diff --git a/.vscode/settings.json b/.vscode/settings.json index f05d849..fef8a46 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,6 +3,7 @@ "MPIN", "occured", "otpgenerator", + "TLIMIT", "tpassword", "tpin", "TPWORD" diff --git a/src/app.js b/src/app.js index d2a7472..f593fc3 100644 --- a/src/app.js +++ b/src/app.js @@ -3,6 +3,7 @@ const cors = require('cors'); const { logger } = require('./util/logger'); const routes = require('./routes'); const helmet = require('helmet'); +const { verifyClient } = require('./middlewares/clientVerifier.middleware'); const app = express(); @@ -11,7 +12,7 @@ app.use(helmet()); app.use(express.json()); app.use(express.urlencoded({ extended: true })); -app.use('/api', routes); +app.use('/api', verifyClient, routes); app.get('/health', (_, res) => res.send('server is healthy')); app.use((err, _req, res, _next) => { logger.error(err, 'uncaught error'); diff --git a/src/controllers/imps.controller.js b/src/controllers/imps.controller.js index 20129e6..845d2aa 100644 --- a/src/controllers/imps.controller.js +++ b/src/controllers/imps.controller.js @@ -12,7 +12,8 @@ async function send( ifscCode, beneficiaryName, beneficiaryAcctType = 'SAVINGS', - remarks = '' + remarks = '', + client ) { try { const reqData = { @@ -42,7 +43,8 @@ async function send( amount, '', '', - response.data + response.data, + client ); return response.data; } catch (error) { diff --git a/src/controllers/neft.controller.js b/src/controllers/neft.controller.js index a5c9a6e..b6d4488 100644 --- a/src/controllers/neft.controller.js +++ b/src/controllers/neft.controller.js @@ -11,7 +11,8 @@ async function send( ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ) { const commission = 0; try { @@ -28,7 +29,7 @@ async function send( stAddress1: '', stAddress2: '', stAddress3: '', - narration: remarks + narration: remarks, } ); await recordInterBankTransaction( @@ -41,7 +42,8 @@ async function send( commission, beneficiaryName, remitterName, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { @@ -49,8 +51,6 @@ async function send( 'API call failed: ' + (error.response?.data?.message || error.message) ); } - - } module.exports = { send }; diff --git a/src/controllers/otp.controller.js b/src/controllers/otp.controller.js index 231bd7d..88ceb5d 100644 --- a/src/controllers/otp.controller.js +++ b/src/controllers/otp.controller.js @@ -107,6 +107,13 @@ async function SendOtp(req, res) { case 'USERNAME_SAVED': message = templates.USERNAME_SAVED(PreferName); break; + case 'TLIMIT': + otp = generateOTP(6); + message = templates.TLIMIT(otp); + break; + case 'TLIMIT_SET': + message = templates.TLIMIT_SET(amount); + break; default: return res.status(400).json({ error: 'Invalid OTP type' }); } diff --git a/src/controllers/rtgs.controller.js b/src/controllers/rtgs.controller.js index 1e04e2d..0305673 100644 --- a/src/controllers/rtgs.controller.js +++ b/src/controllers/rtgs.controller.js @@ -11,7 +11,8 @@ async function send( ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ) { const commission = 0; try { @@ -28,7 +29,8 @@ async function send( stAddress1: '', stAddress2: '', stAddress3: '', - narration: remarks + narration: remarks, + client, } ); await recordInterBankTransaction( @@ -41,7 +43,8 @@ async function send( commission, beneficiaryName, remitterName, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { diff --git a/src/controllers/transfer.controller.js b/src/controllers/transfer.controller.js index 028c49d..db6156d 100644 --- a/src/controllers/transfer.controller.js +++ b/src/controllers/transfer.controller.js @@ -9,7 +9,8 @@ async function transfer( toAccountType, amount, customerNo, - narration = '' + narration = '', + client ) { try { const response = await axios.post( @@ -28,7 +29,8 @@ async function transfer( toAccountNo, toAccountType, amount, - response.data.status + response.data.status, + client ); return response.data; } catch (error) { diff --git a/src/middlewares/clientVerifier.middleware.js b/src/middlewares/clientVerifier.middleware.js new file mode 100644 index 0000000..19889a9 --- /dev/null +++ b/src/middlewares/clientVerifier.middleware.js @@ -0,0 +1,20 @@ +const { logger } = require('../util/logger'); + +function verifyClient(req, res, next) { + const clientHeader = req.headers['x-login-type']; + + if (!clientHeader || (clientHeader !== 'MB' && clientHeader !== 'IB' && clientHeader !== 'eMandate' && clientHeader !=='Admin')) { + logger.error( + `Invalid or missing client header. Expected 'MB' or 'IB'. Found ${clientHeader}` + ); + + return res + .status(401) + .json({ error: 'MISSING OR INVALID CLIENT TYPE HEADER' }); + } + + req.client = clientHeader; + next(); +} + +module.exports = { verifyClient }; diff --git a/src/middlewares/limitCheck.middleware.js b/src/middlewares/limitCheck.middleware.js new file mode 100644 index 0000000..12d6ac1 --- /dev/null +++ b/src/middlewares/limitCheck.middleware.js @@ -0,0 +1,28 @@ +const { logger } = require('../util/logger'); +const { + getDailyLimit, + getUsedLimit, +} = require('../services/paymentLimit.service'); + +async function checkLimit(req, res, next) { + const { amount } = req.body; + const { user, client } = req; + const dailyLimit = await getDailyLimit(user, client); + if (!dailyLimit) { + logger.info('NO LIMIT SET FOR CUSTOMER. ALLOWING TRANSACTIONS'); + next(); + } + const usedLimit = await getUsedLimit(user, client); + + const remainingLimit = dailyLimit - usedLimit; + + if (amount > remainingLimit) { + const midnight = new Date(); + midnight.setHours(24, 0, 0, 0); + res.set('Retry-After', midnight.toUTCString()); + return res.status(403).json({ error: 'Daily limit exhausted' }); + } + next(); +} + +module.exports = { checkLimit }; diff --git a/src/routes/customer_details.route.js b/src/routes/customer_details.route.js index 7e1114d..ec17cde 100644 --- a/src/routes/customer_details.route.js +++ b/src/routes/customer_details.route.js @@ -1,5 +1,13 @@ const customerController = require('../controllers/customer_details.controller'); +const { + getDailyLimit, + getUsedLimit, + setDailyLimit, +} = require('../services/paymentLimit.service'); const { logger } = require('../util/logger'); +const express = require('express'); + +const router = express.Router(); const customerRoute = async (req, res) => { const customerNo = req.user; @@ -12,4 +20,45 @@ const customerRoute = async (req, res) => { } }; -module.exports = customerRoute; +const limitRoute = async (req, res) => { + const customerNo = req.user; + const client = req.client; + + try { + const dailyLimit = await getDailyLimit(customerNo, client); + if (!dailyLimit) { + return res.status(400).json({ error: 'NO DAILY LIMIT SET FOR USER' }); + } + const usedLimit = await getUsedLimit(customerNo, client); + res.json({ dailyLimit: dailyLimit, usedLimit: usedLimit }); + } catch (err) { + logger.error(err, 'Unknown error encountered while checking daily limit'); + res.status(500).json({ error: 'INTERNAL_SERVER_ERROR' }); + } +}; +const limitChangeRoute = async (req, res) => { + const customerNo = req.user; + const client = req.client; + const { amount } = req.body; + const numericLimit = Number(amount); + + if (!Number.isFinite(numericLimit)) { + logger.error(`Invalid new Limit, found: ${newLimit}`); + return res + .status(400) + .json({ error: 'NEW LIMIT AMOUNT IS REQUIRED WHEN SETTING LIMIT' }); + } + try { + await setDailyLimit(customerNo, client, numericLimit); + return res.status(200).json({ message: 'LIMIT SET' }); + } catch (err) { + logger.error(err, 'Unexpected error while setting limit amount'); + res.status(500).json({ error: 'INTERNAL SERVER ERROR' }); + } +}; + +router.get('/', customerRoute); +router.get('/daily-limit', limitRoute); +router.post('/daily-limit', limitChangeRoute); + +module.exports = router; diff --git a/src/routes/imps.route.js b/src/routes/imps.route.js index 83f8f49..f663283 100644 --- a/src/routes/imps.route.js +++ b/src/routes/imps.route.js @@ -3,13 +3,15 @@ const impsController = require('../controllers/imps.controller'); const { logger } = require('../util/logger'); const impsValidator = require('../validators/imps.validator'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(impsValidator, paymentSecretValidator); +router.use(impsValidator, paymentSecretValidator, checkLimit); const impsRoute = async (req, res) => { const { fromAccount, toAccount, ifscCode, amount, beneficiaryName, remarks } = req.body; + const client = req.client; try { const result = await impsController.send( @@ -20,7 +22,8 @@ const impsRoute = async (req, res) => { ifscCode, beneficiaryName, 'SAVINGS', - remarks + remarks, + client ); if (result.startsWith('Message produced successfully')) { diff --git a/src/routes/index.js b/src/routes/index.js index a779232..8dd7a6f 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -1,6 +1,6 @@ const express = require('express'); const authRoute = require('./auth.route'); -const adminAuthRoute =require('./admin_auth.route'); +const adminAuthRoute = require('./admin_auth.route'); const detailsRoute = require('./customer_details.route'); const transactionRoute = require('./transactions.route'); const authenticate = require('../middlewares/auth.middleware'); @@ -15,7 +15,7 @@ const otp = require('./otp.route'); const router = express.Router(); router.use('/auth', authRoute); -router.use('/auth/admin',adminAuthRoute); +router.use('/auth/admin', adminAuthRoute); router.use('/customer', authenticate, detailsRoute); router.use('/transactions/account/:accountNo', authenticate, transactionRoute); router.use('/payment/transfer', authenticate, transferRoute); @@ -26,5 +26,4 @@ router.use('/beneficiary', authenticate, beneficiaryRoute); router.use('/npci/beneficiary-response', npciResponse); router.use('/otp', otp); - module.exports = router; diff --git a/src/routes/neft.route.js b/src/routes/neft.route.js index 19e6a57..bccbed7 100644 --- a/src/routes/neft.route.js +++ b/src/routes/neft.route.js @@ -3,9 +3,10 @@ const neftController = require('../controllers/neft.controller'); const { logger } = require('../util/logger'); const neftValidator = require('../validators/neft.validator.js'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(neftValidator, paymentSecretValidator); +router.use(neftValidator, paymentSecretValidator, checkLimit); const neftRoute = async (req, res) => { const { @@ -15,8 +16,9 @@ const neftRoute = async (req, res) => { amount, beneficiaryName, remitterName, - remarks + remarks, } = req.body; + const client = req.client; try { const result = await neftController.send( @@ -27,7 +29,8 @@ const neftRoute = async (req, res) => { ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ); logger.info(result); diff --git a/src/routes/rtgs.route.js b/src/routes/rtgs.route.js index 7c7348e..7534715 100644 --- a/src/routes/rtgs.route.js +++ b/src/routes/rtgs.route.js @@ -3,9 +3,10 @@ const rtgsController = require('../controllers/rtgs.controller'); const { logger } = require('../util/logger'); const rtgsValidator = require('../validators/rtgs.validator.js'); const paymentSecretValidator = require('../validators/payment.secret.validator'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(rtgsValidator, paymentSecretValidator); +router.use(rtgsValidator, paymentSecretValidator, checkLimit); const rtgsRoute = async (req, res) => { const { @@ -15,8 +16,9 @@ const rtgsRoute = async (req, res) => { amount, beneficiaryName, remitterName, - remarks + remarks, } = req.body; + const client = req.client; try { const result = await rtgsController.send( @@ -27,7 +29,8 @@ const rtgsRoute = async (req, res) => { ifscCode, beneficiaryName, remitterName, - remarks + remarks, + client ); if (result.status.startsWith('O.K.')) { diff --git a/src/routes/transfer.route.js b/src/routes/transfer.route.js index 0b94475..6602b4d 100644 --- a/src/routes/transfer.route.js +++ b/src/routes/transfer.route.js @@ -3,12 +3,14 @@ const { logger } = require('../util/logger'); const express = require('express'); const transferValidator = require('../validators/transfer.validator'); const passwordValidator = require('../validators/payment.secret.validator.js'); +const { checkLimit } = require('../middlewares/limitCheck.middleware'); const router = express.Router(); -router.use(passwordValidator, transferValidator); +router.use(passwordValidator, transferValidator, checkLimit); const transferRoute = async (req, res) => { const { fromAccount, toAccount, toAccountType, amount, remarks } = req.body; + const client = req.client; try { const result = await transferController.transfer( fromAccount, @@ -16,7 +18,8 @@ const transferRoute = async (req, res) => { toAccountType, amount, req.user, - remarks + remarks, + client ); if (result.status === 'O.K.') { diff --git a/src/services/paymentLimit.service.js b/src/services/paymentLimit.service.js new file mode 100644 index 0000000..b4acba7 --- /dev/null +++ b/src/services/paymentLimit.service.js @@ -0,0 +1,38 @@ +const db = require('../config/db'); +const { logger } = require('../util/logger'); + +async function getDailyLimit(customerNo, clientType) { + let query = ''; + if (clientType === 'IB') { + query = `SELECT inb_limit_amount AS daily_limit FROM users WHERE customer_no = $1`; + } else { + query = `SELECT mobile_limit_amount AS daily_limit FROM users WHERE customer_no = $1`; + } + + const result = await db.query(query, [customerNo]); + return result.rows[0].daily_limit; +} + +async function getUsedLimit(customerNo, clientType) { + let query = `SELECT SUM(amount::numeric) AS used_limit FROM transactions WHERE created_at BETWEEN CURRENT_DATE AND (CURRENT_DATE + INTERVAL '1 day') AND customer_no = $1 AND client = $2`; + const result = await db.query(query, [customerNo, clientType]); + const usedLimit = result.rows[0].used_limit; + return Number(usedLimit); +} + +async function setDailyLimit(customerNo, clientType, amount) { + let query = ''; + if (clientType === 'IB') { + query = `UPDATE users SET inb_limit_amount = $1 WHERE customer_no = $2`; + } else { + query = `UPDATE users SET mobile_limit_amount = $1 WHERE customer_no = $2`; + } + + const result = await db.query(query, [amount, customerNo]); + if (result.rowCount === 0) { + throw new Error('No rows affected'); + } + logger.info(`set new limit: ${result.rowCount} rows affected`); +} + +module.exports = { getDailyLimit, getUsedLimit, setDailyLimit }; diff --git a/src/services/recordkeeping.service.js b/src/services/recordkeeping.service.js index 43fa20a..84ba0eb 100644 --- a/src/services/recordkeeping.service.js +++ b/src/services/recordkeeping.service.js @@ -6,11 +6,12 @@ const recordIntraBankTransaction = async ( toAccount, accountType, amount, - status + status, + clientType ) => { const trxType = 'TRF'; const query = - 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status) VALUES ($1, $2, $3, $4, $5, $6, $7)'; + 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)'; await db.query(query, [ customerNo, trxType, @@ -19,6 +20,7 @@ const recordIntraBankTransaction = async ( accountType, amount, status, + clientType, ]); }; const recordInterBankTransaction = async ( @@ -31,10 +33,11 @@ const recordInterBankTransaction = async ( commission, beneficiaryName, remitterName, - status + status, + clientType ) => { const query = - 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)'; + 'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)'; await db.query(query, [ customerNo, trxType, @@ -46,6 +49,7 @@ const recordInterBankTransaction = async ( beneficiaryName, remitterName, status, + clientType, ]); }; diff --git a/src/util/sms_template.js b/src/util/sms_template.js index e4a6373..63d8251 100644 --- a/src/util/sms_template.js +++ b/src/util/sms_template.js @@ -52,7 +52,13 @@ const templates = { `Dear Customer, Your OTP for updating your Preferred Name is ${otp}. It is valid for 1 minute. Do not share this OTP with anyone. -KCCB`, USERNAME_SAVED: (PreferName) => - `Dear Customer, Your Preferred Name -${PreferName} has been updated successfully. If this change was not made by you, please contact our support team immediately.` + `Dear Customer, Your Preferred Name -${PreferName} has been updated successfully. If this change was not made by you, please contact our support team immediately.`, + + TLIMIT :(otp) => + `Dear Customer,Please complete the transaction limit set with ${otp}. -KCCB`, + + TLIMIT_SET :(amount) => + `Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`, }; module.exports = templates; \ No newline at end of file