Security-first e-commerce platform with AI-powered fraud detection, full audit traceability, and real-time threat visibility dashboard.
┌─────────────────────────────────────────────────────────────────┐
│ FRONTEND (React + Vite) │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐ │
│ │ Customer Shop│ │ Admin Panel │ │ Security Dashboard │ │
│ └──────────────┘ └──────────────┘ └──────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
│ REST API
▼
┌─────────────────────────────────────────────────────────────────┐
│ NODE.JS / EXPRESS BACKEND │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐ │
│ │Auth (JWT/MFA)│ │ E-Commerce │ │ Security Middleware │ │
│ └──────────────┘ └──────────────┘ └──────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
│ Redis Pub/Sub
▼
┌─────────────────────────────────────────────────────────────────┐
│ PYTHON FRAUD DETECTION MICROSERVICE │
│ ┌────────────────────┐ ┌──────────────────────────────────┐ │
│ │ FastAPI Server │ │ Random Forest ML Model │ │
│ └────────────────────┘ └──────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
- Node.js 18+
- Python 3.11+
- Docker & Docker Compose
- MongoDB 7+
- Redis 7+
- Clone the repository
git clone https://github.com/yourusername/secure-commerce.git
cd secure-commerce
2. Set up environment variables
cp .env.example .env
# Edit .env with your configuration
3. Start with Docker Compose
docker-compose up -d
Backend:
cd backend
npm install
npm run dev
Frontend:
cd frontend
npm install
npm run dev
Fraud Service:
cd fraud-service
pip install -r requirements.txt
uvicorn app.main:app --reload --port 8000
- JWT authentication with access/refresh token rotation
- MFA via TOTP (Google Authenticator)
- RBAC with three roles: Customer, Admin, Auditor
- Rate limiting & brute force protection
- Input sanitization (NoSQL injection, XSS prevention)
- Secure headers (Helmet, CSP, HSTS)
- Product catalog with categories, search, and filtering
- Shopping cart with session/anonymous support
- Order management with status tracking
- Payment simulation
- Random Forest ML model
- Real-time transaction scoring via Redis pub/sub
- Heuristic fallback when ML service unavailable
- Fraud review queue with approve/reject workflow
- Security Dashboard: Live audit feed, threat alerts, IP threat map
- Admin Panel: Product/Order/User management
- Analytics: Revenue trends, top products, fraud statistics
- API Endpoints
| Feature | Implementation |
|---|---|
| Authentication | JWT + Refresh Token Rotation |
| MFA | TOTP (speakeasy) |
| RBAC | Customer, Admin, Auditor roles |
| RateLimiting | express-rate-limit |
| Headers | Helmet (CSP, HSTS, X-Frame) |
| InputValidation | Zod schemas |
| NoSQLInjection | express-mongo-sanitize |
| AuditLogging | Immutable audit collection |
| FraudDetection | Random Forest ML + Heuristics |