered
- Product search and filter — by keyword, category, price range, sort order
- URL-synced filters — shareable and refresh-safe filter state
- Cloudinary integration — auto-resize and compress on upload
- Multer middleware — handles multipart file uploads
- Only image URLs stored in MongoDB (not the files themselves)
- Stats overview — total orders, revenue, product count, pending orders
- Low stock alerts — automatic warning for products with stock < 5
- Product management — full CRUD with image upload and inline editing
| Method | Endpoint | Access | Description |
|---|---|---|---|
| POST | /register |
Public | Register new user |
| POST | /login |
Public | Login + set JWT cookie |
| POST | /logout |
Public | Clear JWT cookie |
| GET | /me |
Private | Get logged-in user profile |
| PUT | /profile |
Private | Update name or password |
| Method | Endpoint | Access | Description |
|---|---|---|---|
| GET | / |
Public | Get all (search, filter, paginate) |
| GET | /:id |
Public | Get single product |
| GET | /categories |
Public | Get all categories |
| POST | / |
Admin | Create product |
| PUT | /:id |
Admin | Update product |
| DELETE | /:id |
Admin | Delete product |
| Method | Endpoint | Access | Description |
|---|---|---|---|
| GET | / |
Private | Get user's cart |
| POST | / |
Private | Add item to cart |
| POST | /merge |
Private | Merge guest cart on login |
| PUT | /:productId |
Private | Update item quantity |
| DELETE | /clear |
Private | Clear entire cart |
| DELETE | /:productId |
Private | Remove item |
| Method | Endpoint | Access | Description |
|---|---|---|---|
| POST | / |
Private | Place new order |
| GET | /myorders |
Private | Get my orders |
| GET | /:id |
Private | Get single order |
| GET | /stats |
Admin | Dashboard statistics |
| GET | / |
Admin | Get all orders |
| PUT | /:id/status |
Admin | Update order status |
| Method | Endpoint | Access | Description |
|---|---|---|---|
| POST | / |
Admin | Upload image to Cloudinary |
- Node.js v18+
- MongoDB Atlas account (free tier works)
- Redis — via WSL2 on Windows or native on Mac/Linux
- Cloudinary account (free tier works)
git clone https://github.com/yourusername/scalecart.git
cd scalecartcd server
npm installCreate server/.env file:
PORT=5000
MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/scalecart
JWT_SECRET=your_super_secret_key_here
JWT_EXPIRE=7d
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
NODE_ENV=developmentRun backend:
npm run devcd ../client
npm install
npm run dev# Windows WSL2 / Ubuntu terminal
sudo service redis-server start
redis-cli ping # should return PONG
# Mac
brew services start redis
# Linux
sudo systemctl start redis| Service | URL |
|---|---|
| Frontend | http://localhost:5173 |
| Backend API | http://localhost:5000 |
| Test API | http://localhost:5000/api/products |
| Variable | Description |
|---|---|
PORT |
Backend server port |
MONGO_URI |
MongoDB Atlas connection string |
JWT_SECRET |
Secret key for signing JWT tokens |
JWT_EXPIRE |
Token expiry e.g. 7d |
CLOUDINARY_CLOUD_NAME |
Your Cloudinary cloud name |
CLOUDINARY_API_KEY |
Cloudinary API key |
CLOUDINARY_API_SECRET |
Cloudinary API secret |
NODE_ENV |
development or production |
Why HTTP-only cookies for JWT instead of localStorage? localStorage is accessible by JavaScript and vulnerable to XSS attacks. HTTP-only cookies cannot be read by any script — even injected malicious code cannot steal the token.
Why Redis caching? Product catalog endpoints are read-heavy. A Redis cache with 1-hour TTL means MongoDB is queried only on the first request and after mutations. Cache keys are invalidated automatically using pattern matching whenever products are created, updated, or deleted.
Why persistent cart in MongoDB? Redux state resets on page refresh. Syncing the cart to MongoDB for logged-in users means the cart survives refreshes, tab changes, and device switches. Guest carts live in Redux and merge into the database automatically on login.
Why URL-synced filters? Filters stored only in component state reset on refresh and cannot be shared. URL query params make every filtered view bookmarkable, shareable, and browser-back-button compatible.
Why separate Admin and Customer routes? Security is enforced at two layers — frontend AdminRoute redirects non-admins before rendering, and backend adminOnly middleware blocks unauthorized API calls independently.
Copy these directly onto your resume under this project:
-
Architected a full-stack e-commerce engine using Node.js, Express.js, and React.js with Redux Toolkit for predictable global state management across 10+ pages.
-
Implemented secure JWT authentication via HTTP-only cookies with bcrypt password hashing and Role-Based Access Control (RBAC) separating Admin and Customer routes.
-
Optimized API read performance by integrating a Redis caching layer for frequently queried product endpoints with automatic cache invalidation on write operations.
-
Built a persistent cart system synced with MongoDB, supporting guest-to-user cart merging on login — maintaining cart state across devices and sessions.
-
Integrated Cloudinary SDK for cloud image storage with auto-resize and compression, handling multipart file uploads via Multer middleware.
-
Designed an Admin Dashboard using MongoDB aggregation pipelines for revenue analytics, low-stock alerts, and complete order lifecycle management.
-
Implemented server-side search, category filtering, price range filtering, and pagination with URL-synced state that is shareable and refresh-safe.
Palak Verma B.Tech Computer Science Engineering — UIET, CSJM University Kanpur (2024–2028)
GitHub: https://github.com/PalakVerma-code LinkedIn: (https://www.linkedin.com/in/palak-verma-575a60314/)