Secure Web Banking Application




Project Overview
The Secure Web Banking Application is a web-based system that allows users to sign up, verify their phone number via SMS, log in, view their account balance, view recent transactions, and send money to other registered users. The application adheres to industry best practices, utilizing modern technologies and frameworks to ensure security, scalability, and maintainability.
Requirements
-
User Authentication and Authorization:
- Sign-up with email, password, and phone number.
- Phone number verification using a one-time passcode (OTP) sent via SMS.
- Secure sign-in with JWT authentication.
- Protected dashboard accessible only after authentication.
-
Transactions:
- View account balance (randomly assigned upon sign-up for demo purposes).
- View recent transactions.
- Send money to other registered users by email.
- Validate sufficient balance and recipient existence before processing transactions.
-
Technology Stack:
-
Additional Tools:
- UI Design: Figma for implementing the provided designs.
- Version Control: Git.
Main Entities
User:
Attributes:
userId: Unique identifier for each user.
email: User's email address.
password: Hashed password for authentication.
phoneNumber: User's phone number.
isVerified: Boolean indicating if the phone number has been verified.
balance: Current account balance.
createdAt: Timestamp when the account was created.
Transaction:
Attributes:
transactionId: Unique identifier for each transaction.
senderEmail: Email address of the sender.
receiverEmail: Email address of the receiver.
amount: Amount of money transferred.
timestamp: Timestamp when the transaction occurred.
type: Indicates 'credit' or 'debit'.
OTP Verification:
Attributes:
email: Email address associated with the OTP.
otpCode: One-time passcode sent to the user's phone.
expiresAt: Expiration time of the OTP.
Features
Usage
To utilize this web banking application, follow these steps:
Prerequisites
Before you begin, ensure you have the following prerequisites installed on your system:
-
Node.js and npm: If you don't have Node.js installed, you can download it from the official website:
-
Angular CLI: Install Angular CLI globally using npm:
npm install -g @angular/cli
-
MongoDB: Ensure you have MongoDB installed and running on your system.
-
Docker and Docker Compose: If you prefer to run the project using Docker containers, make sure you have Docker and Docker Compose installed.
-
AWS CLI (Optional): For deployment to AWS.
You can choose to run the project natively or with Docker, depending on your preference and system configuration.
Installation
Clone or Download the Repository
You can clone this Git repository or download it as a ZIP file to your local machine.
git clone https://github.com/YamtalDev/SecureBankApp.git
cd SecureBankApp
Backend Setup
- Navigate to the Backend Directory:
cd backend
- Install Dependencies:
npm install
- Environment Variables:
Create a
.env file in the backend directory and add the following configurations:
PORT=3000
MONGODB_URI=mongodb://localhost:27017/bankapp
JWT_SECRET=your_jwt_secret_key
TWILIO_ACCOUNT_SID=your_twilio_account_sid
TWILIO_AUTH_TOKEN=your_twilio_auth_token
TWILIO_PHONE_NUMBER=your_twilio_phone_number
- Replace your_jwt_secret_key with a secure key.
- For Twilio configurations, if you're using Twilio's free trial, replace the placeholders with your actual account details.
- Run the Backend Server:
npm start
- The backend server should now be running on
http://localhost:3000.
Frontend Setup
- Navigate to the Frontend Directory:
cd ../frontend
- Install Dependencies:
npm install
- Environment Variables:
Create an environment.ts file in the src/environments directory with the following content:
export const environment = {
production: false,
apiUrl: 'http://localhost:3000/api'
};
- Run the Frontend Server:
ng serve
- The frontend application should now be running on
http://localhost:4200.
MongoDB Setup
Ensure that MongoDB is running on your local machine. If installed locally, you can start it with:
mongod
Alternatively, you can use MongoDB Atlas for a cloud-hosted database. Update MONGODB_URI in the .env file accordingly.
Spin Up with Docker
- Ensure No Services Are Running on Required Ports:
sudo lsof -i :3000
sudo lsof -i :4200
sudo lsof -i :27017
- Kill any processes using these ports if necessary.
- Navigate to the Root Directory:
cd ../
- Run Docker Containers:
docker-compose up --build
- This command builds and starts all services defined in the
docker-compose.yml file.
- Access the Application:
API Documentation
API documentation is available via Swagger UI:
Features and Endpoints
- User Registration
POST /api/auth/register
{
"email": "user@example.com",
"password": "YourSecurePassword",
"phoneNumber": "+1234567890"
}
- Phone Verification
POST /api/auth/verify-phone
{
"email": "user@example.com",
"otpCode": "123456"
}
- User Login
POST /api/auth/login
{
"email": "user@example.com",
"password": "YourSecurePassword"
}
- Get User Dashboard
GET /api/user/dashboard
- Authorization: Bearer <JWT_TOKEN>
{
"email": "user@example.com",
"balance": 1000,
"transactions": [
{
"transactionId": "txn_123",
"senderEmail": "user@example.com",
"receiverEmail": "receiver@example.com",
"amount": -100,
"timestamp": "2023-09-01T12:34:56Z",
"type": "debit"
}
]
}
- Send Money
POST /api/transactions/send
- Authorization: Bearer <JWT_TOKEN>
{
"receiverEmail": "receiver@example.com",
"amount": 100
}
- Success message with transaction details.
- Sign Out
- Frontend handles sign-out by removing JWT token from storage.
Deployment to AWS (Optional)
Given the budget constraints, you can utilize AWS Free Tier services.
- Set Up AWS Account:
- Sign up for AWS and configure IAM users and roles.
- Deploy Backend and Frontend:
- Use AWS Elastic Beanstalk or AWS EC2 instances to deploy your Docker containers.
- Alternatively, use AWS Elastic Container Service (ECS) with Fargate.
- Database Deployment:
- Use Amazon DocumentDB (MongoDB compatible) within the free tier limits.
- Ensure security groups and network settings allow your application to connect to the database.
- SMS Service Configuration:
- If Twilio's free trial is insufficient, consider using AWS SNS (Simple Notification Service) for sending SMS messages within the free tier.
Testing
- Implement unit tests using frameworks like Jest for backend and Jasmine/Karma for fr