Marketplace ΰΈΰΈ·ΰΉΰΈ-ΰΈΰΈ²ΰΈ’ΰΈΰΈ²ΰΈ£ΰΉΰΈ TCG ΰΈΰΈ΅ΰΉΰΉΰΈ«ΰΈΰΉΰΈΰΈ΅ΰΉΰΈͺΰΈΈΰΈΰΉΰΈΰΈΰΈ£ΰΈ°ΰΉΰΈΰΈ¨ΰΉΰΈΰΈ’
- Framework: Next.js 14 (App Router + Server Actions)
- Language: TypeScript (strict mode)
- Database: PostgreSQL + Prisma 5
- Auth: NextAuth.js v5 (JWT)
- UI: Tailwind CSS v3 + shadcn/ui
- Rate Limiting: Upstash Redis
- Card OCR: Tesseract.js
- Card API: Pokemon TCG API (pokemontcg.io)
- π Homepage with hero section, featured listings, browse by series
- π Browse listings with filters (series, condition, price, graded)
- π Listing detail with image gallery, seller info, buy button
- π Email + Password authentication + LINE Login (OAuth)
- π³ Omise payment integration (PromptPay QR + Credit Card)
- π Seller analytics with revenue charts + tier progress
- π‘οΈ KYC verification system
- π Subscription plans (FREE / PRO / BUSINESS)
- π Seller tier auto-upgrade (Bronze β Silver β Gold β Verified Pro)
- π± Community forum with TCG categories
- π Scammer database + public check page
- π Price history charts (30/90/180 days)
- π Email + in-app notification system
- π‘οΈ Edge middleware (auth guard + security headers)
- π Multi-step create listing form
- π Seller dashboard with listings and orders
- π Order flow: buy β checkout β payment β confirmation
- π° Escrow system with auto-release (7 days)
- π€ User profile with seller badge and reviews
- π§ Admin panel: listing approval, user management, disputes
- πΌοΈ Card identification via OCR (Tesseract.js) + Pokemon TCG API
- β‘ Rate limiting on all sensitive endpoints
- Node.js 18+
- PostgreSQL 14+
npm installcp .env.example .env.local
# Edit .env.local with your credentials (see .env.example for all options)# Generate Prisma client
npx prisma generate
# Push schema to database
npx prisma db push
# Seed with mock data
npm run db:seednpm run dev| Role | Password | |
|---|---|---|
| Admin | admin@cardvault.co.th | password123 |
| Seller | seller1@example.com | password123 |
| Seller | seller3@example.com | password123 |
| Buyer | buyer1@example.com | password123 |
cardvault/
βββ app/
β βββ (auth)/ # Login, Register pages
β βββ (main)/ # Main layout with header/footer
β β βββ browse/ # Browse listings
β β βββ listing/ # Listing detail
β β βββ checkout/ # Checkout flow
β β βββ orders/ # Buyer orders
β β βββ profile/ # User profile
β βββ sell/ # Seller pages
β β βββ new/ # Create listing (multi-step)
β β βββ listings/ # My listings
β β βββ orders/ # Seller orders
β βββ admin/ # Admin panel
β β βββ listings/ # Approve/reject listings
β β βββ disputes/ # Manage disputes
β β βββ users/ # User management
β βββ api/ # API routes
β βββ auth/ # NextAuth + register
β βββ listings/ # CRUD listings
β βββ orders/ # Create orders
β βββ cards/ # Card identification (OCR)
β βββ upload/ # File upload
β βββ webhooks/ # Omise payment webhooks
β βββ cron/ # Escrow auto-release
βββ components/
β βββ ui/ # shadcn/ui components
β βββ shared/ # Header, Footer, Sidebar
βββ lib/ # Utilities, auth, rate limiting
βββ services/ # Business logic (escrow, card identify)
βββ prisma/ # Schema + seed data
| Endpoint | Limit |
|---|---|
/api/cards/identify |
20 req/hr/user |
/api/upload/* |
30 req/10min/user |
/api/orders POST |
20 req/hr/user |
/api/listings POST |
10 req/hr/user |
/api/auth/login |
5 req/15min/IP |
- Buyer pays β funds held in escrow (HOLDING)
- Seller ships β order marked SHIPPED
- Buyer confirms receipt β funds released (RELEASED)
- Auto-release after 7 days if no response
- Dispute freezes escrow (FROZEN)
- Push to GitHub
- Connect to Vercel
- Set environment variables in Vercel dashboard (see
.env.example) - Vercel Cron runs
/api/cron/escrow-releasedaily at 20:00 UTC (3:00 AM ICT)
DATABASE_URLβ PostgreSQL connection stringNEXTAUTH_SECRETβ Random string (32+ chars)NEXTAUTH_URLβ Your domain (https://cardvault.co.th)OMISE_PUBLIC_KEY/OMISE_SECRET_KEYβ Omise payment keysR2_*β Cloudflare R2 credentials for image storageRESEND_API_KEYβ Resend email API key
LINE_CLIENT_ID/LINE_CLIENT_SECRETβ LINE LoginUPSTASH_REDIS_REST_URL/UPSTASH_REDIS_REST_TOKENβ Redis rate limitingPOKEMON_TCG_API_KEYβ Card identification API
MIT
- PromptPay QR code payment
- Credit card payment via Omise.js
- Webhook handler for payment confirmation
- Automatic escrow hold on payment
- Tier system: Bronze β Silver β Gold β Verified Pro (auto-upgrade)
- KYC verification: ID card + selfie upload
- Analytics dashboard: Revenue charts, top cards, conversion rate
- Subscriptions: FREE / PRO / BUSINESS plans
- Forum threads grouped by TCG category
- Post feed with card tagging and listing links
- Like, comment, and bookmark
- Public scammer database (
/check) - Community scammer reports with admin review
- Auto-check against blacklist during KYC
- Edge middleware with auth + role guards
- Security headers (HSTS, X-Frame-Options, etc.)
- Rate limiting on all sensitive endpoints
- R2 presigned URL validation (type + size)