Skip to content

Advanced Features

Jump to bottom
Akram El Assas edited this page Jul 5, 2025 · 3 revisions

Table Of Contents

  1. Security Practices
  2. Monitoring & Logging
  3. Deployment & Hosting
  4. Analytics & Tracking

Security Practices

wexCommerce prioritizes security across all layers of the platform:

  • Authentication: The backend uses JWT (JSON Web Tokens) for secure and stateless authentication. Tokens are signed with a secret and validated on each request to protect user sessions.
  • Refresh Tokens: Long-lived refresh tokens are securely issued and rotated to maintain user sessions without exposing credentials.
  • Secure Headers: Security-related HTTP headers are enforced using the helmet middleware to protect against common vulnerabilities such as clickjacking and MIME sniffing.
  • CORS Policies: Configured to allow only trusted domains to interact with the backend.
  • Rate Limiting: Protects against brute-force attacks and abusive traffic patterns.
  • HTTPS in Production: All production traffic is served over HTTPS to ensure encrypted communication.
  • Secure Payments: Integrated with Stripe and PayPal using tokenized and encrypted transactions.

Monitoring & Logging

Logging and debugging are vital for observability and diagnostics:

  • Backend Logging: Uses Winston, a flexible and extensible logging library that supports multiple transports (console, file, remote).
  • MongoDB Debug Mode: Can be enabled in backend/.env to trace database operations:
WC_DB_DEBUG=true

You can find more details about logging here.

wexCommerce supports error monitoring through Sentry (https://sentry.io), which captures runtime exceptions and performance metrics. This is useful for diagnosing backend issues in production or staging environments. You can find more details here.

Deployment & Hosting

wexCommerce supports multiple deployment strategies:

  • Docker Support: Includes Docker and Docker Compose for development and production setups.
  • VPS Hosting: The app can also be deployed manually on virtual private servers (self-hosted).
  • Static File Delivery: Uses Express to serve frontend static assets.
  • Environment Configuration:
    • All environments (development, staging, production) are configured via .env files.
    • Self-hosted Deployment instructions and required variables are documented here.
    • Docker Deployment instructions and required variables are documented here.

Analytics & Tracking

  • Google Analytics: The frontend includes optional integration with Google Analytics. Configured via:
NEXT_PUBLIC_WC_GOOGLE_ANALYTICS_ENABLED=false
NEXT_PUBLIC_WC_GOOGLE_ANALYTICS_ID=G-XXXXXXXXXX
  • Analytics support:
    • Page view tracking in SPA mode
    • Environment-aware logic (disabled in development)
    • GDPR-friendly implementation

Configuration is located in frontend/.env.

Copyright © Akram El Assas. All rights reserved.

  1. Overview
  2. Software Architecture
  3. Install Guide (Self-hosted)
  4. Install Guide (Docker)
    1. Docker Image
    2. SSL
  5. Social Login Setup Guide
  6. Free SSL Setup Guide
  7. Setup Sentry
  8. Payment Gateways
  9. Setup Stripe
  10. Run from Source
  11. Run from Source (Docker)
  12. Fork, Customize, and Sync
  13. Demo Database
    1. Windows, Linux and macOS
    2. Docker
  14. Change Language and Currency
  15. Add New Language
  16. Testing
    1. Integration Tests and Coverage
  17. Logs
  18. FAQ
  19. Release Notes
  20. Contribution Guide
  21. Code of Conduct

Clone this wiki locally