A full-stack web application that implements role-based access control (RBAC) and country-based restrictions for food ordering. Built with Next.js (frontend) and NestJS (backend).
- View Restaurants & Menu Items - Browse restaurants and their menus
- Create Orders - Add items to cart and create orders
- Checkout & Payment - Complete orders with payment method selection
- Order Management - Cancel orders (role-dependent)
- Payment Method Updates - Modify payment methods (role-dependent)
| Role | View Restaurants | Create Orders | Place Orders | Cancel Orders | Update Payment |
|---|---|---|---|---|---|
| Admin | ✅ | ✅ | ✅ | ✅ | ✅ |
| Manager | ✅ | ✅ | ✅ | ✅ | ✅ |
| Member | ✅ | ✅ | ❌ | ❌ | ❌ |
- India: Users can only access restaurants and data from India
- America: Users can only access restaurants and data from America
- Admin Exception: Admins can access data from all countries
| Name | Role | Country | Password | |
|---|---|---|---|---|
| Nick Fury | [email protected] | Admin | America | password123 |
| Captain Marvel | [email protected] | Manager | India | password123 |
| Captain America | [email protected] | Manager | America | password123 |
| Thanos | [email protected] | Member | India | password123 |
| Thor | [email protected] | Member | India | password123 |
| Travis | [email protected] | Member | America | password123 |
backend/
├── src/
│ ├── entities/ # TypeORM entities
│ │ ├── user.entity.ts
│ │ ├── restaurant.entity.ts
│ │ ├── menu-item.entity.ts
│ │ ├── order.entity.ts
│ │ └── order-item.entity.ts
│ ├── auth/ # Authentication & Authorization
│ │ ├── auth.service.ts
│ │ ├── auth.controller.ts
│ │ ├── jwt.strategy.ts
│ │ ├── roles.guard.ts
│ │ └── country.guard.ts
│ ├── restaurants/ # Restaurant management
│ ├── orders/ # Order management
│ ├── dto/ # Data Transfer Objects
│ └── seed.ts # Database seeding
frontend/
├── src/
│ ├── app/ # Next.js App Router
│ │ ├── login/
│ │ ├── restaurants/
│ │ ├── cart/
│ │ └── orders/
│ ├── components/ # Reusable components
│ ├── contexts/ # React contexts
│ │ ├── AuthContext.tsx
│ │ └── CartContext.tsx
│ └── lib/ # Utilities
│ └── api.ts # API client
- Node.js (v18 or higher)
- npm or yarn
- Clone the repository
git clone <repository-url>
cd food-ordering-app- Install Backend Dependencies
cd backend
npm install- Install Frontend Dependencies
cd ../frontend
npm install- Start the Backend Server
cd backend
npm run start:devThe backend will run on http://localhost:3001
- Seed the Database (First time only)
cd backend
npm run seed- Start the Frontend Server
cd frontend
npm run devThe frontend will run on http://localhost:3000
JWT_SECRET=your-secret-key
PORT=3001NEXT_PUBLIC_API_URL=http://localhost:3001The application uses SQLite with TypeORM. The database includes:
- Users: Authentication and role management
- Restaurants: Restaurant information with country association
- Menu Items: Food items belonging to restaurants
- Orders: Customer orders with status tracking
- Order Items: Individual items within orders
- JWT-based authentication
- Password hashing with bcrypt
- Token-based session management
- Role-based access control (RBAC)
- Country-based data filtering
- Route-level protection
- API endpoint security
- JwtAuthGuard: Validates JWT tokens
- RolesGuard: Enforces role-based permissions
- CountryGuard: Implements country-based restrictions
-
Admin Access
- Login as Nick Fury
- View restaurants from both countries
- Place and cancel orders
- Update payment methods
-
Manager Access
- Login as Captain Marvel (India) or Captain America (America)
- View restaurants only from their country
- Manage orders from their region
- Update payment methods for users in their country
-
Member Access
- Login as Thanos, Thor, or Travis
- View restaurants from their country only
- Add items to cart but cannot place orders
- Cannot cancel orders or update payment methods
POST /auth/login- User loginPOST /auth/register- User registration
GET /restaurants- Get restaurants (filtered by country)GET /restaurants/:id- Get restaurant detailsGET /restaurants/:id/menu- Get restaurant menu items
POST /orders- Create new orderGET /orders- Get user orders (filtered by role/country)PUT /orders/:id/cancel- Cancel order (admin/manager only)PUT /orders/users/:userId/payment-method- Update payment method
- Responsive Design: Works on desktop and mobile
- Role Indicators: Clear visual indicators of user permissions
- Country Badges: Shows which country's data is being accessed
- Real-time Cart: Live cart updates with item counts
- Status Tracking: Visual order status indicators
- Error Handling: User-friendly error messages
- Authentication: React Context for user state
- Cart Management: React Context for shopping cart
- API State: TanStack Query for server state
- Local Storage: Persistent authentication tokens
- NestJS: Node.js framework
- TypeORM: Database ORM
- SQLite: Database
- JWT: Authentication
- bcrypt: Password hashing
- class-validator: Input validation
- Next.js 15: React framework
- TypeScript: Type safety
- Tailwind CSS: Styling
- TanStack Query: Server state management
- Axios: HTTP client
- Lucide React: Icons
- Build the application:
npm run build - Set environment variables
- Run migrations/seeding
- Start production server:
npm run start:prod
- Build the application:
npm run build - Set environment variables
- Deploy to hosting platform (Vercel, Netlify, etc.)
- The application uses SQLite for simplicity, but can be easily configured for PostgreSQL, MySQL, etc.
- All API endpoints are protected with authentication
- Country-based filtering is implemented at the service level
- The frontend gracefully handles role-based UI rendering
- Error boundaries and loading states are implemented throughout
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License.