All projects
Haziq Nazeer
Full-stackMulti-Region E-Commerce Platform2025 — Present

Amoonis Boutique

A production, multi-region e-commerce platform for a GCC gift-box boutique — one Express + Prisma backend powering a Flutter app and a Next.js admin + storefront, with MyFatoorah / Apple Pay payments engineered for money-safety, granular manager RBAC, push, CDN media and bilingual English/Arabic.

Full-Stack Engineer
Amoonis Boutique preview

01 — Overview

The project

Amoonis Boutique is a full-stack, multi-region e-commerce platform I built end to end for a GCC gift-box brand. A single Express 5 + Prisma 7 + PostgreSQL REST API (30 data models, ~107 endpoints) serves two clients from one backend: a Flutter mobile storefront and a Next.js 16 / React 19 app that contains both the customer storefront and a complete 13-section admin panel. It takes real money via MyFatoorah (Apple Pay + cards) and Cash-on-Delivery, sends Firebase push, delivers product images over a Bunny CDN, runs durable background work on pg-boss, and is fully bilingual English/Arabic with right-to-left support.

Role

Full-Stack Engineer

Timeline

2025 — Present

Stack

8 technologies

02 — Context

Problem & approach

The problem

Real e-commerce is unforgiving in two places at once: money and operations. Checkout has to take payments across mobile and web without ever overselling stock, double-charging a customer, or losing an order to a dropped payment callback. At the same time the boutique's team needed to run the whole business — products, orders, promos, regions, analytics — without every staff member having full admin power. And it all had to work in two languages (EN/AR, RTL) across two regions, served to both a Flutter app and a web client from one codebase.

My approach

I built the backend as a layered Express API (routes → controllers → services) and made payment correctness the centerpiece. Every payment is re-verified server-side with the gateway (the client is never trusted); the PAID flip is an idempotent, conditional update so a callback, webhook, reconciliation job and retries all converge on exactly one order placement; stock is reserved with a row-conditional atomic decrement that closes the oversell race; and Apple Pay's non-idempotent execute is protected by an atomic single-winner claim. A reconciliation cron recovers stranded payments and an expiry cron restores stock and promo usage. On top of that I built a 10-permission manager RBAC (admins delegate scoped access, enforced in middleware and mirrored across the admin UI in three layers), FCM push with per-user preferences and an inbox, a pg-boss job system on Postgres (no Redis), Bunny CDN image delivery, multi-region catalog visibility, promo codes, and an auto-translating EN/AR content layer. The Next.js admin + storefront is feature-sliced with React Query + Redux Toolkit and react-hook-form + Zod throughout.

03 — Showcase

A closer look

Admin dashboard — live revenue, orders and customer KPIs with the latest-orders feed

Admin dashboard — live revenue, orders and customer KPIs with the latest-orders feed

Manager RBAC — admins grant scoped access across 10 permission areas (products, orders, promos, analytics…)

Manager RBAC — admins grant scoped access across 10 permission areas (products, orders, promos, analytics…)

Analytics — revenue time-series, AOV and category sales ranking, built with no chart library

Analytics — revenue time-series, AOV and category sales ranking, built with no chart library

04 — Capabilities

Key features

01

Money-safe checkout

MyFatoorah (Apple Pay + cards) & COD with server-side verification, idempotent single-winner confirmation and double-charge guards.

02

Manager RBAC

10 granular permissions let admins delegate scoped access (products, orders, promos, analytics…), enforced in middleware and the UI.

03

One API, two clients

A single Express + Prisma backend serves both a Flutter mobile app and the Next.js web storefront + admin.

04

Durable background jobs

pg-boss on Postgres (no Redis) — payment reconciliation, order expiry, low-stock digests, broadcasts and cleanup.

05

Push, email & CDN

Firebase push with preferences + inbox, Resend email (SMTP fallback), and Bunny CDN product-image delivery.

06

Bilingual & multi-region

English/Arabic with RTL and auto-translation, plus runtime-added regions scoping catalog visibility.

05 — Contribution

My role

As Full-Stack Engineer, here is exactly what I owned and delivered on this project.

  • Built the entire Express 5 + Prisma 7 + PostgreSQL API — 30 models, ~107 endpoints across 18 routers.
  • Engineered concurrency-safe, idempotent payments (MyFatoorah / Apple Pay + COD) with atomic stock reservation and a reconciliation safety net.
  • Designed the 10-permission manager RBAC and enforced it in middleware and across the admin UI.
  • Built the Next.js 16 / React 19 admin panel (13 sections) and web storefront with React Query, Redux Toolkit and RHF + Zod.
  • Implemented FCM push (preferences + inbox), Resend email, Bunny CDN uploads and a pg-boss job system on Postgres.
  • Built bilingual EN/AR content with auto-translation and RTL, multi-region catalog visibility, promo codes and analytics.

06 — Engineering

Challenges I solved

Challenge

Taking real payments across mobile and web without overselling or double-charging.

Solution

Server-side re-verification on every callback, an idempotent conditional PAID flip so all paths converge on one order, an atomic row-conditional stock decrement that closes the oversell race, and a single-winner claim guarding non-idempotent Apple Pay execution.

Challenge

Lost payment callbacks could strand a customer's order in limbo.

Solution

A reconciliation cron re-checks aged unpaid orders against the gateway, and an expiry cron cancels truly-unpaid orders while restoring reserved stock and releasing promo usage in a locked transaction.

Challenge

The team needed to run the business without handing everyone full admin rights.

Solution

A 10-permission manager RBAC — permissions stored per user, enforced by middleware guards (admins bypass, managers need the specific grant), and mirrored in the UI as route guards, a permission-filtered sidebar and per-widget gating.

Challenge

One backend had to feed a Flutter app and a web client, in two languages.

Solution

A clean REST API returning both EN/AR fields with a write-time auto-translation layer, plus two online payment paths (hosted page and native Apple Pay executed server-side) so the API key never leaves the backend.

07 — Toolbox

Built with

ExpressPrismaPostgreSQLNext.jsReactMyFatoorah / Apple Paypg-bossFirebase FCM

08 — Impact

Outcomes

~107

REST endpoints across 30 data models

10-perm

Manager RBAC, enforced end to end

Apple Pay

MyFatoorah payments, money-safe by design

Next project

VirtualMD

AI Telehealth Platform

Want something like this built?

I'm available for freelance work. Let's build yours.

Hire me