A robust, scalable, and secure e-commerce backend built with modern Node.js & MongoDB stack.
E-Dukaan is an enterprise-grade e-commerce backend API designed for modern web applications. Built with Node.js and Express, it provides comprehensive functionality for online stores, marketplaces, and e-commerce platforms with production-ready security, monitoring, and scalability features.
- π Enterprise Security: Multi-layer security with rate limiting, input validation, and XSS protection
- π Production Monitoring: Logging, health checks, and performance metrics
- π High Performance: Optimized database queries and scalable architecture
- π± Frontend Ready: Standardized REST APIs for React, Vue, Angular, or mobile apps
- π Flexible Environments: Dev/staging/production configs with validation
- π§ Email Integration: Verification, password reset, and marketing emails
- Node.js 18+
- MongoDB Atlas account (or local MongoDB)
- Git
# Clone the repository
git clone https://github.com/faizan-ahmad5/e-dukaan-backend.git
cd e-dukaan-backend
# Install dependencies
npm install
# Copy environment file
cp .env.example .env
# Configure your environment variables in .env
# (MongoDB URI, JWT secret, email, Stripe keys, etc.)
# Setup categories (recommended)
npm run setup:categories
# Seed the database with sample data (optional)
npm run seed:database
# Start development server
npm run dev
# Or start in production mode
npm start- Database-driven categories instead of fixed enums
- Hierarchical parent-child relationships
- SEO-friendly slugs
- Specialized endpoints for navigation menus
- Ultra-simple setup with Men, Women, Kids categories
- JWT-based auth
- Role-based access control (Admin, User)
- Email verification & password reset
- Rate limiting & brute-force protection
- Registration & profile updates
- Secure password hashing (bcrypt)
- Role-based permissions
- CRUD operations
- Product search & filtering
- Inventory management
- Image upload & processing (Sharp)
- Add/remove items, manage quantities
- Persistent carts with price calculations
- Order creation, status updates, and history
- Invoice generation
- Stripe checkout & payment intents
- Refunds & webhook handling
- Review submission & moderation
- Rating aggregation
- Add/remove items
- Move wishlist items to cart
- Wishlist statistics
Development: http://localhost:5000/api
Production: https://your-domain.com/api
GET / # API welcome message
GET /health # Health check endpoint
GET /docs # API documentationPOST /api/auth/register # Register user
POST /api/auth/login # Login
GET /api/auth/verify-email/:token # Email verification
POST /api/auth/resend-verification # Resend verification email
POST /api/auth/forgot-password # Request password reset
POST /api/auth/reset-password/:token # Reset passwordGET /api/products # List products
GET /api/products/:id # Get product by ID
POST /api/products # Create product (Admin)
PUT /api/products/:id # Update product (Admin)
DELETE /api/products/:id # Delete product (Admin)GET /api/categories # All categories
GET /api/categories/tree # Category tree
GET /api/categories/menu # Menu categories
POST /api/categories # Create category (Admin)
PUT /api/categories/:id # Update category (Admin)
DELETE /api/categories/:id # Delete category (Admin)GET /api/cart # Get user cart
POST /api/cart # Add to cart
DELETE /api/cart/remove/:productId # Remove item
DELETE /api/cart/clear # Clear cart
POST /api/orders # Create order
GET /api/orders # Get orders
PUT /api/orders/:id/status # Update status (Admin)POST /api/payment # Stripe checkoutGET /api/users # All users (Admin)
GET /api/users/profile/me # Current profile
PUT /api/users/profile # Update profilePOST /api/reviews # New review
GET /api/reviews/product/:id # Reviews for productGET /api/wishlist # User wishlist
POST /api/wishlist # Add to wishlist
DELETE /api/wishlist/remove/:id # Remove product- JWT auth + role-based access
- Multi-tier rate limiting
- Express-validator + sanitization
- XSS & Mongo injection protection
- Helmet, CORS, secure headers
- Password hashing with bcrypt
- Email verification required
- Audit logging for sensitive actions
NODE_ENV=development
PORT=5000
# Database
MONGODB_URI=mongodb+srv://user:[email protected]/e-dukaan
# JWT
JWT_SECRET=your_super_secure_secret
JWT_EXPIRE=30d
# Email
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
[email protected]
EMAIL_PASS=your_app_password
[email protected]
# Frontend
FRONTEND_URL=http://localhost:3000
# Stripe
STRIPE_SECRET_KEY=sk_test_xxx
STRIPE_PUBLISHABLE_KEY=pk_test_xxx# Development
npm run dev # Start dev server with nodemon
npm run dev:debug # Start with debugger
npm start # Start production server
# Database
npm run setup:categories # Create default categories
npm run seed:database # Seed sample data
npm run reset:database # Reset DB (dev only)e-dukaan-backend/
βββ config/ # Config files
βββ controllers/ # Route logic
βββ middleware/ # Auth & security
βββ models/ # Mongoose schemas
βββ routes/ # API routes
βββ utils/ # Helpers (logger, email, etc.)
βββ scripts/ # Seed/reset scripts
βββ uploads/ # Uploaded files
βββ server.mjs # App entry
- Indexed DB queries
- Response compression
/healthendpoint- Sentry integration ready
- Uptime monitoring support
- Order/user/revenue metrics
- Fork repo
- Create feature branch (
git checkout -b feature/new) - Commit changes (
git commit -m "feat: new feature") - Push & open PR
Code Style
- Clean & readable
- Follow conventional commits
Developer: Faizan Ahmad
- π§ [email protected]
- π @faizan-ahmad5
MIT Β© Faizan Ahmad