Secure Web Banking Application

Project Overview

The Secure Web Banking Application is a web-based system that allows users to sign up, verify their phone number via SMS, log in, view their account balance, view recent transactions, and send money to other registered users. The application adheres to industry best practices, utilizing modern technologies and frameworks to ensure security, scalability, and maintainability.

Requirements

1. User Authentication and Authorization:

   • Sign-up with email, password, and phone number.
   • Phone number verification using a one-time passcode (OTP) sent via SMS.
   • Secure sign-in with JWT authentication.
   • Protected dashboard accessible only after authentication.

2. Transactions:

   • View account balance (randomly assigned upon sign-up for demo purposes).
   • View recent transactions.
   • Send money to other registered users by email.
   • Validate sufficient balance and recipient existence before processing transactions.

3. Technology Stack:

   • Frontend: Angular with TypeScript.
   • Backend: Node.js with Express.js.
   • Database: MongoDB.
   • SMS Service: Twilio (or a free alternative).
   • API Documentation: Swagger.
   • Containerization: Docker.
   • Orchestration: Kubernetes for microservices.
   • Deployment: AWS (Amazon Web Services) with local deployment via Docker Compose.

4. Additional Tools:

   • UI Design: Figma for implementing the provided designs.
   • Version Control: Git.

Main Entities

User:

Attributes:

• userId: Unique identifier for each user.
• email: User's email address.
• password: Hashed password for authentication.
• phoneNumber: User's phone number.
• isVerified: Boolean indicating if the phone number has been verified.
• balance: Current account balance.
• createdAt: Timestamp when the account was created.

Transaction:

Attributes:

• transactionId: Unique identifier for each transaction.
• senderEmail: Email address of the sender.
• receiverEmail: Email address of the receiver.
• amount: Amount of money transferred.
• timestamp: Timestamp when the transaction occurred.
• type: Indicates 'credit' or 'debit'.

OTP Verification:

Attributes:

• email: Email address associated with the OTP.
• otpCode: One-time passcode sent to the user's phone.
• expiresAt: Expiration time of the OTP.

Features

• User Registration and Verification:

  • Users can sign up with email, password, and phone number.
  • Phone number verification via OTP sent through SMS.
  • Validation to prevent duplicate registrations with the same email.

• Secure Authentication:

  • Passwords stored securely using hashing (e.g., bcrypt).
  • JWT used for session management and route protection.

• User Dashboard:

  • Displays account balance and recent transactions.
  • Provides an option to sign out.

• Money Transfer:

  • Users can send money to other registered users.
  • Validates recipient's existence and sufficient sender balance.
  • Updates transaction history for both sender and receiver.

• API Documentation:

  • APIs documented using Swagger for easy integration and testing.

• Containerization and Deployment:

  • Dockerized services for consistent environment setup.
  • Kubernetes used for orchestrating microservices.
  • AWS used for deployment with an option for local deployment using Docker Compose.

• Industry Best Practices:

  • Clean code with proper architecture.
  • Secure coding practices to protect sensitive data.
  • Use of environment variables for configuration.

Usage

To utilize this web banking application, follow these steps:

Prerequisites

Before you begin, ensure you have the following prerequisites installed on your system:

• Node.js and npm: If you don't have Node.js installed, you can download it from the official website:

  • Download Node.js

• Angular CLI: Install Angular CLI globally using npm:

  npm install -g @angular/cli
  
  

• MongoDB: Ensure you have MongoDB installed and running on your system.

  • Download MongoDB

• Docker and Docker Compose: If you prefer to run the project using Docker containers, make sure you have Docker and Docker Compose installed.

  • Download Docker
  • Download Docker Compose

• AWS CLI (Optional): For deployment to AWS.

  • Install AWS CLI

You can choose to run the project natively or with Docker, depending on your preference and system configuration.

Installation

Clone or Download the Repository

You can clone this Git repository or download it as a ZIP file to your local machine.

git clone https://github.com/YamtalDev/SecureBankApp.git
cd SecureBankApp

Backend Setup

1. Navigate to the Backend Directory:

cd backend

2. Install Dependencies:

npm install

3. Environment Variables: Create a .env file in the backend directory and add the following configurations:

PORT=3000
MONGODB_URI=mongodb://localhost:27017/bankapp
JWT_SECRET=your_jwt_secret_key
TWILIO_ACCOUNT_SID=your_twilio_account_sid
TWILIO_AUTH_TOKEN=your_twilio_auth_token
TWILIO_PHONE_NUMBER=your_twilio_phone_number

• Replace your_jwt_secret_key with a secure key.
• For Twilio configurations, if you're using Twilio's free trial, replace the placeholders with your actual account details.

4. Run the Backend Server:

npm start

• The backend server should now be running on http://localhost:3000.

Frontend Setup

1. Navigate to the Frontend Directory:

cd ../frontend

2. Install Dependencies:

npm install

3. Environment Variables:

Create an environment.ts file in the src/environments directory with the following content:

export const environment = {
  production: false,
  apiUrl: 'http://localhost:3000/api'
};

4. Run the Frontend Server:

ng serve

• The frontend application should now be running on http://localhost:4200.

MongoDB Setup

Ensure that MongoDB is running on your local machine. If installed locally, you can start it with:

mongod

Alternatively, you can use MongoDB Atlas for a cloud-hosted database. Update MONGODB_URI in the .env file accordingly.

Spin Up with Docker

1. Ensure No Services Are Running on Required Ports:

sudo lsof -i :3000
sudo lsof -i :4200
sudo lsof -i :27017

• Kill any processes using these ports if necessary.

2. Navigate to the Root Directory:

cd ../

3. Run Docker Containers:

docker-compose up --build

• This command builds and starts all services defined in the docker-compose.yml file.

4. Access the Application:

• Frontend: http://localhost:4200
• Backend API: http://localhost:3000/api

API Documentation

API documentation is available via Swagger UI:

• Access Swagger UI

• This provides a detailed overview of all API endpoints, request and response schemas, and allows for interactive testing.

Features and Endpoints

1. User Registration

• Endpoint:

POST /api/auth/register

• Request Body:

{
  "email": "user@example.com",
  "password": "YourSecurePassword",
  "phoneNumber": "+1234567890"
}

• Response:

• Success message indicating that an OTP has been sent to the provided phone number.

2. Phone Verification

• Endpoint:

POST /api/auth/verify-phone

• Request Body:

{
  "email": "user@example.com",
  "otpCode": "123456"
}