A robust and scalable RESTful API for a modern e-commerce platform, built with .NET 10 and following Clean Architecture principles. This project serves as a powerful backend foundation for any e-commerce frontend application (Web, Mobile, etc.).
Explore the live API documentation and test the endpoints directly in your browser:
Live Swagger UI: mahmoudstore.runasp.net/swagger
- About The Project
- Architectural Highlights
- Core Features
- Security Deep-Dive
- Performance & Scalability
- Testing Strategy
- Built With
- Getting Started
This project provides a complete set of backend services required for an e-commerce application. It handles everything from user authentication and product management to order processing and secure payments. The codebase is designed to be clean, maintainable, and easily extensible, making it a perfect starting point for a real-world application.
The solution is engineered using industry best practices to ensure separation of concerns, maintainability, and testability.
- Clean Architecture (Onion Architecture): The core logic is independent of UI, databases, and external frameworks, promoting modularity and longevity.
- Domain-Driven Design (DDD): The project models a rich domain with entities, value objects, and aggregates, ensuring the business logic is clear and robust.
- CQRS (Command Query Responsibility Segregation): Using MediatR, the application separates read and write operations, allowing for independent scaling and optimization of each path.
- Repository & Unit of Work Patterns: Abstracts data access logic, providing a clean and testable way to interact with the database while managing transactions atomically.
- Product Management: Full CRUD operations for products, including image uploads.
- Order Processing: A comprehensive order management system with a robust state machine (
Pending,Processing,Shipped, etc.). - Payment Integration: Seamless and secure payment processing via Stripe, handling session creation, payment confirmation, and refunds.
- Email Notifications: Transactional emails for user verification, OTPs, and notifications using the reliable MailKit library.
- API Versioning: Manages API evolution gracefully, allowing for non-disruptive updates.
- Global Error Handling: A centralized middleware provides consistent and predictable error responses across the API.
Security is a first-class citizen in this project, with multiple layers of protection.
- Authentication: Secure stateless authentication using JSON Web Tokens (JWT).
- Authorization: Role-based authorization (
admin,customer) and fine-grained policy-based rules for resource ownership. - Session Security: Implements refresh tokens to securely manage user sessions and renew access without exposing credentials.
- Data Protection: Passwords and sensitive tokens are hashed using BCrypt. All communication is enforced over HTTPS.
- Abuse Protection: Rate limiting is applied to prevent brute-force attacks and other malicious activities.
- Visibility & Auditing: Comprehensive logging with Serilog provides a clear audit trail of system activities and potential security events.
- CORS Policy: Properly configured Cross-Origin Resource Sharing to allow access only from trusted domains.
The API is built to handle high traffic and large datasets efficiently.
- Distributed Caching: Leverages Redis to cache frequently accessed data, achieving over 80% faster response times on cached queries and reducing database load.
- Asynchronous Processing: All I/O-bound operations (database, network calls) are fully asynchronous (
async/await) to maximize throughput. - Background Jobs: Long-running or non-critical tasks (like sending emails) are offloaded to a Hangfire background job processor, ensuring immediate API responses.
- Efficient Data Handling: Implements server-side pagination for all list-based endpoints to handle large datasets without performance degradation.
- Database Concurrency: Handles concurrency conflicts and race conditions using optimized EF Core strategies like row-versioning (
IsRowVersion).
The project is committed to high-quality code, validated through a comprehensive testing suite.
- Unit & Integration Testing: Achieves over 70% code coverage using xUnit as the testing framework.
- Mocking: Utilizes Moq to isolate dependencies and ensure that tests are focused and reliable.
- Framework: .NET 10, ASP.NET Core
- Data Access: Entity Framework Core 10, SQL Server
- Architecture: Clean Architecture, DDD, CQRS
- Mediation: MediatR
- Validation: FluentValidation
- Object Mapping: AutoMapper
- Payments: Stripe.net
- Email: MailKit
- Caching: StackExchange.Redis
- Background Jobs: Hangfire
- Logging: Serilog
- API Documentation: Swagger (OpenAPI)
Follow these steps to get a local copy up and running.
- .NET 10 SDK
- SQL Server
- An SMTP server (e.g., Brevo, SendGrid)
- A Stripe account.
-
Clone the repository:
git clone https://github.com/MahmoudZarad/E-Commerce.git cd E-Commerce -
Configure your secrets in
appsettings.Development.json:{ "ConnectionStrings": { "DBConnection": "Your_SQL_Server_Connection_String", "Redis": "Your_Redis_Connection_String" }, "JWT": { "Key": "A_VERY_LONG_AND_SECURE_SECRET_KEY" /* ... */ }, "EmailSettings": { "SmtpServer": "your-smtp-server.com" /* ... */ }, "Stripe": { "SecretKey": "sk_test_..." /* ... */ } } -
Apply Database Migrations:
dotnet ef database update --project Store.Api
-
Run the Application:
dotnet run --project Store.Api