A full-stack web application for food ordering with role-based access control (RBAC) and country-based access management.
-Restaurant & Menu Management: Browse restaurants and view menu items
-Order Management: Create orders, add food items to cart
-Payment Processing: Checkout and pay using different payment methods
-Order Lifecycle: Place, track, and cancel orders
-Admin: Full access to all features across all countries
-Manager: Can view, order, and cancel orders (country-specific access)
-Member: Can view and add to cart only (country-specific access)
-India: Managers and Members from India can only access Indian restaurants and data
-America: Managers and Members from America can only access American restaurants and data
-Admin: Can access data from all countries
-Authentication: JWT-based authentication
-Authorization: Role-based and country-based middleware
-Database: MongoDB with Mongoose ODM
-Security: Helmet, CORS, Rate limiting
-API: RESTful API design
-Framework: Next.js 14 with App Router
-Styling: Tailwind CSS
-State Management: React hooks and context
-UI Components: Custom components with responsive design
| Function | Admin | Manager | Member |
| ----------------------------- | ----- | ----------- | ----------- |
| View restaurants & menu items | β | β | β |
| Create order (add food items) | β | β | β |
| Place order (checkout & pay) | β | β | β |
| Cancel order | β | β | β |
| Update payment method | β | β | β |
| Country access | All | Own country | Own country |
-Node.js (v18 or higher)
-MongoDB (v4.4 or higher)
-npm or yarn
gitclone <repository-url>
cdrestaurant-app
# Install root dependencies
npminstall
# Install backend dependencies
cdbackend
npminstall
# Install frontend dependencies
cd../frontend
npminstall
Create backend/.env file:
PORT=5000
MONGODB_URI=mongodb://localhost:27017/restaurant_app
JWT_SECRET=your_jwt_secret_key_here_make_it_very_long_and_secure
NODE_ENV=development
Create frontend/.env.local file:
NEXT_PUBLIC_API_URL=http://localhost:5000/api
# Using MongoDB service (Windows)
netstartMongoDB
# Using MongoDB directly
mongod
# Using Docker
dockerrun-d-p27017:27017--namemongodbmongo:latest
cdbackend
npmrunseed
This will create:
-6 test users with different roles and countries
-4 sample restaurants (2 in India, 2 in America)
-Sample menu items for each restaurant
# From root directory
npmrundev
# Terminal 1 - Backend
cdbackend
npmrundev
# Terminal 2 - Frontend
cdfrontend
npmrundev
# Build frontend
cdfrontend
npmrunbuild
# Start backend
cd../backend
npmstart
# Serve frontend
cd../frontend
npmstart
-Frontend: http://localhost:3000
-Backend API: http://localhost:5000/api
-API Health Check: http://localhost:5000/api/health
| Name | Email | Password | Role | Country |
| --------------- | --------------------------- | ---------- | ------- | ------- |
| Nick Fury | nick.fury@admin.com | admin123 | Admin | America |
| Captain Marvel | captain.marvel@manager.com | manager123 | Manager | India |
| Captain America | captain.america@manager.com | manager123 | Manager | America |
| Thanos | thanos@member.com | member123 | Member | India |
| Thor | thor@member.com | member123 | Member | India |
| Travis | travis@member.com | member123 | Member | America |
-POST /api/auth/register - Register new user
-POST /api/auth/login - User login
-GET /api/auth/profile - Get user profile
-GET /api/auth/verify - Verify JWT token
-GET /api/restaurants - Get restaurants (country-filtered)
-GET /api/restaurants/:id - Get restaurant details
-GET /api/restaurants/:id/menu - Get restaurant menu
-POST /api/restaurants - Create restaurant (Admin only)
-GET /api/orders - Get orders (role & country filtered)
-POST /api/orders - Create order (Admin/Manager only)
-PUT /api/orders/:id/status - Update order status
-PUT /api/orders/:id/cancel - Cancel order (Admin/Manager only)
-GET /api/payments/methods - Get payment methods
-POST /api/payments/process - Process payment
-POST /api/payments/methods - Add payment method (Admin only)
-GET /api/users - Get all users
-PUT /api/users/:id - Update user
-DELETE /api/users/:id - Delete user
1.Admin Access:
- Login as Nick Fury
- Can see restaurants from both countries
- Can place and cancel orders
- Can manage payment methods
2.Manager Access:
- Login as Captain Marvel (India) or Captain America (America)
- Can only see restaurants from their country
- Can place and cancel orders
- Cannot manage payment methods
3.Member Access:
- Login as Thanos, Thor (India) or Travis (America)
- Can only see restaurants from their country
- Can add items to cart but cannot place orders
- Cannot cancel orders or manage payments
-JWT Authentication: Secure token-based authentication
-Password Hashing: bcrypt with salt rounds
-Rate Limiting: API rate limiting to prevent abuse
-CORS: Configured for secure cross-origin requests
-Helmet: Security headers for Express
-Input Validation: Server-side validation for all inputs
-Runtime: Node.js
-Framework: Express.js
-Database: MongoDB
-ODM: Mongoose
-Authentication: JSON Web Tokens (JWT)
-Password Hashing: bcryptjs
-Security: Helmet, CORS, express-rate-limit
-Framework: Next.js 14
-Language: TypeScript
-Styling: Tailwind CSS
-HTTP Client: Fetch API
-Routing: Next.js App Router
restaurant-app/
βββ backend/
β βββ models/ # Database models
β βββ routes/ # API routes
β βββ middleware/ # Auth & validation middleware
β βββ scripts/ # Database seeding scripts
β βββ server.js # Express server
βββ frontend/
β βββ app/ # Next.js app directory
β βββ components/ # React components
β βββ lib/ # Utility functions
β βββ styles/ # CSS styles
βββ README.md
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License.
Built with β€οΈ using Next.js, Node.js, and MongoDB