{"id":2868,"date":"2025-09-12T17:04:08","date_gmt":"2025-09-12T17:04:08","guid":{"rendered":"https:\/\/codeinsightacademy.com\/blog\/?p=2868"},"modified":"2025-09-12T17:13:08","modified_gmt":"2025-09-12T17:13:08","slug":"e-commerce","status":"publish","type":"post","link":"https:\/\/codeinsightacademy.com\/blog\/projects\/e-commerce\/","title":{"rendered":"E-Commerce"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm.png\"><img loading=\"lazy\" width=\"1024\" height=\"585\" src=\"https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm-1024x585.png\" alt=\"\" class=\"wp-image-2871\" srcset=\"https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm-1024x585.png 1024w, https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm-300x171.png 300w, https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm-768x439.png 768w, https:\/\/codeinsightacademy.com\/blog\/http:\/\/codeinsightacademy.com\/blog\/wp-content\/uploads\/2025\/09\/Gemini_Generated_Image_9qqmva9qqmva9qqm.png 1344w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h3>PRD: E-commerce CRUD Application<\/h3>\n\n\n\n<p>This PRD is intentionally generic and framework-agnostic for freshers. It supports MySQL as the primary database, with interchangeable backends (Python Flask\/FastAPI, Java Spring Boot, Node Express) and frontends (Vanilla JS, React, Next.js).<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>1) Overview<\/h2>\n\n\n\n<ul><li>Goal: Build a simple e-commerce CRUD app with products, carts, and three roles: Admin, Seller, Customer.<\/li><li>Core features:<\/li><li>List Products<\/li><li>Product Details<\/li><li>Add to Cart<\/li><li>Update Product in Cart<\/li><li>Delete Product from Cart<\/li><li>List Carts<\/li><li>Constraints:<\/li><li>Database: MySQL<\/li><li>Backend: Python (Flask or FastAPI) or Java Spring Boot or Node Express<\/li><li>Frontend: Vanilla JS or React or Next.js<\/li><li>Clean separation of concerns and RESTful API design<\/li><li>Authentication and Role-Based Access Control (RBAC)<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>2) Personas and Roles<\/h2>\n\n\n\n<ul><li>Admin<\/li><li>Manages users and sellers<\/li><li>Can CRUD any product<\/li><li>Can view all carts and audit activity<\/li><li>Seller<\/li><li>Manages own products only<\/li><li>Can view orders that include their products (if implemented as a stretch)<\/li><li>Customer\/Buyer<\/li><li>Browses products<\/li><li>Manages own cart<\/li><li>Checks out cart (stretch)<\/li><\/ul>\n\n\n\n<p>RBAC summary:<\/p>\n\n\n\n<ul><li>Admin: Full access<\/li><li>Seller: CRUD only own products, read others\u2019 product listings<\/li><li>Customer: Read product listings, manage own cart<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>3) Scope and Features<\/h2>\n\n\n\n<h3>3.1 Product Management<\/h3>\n\n\n\n<ul><li>Create Product<\/li><li>Read Product List<\/li><li>Read Product Detail<\/li><li>Update Product<\/li><li>Delete Product<\/li><li>Constraints:<\/li><li>Seller can only modify products they own<\/li><li>Admin can modify any product<\/li><li>Customers cannot modify products<\/li><\/ul>\n\n\n\n<h3>3.2 Cart Management<\/h3>\n\n\n\n<ul><li>Add to Cart<\/li><li>Update Product Quantity in Cart<\/li><li>Remove Product from Cart<\/li><li>View Cart<\/li><li>Constraints:<\/li><li>One open cart per customer at a time<\/li><li>If cart does not exist, create on first add<\/li><li>Quantity must be positive integer<\/li><li>Enforce stock minimum of 0 on update (no negative stock; oversell prevention optional)<\/li><\/ul>\n\n\n\n<h3>3.3 Authentication and Authorization<\/h3>\n\n\n\n<ul><li>Register\/Login<\/li><li>Session or JWT-based auth<\/li><li>Role assignment at registration by Admin (students may seed roles)<\/li><li>Middleware to enforce role-based access<\/li><\/ul>\n\n\n\n<h3>3.4 Non-Goals (Out of Scope for MVP)<\/h3>\n\n\n\n<ul><li>Payments and checkout processing<\/li><li>Inventory reservations and order lifecycle<\/li><li>Reviews\/ratings, wishlists<\/li><li>Media storage beyond product image URL<\/li><li>Internationalization, taxes, shipping<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>4) Functional Requirements<\/h2>\n\n\n\n<h3>4.1 User Stories<\/h3>\n\n\n\n<ul><li>As a Customer, I can view a list of products with pagination and search.<\/li><li>As a Customer, I can view product details.<\/li><li>As a Customer, I can add a product to my cart, update quantities, and remove items.<\/li><li>As a Customer, I can view my current cart and total cost.<\/li><li>As a Seller, I can create, update, and delete my products.<\/li><li>As a Seller, I can view only my products in a \u201cMy Products\u201d view.<\/li><li>As an Admin, I can manage all products and view all carts.<\/li><li>As an Admin, I can manage users and assign roles.<\/li><\/ul>\n\n\n\n<h3>4.2 API Endpoints (REST, generic)<\/h3>\n\n\n\n<p>Auth:<\/p>\n\n\n\n<ul><li>POST \/api\/auth\/register<\/li><li>POST \/api\/auth\/login<\/li><li>GET \/api\/auth\/me<\/li><\/ul>\n\n\n\n<p>Products:<\/p>\n\n\n\n<ul><li>GET \/api\/products?search=&amp;category=&amp;sort=&amp;page=&amp;pageSize=<\/li><li>GET \/api\/products\/:id<\/li><li>POST \/api\/products [Seller, Admin]<\/li><li>PUT \/api\/products\/:id [Owner Seller, Admin]<\/li><li>DELETE \/api\/products\/:id [Owner Seller, Admin]<\/li><\/ul>\n\n\n\n<p>Carts:<\/p>\n\n\n\n<ul><li>GET \/api\/carts\/me [Customer]<\/li><li>POST \/api\/carts\/me\/items body: { productId, quantity } [Customer]<\/li><li>PUT \/api\/carts\/me\/items\/:itemId body: { quantity } [Customer]<\/li><li>DELETE \/api\/carts\/me\/items\/:itemId [Customer]<\/li><li>(Admin-only) GET \/api\/carts to list all carts, filter by userId<\/li><\/ul>\n\n\n\n<p>Users and Roles (Admin only):<\/p>\n\n\n\n<ul><li>GET \/api\/users<\/li><li>PUT \/api\/users\/:id\/role body: { role }<\/li><\/ul>\n\n\n\n<p>Response format:<\/p>\n\n\n\n<ul><li>JSON objects with consistent envelope: { data, error, meta }<\/li><li>Use proper HTTP status codes:<\/li><li>200 OK, 201 Created, 204 No Content<\/li><li>400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 409 Conflict, 422 Unprocessable, 500 Server Error<\/li><\/ul>\n\n\n\n<p>Validation:<\/p>\n\n\n\n<ul><li>Use server-side validation for all inputs<\/li><li>Return errors with field-level messages<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>5) Data Model (MySQL)<\/h2>\n\n\n\n<p>Tables and key columns:<\/p>\n\n\n\n<ul><li>users<\/li><li>id PK, uuid or bigint<\/li><li>email unique<\/li><li>password_hash<\/li><li>role enum(\u2018ADMIN\u2019, \u2018SELLER\u2019, \u2018CUSTOMER\u2019)<\/li><li>name<\/li><li>created_at, updated_at<\/li><li>products<\/li><li>id PK<\/li><li>seller_id FK -&gt; users.id<\/li><li>name<\/li><li>description TEXT<\/li><li>price DECIMAL(10,2)<\/li><li>stock INT<\/li><li>image_url VARCHAR(2048) NULL<\/li><li>category VARCHAR(255) NULL<\/li><li>created_at, updated_at<\/li><li>index(name), index(category)<\/li><li>carts<\/li><li>id PK<\/li><li>user_id FK -&gt; users.id unique for active\/open cart<\/li><li>status enum(\u2018OPEN\u2019, \u2018CHECKED_OUT\u2019) default \u2018OPEN\u2019<\/li><li>created_at, updated_at<\/li><li>unique(user_id, status=&#8217;OPEN&#8217;) logical uniqueness enforced by application or partial index emulation<\/li><li>cart_items<\/li><li>id PK<\/li><li>cart_id FK -&gt; carts.id<\/li><li>product_id FK -&gt; products.id<\/li><li>quantity INT<\/li><li>unit_price DECIMAL(10,2) snapshot at add time (optional for MVP; otherwise compute from products)<\/li><li>unique(cart_id, product_id)<\/li><li>created_at, updated_at<\/li><\/ul>\n\n\n\n<p>Indexes:<\/p>\n\n\n\n<ul><li>FK indexes on seller_id, user_id, cart_id, product_id<\/li><li>Search indexes on products.name, products.category<\/li><\/ul>\n\n\n\n<p>Referential integrity:<\/p>\n\n\n\n<ul><li>ON DELETE RESTRICT for product if present in cart_items (or cascade remove cart_items on product delete for teaching simplicity; discuss trade-offs)<\/li><li>ON DELETE CASCADE for cart -&gt; cart_items<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>6) Security and Auth<\/h2>\n\n\n\n<ul><li>Passwords: md5 or bcrypt<\/li><li>Auth: JWT or server sessions with HttpOnly cookies<\/li><li>RBAC middleware:<\/li><li>Admin routes: require role === ADMIN<\/li><li>Seller product writes: require role === SELLER and seller_id === current_user.id<\/li><li>Customer cart routes: require role === CUSTOMER and user_id === current_user.id<\/li><li>Input sanitation and validation<\/li><li>CORS configured for chosen frontend host<\/li><li>Prevent overposting by whitelisting fields<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>7) Non-Functional Requirements<\/h2>\n\n\n\n<ul><li>Performance:<\/li><li>Product list should return within 500 ms for 10k product dataset with indexes<\/li><li>Pagination default pageSize 20<\/li><li>Reliability:<\/li><li>Handle concurrent cart updates gracefully<\/li><li>Observability:<\/li><li>Basic request logging and error logging<\/li><li>Code Quality:<\/li><li>Layered architecture: routes\/controllers, services, repositories\/DAOs, models<\/li><li>Unit tests for services and repositories<\/li><li>Minimal integration tests for core flows<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>8) UX Requirements<\/h2>\n\n\n\n<ul><li>Views:<\/li><li>Product List: grid or table with name, price, stock, category, thumbnail<\/li><li>Product Detail: name, description, price, stock, image, add-to-cart<\/li><li>My Cart: line items, quantity controls, remove action, subtotal and total<\/li><li>Seller Dashboard: My Products CRUD<\/li><li>Admin Panel: Users list, role management, all carts view<\/li><li>Accessibility:<\/li><li>Semantic HTML where applicable<\/li><li>Keyboard navigation for cart quantity updates<\/li><li>Responsive:<\/li><li>Mobile-first layout<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>9) Acceptance Criteria<\/h2>\n\n\n\n<p>Product Listing<\/p>\n\n\n\n<ul><li>Given products exist, when a customer visits \/products, they see a paginated list with name, price, and image.<\/li><li>Searching by name returns matching items.<\/li><li>Clicking an item navigates to details.<\/li><\/ul>\n\n\n\n<p>Product Details<\/p>\n\n\n\n<ul><li>Given a product exists, details page shows name, description, price, stock, and add-to-cart button.<\/li><li>If stock is 0, add-to-cart is disabled.<\/li><\/ul>\n\n\n\n<p>Cart<\/p>\n\n\n\n<ul><li>Add to cart creates an OPEN cart if none exists.<\/li><li>Updating quantity reflects in totals immediately.<\/li><li>Removing an item deletes row and updates total.<\/li><li>Customers cannot access another user\u2019s cart.<\/li><\/ul>\n\n\n\n<p>Seller Product CRUD<\/p>\n\n\n\n<ul><li>Seller can create, edit, delete only their products.<\/li><li>Attempting to modify others\u2019 products returns 403.<\/li><\/ul>\n\n\n\n<p>Admin<\/p>\n\n\n\n<ul><li>Can list all carts and view any product.<\/li><li>Can change user roles.<\/li><\/ul>\n\n\n\n<p>API<\/p>\n\n\n\n<ul><li>All endpoints return appropriate status codes and validation errors.<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>10) Developer Guidance by Stack<\/h2>\n\n\n\n<p>Backend notes:<\/p>\n\n\n\n<ul><li>Flask\/FastAPI<\/li><li>Use SQLAlchemy + Alembic for migrations<\/li><li>Pydantic (FastAPI) for request\/response models<\/li><li>Spring Boot<\/li><li>Spring Security for auth, JPA\/Hibernate, Flyway\/Liquibase migrations<\/li><li>Node Express<\/li><li>TypeScript recommended, Prisma\/TypeORM\/Sequelize, Zod\/Joi validation<\/li><\/ul>\n\n\n\n<p>Frontend notes:<\/p>\n\n\n\n<ul><li>Vanilla JS<\/li><li>Fetch API, simple routing via hash or path<\/li><li>React<\/li><li>React Router, SWR\/React Query, controlled forms<\/li><li>Next.js<\/li><li>App Router, fetch from server components or client with SWR, API routes optional for demo<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>11) API Contracts (Sample Schemas)<\/h2>\n\n\n\n<p>Product (response)<\/p>\n\n\n\n<ul><li>id: number<\/li><li>name: string<\/li><li>description: string<\/li><li>price: number<\/li><li>stock: number<\/li><li>imageUrl: string|null<\/li><li>category: string|null<\/li><li>sellerId: number<\/li><\/ul>\n\n\n\n<p>Cart (response)<\/p>\n\n\n\n<ul><li>id: number<\/li><li>userId: number<\/li><li>status: &#8220;OPEN&#8221; | &#8220;CHECKED_OUT&#8221;<\/li><li>items: Array<\/li><li>total: number<\/li><\/ul>\n\n\n\n<p>CartItem (response)<\/p>\n\n\n\n<ul><li>id: number<\/li><li>productId: number<\/li><li>quantity: number<\/li><li>unitPrice: number<\/li><li>productSnapshot: { id, name, price, imageUrl } \/\/ optional<\/li><\/ul>\n\n\n\n<p>Error (response)<\/p>\n\n\n\n<ul><li>error: { code: string, message: string, details?: any }<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>12) Milestones<\/h2>\n\n\n\n<ul><li>Milestone 1: DB schema and migrations ready. Seed users with roles.<\/li><li>Milestone 2: Auth + RBAC middleware working.<\/li><li>Milestone 3: Products API and UI list\/detail.<\/li><li>Milestone 4: Cart API and UI end-to-end.<\/li><li>Milestone 5: Seller product CRUD UI.<\/li><li>Milestone 6: Admin basics: users list, role update, carts list.<\/li><li>Milestone 7: Tests and polish.<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>13) Evaluation Rubric for Students<\/h2>\n\n\n\n<ul><li>Correctness: Meets acceptance criteria and RBAC rules<\/li><li>Code Quality: Structure, readability, validation, error handling<\/li><li>DB Design: Keys, indexes, constraints, migrations<\/li><li>Security: Auth, password hashing, access controls<\/li><li>UX: Usable flows, responsive layout, basic accessibility<\/li><li>Tests: Coverage of core services and endpoints<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h2>14) Stretch Goals<\/h2>\n\n\n\n<ul><li>Checkout flow with order creation<\/li><li>Stock decrement on checkout<\/li><li>Product images upload to object storage<\/li><li>Sorting, filters, categories<\/li><li>Rate limiting and caching for product list<\/li><li>Swagger\/OpenAPI documentation<\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PRD: E-commerce CRUD Application This PRD is intentionally generic and framework-agnostic for freshers. It supports MySQL as the primary database, with interchangeable backends (Python Flask\/FastAPI, Java Spring Boot, Node Express) and frontends (Vanilla JS, React, Next.js). 1) Overview Goal: Build a simple e-commerce CRUD app with products, carts, and three roles: Admin, Seller, Customer. Core [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868"}],"collection":[{"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/comments?post=2868"}],"version-history":[{"count":2,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868\/revisions"}],"predecessor-version":[{"id":2872,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868\/revisions\/2872"}],"wp:attachment":[{"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/media?parent=2868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/categories?post=2868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codeinsightacademy.com\/blog\/wp-json\/wp\/v2\/tags?post=2868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}