Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
309 changes: 155 additions & 154 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,127 +1,157 @@
# VibeCart

AI-powered modern e-commerce platform built with industrial-grade engineering practices.
A full-stack luxury e-commerce platform built with a modern monorepo architecture. Features a complete storefront, admin dashboard, product management, order tracking, and role-based access control.

## Tech Stack

**Frontend:** Vite + React + TypeScript, Tailwind CSS, shadcn/ui, React Router, React Hook Form + Zod

**Backend:** Node.js + TypeScript, Express.js, Prisma ORM, JWT authentication

**Database:** PostgreSQL (Supabase), Redis (planned)

**Infrastructure:** Render (API), Vercel (Frontend), GitHub Actions (CI/CD), Sentry (error tracking), Pino (logging)

**Email:** Resend
| Layer | Technology |
|-------|-----------|
| Frontend | React 18 + TypeScript, Vite, Tailwind CSS v4, shadcn/ui, React Router |
| Backend | Node.js + TypeScript, Express.js, Prisma ORM |
| Database | PostgreSQL (Supabase) |
| Auth | JWT access tokens + refresh tokens |
| Email | Resend |
| Logging | Pino + Sentry |
| Deployment | Render (API), Vercel (Frontend) |
| CI/CD | GitHub Actions |

## Project Structure

```
vibecart/
├── apps/
│ ├── api/ # Express.js backend
│ │ ├── prisma/
│ │ │ └── schema.prisma # Database schema (20+ models)
│ │ └── src/
│ │ ├── api/v1/
│ │ │ ├── controllers/ # Request handlers
│ │ │ ├── routes/ # Route definitions
│ │ │ ├── services/ # Business logic
│ │ │ └── validators/ # Zod schemas
│ │ ├── config/ # Environment config
│ │ ├── lib/ # Prisma client, logger, Sentry, email
│ │ ├── middleware/ # Error handling, auth
│ │ ├── utils/ # Response helpers
│ │ ├── app.ts # Express app setup
│ │ └── server.ts # Server entry point
│ └── web/ # Vite + React frontend
│ └── src/
│ ├── app/
│ │ ├── components/ # Layout, UI, ProtectedRoute, UserMenu
│ │ ├── contexts/ # AuthContext
│ │ ├── pages/ # Home, Shop, Cart, Account, Admin, Auth
│ │ └── routes.tsx # React Router config
│ ├── lib/ # Axios API client
│ ├── services/ # Frontend service layer
│ └── styles/ # Tailwind, theme, fonts
├── packages/
│ ├── shared-types/ # Shared TypeScript types
│ └── config/ # Shared ESLint/TS configs
├── docs/ # Documentation
├── scripts/ # Deployment scripts
└── .github/workflows/ # CI/CD pipelines
│ ├── api/ # Express REST API
│ │ ├── prisma/ # Schema, migrations, seed
│ │ └── src/
│ │ ├── api/v1/
│ │ │ ├── controllers/
│ │ │ ├── services/
│ │ │ ├── routes/
│ │ │ └── validators/
│ │ ├── middleware/
│ │ └── config/
│ └── web/ # React storefront + admin
│ └── src/
│ └── app/
│ ├── admin/ # Admin panel pages
│ ├── components/
│ ├── pages/ # Storefront pages
│ ├── store/ # Cart store
│ └── data/
└── package.json # Root workspace scripts
```

## Features

**Storefront**
- Homepage with new arrivals, best sellers, editorial sections
- Shop page with filters (category, brand, color, price), sorting, search
- Product detail page with image gallery, size selector, add to cart
- Cart with quantity controls and order summary
- Wishlist
- User login / registration with JWT auth

**Admin Panel** (`/admin`)
- Dashboard with sales overview, order status, top products, low stock alerts
- Product management — create, edit, bulk import via CSV, status control
- Order management with status updates and order detail panel
- User & roles management with permission matrix
- Settings and support pages

**API**
- Storefront and admin product endpoints
- Order CRUD with status tracking
- Role-based access control (ADMIN, OPERATIONS, MARKETING, SUPPORT, CUSTOMER)
- Audit logging on all mutations
- CSV bulk product import

## API Endpoints

### Auth

| Method | Route | Description |
| ------ | ------------------------------------- | ------------------------------ |
| POST | `/api/v1/auth/register` | Create new account |
| POST | `/api/v1/auth/login` | Sign in with email/password |
| POST | `/api/v1/auth/logout` | Sign out, revoke refresh token |
| GET | `/api/v1/auth/me` | Get current user profile |
| GET | `/api/v1/auth/verify-email?token=...` | Verify email address |
| POST | `/api/v1/auth/resend-verification` | Resend verification email |
| POST | `/api/v1/auth/forgot-password` | Request password reset email |
| POST | `/api/v1/auth/reset-password` | Reset password with token |
| Method | Route | Description |
|--------|-------|-------------|
| POST | `/api/v1/auth/register` | Create customer account |
| POST | `/api/v1/auth/login` | Sign in |
| POST | `/api/v1/auth/logout` | Sign out |
| GET | `/api/v1/auth/me` | Current user profile |
| GET | `/api/v1/auth/verify-email` | Verify email address |
| POST | `/api/v1/auth/forgot-password` | Request password reset |
| POST | `/api/v1/auth/reset-password` | Reset password |
| POST | `/api/v1/admin/auth/login` | Admin sign in |

### Products

| Method | Route | Description |
|--------|-------|-------------|
| GET | `/api/v1/products/storefront` | Published products (filters, sort, pagination) |
| GET | `/api/v1/products/storefront/:slug` | Single product by slug |
| GET | `/api/v1/products/admin` | All products (admin, requires auth) |
| POST | `/api/v1/products` | Create product |
| PATCH | `/api/v1/products/:id` | Update product |
| PATCH | `/api/v1/products/:id/status` | Publish / archive |

### Orders

| Method | Route | Description |
|--------|-------|-------------|
| GET | `/api/v1/orders` | List orders (admin) |
| GET | `/api/v1/orders/stats` | Dashboard stats |
| GET | `/api/v1/orders/:id` | Order detail |
| PATCH | `/api/v1/orders/:id/status` | Update order status |

### System

| Method | Route | Description |
| ------ | ---------------- | --------------------------- |
| GET | `/api/v1/health` | Health check with DB status |
| GET | `/api/v1/` | API info and endpoints list |
| Method | Route | Description |
|--------|-------|-------------|
| GET | `/api/v1/health` | Health check with DB status |

## Frontend Routes

| Route | Access | Description |
| ------------------ | ----------------- | ---------------------------- |
| `/` | Public | Homepage |
| `/shop/:category?` | Public | Product listing with filters |
| `/product/:id` | Public | Product detail page |
| `/cart` | Public | Shopping cart |
| `/register` | Public | Create account |
| `/login` | Public | Sign in |
| `/forgot-password` | Public | Request password reset |
| `/reset-password` | Public | Set new password |
| `/verify-email` | Public | Email verification result |
| `/checkout` | Protected | Checkout flow |
| `/wishlist` | Protected | Saved items |
| `/account` | Protected | Account dashboard |
| `/admin` | Protected (staff) | Admin dashboard |
| `/admin/products` | Protected (staff) | Product management |
| `/admin/orders` | Protected (staff) | Order management |

## Setup
| Route | Description |
|-------|-------------|
| `/` | Homepage |
| `/shop` | Product listing with filters |
| `/product/:slug` | Product detail |
| `/cart` | Shopping cart |
| `/checkout` | Checkout |
| `/login` | Sign in / Create account |
| `/wishlist` | Saved items |
| `/admin/login` | Admin sign in |
| `/admin` | Dashboard |
| `/admin/products` | Product management |
| `/admin/products/new` | Create product |
| `/admin/orders` | Order management |
| `/admin/users` | Users & roles |
| `/admin/import` | Bulk CSV import |
| `/admin/settings` | Settings |

## Local Setup

### Prerequisites

- Node.js 18+
- npm 9+
- PostgreSQL database (or Supabase account)
- Resend account (optional, for emails)

### Environment Variables

**API** (`apps/api/.env`):
**`apps/api/.env`**

```env
NODE_ENV=development
PORT=3000
API_VERSION=v1
DATABASE_URL=postgresql://user:pass@host:port/dbname
DATABASE_URL_DIRECT=postgresql://user:pass@host:port/dbname
JWT_SECRET=your-secret-min-32-characters-long!!
JWT_SECRET=your-secret-min-32-characters-long
JWT_EXPIRES_IN=7d
CORS_ORIGIN=http://localhost:5173
LOG_LEVEL=debug
SENTRY_DSN=https://...@sentry.io/...
RESEND_API_KEY=re_your_key_here
EMAIL_FROM=VibeCart <onboarding@resend.dev>
EMAIL_FROM=VibeCart <noreply@vibecart.com>
FRONTEND_URL=http://localhost:5173
SENTRY_DSN=https://...@sentry.io/...
```

**Frontend** (`apps/web/.env.local`):
**`apps/web/.env.local`**

```env
VITE_API_URL=http://localhost:3000/api/v1
Expand All @@ -131,104 +161,75 @@ VITE_APP_NAME=VibeCart
### Installation

```bash
# Clone the repo
git clone https://github.com/your-username/vibecart.git
git clone https://github.com/dhruv-techdev/vibecart.git
cd vibecart

# Install dependencies
npm install
cd apps/api && npm install && cd ../..
cd apps/web && npm install && cd ../..

# Set up database
# Set up the database
cd apps/api
cp .env.example .env # Edit with your values
cp .env.example .env # fill in your values
npx prisma migrate dev
npx prisma generate
npx prisma db seed
cd ../..
```

### Development
### Running Locally

```bash
# Terminal 1 — API
cd apps/api && npm run dev
# Run both API and frontend together
npm run dev

# Terminal 2 — Frontend
cd apps/web && npm run dev
# Or separately:
npm run dev:api # http://localhost:3000
npm run dev:web # http://localhost:5173
```

API runs on `http://localhost:3000`, frontend on `http://localhost:5173`.
### Seed Accounts

| Role | Email | Password |
|------|-------|----------|
| Admin | admin@vibecart.com | Admin1234! |
| Customer | customer@vibecart.com | Customer1234! |

### Testing
### Other Useful Commands

```bash
# Register a user
curl -X POST http://localhost:3000/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"test@vibecart.com","password":"Test1234!","firstName":"Test","lastName":"User"}'

# Login
curl -X POST http://localhost:3000/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"test@vibecart.com","password":"Test1234!"}'

# Health check
curl http://localhost:3000/api/v1/health
npm run db:studio # Open Prisma Studio
npm run db:migrate # Run migrations
npm run db:generate # Regenerate Prisma client
npm run type-check # TypeScript check across all packages
npm run lint # ESLint
npm run build # Build all packages
```

## Deployment

**API:** Auto-deploys to Render from `develop` branch

- Staging: `https://vibecart-os23.onrender.com`

**Frontend:** Auto-deploys to Vercel

## Completed User Stories

### Sprint 1 — Foundation (US-001 to US-010)

- API structure standardization
- Shared request/response contracts
- Monorepo setup
- Environment configuration
- CI/CD pipeline
- Database connectivity (Supabase)
- Prisma schema baseline
- Staging deployment
- Centralized logging and error tracking

### Sprint 2 — Authentication (US-011 to US-016)
| Service | Platform | Branch |
|---------|----------|--------|
| API | Render | `main` |
| Frontend | Vercel | `main` |

- US-011: User registration (signup endpoint, validation, password hashing, form UI)
- US-012: User login (login endpoint, JWT tokens, auth context, login form)
- US-013: User logout (session invalidation, client state clearing, protected routes)
- US-014: Email verification (verification tokens, Resend integration, verification UI)
- US-015: Password reset (forgot password flow, reset tokens, reset form)
- US-016: Reset link expiry (token expiry, used token invalidation)
Staging API: `https://vibecart-os23.onrender.com`

## Architecture Decisions
## Architecture

- **Monorepo with npm workspaces** — shared types and config across packages
- **Controller → Service pattern** — separation of HTTP handling and business logic
- **Prisma over raw SQL** — type safety, migrations, easy relations
- **JWT + refresh tokens in DB** — stateless access tokens, revocable refresh tokens
- **Vite + React over Next.js** — matches Figma export, simpler SPA setup
- **Resend over Nodemailer** — simpler API, free tier sufficient for MVP
- **Standardized response format** — consistent `{success, message, data, timestamp}` contract
- **Monorepo with npm workspaces** — shared scripts and config at root
- **Controller → Service pattern** — HTTP layer separated from business logic
- **Prisma ORM** — type-safe queries, managed migrations, easy relations
- **JWT + DB refresh tokens** — stateless access, revocable sessions
- **Zod validation** — schema-first request validation with typed errors
- **RBAC** — permission-based middleware guards on every admin route
- **Audit log** — every create/update/delete writes an audit record

## Security

- Passwords hashed with bcrypt (12 rounds)
- JWT access tokens with configurable expiry
- Refresh tokens stored in DB with revocation support
- Password reset tokens expire in 1 hour, single-use
- Email verification tokens expire in 24 hours
- CORS, Helmet, input validation on all endpoints
- Audit logging for auth events
- Role-based access control (RBAC)
- Protected routes on frontend and backend
- JWT access tokens (short-lived) + refresh tokens (DB-stored, revocable)
- Password reset tokens: 1-hour expiry, single-use
- Email verification tokens: 24-hour expiry
- CORS, Helmet, rate limiting on all endpoints
- Input validation (Zod) on all request bodies
- Role-based permission checks on every protected route

## License

Expand Down
3 changes: 3 additions & 0 deletions apps/api/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
"private": true,
"description": "VibeCart Backend API",
"main": "dist/server.js",
"prisma": {
"seed": "ts-node prisma/seed.ts"
},
"scripts": {
"dev": "ts-node-dev --respawn --transpile-only src/server.ts",
"build": "prisma generate && tsc",
Expand Down
Loading
Loading