nextjs nestjs mongodb pwa rbac

BuggyRentalHub

A buggy rental management platform covering the full rental lifecycle — PIN-secured checkout, maintenance tracking, RBAC, offline-capable PWA, and AI natural-language analytics.

PIN + QR

two-party checkout verification

Offline-first

PWA with sync & retry

NL queries

AI-powered business analytics

[ role ] Full-stack engineer · T-Htwin Innovation Lab

Project specs

Tech Stack

Next.js 16 NestJS MongoDB Zustand Gemini PWA

R&D Focus

Operations Management & Offline-First Web

Complexity

A comprehensive management system for buggy rental businesses, covering the full operational lifecycle from check-in to checkout, with maintenance tracking, role-based access, and AI-assisted analytics. Built as an offline-capable PWA so staff can keep operating even on unreliable connections.

Problem

Rental operations are full of trust and accountability gaps: who authorized a discount, did the customer actually agree to the rental, was a vehicle returned damaged? The system needed verifiable two-party checkout, granular role-based permissions, transactional data integrity, and reliable operation in the field — plus analytics that non-technical managers can actually query.

Approach

  • Secure rental lifecycle: Check-in generates a hashed 4-digit Checkout PIN (shown once); checkout requires the customer to re-enter it on a different device, with QR confirmation and manager Approval Tokens for over-threshold discounts.
  • RBAC everywhere: Granular permissions ( viewRentals , checkOut , viewOverview ) enforced on the API via NestJS Guards and on the web via PermissionGate components.
  • Transactional safety: Mongoose transactions for critical multi-document operations (e.g., simultaneous vehicle status update + rental creation), with runtime detection of transaction support.
  • Offline-first PWA: A useSync hook plus Dexie/IndexedDB handle data consistency and offline/retry scenarios for operational reliability.
  • AI analytics: A Gemini-powered service lets staff query business data in natural language (“revenue from last weekend”), alongside Recharts KPI dashboards and full audit logging of sensitive actions.

Outcome

  • A trustworthy check-in → confirm → check-out flow with cryptographic and device-level safeguards against internal misuse.
  • Real-time KPI monitoring (revenue, fines, utilization) plus maintenance alerts and service logs.
  • Field-ready reliability through offline sync and auditable overrides.

Stack notes

NPM Workspaces monorepo: apps/api (NestJS 11, Mongoose/MongoDB, Passport/JWT, Google Generative AI, Cloudinary, Swagger), apps/web (Next.js 16 App Router, React 19, Zustand, TanStack Query, next-pwa, Dexie, qrcode.react, Recharts, Radix + Tailwind), and packages/core (shared TS types, validation, business constants). Deploys to Vercel/Node with MongoDB Atlas.