Skip to content

Latest commit

 

History

History
223 lines (173 loc) · 6.28 KB

File metadata and controls

223 lines (173 loc) · 6.28 KB

Finance Dashboard Backend

A REST API for a finance dashboard system with role-based access control, built with Node.js, Express, and MongoDB.

Tech Stack

Layer Technology
Runtime Node.js (ES Modules)
Framework Express.js
Database MongoDB with Mongoose
Auth JWT
Validation express-validator
API Docs Swagger UI (OpenAPI 3.0)
Testing Jest + Supertest + MongoMemoryServer
Security express-rate-limit

Project Structure

.
├── app.js
├── package.json
├── Readme.md
├── config/
│   └── db.js
├── controller/
│   ├── authController.js
│   ├── dashboardController.js
│   ├── transactionController.js
│   └── userController.js
├── middlewares/
│   ├── auth.js
│   ├── errorHandler.js
│   └── validation.js
├── models/
│   ├── Transaction.js
│   └── User.js
├── routes/
│   ├── authRoutes.js
│   ├── dashboardRoutes.js
│   ├── transactionRoutes.js
│   └── userRoutes.js
├── services/
│   ├── authService.js
│   ├── dashboardService.js
│   ├── transactionService.js
│   └── userService.js
├── swagger/
│   └── swagger.js
├── tests/
│   ├── helpers/
│   │   ├── db.js
│   │   └── factories.js
│   ├── Auth.test.js
│   ├── Dashboard.test.js
│   ├── Transactions.test.js
│   └── Users.test.js
└── utils/
    └── response.js

Setup

Prerequisites

  • Node.js v18 or newer
  • MongoDB local instance

Install

npm install

Environment

Create a .env file in the project root:

PORT=3000
MONGODB_URI=mongodb://localhost:27017/finance_dashboard
JWT_SECRET=your_secure_secret
JWT_EXPIRES_IN=7d
NODE_ENV=development

Database Note (Submission)

  • This submission uses a local MongoDB instance for development and runtime.
  • The default connection in this project is mongodb://localhost:27017/finance_dashboard.
  • MongoDB Atlas is optional and not required for evaluation.

Run

# Development
npm run dev

# Production-like run
npm start
  • API base URL: http://localhost:3000/api
  • Swagger UI: http://localhost:3000/api/docs
  • Health check: http://localhost:3000/health

Role-Based Access Control

Action Viewer Analyst Admin
View transactions Yes Yes Yes
Create/update/delete transactions No No Yes
View dashboard summary/categories/trends/activity No Yes Yes
List and manage users No No Yes

API Overview

Auth

  • POST /api/auth/register
  • POST /api/auth/login
  • GET /api/auth/me

Transactions

  • GET /api/transactions
  • GET /api/transactions/:id
  • POST /api/transactions (admin)
  • PATCH /api/transactions/:id (admin)
  • DELETE /api/transactions/:id (admin, soft delete)

Supported filters on GET /api/transactions:

  • type=income|expense
  • category=...
  • startDate=YYYY-MM-DD
  • endDate=YYYY-MM-DD
  • page=1
  • limit=10
  • sortBy=date
  • sortOrder=asc|desc

Dashboard (analyst and admin)

  • GET /api/dashboard/summary
  • GET /api/dashboard/categories
  • GET /api/dashboard/trends/monthly?months=6
  • GET /api/dashboard/trends/weekly?weeks=8
  • GET /api/dashboard/activity?limit=5

Users (admin)

  • GET /api/users (admin only)
  • GET /api/users/:id (admin only)
  • PATCH /api/users/:id (admin only)
  • PATCH /api/users/:id/deactivate (admin only)

Response Format

Success:

{ "success": true, "message": "...", "data": { } }

Paginated:

{
  "success": true,
  "message": "...",
  "data": [],
  "pagination": { "total": 100, "page": 1, "limit": 10, "totalPages": 10 }
}

Error:

{ "success": false, "message": "...", "errors": [] }

Testing

Tests use an in-memory MongoDB instance.

  • Runtime API uses local MongoDB from .env.
  • Test suite uses MongoMemoryServer and does not require an external database.
npm test
npm run test:coverage

Current automated coverage in this repository includes:

  • Auth flows: register, login, protected profile, token validation, duplicate/invalid input handling, expired/invalid token scenarios
  • Transaction flows: CRUD, filtering, pagination, soft delete behavior, and role-based restrictions
  • Dashboard flows: summary analytics, category breakdown, trends (monthly/weekly), recent activity, and role-based restrictions
  • User management flows: admin-only list/get/update/deactivate paths, self-deactivate protection, role restrictions, and invalid ID/validation handling

Latest run status: 4 test suites, 66 tests passing.

Testing Matrix (Assignment Coverage)

Assignment Requirement API/Behavior Coverage Test Files
1. User and Role Management Register/login/profile flow, admin-only user listing/get/update/deactivate behavior, and self-deactivate protection tests/Auth.test.js, tests/Users.test.js
2. Financial Records Management Transaction CRUD, filtering, pagination, soft-delete semantics, invalid ID and validation handling tests/Transactions.test.js
3. Dashboard Summary APIs Summary totals, category breakdown, monthly trends, weekly trends, recent activity limits/sorting tests/Dashboard.test.js
4. Access Control Logic Viewer/Analyst/Admin enforcement across transactions, dashboard, and user-management routes tests/Auth.test.js, tests/Transactions.test.js, tests/Dashboard.test.js, tests/Users.test.js
5. Validation and Error Handling Input validation failures, duplicate conflicts, unauthorized/forbidden states, not-found and invalid token scenarios tests/Auth.test.js, tests/Transactions.test.js, tests/Users.test.js
6. Data Persistence Behavior MongoDB-backed route tests via in-memory MongoDB, including model constraints and service logic behavior tests/helpers/db.js, all route test suites

Design Notes

  • Service layer contains business logic.
  • Controllers are thin and focused on request/response handling.
  • Transactions use soft delete (isDeleted) to preserve history.
  • Dashboard endpoints use MongoDB aggregation for summary analytics.
  • Passwords are hashed with bcrypt before storage.
  • Centralized error handling is implemented in middleware.