MOVEX_
A backend logistics system designed to explore role-based workflows, authentication, and shipment management.
01_SYSTEM_OVERVIEW
I built MoveX to explore how backend architectures manage the coordination of complex, multi-role environments. Instead of focusing on UI, I wanted to understand how to reliably track state transitions between Administrators, Franchise branches, and Staff. This project served as my laboratory for testing authentication boundaries, relational database integrity under operational load, and the mechanics of secure session management.
"Managing logistics requires precise coordination between multiple participants: admins managing branches, franchise staff handling parcels, and customers requesting pickups. Without a centralized system, authentication becomes fragmented, workflows become disconnected, and shipment tracking becomes unreliable. MoveX was built as an exploration into solving these coordination challenges through a unified backend architecture."
02_ARCHITECTURE_OVERVIEW
Backend Architecture & Operational Workflow Design
USER MANAGEMENT
Handles authentication, account creation, and role-based permissions for all system participants.
FRANCHISE OPERATIONS
Enables administrators to manage branch hierarchies and assign staff members to specific operational nodes.
CUSTOMER BOOKING
Processes shipment requests and calculates delivery costs based on regional metrics and parcel weight.
DISPATCH MANAGEMENT
Coordinates parcel collection tasks and handles the handoff between hub staff and drivers.
SHIPMENT TRACKING
Governs the parcel lifecycle, managing real-time status updates and delivery confirmations.
REPORTS & ANALYTICS
Aggregates operational data into dashboards for reviewing branch performance and shipment volume.
06_ENGINEERING_DECISIONS
PostgreSQL Relational Schema
Logistics data is highly connected; a loss of relational integrity can lead to orphans or double-booked shipments.
Utilized a strict PostgreSQL schema with enforced foreign keys between organizations, users, and shipments.
"A relational database ensures that business rules are validated at the physical layer, not just in application code."
Session-Based Authentication
Stateless tokens are difficult to revoke if a staff member's permissions are suddenly removed.
Implemented database-backed session management that permits instantaneous revocation of access.
"In operational systems, security must be reactive and precise. Session storage allows for immediate control over active logins."
Role-Isolated Route Middleware
Spaghetti code in route handlers makes it easy to accidentally leak data from one role to another.
Created a middleware chain that validates role IDs before any controller logic is executed.
"Isolating access at the routing layer prevents developers from leaking organizational data through simple coding errors."
07_SYSTEM_WORKFLOW
08_TECHNICAL_DEEP_DIVES
Security & Authentication Design
MoveX implements a robust security layer involving Bcrypt password hashing, session-based authentication, and request rate limiting. Input validation is enforced at the API boundary, while CORS protection and secure header management defend against common web-based vulnerabilities.
PostgreSQL Database Architecture
The system uses a highly structured PostgreSQL schema with tables for 'users', 'organizations', 'sessions', 'shipments', and 'password_resets'. This relational design ensures data integrity across complex workflows, allowing for strict foreign key constraints and optimized query performance for operational reporting.
Session Persistence and Revocation
One major architectural deep dive was the creation of a session management system where login states are persistent across server restarts but can be immediately revoked by administrators. This ensures unauthorized dashboard access is prevented even if a user's role is modified in real-time.
09_TECHNICAL_LESSONS_LEARNED
Signals of curiosity and system evolution through failure.
"I monitored how authentication systems behave under real-world workflows. I noticed significant latency introduced by hashing and learned the importance of caching session verification steps at the middleware level."
"I discovered that relational database design is the backbone of operational systems. Clear schema definitions influenced how simple or complex every upstream module became—a lesson in thinking about data before code."
"I learned that backend APIs must act as a 'choreographer' for logic. Ensuring that state transitions (e.g., from 'booked' to 'dispatched') remain consistent taught me about atomic state management and idempotency."
10_SYSTEM_EVOLUTION
CORE API ARCHITECTURE
Established the Node.js/Express baseline and defined the modular route structure for multi-role support.
RELATIONAL SCHEMA DESIGN
Implemented the PostgreSQL database layer, focusing on foreign key integrity for shipment tracking.
SESSION GUARD IMPLEMENTATION
Developed the security and session layer to manage role-based isolation and secure authentication.
OPERATIONAL WORKFLOW COMPLETION
Finalized the end-to-end shipment lifecycle, from customer booking to delivery proof storage.
11_ENGINEERING_CHALLENGES
SESSION SECURITY ISOLATION
Ensuring that users cannot access unauthorized dashboards required implementing strict middleware barriers and a session system that validates role permissions on every request.
TEMPORAL STATE PRESERVATION
Tracking a shipment's lifecycle required a state model capable of preserving timestamps and actor IDs at every transition: from booking to final delivery confirmation.
DEFENDING THE API BOUNDARY
Building defense-in-depth through rate limiting and strict validation was necessary to protect the operational core from malicious or malformed input.
12_SYSTEM_EVOLUTION_BEYOND
AUTOMATED DISPATCH LOGIC
Refining the backend to suggest optimal delivery routes based on destination density scores.
REAL-TIME EVENT STREAM
Integrating WebSockets for live status propagation across terminal dashboards.