Commerce PDV – Project Showcase

Overview

What is Commerce PDV?

Commerce PDV is a comprehensive business management solution designed for retail stores and small businesses. It enables fast sales processing, real-time inventory control, and customer relationship management — all synchronized across devices through a secure cloud backend.

The project was built entirely from scratch over 8+ months, spanning three distinct applications that communicate via an authenticated REST API. Each component follows industry-standard patterns and implements multiple layers of security.

The individual component repositories are private — this showcase highlights architecture decisions, key features, and the engineering challenges solved along the way.

50k+

Lines of code

8+

Months dev time

30+

API endpoints

50+

DB tables

3

Applications

4

Languages

Architecture

Three-tier Ecosystem

Three independent applications connected by a central REST API, each with clear responsibilities and domain boundaries.

┌─────────────────────────────────────────────────────────────┐ │ End Users │ └──────────────────┬──────────────────────┬───────────────────┘ │ │ ┌─────────▼──────┐ ┌─────────▼──────────────┐ │ CommerceWeb │ │ CommerceApp │ │ (Web Portal) │ │ (Windows Desktop POS) │ │ │ │ │ │ · Registration │ │ · Sales processing │ │ · User mgmt │ │ · Inventory control │ │ · Subscriptions│ │ · Customer database │ │ · Download hub │ │ · Reports & analytics │ └────────┬───────┘ └──────────┬──────────────┘ │ │ │ HTTPS / REST │ └───────────┬────────────┘ │ ┌──────────▼─────────┐ │ CommerceApi │ │ (Backend) │ │ │ │ · Authentication │ │ · Business logic │ │ · Multi-tenancy │ │ · HMAC signing │ └──────────┬────────┘ │ ┌──────────▼────────┐ │ MySQL / PgSQL │ │ (Per-tenant DB) │ └───────────────────┘

🌐

CommerceWeb — Portal

Built with Symfony 7.2, PostgreSQL, and Bootstrap 5. Handles user registration with email verification, a three-tier subscription system (Starter / Basic / Premium), and an application download center. Sensitive data is protected with AES-256-GCM encryption.

⚙️

CommerceApi — Backend

Vanilla PHP 7.4+ REST API backed by MySQL. Implements multi-tenant database architecture, HTTP Basic Auth, HMAC-SHA256 request signing, replay-attack prevention, rate limiting (60 req/min), and plan-based feature gating.

🖥️

CommerceApp — Desktop

C# 12 / .NET 8 WPF application using the MVVM pattern. Features barcode scanning, thermal receipt printing, offline mode with automatic sync, encrypted local storage, and complete cryptographic request signing for every API call.

Key features

What it can do

🏢

Multi-Tenant Architecture

Every customer gets a fully isolated database instance. Tenant resolution happens automatically through authentication, ensuring complete data privacy and scalability to thousands of customers.

🔐

Enterprise Security

HMAC-SHA256 request signing with replay-attack prevention (±5 min window), AES-256-GCM email encryption, bcrypt password hashing, rate limiting, and full audit logging on every API request.

☁️

Cloud Synchronization

The desktop application automatically syncs sales, inventory, and customer data with the cloud API, enabling multi-device access and centralized reporting from the web portal.

💳

Subscription Plans

Plan-based feature gating dynamically controls access to features and enforces usage quotas (e.g. product limits, report depth) based on the customer's active subscription tier.

📊

Sales & Inventory

Fast checkout with barcode scanning support, real-time stock tracking, customer purchase history, multi-payment methods, and flexible date-range reports with per-client breakdowns.

🖨️

Thermal Receipt Printing

Native thermal printer integration in the desktop application generates formatted receipts immediately after a sale is completed, with configurable store branding.

Technology

Stack breakdown

Layer	Component	Technology
Frontend (Web)	CommerceWeb	Symfony 7.2, Twig, Bootstrap 5, Stimulus (Hotwired), JavaScript
Frontend (Desktop)	CommerceApp	WPF, XAML, C# 12, .NET 8.0, MVVM pattern
Backend API	CommerceApi	PHP 7.4+ (vanilla), RESTful JSON API
Database (Web)	CommerceWeb	PostgreSQL 14+ (user & subscription data)
Database (API)	CommerceApi	MySQL 8.0+ (per-tenant isolated databases)
Authentication	All components	HTTP Basic Auth, Bcrypt, HMAC-SHA256 request signing
Encryption	Web + Desktop	AES-256-GCM (email data), TLS/HTTPS (transport)
Architecture	System-wide	Three-tier, Multi-tenant, MVVM (desktop), MVC (web/api)
DevOps	All components	Docker Compose, Git, Composer, NuGet

Screenshots

See it in action

A visual walkthrough of the web portal and desktop application interfaces.

🌐 Web Portal – Landing page

Commerce PDV – User registration and subscription flow

📝 Web Portal – User registration & subscription flow

Commerce PDV – Desktop application main dashboard

🖥️ CommerceApp – Main dashboard

💰 CommerceApp – Sales processing

📦 CommerceApp – Inventory management

📊 CommerceApp – Sales report

👥 CommerceApp – Sales by client

Engineering

Challenges solved

A few of the more complex technical problems tackled during development.

🏗️

Dynamic Multi-Tenant Routing

The API resolves the correct tenant database at runtime from the authenticated user's credentials — no hard-coded connections. Each tenant's schema is fully isolated, enabling independent versioning and per-customer backups.

🔒

Searchable Encrypted Email

User email addresses are stored AES-256-GCM encrypted while a deterministic hash index allows fast lookups — combining privacy compliance with full query performance, without storing plaintext.

🖋️

Cross-Platform HMAC Auth

Both the web portal and the desktop application sign every API request with HMAC-SHA256 using an API key/secret pair. The server validates the signature and rejects requests outside a ±5 minute timestamp window, preventing replay attacks.

📶

Offline-First Desktop App

CommerceApp operates fully offline with encrypted local storage. When connectivity is restored, it reconciles local changes with the cloud API using a conflict-resolution strategy, ensuring no transactions are lost.