project://ewaa-hotel-booking-frontend

[02/08]

enterprise

LIVE

Hotel Booking Frontend

Next.js 16 Enterprise Booking Platform with SSR Caching & Observability

Next.js 16React 19TypeScript 5Tailwind CSS 4.0ZustandFramer MotionGSAPHeadless UIEmbla CarouselZodjoseProtocol Buffers@bufbuild/protobufTap Payments SDKRedisTurbopackJest 30Playwright

// Overview

A production-grade, multi-language hotel booking frontend built with Next.js 16 and React 19. The application provides a complete booking experience from hotel search to payment processing, with full RTL support for Arabic and Urdu markets. SEO optimization with JSON-LD structured data, server-side caching with Redis, and observability through structured logging ensure production reliability. Integrates securely with the Laravel backend via signed requests and Protocol Buffers for optimized data transfer. A modular component library and comprehensive API layer support 6 locales with strict TypeScript throughout. The booking flow uses a state machine pattern ensuring invalid states are impossible at compile time. Real-time booking status streaming provides live progress feedback during checkout. Server-side caching leverages Next.js "use cache" directives with cacheTag() and cacheLife() for granular control, backed by Redis distributed cache with graceful in-memory fallback when Redis is unavailable. Cross-tab session validation uses the Visibility API for session integrity checks, client fingerprinting for rate limiting, and queueMicrotask()-based cross-store synchronization between Auth, Session, and Profile Zustand stores. Structured JSON logging with request correlation IDs powers observability. A custom hooks library covering timers, responsive behavior, body scroll locking, outside click detection, keyboard interactions, input debouncing, and persistent storage provides reusable utilities with consistent API patterns. Profile management supports multi-step editing with nationality and document management. Booking history displays paginated lists with timeline views and status filtering. GSAP-powered animations enhance visual transitions while maintaining accessibility compliance.

// On this page

→ Features
→ Architecture

✦✦✦✦✦✦✦✦Features✦✦✦✦✦✦✦✦

Key Features

Major features and technical achievements.

[01]

Multi-Step Checkout Flow

State machine-driven booking process

Type-safe booking states preventing invalid transitions
Real-time booking status streaming via Server-Sent Events
Multiple payment methods: cards, digital wallets, regional payments, BNPL
Device-aware payment flows for mobile vs desktop
Idempotent booking submission with Redis-cached duplicate prevention

[02]

Server-Side Caching with Graceful Degradation

Multi-layer caching with automatic fallback

Next.js "use cache" directives with cacheTag() and cacheLife() for granular control
Redis distributed cache for sessions, booking state, and hotel data
Automatic in-memory fallback when Redis is unavailable
Background Redis reconnection with automatic promotion on recovery
Tag-based cache invalidation for selective content refresh

[03]

SEO & Structured Data Engine

Dynamic JSON-LD schemas with comprehensive meta generation

JSON-LD schemas for Hotel, Product, BreadcrumbList, and FAQPage types
Dynamic meta tag generation with OpenGraph images per page
Automated sitemap generation and robots.txt configuration
Canonical URL management preventing duplicate content issues
Per-locale SEO optimization with hreflang tags

[04]

Cross-Tab Session Validation

Visibility API-based session integrity with fingerprinting

Visibility API detects tab focus changes triggering session checks
Client fingerprinting combining browser attributes for device identification
Cross-store synchronization via queueMicrotask() between Auth, Session, and Profile stores
Progressive security enforcement from soft warnings to forced logout
Rate limiting tied to client fingerprint for abuse prevention

[05]

Security Architecture

Multi-layer security implementation

Cryptographically signed API requests with replay prevention
Secure ID encoding to prevent enumeration attacks
Cross-site request forgery protection
Rate limiting with progressive lockout
Session fingerprint validation across browser tabs

[06]

Observability & Error Tracking

Structured logging with error boundary recovery

Structured JSON logging with request correlation IDs
Performance timing for API calls and page transitions
Three-tier error boundary hierarchy: app, route, and component level
Categorized error types with automatic retry logic for transient failures
Error recovery strategies including retry, reset, and navigation fallback

[07]

Hotel Search & Discovery

Real-time hotel search with comprehensive filtering

Real-time search with location, dates, and guest configuration
Dynamic filtering, sorting, and pagination
Room type selection with pricing breakdown and extras
Image carousels with RTL-aware navigation using Embla Carousel
Skeleton loading states for perceived performance

[08]

Profile Management System

Multi-step profile editing with validation

Multi-step profile editing with progress tracking
Nationality and travel document management
Preference management for room types, communication, and notifications
Optimistic updates with automatic rollback on failure
Form validation with Zod schemas for type-safe input handling

[09]

Internationalization System

Full multi-language support with RTL

6 supported locales: English, Arabic, Spanish, Urdu, German, French
Full RTL layout support for Arabic and Urdu
Dynamic font loading per locale
Country-specific phone validation

[10]

Authentication System

Passwordless OTP-based authentication

Passwordless OTP-based login
Protected state management preventing race conditions via mutex
Session caching with automatic refresh
Protected route middleware

[11]

Booking History & Details

Paginated booking management with real-time status

Paginated booking list with status filtering and search
Detailed booking view with visual timeline of booking stages
Real-time status updates for active bookings
Receipt and invoice display with download capability
Booking modification and cancellation flows

[12]

Custom Hooks Library

Reusable hooks with consistent API patterns

Countdown timers for OTP verification and session expiry with pause/resume
Responsive breakpoint detection and body scroll locking for modal behavior
Outside click detection and keyboard shortcut handling for accessible interactions
Input debouncing for search optimization and API call reduction
Persistent storage abstraction for user preferences with SSR safety

════════Architecture════════

System Design

Architectural patterns and design decisions.

Presentation

→ Pages (Server)
→ Components (Client)
→ Loaders

Application

→ Hooks
→ State Stores
→ State Machines

Service

→ API Client
→ Server Fetchers
→ Data Caching

Infrastructure

→ Request Signing
→ Binary Parsing
→ Session Store

1/3

System Architecture

Design Patterns

Booking State Machine

Type-Safe Flow Control

Each booking state carries only relevant data. Invalid state transitions prevented at compile time through discriminated union types. States: IDLE → VALIDATING → SUBMITTING → STREAMING → SUCCESS/ERROR → REDIRECTING.

Idempotent Booking Submission

Redis-Cached Duplicate Prevention

Redis-cached idempotency keys prevent duplicate booking submissions on network retries. Each request carries a unique idempotency key checked against Redis before execution. Duplicate requests receive the cached response without re-executing the booking pipeline.

Cross-Store Synchronization

queueMicrotask Coordination

Auth, Session, and Profile Zustand stores synchronize through queueMicrotask() to avoid cascading re-renders. Auth events trigger coordinated updates across all three stores in a single microtask tick, ensuring UI consistency without race conditions.

Session Fingerprint Validation

Cross-Tab Security Enforcement

Client fingerprint generation combines browser attributes for device identification. Visibility API detects tab focus changes triggering fingerprint comparison with server records. Mismatches force session re-validation with progressive enforcement from soft warnings to forced logout.

Cache Graceful Degradation

Redis with In-Memory Fallback

Primary Redis distributed cache with automatic fallback to in-memory cache when Redis is unavailable. Connection health checked before each operation. Background retry loop attempts Redis reconnection. Recovery automatically promotes back to Redis without service interruption.

Mutex Pattern

Race Condition Prevention

Concurrent requests queue for lock acquisition. Only one operation executes at a time, preventing duplicate submissions and ensuring atomic operations in authentication and profile update flows.

Server/Client Separation

Security Boundary

Request signing, binary data parsing, token validation, and ID encoding happen exclusively on the server via API routes. Client components handle only UI interactions, events, and animations.

Secure API Communication

Cryptographic Request Signing

Requests include method, path, body, timestamp, and unique ID combined and cryptographically signed. Replay attacks prevented through time-based and unique identifier validation.

SEO Structured Data Generation

Dynamic JSON-LD Injection

Page route detection determines content type (Hotel, Room, Search, FAQ). Appropriate JSON-LD schemas (Hotel, Product, BreadcrumbList, FAQPage) generated dynamically. Combined with OpenGraph meta tags, canonical URLs, and sitemap generation for comprehensive SEO coverage.

Error Boundary Hierarchy

Layered Error Recovery

Three-tier error boundary system: app-level catches catastrophic failures with full-page recovery, route-level handles page errors with navigation fallback, component-level provides inline recovery for isolated failures. Each tier has specific recovery strategies including retry, reset, and navigate.

Content Negotiation

Dual Format Support

Format negotiator parses Accept header. Protocol Buffers provide 40-60% smaller payloads for mobile clients. Same data optimized for different use cases.

Secure ID Transformation

Enumeration Prevention

Internal IDs never appear in URLs or client-side code. Tokens are typed and time-limited with cryptographic signatures. URL-safe tokens used in public routes.

Result Pattern

Type-Safe Error Handling

Every operation returns either Success (with data and metadata) or Failure (with error type, message, and retry flag). No exceptions, explicit handling of both paths.

Event Streaming

Real-Time Booking Updates

Server-Sent Events provide real-time progress during booking creation. Automatic reconnection on network issues. Status updates: Validating → Processing → Payment → Confirmed.

Custom Hook Composition

Layered Reusable Abstractions

Three-tier hook architecture: React primitives compose into utility hooks handling debouncing, responsive breakpoints, outside click detection, keyboard shortcuts, and persistent storage. Utility hooks further compose into domain-specific feature hooks for booking, authentication, and search flows. Consistent API patterns with cleanup and SSR safety across all layers.

← Back to all projects