More Work

Digital Product Store

Stripe payments, secure downloads, admin analytics, modern UI.

Live App
Role
Full-stack Developer
Timeline
3 weeks
Industry
E-commerce / Digital Goods
Team
Solo
Scope
Payments, Orders, Downloads, Admin
Impact
Reliable purchase-to-download flow

TL;DR

  • Tokenized downloads to protect files
  • Stripe-native checkout with webhooks
  • Admin KPIs: sales, revenue, orders
  • Invoice PDFs generated server-side
  • JWT-protected routes and clean data plumbing

⚡ Problem

Creators selling downloadable products often struggle with trust, failed checkouts, and keeping files secure after purchase. They also lack admin visibility into sales KPIs and post-purchase issues.

Audience & Use Cases

Primary Audience

  • Solo creators selling templates, design kits, or code bundles
  • Small studios needing quick, secure delivery of digital goods
  • Operators who want simple but trustworthy admin analytics

Key Use Cases

Instant file delivery after payment

Customer pays via Stripe; webhook confirms the payment; the order is created and short-lived download tokens are issued immediately.

Secure re-download within a grace window

Customers can re-download items for a limited time; tokens expire and are validated server-side to prevent sharing.

Admin performance overview

Operators view sales trendlines, revenue totals, and order counts to monitor product performance.

💡 Solution

A full-stack microstore with Stripe checkout, signed & expiring download tokens, professional invoice PDFs, and an admin analytics view for sales, revenue, and operational oversight.

  • Stripe Payment Intents with success/failure handling
  • Secure, short-lived download tokens (per order/item)
  • Webhook-driven order finalization
  • Admin dashboard with sales & revenue analytics
  • Customer order history with immediate downloads
  • Professional invoice PDFs via PDFKit
  • JWT authentication and protected routes
  • Responsive dark-mode UI and accessible focus states

Requirements & Constraints

Requirements

  • Protect digital files against public sharing
  • Support credit/debit card payments via Stripe
  • Provide downloadable invoices/receipts
  • Offer an admin view of core KPIs

Constraints

  • Prefer SQL database with lightweight, code-first migrations
  • Low operational overhead (simple deployment & environment)
  • Frictionless guest checkout (no heavy account flows)

Architecture

React/Vite frontend talks to an Express REST API. Stripe handles payment; a webhook finalizes orders, issues download tokens, and updates analytics. Files are served via a secure backend endpoint that validates token + order ownership.

Data / Request Flow

  1. Customer adds product and proceeds to checkout.
  2. Frontend calls POST /api/checkout to create a Payment Intent.
  3. Stripe collects payment; on success, Stripe calls our webhook.
  4. Webhook verifies signature, creates Order, mints download tokens.
  5. Customer is redirected to success page; immediate downloads available.
  6. Download endpoint validates token → streams file → logs access.
  7. Admin dashboard queries analytics endpoints for KPIs.

Domain Model

User
  • id
  • email
  • passwordHash
  • role (user/admin)
  • createdAt
Product
  • id
  • title
  • price
  • filePath|source
  • coverImage
  • createdAt
  • updatedAt
Order
  • id
  • userId
  • stripePaymentIntentId
  • amount
  • status (pending|succeeded|failed)
  • createdAt
OrderItem
  • id
  • orderId
  • productId
  • priceAtPurchase
DownloadToken
  • id
  • orderItemId
  • token (JWT or random)
  • expiresAt
  • maxUses (e.g., 3)
  • usedCount

Trade-offs & Alternatives

  • Drizzle ORM chosen over Prisma for SQL-first ergonomics; smaller ecosystem but faster, lighter migrations
  • PDFKit for full control vs. hosted invoice solutions; more code, but zero vendor lock-in
  • Tokenized streaming vs. pre-signed public URLs; slightly more server work, but stronger anti-sharing controls

Roadmap

  • Subscriptions & licenses (Stripe Billing)
  • Multi-tenant admin (workspaces) and roles
  • Email receipts + webhooks for receipt delivery
  • VAT/tax handling and localized currency display
  • Product bundles & coupon codes
  • Pre-signed S3 integration as optional storage backend

FAQ

Can customers re-download purchases later?

Yes—tokens are short-lived and renewable per order within a configurable policy (e.g., 7 days or 3 uses).

How are files protected?

Files are never exposed via public URLs. The API validates token + ownership and streams the file server-side.

Can this scale to more products and higher traffic?

Yes—adds indexes, moves assets to object storage, and horizontally scales the API. Admin endpoints already use pagination.

Is subscription billing supported?

Planned on the roadmap via Stripe Billing; current version supports one-time purchases.