AutoPart Pro is built as two completely independent processes that communicate over HTTP: a Node.js/Express REST API on the backend and a React single-page application on the frontend. The backend owns all business logic, data persistence, and security enforcement; the frontend is a pure UI consumer that calls the API and renders role-appropriate views. There is no server-side rendering — the SPA is served as static assets by Vite during development (and can be served by any static host in production), while the API server handles every authenticated and unauthenticated data request.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/JFKoryy/autopart-pro/llms.txt
Use this file to discover all available pages before exploring further.
Stack at a Glance
Backend
Node.js 18+ runtime with Express 5 for routing and middleware. Data is persisted in MySQL 8 and accessed through a
mysql2 promise-based connection pool. Passwords are hashed with bcryptjs (salt rounds: 10) and sessions are stateless — every authenticated request carries a JWT signed via jsonwebtoken.Frontend
React 19 component tree bundled by Vite 6. Styling is handled by Tailwind CSS 4 utility classes. Client-side navigation is managed by React Router v7, and all icons come from lucide-react. Global state lives in two React contexts:
AuthContext and CartContext.Backend: MVC Pattern
The backend follows a strict Model-View-Controller separation where “view” is replaced by JSON responses. Every inbound HTTP request passes through the global middleware stack first, thenprotect and authorize are applied selectively per route.
Route Groups
All API routes are mounted under the/api prefix. The four route groups are:
| Prefix | Description |
|---|---|
POST /api/auth/register | Public — register a new client account |
POST /api/auth/login | Public — exchange credentials for a JWT |
GET /api/auth/me | Protected — re-validate a stored token |
GET /api/auth/profile | Protected — fetch the authenticated user’s profile |
/api/products | Product inventory — read is public, writes require admin |
/api/sales | Sales records — requires authentication |
/api/users | User management — requires admin role |
Health Check
A lightweight endpoint lets load balancers and monitoring tools verify the server is running without touching the database:Low-Stock Event Emitter
When a product’s stock falls to or below itsmin_stock threshold after a sale, the backend emits a low-stock event on a Node.js EventEmitter instance (stockEmitter). The listener in app.js logs a console alert:
The low-stock emitter is a backend-only, in-process notification. It logs to stdout and does not send push notifications, emails, or websocket messages in the current implementation.
CORS Configuration
The backend explicitly allows cross-origin requests from two origins — the local development server and a LAN IP used during development:Database Connection Pool
Themysql2 pool is initialised once at startup with a connection limit of 10. All queries go through promisePool so controllers can use async/await directly:
Frontend: React SPA
The frontend is a client-side rendered SPA. After the initial HTML+JS bundle is loaded, all navigation is handled in-browser by React Router — no full page reloads occur.Context Providers
Two React contexts wrap the entire application inApp.jsx:
AuthContext— holds the authenticateduserobject (decoded from the JWT), exposessignIn,signUp,signOuthelpers, and acanpermission map derived fromuser.role.CartContext— manages the shopping cart state (items,addItem,updateQty,removeItem,clearCart). Cart contents are persisted tolocalStoragebetween page refreshes.
Route Structure
React Router v7 defines two layout groups plus public routes:| Path | Layout | Access |
|---|---|---|
/login, /registro | None (public) | Anyone |
/catalogo, /producto/:id, /carrito, /checkout | ShopLayout | Anyone |
/admin, /admin/inventario, /admin/ventas | AdminLayout | admin or employee |
/admin/producto/nuevo, /admin/producto/:id | AdminLayout | admin only |
/admin/usuarios | AdminLayout | admin only |
API Service Layer
All backend communication is centralised infrontend/src/services/api.js. Authenticated requests include a Bearer token via getAuthHeader():