Pochi Store

// project architecture wireframe
← Back to Portfolio
01 — System Architecture
Client
Browser
User / Admin
HTTPS:443
Web Server
Apache 2.4
SSL + Reverse Proxy
HTTP:3000
Backend
Node.js API
pochi-api service
SQL
Database
MySQL
Orders, Products
02 — Frontend Pages
Shop Homepage /index.html
GET /api/products GET /api/admin/settings
Checkout /checkout.html
POST /api/orders
Payment /payment.html
📱
POST /api/payments GET /api/admin/settings
Order Confirmation /confirm.html
Order details display
Order Tracking /track.html
GET /api/track/:orderId
Admin Dashboard /admin/dashboard.html
🔒 Basic Auth Required — brian / ****
GET /api/admin/orders GET /api/admin/stats GET /api/admin/customers GET /api/admin/settings POST /api/admin/products PUT /api/orders/:id/status
Logged Out /logged-out.html
🚪
03 — API Routes (/var/www/pochi-api/server.js)
GET/api/productsList all products
POST/api/ordersCreate new order
POST/api/paymentsSubmit payment
GET/api/track/:orderIdTrack order
GET/api/admin/ordersAll orders
GET/api/admin/statsRevenue & totals
GET/api/admin/customersCustomer list
GET/api/admin/settingsStore settings
POST/api/admin/settingsUpdate settings
PUT/api/orders/:orderId/statusUpdate order status
GET/api/admin/payments/:orderIdPayment details
POST/api/admin/productsAdd product
DELETE/api/admin/products/:productIdRemove product
POST/api/admin/products/:id/imageUpload image
04 — Customer Order Flow
STEP 01
Browse
index.html loads products from API. Customer selects items.
STEP 02
Checkout
Customer fills name, phone, county, delivery area & address.
STEP 03
Order Created
POST /api/orders saves order. Returns order ID e.g. POCHI580765.
STEP 04
Payment
Customer pays via Mpesa. POST /api/payments records it.
STEP 05
Confirm
confirm.html shows order summary and next steps.
STEP 06
Track
Customer enters order ID on track.html to check status.
05 — Security Layer
🔒
SSL / HTTPS
Let's Encrypt cert. Expires May 2026. Auto-renews via certbot.
🛡️
UFW Firewall
Only ports 22, 80, 443 open. All else blocked.
🤖
Fail2ban
Auto-bans IPs after 3 failed SSH attempts. 76 banned so far.
🔑
Basic Auth
/admin protected by .htpasswd. Only brian can log in.
🚫
Root SSH Disabled
PermitRootLogin no in sshd_config.
📧
Monitoring
Not yet set up. Recommended next step.
06 — File Structure
/var/www/pochi-store/
├── index.html ← shop
├── checkout.html
├── payment.html
├── confirm.html
├── track.html
├── logged-out.html
├── .htpasswd ← unused
├── assets/images/products/
└── admin/
    ├── dashboard.html
    ├── logout.html
    ├── .htaccess ← auth config
    └── .htpasswd ← passwords
/var/www/pochi-api/
└── server.js ← Node.js API

/etc/apache2/
└── sites-enabled/
    └── *.conf ← vhost config

/etc/systemd/system/
└── pochi-api.service

/etc/letsencrypt/live/
//
└── ..........space/
    ├── fullchain.pem
    └── privkey.pem
// generated from live server inspection — Ubuntu 24, Apache 2.4.58, Node.js v22.22.0