A high-performance API for managing flash sales with real-time inventory updates built using MongoDB, Mongoose, Express, and TypeScript.
- Real-time Inventory Management: Track and update product inventory during flash sales with atomicity guarantees.
- Concurrency Control: Handles race conditions and prevents over-purchasing through MongoDB transactions.
- Time-based Sales: Configure sales with specific start times and automatic deactivation when inventory is depleted.
- User Authentication: Secure JWT-based authentication system.
- Rate Limiting: Prevents abuse with configurable rate limiting on critical endpoints.
- Leaderboard API: Shows chronological purchases during sales.
- Production-Grade Security: Secure environment variable handling, helmet protection, and more.
- Backend: Node.js + Express.js
- Database: MongoDB with Mongoose ODM
- Language: TypeScript
- Authentication: JWT
- Logging: Winston
The application follows a scalable, maintainable architecture with clear separation of concerns:
- Controllers: Handle HTTP requests and responses
- Services: Implement business logic
- Models: Define data schemas
- Middleware: Process requests before they reach controllers
- Utils: Shared utility functions
- Routes: Define API endpoints
- Config: Application configuration
- Node.js (v18 or higher)
- MongoDB via run-rs for replica sets (https://www.npmjs.com/package/run-rs)
-
Clone the repository
git clone https://github.com/GeekyGeeky/flash-sales-system-api.git cd flash-sales-system-api -
Copy the example env file and modify as needed
cp .env.example .env
-
Install dependencies
npm install
-
Start MongoDB
# You'll need to have run-rs installed locally run-rs --keep --host=127.0.0.1 --portStart 27000 -
Build and start the application
npm run build npm start
For development mode with auto-reload:
npm run devhttps://documenter.getpostman.com/view/29942543/2sAYdkJ9qa
The API provides the following endpoints:
POST /api/auth/register- Register a new userPOST /api/auth/login- Login and get JWT token
GET /api/products- Get all productsGET /api/products/:id- Get a specific productPOST /api/products- Create a new product (admin only)PUT /api/products/:id- Update a product (admin only)DELETE /api/products/:id- Delete a product (admin only)
GET /api/sales- Get all salesGET /api/sales/active- Get currently active saleGET /api/sales/:id- Get a specific salePOST /api/sales- Create a new sale (admin only)PUT /api/sales/:id- Update a sale (admin only)POST /api/sales/:id/activate- Activate a sale (admin only)POST /api/sales/:id/deactivate- Deactivate a sale (admin only)POST /api/sales/:id/reset- Reset sale inventory (admin only)
POST /api/purchases- Make a purchase (authenticated)GET /api/purchases/history- Get user's purchase history (authenticated)GET /api/purchases/sale/:saleId- Get all purchases for a saleGET /api/purchases/leaderboard/:saleId- Get chronological leaderboard for a sale
The system uses four main collections:
- Users: Store user information and authentication data
- Products: Store product details
- Sales: Store information about flash sales including inventory
- Purchases: Record of all user purchases
This application implements several security best practices:
- Environment Variables: Sensitive data is stored in environment variables, not in code
- Helmet.js: Sets HTTP headers for security
- Rate Limiting: Prevents brute force and DOS attacks
- Input Validation: All user input is validated using Joi
- Password Hashing: User passwords are securely hashed with bcrypt
- JWT Authentication: Secures API endpoints
- MongoDB Security: User authentication for database access
The API is optimized for high performance:
- Database Indexes: Optimized queries with proper indexing
- Connection Pooling: Efficient database connection management
- Compression: Response compression for faster network transfer
- Atomicity with Transactions: Ensures data consistency during high traffic