added helmet for security

feat: added account balance in statement
feat: added transactions record keeping feature
2025-09-09 02:11:43 +05:30 · 2025-09-08 20:32:19 +05:30 · 2025-09-08 20:04:55 +05:30 · 2025-09-08 16:33:03 +05:30 · 2025-08-29 15:49:35 +05:30 · 2025-08-29 15:40:36 +05:30
17 changed files with 214 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 node_modules/
 .env
+logs/requests.log
--- a/src/app.js
+++ b/src/app.js
@@ -1,14 +1,36 @@
 const express = require('express');
 const cors = require('cors');
-const { logger } = require('./util/logger');
+const { logger, requestLogger } = require('./util/logger');
 const routes = require('./routes');
+const helmet = require('helmet');

 const app = express();

 app.use(cors());
+app.use(helmet());
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));

+app.use((req, res, next) => {
+  const start = Date.now();
+
+  res.on('finish', () => {
+    requestLogger.info(
+      {
+        ip: req.ip || req.connection.remoteAddress,
+        method: req.method,
+        url: req.originalUrl,
+        headers: req.headers,
+        body: req.body,
+        status: res.statusCode,
+        responseTime: `${Date.now() - start}ms`,
+      },
+      'Incoming request'
+    );
+  });
+  next();
+});
+
 app.use('/api', routes);
 app.get('/health', (_, res) => res.send('server is healthy'));
 app.use((err, _req, res, _next) => {
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -14,7 +14,8 @@ async function login(req, res) {
  const currentTime = new Date().toISOString();
  try {
    const user = await authService.validateUser(customerNo, password);
-    if (!user) return res.status(401).json({ error: 'invalid credentials' });
+    if (!user || !password)
+      return res.status(401).json({ error: 'invalid credentials' });
    const token = generateToken(user.customer_no, '1d');
    const FirstTimeLogin = await authService.CheckFirstTimeLogin(customerNo);
    await db.query('UPDATE users SET last_login = $1 WHERE customer_no = $2', [
@@ -34,7 +35,6 @@ async function fetchUserDetails(req, res) {
    const user = await authService.findUserByCustomerNo(customerNo);
    if (!user) return res.status(404).json({ message: 'USER_NOT_FOUND' });
    return res.json(user);
-
  } catch (err) {
    logger.error(err, 'error occured while fetching user details');
    res.status(500).json({ error: 'something went wrong' });
@@ -102,4 +102,11 @@ async function setTransactionPassword(req, res) {
  }
 }

-module.exports = { login, tpin, setTpin, setLoginPassword, setTransactionPassword,fetchUserDetails };
+module.exports = {
+  login,
+  tpin,
+  setTpin,
+  setLoginPassword,
+  setTransactionPassword,
+  fetchUserDetails,
+};
--- a/src/controllers/beneficiary.controller.js
+++ b/src/controllers/beneficiary.controller.js
@@ -95,6 +95,24 @@ async function getBeneficiary(req, res) {
  }
 }

+async function deleteBeneficiary(req, res) {
+  const { beneficiaryAccountNo } = req.params;
+  try {
+    await beneficiaryService.deleteBeneficiary(req.user, beneficiaryAccountNo);
+    res.status(204).send();
+  } catch (error) {
+    if (error.message === 'ACCOUNT_NOT_FOUND') {
+      logger.warn(
+        `beneficiary ${beneficiaryAccountNo} does not exist for the customer ${req.user}`
+      );
+      return res.status(400).json({ error: 'INVALID_BENEFICIARY_ACCOUNT_NO' });
+    } else {
+      logger.error(error, 'error deleting beneficiary');
+      return res.status(500).json({ error: 'INTERNAL_SERVER_ERROR' });
+    }
+  }
+}
+
 async function getIfscDetails(req, res) {
  const { ifscCode } = req.query;
  if (!ifscCode) {
@@ -127,4 +145,5 @@ module.exports = {
  addBeneficiary,
  getIfscDetails,
  getBeneficiary,
+  deleteBeneficiary,
 };
--- a/src/controllers/imps.controller.js
+++ b/src/controllers/imps.controller.js
@@ -1,7 +1,11 @@
 const axios = require('axios');
 const { logger } = require('../util/logger');
+const {
+  recordInterBankTransaction,
+} = require('../services/recordkeeping.service');

 async function send(
+  customerNo,
  fromAccount,
  toAccount,
  amount,
@@ -20,7 +24,6 @@ async function send(
      stTransferAmount: amount,
      stRemarks: remarks,
    };
-    logger.info(reqData, 'request data to be sent to IMPS server');
    const response = await axios.post(
      'http://localhost:6768/kccb/api/IMPS/Producer',
      reqData,
@@ -30,7 +33,17 @@ async function send(
        },
      }
    );
-    logger.info(response, 'response from IMPS');
+    await recordInterBankTransaction(
+      customerNo,
+      'imps',
+      fromAccount,
+      toAccount,
+      ifscCode,
+      amount,
+      '',
+      '',
+      response.data
+    );
    return response.data;
  } catch (error) {
    logger.error(error, 'error from IMPS');
--- a/src/controllers/neft.controller.js
+++ b/src/controllers/neft.controller.js
@@ -1,6 +1,10 @@
 const axios = require('axios');
+const {
+  recordInterBankTransaction,
+} = require('../services/recordkeeping.service');

 async function send(
+  customerNo,
  fromAccount,
  toAccount,
  amount,
@@ -8,6 +12,7 @@ async function send(
  beneficiaryName,
  remitterName
 ) {
+  const commission = 0;
  try {
    const response = await axios.post(
      'http://localhost:8690/kccb/Neftfundtransfer',
@@ -15,7 +20,7 @@ async function send(
        stFromAcc: fromAccount,
        stToAcc: toAccount,
        stTranAmt: amount,
-        stCommission: 0,
+        stCommission: commission,
        stIfscCode: ifscCode,
        stFullName: remitterName,
        stBeneName: beneficiaryName,
@@ -24,6 +29,18 @@ async function send(
        stAddress3: '',
      }
    );
+    await recordInterBankTransaction(
+      customerNo,
+      'neft',
+      fromAccount,
+      toAccount,
+      ifscCode,
+      amount,
+      commission,
+      beneficiaryName,
+      remitterName,
+      response.data.status
+    );
    return response.data;
  } catch (error) {
    throw new Error(
--- a/src/controllers/rtgs.controller.js
+++ b/src/controllers/rtgs.controller.js
@@ -1,6 +1,10 @@
 const axios = require('axios');
+const {
+  recordInterBankTransaction,
+} = require('../services/recordkeeping.service');

 async function send(
+  customerNo,
  fromAccount,
  toAccount,
  amount,
@@ -8,6 +12,7 @@ async function send(
  beneficiaryName,
  remitterName
 ) {
+  const commission = 0;
  try {
    const response = await axios.post(
      'http://localhost:8690/kccb/Rtgsfundtransfer',
@@ -15,7 +20,7 @@ async function send(
        stFromAcc: fromAccount,
        stToAcc: toAccount,
        stTranAmt: amount,
-        stCommission: 0,
+        stCommission: commission,
        stIfscCode: ifscCode,
        stFullName: remitterName,
        stBeneName: beneficiaryName,
@@ -24,6 +29,18 @@ async function send(
        stAddress3: '',
      }
    );
+    await recordInterBankTransaction(
+      customerNo,
+      'rtgs',
+      fromAccount,
+      toAccount,
+      ifscCode,
+      amount,
+      commission,
+      beneficiaryName,
+      remitterName,
+      response.data.status
+    );
    return response.data;
  } catch (error) {
    throw new Error(
--- a/src/controllers/transactions.controller.js
+++ b/src/controllers/transactions.controller.js
@@ -13,6 +13,8 @@ async function getLastTen(accountNumber) {
      date: tx.stTransactionDate,
      amount: tx.stTransactionAmount.slice(0, -3),
      type: tx.stTransactionAmount.slice(-2),
+      balance: tx.stAccountBalance.slice(0, -3),
+      balanceType: tx.stAccountBalance.slice(-2),
    }));
    return processedTransactions;
  } catch (error) {
@@ -36,6 +38,8 @@ async function getFiltered(accountNumber, fromDate, toDate) {
      date: tx.stTransactionDate,
      amount: tx.stTransactionAmount.slice(0, -3),
      type: tx.stTransactionAmount.slice(-2),
+      balance: tx.stAccountBalance.slice(0, -3),
+      balanceType: tx.stAccountBalance.slice(-2),
    }));
    return processedTransactions;
  } catch (error) {
--- a/src/controllers/transfer.controller.js
+++ b/src/controllers/transfer.controller.js
@@ -1,12 +1,15 @@
 const axios = require('axios');
+const {
+  recordIntraBankTransaction,
+} = require('../services/recordkeeping.service');

 async function transfer(
  fromAccountNo,
  toAccountNo,
  toAccountType,
  amount,
-  // narration = 'transfer from mobile'
-  narration
+  customerNo,
+  narration = ''
 ) {
  try {
    const response = await axios.post(
@@ -19,6 +22,14 @@ async function transfer(
        narration,
      }
    );
+    await recordIntraBankTransaction(
+      customerNo,
+      fromAccountNo,
+      toAccountNo,
+      toAccountType,
+      amount,
+      response.data.status
+    );
    return response.data;
  } catch (error) {
    throw new Error(
--- a/src/routes/beneficiary.route.js
+++ b/src/routes/beneficiary.route.js
@@ -9,5 +9,9 @@ router.get('/validate/outside-bank', beneficiaryController.validateOutsideBank);
 router.get('/ifsc-details', beneficiaryController.getIfscDetails);
 router.get('/', beneficiaryController.getBeneficiary);
 router.post('/', newBeneficiaryValidator, beneficiaryController.addBeneficiary);
+router.delete(
+  '/:beneficiaryAccountNo',
+  beneficiaryController.deleteBeneficiary
+);

 module.exports = router;
--- a/src/routes/imps.route.js
+++ b/src/routes/imps.route.js
@@ -13,6 +13,7 @@ const impsRoute = async (req, res) => {

  try {
    const result = await impsController.send(
+      req.user,
      fromAccount,
      toAccount,
      amount,
--- a/src/routes/neft.route.js
+++ b/src/routes/neft.route.js
@@ -19,6 +19,7 @@ const neftRoute = async (req, res) => {

  try {
    const result = await neftController.send(
+      req.user,
      fromAccount,
      toAccount,
      amount,
--- a/src/routes/rtgs.route.js
+++ b/src/routes/rtgs.route.js
@@ -19,6 +19,7 @@ const rtgsRoute = async (req, res) => {

  try {
    const result = await rtgsController.send(
+      req.user,
      fromAccount,
      toAccount,
      amount,
--- a/src/routes/transfer.route.js
+++ b/src/routes/transfer.route.js
@@ -14,7 +14,8 @@ const transferRoute = async (req, res) => {
      fromAccount,
      toAccount,
      toAccountType,
-      amount
+      amount,
+      req.user
    );

    if (result.status === 'O.K.') {
--- a/src/services/beneficiary.service.js
+++ b/src/services/beneficiary.service.js
@@ -44,6 +44,16 @@ async function getSingleBeneficiary(customerNo, accountNo) {
  return result.rows[0];
 }

+async function deleteBeneficiary(customerNo, beneficiaryAccountNo) {
+  const queryStr =
+    'DELETE FROM beneficiaries WHERE customer_no = $1 AND account_no = $2';
+  const result = await db.query(queryStr, [customerNo, beneficiaryAccountNo]);
+  if (result.rowCount == 0) {
+    throw new Error('ACCOUNT_NOT_FOUND');
+  }
+  return;
+}
+
 async function getAllBeneficiaries(customerNo) {
  const queryStr =
    'SELECT b.account_no, b.name, b.account_type, b.ifsc_code, i.bank_name, i.branch_name FROM beneficiaries b JOIN ifsc_details i ON b.ifsc_code = i.ifsc_code WHERE customer_no = $1';
@@ -66,4 +76,5 @@ module.exports = {
  validateOutsideBank,
  getAllBeneficiaries,
  getSingleBeneficiary,
+  deleteBeneficiary,
 };
--- a/src/services/recordkeeping.service.js
+++ b/src/services/recordkeeping.service.js
@@ -0,0 +1,52 @@
+const db = require('../config/db');
+
+const recordIntraBankTransaction = async (
+  customerNo,
+  fromAccount,
+  toAccount,
+  accountType,
+  amount,
+  status
+) => {
+  const trxType = 'TRF';
+  const query =
+    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, to_account_type, amount, status) VALUES ($1, $2, $3, $4, $5, $6, $7)';
+  await db.query(query, [
+    customerNo,
+    trxType,
+    fromAccount,
+    toAccount,
+    accountType,
+    amount,
+    status,
+  ]);
+};
+const recordInterBankTransaction = async (
+  customerNo,
+  trxType,
+  fromAccount,
+  toAccount,
+  ifscCode,
+  amount,
+  commission,
+  beneficiaryName,
+  remitterName,
+  status
+) => {
+  const query =
+    'INSERT INTO transactions (customer_no, trx_type, from_account, to_account, ifsc_code, amount, commission, beneficiary_name, remitter_name, status) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)';
+  await db.query(query, [
+    customerNo,
+    trxType,
+    fromAccount,
+    toAccount,
+    ifscCode,
+    amount,
+    commission,
+    beneficiaryName,
+    remitterName,
+    status,
+  ]);
+};
+
+module.exports = { recordIntraBankTransaction, recordInterBankTransaction };
--- a/src/util/logger.js
+++ b/src/util/logger.js
@@ -1,6 +1,19 @@
 const pino = require('pino');
+const fs = require('fs');
+const path = require('path');
+
 const isDev = process.env.NODE_ENV !== 'production';

+const logDir = path.join(__dirname, '../..', 'logs');
+if (!fs.existsSync(logDir)) {
+  fs.mkdirSync(logDir);
+}
+
+const requestLoggerStream = pino.destination({
+  dest: path.join(logDir, 'requests.log'),
+  sync: false,
+});
+
 const logger = pino({
  transport: isDev
    ? {
@@ -15,8 +28,12 @@ const logger = pino({
  level: isDev ? 'debug' : 'info',
 });

-const requestLogger = (req, _res, next) => {
-  logger.info(`${req.method} ${req.url}`);
-  next();
-};
+const requestLogger = pino(
+  {
+    level: 'info',
+    base: null,
+  },
+  requestLoggerStream
+);
+
 module.exports = { logger, requestLogger };
Author	SHA1	Message	Date
asif	2516ff5f4c	added helmet for security	2025-09-09 02:11:43 +05:30
asif	3da77cf97a	feat: added account balance in statement	2025-09-08 20:32:19 +05:30
asif	f675f1561a	feat: added transactions record keeping feature	2025-09-08 20:04:55 +05:30
asif	05068634fe	added empty string as default narration value in transfer	2025-09-08 16:33:03 +05:30
asif	50753295b4	changed the directory of log directory	2025-08-29 15:49:35 +05:30
asif	454553adbb	added log files in .gitignore	2025-08-29 15:40:36 +05:30
asif	077d48c7f0	added logger for logging all kinds of requests with headers, body, ip and other data	2025-08-29 15:40:11 +05:30
asif	c8efe8d75a	fix: check if password is not null on login req	2025-08-29 13:40:57 +05:30
asif	484a0dd51a	added beneficiary deletion feature	2025-08-27 12:32:25 +05:30