🍽️ Dishly Restaurant Backend

Modern RESTful API for restaurant management with cart, orders, payments, and reviews.

🌐 Live Application

• Frontend: https://fullsnack-one.vercel.app/
• Backend API: https://fullsnack.up.railway.app/
• API Documentation: https://fullsnack.up.railway.app/api-docs/

⚡ Key Features

Core Functionality

• JWT Authentication - Access & refresh tokens with email verification
• Shopping Cart - Add single/multiple items with automatic discount application
• Order Management - Create orders with delivery info, multiple payment methods
• Stripe Payment - Secure checkout with webhook confirmation
• Auto Ratings - Menu items update average rating automatically with each review
• Special Offers - Percentage discounts auto-apply to eligible items

Technical Highlights

• TTL Orders - Pending orders auto-expire after 10 minutes
• Batch Operations - Add multiple cart items in one request
• Role-Based Access - Admin and Customer permissions
• Rate Limiting - Prevent brute force on auth endpoints
• Swagger Docs - Interactive API testing interface

🛠️ Tech Stack

• Backend: Node.js, Express v5
• Database: MongoDB + Mongoose
• Auth: JWT, bcrypt
• Payment: Stripe v19.2.0
• Validation: Joi
• Docs: Swagger UI

🚀 Getting Started

Installation

git clone https://github.com/AbdoAbdelfatah/Dishly_Backend.git
cd Dishly_Backend
npm install

Environment Setup

Create .env:

PORT=5000
MONGO_URI=your_mongodb_uri
ACCESS_TOKEN_SECRET=your_secret
REFRESH_TOKEN_SECRET=your_secret
JWT_SECRET=your_secret

STRIPE_SECRET_KEY=your_stripe_key
STRIPE_WEBHOOK_SECRET=your_webhook_secret

EMAIL_SERVICE=gmail
EMAIL_USER=your_email
EMAIL_PASSWORD=your_password

FRONTEND_URL=https://fullsnack-one.vercel.app

Run

npm start      # Production
npm run dev    # Development

📚 API Overview

Authentication

POST   /user/register              - Register new user
GET    /user/confirm-email/:id     - Confirm email
POST   /user/login                 - Login (returns JWT)
POST   /user/refresh               - Refresh access token
GET    /user/me                    - Get current user
PATCH  /user/update                - Update profile

Menu Items

GET    /menu-items                 - Get all items
GET    /menu-items/category/:cat   - Filter by category
POST   /menu-items                 - Create (Admin only)
PUT    /menu-items/:id             - Update (Admin only)
DELETE /menu-items/:id             - Delete (Admin only)

Cart (Customer only)

GET    /cart                       - Get user cart
POST   /cart/items                 - Add items (single or array)
PATCH  /cart/items                 - Update quantity
DELETE /cart/items                 - Remove item
DELETE /cart                       - Clear cart

Orders (Customer only)

POST   /orders/checkout            - Create order from cart
GET    /orders                     - Get user order history
GET    /orders/:id                 - Get order details
GET    /orders/all                 - Get all orders (Admin)

Reviews (Customer only)

POST   /comments                   - Create review (auto-updates rating)
GET    /comments/menu-item/:id     - Get item reviews

Offers (Admin only)

GET    /offers                     - Get all offers
POST   /offers                     - Create offer
PUT    /offers/:id                 - Update offer
DELETE /offers/:id                 - Delete offer

🔑 Authentication

Add JWT token to protected endpoints:

Authorization: Bearer <your-access-token>

💡 How It Works

Automatic Discounts

When adding items to cart, system checks for active offers and applies best discount automatically. Stores both original and discounted prices.

Rating System

When customer submits review (1-5 stars), system aggregates all ratings for that menu item using MongoDB aggregation and updates the menu item's average rating instantly.

Payment Flow

1. Customer creates order → 2. Stripe checkout session → 3. Payment on Stripe → 4. Webhook confirms → 5. Order marked confirmed → 6. Cart cleared

Order Expiration

Pending orders have TTL of 10 minutes using MongoDB TTL index. Once confirmed, they persist indefinitely.

📦 Project Structure

src/
├── config/          # DB & Swagger config
├── middlewares/     # Auth, validation, error handling
├── models/          # Mongoose schemas
├── modules/         # Feature modules (user, cart, order, etc)
│   └── */
│       ├── *.controller.js
│       ├── *.service.js
│       ├── *.routes.js
│       └── *.validation.js
└── utils/           # Helper functions

🔒 Security

• Bcrypt password hashing (10 rounds)
• JWT access & refresh tokens
• HTTP-only cookies for refresh tokens
• Rate limiting (5 req/10min on auth)
• Joi input validation
• Stripe webhook signature verification
• CORS configuration

🌍 Deployment

Backend: Railway
Frontend: Vercel
Database: MongoDB Atlas

Stripe Webhook Setup

1. Go to Stripe Dashboard → Webhooks
2. Add endpoint: https://fullsnack.up.railway.app/payment/webhook
3. Select event: checkout.session.completed
4. Copy secret to STRIPE_WEBHOOK_SECRET

📖 API Documentation

Visit https://fullsnack.up.railway.app/api-docs/ for full interactive API documentation with request/response examples.

---

Try it live: https://fullsnack-one.vercel.app/