UniCart is a professional, university-exclusive marketplace designed for safe and efficient peer-to-peer trading. Built with a focus on Stateless Security, Order Integrity, and Zero-Friction User Experience.
Trading within a campus often suffers from fragmented groups and lack of trust. UniCart provides a unified, verified platform where students can trade everything from electronics to academic essentials without the clutter of traditional marketplaces.
- Verified Peers: Exclusive ecosystem for the student body.
- Privacy-First: Smart discovery filters out your own listings from your feed.
- Clinical Minimalist UI: Blazing fast performance with sub-100ms load times.
UniCart follows a clean, layered architecture ensuring high scalability and separation of concerns.
graph TD
subgraph Client_Layer [Frontend: React]
UI[User Interface]
State[Auth State Management]
end
subgraph Service_Layer [Backend: Express.js]
API[REST API Gateway]
Auth[JWT + Redis Blacklist]
OrderSvc[Order Service]
MailSvc[SendGrid Mailer]
end
subgraph Persistence_Layer [Data & Storage]
DB[(PostgreSQL)]
Redis[(Redis Cache)]
Cloud[Cloudinary CDN]
end
UI -->|JSON + JWT| API
API --> Auth
Auth --> OrderSvc
API -->|Rate Limits & Idempotency| Redis
Auth -->|Blacklist Check| Redis
OrderSvc -->|ORM Queries| DB
OrderSvc -->|Email Triggers| MailSvc
UI -->|Image Upload| Cloud
| Layer | Technology |
|---|---|
| Frontend | React (Vite), Vanilla CSS, Framer Motion |
| Backend | Node.js (Express), Prisma ORM |
| Persistence | PostgreSQL, Redis (Caching & TTL Data) |
| Automated Pipeline | SendGrid API (Email Automation), Cloudinary (CDN) |
Implemented a custom JWT-based authentication system. Unlike traditional sessions, this is horizontal-scale ready.
- Redis Blacklisting: Ensures "Instant Logout" by blacklisting tokens until expiration.
- Role-Based Access: Granular control for Users and Admins.
Our unique email-driven flow allows sellers to process orders directly from their inbox without opening the app.
- Signed Tokens: Secure, short-lived tokens embedded in emails.
- Automated Alerts: Real-time notifications for every stage of the trade.
To prevent duplicate orders in high-latency environments, we implemented a Redis-backed Idempotency Layer.
- Prevents database bloat by storing short-lived transaction keys in Redis with a 24-hour TTL.
sequenceDiagram
participant Buyer
participant Backend
participant Redis
participant Seller
participant SendGrid
Buyer->>Backend: Places Order (w/ Idempotency Key)
Backend->>Redis: Check/Set Key (TTL 24h)
Backend->>Backend: Signs Secure JWT Tokens
Backend->>SendGrid: Triggers Notification
SendGrid-->>Seller: Receives Email w/ Buttons
Note over Seller: [Accept] | [Reject]
Seller->>Backend: Clicks "Accept" (Safe Link)
Backend->>Backend: Verifies Token & Updates DB
Backend-->>Buyer: Sends Contact Details Email
Backend-->>Seller: Shows Success Page
- Node.js: v20 or higher
- PostgreSQL: Local or Cloud (Neon/Supabase)
- Redis: Local or Cloud (Upstash recommended)
Create a .env file in the backend directory:
DATABASE_URL="your_postgresql_url"
REDIS_URL="redis://localhost:6379"
JWT_SECRET="your_secret"
CLOUDINARY_CLOUD_NAME="your_name"
CLOUDINARY_API_KEY="your_key"
CLOUDINARY_API_SECRET="your_secret"
SENDGRID_API_KEY="your_api_key"
FROM_EMAIL="your_verified_sender"
BACKEND_URL="http://localhost:5000"
FRONTEND_URL="http://localhost:5173"# Backend Setup
cd backend
npm install
npx prisma db push
npm run dev
# Frontend Setup (New Tab)
cd frontend
npm install
npm run dev- Real-Time Sockets: Instant in-app messaging between buyers and sellers.
- Advanced Search: Fuzzy matching and category-based filtering.
- Reviews & Ratings: Building trust in the campus community.
Distributed under the MIT License. See LICENSE for more information.