Kamal Joshi
0

Kamal Joshi

full-stack engineer · 2nd year CSE (AI&ML)

I'm a second-year student at GBPIET who ships production-grade full-stack apps — not just CRUD. I've built an e-commerce platform with Razorpay, RBAC, and refresh-token rotation, and a real-time chat app with Socket.IO presence, emoji reactions, and media sharing. I care deeply about security, performance, and clean architecture.

GitHub Email +91 79061 97202
Languages
JavaScriptTypeScript PostgreSQL
Frontend
React.jsNext.jsRedux ToolkitRTK QueryZustandTailwind CSSShadcn UI
Backend
Node.jsExpress.jsSocket.IOREST APIs
Databases
MongoDBPostgreSQLRedis
Security
JWTOAuth 2.02FARBACCSRFXSS PreventionRate LimitingHelmet
Tools
GitCloudinaryMulterRazorpayVercelRenderPostmanWinstonMorgan
Concepts
MongoDB TransactionsIndexingCursor PaginationDebouncingLazy LoadingSSR / SSG / ISRSEOSkeleton Loading
BookKart LIVE
Full-stack e-commerce platform with separate customer & seller portals, real payments, and enterprise-grade security.
Next.jsTypeScriptRTK QueryExpress.jsMongoDBRedis

Access & Refresh Tokens: Access tokens are stored in application memory (Zustand state) to defend against XSS, while refresh tokens are stored in secure, HTTP-only, and SameSite cookies.

Silent Rotation: Axios interceptors capture 401 Unauthorized responses automatically. Upon capture, the client triggers a refresh request to obtain a new access token and then transparently replays the failed request, preventing session interruption.

State & Cache: Migrated traditional state-based data fetching to RTK Query endpoints, reducing boilerplate and consolidating network state management.

Caching & Invalidation: Built automated query cache management with declarative tags (e.g., ['Books', 'Cart']), ensuring the UI updates automatically across pages after seller updates or checkouts.

Zero Latency: Mutates UI state instantly when users add or remove products from wishlists/carts before backend confirmation is received.

Smart Fallback: If the API request fails due to network issues, RTK Query's onQueryStarted catches the rejection and automatically rolls back the cache state to its pre-mutated value.

Federated Sign-In: Integrated Google OAuth 2.0 authorization code flow, generating secure accounts verified by Google.

Two-Factor Auth: Supports Time-based One-Time Passwords (TOTP) using standard authenticator apps (e.g., Google Authenticator). The backend handles QR-code generation and cryptographic secret storage.

Granular Access: Enforces dashboard, route, and endpoint authorization matching permissions (Customer, Seller, Admin) at the route level.

UI Adaptation: Conditionally renders dashboards, upload menus, and inventory metrics depending on the signed-in user's role, validated by token payloads.

Secure Checkout: Standardized payment flow by generating orders on the backend, launching the Razorpay modal, and verifying signatures.

Signature Verification: Uses SHA256 HMAC cryptographic signatures on the backend webhook to confirm success, protecting against payment spoofing attempts.

ACID Transactions: Utilizes MongoDB sessions during order checkouts to perform multi-document modifications (deducting stock, clearing cart, creating order) atomically.

Index Optimization: Implemented compound index profiles on active search terms, seller IDs, and category listings to optimize search execution speeds.

Latency Reduction: Caches dynamic product catalogs and filter configurations in memory using Redis to avoid expensive database query executions.

Cache Invalidation: Standardized write-through invalidation models, purging corresponding cache segments automatically on product edits or deletion.

Comprehensive Hardening: Configured Helmet to establish secure HTTP response headers, preventing clickjacking and MIME sniffing.

Rate Limiting & CSRF: Implemented IP-based request limits using express-rate-limit to thwart DDoS / brute-force attempts, alongside double-submit cookie validations for state-changing endpoints.

Infinite Scroll Stability: Built cursor-based pagination utilizing object identifiers to ensure stable results, avoiding skip-offsets during items insert/delete operations.

Debouncing: Captures keystrokes and runs search queries only after a 300ms pause, minimizing backend query execution volume.

Hydration & Paint Optimizations: Built custom CSS skeleton loaders to reduce layout shifts (CLS), improving perceived performance.

Rendering Strategies: Configured Next.js static generation (SSG) for static landing pages, server-side rendering (SSR) for real-time dashboards, and Incremental Static Regeneration (ISR) to refresh product details pages asynchronously.

Asset Ingestion: Processes multipart form-data via Multer, parsing files locally before uploading to Cloudinary.

Cloud Management: Formats, resizes, and compresses files dynamically inside Cloudinary transformation pipelines before delivery, improving response times.

WhisperNet LIVE
Real-time messaging platform with 6+ live features, media sharing, emoji reactions, and end-to-end presence tracking.
React.jsSocket.IOZustandNode.jsMongoDBCloudinaryTailwind CSSYupReact Hook Form

Real-Time Coordination: Implemented bidirectional WebSocket channels using Socket.IO. Tracks active socket connections, broadcasts key user status indicators, and handles dynamic typing indicators.

Unread Messages: Computes unread balances dynamically for closed direct channels, decrementing increments automatically on channel viewport focus.

Message Tracking: Emits message status updates (sent, delivered, read) in real-time.

Read Triggering: Broadcasts read-state signals upon chat viewport rendering, updating the corresponding records instantly in MongoDB.

Lightweight Store: Manages current user profile metadata, dynamic message listings, and current room selections in localized memory.

Performance: Leverages Zustand selectors to trigger UI re-renders only on specific state updates, avoiding standard React context rendering overhead.

Form Performance: Integrates React Hook Form to construct forms without excessive input re-renders.

Validation Schemas: Enforces client-side validation using declarative Yup schemas, rendering helpful error messages before submission.

Multipart Transmissions: Uploads rich attachment documents (images, PDFs, text logs) to secure folders.

Inline Rendering: Classifies file types dynamically, loading preview templates inline for media assets or download blocks for compressed formats.

Reactions: Implements a sub-document reaction structure inside the message schema. Socket broadcasts sync addition or removal of reactions in real-time.

Actions: Provides context menus for actions like copying text to the clipboard or performing soft deletes of chat lines.

Secured Transmissions: Uses JWT authorization headers to authorize incoming Socket.IO handshake connections, preventing unauthenticated connection establishment.

CORS Isolation: Restricts API and WS endpoints exclusively to the verified domain names via cors options.

Govind Ballabh Pant Institute of Engineering & Technology
B.Tech in Computer Science Engineering (AI & ML) · CGPA: 7.73
Pauri, Uttarakhand
2024 – 2028
🏆
Reliance Foundation Scholar
Merit-based scholarship awarded by Reliance Foundation for academic excellence.