Back to work experience

Work Experience

Trending

Production backend ownership for a multi-role e-commerce & logistics platform (customers, merchants, and drivers). I delivered core APIs and workflows that power the full order lifecycle-from cart to delivery-covering pickup/drop-off tasks, driver assignment logic, real-time notifications, and order status tracking. The system also supports catalog & media management, reviews, and admin analytics for orders and revenue.

Role: Backend Engineer (Contract)Duration: Aug 2025 - Mar 2026
  • Owned backend delivery for a multi-role marketplace/logistics API covering cart-to-delivery workflows.
  • Implemented driver assignment and task-based pickup/delivery flows with operational constraints (zone/speed/availability).
  • Built catalog & media modules, notifications, and admin insights to support day-to-day operations.

Stack: NestJS • PostgreSQL • TypeORM • JWT • Cloudinary • Firebase • Docker

Overview

This work experience reflects production backend ownership for a multi-role logistics/marketplace platform connecting customers, stores, and drivers.

It covers the full order lifecycle from cart to delivery, including pickup/delivery tasks, driver assignment by zone, speed, and availability, real-time notifications, and order status tracking.

The platform supports product catalog management, media assets, reviews, and admin analytics for orders and revenue.

Responsibilities

  • Owned the NestJS backend architecture and core service modules.
  • Designed PostgreSQL data model and TypeORM relations for operational workflows.
  • Implemented authentication and RBAC (JWT + refresh tokens via HTTP-only cookies; Google OAuth where applicable).
  • Delivered order lifecycle logic and driver task workflows end-to-end.
  • Integrated Cloudinary signed uploads for media and Firebase push notifications.
  • Prepared Docker-based staging/production deployments and health monitoring endpoints.

Stack

  • NestJS (TypeScript)
  • PostgreSQL
  • TypeORM
  • JWT + Refresh Token via HTTP-only cookie + Google OAuth
  • Cloudinary signed uploads
  • Firebase push notifications
  • Docker (staging/production)
  • Health endpoint
  • External USD-rate API

API Highlights

Auth & Users

  • Email signup/login, code verification, and password recovery.
  • Google OAuth and Refresh Token via HTTP-only cookie.
  • RBAC (admin/seller/driver/customer) with admin user activation.

Catalog

  • Hierarchical categories with speedType (fast/slow) affecting delivery speed.
  • Products with colors/sizes, return window, and availability.
  • Media (images/video) with Cloudinary signed uploads, store logos, and driver photos.

Shopping Experience

  • Cart items store a snapshot of the product at purchase time for stable pricing/data.
  • Favorites.
  • Separate ratings for product/seller/driver (one rating per customer per target).

Orders & Logistics

  • Order creation from cart with customer profile validation; delivery speed is inferred from product categories.
  • Slow orders require time windows; fast orders have no window.
  • Seller-level item confirmation/rejection with a 15-minute window and auto-reject on timeout.

Order statuses

PENDINGCONFIRMEDREADY_FOR_DELIVERYPROCESSINGSHIPPEDDELIVERED

Exceptions

RETURN_REQUESTEDCANCELLED

Driver Tasks

  • Orders split into PICKUP/DELIVERY tasks.
  • Assign the least-busy driver by zone, speed, and availability while preventing overlapping time windows for the same driver.
  • Task status updates drive order status, with pickup and delivery confirmation via delivery code.
  • Customer and seller tracking.

Notifications

  • Device registration and Firebase push notifications.
  • Admin broadcast messaging.

Admin Analytics

  • Summaries for orders, revenue, and users.
  • Top stores and drivers.
  • Time-series charts for orders and revenue.

Supporting Services

  • External USD-rate API.
  • Health endpoint.
  • Dockerized staging/production.

Challenges

Challenge 1

Challenge: Repeated crypto-mining incidents targeting production containers.

Fix: Hardened runtime and Compose defaults: non-root containers, no-new-privileges, tighter permissions, and stricter deployment controls.

Outcome: Production stability improved; compromises stopped and uptime normalized.

Challenge 2

Challenge: Persistent SSH brute-force attempts against VPS environments.

Fix: Disabled password auth and enforced SSH key-only access for operational accounts.

Outcome: Attack surface reduced and unauthorized login attempts became significantly less risky.