A production, multi-region e-commerce platform for a GCC gift-box boutique — one Express + Prisma backend powering a Flutter app and a Next.js admin + storefront, with MyFatoorah / Apple Pay payments engineered for money-safety, granular manager RBAC, push, CDN media and bilingual English/Arabic.

01 — Overview
Amoonis Boutique is a full-stack, multi-region e-commerce platform I built end to end for a GCC gift-box brand. A single Express 5 + Prisma 7 + PostgreSQL REST API (30 data models, ~107 endpoints) serves two clients from one backend: a Flutter mobile storefront and a Next.js 16 / React 19 app that contains both the customer storefront and a complete 13-section admin panel. It takes real money via MyFatoorah (Apple Pay + cards) and Cash-on-Delivery, sends Firebase push, delivers product images over a Bunny CDN, runs durable background work on pg-boss, and is fully bilingual English/Arabic with right-to-left support.
Role
Timeline
Stack
02 — Context
Real e-commerce is unforgiving in two places at once: money and operations. Checkout has to take payments across mobile and web without ever overselling stock, double-charging a customer, or losing an order to a dropped payment callback. At the same time the boutique's team needed to run the whole business — products, orders, promos, regions, analytics — without every staff member having full admin power. And it all had to work in two languages (EN/AR, RTL) across two regions, served to both a Flutter app and a web client from one codebase.
I built the backend as a layered Express API (routes → controllers → services) and made payment correctness the centerpiece. Every payment is re-verified server-side with the gateway (the client is never trusted); the PAID flip is an idempotent, conditional update so a callback, webhook, reconciliation job and retries all converge on exactly one order placement; stock is reserved with a row-conditional atomic decrement that closes the oversell race; and Apple Pay's non-idempotent execute is protected by an atomic single-winner claim. A reconciliation cron recovers stranded payments and an expiry cron restores stock and promo usage. On top of that I built a 10-permission manager RBAC (admins delegate scoped access, enforced in middleware and mirrored across the admin UI in three layers), FCM push with per-user preferences and an inbox, a pg-boss job system on Postgres (no Redis), Bunny CDN image delivery, multi-region catalog visibility, promo codes, and an auto-translating EN/AR content layer. The Next.js admin + storefront is feature-sliced with React Query + Redux Toolkit and react-hook-form + Zod throughout.
03 — Showcase



04 — Capabilities
05 — Contribution
As Full-Stack Engineer, here is exactly what I owned and delivered on this project.
06 — Engineering
Challenge
Taking real payments across mobile and web without overselling or double-charging.
Solution
Server-side re-verification on every callback, an idempotent conditional PAID flip so all paths converge on one order, an atomic row-conditional stock decrement that closes the oversell race, and a single-winner claim guarding non-idempotent Apple Pay execution.
Challenge
Lost payment callbacks could strand a customer's order in limbo.
Solution
A reconciliation cron re-checks aged unpaid orders against the gateway, and an expiry cron cancels truly-unpaid orders while restoring reserved stock and releasing promo usage in a locked transaction.
Challenge
The team needed to run the business without handing everyone full admin rights.
Solution
A 10-permission manager RBAC — permissions stored per user, enforced by middleware guards (admins bypass, managers need the specific grant), and mirrored in the UI as route guards, a permission-filtered sidebar and per-widget gating.
Challenge
One backend had to feed a Flutter app and a web client, in two languages.
Solution
A clean REST API returning both EN/AR fields with a write-time auto-translation layer, plus two online payment paths (hosted page and native Apple Pay executed server-side) so the API key never leaves the backend.
07 — Toolbox
08 — Impact