Polishing the Shopping Experience
Order Confirmation Emails
Integrated Resend for transactional email. The implementation includes:
- Professional responsive HTML template with plain text fallback
- XSS prevention via
escapeHtml()on all dynamic content - Non-blocking email sending (order creation doesn't wait for email delivery)
- Quote request disclaimer, items table, shipping address, and next steps
Invoice Generation System
A comprehensive invoicing system with auto-incrementing numbers (RT-INV-0001), PDF generation via @react-pdf/renderer, and a full status workflow: Draft, Sent, Viewed, Paid, and more. The admin UI provides listing and viewing capabilities with proper authentication on all endpoints.
Noted that VAT is hardcoded at 20% and bank details are placeholders - both need addressing before go-live.
Rate Limiting
Added rate limiting to the admin login: an in-memory sliding window limiter allowing 5 attempts per minute per IP. Returns HTTP 429 with a retryAfter header when exceeded, and resets on successful login. IP detection uses X-Forwarded-For and X-Real-IP headers for Cloudflare compatibility.
Page Load Fix
Diagnosed missing .next/static directory causing 404s for all CSS and JavaScript files. Root cause was a syntax error in the invoices API route from escaped exclamation marks during shell-based deployment. Rebuilt and restarted PM2.