Modern e-commerce platform with WhatsApp & Telegram bot integration, dynamic QRIS payment, and automated notifications.
- Product Management - Categories, variants, stock tracking
- Shopping Cart - Session-based cart system
- Order Processing - Invoice generation, order tracking
- Admin Panel - Complete dashboard for store management
- Blog System - Built-in CMS for content marketing
- SEO Optimized - Meta tags, sitemap, structured data
- Dynamic QRIS - Real-time QR code generation with unique amounts
- Payment Webhook - Auto-detect payment completion
- Multiple Payment Methods - Ready for expansion
- Automated Invoicing - Email & WhatsApp notifications
- WhatsApp Bot - Browse, search, checkout via WhatsApp
- Telegram Bot - Interactive inline keyboard interface
- QRIS Direct Sending - QR code sent directly in chat
- 24/7 Automation - Auto-response, order tracking
- Payment Notifications - Instant WhatsApp alerts on successful payment
- Email Notifications - SMTP integration (Gmail, SendGrid, etc.)
- WhatsApp Notifications - Auto-send on payment success
- Admin Alerts - New order, low stock notifications
- Customer Engagement - Order updates, download links
- Rate Limiting - DDoS protection, API throttling
- CSRF Protection - Secure forms and AJAX requests
- IP Whitelist - Admin access control
- Session Management - Secure encrypted sessions
- Input Sanitization - SQL injection & XSS prevention
- PM2 Process Management - Auto-restart, monitoring, clustering
- Node.js v16+ and npm
- Python 3.8+ (for QRIS service)
- PM2 (for production deployment)
- SQLite3 (included)
- Chromium (for WhatsApp bot)
-
Clone the repository
git clone https://github.com/raistech/rsastore.git cd rsastore -
Install Node.js dependencies
npm install
-
Install Python dependencies
pip3 install -r requirements.txt
-
Configure environment
cp .env.example .env nano .env # Edit with your configuration -
Initialize database
node database.js
-
Create uploads directory
mkdir -p uploads/products mkdir -p uploads/blog mkdir -p logs
-
Start development server
# Development mode npm start # Production mode with PM2 pm2 start ecosystem.config.js pm2 save
-
Access the application
- Website: http://localhost:3000
- Admin Panel: http://localhost:3000/admin/login
- Default Credentials: Check
.envfile
Edit .env file with your settings:
PORT=3000
NODE_ENV=production
BASE_URL=http://yourdomain.com
SESSION_SECRET=generate-random-string-hereGenerate secure secrets:
# For SESSION_SECRET
openssl rand -base64 32
# For WEBHOOK_API_KEY
openssl rand -hex 32For Gmail:
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@gmail.com
SMTP_PASS=your-app-password # Not your regular password!How to get Gmail App Password:
- Go to Google Account Settings
- Security β 2-Step Verification (enable if not enabled)
- App passwords β Generate new
- Copy the 16-character password
For SendGrid:
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASS=your-sendgrid-api-keyGet QRIS Base String from your payment provider:
- Bank Indonesia
- DANA
- OVO
- GoPay
- LinkAja
- Or any QRIS-supporting provider
QRIS_BASE_STRING=00020101021126680016COM.NOBU...
QRIS_SERVICE_URL=http://localhost:3001Install Chromium (required):
# Ubuntu/Debian
sudo apt update && sudo apt install -y chromium-browser
# Or use snap
sudo snap install chromiumEnable in Admin Panel:
- Login to admin panel
- Go to Bot Settings
- Enable WhatsApp Bot
- Scan QR code with WhatsApp app
- Done! Bot is now active
Get Bot Token:
- Open Telegram, search
@BotFather - Send
/newbotcommand - Follow instructions
- Copy the token
Configure:
TELEGRAM_BOT_TOKEN=1234567890:ABCdefGHIjklMNOpqrsTUVwxyzOr configure via Admin Panel β Bot Settings
βββββββββββββββββββββββββββββββββββββββββββββββ
β RSA Store Platform β
βββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββ΄ββββββββββββ
β β
Main Server QRIS Service
(Node.js) (Python)
Port 3000 Port 3001
β β
βββββββββββββββββββββββββ€
β β
Bot Services Database
β (SQLite)
βββββ΄βββββ
β β
WhatsApp Telegram
Bot Bot
Port 3002 Built-in
Backend:
- Node.js + Express.js
- SQLite3 (database)
- Python (QRIS service)
- PM2 (process manager)
Bots:
- whatsapp-web.js (WhatsApp)
- node-telegram-bot-api (Telegram)
Frontend:
- EJS (templating)
- Vanilla JavaScript
- CSS3
Libraries:
- axios (HTTP client)
- qrcode (QR generation)
- nodemailer (email)
- express-rate-limit (security)
- winston (logging)
rsastore/
βββ server.js # Main server entry point
βββ database.js # Database schema & initialization
βββ ecosystem.config.js # PM2 process configuration
βββ package.json # Node.js dependencies
βββ requirements.txt # Python dependencies
β
βββ routes/
β βββ routes-admin.js # Admin panel routes
β βββ routes-products.js # Product & shop routes
β βββ routes-blog.js # Blog/CMS routes
β
βββ bot-whatsapp.js # WhatsApp bot implementation
βββ bot-telegram.js # Telegram bot implementation
βββ bot-controller.js # Shared bot logic
β
βββ qris-service.py # QRIS QR code generator
β
βββ auth.js # Authentication middleware
βββ email.js # Email service
βββ logger.js # Winston logger configuration
βββ sanitize.js # Input sanitization
βββ utils.js # Utility functions
β
βββ views/ # EJS templates
β βββ partials/ # Reusable components
β βββ admin/ # Admin panel views
β βββ shop/ # Shop pages
β βββ blog/ # Blog pages
β
βββ public/ # Static assets
β βββ css/
β βββ js/
β βββ images/
β
βββ uploads/ # User uploaded files
β βββ products/ # Product images & files
β βββ blog/ # Blog images
β
βββ logs/ # Application logs
β
βββ docs/ # Documentation
β βββ BOT_SETUP.md
β βββ WHATSAPP_NOTIFICATION.md
β βββ PM2_MANAGEMENT.md
β
βββ .env # Environment configuration (not in repo)
pm2 start ecosystem.config.js
pm2 save
pm2 startuppm2 list
pm2 monit# All logs
pm2 logs
# Specific service
pm2 logs rsastore-main
pm2 logs rsastore-whatsapp-bot
pm2 logs rsastore-telegram-bot# Restart all
pm2 restart ecosystem.config.js
# Restart specific
pm2 restart rsastore-mainpm2 stop ecosystem.config.js
pm2 delete ecosystem.config.jsnode -e "
const {sendTestEmail} = require('./email');
sendTestEmail('your-email@gmail.com')
.then(() => console.log('β
Email sent!'))
.catch(err => console.error('β Error:', err));
"curl -X POST http://localhost:3001/generate-qris \
-H "Content-Type: application/json" \
-d '{"base_string":"YOUR_BASE_STRING","amount":50000}'Admin Panel β Bot Settings β Test WhatsApp Notification
curl -X POST http://localhost:3000/webhook/payment \
-H "Content-Type: application/json" \
-H "X-API-Key: your-webhook-key" \
-d '{"amountDetected":50123}'menu - Show main menu
1 - View catalog
2 - Search products
3 - Check order
4 - Help
Customer Flow:
- Customer sends "menu" to WhatsApp
- Bot shows product catalog
- Customer browses and selects product
- Bot sends QRIS QR code in chat
- Customer scans and pays
- Auto-notification on payment success
All interactions via inline keyboard buttons:
- ποΈ View Catalog
- π Search Products
- π¦ Check Order
- β Help
- [β ] Change default admin password
- [β ] Use strong SESSION_SECRET
- [β ] Enable HTTPS/SSL
- [β ] Configure firewall (UFW/iptables)
- [β ] Set up rate limiting
- [β ] Enable CSRF protection
- [β ] Regular database backups
- [β ] Keep dependencies updated
- [β ] Monitor logs regularly
- [β ] Use environment variables (never hardcode secrets)
# Database backup
cp rsastore.db rsastore.db.backup-$(date +%Y%m%d)
# Full backup
tar -czf rsastore-backup-$(date +%Y%m%d).tar.gz \
--exclude='node_modules' \
--exclude='whatsapp-session' \
--exclude='logs' \
.1. Port already in use
# Find process using port
lsof -ti:3000
# Kill process
kill -9 $(lsof -ti:3000)2. WhatsApp bot not connecting
# Check chromium installation
which chromium-browser
# Install if missing
sudo apt install chromium-browser
# Restart bot
pm2 restart rsastore-whatsapp-bot3. Email not sending
- Check SMTP credentials
- Verify app password (not regular password)
- Check firewall allows SMTP port (587/465)
- Test with
npm run test-email
4. QRIS not generating
# Check Python service
pm2 logs rsastore-qris
# Restart service
pm2 restart rsastore-qris5. Database locked
# Check for processes using database
lsof rsastore.db
# Restart application
pm2 restart rsastore-mainlogs/main-out.log # Main server output
logs/main-error.log # Main server errors
logs/qris-out.log # QRIS service
logs/whatsapp-bot-out.log # WhatsApp bot
logs/telegram-bot-out.log # Telegram bot
-
Enable PM2 Cluster Mode
// ecosystem.config.js instances: 'max', exec_mode: 'cluster'
-
Database Optimization
node create-indexes.js
-
Enable Compression
const compression = require('compression'); app.use(compression());
-
CDN for Static Assets
- Use Cloudflare, AWS CloudFront, or similar
- Offload images, CSS, JS
-
Monitor Performance
pm2 monit pm2 install pm2-logrotate
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create feature branch (
git checkout -b feature/AmazingFeature) - Commit changes (
git commit -m 'Add AmazingFeature') - Push to branch (
git push origin feature/AmazingFeature) - Open Pull Request
- Follow existing code style
- Write meaningful commit messages
- Test before submitting PR
- Update documentation if needed
This project is licensed under the MIT License - see LICENSE file for details.
RSA Store Team
- whatsapp-web.js - WhatsApp bot library
- node-telegram-bot-api - Telegram bot library
- Express.js - Web framework
- PM2 - Process management
- Documentation: Check
docs/folder - Issues: Open GitHub issue
- Email: support@araii.id
- β¨ Added WhatsApp bot integration
- β¨ Added Telegram bot integration
- β¨ Added QRIS direct sending in chat
- β¨ Added payment notification system
- β¨ Added bot test feature with HTTP API
- π Fixed category delete bug
- π Fixed markdown parsing in Telegram
- π Comprehensive documentation
- π Initial release
- β¨ E-commerce core features
- β¨ QRIS payment integration
- β¨ Admin panel
- β¨ Email notifications
Made with β€οΈ for modern e-commerce