Version: 2.0
Status: Production-Ready
License: Proprietary
Canonical Architecture: See BRAIN.MD for the single source of truth
QScrap is Qatar's first enterprise-grade automotive spare parts marketplace offering:
- Parts Marketplace: Spare parts bidding & delivery (β Live)
- Escrow & Buyer Protection: 7-day warranty hold with proof-of-condition (β Live)
- Partner Revenue: Analytics, Loyalty, Ads, Subscriptions (β Live)
- Quick Services: Battery, oil, wash, tire, AC, breakdown (π Phase 2)
- Repair Services: Workshop bookings & mobile mechanics (π Phase 2)
- Insurance Integration: MOI reports, pricing analytics (π Phase 3)
Revenue Potential: 295k QAR/year
Market Position: Leader in Qatar automotive sector
Backend:
- Node.js 18+ with Express.js
- TypeScript for type safety
- PostgreSQL 14+ (primary database)
- Redis for caching & real-time features
- Socket.IO for WebSocket communication
Frontend:
- React Native (Expo) for mobile apps
- Vanilla HTML/CSS/JS for dashboards
- Premium Qatar VVIP theme (Maroon & Gold)
Infrastructure:
- VPS: Hetzner (Doha Region)
- Nginx reverse proxy with TLS + Cloudflare
- Docker Compose (Backend, PostgreSQL 14, Redis)
- GitHub Actions CI/CD β GHCR β Docker pull on VPS
Node.js >= 18
PostgreSQL >= 14
Redis >= 6
npm or yarn- Clone repository:
git clone https://github.com/mechimaher/qscrap.git
cd qscrap- Install dependencies:
npm install- Configure environment:
cp .env.example .env
# Edit .env with your credentials- Run database migrations:
npm run migrate- Start development server:
npm run devServer runs on http://localhost:3000
qscrap/
βββ src/ # Backend source code
β βββ config/ # Database, Redis, jobs
β βββ controllers/ # Request handlers
β βββ services/ # Business logic
β βββ routes/ # API endpoints
β βββ middleware/ # Auth, validation, rate limiting
β βββ utils/ # Helper functions
βββ mobile/ # Customer mobile app
β βββ src/
β β βββ screens/ # App screens
β β βββ components/ # Reusable components
β β βββ services/ # API clients
β β βββ navigation/ # App navigation
β βββ build_customer_apk.sh
βββ driver-mobile/ # Driver mobile app
βββ public/ # Web dashboards & website
β βββ admin-dashboard.html
β βββ garage-dashboard.html
β βββ operations-dashboard.html
β βββ finance-dashboard.html
β βββ support-dashboard.html
β βββ css/
βββ uploads/ # User uploads
βββ tests/ # Automated tests
Login:
POST /api/auth/login
Content-Type: application/json
{
"phone_number": "+97412345678",
"password": "password123"
}Response:
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"user_id": "uuid",
"full_name": "Ahmed Al-Mansoori",
"role": "customer"
}
}The following on-demand services are planned for Phase 2:
- Battery replacement
- Oil change
- Home car wash
- Tire service/repair
- AC gas refill
- Emergency breakdown assistance
Visit /api-docs when server is running for interactive Swagger documentation.
See BRAIN.MD Section 3.5 for the full 345-endpoint API reference.
Run all tests:
npm testRun with coverage:
npm run test:coverageRun specific test:
npm test -- loyalty.service.testCoverage Targets (see COVERAGE-IMPROVEMENT-PLAN.md):
- Current: ~24%
- Target: 70% (branches, functions, lines, statements)
- Priority: Payment/escrow flows, order state machine
# Backend
npm run build
npm start
# Mobile App
cd mobile
./build_customer_apk.sh# SSH to server
ssh root@147.93.89.153
# Navigate to project
cd /opt/qscrap
# Pull latest and rebuild
git pull origin main
docker compose build --no-cache backend
docker compose up -d
# Run migrations
docker exec qscrap-backend node scripts/migrate.js
# Health check
curl -s https://api.qscrap.qa/health | jq# Manual backup
docker exec qscrap-postgres pg_dump -U postgres qscrap_db > backup.sql
# Automated backup (daily)
# See: /opt/scripts/backup.sh# Server
PORT=3000
NODE_ENV=production
# Database
DB_HOST=localhost
DB_PORT=5432
DB_NAME=qscrap_db
DB_USER=postgres
DB_PASSWORD=your_password
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=your_password
# JWT
JWT_SECRET=your_secret_key
JWT_EXPIRES_IN=7d
# File Upload
UPLOAD_DIR=./uploads
MAX_FILE_SIZE=10485760 # 10MB
# Rate Limiting
RATE_LIMIT_WINDOW=15 # minutes
RATE_LIMIT_MAX_REQUESTS=100
# Monitoring
SENTRY_DSN=your_sentry_dsn (optional)βββββββββββββββ
β Customers β
β (Mobile App)β
ββββββββ¬βββββββ
β
ββββββββΌβββββββ ββββββββββββ
β API Layer βββββββ€ Dashboardsβ
β (Express) β ββββββββββββ
ββββββββ¬βββββββ
β
ββββββββΌβββββββ ββββββββββββ
β Services βββββββ€ Cache β
β Layer β β (Redis) β
ββββββββ¬βββββββ ββββββββββββ
β
ββββββββΌβββββββ
β Database β
β (PostgreSQL)β
βββββββββββββββ
- Client Request β API endpoint
- Authentication β JWT validation
- Validation β Zod schema check
- Rate Limiting β Abuse prevention
- Business Logic β Service layer
- Database β Query execution
- Cache β Redis for performance
- Response β JSON to client
- π Request spare parts (multi-garage bidding)
- π Real-time delivery tracking
- π Loyalty rewards (4-tier system)
- β Ratings & reviews
- π 30-second undo for accidental orders
- π¬ In-app chat with garages
- π Analytics dashboard
- π° Revenue management & payout tracking
- π³ Premium subscriptions (5 tiers: Demo β Platinum)
- π¦ Inventory & showcase management
- π€ 3-round negotiation system
- π₯ User management
- π΅ Payout processing (2-way confirmation)
- π« Support tickets with SLA tracking
- π Platform analytics
- βοΈ System configuration
- β‘ Quick services (battery, oil, wash, tire, AC, breakdown)
- π§ Workshop bookings & mobile mechanics
- π Insurance integration (MOI reports, pricing benchmarks)
- π’ Ad campaigns for garages
Current Performance:
- API Response Time: ~50ms (p95)
- Database Query Time: ~20ms (p95)
- Socket.IO Latency: <50ms
- Cache Hit Rate: 80%+
- Test Coverage: ~24% (target: 70%)
- Uptime: 99.9%+
Implemented:
- β JWT authentication (15m access + 7d refresh tokens)
- β Input validation (Zod + express-validator)
- β Rate limiting (express-rate-limit per endpoint)
- β SQL injection prevention (parameterized queries)
- β XSS protection (Helmet + request sanitization)
- β CORS configuration (origin whitelist)
- β Helmet security headers (HSTS, CSP, X-Frame-Options)
- β Password hashing (bcrypt, 12 rounds)
- β CSRF protection (double-submit cookie)
- β
Audit logging (
audit_logs,admin_audit_logtables) - β Idempotency keys (payment deduplication)
- β Stripe webhook signature verification
Planned:
- Two-factor authentication
- IP whitelisting (admin)
- Penetration testing
- CSP nonce migration (remove
unsafe-inline)
Database Connection Failed:
# Check PostgreSQL is running
docker ps | grep postgres
# Restart container
docker restart qscrap-postgresRedis Not Connected:
# Check Redis is running
docker ps | grep redis
# Test connection
redis-cli -h localhost -p 6379 pingPort Already in Use:
# Find process using port 3000
lsof -i :3000
# Kill process
kill -9 <PID>Migration Errors:
# Roll back last migration
npm run migrate:rollback
# Re-run migrations
npm run migrateTechnical Issues:
- GitHub Issues: https://github.com/mechimaher/qscrap/issues
- Email: support@qscrap.qa
Business Inquiries:
- Email: business@qscrap.qa
- Phone: +974 XXXX XXXX
Copyright Β© 2026 QScrap. All rights reserved.
Proprietary software - Not for redistribution.
Built with exceptional execution and enterprise-grade standards for Qatar's automotive market.
Technology Partners:
- Node.js Foundation
- PostgreSQL Community
- React Native Team
- Expo Framework
Status: Production-Ready | Market-Leading Platform