md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Limit of trasnaction

Browse Source
This commit is contained in:
Md Asif
2025-11-04 11:12:55 +05:30
parent a53bca4a34 43cce9f04a
commit ea1d7dae85
18 changed files with 204 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -3,6 +3,7 @@
"MPIN",
"occured",
"otpgenerator",
"TLIMIT",
"tpassword",
"tpin",
"TPWORD"

3
src/app.js
View File

@@ -3,6 +3,7 @@ const cors = require('cors');
const { logger } = require('./util/logger');
const routes = require('./routes');
const helmet = require('helmet');
const { verifyClient } = require('./middlewares/clientVerifier.middleware');
const app = express();
@@ -11,7 +12,7 @@ app.use(helmet());
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use('/api', routes);
app.use('/api', verifyClient, routes);
app.get('/health', (_, res) => res.send('server is healthy'));
app.use((err, _req, res, _next) => {
logger.error(err, 'uncaught error');

6
src/controllers/imps.controller.js
View File

@@ -12,7 +12,8 @@ async function send(
ifscCode,
beneficiaryName,
beneficiaryAcctType = 'SAVINGS',
remarks = ''
remarks = '',
client
) {
try {
const reqData = {
@@ -42,7 +43,8 @@ async function send(
amount,
'',
'',
response.data
response.data,
client
);
return response.data;
} catch (error) {

10
src/controllers/neft.controller.js
View File

@@ -11,7 +11,8 @@ async function send(
ifscCode,
beneficiaryName,
remitterName,
remarks
remarks,
client
) {
const commission = 0;
try {
@@ -28,7 +29,7 @@ async function send(
stAddress1: '',
stAddress2: '',
stAddress3: '',
narration: remarks
narration: remarks,
}
);
await recordInterBankTransaction(
@@ -41,7 +42,8 @@ async function send(
commission,
beneficiaryName,
remitterName,
response.data.status
response.data.status,
client
);
return response.data;
} catch (error) {
@@ -49,8 +51,6 @@ async function send(
'API call failed: ' + (error.response?.data?.message || error.message)
);
}
}
module.exports = { send };

7
src/controllers/otp.controller.js
View File

@@ -107,6 +107,13 @@ async function SendOtp(req, res) {
case 'USERNAME_SAVED':
message = templates.USERNAME_SAVED(PreferName);
break;
case 'TLIMIT':
otp = generateOTP(6);
message = templates.TLIMIT(otp);
break;
case 'TLIMIT_SET':
message = templates.TLIMIT_SET(amount);
break;
default:
return res.status(400).json({ error: 'Invalid OTP type' });
}

9
src/controllers/rtgs.controller.js
View File

@@ -11,7 +11,8 @@ async function send(
ifscCode,
beneficiaryName,
remitterName,
remarks
remarks,
client
) {
const commission = 0;
try {
@@ -28,7 +29,8 @@ async function send(
stAddress1: '',
stAddress2: '',
stAddress3: '',
narration: remarks
narration: remarks,
client,
}
);
await recordInterBankTransaction(
@@ -41,7 +43,8 @@ async function send(
commission,
beneficiaryName,
remitterName,
response.data.status
response.data.status,
client
);
return response.data;
} catch (error) {

6
src/controllers/transfer.controller.js
View File

@@ -9,7 +9,8 @@ async function transfer(
toAccountType,
amount,
customerNo,
narration = ''
narration = '',
client
) {
try {
const response = await axios.post(
@@ -28,7 +29,8 @@ async function transfer(
toAccountNo,
toAccountType,
amount,
response.data.status
response.data.status,
client
);
return response.data;
} catch (error) {

20
src/middlewares/clientVerifier.middleware.js Normal file
View File

@@ -0,0 +1,20 @@
const { logger } = require('../util/logger');
function verifyClient(req, res, next) {
const clientHeader = req.headers['x-login-type'];
if (!clientHeader || (clientHeader !== 'MB' && clientHeader !== 'IB' && clientHeader !== 'eMandate' && clientHeader !=='Admin')) {
logger.error(
`Invalid or missing client header. Expected 'MB' or 'IB'. Found ${clientHeader}`
);
return res
.status(401)
.json({ error: 'MISSING OR INVALID CLIENT TYPE HEADER' });
}
req.client = clientHeader;
next();
}
module.exports = { verifyClient };

28
src/middlewares/limitCheck.middleware.js Normal file
View File

@@ -0,0 +1,28 @@
const { logger } = require('../util/logger');
const {
getDailyLimit,
getUsedLimit,
} = require('../services/paymentLimit.service');
async function checkLimit(req, res, next) {
const { amount } = req.body;
const { user, client } = req;
const dailyLimit = await getDailyLimit(user, client);
if (!dailyLimit) {
logger.info('NO LIMIT SET FOR CUSTOMER. ALLOWING TRANSACTIONS');
next();
}
const usedLimit = await getUsedLimit(user, client);
const remainingLimit = dailyLimit - usedLimit;
if (amount > remainingLimit) {
const midnight = new Date();
midnight.setHours(24, 0, 0, 0);
res.set('Retry-After', midnight.toUTCString());
return res.status(403).json({ error: 'Daily limit exhausted' });
}
next();
}
module.exports = { checkLimit };

51
src/routes/customer_details.route.js
View File

@@ -1,5 +1,13 @@
const customerController = require('../controllers/customer_details.controller');
const {
getDailyLimit,
getUsedLimit,
setDailyLimit,
} = require('../services/paymentLimit.service');
const { logger } = require('../util/logger');
const express = require('express');
const router = express.Router();
const customerRoute = async (req, res) => {
const customerNo = req.user;
@@ -12,4 +20,45 @@ const customerRoute = async (req, res) => {
}
};
module.exports = customerRoute;
const limitRoute = async (req, res) => {
const customerNo = req.user;
const client = req.client;
try {
const dailyLimit = await getDailyLimit(customerNo, client);
if (!dailyLimit) {
return res.status(400).json({ error: 'NO DAILY LIMIT SET FOR USER' });
}
const usedLimit = await getUsedLimit(customerNo, client);
res.json({ dailyLimit: dailyLimit, usedLimit: usedLimit });
} catch (err) {
logger.error(err, 'Unknown error encountered while checking daily limit');
res.status(500).json({ error: 'INTERNAL_SERVER_ERROR' });
}
};
const limitChangeRoute = async (req, res) => {
const customerNo = req.user;
const client = req.client;
const { amount } = req.body;
const numericLimit = Number(amount);
if (!Number.isFinite(numericLimit)) {
logger.error(`Invalid new Limit, found: ${newLimit}`);
return res
.status(400)
.json({ error: 'NEW LIMIT AMOUNT IS REQUIRED WHEN SETTING LIMIT' });
}
try {
await setDailyLimit(customerNo, client, numericLimit);
return res.status(200).json({ message: 'LIMIT SET' });
} catch (err) {
logger.error(err, 'Unexpected error while setting limit amount');
res.status(500).json({ error: 'INTERNAL SERVER ERROR' });
}
};
router.get('/', customerRoute);
router.get('/daily-limit', limitRoute);
router.post('/daily-limit', limitChangeRoute);
module.exports = router;

7
src/routes/imps.route.js
View File

@@ -3,13 +3,15 @@ const impsController = require('../controllers/imps.controller');
const { logger } = require('../util/logger');
const impsValidator = require('../validators/imps.validator');
const paymentSecretValidator = require('../validators/payment.secret.validator');
const { checkLimit } = require('../middlewares/limitCheck.middleware');
const router = express.Router();
router.use(impsValidator, paymentSecretValidator);
router.use(impsValidator, paymentSecretValidator, checkLimit);
const impsRoute = async (req, res) => {
const { fromAccount, toAccount, ifscCode, amount, beneficiaryName, remarks } =
req.body;
const client = req.client;
try {
const result = await impsController.send(
@@ -20,7 +22,8 @@ const impsRoute = async (req, res) => {
ifscCode,
beneficiaryName,
'SAVINGS',
remarks
remarks,
client
);
if (result.startsWith('Message produced successfully')) {

5
src/routes/index.js
View File

@@ -1,6 +1,6 @@
const express = require('express');
const authRoute = require('./auth.route');
const adminAuthRoute =require('./admin_auth.route');
const adminAuthRoute = require('./admin_auth.route');
const detailsRoute = require('./customer_details.route');
const transactionRoute = require('./transactions.route');
const authenticate = require('../middlewares/auth.middleware');
@@ -15,7 +15,7 @@ const otp = require('./otp.route');
const router = express.Router();
router.use('/auth', authRoute);
router.use('/auth/admin',adminAuthRoute);
router.use('/auth/admin', adminAuthRoute);
router.use('/customer', authenticate, detailsRoute);
router.use('/transactions/account/:accountNo', authenticate, transactionRoute);
router.use('/payment/transfer', authenticate, transferRoute);
@@ -26,5 +26,4 @@ router.use('/beneficiary', authenticate, beneficiaryRoute);
router.use('/npci/beneficiary-response', npciResponse);
router.use('/otp', otp);
module.exports = router;

9
src/routes/neft.route.js
View File

@@ -3,9 +3,10 @@ const neftController = require('../controllers/neft.controller');
const { logger } = require('../util/logger');
const neftValidator = require('../validators/neft.validator.js');
const paymentSecretValidator = require('../validators/payment.secret.validator');
const { checkLimit } = require('../middlewares/limitCheck.middleware');
const router = express.Router();
router.use(neftValidator, paymentSecretValidator);
router.use(neftValidator, paymentSecretValidator, checkLimit);
const neftRoute = async (req, res) => {
const {
@@ -15,8 +16,9 @@ const neftRoute = async (req, res) => {
amount,
beneficiaryName,
remitterName,
remarks
remarks,
} = req.body;
const client = req.client;
try {
const result = await neftController.send(
@@ -27,7 +29,8 @@ const neftRoute = async (req, res) => {
ifscCode,
beneficiaryName,
remitterName,
remarks
remarks,
client
);
logger.info(result);

9
src/routes/rtgs.route.js
View File

@@ -3,9 +3,10 @@ const rtgsController = require('../controllers/rtgs.controller');
const { logger } = require('../util/logger');
const rtgsValidator = require('../validators/rtgs.validator.js');
const paymentSecretValidator = require('../validators/payment.secret.validator');
const { checkLimit } = require('../middlewares/limitCheck.middleware');
const router = express.Router();
router.use(rtgsValidator, paymentSecretValidator);
router.use(rtgsValidator, paymentSecretValidator, checkLimit);
const rtgsRoute = async (req, res) => {
const {
@@ -15,8 +16,9 @@ const rtgsRoute = async (req, res) => {
amount,
beneficiaryName,
remitterName,
remarks
remarks,
} = req.body;
const client = req.client;
try {
const result = await rtgsController.send(
@@ -27,7 +29,8 @@ const rtgsRoute = async (req, res) => {
ifscCode,
beneficiaryName,
remitterName,
remarks
remarks,
client
);
if (result.status.startsWith('O.K.')) {

7
src/routes/transfer.route.js
View File

@@ -3,12 +3,14 @@ const { logger } = require('../util/logger');
const express = require('express');
const transferValidator = require('../validators/transfer.validator');
const passwordValidator = require('../validators/payment.secret.validator.js');
const { checkLimit } = require('../middlewares/limitCheck.middleware');
const router = express.Router();
router.use(passwordValidator, transferValidator);
router.use(passwordValidator, transferValidator, checkLimit);
const transferRoute = async (req, res) => {
const { fromAccount, toAccount, toAccountType, amount, remarks } = req.body;
const client = req.client;
try {
const result = await transferController.transfer(
fromAccount,
@@ -16,7 +18,8 @@ const transferRoute = async (req, res) => {
toAccountType,
amount,
req.user,
remarks
remarks,
client
);
if (result.status === 'O.K.') {

38
src/services/paymentLimit.service.js Normal file
View File

@@ -0,0 +1,38 @@
const db = require('../config/db');
const { logger } = require('../util/logger');
async function getDailyLimit(customerNo, clientType) {
let query = '';
if (clientType === 'IB') {
query = `SELECT inb_limit_amount AS daily_limit FROM users WHERE customer_no = $1`;
} else {
query = `SELECT mobile_limit_amount AS daily_limit FROM users WHERE customer_no = $1`;
}
const result = await db.query(query, [customerNo]);
return result.rows[0].daily_limit;
}
async function getUsedLimit(customerNo, clientType) {
let query = `SELECT SUM(amount::numeric) AS used_limit FROM transactions WHERE created_at BETWEEN CURRENT_DATE AND (CURRENT_DATE + INTERVAL '1 day') AND customer_no = $1 AND client = $2`;
const result = await db.query(query, [customerNo, clientType]);
const usedLimit = result.rows[0].used_limit;
return Number(usedLimit);
}
async function setDailyLimit(customerNo, clientType, amount) {
let query = '';
if (clientType === 'IB') {
query = `UPDATE users SET inb_limit_amount = $1 WHERE customer_no = $2`;
} else {
query = `UPDATE users SET mobile_limit_amount = $1 WHERE customer_no = $2`;
}
const result = await db.query(query, [amount, customerNo]);
if (result.rowCount === 0) {
throw new Error('No rows affected');
}
logger.info(`set new limit: ${result.rowCount} rows affected`);
}
module.exports = { getDailyLimit, getUsedLimit, setDailyLimit };

12
src/services/recordkeeping.service.js
View File

@@ -6,11 +6,12 @@ const recordIntraBankTransaction = async (
toAccount,
accountType,
amount,
status
status,
clientType
) => {
const trxType = 'TRF';
const query =
'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status) VALUES ($1, $2, $3, $4, $5, $6, $7)';
'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)';
await db.query(query, [
customerNo,
trxType,
@@ -19,6 +20,7 @@ const recordIntraBankTransaction = async (
accountType,
amount,
status,
clientType,
]);
};
const recordInterBankTransaction = async (
@@ -31,10 +33,11 @@ const recordInterBankTransaction = async (
commission,
beneficiaryName,
remitterName,
status
status,
clientType
) => {
const query =
'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)';
'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)';
await db.query(query, [
customerNo,
trxType,
@@ -46,6 +49,7 @@ const recordInterBankTransaction = async (
beneficiaryName,
remitterName,
status,
clientType,
]);
};

8
src/util/sms_template.js
View File

@@ -52,7 +52,13 @@ const templates = {
`Dear Customer, Your OTP for updating your Preferred Name is ${otp}. It is valid for 1 minute. Do not share this OTP with anyone. -KCCB`,
USERNAME_SAVED: (PreferName) =>
`Dear Customer, Your Preferred Name -${PreferName} has been updated successfully. If this change was not made by you, please contact our support team immediately.`
`Dear Customer, Your Preferred Name -${PreferName} has been updated successfully. If this change was not made by you, please contact our support team immediately.`,
TLIMIT :(otp) =>
`Dear Customer,Please complete the transaction limit set with ${otp}. -KCCB`,
TLIMIT_SET :(amount) =>
`Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`,
};
module.exports = templates;