A full-stack luxury e-commerce platform built with a modern monorepo architecture. Features a complete storefront, admin dashboard, product management, order tracking, and role-based access control.
| Layer | Technology |
|---|---|
| Frontend | React 18 + TypeScript, Vite, Tailwind CSS v4, shadcn/ui, React Router |
| Backend | Node.js + TypeScript, Express.js, Prisma ORM |
| Database | PostgreSQL (Supabase) |
| Auth | JWT access tokens + refresh tokens |
| Resend | |
| Logging | Pino + Sentry |
| Deployment | Render (API), Vercel (Frontend) |
| CI/CD | GitHub Actions |
vibecart/
├── apps/
│ ├── api/ # Express REST API
│ │ ├── prisma/ # Schema, migrations, seed
│ │ └── src/
│ │ ├── api/v1/
│ │ │ ├── controllers/
│ │ │ ├── services/
│ │ │ ├── routes/
│ │ │ └── validators/
│ │ ├── middleware/
│ │ └── config/
│ └── web/ # React storefront + admin
│ └── src/
│ └── app/
│ ├── admin/ # Admin panel pages
│ ├── components/
│ ├── pages/ # Storefront pages
│ ├── store/ # Cart store
│ └── data/
└── package.json # Root workspace scripts
Storefront
- Homepage with new arrivals, best sellers, editorial sections
- Shop page with filters (category, brand, color, price), sorting, search
- Product detail page with image gallery, size selector, add to cart
- Cart with quantity controls and order summary
- Wishlist
- User login / registration with JWT auth
Admin Panel (/admin)
- Dashboard with sales overview, order status, top products, low stock alerts
- Product management — create, edit, bulk import via CSV, status control
- Order management with status updates and order detail panel
- User & roles management with permission matrix
- Settings and support pages
API
- Storefront and admin product endpoints
- Order CRUD with status tracking
- Role-based access control (ADMIN, OPERATIONS, MARKETING, SUPPORT, CUSTOMER)
- Audit logging on all mutations
- CSV bulk product import
| Method | Route | Description |
|---|---|---|
| POST | /api/v1/auth/register |
Create customer account |
| POST | /api/v1/auth/login |
Sign in |
| POST | /api/v1/auth/logout |
Sign out |
| GET | /api/v1/auth/me |
Current user profile |
| GET | /api/v1/auth/verify-email |
Verify email address |
| POST | /api/v1/auth/forgot-password |
Request password reset |
| POST | /api/v1/auth/reset-password |
Reset password |
| POST | /api/v1/admin/auth/login |
Admin sign in |
| Method | Route | Description |
|---|---|---|
| GET | /api/v1/products/storefront |
Published products (filters, sort, pagination) |
| GET | /api/v1/products/storefront/:slug |
Single product by slug |
| GET | /api/v1/products/admin |
All products (admin, requires auth) |
| POST | /api/v1/products |
Create product |
| PATCH | /api/v1/products/:id |
Update product |
| PATCH | /api/v1/products/:id/status |
Publish / archive |
| Method | Route | Description |
|---|---|---|
| GET | /api/v1/orders |
List orders (admin) |
| GET | /api/v1/orders/stats |
Dashboard stats |
| GET | /api/v1/orders/:id |
Order detail |
| PATCH | /api/v1/orders/:id/status |
Update order status |
| Method | Route | Description |
|---|---|---|
| GET | /api/v1/health |
Health check with DB status |
| Route | Description |
|---|---|
/ |
Homepage |
/shop |
Product listing with filters |
/product/:slug |
Product detail |
/cart |
Shopping cart |
/checkout |
Checkout |
/login |
Sign in / Create account |
/wishlist |
Saved items |
/admin/login |
Admin sign in |
/admin |
Dashboard |
/admin/products |
Product management |
/admin/products/new |
Create product |
/admin/orders |
Order management |
/admin/users |
Users & roles |
/admin/import |
Bulk CSV import |
/admin/settings |
Settings |
- Node.js 18+
- PostgreSQL database (or Supabase account)
apps/api/.env
NODE_ENV=development
PORT=3000
DATABASE_URL=postgresql://user:pass@host:port/dbname
DATABASE_URL_DIRECT=postgresql://user:pass@host:port/dbname
JWT_SECRET=your-secret-min-32-characters-long
JWT_EXPIRES_IN=7d
CORS_ORIGIN=http://localhost:5173
RESEND_API_KEY=re_your_key_here
EMAIL_FROM=VibeCart <noreply@vibecart.com>
FRONTEND_URL=http://localhost:5173
SENTRY_DSN=https://...@sentry.io/...apps/web/.env.local
VITE_API_URL=http://localhost:3000/api/v1
VITE_APP_NAME=VibeCartgit clone https://github.com/dhruv-techdev/vibecart.git
cd vibecart
npm install
# Set up the database
cd apps/api
cp .env.example .env # fill in your values
npx prisma migrate dev
npx prisma db seed
cd ../..# Run both API and frontend together
npm run dev
# Or separately:
npm run dev:api # http://localhost:3000
npm run dev:web # http://localhost:5173| Role | Password | |
|---|---|---|
| Admin | admin@vibecart.com | Admin1234! |
| Customer | customer@vibecart.com | Customer1234! |
npm run db:studio # Open Prisma Studio
npm run db:migrate # Run migrations
npm run db:generate # Regenerate Prisma client
npm run type-check # TypeScript check across all packages
npm run lint # ESLint
npm run build # Build all packages| Service | Platform | Branch |
|---|---|---|
| API | Render | main |
| Frontend | Vercel | main |
Staging API: https://vibecart-os23.onrender.com
- Monorepo with npm workspaces — shared scripts and config at root
- Controller → Service pattern — HTTP layer separated from business logic
- Prisma ORM — type-safe queries, managed migrations, easy relations
- JWT + DB refresh tokens — stateless access, revocable sessions
- Zod validation — schema-first request validation with typed errors
- RBAC — permission-based middleware guards on every admin route
- Audit log — every create/update/delete writes an audit record
- Passwords hashed with bcrypt (12 rounds)
- JWT access tokens (short-lived) + refresh tokens (DB-stored, revocable)
- Password reset tokens: 1-hour expiry, single-use
- Email verification tokens: 24-hour expiry
- CORS, Helmet, rate limiting on all endpoints
- Input validation (Zod) on all request bodies
- Role-based permission checks on every protected route
Private — All rights reserved.