Andrew Souza

Stack

Node.js · TypeScript · Fastify · Prisma · PostgreSQL · Redis · Zod · JWT · Vitest · Docker · Swagger / Scalar · Pino Logger

Problem

Companies with multiple branches often struggle to: control user permissions, standardize processes across units, generate reliable reports, maintain security and auditability of sensitive actions. These issues increase operational risk and weaken centralized management.

Solution

CoreOps centralizes organizations, units and users in a multi-tenant backend system, providing secure authentication, role-based access control and full action traceability in a single platform. The architecture was designed to reflect real-world corporate SaaS scenarios.

Core Features

• → Multi-tenant architecture (organization → units → users)
• → JWT authentication with access and refresh tokens
• → Single active session per user using Redis
• → Role-based access control (ADMIN, MANAGER, USER)
• → User management (create, update, deactivate and password reset)
• → Operational records with status and history
• → Reports with filters, pagination and CSV export
• → Audit logs for sensitive actions (logins, updates and critical operations)

Key Decisions

• ▹ Fastify chosen for performance and low overhead in backend-first APIs
• ▹ Prisma used to ensure schema consistency and type safety
• ▹ Redis implemented to enforce single active user sessions
• ▹ RBAC enforced at the service layer, not only at route level
• ▹ Zod for validating all inputs at application boundaries
• ▹ Vitest for fast and focused domain-level tests
• ▹ Pino Logger for structured logging and observability