JoyCity Enterprise Platform

A business platform for managing Wildberries marketplace operations, built for company employees working with multiple WB Seller accounts (legal entities). The system consists of four services — a Rust/Axum backend API, a Next.js frontend, a Python/FastAPI reverse proxy for the WB Seller portal, and a Rust background data sync service — all orchestrated via Docker Swarm behind Traefik with automatic SSL.

Authentication & Access Control

Dual-token JWT system (2h access + 30d refresh) with HttpOnly cross-subdomain cookies, automatic transparent token refresh, and multi-session support with session revocation. 10+ roles with database-level admin protection that prevents ADMIN role manipulation via the API. The wb-proxy delegates all cryptographic operations to the backend via an internal API protected by a shared secret key.

User & Account Management

Full CRUD for users with role assignment, password changes, name editing, and avatar upload (client-side processed to 512×512 JPEG, stored in S3). Supports multiple WB Seller accounts (legal entities), each with its own set of WB portal credentials and API key. Dual credential validation — WB cookies via proxy + API key via backend — before account creation. Users are assigned to one account at a time.

Article Assignment

Monthly per-user article (nmId) assignment with validation against synced order data. Supports bulk import from Excel. Articles determine what each user sees in the filtered WB Seller portal. Cache invalidation via shared Redis when assignments change.

Filtered WB Seller Proxy

A reverse proxy at wb-seller.{domain} that lets managers work with the real WB Seller portal UI but see only their assigned articles. Filters JSON responses, Excel exports, orders, stocks, supplies, analytics, reviews, discounts, reports, and CMP advertising campaigns. Computes per-user aggregated financial balance from locally synced report data. Handles URL rewriting across 15+ WB subdomains, JS injection for browser-side rewrites, static file caching, and automatic WB token refresh.

WB Data Synchronization

A background Rust service that continuously syncs orders, sales, and detailed financial reports from the WB Statistics API for all registered seller accounts. Stores data as-is with no transformations. Handles rate limiting, pagination, incremental sync, per-account error isolation, and deduplication.

KPI Ranking & Logistics

The platform ranks managers by their KPI metrics sourced from Wildberries data, and handles office-to-warehouse logistics planning operations.

Infrastructure & DevOps

On-demand PostgreSQL backup to AWS S3 triggered from the UI. Swagger UI at /api/swagger-ui protected by the SWAGGER role. Prometheus + Grafana monitoring with exporters for PostgreSQL and Redis, plus Traefik metrics. GitLab CI/CD with zero-downtime rolling updates via Docker Swarm with automatic rollback on health check failure. HTTPS-only with HSTS, security headers, and non-root containers.

Key Highlights

• 4-service architecture — Rust API + Next.js frontend + Python proxy + Rust sync worker
• Filtered WB portal — real Wildberries UI with per-user article visibility
• Dual-token JWT — HttpOnly cross-subdomain auth with transparent refresh
• 6-role RBAC — database-level admin protection
• Background sync — continuous order, sales, and financial report ingestion
• KPI ranking — manager performance metrics from WB data
• Excel bulk import — monthly article assignments with cache invalidation
• Zero-downtime deploys — Docker Swarm rolling updates with auto-rollback
• Dark/light theme — user-togglable with Tailwind CSS variables
• EN/RU localization — full internationalization across the frontend