8814600
Евгений@8814600
Израиль
36 лет6 часов в сервисе

Frontend

  • Web: React, TypeScript, Vite, React Router, Zustand/Jotai, Tailwind CSS

  • Mobile Web / PWA: Responsive-first, offline support, biometric auth (WebAuthn)

  • Telegram Mini Apps: Telegram WebApp SDK, tRPC, secure iframe communication

  • UI/UX Principles: Minimalist, privacy-first, WCAG-compliant, multi-language (i18n)

🔹 Mobile Development

  • Cross-platform: React Native (with Expo for rapid prototyping)

  • Native capabilities: Biometric authentication (Face ID / Touch ID / Android BiometricPrompt), secure keychain storage

  • Deep integrations: In-app browser for 3DS, QR code scanner for 2FA setup

🔹 Backend

  • Language: Node.js (TypeScript), Express / Fastify

  • APIs: RESTful + tRPC (for type-safe client-server contracts)

  • Authentication: JWT + httpOnly cookies, rate limiting, brute-force protection

  • 2FA: TOTP (Google Authenticator), QR/manual setup, biometric confirmation, tempToken flow (2-min expiry)

🔹 Security & Compliance

  • Data Protection: AES-GCM encryption (at rest), PBKDF2 for key derivation

  • Secrets Management: .env excluded from Git, secrets via Docker secrets / Vault

  • Standards: OWASP Top 10 (9/10 covered), PCI DSS-aligned architecture

  • Hardening: CSP headers, XSS/CSRF protection, secure cookie policies, input sanitization

  • Auditability: Full logging (without PII), immutable audit trails

🔹 Infrastructure & DevOps

  • Containerization: Docker (multi-service: frontend, backend, mini-app, worker)

  • Orchestration: Docker Compose (local), Kubernetes-ready (cloud)

  • CI/CD: GitHub Actions (test → build → deploy with zero-downtime strategy)

  • Monitoring: Custom log review (part of morning routine), error tracking

🔹 Database & Storage

  • Primary DB: PostgreSQL (relational, ACID-compliant)

  • Data Modeling: Normalized schema, encrypted card PAN/CVV (never stored raw)

  • Caching: Redis (session store, rate limiting)

🔹 Blockchain & Crypto

  • Supported Asset: USDT (TRC20 only)

  • Wallets: User-specific TRON addresses (auto-generated on payment success)

  • Integrations: Float, third-party P2P exchanges (via deep links)

  • Analytics: Custom wallet activity checker (BSC/TRON), heuristic analysis scripts

🔹 Internationalization & Localization

  • Languages: English, Hebrew, Arabic (UAE), Turkish, Kazakh, Kyrgyz, Uzbek, Ukrainian, Hindi, Indonesian

  • Detection: IP-based language/currency auto-detection

  • Currencies: 16 fiat + USDT support

🔹 Banking & Payments

  • Live Integrations: Alpha Bank API

  • Planned: Banks

  • Use Case: Secure virtual card issuance, real-time balance, transaction history

🔹 Testing & Quality

  • Coverage: High test coverage (Jest, React Testing Library, Cypress)

  • Security Tests: SAST/DAST scans, dependency audits

  • Philosophy: “No env leaks, no raw secrets, no untested auth flows”