{"id":5781,"date":"2026-06-19T15:01:38","date_gmt":"2026-06-19T08:01:38","guid":{"rendered":"https:\/\/daiilynews.cu.ma\/?p=5781"},"modified":"2026-06-19T15:01:38","modified_gmt":"2026-06-19T08:01:38","slug":"building-a-multi-vendor-marketplace-from-scratch-lessons-from-30000-lines-of-react","status":"publish","type":"post","link":"https:\/\/daiilynews.cu.ma\/?p=5781","title":{"rendered":"Building a Multi-Vendor Marketplace From Scratch: Lessons From 30,000 Lines of React"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<p>By Faiz Ullah \u2014 Full-Stack Developer &#038; Founder of DG Technology<\/p>\n<p>Most &#8220;build an e-commerce site&#8221; tutorials stop at a product list and a cart. They don&#8217;t deal with the actual hard part: three different types of humans \u2014 customers, sellers, and admins \u2014 all needing their own secure space inside the same app, talking to each other in real time, without ever stepping on each other&#8217;s data.<\/p>\n<p>That&#8217;s what I set out to build with Ecommerce, a multi-vendor marketplace that grew to over 30,000 lines of React. Here&#8217;s what I learned engineering it.<\/p>\n<p>  The Real Challenge: Three Apps in One<\/p>\n<p>A single-vendor store is one application. A multi-vendor marketplace is really three applications sharing a database:<\/p>\n<p>Customers browse, buy, and chat with sellers<\/p>\n<p>Sellers manage their own storefront, fulfill orders, and request payouts<\/p>\n<p>Admins oversee everyone \u2014 approving sellers, resolving disputes, releasing payouts<\/p>\n<p>The temptation is to bolt all three onto one App.js with a bunch of if (userType === &#8216;admin&#8217;) checks scattered everywhere. That gets unmanageable fast. Instead, I built three fully independent authentication systems, each with its own protected route guard:<\/p>\n<p>Route element={ProtectedCustomerRoute \/>}>&#8230;Route><br \/>\nRoute element={ProtectedSellerRoute \/>}>&#8230;Route><br \/>\nRoute element={ProtectedAdminRoute \/>}>&#8230;Route><\/p>\n<p>    Enter fullscreen mode<\/p>\n<p>    Exit fullscreen mode<\/p>\n<p>Each guard checks its own session state independently. A seller session can never accidentally leak into the admin view, even if someone tries to manipulate the URL directly.<\/p>\n<p>  Real-Time Chat Without a Custom Server<\/p>\n<p>I wanted buyers and sellers to message each other live \u2014 no page refresh, no polling. Rather than standing up a WebSocket server, I leaned on Firestore&#8217;s real-time listeners, which turned out to be the right call for a project this size:<\/p>\n<p>onSnapshot(query(messagesRef, orderBy(&#8216;timestamp&#8217;)), (snapshot) => {<br \/>\n  \/\/ UI updates instantly as new messages arrive<br \/>\n});<\/p>\n<p>    Enter fullscreen mode<\/p>\n<p>    Exit fullscreen mode<\/p>\n<p>This single pattern powers chat, unread-message counts, and live presence \u2014 all without me managing a single socket connection.<\/p>\n<p>  The Presence Problem<\/p>\n<p>Showing whether a seller is &#8220;online&#8221; sounds trivial until you actually build it. A simple isOnline: true flag breaks the moment someone closes their laptop without logging out \u2014 they stay &#8220;online&#8221; forever.<\/p>\n<p>The fix is a heartbeat pattern: the seller&#8217;s client writes a lastSeen timestamp every few seconds while the tab is active, and stops the moment the tab closes or loses visibility:<\/p>\n<p>document.addEventListener(&#8216;visibilitychange&#8217;, () => {<br \/>\n  if (document.hidden) stopHeartbeat();<br \/>\n  else startHeartbeat();<br \/>\n});<\/p>\n<p>    Enter fullscreen mode<\/p>\n<p>    Exit fullscreen mode<\/p>\n<p>Anyone viewing the seller&#8217;s profile just checks: was the last heartbeat recent? No server-side cron job needed, no stale &#8220;online&#8221; ghosts.<\/p>\n<p>  Media at Scale: Don&#8217;t Make Your Database Hold Images<\/p>\n<p>Early on I made the rookie mistake of storing image data directly. That doesn&#8217;t scale \u2014 Firestore documents have size limits, and serving large base64 blobs kills load times.<\/p>\n<p>The fix was routing all uploads through Cloudinary, using unsigned upload presets so the API secret never has to live in client-side code:<\/p>\n<p>formData.append(&#8216;upload_preset&#8217;, cloudinaryConfig.uploadPreset);<br \/>\nconst res = await fetch(`https:\/\/api.cloudinary.com\/v1_1\/${cloudName}\/upload`, {<br \/>\n  method: &#8216;POST&#8217;, body: formData<br \/>\n});<\/p>\n<p>    Enter fullscreen mode<\/p>\n<p>    Exit fullscreen mode<\/p>\n<p>Cloudinary then handles resizing, format conversion, and CDN delivery \u2014 the database only ever stores a URL.<\/p>\n<p>  The Payout Problem Nobody Talks About<\/p>\n<p>Letting sellers earn money is the easy half. Letting them withdraw it safely is the half that actually matters. I built a dedicated WithdrawalRequestsManager so that:<\/p>\n<p>A seller requests a withdrawal<br \/>\nThe request enters a pending queue \u2014 funds are not released automatically<br \/>\nAn admin reviews and approves it manually before money moves<\/p>\n<p>This manual checkpoint is deliberate. Automating payouts sounds efficient until the first fraud attempt \u2014 a human review step at the money boundary is the cheapest fraud prevention you can build.<\/p>\n<p>  What I&#8217;d Tell Someone Building Their First Marketplace<\/p>\n<p>Separate your three user types from day one. Retrofitting role isolation onto a single auth system later is painful.<\/p>\n<p>Use your database&#8217;s real-time features before reaching for a custom server. Firestore&#8217;s listeners replaced what would have been a whole separate real-time service.<\/p>\n<p>Never store binary media where structured data lives. Offload it to dedicated media infrastructure immediately.<br \/>\nPut a human checkpoint wherever money actually leaves the system.<\/p>\n<p>  The Stack<\/p>\n<p>Layer<br \/>\nTechnology<\/p>\n<p>Frontend<br \/>\nReact, React Router<\/p>\n<p>UI<br \/>\nMaterial UI (MUI)<\/p>\n<p>Database<br \/>\nFirebase Firestore<\/p>\n<p>Auth<br \/>\nFirebase Authentication<\/p>\n<p>Realtime DB<br \/>\nFirebase Realtime Database (presence)<\/p>\n<p>Media<br \/>\nCloudinary<\/p>\n<p>Faiz UllahFull-Stack Developer \u00b7 Founder of DG Technology\ud83c\udf10 faizullah.pk \u00b7 \ud83d\udcbb github.com\/faizullahpk\/multivendor-marketplace<\/p>\n<p>If you&#8217;re building something with multiple user roles and real-time data, I&#8217;d love to hear about it \u2014 follow along for more on shipping real-world full-stack systems.<\/p>\n<p><br \/>\n<br \/><a href=\"https:\/\/dev.to\/faizullahpk\/building-a-multi-vendor-marketplace-from-scratch-lessons-from-30000-lines-of-react-22ch\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Faiz Ullah \u2014 Full-Stack Developer &#038; Founder of DG Technology Most &#8220;build an e-commerce site&#8221; tutorials stop at a product list and a cart. They don&#8217;t deal with the actual hard part: three different types of humans \u2014 customers, sellers, and admins \u2014 all needing their own secure space inside the same app, talking [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5782,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[676],"tags":[761,765,762,763,764,1221,1567,2029,760],"class_list":["post-5781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-ai","tag-coding","tag-community","tag-development","tag-engineering","tag-inclusive","tag-react","tag-reactnative","tag-refactorit","tag-software"],"_links":{"self":[{"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/posts\/5781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5781"}],"version-history":[{"count":0,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/posts\/5781\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=\/wp\/v2\/media\/5782"}],"wp:attachment":[{"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daiilynews.cu.ma\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}