Version: 1.0.0
Date: 2025-05-27
Author: Senior Software Engineer
- Introduction
- System Architecture
- Database Schema
- API Endpoints
- Authentication
- Business Logic
- Validation Rules
- Error Handling
- Performance Requirements
- Security Requirements
- Integration Requirements
This document outlines the backend requirements for the Logistics Portfolio application. The application is a logistics management system that allows clients to submit shipment requests, track packages, and manage their shipment history. The backend services described here should support all frontend functionalities while maintaining clean code architecture and following OOP best practices.
The Logistics Portfolio is built as a Next.js application with the following main features:
- Client dashboard with quick access to core functionalities
- Simplified shipment submission flow
- Shipment tracking and history
- Awaiting deliveries management
- User authentication and profile management
The backend should follow a clean architecture approach with the following layers:
- Presentation Layer: API Controllers/Endpoints
- Business Logic Layer: Services implementing core business rules
- Data Access Layer: Repositories for database operations
- Domain Layer: Entity models and business rules
- Runtime: Node.js (v18+)
- Framework: Express.js or NestJS
- Database: PostgreSQL (primary), Redis (caching)
- Authentication: JWT with refresh token mechanism
- Documentation: OpenAPI/Swagger
CREATE TABLE users (
id SERIAL PRIMARY KEY,
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
full_name VARCHAR(255) NOT NULL,
phone VARCHAR(50),
address TEXT,
city VARCHAR(100),
state VARCHAR(100),
zip VARCHAR(20),
country VARCHAR(100),
profile_image_url VARCHAR(255),
is_verified BOOLEAN DEFAULT FALSE,
verification_token VARCHAR(255),
reset_password_token VARCHAR(255),
reset_password_expires TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_login TIMESTAMP
);CREATE TABLE shipments (
id SERIAL PRIMARY KEY,
tracking_code VARCHAR(50) UNIQUE NOT NULL,
user_id INTEGER REFERENCES users(id),
-- Client (Recipient) Information
client_name VARCHAR(255) NOT NULL,
client_email VARCHAR(255) NOT NULL,
client_phone VARCHAR(50) NOT NULL,
client_address TEXT,
client_city VARCHAR(100),
client_state VARCHAR(100),
client_zip VARCHAR(20),
client_country VARCHAR(100),
-- Origin Information
origin_country VARCHAR(100) NOT NULL,
origin_city VARCHAR(100),
origin_address TEXT,
origin_state VARCHAR(100),
origin_contact_name VARCHAR(255),
-- Package Details
freight_type VARCHAR(50) NOT NULL,
package_type VARCHAR(50) NOT NULL,
package_category VARCHAR(50) NOT NULL,
package_description TEXT NOT NULL,
package_weight VARCHAR(50),
package_value DECIMAL(10,2),
package_note TEXT,
-- Status and Tracking
status VARCHAR(50) NOT NULL,
estimated_arrival TIMESTAMP,
actual_arrival TIMESTAMP,
items_count INTEGER DEFAULT 1,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);CREATE TABLE shipment_status_history (
id SERIAL PRIMARY KEY,
shipment_id INTEGER REFERENCES shipments(id),
status VARCHAR(50) NOT NULL,
location VARCHAR(255),
notes TEXT,
created_by INTEGER REFERENCES users(id),
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);CREATE TABLE addresses (
id SERIAL PRIMARY KEY,
user_id INTEGER REFERENCES users(id),
address_type VARCHAR(50) NOT NULL, -- 'home', 'work', 'other'
full_name VARCHAR(255),
address_line1 TEXT NOT NULL,
address_line2 TEXT,
city VARCHAR(100) NOT NULL,
state VARCHAR(100),
zip VARCHAR(20),
country VARCHAR(100) NOT NULL,
phone VARCHAR(50),
is_default BOOLEAN DEFAULT FALSE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);CREATE TABLE notifications (
id SERIAL PRIMARY KEY,
user_id INTEGER REFERENCES users(id),
shipment_id INTEGER REFERENCES shipments(id),
title VARCHAR(255) NOT NULL,
message TEXT NOT NULL,
is_read BOOLEAN DEFAULT FALSE,
notification_type VARCHAR(50) NOT NULL, -- 'status_update', 'delivery', 'reminder', etc.
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);POST /api/auth/login- User loginPOST /api/auth/register- User registrationPOST /api/auth/logout- User logoutPOST /api/auth/refresh-token- Refresh JWT tokenPOST /api/auth/forgot-password- Request password resetPOST /api/auth/reset-password- Reset password with tokenGET /api/auth/verify-email/:token- Verify email with tokenGET /api/auth/me- Get current user profile
GET /api/users/profile- Get user profilePUT /api/users/profile- Update user profilePUT /api/users/password- Change passwordPOST /api/users/profile-image- Upload profile image
POST /api/shipments- Create new shipmentGET /api/shipments- List all shipments for current userGET /api/shipments/awaiting- List awaiting shipmentsGET /api/shipments/history- List shipment historyGET /api/shipments/:trackingCode- Get shipment details by tracking codeGET /api/shipments/:id- Get shipment details by ID (admin only)PUT /api/shipments/:id/status- Update shipment status (admin only)
GET /api/addresses- List all addresses for current userPOST /api/addresses- Add new addressPUT /api/addresses/:id- Update addressDELETE /api/addresses/:id- Delete addressPUT /api/addresses/:id/default- Set address as default
GET /api/notifications- List all notifications for current userPUT /api/notifications/:id/read- Mark notification as readPUT /api/notifications/read-all- Mark all notifications as readDELETE /api/notifications/:id- Delete notification
GET /api/track/:trackingCode- Track shipment by tracking code (public)
- User authenticates with email/password and receives JWT access token and refresh token
- Access token is included in Authorization header for all authenticated requests
- When access token expires, use refresh token to get a new access token
- Implement token revocation on logout
- Login:
email,password,rememberMe(boolean) - Registration:
email,password,fullName,phone(optional)
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": 3600
}- Client fills out package origin and details form
- System validates input data
- System generates a unique tracking code
- System creates shipment record with status "PENDING"
- System sends confirmation email to client
- System creates first status history record
The shipment status follows this progression:
- PENDING: Initial state after submission
- RECEIVED: Package received at origin warehouse
- IN_TRANSIT: Package in transit to destination
- ARRIVED: Package arrived at destination warehouse
- DELIVERED: Package delivered to recipient
Implement integration with OpenStreetMap API for address auto-completion:
- Endpoint:
https://nominatim.openstreetmap.org/search - Parameters:
format=jsonv2&q={query}&countrycodes=1
- Email: Valid email format (regex:
/^[^\s@]+@[^\s@]+\.[^\s@]+$/) - Password: Minimum 8 characters, at least one uppercase letter, one lowercase letter, one number
- Phone: Valid international phone format
- Origin Country: Required
- Package Type: Required, must be one of predefined types
- Package Category: Required, must be one of predefined categories
- Package Description: Required, minimum 10 characters
- Freight Type: Required, default to 'air'
Implement standardized error responses:
{
"success": false,
"error": {
"code": "VALIDATION_ERROR",
"message": "Invalid input data",
"details": [
{
"field": "clientEmail",
"message": "Invalid email format"
}
]
}
}AUTHENTICATION_ERROR: Authentication failedAUTHORIZATION_ERROR: User not authorized for actionVALIDATION_ERROR: Input validation failedRESOURCE_NOT_FOUND: Requested resource not foundSERVER_ERROR: Internal server error
- API response time should be under 200ms for most endpoints
- Support handling at least 100 concurrent users
- Implement pagination for list endpoints (default page size: 10)
- Implement caching for frequently accessed data (shipment details, tracking info)
- Database queries should be optimized with proper indexing
- Implement rate limiting to prevent brute force attacks
- Store passwords using bcrypt with appropriate salt rounds
- Implement CORS with proper origin restrictions
- Sanitize all user inputs to prevent SQL injection and XSS
- Use HTTPS for all communications
- Implement proper input validation on all endpoints
- Log all authentication events and sensitive operations
- Implement email notifications for:
- Shipment submission confirmation
- Status updates
- Delivery confirmation
- Account verification
- Password reset
- Implement SMS notifications for critical status updates
-
OpenStreetMap API: For address auto-completion
- Endpoint:
https://nominatim.openstreetmap.org/search
- Endpoint:
-
Payment Gateway (if applicable):
- Support for major payment processors
- Secure handling of payment information
-
Analytics Integration:
- Track shipment metrics
- Monitor user engagement
- Follow RESTful API design principles
- Document all endpoints with OpenAPI/Swagger
- Write unit tests for all business logic functions
- Implement logging for debugging and monitoring
- Use environment variables for all configuration
- Follow OOP principles and clean code architecture
- Implement database migrations for schema changes
- Document all database schema changes
This document serves as a comprehensive guide for backend developers to implement the required services, APIs, and database schema for the Logistics Portfolio application. It should be updated as requirements evolve.