Deep Koluguri
e0fdc1d93d
|
||
|---|---|---|
| .. | ||
| node_modules | ||
| src | ||
| .env | ||
| .gitignore | ||
| API_DOCUMENTATION.md | ||
| README.md | ||
| WHATSAPP_AND_REMINDERS_IMPLEMENTATION_STATUS.md | ||
| WHATSAPP_USAGE_EXAMPLES.md | ||
| create-db.js | ||
| env.example | ||
| migrate-commission-field.js | ||
| package-lock.json | ||
| package.json | ||
| setup-and-test.bat | ||
| setup-and-test.sh | ||
| simple-test.js | ||
| test-api.js | ||
| test-available-users.js | ||
| test-db-connection.js | ||
| test-db.js | ||
README.md
LuckyChit Backend API
Backend API for LuckyChit - Digital Chit Fund Management Platform
Features
- Authentication & Authorization: JWT-based authentication with role-based access control
- User Management: Create and manage users (managers and members)
- Database: PostgreSQL with Sequelize ORM
- Security: Helmet, CORS, Rate limiting, Input validation
- Logging: Morgan for HTTP logging
Tech Stack
- Runtime: Node.js
- Framework: Express.js
- Database: PostgreSQL
- ORM: Sequelize
- Authentication: JWT (jsonwebtoken)
- Security: bcrypt, helmet, cors
- Validation: Built-in Sequelize validation
Prerequisites
- Node.js (v16 or higher)
- PostgreSQL (v12 or higher)
- npm or yarn
Installation
-
Clone the repository
git clone <repository-url> cd backend -
Install dependencies
npm install -
Environment Setup
cp env.example .envEdit
.envfile with your configuration:NODE_ENV=development PORT=3000 # Database Configuration DB_HOST=localhost DB_PORT=5432 DB_NAME=luckychit DB_USER=postgres DB_PASSWORD=your_password # JWT Configuration JWT_SECRET=your-super-secret-jwt-key JWT_EXPIRES_IN=24h # CORS Configuration ALLOWED_ORIGINS=http://localhost:8080 -
Database Setup
-- Create database CREATE DATABASE luckychit; -- Create user (if needed) CREATE USER postgres WITH PASSWORD 'your_password'; GRANT ALL PRIVILEGES ON DATABASE luckychit TO postgres; -
Run the application
# Development mode npm run dev # Production mode npm start
API Endpoints
Authentication
POST /api/auth/login
Login with mobile number and password.
Request Body:
{
"mobile_number": "9999999999",
"password": "password123"
}
Response:
{
"success": true,
"message": "Login successful",
"data": {
"token": "jwt_token_here",
"user": {
"id": "uuid",
"mobile_number": "9999999999",
"full_name": "Test User",
"role": "manager",
"is_active": true
}
}
}
POST /api/auth/create-member (Manager only)
Create a new member account.
Headers:
Authorization: Bearer <jwt_token>
Request Body:
{
"mobile_number": "8888888888",
"full_name": "John Doe"
}
Response:
{
"success": true,
"message": "Member created successfully",
"data": {
"user": {
"id": "uuid",
"mobile_number": "8888888888",
"full_name": "John Doe",
"role": "member"
},
"tempPassword": "abc12345"
}
}
GET /api/auth/profile
Get current user profile.
Headers:
Authorization: Bearer <jwt_token>
PUT /api/auth/profile
Update user profile.
Headers:
Authorization: Bearer <jwt_token>
Request Body:
{
"full_name": "Updated Name"
}
PUT /api/auth/change-password
Change user password.
Headers:
Authorization: Bearer <jwt_token>
Request Body:
{
"current_password": "old_password",
"new_password": "new_password"
}
Health Check
GET /health
Check API health status.
Response:
{
"success": true,
"message": "LuckyChit API is running",
"timestamp": "2024-01-01T00:00:00.000Z",
"environment": "development"
}
Database Models
User
id(UUID, Primary Key)mobile_number(String, Unique)full_name(String)password_hash(String)role(Enum: 'manager', 'member')created_by(UUID, Foreign Key to User)is_active(Boolean)last_login(Date)
ChitGroup
id(UUID, Primary Key)name(String)total_value(Decimal)monthly_installment(Decimal)duration_months(Integer)max_members(Integer)foreman_commission_percentage(Decimal)draw_date(Integer)status(Enum: 'forming', 'active', 'completed')manager_id(UUID, Foreign Key to User)
GroupMember
id(UUID, Primary Key)group_id(UUID, Foreign Key to ChitGroup)user_id(UUID, Foreign Key to User)joined_date(Date)status(Enum: 'active', 'inactive', 'removed')total_paid(Decimal)total_won(Decimal)
Payment
id(UUID, Primary Key)group_id(UUID, Foreign Key to ChitGroup)user_id(UUID, Foreign Key to User)month(Integer)year(Integer)amount(Decimal)payment_method(Enum: 'upi', 'bank_transfer', 'cash', 'cheque')transaction_id(String)status(Enum: 'pending', 'success', 'failed', 'cancelled')paid_at(Date)
MonthlyDraw
id(UUID, Primary Key)group_id(UUID, Foreign Key to ChitGroup)month(Integer)year(Integer)draw_date(Date)eligible_members(JSONB)winner_id(UUID, Foreign Key to User)prize_amount(Decimal)server_seed(String)server_seed_hash(String)client_seed(String)nonce(BigInt)result_hash(String)status(Enum: 'pending', 'completed', 'cancelled')
Development
Scripts
# Start development server with nodemon
npm run dev
# Start production server
npm start
# Run tests
npm test
Project Structure
src/
├── config/
│ └── database.js # Database configuration
├── controllers/
│ └── authController.js # Authentication controller
├── middleware/
│ └── auth.js # Authentication middleware
├── models/
│ ├── User.js # User model
│ ├── ChitGroup.js # ChitGroup model
│ ├── GroupMember.js # GroupMember model
│ ├── Payment.js # Payment model
│ ├── MonthlyDraw.js # MonthlyDraw model
│ └── index.js # Model associations
├── routes/
│ └── auth.js # Authentication routes
└── server.js # Main server file
Security Features
- JWT Authentication: Secure token-based authentication
- Password Hashing: bcrypt for password security
- CORS Protection: Configurable CORS settings
- Rate Limiting: Prevent abuse with request limiting
- Helmet: Security headers
- Input Validation: Sequelize model validation
- SQL Injection Protection: Sequelize ORM protection
Error Handling
The API uses a centralized error handling system:
- 400: Bad Request (validation errors)
- 401: Unauthorized (authentication required)
- 403: Forbidden (insufficient permissions)
- 404: Not Found (resource not found)
- 429: Too Many Requests (rate limit exceeded)
- 500: Internal Server Error (server errors)
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
License
This project is licensed under the ISC License.