5 Hours advanced
21. Backend Capstone Project
Capstone
Backend Capstone Project — VoidShop API
Every concept you have studied across this curriculum converges here. You will build VoidShop — a complete, production-grade e-commerce backend API. This is not a tutorial to follow step by step — it is a specification for a system you must design, build, and deploy yourself, making real architectural decisions at every step.
When complete, this project will demonstrate that you can architect, implement, secure, and deploy a real-world backend. That is what you put on your portfolio and what you talk about in interviews.
System Requirements
VoidShop is an e-commerce platform API that must support the following features, implemented end-to-end:
- User authentication: Register, login, logout, password reset via email, JWT-based sessions with refresh tokens
- Product catalog: Products with categories, images, variants (size/color), inventory tracking
- Shopping cart: Persistent cart (survives browser close), add/remove/update quantities, real-time inventory checks
- Order processing: Place order, Stripe payment integration, order status tracking
- Email notifications: Welcome email, order confirmation, shipping update via background jobs
- Admin panel API: Role-based access, product management, order management, user management
Database Schema Design
-- Core tables for VoidShop
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
full_name VARCHAR(100),
role VARCHAR(20) NOT NULL DEFAULT 'customer',
is_verified BOOLEAN NOT NULL DEFAULT FALSE,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE TABLE categories (
id SERIAL PRIMARY KEY,
name VARCHAR(100) NOT NULL UNIQUE,
slug VARCHAR(100) NOT NULL UNIQUE
);
CREATE TABLE products (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
description TEXT,
price NUMERIC(10, 2) NOT NULL,
category_id INTEGER REFERENCES categories(id),
in_stock INTEGER NOT NULL DEFAULT 0,
is_active BOOLEAN NOT NULL DEFAULT TRUE,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE TABLE orders (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID NOT NULL REFERENCES users(id),
status VARCHAR(50) NOT NULL DEFAULT 'pending',
total_amount NUMERIC(10, 2) NOT NULL,
stripe_payment_id VARCHAR(255),
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
CREATE TABLE order_items (
id SERIAL PRIMARY KEY,
order_id UUID NOT NULL REFERENCES orders(id) ON DELETE CASCADE,
product_id UUID NOT NULL REFERENCES products(id),
quantity INTEGER NOT NULL,
unit_price NUMERIC(10, 2) NOT NULL
);
API Endpoints Specification
Authentication
POST /auth/register Create account
POST /auth/login Login, returns JWT
POST /auth/logout Invalidate refresh token
POST /auth/refresh Get new access token
POST /auth/forgot-password Send reset email
POST /auth/reset-password Reset with token
Products (Public)
GET /products List with filter/sort/paginate
GET /products/:id Single product detail
GET /categories All categories
GET /categories/:slug/products Products in category
Cart & Orders (Authenticated)
GET /cart Get current cart
POST /cart/items Add item
PATCH /cart/items/:id Update quantity
DELETE /cart/items/:id Remove item
POST /orders Place order (charge card)
GET /orders My order history
GET /orders/:id Single order detail
Admin (Admin role required)
GET /admin/products All products
POST /admin/products Create product
PATCH /admin/products/:id Update product
DELETE /admin/products/:id Delete product
GET /admin/orders All orders
PATCH /admin/orders/:id/status Update order status
Technical Stack
Runtime & Framework
Node.js 20 + Express. Alternatively: Python 3.12 + FastAPI.
Primary Database
PostgreSQL 16 via Prisma ORM (Node) or SQLAlchemy (Python).
Cache & Queue
Redis via BullMQ for background jobs (emails, order processing).
Payments
Stripe (payment intents + webhook handler for fulfillment).
Email
Nodemailer + SendGrid SMTP. All emails go through BullMQ queue.
Infrastructure
Docker Compose for local development. Railway or Render for production.
Architecture Requirements
Your implementation must demonstrate these specific patterns from the curriculum:
- Module 1 — HTTP: Correct HTTP methods and status codes for every endpoint. Never a 200 on an error.
- Module 3 — REST: Fully RESTful URL structure. Nouns, not verbs. Proper nesting for order items.
- Module 4 — Middleware: Request logger, authentication middleware, admin authorization middleware, centralized error handler.
- Module 6 — SQL: At least one raw SQL query with a JOIN (for order history with product details).
- Module 8 — Auth: JWT access tokens (15 min) + refresh token rotation (httpOnly cookie, 30 days).
- Module 9 — Passwords: bcrypt with 12 rounds. Constant-time comparison. No information leakage on login failure.
- Module 10 — RBAC: Separate middleware for customer and admin routes. Ownership checks on orders.
- Module 11 — Webhooks: Stripe webhook endpoint with signature verification. Idempotent processing.
- Module 13 — Background Jobs: BullMQ worker for sending order confirmation emails asynchronously.
- Module 14 — Config: All secrets in environment variables. Validation on startup. Rate limiting on auth routes.
- Module 15 — Docker: Dockerfile and docker-compose.yml that spins up API + PostgreSQL + Redis.
Deployment Checklist
Before calling this project complete, verify every item on this production readiness list:
- ✅ All endpoints tested with a tool like Postman or Bruno (export the collection)
- ✅ Environment variables documented in
.env.example - ✅ No secrets committed to Git (
git log --all --full-history -- .env) - ✅ API deployed to Railway, Render, or DigitalOcean with HTTPS enabled
- ✅ Stripe webhook configured to point at your live deployment URL
- ✅ README.md documents: what the project is, how to run it locally, how to run tests, all API endpoints
Portfolio Presentation: Don't just deploy it and move on. Document your architecture decisions in the README. Why PostgreSQL over MongoDB? Why BullMQ over inline email sending? Why JWT over sessions? Articulating these decisions in interviews is what converts a portfolio project into a job offer.
Knowledge Check
Ready to test your understanding of 21. Backend Capstone Project?