Barcody is a professional, high-performance monorepo designed for scanning, managing, and analyzing barcodes at scale. Built with Next.js 16, NestJS 11, and Tailwind CSS v4, it provides a seamless cross-platform experience with real-time data synchronization and advanced analytics.
- π± Cross-Platform Scanning: High-performance mobile application for instant precision scanning.
- π Advanced Analytics: Real-time insights and data visualization for scanned assets.
- π Dual Dashboards: Specialized interfaces for both End Users and Administrators.
- π Secure Auth: Seamless integration with Google OAuth 2.0.
- π Universal Support: Full compatibility with QR codes, UPC, EAN, and more.
- π¨ Elite UI: Stunning dark-mode interface built with Tailwind CSS v4 and Shadcn UI.
- π Real-time Updates: Socket.io integration for instant data synchronization.
- π³ Docker Ready: Fully containerized architecture for effortless deployment.
The end-user experience optimized for speed and clarity.
| Feature | Preview |
|---|---|
| Modern Landing |  |
| Precision Scanning |  |
| Activity History |  |
Comprehensive management suite for system administrators.
| Module | Preview |
|---|---|
| Overview Console |  |
| Control Center |  |
| Intelligence Lab |  |
| User Governance |  |
| Global Audit |  |
- Frameworks: Next.js 16, NestJS 11
- Frontend: React 19, Tailwind CSS v4, Shadcn UI
- Mobile: React Native
- Backend: Node.js 22, TypeScript
- Database: PostgreSQL, Redis
- ORM: TypeORM
- Real-time: Socket.io
- API Docs: Swagger/OpenAPI
- Containerization: Docker
- Private Networking: Tailscale
Barcody uses a hybrid setup: Docker for services (Database, Redis, Tailscale Sidecars) and either Docker or local Node.js for the applications.
Ensure you have the following installed:
- Node.js 22+
- Docker and Docker Compose
- Git
git clone https://github.com/nishan-paul-2022/barcody-barcode-scanner-for-anything
cd barcody-barcode-scanner-for-anythingCreate your environment configuration in both the app-backend and app-web directories:
cp app-backend/.env.example app-backend/.env
cp app-web/.env.example app-web/.envEssential settings for the application server.
- Backend: Update
app-backend/.envwith your secrets. - Web App: Update
app-web/.envwith the API URL. - Hash Secret: Run
openssl rand -hex 32and paste intoANALYTICS_HASH_SECRETinapp-backend/.env.
To enable user login, you must set up Google OAuth in the Google Cloud Console.
- Authorized Redirect URI:
http://localhost:3000/api/auth/callback/google
Choose the method that fits your needs:
Runs the apps locally with hot-reloading enabled, connected to the Dockerized database and Tailscale proxies. Best for active coding.
make devRuns the entire application suite in Docker containers.
make upOptimized production deployment via Docker.
make buildLocal access points:
- Web App: http://localhost:3000
- Admin Dashboard: http://localhost:3001
- API Docs: http://localhost:3002/api/docs
Barcody uses Tailscale to create a secure, private network (Tailnet) so you can access all services remotely over HTTPS without exposing anything to the public internet. The stack uses a Sidecar Architecture β each service gets its own Tailscale container with a dedicated subdomain and automatic SSL certificate.
| Without Tailscale | With Tailscale |
|---|---|
Services only accessible on localhost |
Access from any device, anywhere |
| No HTTPS in development | Automatic HTTPS via Let's Encrypt |
| Requires port forwarding / reverse proxy | Zero-config private networking |
| Backend exposed publicly | Backend stays fully private |
- Go to tailscale.com and click "Get Started for Free".
- Sign in with Google (or your preferred SSO provider).
- Complete onboarding β your account creates a private Tailnet automatically.
Run the official one-line install script on your Linux machine:
curl -fsSL https://tailscale.com/install.sh | shAuthenticate your machine and join your Tailnet:
sudo tailscale upA login link will appear in your terminal. Open it in your browser and approve the device. Once done, verify your machine has a Tailscale IP:
tailscale ip -4
# Expected output: 100.x.x.xLog in to the Tailscale Admin Console and configure the following:
Settings β DNS β MagicDNS β Enable
This allows devices on your Tailnet to reach each other by hostname (e.g., barcody.your-tailnet.ts.net) instead of raw IP addresses.
Settings β DNS β HTTPS Certificates β Enable
This allows Tailscale to issue automatic SSL certificates from Let's Encrypt for your Tailnet hostnames.
Go to the Machines tab β Click the
...menu next to your PC β Rename
Give your development machine a clean, short name (e.g., kai). This becomes part of your domain: barcody.kai.ts.net.
Settings β Keys β Generate Auth Key
This key allows Docker containers to join your Tailnet automatically (non-interactively).
| Setting | Value |
|---|---|
| Type | Reusable |
| Pre-authorized | β Yes |
| Expiry | Set to your preference |
Copy the generated key β it starts with tskey-auth-....
Open the root .env file and add your Tailscale auth key:
# .env (root of the project)
TS_AUTHKEY=tskey-auth-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXThe Tailscale sidecar containers read JSON config files from infra/tailscale/ to know which domain and port to serve. You need to update these with your own Tailnet domain.
Your Tailnet domain follows the pattern: <machine-name>.<tailnet-name>.ts.net
Find your exact domain in the Tailscale Admin Console β click your machine β copy the full MagicDNS name.
Update all three serve config files:
infra/tailscale/app-web.json β Web App (port 3000)
{
"TCP": { "443": { "HTTPS": true } },
"Web": {
"barcody.<your-tailnet>.ts.net:443": {
"Handlers": {
"/": { "Proxy": "http://web:3000" }
}
}
},
"AllowFunnel": {
"barcody.<your-tailnet>.ts.net:443": false
}
}infra/tailscale/app-admin.json β Admin Dashboard (port 3001)
{
"TCP": { "443": { "HTTPS": true } },
"Web": {
"admin-barcody.<your-tailnet>.ts.net:443": {
"Handlers": {
"/": { "Proxy": "http://app-admin:3001" }
}
}
},
"AllowFunnel": {
"admin-barcody.<your-tailnet>.ts.net:443": false
}
}infra/tailscale/app-backend.json β Backend API (port 3002)
{
"TCP": { "443": { "HTTPS": true } },
"Web": {
"api-barcody.<your-tailnet>.ts.net:443": {
"Handlers": {
"/": { "Proxy": "http://app-backend:3002" }
}
}
},
"AllowFunnel": {
"api-barcody.<your-tailnet>.ts.net:443": false
}
}Local dev variants: For
make devmode (apps run locally, not in Docker), use the-localvariants ininfra/tailscale/β they proxy tohost.docker.internalinstead of Docker service names.
When the web and admin containers are built, they need to know the Tailscale API URL at build time. Open docker-compose.yml and update the build args:
# docker-compose.yml β web service
args:
- NEXT_PUBLIC_API_URL=https://api-barcody.<your-tailnet>.ts.net/api/v1
# docker-compose.yml β app-admin service
args:
- NEXT_PUBLIC_API_URL=https://api-barcody.<your-tailnet>.ts.net/api/v1Start the full stack (including Tailscale sidecars):
make dev # Local dev with Tailscale proxies
# or
make up # Full Docker stackWait ~2 minutes for the Tailscale containers to register with the network and fetch SSL certificates. Then verify:
# Check that the web sidecar received its SSL certificate
docker logs barcody-barcode-scanner-for-anything-ts-web-1
# Look for: cert("barcody..."): got cert
# Check API sidecar
docker logs barcody-barcode-scanner-for-anything-ts-api-1
# Look for: cert("api-barcody..."): got certOnce running, your services are accessible at:
| Service | URL |
|---|---|
| π Web App | https://barcody.<your-tailnet>.ts.net |
| π‘οΈ Admin Dashboard | https://admin-barcody.<your-tailnet>.ts.net |
| βοΈ Backend API | https://api-barcody.<your-tailnet>.ts.net/api/v1 |
| π API Docs | https://api-barcody.<your-tailnet>.ts.net/api/docs |
Access all services from your phone or any other device using the Tailscale app.
- iOS: Search for Tailscale in the App Store and install it.
- Android: Search for Tailscale in the Google Play Store and install it.
- Open the Tailscale app on your phone.
- Tap Sign in and use the same account you used to create your Tailnet.
- Toggle the VPN switch to ON.
In the Tailscale Admin Console, rename your phone to something like mobile for easy identification.
Open your browser on mobile and navigate to the full Tailscale URL:
- Web App:
https://barcody.<your-tailnet>.ts.net - Admin:
https://admin-barcody.<your-tailnet>.ts.net
Troubleshooting Tips:
- Always use the full HTTPS URL β do not omit the
https://prefix.- If a URL fails to load, toggle Tailscale OFF β ON on your phone to refresh the MagicDNS list.
- If you see a "Not Secure" warning, wait ~2 minutes for the sidecar to obtain its SSL certificate, then retry.
By default, all services are private (Tailnet only). To temporarily expose a service to the public internet, use the Makefile shortcuts:
# Enable public access for all services
make funnel-on
# Disable public access (back to Tailnet only)
make funnel-off
β οΈ Warning: Funnel makes your services publicly accessible on the internet. Only enable this for demos or testing, and always disable it afterward withmake funnel-off.
Your Device (Tailscale ON)
β
β Tailnet (encrypted WireGuard)
β
βββββββββΌββββββββββββββββββββββββββββββββββββββββββ
β Docker Stack β
β β
β ββββββββββββ ββββββββββββ ββββββββββββ β
β β ts-web β β ts-admin β β ts-api β β
β β sidecar β β sidecar β β sidecar β β
β β :443 SSL β β :443 SSL β β :443 SSL β β
β ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ β
β β β β β
β ββββββΌββββββ ββββββΌββββββ ββββββΌββββββββ β
β β app-web β β app-adminβ βapp-backend β β
β β :3000 β β :3001 β β :3002 β β
β ββββββββββββ ββββββββββββ ββββββββββββββ β
β β
β ββββββββββββ ββββββββββββ β
β β postgres β β redis β β
β β :5432 β β :6379 β β
β ββββββββββββ ββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
Each app is paired with a dedicated Tailscale sidecar container that:
- Registers a unique hostname on the Tailnet (e.g.,
barcody,admin-barcody,api-barcody) - Manages SSL certificate issuance automatically via Let's Encrypt
- Acts as a reverse proxy, forwarding HTTPS traffic to the app container on the internal Docker network
Barcody is engineered for continuous reliability. Every update to the codebase undergoes an automated deployment journey:
- Continuous Integration: GitHub Actions automatically run quality checks and security audits on every push to the repository.
- Automated Builds: Upon merging to the
mainbranch, production-optimized Docker images are automatically built and pushed to the GitHub Container Registry (GHCR). - Seamless Deployment: A secure, automated pipeline triggers the production server to pull the latest images and refresh the services instantly, ensuring zero-downtime-ready updates.
- Reliable Persistence: The deployment architecture is designed to handle database migrations and persist critical data safely across automated updates.
This automated pipeline guarantees that the production environment always reflects the latest stable version of the application.
| Command | Description |
|---|---|
make dev |
Start local development (Apps local + DB & Tailscale in Docker) |
make up |
Start full Docker environment |
make build |
Build and start production containers |
make down |
Stop all containers |
make restart |
Restart all containers |
make refresh |
Deep rebuild (use when dependencies change) |
make logs |
Tail logs from all containers |
make funnel-on |
Enable public internet access via Tailscale Funnel |
make funnel-off |
Disable public access (Tailnet-only mode) |
Built with β€οΈ by KAI