feat: Limit of trasnaction

2025-11-04 11:12:55 +05:30
parent a53bca4a34 43cce9f04a
commit ea1d7dae85
18 changed files with 204 additions and 32 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -3,6 +3,7 @@
        "MPIN",
        "occured",
        "otpgenerator",
        "TLIMIT",
        "tpassword",
        "tpin",
        "TPWORD"
--- a/src/app.js
+++ b/src/app.js
@@ -3,6 +3,7 @@ const cors = require('cors');
 const { logger } = require('./util/logger');
 const routes = require('./routes');
 const helmet = require('helmet');
 const { verifyClient } = require('./middlewares/clientVerifier.middleware');
 const app = express();
@@ -11,7 +12,7 @@ app.use(helmet());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
-app.use('/api', routes);
+app.use('/api', verifyClient, routes);
 app.get('/health', (_, res) => res.send('server is healthy'));
 app.use((err, _req, res, _next) => {
  logger.error(err, 'uncaught error');
--- a/src/controllers/imps.controller.js
+++ b/src/controllers/imps.controller.js
@@ -12,7 +12,8 @@ async function send(
  ifscCode,
  beneficiaryName,
  beneficiaryAcctType = 'SAVINGS',
-  remarks = ''
+  remarks = '',
  client
 ) {
  try {
    const reqData = {
@@ -42,7 +43,8 @@ async function send(
      amount,
      '',
      '',
-      response.data
+      response.data,
      client
    );
    return response.data;
  } catch (error) {
--- a/src/controllers/neft.controller.js
+++ b/src/controllers/neft.controller.js
@@ -11,7 +11,8 @@ async function send(
  ifscCode,
  beneficiaryName,
  remitterName,
-  remarks
+  remarks,
  client
 ) {
  const commission = 0;
  try {
@@ -28,7 +29,7 @@ async function send(
        stAddress1: '',
        stAddress2: '',
        stAddress3: '',
-	narration: remarks
+        narration: remarks,
      }
    );
    await recordInterBankTransaction(
@@ -41,7 +42,8 @@ async function send(
      commission,
      beneficiaryName,
      remitterName,
-      response.data.status
+      response.data.status,
      client
    );
    return response.data;
  } catch (error) {
@@ -49,8 +51,6 @@ async function send(
      'API call failed: ' + (error.response?.data?.message || error.message)
    );
  }
 }
 module.exports = { send };
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -107,6 +107,13 @@ async function SendOtp(req, res) {
      case 'USERNAME_SAVED':
        message = templates.USERNAME_SAVED(PreferName);
        break;
      case 'TLIMIT':
        otp = generateOTP(6);
        message = templates.TLIMIT(otp);
        break;
      case 'TLIMIT_SET':
        message = templates.TLIMIT_SET(amount);
        break;
      default:
        return res.status(400).json({ error: 'Invalid OTP type' });
    }
--- a/src/controllers/rtgs.controller.js
+++ b/src/controllers/rtgs.controller.js
@@ -11,7 +11,8 @@ async function send(
  ifscCode,
  beneficiaryName,
  remitterName,
-  remarks
+  remarks,
  client
 ) {
  const commission = 0;
  try {
@@ -28,7 +29,8 @@ async function send(
        stAddress1: '',
        stAddress2: '',
        stAddress3: '',
-	narration: remarks
+        narration: remarks,
        client,
      }
    );
    await recordInterBankTransaction(
@@ -41,7 +43,8 @@ async function send(
      commission,
      beneficiaryName,
      remitterName,
-      response.data.status
+      response.data.status,
      client
    );
    return response.data;
  } catch (error) {
--- a/src/controllers/transfer.controller.js
+++ b/src/controllers/transfer.controller.js
@@ -9,7 +9,8 @@ async function transfer(
  toAccountType,
  amount,
  customerNo,
-  narration = ''
+  narration = '',
  client
 ) {
  try {
    const response = await axios.post(
@@ -28,7 +29,8 @@ async function transfer(
      toAccountNo,
      toAccountType,
      amount,
-      response.data.status
+      response.data.status,
      client
    );
    return response.data;
  } catch (error) {
--- a/src/middlewares/clientVerifier.middleware.js
+++ b/src/middlewares/clientVerifier.middleware.js
@@ -0,0 +1,20 @@
 const { logger } = require('../util/logger');
 function verifyClient(req, res, next) {
  const clientHeader = req.headers['x-login-type'];
  if (!clientHeader || (clientHeader !== 'MB' && clientHeader !== 'IB' && clientHeader !== 'eMandate' && clientHeader !=='Admin')) {
    logger.error(
      `Invalid or missing client header. Expected 'MB' or 'IB'. Found ${clientHeader}`
    );
    return res
      .status(401)
      .json({ error: 'MISSING OR INVALID CLIENT TYPE HEADER' });
  }
  req.client = clientHeader;
  next();
 }
 module.exports = { verifyClient };
--- a/src/middlewares/limitCheck.middleware.js
+++ b/src/middlewares/limitCheck.middleware.js
@@ -0,0 +1,28 @@
 const { logger } = require('../util/logger');
 const {
  getDailyLimit,
  getUsedLimit,
 } = require('../services/paymentLimit.service');
 async function checkLimit(req, res, next) {
  const { amount } = req.body;
  const { user, client } = req;
  const dailyLimit = await getDailyLimit(user, client);
  if (!dailyLimit) {
    logger.info('NO LIMIT SET FOR CUSTOMER. ALLOWING TRANSACTIONS');
    next();
  }
  const usedLimit = await getUsedLimit(user, client);
  const remainingLimit = dailyLimit - usedLimit;
  if (amount > remainingLimit) {
    const midnight = new Date();
    midnight.setHours(24, 0, 0, 0);
    res.set('Retry-After', midnight.toUTCString());
    return res.status(403).json({ error: 'Daily limit exhausted' });
  }
  next();
 }
 module.exports = { checkLimit };
--- a/src/routes/customer_details.route.js
+++ b/src/routes/customer_details.route.js
@@ -1,5 +1,13 @@
 const customerController = require('../controllers/customer_details.controller');
 const {
  getDailyLimit,
  getUsedLimit,
  setDailyLimit,
 } = require('../services/paymentLimit.service');
 const { logger } = require('../util/logger');
 const express = require('express');
 const router = express.Router();
 const customerRoute = async (req, res) => {
  const customerNo = req.user;
@@ -12,4 +20,45 @@ const customerRoute = async (req, res) => {
  }
 };
-module.exports = customerRoute;
+const limitRoute = async (req, res) => {
  const customerNo = req.user;
  const client = req.client;
  try {
    const dailyLimit = await getDailyLimit(customerNo, client);
    if (!dailyLimit) {
      return res.status(400).json({ error: 'NO DAILY LIMIT SET FOR USER' });
    }
    const usedLimit = await getUsedLimit(customerNo, client);
    res.json({ dailyLimit: dailyLimit, usedLimit: usedLimit });
  } catch (err) {
    logger.error(err, 'Unknown error encountered while checking daily limit');
    res.status(500).json({ error: 'INTERNAL_SERVER_ERROR' });
  }
 };
 const limitChangeRoute = async (req, res) => {
  const customerNo = req.user;
  const client = req.client;
  const { amount } = req.body;
  const numericLimit = Number(amount);
  if (!Number.isFinite(numericLimit)) {
    logger.error(`Invalid new Limit, found: ${newLimit}`);
    return res
      .status(400)
      .json({ error: 'NEW LIMIT AMOUNT IS REQUIRED WHEN SETTING LIMIT' });
  }
  try {
    await setDailyLimit(customerNo, client, numericLimit);
    return res.status(200).json({ message: 'LIMIT SET' });
  } catch (err) {
    logger.error(err, 'Unexpected error while setting limit amount');
    res.status(500).json({ error: 'INTERNAL SERVER ERROR' });
  }
 };
 router.get('/', customerRoute);
 router.get('/daily-limit', limitRoute);
 router.post('/daily-limit', limitChangeRoute);
 module.exports = router;
--- a/src/routes/imps.route.js
+++ b/src/routes/imps.route.js
@@ -3,13 +3,15 @@ const impsController = require('../controllers/imps.controller');
 const { logger } = require('../util/logger');
 const impsValidator = require('../validators/imps.validator');
 const paymentSecretValidator = require('../validators/payment.secret.validator');
 const { checkLimit } = require('../middlewares/limitCheck.middleware');
 const router = express.Router();
-router.use(impsValidator, paymentSecretValidator);
+router.use(impsValidator, paymentSecretValidator, checkLimit);
 const impsRoute = async (req, res) => {
  const { fromAccount, toAccount, ifscCode, amount, beneficiaryName, remarks } =
    req.body;
  const client = req.client;
  try {
    const result = await impsController.send(
@@ -20,7 +22,8 @@ const impsRoute = async (req, res) => {
      ifscCode,
      beneficiaryName,
      'SAVINGS',
-      remarks
+      remarks,
      client
    );
    if (result.startsWith('Message produced successfully')) {
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -1,6 +1,6 @@
 const express = require('express');
 const authRoute = require('./auth.route');
-const adminAuthRoute =require('./admin_auth.route');
+const adminAuthRoute = require('./admin_auth.route');
 const detailsRoute = require('./customer_details.route');
 const transactionRoute = require('./transactions.route');
 const authenticate = require('../middlewares/auth.middleware');
@@ -15,7 +15,7 @@ const otp = require('./otp.route');
 const router = express.Router();
 router.use('/auth', authRoute);
-router.use('/auth/admin',adminAuthRoute);
+router.use('/auth/admin', adminAuthRoute);
 router.use('/customer', authenticate, detailsRoute);
 router.use('/transactions/account/:accountNo', authenticate, transactionRoute);
 router.use('/payment/transfer', authenticate, transferRoute);
@@ -26,5 +26,4 @@ router.use('/beneficiary', authenticate, beneficiaryRoute);
 router.use('/npci/beneficiary-response', npciResponse);
 router.use('/otp', otp);
 module.exports = router;
--- a/src/routes/neft.route.js
+++ b/src/routes/neft.route.js
@@ -3,9 +3,10 @@ const neftController = require('../controllers/neft.controller');
 const { logger } = require('../util/logger');
 const neftValidator = require('../validators/neft.validator.js');
 const paymentSecretValidator = require('../validators/payment.secret.validator');
 const { checkLimit } = require('../middlewares/limitCheck.middleware');
 const router = express.Router();
-router.use(neftValidator, paymentSecretValidator);
+router.use(neftValidator, paymentSecretValidator, checkLimit);
 const neftRoute = async (req, res) => {
  const {
@@ -15,8 +16,9 @@ const neftRoute = async (req, res) => {
    amount,
    beneficiaryName,
    remitterName,
-    remarks
+    remarks,
  } = req.body;
  const client = req.client;
  try {
    const result = await neftController.send(
@@ -27,7 +29,8 @@ const neftRoute = async (req, res) => {
      ifscCode,
      beneficiaryName,
      remitterName,
-      remarks
+      remarks,
      client
    );
    logger.info(result);
--- a/src/routes/rtgs.route.js
+++ b/src/routes/rtgs.route.js
@@ -3,9 +3,10 @@ const rtgsController = require('../controllers/rtgs.controller');
 const { logger } = require('../util/logger');
 const rtgsValidator = require('../validators/rtgs.validator.js');
 const paymentSecretValidator = require('../validators/payment.secret.validator');
 const { checkLimit } = require('../middlewares/limitCheck.middleware');
 const router = express.Router();
-router.use(rtgsValidator, paymentSecretValidator);
+router.use(rtgsValidator, paymentSecretValidator, checkLimit);
 const rtgsRoute = async (req, res) => {
  const {
@@ -15,8 +16,9 @@ const rtgsRoute = async (req, res) => {
    amount,
    beneficiaryName,
    remitterName,
-    remarks
+    remarks,
  } = req.body;
  const client = req.client;
  try {
    const result = await rtgsController.send(
@@ -27,7 +29,8 @@ const rtgsRoute = async (req, res) => {
      ifscCode,
      beneficiaryName,
      remitterName,
-      remarks
+      remarks,
      client
    );
    if (result.status.startsWith('O.K.')) {
--- a/src/routes/transfer.route.js
+++ b/src/routes/transfer.route.js
@@ -3,12 +3,14 @@ const { logger } = require('../util/logger');
 const express = require('express');
 const transferValidator = require('../validators/transfer.validator');
 const passwordValidator = require('../validators/payment.secret.validator.js');
 const { checkLimit } = require('../middlewares/limitCheck.middleware');
 const router = express.Router();
-router.use(passwordValidator, transferValidator);
+router.use(passwordValidator, transferValidator, checkLimit);
 const transferRoute = async (req, res) => {
  const { fromAccount, toAccount, toAccountType, amount, remarks } = req.body;
  const client = req.client;
  try {
    const result = await transferController.transfer(
      fromAccount,
@@ -16,7 +18,8 @@ const transferRoute = async (req, res) => {
      toAccountType,
      amount,
      req.user,
-      remarks
+      remarks,
      client
    );
    if (result.status === 'O.K.') {
--- a/src/services/paymentLimit.service.js
+++ b/src/services/paymentLimit.service.js
@@ -0,0 +1,38 @@
 const db = require('../config/db');
 const { logger } = require('../util/logger');
 async function getDailyLimit(customerNo, clientType) {
  let query = '';
  if (clientType === 'IB') {
    query = `SELECT inb_limit_amount AS daily_limit FROM users WHERE customer_no = $1`;
  } else {
    query = `SELECT mobile_limit_amount AS daily_limit FROM users WHERE customer_no = $1`;
  }
  const result = await db.query(query, [customerNo]);
  return result.rows[0].daily_limit;
 }
 async function getUsedLimit(customerNo, clientType) {
  let query = `SELECT SUM(amount::numeric) AS used_limit FROM transactions WHERE created_at BETWEEN CURRENT_DATE AND (CURRENT_DATE + INTERVAL '1 day') AND customer_no = $1 AND client = $2`;
  const result = await db.query(query, [customerNo, clientType]);
  const usedLimit = result.rows[0].used_limit;
  return Number(usedLimit);
 }
 async function setDailyLimit(customerNo, clientType, amount) {
  let query = '';
  if (clientType === 'IB') {
    query = `UPDATE users SET inb_limit_amount = $1 WHERE customer_no = $2`;
  } else {
    query = `UPDATE users SET mobile_limit_amount = $1 WHERE customer_no = $2`;
  }
  const result = await db.query(query, [amount, customerNo]);
  if (result.rowCount === 0) {
    throw new Error('No rows affected');
  }
  logger.info(`set new limit: ${result.rowCount} rows affected`);
 }
 module.exports = { getDailyLimit, getUsedLimit, setDailyLimit };
--- a/src/services/recordkeeping.service.js
+++ b/src/services/recordkeeping.service.js
@@ -6,11 +6,12 @@ const recordIntraBankTransaction = async (
  toAccount,
  accountType,
  amount,
-  status
+  status,
  clientType
 ) => {
  const trxType = 'TRF';
  const query =
-    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status) VALUES ($1, $2, $3, $4, $5, $6, $7)';
+    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)';
  await db.query(query, [
    customerNo,
    trxType,
@@ -19,6 +20,7 @@ const recordIntraBankTransaction = async (
    accountType,
    amount,
    status,
    clientType,
  ]);
 };
 const recordInterBankTransaction = async (
@@ -31,10 +33,11 @@ const recordInterBankTransaction = async (
  commission,
  beneficiaryName,
  remitterName,
-  status
+  status,
  clientType
 ) => {
  const query =
-    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)';
+    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status, client) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)';
  await db.query(query, [
    customerNo,
    trxType,
@@ -46,6 +49,7 @@ const recordInterBankTransaction = async (
    beneficiaryName,
    remitterName,
    status,
    clientType,
  ]);
 };
--- a/src/util/sms_template.js
+++ b/src/util/sms_template.js
@@ -52,7 +52,13 @@ const templates = {
    `Dear Customer, Your OTP for updating your Preferred Name is ${otp}. It is valid for 1 minute. Do not share this OTP with anyone. -KCCB`,
  USERNAME_SAVED: (PreferName) =>
-    `Dear Customer, Your Preferred Name -${PreferName}  has been updated successfully. If this change was not made by you, please contact our support team immediately.`
+    `Dear Customer, Your Preferred Name -${PreferName}  has been updated successfully. If this change was not made by you, please contact our support team immediately.`,
  TLIMIT :(otp) =>
    `Dear Customer,Please complete the transaction limit set with ${otp}. -KCCB`,
  TLIMIT_SET :(amount) =>
    `Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`,
 };
 module.exports = templates;