Executive Summary
ΛOMI Editorial is a domain-driven marketplace architected to solve a critical two-sided market problem: empowering freelance photographers with dynamic, shareable bento-grid portfolios while providing clients with a hyper-filtered discovery engine based on location, budget, and specialty.
The Architecture
To handle the heavy I/O of image processing without blocking the UI thread, I intentionally decoupled the architecture.
- Frontend: A highly-responsive, SSR-optimized interface built with Next.js App Router and TailwindCSS. I utilized React Query for server-state caching (eliminating UI flicker) and Zustand for localized global state.
- Backend: A dedicated, stateless Node.js/Express REST API that handles secure media uploads, complex aggregation pipelines, and custom authentication.
Hard Engineering Problems Solved
1. Enterprise-Grade Custom Authentication
Rather than relying on expensive managed providers (like Auth0 or Clerk), I engineered a secure, dual-token (Access + Refresh) JWT authentication system from scratch.
- XSS Prevention: Tokens are securely transmitted and stored exclusively in
httpOnly,secure, andsameSitecookies. - CSRF Defense: Implemented a strict double-submit cookie strategy with custom Axios interceptors automatically fetching and rotating
x-csrf-tokenheaders on all unsafe mutating requests. - Brute Force Protection: Developed specialized Express Rate Limiters (e.g., max 10 login attempts per 15 mins) that intelligently skip successful requests to punish bots without impacting legitimate users.
2. High-Performance Media Pipeline
Photographers upload massive raw image files, which traditionally cripple web performance.
- Integrated the Cloudinary CDN to handle on-the-fly image compression and WebP conversion.
- Database Refactoring: Consolidated scattered image references into a centralized polymorphic
Portfoliocollection. I applied compound MongoDB indexes (photographerId+purpose) to reduce complex joins into a single, lightning-fast database query that returns all profile assets simultaneously.
Quality Assurance
To ensure unbreakable production deployments, I built a robust End-to-End (E2E) testing suite using Playwright. The suite aggressively tests critical user flows—including the auth lifecycle and bento-grid drag-and-drop mechanics—preventing regressions before they reach the main branch. Strict TypeScript schemas and Zod API validations enforce end-to-end type safety across the network boundary.