Ryder (Car Rental Platform)

A full-stack car rental application with two roles:

• User: discover cars, book rentals, manage bookings, pay online
• Owner: onboard a rental business, add/manage cars, view bookings, create offline bookings

Contents (Session-wise)

• Session 0 — Overview, Roles, Features, Tech Stack
• Session 1 — Frontend (Client) Setup + Structure + Routes
• Session 2 — Backend (Server) Setup + Structure + API Endpoints
• Session 3 — Auth, Storage, Payments, Email, Jobs (How it works)
• Session 4 — Troubleshooting (CORS/Cookies/Local Dev)

---

Session 0 — Overview

Roles

• User

  • Signs up/logs in (supports Google sign-in)
  • Email verification
  • Optional 2FA via email OTP
  • Browse available cars (filter by state + city)
  • Book cars for a date range and pickup time
  • View/cancel bookings
  • Pay using Razorpay

• Owner

  • Signs up with business details + document uploads
  • Email verification
  • Optional 2FA via email OTP
  • Adds cars to fleet
  • Updates car status/price
  • Views bookings
  • Creates offline bookings
  • Cancels affected bookings automatically when car becomes unavailable and notifies users by email

Key Features

• Cookie-based JWT auth (authToken httpOnly cookie)
• Role-based routing (separate /user/* and /owner/*)
• PostgreSQL schema for users/owners/cars/bookings
• File uploads:
  • Owner uploads: id_proof, ownership_proof
  • Uploaded to Supabase Storage (public URLs stored)
• Payments: Razorpay order creation + signature validation
• Email: Nodemailer (Gmail SMTP) for verification, reset, 2FA, cancellations
• Daily job: auto-mark completed bookings at midnight

Tech Stack

Frontend

• React + Vite
• React Router
• Redux Toolkit + redux-persist
• Tailwind CSS + shadcn/ui style components (Radix UI)

Backend

• Node.js + Express
• PostgreSQL (pg)
• JWT (jsonwebtoken)
• Password hashing (bcryptjs)
• Email (nodemailer)
• Payments (razorpay)
• File upload (multer)
• Storage (@supabase/supabase-js)

---

Session 1 — Frontend (Client)

1) Location

• App root: Client
• Entry: Client/src/main.jsx
• Router: Client/src/App/App.jsx

2) Installation & Run

From the repo root:

1. Install:

   • cd Client && npm install

2. Configure env:

   • Create/update: Client/.env

   Required keys:

   • VITE_API_BASE_URL (example: http://localhost:3000)
   • VITE_SUPABASE_PROJECT_URL
   • VITE_SUPABASE_API_KEY
   • VITE_RAZORPAY_API_KEY_ID
   • VITE_RAZORPAY_API_SCRIPT_URL (example: https://checkout.razorpay.com/v1/checkout.js)

3. Start dev server:

   • npm run frontend

Vite default is typically http://localhost:5173.

3) Frontend Routes (React Router)

Defined in Client/src/App/App.jsx.

Public

• /
  • If user authenticated → /user/dashboard
  • Else if owner authenticated → /owner/dashboard
  • Else → landing page

User (/user/*)

• /user/log-in
• /user/sign-up
• /user/forgot-password
• /user/password-reset/:id
• /user/two-factor-auth
• /user/google/callback
• /user/dashboard (protected)
• /user/car-details/:car_id (protected)
• /user/owner-rental-cars (protected)

Owner (/owner/*)

• /owner/log-in
• /owner/sign-up
• /owner/forgot-password
• /owner/password-reset/:id
• /owner/two-factor-auth
• /owner/dashboard (protected)
• /owner/offline-booking (protected)

4) State Management

• Redux store: Client/src/Redux/redux-store.js
• Slices:
  • Client/src/Redux/user-slice.js
  • Client/src/Redux/owner-slice.js
• Persistence: uses redux-persist (see Client/src/main.jsx)

5) API Services + Session Handling

Services live in:

• Client/src/Services

Key idea:

• Axios uses withCredentials: true so the backend can set/read the authToken cookie.
• A response interceptor logs out and redirects on 401 (except for auth routes).
  • Interceptor: Client/src/Services/auth-interceptor.js

Main service clients:

• User auth: Client/src/Services/user-auth-service.js
• Owner auth: Client/src/Services/owner-auth-service.js
• User booking/payment: Client/src/Services/user-car-rental-service.js
• Owner fleet/booking: Client/src/Services/owner-car-rental-service.js

---

Session 2 — Backend (Server)

1) Location

• Server root: Server
• Entry: Server/src/index.js
• Express app: Server/src/app.js

2) Installation & Run

From the repo root:

1. Install:

   • cd Server && npm install

2. Configure env:

   • Create/update: Server/.env

   Recommended keys (use your own values):

   • SERVER_PORT (example: 3000)
   • CORS_ORIGIN (example: http://localhost:5173)
   • DATABASE_USER
   • DATABASE_HOST
   • DATABASE_PASSWORD
   • DATABASE_NAME
   • DATABASE_PORT
   • DATABASE_SSLMODE (example: require)
   • DATABASE_CHANNELBINDING (example: require)
   • EMAIL_ADDRESS
   • EMAIL_APP_KEY
   • ACCESS_TOKEN_SECRET
   • ACCESS_TOKEN_EXPIRY (example: 1h)
   • SALT_ROUNDS (example: 10)
   • SUPABASE_PROJECT_URL
   • SUPABASE_API_KEY
   • RAZORPAY_API_KEY_ID
   • RAZORPAY_API_KEY_SECRET

3. Start backend:

   • npm run backend

Default server base URL (per env): http://localhost:3000

3) Database Setup (PostgreSQL)

Schema file:

• Server/src/Database/db-schema.sql

Core tables:

• users
• owners
• car_rentals
• cars
• car_bookings

Connection:

• Server/src/Database/db-connection.js

4) High-level API Base Paths

Mounted in Server/src/app.js:

• /user (auth + rentals + payment)
• /owner (auth + rentals)

Auth middleware (cookie JWT):

• Server/src/Middleware/auth-middleware.js

---

Session 3 — Backend API (Endpoints)

All endpoints are defined under:

• User routes: Server/src/Routes/User
• Owner routes: Server/src/Routes/Owner

User Auth (/user/auth/*)

Routes: Server/src/Routes/User/auth-routes.js

• POST /user/auth/sign-up
• POST /user/auth/log-in
• GET /user/auth/verification-mail (protected)
• PATCH /user/auth/verification (protected)
• GET /user/auth/password-reset-mail
• PATCH /user/auth/password-reset
• PATCH /user/auth/activate-twofa (protected)
• GET /user/auth/twofa-mail
• PATCH /user/auth/twofa-verification
• POST /user/auth/twofa-log-in
• POST /user/auth/log-out (protected)
• POST /user/auth/google/sign-up
• POST /user/auth/google/log-in
• GET /user/auth/session (protected)

Owner Auth (/owner/auth/*)

Routes: Server/src/Routes/Owner/auth-routes.js

• POST /owner/auth/sign-up (multipart upload: id_proof, ownership_proof)
• POST /owner/auth/log-in
• POST /owner/auth/log-out (protected)
• GET /owner/auth/verification-mail (protected)
• PATCH /owner/auth/verification (protected)
• GET /owner/auth/password-reset-mail
• PATCH /owner/auth/password-reset
• PATCH /owner/auth/activate-twofa (protected)
• GET /owner/auth/twofa-mail
• PATCH /owner/auth/twofa-verification
• POST /owner/auth/twofa-log-in
• GET /owner/auth/session (protected)

User Rentals (/user/*)

Routes: Server/src/Routes/User/car-rental-routes.js

• GET /user/available-cars (protected, query: state, city)
• POST /user/car-booking (protected)
• GET /user/car/:car_id/booked-dates (protected)
• GET /user/bookings/:user_id (protected)
• GET /user/:car_rental_id/rental-cars (protected)
• PATCH /user/cancel-booking/:booking_id (protected)

Owner Rentals (/owner/*)

Routes: Server/src/Routes/Owner/car-rental-routes.js

• POST /owner/add-car (protected)
• GET /owner/:car_rental_id/rental-cars (protected)
• PATCH /owner/update-car-status (protected)
• PATCH /owner/update-car-price (protected)
• GET /owner/bookings/:car_rental_id (protected)
• GET /owner/car/:car_id/booked-dates (protected)
• POST /owner/offline-car-booking (protected)
• GET /owner/confirmed-car-bookings/:car_id (protected)

Payments (Razorpay) (/user/*)

Routes: Server/src/Routes/User/payment-routes.js

• POST /user/create-booking-order (protected)
• POST /user/validate-booking-order (protected)

---

Session 4 — How It Works (Auth, Storage, Payments, Email, Jobs)

Authentication (JWT in httpOnly cookie)

• Token utilities: Server/src/Utils/jwt-utils.js
• Middleware reads req.cookies.authToken: Server/src/Middleware/auth-middleware.js
• Client sends cookies via Axios withCredentials: true in:
  • Client/src/Services/user-auth-service.js
  • Client/src/Services/owner-auth-service.js

2FA (Email OTP)

• 2FA code generated/stored in DB
• Email sent via Nodemailer

Email (Nodemailer)

• Service: Server/src/Services/mail-service.js
• Sends:
  • verification code
  • password reset link
  • 2FA code
  • booking cancellation notification

File Uploads (Owner documents)

• Upload middleware: Server/src/Middleware/multer-middleware.js
• Files uploaded to Supabase Storage:
  • Server/src/Services/supabase-service.js

Payments (Razorpay)

• Service: Server/src/Services/razorpay-service.js
• Flow:
  1. Client requests order creation (/user/create-booking-order)
  2. Client completes Razorpay checkout
  3. Client sends signature payload to backend (/user/validate-booking-order)
  4. After validation, client creates booking (/user/car-booking) with order_id + payment_id

Daily Job: mark completed bookings

• Job scheduler: Server/src/Jobs/booking-status-job.js
• Started on server boot: Server/src/index.js

---