Enterprise CRM Live

WingShield CRM

A full-featured CRM built from the ground up for a ballistics-grade door manufacturer — pipeline management, task scheduling, staff access control, and hardened production infrastructure.

Node.jsReactPostgreSQLDockerNginx2FA / TOTPDigitalOceanExpressJWTSSL

Background

WingShield manufactures ballistic-resistant doors and architectural security products. They needed a CRM tailored to their sales workflow — tracking leads through a multi-stage pipeline, managing follow-up tasks, and giving their team a central place to operate. Off-the-shelf tools didn't fit, so I built one.

Sales Pipeline

The core of the CRM is a Kanban-style pipeline board. Deals move through stages — Lead, Qualified, Proposal, Negotiation, Closed Won / Closed Lost — with probability scores and expected close dates attached. Every change is tracked.

  • Drag-and-drop deal cards between pipeline stages
  • Deal value, probability, and close date per card
  • Real-time pipeline value totals per stage
  • Full edit and delete with confirmation prompts

Task Management

A full task system sits alongside the pipeline, letting staff log calls, emails, meetings, demos, and follow-ups. Tasks link to deals and contacts so nothing falls through the cracks.

  • Create, edit, complete, and delete tasks
  • Filter by open, completed, or all
  • Priority levels and due dates
  • Drag-and-drop calendar — move tasks across days in month view, or to different times in day/week view

Security & Access Control

Built with real enterprise security in mind. Every staff account goes through email + password authentication with TOTP-based two-factor authentication via QR code scan on first login.

  • TOTP 2FA — QR code setup, verified on every login
  • Role-based access — standard staff vs IT admin
  • Audit log restricted to IT admin only — every action timestamped and attributed
  • Session management with force-logout capability
  • Brute force lockout after failed login attempts

Infrastructure

The entire application is Dockerized and deployed on DigitalOcean. Nginx sits in front as a reverse proxy with a hardened config — rate limiting on auth endpoints, strict SSL (TLS 1.2/1.3 only), HSTS, security headers, and connection limits. Certbot handles SSL with auto-renewal.

  • Docker Compose orchestrating frontend, backend, and PostgreSQL
  • Nginx with rate limiting zones, gzip, and security headers
  • SSL with Let's Encrypt, auto-renewing via cron
  • Database backups with CSV export of sensitive-stripped data

Key achievement

Delivered a production-grade CRM with enterprise security features — 2FA, audit logging, hardened Nginx — that a real business runs on daily.

Project Details

TypeEnterprise CRM
ClientWingShield
StatusLive in Production
RoleSole Developer

Stack

BackendNode.js, Express
FrontendReact
DatabasePostgreSQL
AuthJWT, TOTP 2FA
InfraDocker, Nginx, DigitalOcean