NexusFlow is a senior-level enterprise order processing platform engineered for high concurrency, scalability, and data integrity. It orchestrates a secure Spring Boot backend with a responsive React frontend, utilizing event-driven architecture to handle complex workflows efficiently.
- Problem: In high-concurrency environments, multiple users might attempt to purchase the last item simultaneously ("The Lost Update" problem).
- Solution: Implemented JPA
@Versionbased optimistic locking onProductentities. - Outcome: Ensures strict ACID compliance. If concurrent transactions conflict, the system detects the version mismatch and handles the
ObjectOptimisticLockingFailureExceptiongracefully, preventing negative stock and ensuring data consistency.
- Decoupling: Order placement is decoupled from heavy post-processing tasks (inventory sync, notifications, analytics).
- Resilience: Uses RabbitMQ to buffer events. If downstream services fail, messages persist in the
order_placed_queuefor retry, ensuring zero data loss. - Performance: shifting heavy lifting to async workers reduces the Order API response time to ~100ms, compared to seconds in synchronous systems.
- Stateless Authentication: Secured via Spring Security and JWT (JSON Web Tokens).
- Role-Based Access Control (RBAC): Fine-grained permissions for
UserandAdminroles protecting sensitive endpoints.
- Bean Validation: All DTOs validated with
@Valid,@NotNull,@Min,@Max,@NotBlankannotations. - Detailed Error Messages: User-friendly validation error responses with field-specific messages.
- Custom Exceptions:
ResourceNotFoundException,InsufficientStockExceptionfor business logic errors. - Optimistic Locking Handler: Graceful handling of concurrent modification conflicts.
- Structured Error Responses: Consistent error format with timestamp, status, message, and validation errors.
- Interactive API Explorer: Full REST API documentation with try-it-out functionality.
- JWT Integration: Built-in authentication support in Swagger UI.
- Spring Actuator: Health checks, metrics, and application monitoring endpoints.
- Structured Logging: SLF4J with contextual logging across all services.
The system follows a microservices-inspired architecture managed via Docker Compose:
- Frontend: React (Vite) + TypeScript for a type-safe, performant UI.
- Backend: Spring Boot 3.2 REST API.
- Database: PostgreSQL 15 (Relational/ACID).
- Message Broker: RabbitMQ (Async messaging).
graph TD
Client[React Client] -->|REST API| Server[Spring Boot Server]
Server -->|Read/Write| DB[(PostgreSQL)]
Server -->|Publish Event| MQ[RabbitMQ]
MQ -->|Consume Event| Listener["Async Worker (Internal)"]
- Framework: Spring Boot 3.2
- Language: Java 17
- Data: Spring Data JPA, PostgreSQL
- Security: Spring Security, JWT (io.jsonwebtoken)
- Messaging: Spring AMQP (RabbitMQ)
- Tools: Lombok, Maven
- Framework: React 19
- Build Tool: Vite 7
- Language: TypeScript 5
- Routing: React Router DOM 7
- HTTP Client: Axios
- Styling: Vanilla CSS (Modular & Responsive)
docker-compose up --build- Frontend: http://localhost:5173
- API: http://localhost:8080
- Swagger: http://localhost:8080/swagger-ui.html (use the token field to authorize)
- Health/Metrics: http://localhost:8080/actuator/health, http://localhost:8080/actuator/metrics
- RabbitMQ UI: http://localhost:15672 (guest/guest)
- Docker Desktop (Required)
- Java 17+ & Node.js 18+ (Optional, for local non-Docker dev)
Run the entire stack with a single command:
docker-compose up --buildAccess Points:
- Frontend: http://localhost:5173
- Backend API: http://localhost:8080
- Swagger UI: http://localhost:8080/swagger-ui.html
- API Docs: http://localhost:8080/api-docs
- Health Check: http://localhost:8080/actuator/health
- Metrics: http://localhost:8080/actuator/metrics
- RabbitMQ Dashboard: http://localhost:15672 (User:
guest, Pass:guest)
- Backend:
cd server && mvn spring-boot:run - Frontend:
cd client && npm install && npm run dev - Tests:
cd server && mvn test - Frontend build check:
cd client && npm run build - Health check:
curl http://localhost:8080/actuator/health
- Register or login at
/api/auth/registeror/api/auth/login(Swagger is the fastest way to try it). - In Swagger, paste the JWT in Authorize without the
Bearerprefix. - Default role:
ROLE_CUSTOMER; promote to admin manually or use the seeded admin credentials below.
- Default admin (dev/demo):
admin/admin123(seed is enabled whenSEED_ENABLED=true, default). - Sample products are auto-created when the DB is empty.
update users set role = 'ROLE_ADMIN' where username = 'your_username';- Workflow:
.github/workflows/ci.yml - Backend:
mvn verifyinserver - Frontend:
npm ci && npm run buildinclient
Note: Use JDK 17 for local Maven builds. Using newer JDKs (e.g., 21/23) can trigger
TypeTag :: UNKNOWNjavac errors with Lombok; Docker Compose already uses the correct JDK.
- Start services, then open http://localhost:8080/swagger-ui.html
- Click Authorize and paste your JWT (no
Bearerprefix needed) - Try any endpoint directly from the UI
- All request DTOs are validated (
@Valid,@NotNull,@Min,@NotBlank) - Errors return a structured payload:
timestamp,status,error,message,path, andvalidationErrors - Concurrency conflicts return HTTP 409 with guidance to retry
- Health:
/actuator/health - Metrics:
/actuator/metrics - Prometheus scrape:
/actuator/prometheus
- User: Register a new account via the UI.
- Admin: Manually update the database
userstable to promote a user toROLE_ADMINto access inventory management features.
- Integration Testing: Add Testcontainers to simulate real PostgreSQL/RabbitMQ instances during CI/CD.
- Observability: Integrate Prometheus and Grafana for metrics monitoring.