endpoints
~25
Back to Projects
Project Detail
Abe Garage Backend
Express.js REST API that implements core garage operations: user (employee/customer) management, vehicle registry, service catalog CRUD, order lifecycle (create/assign/complete/delete), and transactional email notifications. Implements aut...
Backend EngineerDuration: 3 monthsType: platform
Key Achievement Metrics
models
5
estimated_loc
~1.2k
Architecture View
Processing state: architecture signal graph is initializing...
Decision Log
Cookie-based JWT (httpOnly cookie) for authentication
httpOnly cookies prevent client JavaScript access (mitigates simple XSS extraction). Easier to integrate with browser-based clients and same-site policies.
Trade-off: Increases CSRF surface unless additional CSRF protections are added; requires correct sameSite/secure settings for cross-site use; cookie approach is stateful from a browser perspective (but token itself is stateless).
Mongoose ODM for persistence
Mongoose simplifies schema definition, population of refs, and common query patterns used across services.
Trade-off: Adds abstraction overhead and can hide inefficient queries; harder to fine-tune raw queries vs native driver.
Synchronous email sends from service layer (with production short-circuit)
Simpler implementation with immediate feedback during dev/test; production safety avoids runtime failures due to expired refresh tokens.
Trade-off: Synchronous calls increase latency for write operations; no background retries or delivery guarantees beyond Nodemailer response; real production should use a queue or transactional outbox.
Architecture Narrative
Challenge
Provides a single back-end service to operate an auto-repair shop workflow (register customers, add vehicles, create service orders, assign employees, notify customers) and administrative staff management.
Solution
Monolithic single-process Node.js application (Express) with a layered code organization (middleware → controllers → services → models) and direct integration to MongoDB via Mongoose. Packaged with Docker for deployment.
Result
Key measurable signals: endpoints (~25), models (5), estimated_loc (~1.2k).
Trade-off Matrix
| Dimension | Selected Option | Impact | Compromise |
|---|---|---|---|
| Authentication storage | httpOnly JWT cookie | Reduced exposure to JS-based token theft (XSS), seamless browser integration | Requires CSRF mitigations; cookie policies must be correct for cross-site scenarios |
| Email delivery model | Synchronous sends in service layer, short-circuit in production | Simple implementation and immediate developer feedback in dev/test | Adds latency to write operations and has no retry/DLQ; not robust under load |
What I'd Do Differently
+
Add an asynchronous job queue (Redis + BullMQ or RabbitMQ) for email and other long-running side effects; include retry/backoff and dead-lettering.
+
Add structured logging, metrics and tracing (e.g., Winston/Elastic or Prometheus + Grafana) and an error aggregation tool (Sentry) to produce measurable telemetry.