Full-Stack Ecommerce Management System

Problem

Need for a secure, scalable internal tool to manage complex e-commerce entities (products, customers, reviews) with different administrative roles.

Constraints

• • Strict access control requirements for sensitive data
• • Protection against automated bot abuse on mutation endpoints
• • Reliable data consistency across related entities

Architecture

Modular NestJS backend with MongoDB/Mongoose, paired with a React 19 frontend using React Query for state management and Tailwind for responsive design. Backend Architecture:

Frontend Component Interaction Flow:

Key Decisions

• • Implement permission-level hierarchy over simple role checks
• • Use HTTP-only cookies for secure JWT storage to mitigate XSS
• • Normalize API errors for consistent frontend handling and UX

Tradeoffs

• • Higher initial overhead for complex permission mapping
• • Strict CSRF/CORS configuration prioritized security over ease of setup

Challenges

• • Coordinating complex role change propagation across the distributed stack
• • Managing reliable bot verification without impacting administrative UX

Results

• • Centralized administrative control with audit-ready security
• • Standardized entity management for products, customers, and reviews

What I Would Improve

• • Add real-time dashboard analytics via WebSockets
• • Implement multi-factor authentication (MFA) for administrative accounts