The Problem
Building a marketplace with two distinct user roles (renters and landlords) on a single backend is architecturally messier than it sounds. The challenge is keeping the permission model clean - a renter should never touch a listing they don't own, and a landlord should never see another landlord's private data.
What I Built
Designed a JWT-based auth system with role claims baked into the token, then built route-level middleware that gates API endpoints by role. Separate React UIs for renters and landlords share a single Express backend - no code duplication, clear permission boundaries.
JWT with role claims - the token carries whether the user is a renter or landlord. Express middleware reads the claim and gates routes accordingly. Simpler than RBAC tables for two roles, and easier to reason about.
MongoDB compound queries for property search across location, price range, and amenities. Indexed the fields used in filter combinations - without indexes, compound queries on a growing collection get slow fast.
Two React apps, one backend. The landlord interface covers listing creation, editing, and inquiry management. The renter interface covers search, filtering, saved properties, and inquiry sending. Shared components where sensible, separate routing trees where not.
What Happened
Dual-role auth working cleanly - role claims in JWT, middleware at route level
Advanced property search with compound MongoDB queries across location, price, and amenities
Renter and landlord UIs sharing one backend with zero endpoint cross-contamination
In the Wild