A Promising NestJS e-commerce backend with complete authentication, product catalog, shopping cart, and order management system.
- JWT-based authentication with access/refresh tokens
- Google OAuth 2.0 integration
- Role-based access control (RBAC)
- Guard system for route protection
- Token management and refresh token rotation
- Complete product catalog with items, variants, and images
- Hierarchical category system
- Product attributes (brands, colors, sizes)
- Product reviews and ratings system
- Image upload with Cloudinary integration
- Shopping cart management
- User address management
- Order processing with status tracking
- Inventory management
- Order calculations and pricing
- Redis caching with decorator-based cache invalidation
- Response serialization and transformation
- Input validation with class-validator
- SQL injection protection
- XSS protection
- File upload validation
- Environment-based configuration
src/
├── common/ # Shared utilities, pipes, interceptors
├── modules/ # Feature modules
│ ├── auth/ # Authentication & authorization
│ ├── users/ # User management
│ ├── products/ # Product catalog
│ ├── attributes/ # Product attributes
│ ├── categories/ # Category management
│ ├── reviews/ # Product reviews
│ ├── carts/ # Shopping cart
│ ├── orders/ # Order processing
│ ├── cache/ # Redis caching
│ └── cloudinary/ # Image upload service
└── config/ # Application configuration
- Framework: NestJS 10+
- Language: TypeScript
- Database: PostgreSQL with TypeORM
- Cache: Redis
- File Storage: Cloudinary
- Authentication: JWT, Google OAuth 2.0
- Validation: class-validator, class-transformer
- Testing: Jest (configurable)
- API Documentation: Swagger (configurable)
- Node.js 18+
- PostgreSQL 14+
- Redis 7+
- Cloudinary account
- Google OAuth credentials
- Clone the repository
git clone https://github.com/yourusername/is-shop.git
cd is-shop/backend- Install dependencies
npm install- Set up environment variables
cp .env.example .env-
Configure environment variables (see below)
-
Run database migrations
npm run migration:run- Start the application
# Development
npm run start:dev
# Production
npm run build
npm run start:prodCreate a .env file in the backend directory:
# Server
PORT=3000
NODE_ENV=development
FRONTEND_URL=http://localhost:3001
# Database
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_USER=your_db_user
POSTGRES_PASSWORD=your_db_password
POSTGRES_DATABASE=is_shop
# Redis
REDIS_URL=redis://localhost:6379
# Cloudinary (for image uploads)
CLOUDINARY_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
# Google OAuth
GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret
GOOGLE_CALLBACK_URL=http://localhost:3000/api/auth/google/callback
# JWT
JWT_SECRET=your_jwt_secret_key_change_in_production
JWT_EXPIRATION=900 # 15 minutes in seconds
JWT_REFRESH_SECRET=your_jwt_refresh_secret_change_in_production
JWT_REFRESH_EXPIRATION=604800 # 7 days in secondsThe API uses OpenAPI 3.0 specification with Swagger UI for interactive documentation. Once the application is running:
- Visit http://127.0.0.1:3000/api/v1/docs in your browser
- Explore all available endpoints
- Try out API calls directly from the browser
- View request/response schemas
- See authentication requirements for each endpoint
To test protected endpoints in Swagger:
- Use the
/auth/loginendpoint to get tokens - Click the "Authorize" button (top-right in Swagger UI)
- Enter your JWT token:
Bearer <your-access-token> - Now you can test authenticated endpoints
The API uses URL versioning (/api/v1/). Future updates will maintain backward compatibility through:
- New endpoints in
/api/v2/ - Deprecation warnings for older endpoints
- Graceful migration paths
- Payment gateway integration (Stripe)
- Email notifications (Nodemailer)
- Wishlist functionality
- Coupon and discount system
- Analytics dashboard