Skip to content

Macneyste/E-commerce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
backend
backend
Β 
Β 
frontend
frontend
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
SECURITY_CHECKLIST.md
SECURITY_CHECKLIST.md
Β 
Β 
package.json
package.json
Β 
Β 

Repository files navigation

πŸ›’ E-Commerce Platform

A full-stack e-commerce application built with React, Node.js, Express, and MongoDB. This repository is a monorepo containing both the frontend storefront and the backend API.

πŸ“Œ Purpose

This README is written so that a developer who did not build the project can understand the system and run it step by step.

πŸ“Έ What the System Does

  • Customer storefront with product browsing, filtering, cart, and checkout.
  • Authentication with secure login/register, JWT access and refresh tokens.
  • User profile editing and order history.
  • Admin dashboard for managing products, orders, and users.
  • Light/dark theme toggle.
  • Security middleware protecting the backend API.

🧠 Architecture Overview

The system is split into two main parts:

  1. Backend (backend/)

    • Express API server.
    • MongoDB database connection.
    • Endpoints for auth, products, cart, orders, and admin actions.
    • Security middleware for CORS, rate limiting, headers, and input sanitization.

  2. Frontend (frontend/)

    • React application using Vite.
    • Redux Toolkit for global state.
    • Axios for communicating with the backend.
    • Pages for customers and admin users.

πŸ—‚ Folder Structure

The repository is organized as a monorepo with separate frontend and backend applications.

Backend

backend/
β”œβ”€β”€ server.js                  # Application entry point
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ app.js                 # Express app and middleware configuration
β”‚   β”œβ”€β”€ config/
β”‚   β”‚   └── database.js        # MongoDB connection setup
β”‚   β”œβ”€β”€ routes/                # API route definitions
β”‚   β”œβ”€β”€ controllers/           # Business logic and request handlers
β”‚   β”œβ”€β”€ models/                # Mongoose schemas and models
β”‚   β”œβ”€β”€ middleware/            # Authentication, validation, security, and error handling
   β”‚   └── ...
β”‚   β”œβ”€β”€ services/              # Reusable service and domain logic
β”‚   └── utils/                 # Shared helper utilities

Frontend

frontend/
β”œβ”€β”€ index.html                 # HTML template for Vite
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ main.jsx               # React app bootstrap
β”‚   β”œβ”€β”€ App.jsx                # Root component, routes, and auth hydration
β”‚   β”œβ”€β”€ store/                 # Redux store and slices
β”‚   β”œβ”€β”€ hooks/                 # Custom hooks used across the app
β”‚   β”œβ”€β”€ components/            # Reusable UI components
β”‚   β”œβ”€β”€ pages/                 # Page-level views and routing targets
β”‚   └── styles/                # Global styles and theme variables

πŸ”§ How the Backend Works

  1. backend/server.js loads environment variables and starts the Express app.
  2. backend/src/config/database.js connects to MongoDB using MONGODB_URI.
  3. backend/src/app.js configures middleware:
    • CORS with origin validation and cookies.
    • Compression and JSON parsing.
    • Cookie parsing.
    • Rate limiting.
    • Security protections (Helmet, XSS, HPP, Mongo sanitization).
  4. API routes are mounted under /api/v1/.
  5. Protected routes verify JWT tokens using auth middleware.
  6. Errors are handled globally.

Backend Environment Variables

Create a .env file in backend/ with at least:

PORT=5000
MONGODB_URI=mongodb://localhost:27017/ecommerce-db
JWT_ACCESS_SECRET=yourAccessSecret
JWT_REFRESH_SECRET=yourRefreshSecret
JWT_ACCESS_EXPIRES=15m
JWT_REFRESH_EXPIRES=7d
CORS_ORIGIN=http://localhost:5173
FRONTEND_URL=http://localhost:5173
NODE_ENV=development

πŸ”§ How the Frontend Works

  1. The React app loads in the browser.
  2. Routes render the requested page.
  3. Auth state is restored from backend cookies.
  4. User actions call backend APIs for auth, products, cart, and orders.
  5. Protected routes block access for unauthenticated or unauthorized users.
  6. Redux stores user, cart, and UI state.

πŸš€ Running the App Locally

1. Install dependencies

cd backend
npm install
cd ../frontend
npm install

2. Start backend

From the repo root:

npm run dev:backend

Or from backend/:

npm run dev

3. Start frontend

From the repo root:

npm run dev:frontend

Or from frontend/:

cd frontend
npm run dev

4. Open the application

  • Frontend: http://localhost:5173
  • Backend API base URL: http://localhost:5000/api/v1
  • Health check: http://localhost:5000/health

πŸ“‘ Major API Endpoints

Authentication

  • POST /api/v1/auth/register β€” Register a new user.
  • POST /api/v1/auth/login β€” Login and receive auth cookies.
  • GET /api/v1/auth/me β€” Get current user.
  • PATCH /api/v1/auth/profile β€” Update profile.
  • POST /api/v1/auth/logout β€” Logout and clear cookies.
  • POST /api/v1/auth/refresh β€” Refresh the access token.

Products

  • GET /api/v1/products β€” List products.
  • GET /api/v1/products/:id β€” Get one product.
  • POST /api/v1/products β€” Create product (admin only).
  • PUT /api/v1/products/:id β€” Update product (admin only).
  • DELETE /api/v1/products/:id β€” Delete product (admin only).

Cart

  • GET /api/v1/cart β€” Get current cart.
  • POST /api/v1/cart/items β€” Add item.
  • PUT /api/v1/cart/items/:itemId β€” Update quantity.
  • DELETE /api/v1/cart/items/:itemId β€” Remove item.

Orders

  • POST /api/v1/orders β€” Create order.
  • GET /api/v1/orders β€” Get user's orders.
  • GET /api/v1/orders/all β€” Get all orders (admin only).
  • GET /api/v1/orders/:id β€” Get order details.
  • PATCH /api/v1/orders/:id/status β€” Update order status (admin only).

Admin

  • GET /api/v1/admin/dashboard β€” Admin statistics.
  • GET /api/v1/admin/users β€” List users.
  • PATCH /api/v1/admin/users/:userId β€” Update user role/status.
  • DELETE /api/v1/admin/users/:userId β€” Delete a user.

βš™οΈ Available Scripts

Root

  • npm run dev:backend β€” Start backend dev server.
  • npm run dev:frontend β€” Start frontend dev server.
  • npm run build:frontend β€” Build frontend.
  • npm run build:backend β€” Start backend in production mode.
  • npm run test:backend β€” Run backend tests.

Backend

  • npm run dev β€” Start backend with nodemon.
  • npm start β€” Start backend with node.
  • npm test β€” Run Jest tests.

Frontend

  • npm run dev β€” Start Vite.
  • npm run build β€” Build production app.
  • npm run preview β€” Preview built app.

πŸ”’ Security Summary

  • JWT access and refresh tokens stored in HTTP-only cookies.
  • CORS origin whitelist.
  • Rate limiting for API requests.
  • Helmet secure headers.
  • XSS cleaning, HPP protection, and MongoDB input sanitization.

βœ… For a New Developer

  1. Install dependencies in backend/ and frontend/.
  2. Create backend/.env with the required variables.
  3. Start backend and frontend.
  4. Visit http://localhost:5173.
  5. Register, login, and explore the storefront and admin pages.

❀️ Built With

React, Vite, Redux Toolkit, Node.js, Express, MongoDB, JWT, Helmet.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages