Backend
The backend developer's area of responsibility. This section is a starting point: the backend partner extends and adjusts it as design progresses.
:::note Status This is an architecture proposal based on the analysis (stack NuxtNuxtA meta-framework on top of Vue.js. Supports server-side rendering (SSR) and SPA mode. Used for the customer storefront and the admin panels. + DirectusDirectusAn open-source headless platform on top of PostgreSQL: provides the data model, REST/GraphQL API, authentication, RBAC and a ready-made admin UI without writing code. + PostgresTenantA logically isolated customer in a multi-tenant system. In Ghost Kitchen a tenant is a brand: its data is separated from others by `brand_id` and access rules. + MollieMollieA European payment provider. Accepts payments (cards, iDEAL, Apple/Google Pay, etc.) and reports payment status via webhooks.). Decisions are marked as recommendations — open to discussion. :::
Separation principle
Backend = Directus (declarative core) + Node adapter (imperative logic) over a single database.
Directus — what it covers without code
- Data model (collections = Postgres tables) and relations.
- REST and GraphQL API over the data — consumed by the frontend.
- Authentication, tokens, refresh, password reset.
- RBACRBACRole-Based Access Control — access management based on roles. Permissions are granted to a role (Company Admin, Brand Admin, Restaurant Manager) rather than to each user individually. and access policies at the collection and row level (tenantTenantA logically isolated customer in a multi-tenant system. In Ghost Kitchen a tenant is a brand: its data is separated from others by `brand_id` and access rules.
isolation on
brand_id). - A ready admin UI for content operations (menu, brands, users).
- File/image uploads (S3-compatible storage).
Node adapter — what we build ourselves
A thin service (recommended in the same stack as the frontend — Node/TypeScript; optionally NestJS or a light Nitro/Fastify). Handles what goes beyond CRUD:
- CheckoutCheckoutOrder checkout: entering contacts and address, choosing time/delivery, payment and confirmation. In the custom stack it is fully under our control. orchestration (total calculation, validation, reservation).
- Creating a payment in MollieMollieA European payment provider. Accepts payments (cards, iDEAL, Apple/Google Pay, etc.) and reports payment status via webhooks. and receiving webhooksWebhookAn HTTP notification an external service (e.g. Mollie) sends to the platform on an event — for example, "payment paid". An alternative to constantly polling the API..
- Pushing the order to LiefersoftLiefersoftA restaurant POS / cash-register system (Germany) with TSE fiscal compliance. The platform pushes orders to it for preparation and fiscal accounting. and receiving preparation statuses.
- IdempotencyIdempotencyThe property of an operation yielding the same result when repeated. Protects against duplicate orders/payments when a webhook is redelivered or a request is retried., retries, dead-letter queueDead-letter queueA queue for messages/tasks that could not be processed after all retries. They are handled manually so that no order is lost when an integration fails., alerts, audit log.
:::tip Responsibility boundary A simple rule: read/edit data → via the Directus API; money, external systems, order status transitions → via the adapter. Prices and final totals are computed on the server (adapter), we do not trust the client. :::
Security
- RBACRBACRole-Based Access Control — access management based on roles. Permissions are granted to a role (Company Admin, Brand Admin, Restaurant Manager) rather than to each user individually. + tenant isolation on
brand_id(Directus policies / checks in the adapter). No Brand Admin request should ever return another brand's data. - JWT + refresh tokens (Directus out of the box).
- TLS everywhere; secrets in environment variables.
- Mollie webhooks — signature verification; idempotent handlers.
- Audit log of admin actions (who created a brand, changed a price, cancelled an order).
Hosting (recommendation)
| Component | Where | Note |
|---|---|---|
| Storefront/admins (Nuxt) | Vercel | SSR + edge |
| PostgreSQL | Neon | managed, preview branches |
| Directus + adapter | Hetzner VPS (Docker) | cheap, under control |
| Files | S3-compatible (or MinIO) | menu images |
What's next
- Data model — entities and ER diagram.
- Integrations — Liefersoft and Mollie in detail.