AuraDecor is a comprehensive furniture management system with a modern web API backend built on ASP.NET Core 8.0. The application allows users to browse furniture items, manage their shopping cart, and place orders, while administrators can manage inventory, users, and special offers.
- Project Status
- Project Architecture
- Technology Stack
- Core Features
- RabbitMQ Configuration
- Installation and Setup
- Docker Deployment
- Health Monitoring
- API Documentation
- Error Handling
- Security and Rate Limiting
- Response Formats
- Additional Features
- License
- User Authentication & Authorization (JWT + Google OAuth + Twitter OAuth + Refresh Tokens)
- Furniture Catalog Management with AI-powered search
- Shopping Cart System
- Order Management with Payment Integration
- Special Offers & Discounts
- Notification System with Preferences
- Payment Processing (Stripe Integration)
- Rating & Review System
- Rate Limiting (Multiple Algorithms)
- Email Services (OTP, Notifications via RabbitMQ)
- Admin Management Dashboard
- Health Monitoring & Checks
- Brand, Category, Color, and Style Management
- Coupon Module
- Recommendation Module
- Unit Testing
- Advanced Analytics
The solution follows the Clean Architecture pattern with separate layers for clear separation of concerns:
- AuraDecor.APIs: API controllers and presentation layer
- AuraDecor.Core: Domain entities, interfaces, and business rules
- AuraDecor.Repository: Data access and Entity Framework Core implementation
- AuraDecor.Services: Business logic implementation
The following diagrams provide a comprehensive overview of the AuraDecor system architecture, design patterns, and data flow.
- ASP.NET Core 8.0: Backend framework
- Entity Framework Core: ORM for database operations
- ASP.NET Core Identity: Authentication and authorization
- JWT Authentication: Token-based authentication with refresh tokens
- Google Authentication: External authentication provider
- Twitter Authentication: External authentication provider
- Stripe: Payment processing and webhooks
- Redis: Distributed caching and rate limiting
- RabbitMQ: Message broker for asynchronous email processing
- Swagger/Scalar: API documentation
- AutoMapper: Object mapping
- MailKit: Email sending functionality
- Health Checks UI: Application health monitoring
- Rate Limiting: Multiple algorithms (Fixed Window, Sliding Window, Token Bucket)
- SQL Server: Primary database
- Docker: Containerization support
- AI-Powered Search: Text and image-based furniture search capabilities
- User authentication and authorization with role-based access control
- Comprehensive furniture catalog with search and filtering
- AI-powered image and text-based furniture search
- Shopping cart functionality
- Payment processing with Stripe integration
- Special offers and discounts management
- User profile and address management
- Rating and review system
- Advanced notification system with user preferences
- Admin panel for comprehensive system management
- Health monitoring and performance metrics
- Multi-algorithm rate limiting protection
{
"RabbitMqSettings": {
"Uri": "amqp://guest:guest@localhost:5672/",
"HostName": "localhost",
"UserName": "guest",
"Password": "guest",
"VirtualHost": "/",
"Port": 5672,
"UseTls": false,
"Queues": {
"EmailNotifications": "email-notifications",
"OtpEmails": "otp-emails",
"NotificationEmails": "notification-emails"
},
"Exchanges": {
"EmailExchange": "email-exchange"
},
"RetryPolicy": {
"MaxRetries": 3,
"RetryDelayMs": 5000
}
}
}- OTP Emails: Handles time-sensitive one-time password emails
- Notification Emails: Processes system notifications (order updates, promotions, etc.)
- Email Notifications: General purpose email delivery
- Configure the connection string in
appsettings.jsonunder RabbitMqSettings section
- .NET 8.0 SDK
- SQL Server (local or remote)
- Visual Studio 2022 or later / Visual Studio Code
-
Clone the repository:
git clone https://github.com/Aura-Decor/Back-end.git
-
Navigate to the project folder and restore dependencies:
cd AuraDecor dotnet restore -
Update the connection string in
appsettings.jsonin the AuraDecor.APIs project. -
Apply migrations to create the database:
dotnet ef database update --project AuraDecor.Repository --startup-project AuraDecor.APIs
-
Run the application:
dotnet run --project AuraDecor.APIs
- Docker Engine 20.10+
- Docker Compose 2.0+
-
Clone the repository:
git clone https://github.com/Aura-Decor/Back-end.git cd AuraDecor -
Build and start the containers:
docker-compose up -d
-
Access the application:
- API: http://localhost:8080
- Scalar Documentation: http://localhost:8080/scalar
- RabbitMQ Management UI: http://localhost:15672 (guest/guest)
The Docker setup includes the following services:
| Service | Description | Port |
|---|---|---|
| aura-decor-api | The main application | 8080 (HTTP), 8081 (HTTPS) |
| sqlserver | SQL Server 2019 | 1433 |
| redis | Redis cache server | 6379 |
| rabbitmq | RabbitMQ message broker | 5672, 15672 (Management UI) |
All data is persisted through Docker volumes:
sqlserver-data: Database filesredis-data: Redis datarabbitmq-data: RabbitMQ data and configurationuploads-data: Uploaded furniture images
The Docker environment variables are set in the docker-compose.yml file.
For production environments.
docker-compose up -d --scale aura-decor-api=3start three instances of the application behind a load balancer.
The API provides comprehensive endpoints organized by functionality. All endpoints return JSON responses and follow RESTful conventions.
POST /api/account/login - User login with email and password
Request Body:
{
"email": "user@example.com",
"password": "Password123!"
}- Response: Returns JWT token and user details
- Rate Limited: 2 requests per 10 seconds
POST /api/account/register - Register a new user account
Request Body:
{
"displayName": "John Doe",
"email": "user@example.com",
"userName": "johndoe",
"phoneNumber": "+1234567890",
"password": "Password123!"
}- Response: Returns JWT token and user details
- Rate Limited: 2 requests per 10 seconds
GET /api/account/google-login - Initiate Google OAuth authentication
- Rate Limited: 2 requests per 10 seconds
GET /api/account/google-response - Handle Google OAuth callback
- Response: Returns JWT token and user details
GET /api/account/twitter-login - Initiate Twitter OAuth authentication
GET /api/account/twitter-response - Handle Twitter OAuth callback
- Response: Returns JWT token and user details
POST /api/account/refresh - Refresh JWT token using refresh token
Request Body:
{
"accessToken": "expired-jwt-token",
"refreshToken": "valid-refresh-token"
}- Response: Returns new JWT token and refresh token
POST /api/account/revoke - Revoke refresh token
Request Body:
{
"refreshToken": "refresh-token-to-revoke"
}- Authentication: Required (JWT Bearer token)
- Response: Confirmation of token revocation
POST /api/account/forgot-password - Request password reset
Request Body:
{
"email": "user@example.com"
}- Response: Sends OTP to email
POST /api/account/verify-otp - Verify OTP for password reset
Request Body:
{
"email": "user@example.com",
"otp": "123456"
}- Response: Returns password reset token
POST /api/account/reset-password - Complete password reset
Request Body:
{
"email": "user@example.com",
"token": "reset-token",
"newPassword": "NewPassword123!"
}PUT /api/account/updatepassword - Update current user's password
Request Body:
{
"currentPassword": "OldPassword123!",
"newPassword": "NewPassword123!"
}- Authentication: Required (JWT Bearer token)
GET /api/account/emailexists?email={email} - Check if email is already registered
- Response: Boolean value
GET /api/account - Get current authenticated user information
- Authentication: Required
- Response: User details with refreshed JWT token
PUT /api/account/update - Update user profile information
Request Body:
{
"displayName": "Updated Name",
"phoneNumber": "+1234567890"
}- Authentication: Required
- Response: Updated user details with new JWT token
GET /api/account/address - Get user's saved address
- Authentication: Required
- Response: Address details or 404 if no address saved
PUT /api/account/address - Add or update user's address
Request Body:
{
"firstName": "John",
"lastName": "Doe",
"street": "123 Main St",
"city": "New York",
"state": "NY",
"zipCode": "10001",
"country": "USA"
}- Authentication: Required
GET /api/furniture - Get all furniture with advanced filtering and pagination
Query Parameters:
-
brandId(Guid) - Filter by specific brand -
categoryId(Guid) - Filter by category -
sort(string) - Sort options: "name", "priceAsc", "priceDesc", "newest" -
pageIndex(int, default: 1) - Page number for pagination -
pageSize(int, default: 6) - Number of items per page -
search(string) - Search in furniture names and descriptions -
minPrice(decimal) - Minimum price filter -
maxPrice(decimal) - Maximum price filter -
Response: Paginated list with total count
-
Caching: 5 minutes
-
Rate Limited: 5 requests per 60 seconds
GET /api/furniture/{id} - Get specific furniture item by ID
- Response: Detailed furniture information including images and specifications
- Caching: 5 minutes
POST /api/furniture - Add new furniture item
- Content-Type: multipart/form-data (supports file upload for images)
Request Body:
{
"name": "Modern Sofa",
"description": "Comfortable 3-seater sofa",
"price": 899.99,
"stock": 10,
"brandId": "brand-guid",
"categoryId": "category-guid"
}- Authentication: Admin role required
PUT /api/furniture/{id} - Update existing furniture item
- Authentication: Admin role required
DELETE /api/furniture/{id} - Delete furniture item
- Authentication: Admin role required
- Response: 204 No Content on success
POST /api/furniture/search/text - Search furniture using text description
Request (multipart/form-data):
description(string): Natural language description of desired furniturelimit(int, optional): Maximum number of results (default: 10)
Response:
{
"success": true,
"results": [
{
"id": "furniture-guid",
"name": "Modern Leather Sofa",
"score": 0.95,
"description": "Contemporary 3-seater leather sofa"
}
]
}POST /api/furniture/search/image - Search furniture using image
Request (multipart/form-data):
file(file): Image file to search withlimit(int, optional): Maximum number of results (default: 10)color(string, optional): Preferred color filter
Response:
{
"success": true,
"results": [
{
"id": "furniture-guid",
"name": "Similar Dining Table",
"score": 0.88,
"description": "Wooden dining table with similar design"
}
]
}POST /api/furniture/{id}/offers - Apply special offer to furniture item
Request Body:
{
"discountPercentage": 20.0,
"startDate": "2025-05-26T00:00:00Z",
"endDate": "2025-06-26T23:59:59Z"
}- Authentication: Admin role required
DELETE /api/furniture/{id}/offers - Remove offer from furniture item
- Authentication: Admin role required
POST /api/furniture/offers/update-status - Update status of all offers (expire old ones)
- Authentication: Admin role required
GET /api/furniture/offers/active - Get all furniture items with active offers
- Response: List of furniture with current discounts
- Caching: 5 minutes
All cart endpoints require authentication.
GET /api/cart - Get user's current shopping cart
- Response: Cart with items, quantities, and total price
POST /api/cart/add - Add item to shopping cart
Request Body:
{
"furnitureId": "furniture-guid",
"quantity": 2
}DELETE /api/cart/remove - Remove item from cart
Request Body:
{
"furnitureId": "furniture-guid"
}All order endpoints require authentication.
POST /api/order/CreatOrder - Create new order from cart
Query Parameters:
-
UserId(string) - User ID -
CartId(Guid) - Cart ID to convert to order -
Response: Created order details
GET /api/order/{Id} - Get order details by user ID
- Response: Order information with items and status
POST /api/order/cancel - Cancel an existing order
Request Body:
"order-guid-id"- Response: Boolean indicating success with confirmation message
GET /api/order/user-orders - Get all orders for authenticated user
- Authentication: Required
- Response: List of user's orders with details and status
PUT /api/order/update-status - Update order status (Admin only)
Request Body:
{
"orderId": "order-guid",
"status": "Processing"
}- Authentication: Admin role required
- Response: Updated order details
- Valid Status Values: Pending, Processing, Shipped, Delivered, Cancelled
The payment system integrates with Stripe for secure payment processing, supporting webhooks for real-time payment status updates.
POST /api/order/payment - Create payment intent for order
Query Parameters:
-
UserId(string) - User ID -
CartId(Guid) - Cart ID for payment -
Response: Payment intent details with client secret
GET /api/payment/verify/{paymentIntentId} - Verify payment status
- Response: Current payment status (Succeeded, Failed, Pending)
GET /api/payment/order-details/{paymentIntentId} - Get order details by payment intent
- Response: Order information with payment status
POST /api/payment/webhook - Stripe webhook endpoint
- Authentication: Webhook signature verification
- Purpose: Handles payment lifecycle events (success, failure, refunds, disputes)
- Events Supported:
payment_intent.succeededpayment_intent.payment_failedpayment_intent.canceledcharge.refundedcharge.dispute.createdcharge.dispute.resolved
POST /api/payment/refund - Process refund for order (Admin only)
Request Body:
{
"orderId": "order-guid",
"amount": 99.99,
"reason": "Customer request"
}- Authentication: Admin role required
- Response: Refund details including refund ID and status
- Note: If amount is omitted, processes full refund and cancels order
All rating endpoints require authentication for adding a rating.
POST /api/Ratings - Add or update a rating for a product.
- Authentication: Required (JWT Bearer token)
Request Body:
{
"productId": "furniture-guid",
"stars": 5,
"review": "This is a great product!"
}- Response: The created or updated rating object.
Response Body:
{
"id": "rating-guid",
"stars": 5,
"review": "This is a great product!",
"userDisplayName": "John Doe",
"createdAt": "2023-10-27T10:00:00Z"
}GET /api/Ratings/{productId} - Get all ratings for a specific product.
-
Authentication: Not required.
-
Response: A list of ratings for the product.
Response Body:
[
{
"id": "rating-guid",
"stars": 5,
"review": "This is a great product!",
"userDisplayName": "John Doe",
"createdAt": "2023-10-27T10:00:00Z"
},
{
"id": "another-rating-guid",
"stars": 4,
"review": "Good, but could be better.",
"userDisplayName": "Jane Smith",
"createdAt": "2023-10-28T12:00:00Z"
}
]GET /api/notification - Get paginated user notifications
Query Parameters:
-
page(int, default: 1) - Page number -
pageSize(int, default: 10) - Items per page -
Response: Paginated list of notifications
GET /api/notification/unread - Get all unread notifications
- Response: List of unread notifications only
GET /api/notification/summary - Get notification summary with count
Response:
{
"unreadCount": 5,
"recentNotifications": [...]
}PUT /api/notification/{id}/mark-read - Mark specific notification as read
- Response: 200 OK or 404 if notification not found
PUT /api/notification/mark-all-read - Mark all notifications as read
- Response: 200 OK or 400 if no unread notifications
DELETE /api/notification/{id} - Delete specific notification
- Response: 200 OK or 404 if notification not found
DELETE /api/notification/all - Delete all user notifications
- Response: 200 OK or 400 if no notifications to delete
GET /api/notification/preferences - Get user notification preferences
- Response: Current preference settings
PUT /api/notification/preferences - Update notification preferences
Request Body:
{
"emailNotifications": true,
"orderUpdates": true,
"promotionalOffers": false,
"systemAlerts": true,
"cartReminders": true
}POST /api/notification/admin/create - Create notification for specific user
Request Body:
{
"userId": "user-guid-id",
"title": "Important Notice",
"message": "Your order has been shipped!",
"type": 4,
"relatedEntityId": "order-guid",
"relatedEntityType": "Order"
}POST /api/notification/admin/bulk - Send bulk notifications
Request Body:
{
"title": "System Maintenance",
"message": "Scheduled maintenance tonight from 2-4 AM",
"type": 6,
"userIds": ["user1-id", "user2-id"]
}Note: Leave userIds null to send to all users
0- Info (General information)1- Success (Positive confirmations)2- Warning (Important alerts)3- Error (Error notifications)4- OrderUpdate (Order status changes)5- PromotionalOffer (Marketing offers)6- SystemAlert (System announcements)7- CartReminder (Cart abandonment reminders)8- WelcomeMessage (New user welcome)
The system automatically generates notifications for:
- User Registration: Welcome message with account setup tips
- Order Creation: Order confirmation with details
- Order Status Updates: Shipping, delivery, cancellation notifications
- Cart Abandonment: Reminders for items left in cart (configurable timing)
- Promotional Campaigns: New offers and discounts (if user opted in)
- System Maintenance: Important system announcements
All admin endpoints require Admin role authentication.
GET /api/admin/users - Get list of all system users
- Response: Array of user objects with basic information
POST /api/admin/create-role - Create new system role
Request Body:
"Manager"- Request Body: Role name as string
POST /api/admin/assign-role - Assign role to user
Request Body:
{
"email": "user@example.com",
"roleName": "Manager"
}Brand management endpoints provide functionality for managing furniture brands.
GET /api/brands - Get all furniture brands
- Response: List of all brands with ID and name
POST /api/brands - Create new furniture brand
Request Body:
{
"name": "IKEA"
}- Response: Created brand object with ID and name
Category management endpoints provide functionality for managing furniture categories.
GET /api/categories - Get all furniture categories
- Response: List of all categories with ID and name
POST /api/categories - Create new furniture category
Request Body:
{
"name": "Living Room"
}- Response: Created category object with ID and name
Color management endpoints provide functionality for managing furniture colors.
GET /api/colors - Get all furniture colors
- Response: List of all colors with ID and name
POST /api/colors - Create new furniture color
Request Body:
{
"name": "Navy Blue"
}- Response: Created color object with ID and name
Style management endpoints provide functionality for managing furniture styles.
GET /api/styles - Get all furniture style types
- Response: List of all style types with ID and name
POST /api/styles - Create new furniture style type
Request Body:
{
"name": "Contemporary"
}- Response: Created style type object with ID and name
GET /errors/{code} - Error page endpoint for HTTP status codes
- Response: Standardized error response format
{
"statusCode": 404,
"message": "Lost? just like your mind"
}{
"statusCode": 500,
"message": "Something broke, probably my soul",
"details": "Detailed exception information in development environment"
}{
"statusCode": 400,
"message": "What you just said makes no sense",
"errors": [
"Email address is in use",
"Password must be at least 8 characters"
]
}{
"statusCode": 429,
"message": "you're banned for being gay"
}- 400 Bad Request: "What you just said makes no sense"
- 401 Unauthorized: "Get the hell out of here"
- 404 Not Found: "Lost? just like your mind"
- 429 Too Many Requests: Rate limit exceeded
- 500 Internal Server Error: "Something broke, probably my soul"
Rate limited endpoints include headers:
X-RateLimit-Limit: Maximum number of requests allowedX-RateLimit-Remaining: Number of requests remainingX-RateLimit-Reset: Unix timestamp when the rate limit resets
- JWT Bearer Tokens: Required for protected endpoints
- Token Format:
Authorization: Bearer {jwt-token} - Token Expiration: Configurable (typically 24 hours)
- Login/Register: 2 requests per 10 seconds per IP
- Furniture Browsing: 5 requests per 60 seconds per IP
- Google OAuth: 2 requests per 10 seconds per IP
- Public: No authentication required
- Authenticated: Valid JWT token required
- Admin: Admin role required in JWT token
- 200 OK: Request successful with data
- 201 Created: Resource created successfully
- 204 No Content: Request successful, no data returned
{
"pageIndex": 1,
"pageSize": 10,
"count": 150,
"data": [...]
}{
"email": "user@example.com",
"displayName": "John Doe",
"token": "jwt-token-string",
"refreshToken": "refresh-token-string",
"refreshTokenExpiry": "2023-06-25T14:30:00Z"
}The application includes health monitoring for critical system dependencies:
- Database health monitoring
- Redis connection monitoring
- RabbitMQ connection monitoring
Access the health status JSON endpoint at: /health
Access the Health Checks UI dashboard at: /healthchecks-ui
- Furniture listings cached for 5 minutes
- Individual furniture items cached for 5 minutes
- Active offers cached for 5 minutes
- OTP verification for password reset
- Welcome emails for new users
- Order confirmation emails
- Notification emails (based on user preferences)
- Furniture images support
- Multiple file formats accepted
- Automatic image optimization
API documentation is available through Swagger UI when running the application in development mode. Access it at /scalar.
For detailed architectural insights, the following diagrams are available in the docs/ folder:
- JWT Authentication Flow - Complete authentication process with token management
- OAuth Integration Flow - Google and Twitter OAuth implementation
- Security Middleware Pipeline - Security layers and middleware ordering
- Domain Layer Structure - Core domain entities and interfaces
- Domain Services Architecture - Business logic organization
- Specification Pattern - Query specification implementation
- Repository Pattern - Data access pattern implementation
- Unit of Work Pattern - Transaction management
- External Dependencies - Third-party integrations
- Software Licensing - Open source license overview
- Data Protection Framework - Privacy and data handling
- User Data Handling - Data processing workflows
This project is licensed under the MIT License - see the LICENSE file for details.
Copyright 2025 © - MIT License
