About Me

Hi, I'm Nirajan

Software Engineer & Web Developer

Co-founder at Lingo Tech Solutions, building scalable web platforms and digital solutions for growing businesses. I build Next.js SEO optimized websites for global startups — brands, websites & apps that rank on Google and AI search and generate leads.

Currently pursuing BSc. (Hons) in Software Engineering, I combine academic knowledge with practical experience to deliver high-quality web solutions for international clients.

Connect with me:

Nirajan Dhungel - Software Engineer
Journey

Work Experience

Lingo Tech Solutions logo

Co-founder & CTO

Software Development & IT Consulting
2025 – Present
Lalitpur, Nepal

Key Achievements:

  • Co-founded a software development and IT consulting company delivering web, mobile, and SEO solutions.
  • Led architecture and full-stack development using modern technologies (React, Next.js, Node.js).
  • Built and deployed production websites and business systems for clients.
  • Managed product planning, performance optimization, and scalable deployment.
  • Contributed to UI/UX, SEO strategy, and technical decision-making.
Nepal Tourism Board logo

Quality Assurance

Internship
2025
Kathmandu, Nepal

Key Achievements:

  • Led development of multiple web applications using React and Node.js
  • Implemented CI/CD pipelines reducing deployment time by 50%
  • Mentored junior developers and conducted code reviews
  • Collaborated with cross-functional teams to deliver high-quality solutions
Academic

Education & Qualifications

University of Bedfordshire logo

BSc. (Hons) in Software Engineering

In Progress
University of Bedfordshire
2024 - 2027
PCPS College
First Class Honours Track

Pursuing with honors. Focused on software engineering and AI/ML.

Visit Institution Website
National Examinations Board logo

School Leaving Certificate (SLC)

Completed
National Examinations Board
2022 - 2024
V. S. Niketan College
3.71 GPA

Completed 10+2 (Science Stream) under NEB, Nepal, with a GPA of 3.71.

Visit Institution Website
Featured Project
Futsmandu logo

Futsmandu

Full-Stack SaaS · Production

A production multi-tenant futsal booking platform running 12 Docker containers on a single VPS — foue distinct API servers (Admin, Player, Owner and Chat Service) each with their own async Worker, backed by Postgres advisory locks for concurrency-safe slot reservations and dual eSewa payment flows for native app-to-app checkout.

Sole architect, backend engineer, and DevOps. Designed the booking engine, payment integration, real-time chat microservice, and the entire container orchestration from scratch.

Tech Stack

NestJSPostgreSQLPrismaRedisBullMQSocket.IODocker ComposeNginxCloudflareFail2Ban · UFWeSewa IntenteSewa Web v2Firebase FCM12 Containers

12

Docker Containers

5

Booking Defence Layers

2

eSewa Payment Flows

01

Infrastructure & DevOps

12 Docker containers on a single VPS — every service isolated, independently deployable, with zero single point of failure at the application layer.

  • 3-stage multi-stage Dockerfile (deps → builder → runner) — no TypeScript compiler or dev tools in the final image
  • Nginx is the only container with host ports 80/443; all internal traffic is plain HTTP on Docker's virtual network
  • Cloudflare in front: VPS IP hidden, DDoS absorbed, SSL at edge — Nginx trusts Cloudflare IP ranges for X-Forwarded-For
  • Fail2Ban monitors Nginx logs and bans IPs after repeated 4xx/5xx or brute-force patterns on auth endpoints
  • CI/CD via GHCR — migrate container runs as a one-shot before any API starts, then exits cleanly

Traffic Flow — Internet to App

Cloudflare

DDoS Protection · CDN · SSL at Edge

Nginx

Reverse Proxy · TLS Termination · Rate Limiting

Fail2Ban · UFW

IP Banning · Host Firewall · Port 22/80/443 only

12 Docker Containers

API · Worker · PostgreSQL · Redis

02

Booking Engine

A 5-layer double-booking prevention system that runs cheapest-first — from pure in-memory validation all the way down to Postgres advisory locks and range-overlap queries.

  • pg_try_advisory_xact_lock(court:date:time) — serializes concurrent identical requests, auto-released on transaction end, zero deadlock risk
  • Slots held for 3 minutes with PENDING_PAYMENT status; BullMQ job auto-expires stale holds
  • booking_meta JSONB written once at holdSlot(), read at confirmPayment() — immutable single source of truth
  • Range overlap query: start_time < endTime AND end_time > startTime catches any partial overlap on HELD/PENDING/CONFIRMED rows

5-Layer Defence — Cheapest First

01

Date Guards

UTC-normalized past/future validation — zero DB hits

02

User Eligibility

Reliability score · ban_until · suspension check

03

Active Hold Guard

Player cannot hold 2+ slots in parallel — SELECT check

04

Postgres Advisory Lock

pg_try_advisory_xact_lock(court:date:time) — auto-released, zero deadlock

05

Range Overlap Query

start_time < endTime AND end_time > startTime — catches partial overlaps

03

eSewa Payment — Dual Flow

Two production payment integrations sharing the same security model: the server is always the price authority, HMAC verified before any DB write.

  • Web v2 (ePay): HMAC-SHA256 over total_amount + transaction_uuid + product_code; base64 decode + HMAC verify on redirect
  • Intent API: native deep-link to eSewa app, MPIN/biometric auth, futsmandu:// scheme returns control to Flutter
  • Atomic claim via updateMany WHERE status IN [INITIATED, PENDING] prevents concurrent verify race — 409 Conflict on contention
  • Idempotency keys on all payment upserts guard against duplicate webhook replays

Dual Payment Flow

eSewa

eSewa Web v2

Browser / WebView flow

HMAC-SHA256(amount + uuid + product_code)
form-POST to eSewa → redirect back
base64 decode response → HMAC verify
confirmPayment() on success
eSewa

eSewa Intent API

Native deep-link · no WebView · MPIN auth

initiateIntent() → receives deeplink + correlation_id
MPIN / biometric auth in native eSewa app
eSewa redirects via futsmandu:// deep-link
Atomic claim → verifyIntent() → confirmPayment()
All amounts sourced from DB — client-supplied amounts never used in signing or verification
04

Real-Time Chat

Dedicated NestJS microservice with Socket.IO, Redis Pub/Sub for horizontal scaling, and a dual-secret JWT guard re-validated on every message event.

  • Two dedicated Redis connections per instance — shared pub client + isolated sub client (Redis protocol mandates this separation)
  • @socket.io/redis-adapter broadcasts room events across all server instances for true horizontal scale
  • Presence system: 30s Redis TTL + 10s app heartbeat to keep TTL alive; redis.del() on disconnect — no TTL wait
  • Inbox Room pattern: every user is auto-joined at connect so new chat initiations reach users before they open the chat
  • Firebase FCM push via BullMQ — HTTP returns immediately, FCM delivery is fully async in the worker process

Chat Architecture

Redis Pub/Sub

Horizontal scaling across server instances via @socket.io/redis-adapter

Dual JWT Auth

PLAYER_JWT_SECRET + OWNER_JWT_SECRET — re-validated on every message event

Presence System

Redis TTL 30s + 10s app heartbeat. redis.del() on disconnect — no TTL wait

Firebase FCM

Async push via BullMQ — HTTP returns immediately, FCM delivered in worker

Connection Lifecycle

connect→ auth → join inbox room → setOnline(Redis)
auto-join→ all active chat rooms → emit presence_update
disconnect→ redis.del() immediately → presence: false
05

Async Queue Architecture

BullMQ decouples every async operation from the HTTP path — each domain has its own worker process with an independent retry strategy and independent scaling.

  • Booking expiry, push notifications, email delivery, analytics aggregation, payment reconciliation — all queue-driven
  • Slow admin export jobs cannot delay critical player booking confirmations — domain isolation enforces this
  • Workers are independently scalable: player-worker ×3 without touching admin or owner workers
  • SchedulerService registers BullMQ repeatable jobs on startup for scheduled recurring tasks

Domain-Isolated Workers — BullMQ / Redis

player-worker

Booking ExpiryFCM PushEmail Delivery

owner-worker

SettlementAnalytics AggregationFCM Push

admin-worker

Reports ExportAudit LoggingPayment Reconciliation

chat-worker

FCM DeliveryDelivery Receipts

↑ Slow admin export jobs cannot delay critical player booking confirmations. Workers are independently scalable.

Key Engineering Takeaway

Every design decision here — Postgres advisory locks over app-level mutexes, immutable JSONB booking_meta, domain-isolated workers, atomic concurrent-verify claims — was driven by correctness under concurrency, not convenience. This is what production looks like.

All Projects

Support & FAQ

HAVE QUESTIONS?
FIND ANSWERS.

Everything you need to know about starting your digital journey in Nepal. If your question isn't here, feel free to reach out.

FAQ Illustration

As a Software Engineer Freelancer in Nepal, I offer comprehensive digital solutions including professional website development, mobile app development, UI/UX design, and SEO services. My team and I focus on building custom, performance-oriented applications that drive business growth.

Still have questions?

Can't find what you're looking for? Let's talk directly.