Skip to content

RAGHU-SJCE/finance-backend

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Finance Backend API

Overview

This backend system is built to manage financial records with role-based access control. It allows users to create, view, update, and delete records based on their role.

Features

  • User authentication using JWT
  • Role-based access (Admin and Viewer)
  • Create, read, update, delete financial records
  • Filter records by type and category
  • Dashboard summary (income, expenses, balance)
  • Input validation and error handling

Tech Stack

  • Node.js
  • Express.js
  • MongoDB (Mongoose)
  • JWT Authentication

API Endpoints

Auth

  • POST /api/auth/register
  • POST /api/auth/login

Records

  • POST /api/records (Admin only)
  • GET /api/records
  • GET /api/records?type=expense
  • GET /api/records/summary
  • PUT /api/records/:id (Admin only)
  • DELETE /api/records/:id (Admin only)

Access Control

  • Admin: Full access
  • Viewer: Read-only access

Setup Instructions

  1. Clone the repository
  2. Run npm install
  3. Create .env file: MONGO_URI=your_mongodb_connection JWT_SECRET=your_secret
  4. Run npm run dev

Notes

This project focuses on backend logic, API design, and access control.

How to Use

  1. Register a user with role (admin or viewer)

  2. Login to get JWT token

  3. Use the token in Authorization header: Authorization: Bearer

  4. Admin can:

    • Create records
    • Update records
    • Delete records
  5. Viewer can:

    • View their own financial records (user-specific data)
    • View summary based on their own records
  6. Use query parameters for filtering:

    • /api/records?type=income
    • /api/records?category=food

Example: POST /api/records Authorization: Bearer Body: { "amount": 500, "type": "expense", "category": "food" }

How It Works

  • The request is received by the Express server
  • Routes direct the request to the appropriate controller
  • Middleware verifies JWT token and user role
  • Controller processes the request and interacts with MongoDB
  • Response is sent back to the client

Authentication Flow:

  • User logs in → server generates JWT token
  • Token is sent in headers for protected routes
  • Middleware verifies token and extracts user information

Data Flow: Client → Routes → Middleware → Controller → Database → Response

Highlights

  • Clean separation of concerns using routes, controllers, and middleware
  • Role-based access control implemented using custom middleware
  • Secure authentication using JWT and password hashing
  • Passwords are securely hashed using bcrypt before storing in database
  • User-specific data handling (records linked to logged-in user)
  • Input validation and proper error handling

Future Improvements

This project can be further enhanced with the following improvements:

  • Role Enhancement

    • Introduce additional roles such as Analyst with access to global data
    • Restrict role assignment during registration (only admin can assign roles)
  • Advanced Access Control

    • Allow analysts/viewers to view all records for better dashboard insights
    • Implement fine-grained permissions (read/write per resource)
  • Pagination & Performance

    • Add pagination for large datasets (e.g., limit, skip)
    • Optimize queries for better performance
  • Search & Filtering

    • Add advanced filtering (date range, multiple categories)
    • Implement search functionality for records
  • Dashboard Enhancements

    • Category-wise analytics
    • Monthly/weekly trends
    • Graph-ready API responses
  • Security Improvements

    • Use refresh tokens for better authentication handling
    • Store JWT secret securely using environment management
    • Add rate limiting to prevent abuse
  • Validation Enhancements

    • Use validation libraries (e.g., Joi or express-validator)
    • Strong schema validation for all inputs
  • Soft Delete

    • Instead of deleting records permanently, mark them as inactive
  • API Documentation

    • Add Swagger or Postman documentation for easier usage
  • Testing

    • Add unit and integration tests for reliability
  • Deployment

    • Deploy backend using services like Render or AWS
    • Add environment-based configuration (development/production)

Conclusion

This project demonstrates a structured approach to backend development, including authentication, authorization, data management, and API design. It can be further extended into a production-ready system with the improvements listed above. This project reflects my understanding of backend development concepts such as authentication, authorization, and data handling.

About

Backend API for financial record management with JWT authentication and role-based access control.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors