A modern Single Store Ecommerce platform built with a TypeScript backend (Express, Prisma, PostgreSQL, Redis) and a Next.js frontend. Features include user authentication, product management, cart, checkout, order processing, analytics, and real-time chat via Socket.IO, WebRTC. The application is fully Dockerized for easy setup and development.
Get up and running in 5 minutes:
# 1. Clone the repository
git clone https://github.com/Ayushkumarsingh09/ShopVerse.git
cd ss-ecommerce
# 2. Set up environment variables
cp server/.env.example server/.env
cp client/.env.example client/.env.local
# 3. Start with Docker (recommended)
docker compose up --build
# 4. Seed the database
cd server && npm run seed
# 5. Access the application
# Frontend: http://localhost:3000
# Backend API: http://localhost:5000/api/v1
# API Docs: http://localhost:5000/api-docs🧪 Test Accounts (After Seeding):
| Role | Password | Permissions | |
|---|---|---|---|
| Superadmin | superadmin@example.com |
password123 |
Full system access, can create admins |
| Admin | admin@example.com |
password123 |
Product management, order processing |
| User | user@example.com |
password123 |
Basic shopping, cart, checkout |
💡 Note: These accounts are created when you run the database seeder. See 🌱 Seeding the Database section for details.
- 🚀 Quick Start
- ✨ Features
- 🛠️ Tech Stack
- 📁 Project Structure
- ⚙️ Prerequisites
- 🔧 Installation
- 🏃♂️ Running the Application
- 🌱 Seeding the Database
- 📚 API Documentation
- 🧪 Testing
- 🚀 Deployment
- 🔒 Security Considerations
- ⚡ Performance & Optimization
- 🐛 Troubleshooting
- 🤝 Contributing
- 📄 License
[App Starts]
|
v
GET /me (with cookie)
|
+--> 200 OK => set user in Redux => Auth ready
|
+--> 401 Unauthorized
|
v
POST /refresh (cookie-based)
|
+--> 200 OK => new token => retry /me => set user
|
+--> 401 => logout
- 🔐 Sign‑up / Sign‑in — Email & password, social login (Facebook, Google, Twitter, Apple)
- 📧 Email Verification & Password Reset —
/auth/verify-email,/auth/password-reset/[token]flows - 👥 Role‑Based Access Control — User, Admin, Superadmin roles enforced via
authorizeRolemiddleware - 🚫 Error Pages — Custom
forbidden,unauthorizedand error boundary components
- 🔄 CRUD Operations — Products, Categories, Attributes, Sections, Variants
- 🎨 Variant System — Combine attributes (size, color, material, etc.) into SKU variants
- 🖼️ Image Galleries & Uploads — Cloudinary integration for product images, sliders, assets
- 🔍 Filtering & Browsing — CategoryBrowser, ProductFilters, DependentDropdown components
- 🛒 Persistent Cart — Guest + authenticated carts with quantity management (
QuantitySelector) - 💳 Stripe Integration — Checkout pages with success, failure, and cancel callbacks
- 📦 Order Lifecycle — Pending → Shipped → Delivered → Returned statuses
- 🚚 Shipment Tracking — Shipment module with tracking, webhook support for external updates
- 🔗 Webhooks —
/webhookendpoint for payment and shipping event handling
- 💬 Socket.IO Chat — Real‑time customer‑to‑admin messaging, persisted in DB
- 📞 WebRTC Audio/Video — Call screens,
useWebRTCCall,AudioPlayer,CallControls
- 📊 Modular Dashboard — Users, Orders, Products, Inventory, Transactions, Logs, Reports sections
- 📈 Interactive Charts — Area, Bar, Donut, RevenueOverTime (Recharts)
- 🔌 Analytics APIs — REST v1 & v2, GraphQL v1 & v2, Redis caching
- 🌐 REST & GraphQL — Versioned endpoints (
/v1,/v2) with Express and Apollo - 🔐 JWT Authentication —
protect&optionalAuthmiddleware, CORS, input validation - 📝 Error Handling & Logging — Centralized
globalErrorhandler, Winston logs, rate limiting
- 🐳 Docker Compose — Containerized Next.js (client) & Express (server) services
- ⚡ Hot‑Reload — Nodemon for server, Fast refresh for client
- 📖 API Documentation — Swagger UI (
docs/swagger.ts)
- 🟢 Node.js v22
- 🚀 Express.js - Web framework
- 📘 TypeScript - Type safety
- 🗄️ Prisma ORM - Database toolkit
- 🐘 PostgreSQL - Primary database
- 🔴 Redis - Caching & sessions
- 🔌 Socket.IO - Real-time communication
- 📝 Winston - Logging
- ☁️ Cloudinary - Image storage
- 💳 Stripe - Payment processing
- ⚛️ Next.js - React framework
- 📘 TypeScript - Type safety
- 🎨 Tailwind CSS - Styling
- 🔄 Redux Toolkit - State management
- 📊 Recharts - Data visualization
- 🎭 Framer Motion - Animations
- 🐳 Docker & Docker Compose - Containerization
- 🌐 WSL2 - Development environment
- 📦 npm - Package management
├── client/ # Next.js frontend
│ ├── app/ # App router pages
│ │ ├── (auth)/ # Authentication pages
│ │ ├── (private)/ # Protected pages
│ │ ├── (public)/ # Public pages
│ │ ├── components/ # React components
│ │ ├── hooks/ # Custom React hooks
│ │ ├── lib/ # Utilities & configs
│ │ ├── store/ # Redux store
│ │ └── types/ # TypeScript types
│ ├── public/ # Static assets
│ └── package.json
├── server/ # Express.js backend
│ ├── src/
│ │ ├── modules/ # Feature modules
│ │ │ ├── auth/ # Authentication
│ │ │ ├── products/ # Product management
│ │ │ ├── orders/ # Order processing
│ │ │ └── analytics/ # Analytics & reports
│ │ ├── shared/ # Shared utilities
│ │ └── docs/ # API documentation
│ ├── prisma/ # Database schema & migrations
│ └── seeds/ # Database seeding
├── docker-compose.yml # Docker services
└── collections/ # Postman collections
- Node.js v22 or higher (Download)
- npm v10 or higher
- Docker and Docker Compose (for Docker setup) (Download)
- PostgreSQL v15 and Redis v7 (for non-Docker setup)
- WSL2 (for Windows users)
- VS Code with extensions:
- Prisma
- TypeScript
- Docker
- Tailwind CSS IntelliSense
For WSL2 users, ensure Docker Desktop is configured with WSL2 integration and localhostForwarding=true in ~/.wslconfig.
-
Clone the Repository:
git clone https://github.com/Ayushkumarsingh09/ShopVerse.git cd ss-ecommerce -
Set Up Environment Variables:
cp server/.env.example server/.env cp client/.env.example client/.env.local
-
Configure Environment Variables: Edit
server/.envwith your credentials:# Database DATABASE_URL="postgresql://username:password@localhost:5432/ss_ecommerce" # Redis REDIS_HOST=localhost REDIS_PORT=6379 # JWT Secrets JWT_SECRET=your_jwt_secret_here REFRESH_TOKEN_SECRET=your_refresh_token_secret_here # Session SESSION_SECRET=your_session_secret_here COOKIE_SECRET=your_cookie_secret_here # External Services CLOUDINARY_CLOUD_NAME=your_cloudinary_name CLOUDINARY_API_KEY=your_cloudinary_key CLOUDINARY_API_SECRET=your_cloudinary_secret STRIPE_SECRET_KEY=your_stripe_secret_key STRIPE_WEBHOOK_SECRET=your_stripe_webhook_secret # Social Login (optional) GOOGLE_CLIENT_ID=your_google_client_id GOOGLE_CLIENT_SECRET=your_google_client_secret FACEBOOK_APP_ID=your_facebook_app_id FACEBOOK_APP_SECRET=your_facebook_app_secret
-
Build and Start Services:
docker compose up --build
-
Run Database Migrations:
docker compose exec server npx prisma migrate dev
-
Install PostgreSQL and Redis:
# Ubuntu/Debian sudo apt update sudo apt install postgresql postgresql-contrib redis-server # macOS brew install postgresql redis # Start services sudo service postgresql start sudo service redis-server start
-
Configure PostgreSQL:
sudo -u postgres psql
CREATE USER your_username WITH PASSWORD 'your_password'; CREATE DATABASE ss_ecommerce; GRANT ALL PRIVILEGES ON DATABASE ss_ecommerce TO your_username; \q
-
Clone and Install Dependencies:
git clone https://github.com/Ayushkumarsingh09/ShopVerse.git cd ss-ecommerce # Install backend dependencies cd server && npm install # Install frontend dependencies cd ../client && npm install
-
Set Up Environment Variables: Follow the same environment variable setup as Docker setup.
-
Run Database Migrations:
cd server npx prisma migrate dev
# Start all services
docker compose up
# Start in background
docker compose up -d
# View logs
docker compose logs -f
# Stop services
docker compose downAccess URLs:
- 🌐 Frontend: http://localhost:3000
- 🔌 Backend API: http://localhost:5000/api/v1
- 📖 Swagger Docs: http://localhost:5000/api-docs
- 🎯 GraphQL: http://localhost:5000/api/v1/graphql
-
Start Backend:
cd server npm run dev -
Start Frontend (in new terminal):
cd client npm run dev -
Access URLs (same as Docker setup)
Populate the database with test data for development and testing:
# Navigate to server directory
cd server
# Run seeding script
npm run seed🧪 Seeded Test Data:
- Superadmin:
superadmin@example.com/password123 - Admin:
admin@example.com/password123 - User:
user@example.com/password123
- Category: Electronics
- Product: Smartphone X
- Variant: SMART-X-001 ($599.99, 50 in stock)
| Role | Can Access | Can Manage |
|---|---|---|
| Superadmin | Everything | Users, Admins, System Settings |
| Admin | Products, Orders, Analytics | Products, Categories, Orders |
| User | Shopping, Cart, Checkout | Own Profile, Orders |
🔄 Re-seeding:
- The seeder uses
upsertoperations, so it's safe to run multiple times - Running the seeder will clean up existing data and create fresh test data
📊 Verify Seeding:
# Check seeded data in database
psql -h localhost -p 5432 -U your_username -d ss_ecommerce
# Verify users
SELECT email, role FROM "User";
# Verify products
SELECT name, slug FROM "Product";- URL: http://localhost:5000/api-docs
- Features: Interactive API documentation, test endpoints directly
- URL: http://localhost:5000/api/v1/graphql
- Features: GraphQL schema exploration, query testing
/api/v1/auth/* # Authentication endpoints
/api/v1/users/* # User management
/api/v1/products/* # Product catalog
/api/v1/cart/* # Shopping cart
/api/v1/orders/* # Order management
/api/v1/analytics/* # Analytics & reports
/api/v1/webhooks/* # Webhook handlers
After running the database seeder, you can test different user roles and permissions:
# Login as Superadmin
Email: superadmin@example.com
Password: password123
# Test Features:
- Create new admin users
- Access all system settings
- Manage all users and products
- View analytics and reports# Login as Admin
Email: admin@example.com
Password: password123
# Test Features:
- Manage products and categories
- Process orders
- View order analytics
- Cannot create other admins# Login as User
Email: user@example.com
Password: password123
# Test Features:
- Browse products
- Add items to cart
- Complete checkout process
- View order history
- Update profile-
Role-Based Access Control:
- Try accessing admin features as a regular user
- Test admin creation (only superadmin can do this)
- Verify user permissions are enforced
-
Product Management:
- Add/edit products as admin
- Browse products as user
- Test product filtering and search
-
Order Processing:
- Create orders as user
- Process orders as admin
- Test order status updates
-
Import Collections:
- Navigate to
/collectionsfolder - Import
.jsoncollection files into Postman
- Navigate to
-
Set Environment Variables:
{ "baseUrl": "http://localhost:5000/api/v1", "token": "your_jwt_token_here" } -
Test Authentication Flow:
- Sign in with test accounts
- Use returned tokens in subsequent requests
- Test protected endpoints with different roles
# Backend tests
cd server
npm test
# Frontend tests
cd client
npm test-
Environment Variables:
- Update all environment variables for production
- Use strong, unique secrets
- Configure production database URLs
-
Database Setup:
- Use managed PostgreSQL (e.g., Neon, Supabase)
- Use managed Redis (e.g., Upstash, Redis Cloud)
- Run migrations:
npx prisma migrate deploy
-
External Services:
- Stripe: Configure webhook endpoints and secrets
- Cloudinary: Set up production cloud
- Social Login: Update redirect URLs for production domains
-
Deployment Platforms:
- Frontend: Vercel, Netlify, or AWS Amplify
- Backend: AWS ECS, Heroku, Render, or DigitalOcean
- Database: Managed PostgreSQL service
- Redis: Managed Redis service
Development:
NODE_ENV=development
DATABASE_URL=postgresql://localhost:5432/ss_ecommerce_devProduction:
NODE_ENV=production
DATABASE_URL=postgresql://user:pass@prod-db-host:5432/ss_ecommerce_prod- ✅ JWT tokens with short expiration
- ✅ Refresh tokens in httpOnly cookies
- ✅ Role-based access control
- ✅ Input validation and sanitization
- ✅ Rate limiting on auth endpoints
- ✅ HTTPS enforcement in production
- ✅ Secure cookie settings
- ✅ SQL injection prevention (Prisma ORM)
- ✅ XSS protection
- ✅ CSRF protection
- ✅ CORS configuration
- ✅ Request size limits
- ✅ Error message sanitization
- ✅ API rate limiting
- ✅ Request logging
- 🔒 Use environment variables for secrets
- 🔒 Regular dependency updates
- 🔒 Database connection pooling
- 🔒 Input validation on all endpoints
- 🔒 Proper error handling
- 🚀 Next.js App Router for better performance
- 🖼️ Image optimization with Next.js Image component
- 📦 Code splitting and lazy loading
- 🎨 Tailwind CSS for optimized CSS
- 🔄 Redux Toolkit for efficient state management
- 🗄️ Database indexing on frequently queried fields
- 🔴 Redis caching for expensive operations
- 📊 Connection pooling for database
- 🚀 Compression middleware
- 📝 Efficient logging with Winston
-- Example indexes for better performance
CREATE INDEX idx_products_category ON "Product"(categoryId);
CREATE INDEX idx_orders_user ON "Order"(userId);
CREATE INDEX idx_orders_status ON "Order"(status);- 📊 Built-in analytics dashboard
- 📈 Performance monitoring
- 🔍 Error tracking
- 📝 Request logging
# Check if PostgreSQL is running
sudo service postgresql status
# Check connection
psql -h localhost -U your_username -d ss_ecommerce
# Reset database (if needed)
npx prisma migrate reset# Check if Redis is running
redis-cli ping
# Should return: PONG# Clean up Docker
docker system prune -a
# Rebuild containers
docker compose down
docker compose up --build# Check what's using port 3000
lsof -i :3000
# Check what's using port 5000
lsof -i :5000# Verify environment variables are loaded
cd server
node -e "console.log(process.env.DATABASE_URL)"- Check JWT secret configuration
- Verify cookie settings
- Ensure CORS is properly configured
- Check social login redirect URLs
# Enable debug logging
DEBUG=* npm run dev
# Check Prisma queries
DEBUG=prisma:* npm run dev- Check the Issues page
- Search existing discussions
- Create a new issue with:
- Error message
- Steps to reproduce
- Environment details
- Expected vs actual behavior
We welcome contributions! Here's how to get started:
-
Fork the Repository:
git clone https://github.com/your-username/ss-ecommerce.git cd ss-ecommerce -
Create a Feature Branch:
git checkout -b feature/your-feature-name
-
Set Up Development Environment:
# Follow installation instructions above docker compose up --build -
Make Your Changes:
- Follow the existing code style
- Add tests for new features
- Update documentation if needed
-
Test Your Changes:
# Backend tests cd server && npm test # Frontend tests cd client && npm test # Type checking cd client && npm run type-check
-
Commit Your Changes:
git add . git commit -m "feat: add your feature description"
-
Push and Create Pull Request:
git push origin feature/your-feature-name
- TypeScript: Use strict mode, avoid
anytypes - React: Use functional components with hooks
- CSS: Use Tailwind CSS classes
- Backend: Follow Express.js best practices
- Database: Use Prisma migrations for schema changes
Looking for a place to start? Check out these labels:
good first issue- Perfect for newcomersdocumentation- Help improve docsbug- Fix existing issuesenhancement- Add new features
When reporting issues, please include:
- Description: What happened?
- Steps: How to reproduce?
- Expected: What should happen?
- Actual: What actually happened?
- Environment: OS, browser, Node.js version
- Screenshots: If applicable
This project is licensed under the MIT License. See the LICENSE file for details.
- Next.js team for the amazing React framework
- Prisma team for the excellent ORM
- Tailwind CSS for the utility-first CSS framework
- Stripe for payment processing
- Cloudinary for image management
- 📧 Email: [ayushkumarcse@gmail.com]
Made with ❤️ by Ayush Kumar Singh