DEV Community

Cover image for Building a Scalable E-Commerce Platform: From Storefront to Warehouse
edmondgi
edmondgi

Posted on

Building a Scalable E-Commerce Platform: From Storefront to Warehouse

#storefront #security #authentication

In the world of e-commerce, trust is currency.
Your customers need to feel safe entering their details, and your operations team needs secure access to order data without risking a data breach.

This guide walks you through architecting a full-stack e-commerce solution called "MarketMinds". We will build:

  1. The Storefront: Where customers browse and buy.
  2. The Ops Dashboard: Where support staff manage orders.
  3. The Command Center: Where super admins configured global settings.

Step 1: The Core Data Model

E-commerce data is relational. We have Users, Products, and Orders.

// schema.prisma

model Product {
  id          String   @id @default(uuid())
  name        String
  price       Decimal
  stock       Int
  orders      OrderItem[]
}

model Order {
  id        String    @id @default(uuid())
  userId    String    // The customer's ID
  total     Decimal
  status    String    // PENDING, SHIPPED, DELIVERED
  items     OrderItem[]
}

model OrderItem {
  orderId   String
  productId String
  quantity  Int

  order   Order   @relation(fields: [orderId], references: [id])
  product Product @relation(fields: [productId], references: [id])
}
Enter fullscreen mode Exit fullscreen mode

Notice userId in the Order model. We strictly decouple our "Business Data" (Orders) from "Identity Data" (Passwords/Emails). This is a security best practice.

Step 2: Designing the Storefront API

Customers need to browse products (Public) and place orders (Authenticated).

// routes/storefront.ts
import express from 'express';
const router = express.Router();

// PUBLIC: Anyone can view products
router.get('/products', async (req, res) => {
  const products = await prisma.product.findMany();
  res.json(products);
});

// PROTECTED: Only logged-in customers can buy
router.post('/checkout', requireAuth, async (req, res) => {
  const userId = req.user.id; // Extracted from token
  // Business logic: create order, decrement stock, charge payment...
});
Enter fullscreen mode Exit fullscreen mode

The Authentication Puzzle

We need customers to sign up, verify email, and log in. Building this from scratch is high-risk.
If you mess up password hashing or session storage, your store is finished.

Enter Rugi Auth.
We treat it as our dedicated Identity Provider.

  1. Create the 'MarketMinds Storefront' App in Rugi Auth.
  2. Enable "Subscribers" or "Customers" role by default.
  3. Set up Google OAuth in the Rugi Auth settings so customers can sign in with one click.

Now, requireAuth just verifies the JWT signature.

Step 3: The Support Dashboard (Internal Tool)

Now comes the complex part. You hire a Customer Support agent, Alice.

  • Alice needs to see all orders (unlike a customer).
  • Alice should not be able to change the database schema or delete products.

We create a second app in Rugi Auth: "MarketMinds Internal".

Implementing Role-Based Access Control (RBAC)

We define strictly scoped roles for this internal app:

  • SUPPORT_AGENT: Can view orders, process refunds.
  • INVENTORY_MGR: Can update product stock and prices.

The Backend Logic:

// routes/admin.ts

// Middleware to check specific permissions
const assertRole = (role) => (req, res, next) => {
  // Check if the user has this role for the INTERNAL app
  if (!req.user.roles.includes(role)) throw new Error("Unauthorized");
  next();
};

// Route: Refund an order
router.post('/orders/:id/refund', 
  requireAuth, 
  assertRole('SUPPORT_AGENT'), 
  async (req, res) => {
    // Logic to refund order
    console.log(`User ${req.user.id} refunded order ${req.params.id}`);
    res.send("Refunded");
  }
);

// Route: Update Inventory
router.post('/products/:id/stock',
  requireAuth,
  assertRole('INVENTORY_MGR'),
  async (req, res) => {
    // Logic to update stock
  }
);
Enter fullscreen mode Exit fullscreen mode

Step 4: The Super Admin (Founders)

You don't want your Support Agents to have Global Admin power.
In Rugi Auth, you can create a specialized role, or even a separate Command Center app, that is only accessible to you.

This isolation is powerful. If a Support Agent's laptop is compromised and their token is stolen, the attacker cannot access the "Delete Database" endpoints because that token is scoped only to the SUPPORT_AGENT role, not SUPER_ADMIN.

Step 5: Frontend Integration

For your internal dashboard, you normally want a quick, data-heavy UI.

The "Magic Link" Effect:
Because you are using a centralized auth system, your employees can have a seamless experience.

  1. Alice logs into the Inventory App to update stock.
  2. She gets a customer complaint and clicks "View Order in Support Portal".
  3. She is redirected to the Support App.
  4. Rugi Auth recognizes her session and automatically logs her in (SSO), provided she has permissions for the Support App.

This frictionless flow improves employee productivity while maintaining strict security boundaries.

Summary

By separating your E-Commerce platform into distinct logical "Apps" (Storefront, Internal Tools), you achieve:

  1. Better Security: Least-privilege access.
  2. Cleaner Code: Your storefront API doesn't need "Inventory Management" logic.
  3. Scalability: You can spin up new microservices (e.g., a "Driver App" for delivery) and just hook them into the existing Auth ecosystem.

Top comments (0)