From 7757b464b3d721669e2a5e2176c4474d812d17bd Mon Sep 17 00:00:00 2001 From: asif Date: Tue, 28 Oct 2025 15:44:43 +0530 Subject: [PATCH] feat: added daily limit feature --- src/app.js | 3 ++- src/controllers/imps.controller.js | 6 +++-- src/controllers/neft.controller.js | 10 +++---- src/controllers/rtgs.controller.js | 9 ++++--- src/controllers/transfer.controller.js | 6 +++-- src/middlewares/clientVerifier.middleware.js | 20 ++++++++++++++ src/middlewares/limitCheck.middleware.js | 28 ++++++++++++++++++++ src/routes/imps.route.js | 7 +++-- src/routes/index.js | 5 ++-- src/routes/neft.route.js | 9 ++++--- src/routes/rtgs.route.js | 9 ++++--- src/routes/transfer.route.js | 7 +++-- src/services/paymentLimit.service.js | 28 ++++++++++++++++++++ src/services/recordkeeping.service.js | 12 ++++++--- 14 files changed, 129 insertions(+), 30 deletions(-) create mode 100644 src/middlewares/clientVerifier.middleware.js create mode 100644 src/middlewares/limitCheck.middleware.js create mode 100644 src/services/paymentLimit.service.js diff --git a/src/app.js b/src/app.js index d2a7472..f593fc3 100644 --- a/src/app.js +++ b/src/app.js @@ -3,6 +3,7 @@ const cors = require('cors'); const { logger } = require('./util/logger'); const routes = require('./routes'); const helmet = require('helmet'); +const { verifyClient } = require('./middlewares/clientVerifier.middleware'); const app = express(); @@ -11,7 +12,7 @@ app.use(helmet()); app.use(express.json()); app.use(express.urlencoded({ extended: true })); -app.use('/api', routes); +app.use('/api', verifyClient, routes); app.get('/health', (_, res) => res.send('server is healthy')); app.use((err, _req, res, _next) => { logger.error(err, 'uncaught error'); diff --git a/src/controllers/imps.controller.js b/src/controllers/imps.controller.js index 20129e6..845d2aa 100644 --- a/src/controllers/imps.controller.js +++ b/src/controllers/imps.controller.js @@ -12,7 +12,8 @@ async function send( ifscCode, beneficiaryName, beneficiaryAcctType = 'SAVINGS', - remarks = '' + remarks = '', + client ) { try { const reqData = { @@ -42,7 +43,8 @@ async function send( amount, '', '', - response.data + response.data, + client ); return response.data; } catch (error) { diff --git a/src/controllers/neft.controller.js b/src/controllers/neft.controller.js index a5c9a6e..b6d4488 100644 --- a/src/controllers/neft.controller.js +++ b/src/controllers/neft.controller.js @@ -11,7 +11,8 @@ async function send( ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ) { const commission = 0; try { @@ -28,7 +29,7 @@ async function send( stAddress1: '', stAddress2: '', stAddress3: '', - narration: remarks + narration: remarks, } ); await recordInterBankTransaction( @@ -41,7 +42,8 @@ async function send( commission, beneficiaryName, remitterName, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { @@ -49,8 +51,6 @@ async function send( 'API call failed: ' + (error.response?.data?.message || error.message) ); } - - } module.exports = { send }; diff --git a/src/controllers/rtgs.controller.js b/src/controllers/rtgs.controller.js index 1e04e2d..0305673 100644 --- a/src/controllers/rtgs.controller.js +++ b/src/controllers/rtgs.controller.js @@ -11,7 +11,8 @@ async function send( ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ) { const commission = 0; try { @@ -28,7 +29,8 @@ async function send( stAddress1: '', stAddress2: '', stAddress3: '', - narration: remarks + narration: remarks, + client, } ); await recordInterBankTransaction( @@ -41,7 +43,8 @@ async function send( commission, beneficiaryName, remitterName, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { diff --git a/src/controllers/transfer.controller.js b/src/controllers/transfer.controller.js index 028c49d..db6156d 100644 --- a/src/controllers/transfer.controller.js +++ b/src/controllers/transfer.controller.js @@ -9,7 +9,8 @@ async function transfer( toAccountType, amount, customerNo, - narration = '' + narration = '', + client ) { try { const response = await axios.post( @@ -28,7 +29,8 @@ async function transfer( toAccountNo, toAccountType, amount, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { diff --git a/src/middlewares/clientVerifier.middleware.js b/src/middlewares/clientVerifier.middleware.js new file mode 100644 index 0000000..25a68c3 --- /dev/null +++ b/src/middlewares/clientVerifier.middleware.js @@ -0,0 +1,20 @@ +const { logger } = require('../util/logger'); + +function verifyClient(req, res, next) { + const clientHeader = req.headers['x-login-type']; + + if (!clientHeader || (clientHeader !== 'MB' && clientHeader !== 'IB')) { + logger.error( + `Invalid or missing client header. Expected 'MB' or 'IB'. Found ${clientHeader}` + ); + + return res + .status(401) + .json({ error: 'missing or invalid client type header' }); + } + + req.client = clientHeader; + next(); +} + +module.exports = { verifyClient }; diff --git a/src/middlewares/limitCheck.middleware.js b/src/middlewares/limitCheck.middleware.js new file mode 100644 index 0000000..f60d974 --- /dev/null +++ b/src/middlewares/limitCheck.middleware.js @@ -0,0 +1,28 @@ +const { logger } = require('../util/logger'); +const { + getDailyLimit, + getUsedLimit, +} = require('../services/paymentLimit.service'); + +async function checkLimit(req, res, next) { + const { amount } = req.body; + const { user, client } = req; + const dailyLimit = await getDailyLimit(user, client); + const usedLimit = await getUsedLimit(user, client); + + const remainingLimit = dailyLimit - usedLimit; + + logger.info( + `dailyLimit = ${dailyLimit} | usedLimit = ${usedLimit} | remainingLimit = ${remainingLimit}` + ); + + if (amount > remainingLimit) { + const midnight = new Date(); + midnight.setHours(24, 0, 0, 0); + res.set('Retry-After', midnight.toUTCString()); + return res.status(403).json({ error: 'Daily limit exhausted' }); + } + next(); +} + +module.exports = { checkLimit }; diff --git a/src/routes/imps.route.js b/src/routes/imps.route.js index 83f8f49..f663283 100644 --- a/src/routes/imps.route.js +++ b/src/routes/imps.route.js @@ -3,13 +3,15 @@ const impsController = require('../controllers/imps.controller'); const { logger } = require('../util/logger'); const impsValidator = require('../validators/imps.validator'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(impsValidator, paymentSecretValidator); +router.use(impsValidator, paymentSecretValidator, checkLimit); const impsRoute = async (req, res) => { const { fromAccount, toAccount, ifscCode, amount, beneficiaryName, remarks } = req.body; + const client = req.client; try { const result = await impsController.send( @@ -20,7 +22,8 @@ const impsRoute = async (req, res) => { ifscCode, beneficiaryName, 'SAVINGS', - remarks + remarks, + client ); if (result.startsWith('Message produced successfully')) { diff --git a/src/routes/index.js b/src/routes/index.js index a779232..8dd7a6f 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -1,6 +1,6 @@ const express = require('express'); const authRoute = require('./auth.route'); -const adminAuthRoute =require('./admin_auth.route'); +const adminAuthRoute = require('./admin_auth.route'); const detailsRoute = require('./customer_details.route'); const transactionRoute = require('./transactions.route'); const authenticate = require('../middlewares/auth.middleware'); @@ -15,7 +15,7 @@ const otp = require('./otp.route'); const router = express.Router(); router.use('/auth', authRoute); -router.use('/auth/admin',adminAuthRoute); +router.use('/auth/admin', adminAuthRoute); router.use('/customer', authenticate, detailsRoute); router.use('/transactions/account/:accountNo', authenticate, transactionRoute); router.use('/payment/transfer', authenticate, transferRoute); @@ -26,5 +26,4 @@ router.use('/beneficiary', authenticate, beneficiaryRoute); router.use('/npci/beneficiary-response', npciResponse); router.use('/otp', otp); - module.exports = router; diff --git a/src/routes/neft.route.js b/src/routes/neft.route.js index 19e6a57..bccbed7 100644 --- a/src/routes/neft.route.js +++ b/src/routes/neft.route.js @@ -3,9 +3,10 @@ const neftController = require('../controllers/neft.controller'); const { logger } = require('../util/logger'); const neftValidator = require('../validators/neft.validator.js'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(neftValidator, paymentSecretValidator); +router.use(neftValidator, paymentSecretValidator, checkLimit); const neftRoute = async (req, res) => { const { @@ -15,8 +16,9 @@ const neftRoute = async (req, res) => { amount, beneficiaryName, remitterName, - remarks + remarks, } = req.body; + const client = req.client; try { const result = await neftController.send( @@ -27,7 +29,8 @@ const neftRoute = async (req, res) => { ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ); logger.info(result); diff --git a/src/routes/rtgs.route.js b/src/routes/rtgs.route.js index 7c7348e..7534715 100644 --- a/src/routes/rtgs.route.js +++ b/src/routes/rtgs.route.js @@ -3,9 +3,10 @@ const rtgsController = require('../controllers/rtgs.controller'); const { logger } = require('../util/logger'); const rtgsValidator = require('../validators/rtgs.validator.js'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(rtgsValidator, paymentSecretValidator); +router.use(rtgsValidator, paymentSecretValidator, checkLimit); const rtgsRoute = async (req, res) => { const { @@ -15,8 +16,9 @@ const rtgsRoute = async (req, res) => { amount, beneficiaryName, remitterName, - remarks + remarks, } = req.body; + const client = req.client; try { const result = await rtgsController.send( @@ -27,7 +29,8 @@ const rtgsRoute = async (req, res) => { ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ); if (result.status.startsWith('O.K.')) { diff --git a/src/routes/transfer.route.js b/src/routes/transfer.route.js index 0b94475..6602b4d 100644 --- a/src/routes/transfer.route.js +++ b/src/routes/transfer.route.js @@ -3,12 +3,14 @@ const { logger } = require('../util/logger'); const express = require('express'); const transferValidator = require('../validators/transfer.validator'); const passwordValidator = require('../validators/payment.secret.validator.js'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(passwordValidator, transferValidator); +router.use(passwordValidator, transferValidator, checkLimit); const transferRoute = async (req, res) => { const { fromAccount, toAccount, toAccountType, amount, remarks } = req.body; + const client = req.client; try { const result = await transferController.transfer( fromAccount, @@ -16,7 +18,8 @@ const transferRoute = async (req, res) => { toAccountType, amount, req.user, - remarks + remarks, + client ); if (result.status === 'O.K.') { diff --git a/src/services/paymentLimit.service.js b/src/services/paymentLimit.service.js new file mode 100644 index 0000000..ebf39ed --- /dev/null +++ b/src/services/paymentLimit.service.js @@ -0,0 +1,28 @@ +const db = require('../config/db'); + +async function getDailyLimit(customerNo, clientType) { + if (clientType !== 'IB' && clientType !== 'MB') { + throw new Error('Invalid client type. IB and MB accepted'); + } + + let query = ''; + if (clientType === 'IB') { + query = `SELECT inb_limit_amount AS daily_limit FROM users WHERE customer_no = $1`; + } else { + query = `SELECT mobile_limit_amount AS daily_limit FROM users WHERE customer_no = $1`; + } + + const result = await db.query(query, [customerNo]); + return result.rows[0].daily_limit; +} + +async function getUsedLimit(customerNo, clientType) { + if (clientType !== 'IB' && clientType !== 'MB') { + throw new Error('Invalid client type. IB and MB accepted'); + } + let query = `SELECT SUM(amount) AS used_limit FROM transactions WHERE created_at BETWEEN CURRENT_DATE AND (CURRENT_DATE + INTERVAL '1 day') AND customer_no = $1 AND client = $2`; + const result = await db.query(query, [customerNo, clientType]); + return result.rows[0].used_limit; +} + +module.exports = { getDailyLimit, getUsedLimit }; diff --git a/src/services/recordkeeping.service.js b/src/services/recordkeeping.service.js index 43fa20a..84ba0eb 100644 --- a/src/services/recordkeeping.service.js +++ b/src/services/recordkeeping.service.js @@ -6,11 +6,12 @@ const recordIntraBankTransaction = async ( toAccount, accountType, amount, - status + status, + clientType ) => { const trxType = 'TRF'; const query = - 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status) VALUES ($1, $2, $3, $4, $5, $6, $7)'; + 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)'; await db.query(query, [ customerNo, trxType, @@ -19,6 +20,7 @@ const recordIntraBankTransaction = async ( accountType, amount, status, + clientType, ]); }; const recordInterBankTransaction = async ( @@ -31,10 +33,11 @@ const recordInterBankTransaction = async ( commission, beneficiaryName, remitterName, - status + status, + clientType ) => { const query = - 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)'; + 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)'; await db.query(query, [ customerNo, trxType, @@ -46,6 +49,7 @@ const recordInterBankTransaction = async ( beneficiaryName, remitterName, status, + clientType, ]); };