Art Museum IT Review Pack

Runtime and Application Architecture

Frontend: React Native web-capable client with domain screens (auth, catalogue, artists, collections, cart, checkout, contact, admin).
Backend: Express application split into app bootstrap, route modules, controller handlers, service layer utilities, and repository-backed data access.
Data: SQLite persistence via repository modules for users, catalogue entities, cart, orders, reset tokens, contacts, and admin audit records.
Flow: client service modules call REST endpoints, middleware enforces auth and request constraints, and repositories isolate SQL concerns.
Recent improvements: CSS variables and accessibility, frontend context memoization, standardized API error handling, backend security notes, and maintainability upgrades.

System Architecture Diagram

Primary Client React Native Web App

Application Core Express Route, Service, Repository Layers

Persistence SQLite with Repository Isolation

Control Surface JWT Auth, Middleware, CI Verification

Client and UI Application services Persistence External and delivery

User Interaction Lane

Public visitors and signed-in customers move through browsing, account, cart, checkout, tickets, and membership paths.

Admin Operations Lane

Admin users move through role-aware dashboards, content management, operational review, diagnostics, and order-related controls.

Experience Layer Public Client Boundary

Visitor Experience

Home, exhibitions, artists, collections, shop, tickets, membership, and contact flows in the React Native client.

Authenticated Sessions

Login, registration, password reset, secure storage, cart state, and checkout status handled in client contexts.

Admin Views

Dashboard, content management, and order-related review paths exposed through role-aware frontend screens.

Flow: HTTP requests | JWT auth | role-aware navigation

Application Layer Trusted Service Boundary

Route and Controller Layer

Express routes and controllers convert HTTP input into bounded feature handlers for auth, catalogue, cart, checkout, contact, and admin.

Security and Middleware

Auth middleware, rate limiting, startup checks, and request validation enforce access control and operational safety.

Service Layer

Payment abstraction, mailing, reset-email handling, monitoring, config checks, and startup status sit behind application services.

Repository Boundary

Repositories isolate persistence logic so SQL access stays separated from transport and business orchestration.

Flow: Repository calls | payment provider | email delivery | diagnostics

Data and Integration Layer Persistence and Delivery Boundary

SQLite Core Data

Users, products, artists, artworks, collections, exhibitions, orders, cart state, reset tokens, contacts, and audit data.

External Integrations

Payment provider integration, email delivery mode, and notification or monitoring hooks support operational workflows.

Quality and Delivery

Backend tests, frontend tests, demo-health checks, CI workflows, and Pages publication form the delivery-side architecture.

Deployment and Publication

GitHub Actions runs CI, security checks, demo-health validation, and GitHub Pages publication as part of the delivery topology.

External Service Touchpoints

Email delivery mode, payment-provider abstraction, and monitoring hooks remain outside core persistence but are invoked through the service boundary.

Operational Controls

JWT auth, rate limiting, startup checks, config validation, and diagnostics protect the system across request, service, and deployment paths.

1 User Action

A visitor or admin action begins in the React Native client through a domain-specific screen or workflow.

2 Protected Request

The client sends an HTTP request with auth context, while middleware and route handlers validate the request boundary.

3 Service Execution

Controllers and services apply business logic, invoke provider abstractions, and coordinate persistence work.

4 Persistence and Result

Repositories read or write SQLite data, after which the response returns to the client and updates the UI state.

This board shows the full request path and responsibility split: user interaction enters the client, flows through secured API orchestration, and reaches repository-backed persistence and external integrations.

Separation of concerns: routing, business logic, and persistence are intentionally isolated.
Feature traceability: screens map to service calls, service calls map to API endpoints, and API endpoints map to repositories.
Operational clarity: startup checks, monitoring hooks, and configuration validation are treated as part of the architecture design.

Feature Specifications

Authentication: register/login, token-based session handling, secure storage utilities, reset-email and token flow support.
Catalogue and discovery: artists, collections, exhibitions, artworks, and shop products with clickable detail interactions.
Commerce: cart operations, checkout orchestration, payment provider abstraction, and status visibility.
Admin and operations: role-aware access, dashboard-oriented features, and contact/message management pathways.

Security, Reliability, and Delivery Specs

Security controls: auth middleware, route protection, rate-limiting support, and controlled password reset lifecycle.
Config safety: startup and config-check services with script-based validation to catch environment issues early.
Test coverage: backend Jest suites for auth/cart/catalogue/checkout/admin/startup/contact plus frontend Jest suites for screen behavior.
CI/CD: automated workflows for test execution, security checks, and publication tasks; demo health checks for seeded data thresholds.

Review Navigation

Use the supporting HTML review pages for interview walkthroughs, audience handoff, and technical follow-up.

Case Study Recruiter Version Manager Version Share Kit Publish Playbook Back to Hub