This is a full-stack Food Ordering Web Application built as part of the Slooze Take-Home Assignment.
It allows users (Admin, Managers, and Team Members) to browse restaurants and menus, create and manage orders, and handle payments — all with Role-Based Access Control (RBAC) and country-based data segregation.

Nick Fury is a business owner with 5 employees:

Nick wants a web-based food ordering application with the following functionalities:

Additional rules:

• Managers and Members can only access data from their own country (India or America).
• Admin has global access.

• Node.js / Express
• TypeScript
• MongoDB / Mongoose
• JWT Authentication
• RBAC Middleware

• Next.js 16
• React 19
• Tailwind CSS
• Axios for API integration
• ShadCN UI

✅ Authentication & RBAC

• JWT-based login with role validation middleware
• Role-based and country-based authorization

✅ Restaurants & Menu

• View restaurants and their menu items
• Filter access by country

✅ Orders & Cart

• Create and manage orders
• Add food items to cart
• Checkout and payment simulation (Admin/Manager only)
• Cancel orders (Admin/Manager only)

✅ Payment Management

• Admin can add or update payment methods

✅ Data Isolation

• Managers and Members can only access data from their assigned country

Flow:

Frontend (Next.js)
↓
API Gateway (Express + JWT)
↓
RBAC Middleware (role + country check)
↓
MongoDB (Users, Restaurants, Orders, Cart, Payment)

git clone https://github.com/rupesh-dev30/Slooze-Full-Stack-Assessment.git
cd Slooze-Full-Stack-Assessment

cd backend
npm install

Create a .env file inside backend/:

PORT=9001
MONGO_URI=<YOUR_MONGO_DB_URL>
JWT_SECRET=<YOUR_JWT_SECRET>
COOKIE_NAME=token
NODE_ENV=development

Run the seed file to insert initial users and data:

# If tsx is not installed globally
npm install -g tsx

# Then run seed
tsx src/database/seed.ts

Start the server:

npm run dev

cd ../frontend
npm install
npm run dev

Open 👉 http://localhost:3000

• POST /api/auth/register → Register a new user
• POST /api/auth/login → Login and get JWT token in cookies
• POST /api/auth/logout → Logout user
• GET /api/auth/me → Get current logged-in user info

• GET /api/restaurants → Get all restaurants
• GET /api/restaurants/:id/menu → Get menu items

• GET /api/cart → Get user cart
• POST /api/cart → Add item
• PUT /api/cart → Update quantity
• DELETE /api/cart/:menuItemId → Remove item
• DELETE /api/cart → Clear entire cart

• POST /api/orders → Create new order
• GET /api/orders → List orders (filtered by role/country)
• POST /api/orders/:id/checkout → Checkout & pay
• POST /api/orders/:id/cancel → Cancel order
• GET /api/orders/:id → Get single order details

• GET /api/payments → List payment methods
• POST /api/payments → Create payment method
• PUT /api/payments/:id → Update payment method (Admin only)

authMiddleware:

• Checks JWT token in cookies
• Verifies user and attaches to req.user
• Returns 401 if unauthorized

permit(...roles):

• Restricts access to certain roles
• Example: permit("ADMIN", "MANAGER")

restrictByCountry(getResourceCountry):

• Blocks users from accessing another country’s data
• Admin bypasses this check

Your seed script automatically creates:

• 6 users (Admin, Managers, Members)
• Sample restaurants for India and America
• Menu items for each restaurant

🎬 Watch the demo video here:
▶️ Click to Watch on Google Drive

Login	Restaurants	Cart	Orders

Restaurants-Details	Payment	Profile

• ✅ Role-based Access Control (RBAC)
• ✅ Country-based data filtering
• ✅ JWT Auth with cookie storage
• ✅ Seed script for auto data setup
• ✅ Payment management system

Rupesh Kumar 🔗 GitHub

This project is open-sourced under the MIT License.