Project Overview

This project is a full-stack e-commerce platform for gamers in Iran.

Because international stores don’t accept Iranian payment methods, users can buy gift cards, game credits, and digital items directly through our system. Over time, the platform will also include social features (chat, groups, matchmaking, marketplace), but the current focus is the e-commerce core.

The system is built using a microservices architecture, fully containerized with Docker, fronted by Cloudflare and NGINX for security and performance.

How the Platform Works (System Flow)

1. User visits the website

• Cloudflare handles CDN, caching, and security.
• NGINX passes the request to the API Gateway.
• Frontend is built in Next.js.

2. Authentication

• Users register or log in using OTP via SMS (KavehNegar).
• JWT tokens are issued by the Authentication Service and validated at the API Gateway.
• Redis holds OTP codes and token states.

3. Browsing & Buying Gift Cards

• Product catalog is served by the E-commerce Service.
• Gift card images and assets come from MinIO via signed URLs.

4. Payment Flow

• When the user buys something, the Payment Service sends the transaction to Shaparak (Iran’s payment processor).
• After payment confirmation:
  • Order is marked as paid.
  • Stock is reduced.
  • Receipt & notifications are sent via the Notification Service.

5. Admin Dashboard

• Also a Next.js app.
• Admins can:
  • Add/edit gift cards
  • View metrics
  • Manage users
  • Handle support tickets (via Ticket Service)
• Roles: Admin, Support, Developer (each with different access levels).

6. Support Tickets

• Users can submit tickets for help.
• Support staff handle them through the dashboard.
• Email/SMS updates are sent via the Notification Service.

7. Data Layer

• PostgreSQL holds all persistent data.
• Redis caches tokens/OTP.
• MinIO stores images and files.

8. Deployment & Operations

• Everything runs in Docker containers.
• Monitoring stack (Prometheus, Grafana, Loki) tracks logs, metrics, and errors.

Why Microservices?

Each feature (auth, users, store, payments, notifications, tickets) is a separate service. This allows:

• Independent scaling
• Cleaner codebases
• Safer deployments
• Better performance isolation

Core Services Breakdown

API Gateway

The API Gateway is the single entry point for all client requests.
Responsibilities include:

• Request routing to appropriate microservices
• JWT validation and authorization
• Rate limiting and basic request filtering
• Aggregating responses where needed

This ensures internal services are never directly exposed to the public internet.

Authentication Service

Handles all identity and access management.

• OTP-based login and registration via SMS (KavehNegar)
• JWT access and refresh token generation
• Token validation and revocation
• Role-based access control (RBAC)

Redis is used for short-lived OTP storage and token state management to ensure fast validation and minimal database load.

User Service

Manages user-related data and profiles.

• User profile information
• Purchase history
• Account status (active, banned, verified)
• User preferences

This service communicates closely with the Authentication and E-commerce services but maintains its own data boundaries.

E-commerce Service

Responsible for all store-related functionality.

• Product catalog (gift cards, game credits, digital items)
• Pricing and availability
• Stock management
• Order creation and lifecycle management

This service ensures consistency between orders, payments, and inventory.

Payment Service

Handles all financial transactions.

• Integrates with Shaparak payment gateway
• Verifies payment callbacks
• Updates order payment status
• Prevents duplicate or fraudulent transactions

All payment-related logic is isolated here to reduce risk and simplify auditing.

Notification Service

Centralized service for all outbound communications.

• SMS notifications (order status, OTP, support updates)
• Email notifications (receipts, ticket updates)
• Future support for push notifications

Using a single notification service avoids duplicated logic across other services.

Ticket (Support) Service

Manages customer support interactions.

• Ticket creation and categorization
• Message threading between users and support staff
• Ticket status tracking (open, in-progress, resolved)
• Internal notes for support/admin staff

This service integrates with the Notification Service to keep users informed.

Admin & Role Management

The admin dashboard enforces strict role-based permissions:

• Admin: Full system access, configuration, financial reports
• Support: Ticket handling, limited user management
• Developer: Monitoring, logs, and technical diagnostics (no financial access)

Permissions are enforced both at the UI level and at the API Gateway level for security.

Security Considerations

• All traffic is routed through Cloudflare with WAF and DDoS protection
• HTTPS enforced end-to-end
• JWT-based authentication with short-lived access tokens
• Services communicate over a private Docker network
• Sensitive credentials managed via environment variables and secrets

Scalability & Future Expansion

The architecture is designed to support future features without major refactoring:

• Social features (chat, groups, matchmaking)
• User-to-user marketplace
• Recommendation systems
• Regional expansion with localized payment providers

Each new feature can be introduced as a new microservice.

Summary

This platform provides a reliable, scalable solution for Iranian gamers to purchase digital goods without relying on international payment systems.
The microservices architecture ensures long-term maintainability, high availability, and the flexibility to grow into a full gaming ecosystem over time.