Technical Specification
Technology Stack
| Category |
Technology |
Version |
Purpose |
| Frontend |
React |
18.2 |
UI framework for SPA |
| Frontend |
TypeScript |
5.2 |
Type-safe JavaScript |
| Backend |
Node.js |
20.x |
Runtime environment |
| Backend |
Express |
4.18 |
REST API framework |
| Database |
PostgreSQL |
15.x |
Primary transactional database |
| Cache |
Redis |
7.x |
Session & cart caching |
| Infrastructure |
Docker |
24.x |
Containerization |
| Infrastructure |
AWS ECS |
- |
Container orchestration |
| DevOps |
GitHub Actions |
- |
CI/CD pipeline |
API Endpoints
Authentication
| Endpoint |
Method |
Description |
/api/auth/register |
POST |
Register new user |
/api/auth/login |
POST |
Login and get JWT token |
/api/auth/refresh |
POST |
Refresh JWT token |
Products
| Endpoint |
Method |
Description |
/api/products |
GET |
List all products (paginated) |
/api/products/:id |
GET |
Get product details |
/api/products |
POST |
Create new product (admin only) |
/api/products/:id |
PUT |
Update product (admin only) |
Shopping Cart
| Endpoint |
Method |
Description |
/api/cart |
GET |
Get current user's cart |
/api/cart/items |
POST |
Add item to cart |
/api/cart/items/:id |
PUT |
Update item quantity |
/api/cart/items/:id |
DELETE |
Remove item from cart |
Authentication
Method: JWT Bearer Token
Authorization: Bearer <token>
Token expires in 15 minutes. Use /api/auth/refresh with refresh token to get new access token.
Error Codes
| Code |
Message |
Description |
| 400 |
Bad Request |
Invalid request payload |
| 401 |
Unauthorized |
Missing or invalid JWT token |
| 403 |
Forbidden |
Insufficient permissions |
| 404 |
Not Found |
Resource not found |
| 500 |
Internal Server Error |
Unexpected server error |
Data Models
Entity Relationship Diagram
erDiagram
USER ||--o{ ORDER : places
USER ||--o{ CART : has
CART ||--|{ CART_ITEM : contains
PRODUCT ||--o{ CART_ITEM : "in"
PRODUCT ||--o{ ORDER_ITEM : "in"
ORDER ||--|{ ORDER_ITEM : contains
ORDER ||--|| PAYMENT : has
USER {
uuid id PK
string email
string password_hash
string first_name
string last_name
timestamp created_at
}
PRODUCT {
uuid id PK
string name
text description
decimal price
int stock_quantity
string category
timestamp created_at
}
CART {
uuid id PK
uuid user_id FK
timestamp updated_at
}
CART_ITEM {
uuid id PK
uuid cart_id FK
uuid product_id FK
int quantity
}
ORDER {
uuid id PK
uuid user_id FK
decimal total_amount
string status
timestamp created_at
}
ORDER_ITEM {
uuid id PK
uuid order_id FK
uuid product_id FK
int quantity
decimal price_at_purchase
}
PAYMENT {
uuid id PK
uuid order_id FK
string payment_method
string status
string transaction_id
timestamp created_at
}
Data Dictionary
| Entity |
Key Attributes |
Description |
| USER |
email (unique), password_hash |
Customer accounts |
| PRODUCT |
name, price, stock_quantity |
Product catalog items |
| CART |
user_id |
Shopping cart (1 per user) |
| ORDER |
user_id, status, total_amount |
Customer orders |
| PAYMENT |
order_id, transaction_id, status |
Payment transactions |
Testing Strategy
Risk-Based Testing approach - prioritize tests by business impact:
Test Pyramid
- E2E Tests (2-5 per Story): Critical user flows (checkout, payment, registration)
- Integration Tests (3-8 per Story): API endpoints, database interactions
- Unit Tests (5-15 per Story): Business logic, validators, utilities
Total: 10-28 tests per Story (max)
Priority Matrix
Test scenarios with Priority ≥ 15 MUST be tested:
Priority = Business Impact (1-5) × Probability (1-5)
Test Focus
- ✅ Test OUR code (business logic, API endpoints)
- ❌ Skip framework code (Express middleware already tested)
- ❌ Skip trivial getters/setters (no business logic)