Consult Transaction Revamp
Technology Stack
Consult Transaction Revamp
Summary
Complete overhaul of the shipment creation flow, migrating critical pricing and calculation logic from frontend to a secure, high-performance Golang backend. This initiative eliminated calculation vulnerabilities and ensured data integrity across all transaction types.
Project Impact
Context & Requirements
The existing shipment creation flow had critical vulnerabilities:
- Client-side Calculations: Pricing computed on frontend, vulnerable to manipulation
- Inconsistent Results: Different calculation results between web and mobile apps
- No Audit Trail: Difficult to trace how final prices were determined
- Performance Issues: Complex calculations slowing down user experience
Business Requirements:
- Eliminate pricing manipulation vulnerabilities
- Ensure 100% consistency across all platforms
- Maintain sub-second response times
- Full audit trail for all transactions
Architecture
Secure Transaction Flow
Tech Stack:
| Component | Technology | Purpose |
|---|---|---|
| Calculation Engine | Golang | High-performance, type-safe calculations |
| Database | MongoDB | Flexible document storage for all transactions |
| Caching | Redis | Rate data caching, session management |
| Container | Docker | Containerized deployment |
| CI/CD | Jenkins | Automated build and deployment pipeline |
Key Decisions & Tradeoffs
Why Backend-Sided Calculations?
| Approach | Pros | Cons |
|---|---|---|
| Frontend (Old) | Fast UI feedback | Vulnerable, inconsistent |
| Backend (New) | Secure, authoritative | Requires network call |
Our Solution: Hybrid approach with backend verification
Migrated all pricing calculations from client-side JavaScript to a secure Golang backend, eliminating the possibility of price manipulation and ensuring consistent results across all platforms.
Why Golang?
Selected Golang for the calculation engine because:
- Performance: Compiled language with excellent concurrency support
- Type Safety: Strong typing prevents calculation errors at compile time
- Standard Library: Built-in support for precise decimal calculations
- Deployment: Single binary, easy to deploy and scale
Implementation Highlights
1. Calculation Engine
Built a robust calculation service with:
- Consistent Price Format: Standardized decimal handling library to ensure uniform price representation across all transaction types
- Rule Engine: Configurable pricing rules without code changes
- Rate Versioning: Historical rates preserved for auditing
type Calculator struct {
rateRepo RateRepository
ruleEngine *RuleEngine
auditLogger *AuditLogger
}
func (c *Calculator) Calculate(req CalculationRequest) (CalculationResult, error) {
// Get current rates
rates, err := c.rateRepo.GetActiveRates(req.ServiceType)
if err != nil {
return CalculationResult{}, err
}
// Apply all applicable rules
result := c.ruleEngine.Apply(req, rates)
// Log for audit
c.auditLogger.LogCalculation(req, result)
return result, nil
}
2. Validation Layer
Comprehensive input validation:
- Weight Limits: Per service type constraints
- Distance Calculation: Server-side geocoding verification
- Service Availability: Real-time route checking
3. Audit System
Complete transaction traceability:
- Every calculation logged with full context
- Immutable audit records in separate database
- Dispute resolution with historical data
Results & Metrics
Before vs After Comparison
Key Achievements:
- Eliminated 100% of pricing manipulation vulnerabilities
- Maintained consistent sub-second response time — reliable and secure with all logic moved to BE
- Zero pricing disputes due to calculation errors
- Full audit trail for regulatory compliance
- Consistent pricing across web, iOS, and Android
Team Leadership
Directly led a core team of 3 engineers, with cross-functional collaboration across 10+ stakeholders — mobile developers, QA engineers, Product Manager, and Product Owner — to ensure the backend migration aligned with requirements across all platforms and teams.
- Design and document the new architecture
- Implement the Golang calculation service
- Migrate existing transactions without downtime
- Establish monitoring and alerting across all platforms
What I Would Improve
Future improvements planned:
- Real-time Rate Updates: Push-based rate changes without redeployment
- ML-based Fraud Detection: Identify suspicious patterns automatically
- Multi-currency Support: Dynamic exchange rate calculations
- Load Testing: More comprehensive performance benchmarks
Lessons Learned
"Security-critical calculations should never trust client input. Always verify on the backend, even if it seems redundant."
This project reinforced the importance of "trust but verify" - while we still show estimated prices on the frontend for UX, the authoritative calculation always happens on the server.
Related Projects
Explore more of my work
