DebelaH/Yaltopia-Tickets-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
968fd26252
Yaltopia-Tickets-Backend/README.md

409 lines
12 KiB
Markdown
Raw Blame History

# Yaltopia Tickets Backend API
Enterprise-grade backend service for ticket and receipt verification system with advanced authentication, role-based access control, and universal database adapter architecture.
## Overview
This API provides a robust foundation for ticket verification systems with enterprise-level security, scalability, and maintainability. Built with modern TypeScript and NestJS framework, it features a unique universal adapter pattern that allows seamless switching between different database providers without code changes.
## Core Features
### Authentication & Security
- **JWT-based Authentication** with configurable expiration
- **Multi-factor Authentication** via OTP integration
- **Role-based Access Control (RBAC)** with hierarchical permissions
- **Password Security** with bcrypt hashing
- **API Documentation** with Swagger/OpenAPI 3.0
### User Management
- **Hierarchical Role System**: System Admin → Business Owner → Staff → Auditor
- **Granular Permissions** with role-based endpoint access
- **User Lifecycle Management** with soft deletion
- **Team Management** capabilities for business owners
### Architecture Highlights
- **Universal Database Adapter** - Switch between PostgreSQL, MongoDB, or other providers
- **Provider-Agnostic Design** - No vendor lock-in
- **Microservice-Ready** architecture with modular design
- **Production-Grade** error handling and logging
- **Type-Safe** implementation with comprehensive TypeScript coverage
## Technology Stack
| Component | Technology | Version |
|-----------|------------|---------|
| **Runtime** | Node.js | 18+ |
| **Framework** | NestJS | 10.x |
| **Language** | TypeScript | 5.1+ |
| **Database** | PostgreSQL | 13+ |
| **ORM** | Prisma | 5.7+ |
| **Cache** | Redis | 6+ |
| **Queue** | BullMQ | 4.x |
| **Authentication** | JWT + Supabase | Latest |
| **Documentation** | Swagger/OpenAPI | 3.0 |
| **Testing** | Jest | 29+ |
## Getting Started
### Prerequisites
Ensure your development environment meets these requirements:
- **Node.js** 18.0 or higher
- **PostgreSQL** 13.0 or higher
- **Redis** 6.0 or higher
- **npm** or **yarn** package manager
### Installation
1. **Clone the repository**
```bash
git clone https://gitea.yaltopia.com/DebelaH/Yaltopia-Tickets-Backend.git
cd Yaltopia-Tickets-Backend
```
2. **Install dependencies**
```bash
npm install
```
3. **Environment configuration**
```bash
cp .env.example .env
```
Configure the following required environment variables:
```env
DATABASE_URL="postgresql://username:password@localhost:5432/database_name"
JWT_SECRET="your-secure-jwt-secret-key"
SUPABASE_URL="https://your-project.supabase.co"
SUPABASE_ANON_KEY="your-supabase-anon-key"
REDIS_URL="redis://localhost:6379"
```
4. **Database setup**
```bash
npx prisma generate
npx prisma db push
```
5. **Start the application**
```bash
# Development
npm run start:dev
# Production
npm run build
npm run start:prod
```
The API will be available at `http://localhost:3000` with documentation at `http://localhost:3000/api`
## API Documentation
### Authentication Endpoints
| Method | Endpoint | Description | Access |
|--------|----------|-------------|---------|
| `POST` | `/api/v1/auth/login` | User authentication | Public |
| `POST` | `/api/v1/auth/register` | User registration | Admin Only |
| `POST` | `/api/v1/auth/request-otp` | Request OTP verification | Public |
| `POST` | `/api/v1/auth/verify-otp` | Verify OTP and authenticate | Public |
| `GET` | `/api/v1/auth/profile` | Get current user profile | Authenticated |
| `GET` | `/api/v1/auth/validate` | Validate JWT token | Authenticated |
### User Management Endpoints
| Method | Endpoint | Description | Access |
|--------|----------|-------------|---------|
| `GET` | `/api/v1/users` | List users (role-filtered) | Authenticated |
| `GET` | `/api/v1/users/:id` | Get user by ID | Authenticated |
| `POST` | `/api/v1/users/staff` | Create staff/auditor | Owner+ |
| `PATCH` | `/api/v1/users/:id` | Update user | Owner+ |
| `DELETE` | `/api/v1/users/:id` | Deactivate user | Owner+ |
| `GET` | `/api/v1/users/my-staff` | Get owner's staff | Owner+ |
## Role-Based Access Control
### Role Hierarchy
```
System Admin (Level 4)
├── Full system access
├── Manage all users and data
└── System configuration
Business Owner (Level 3)
├── Create and manage staff
├── View business reports
├── Manage business data
└── Verify transactions
Staff (Level 2)
├── Upload and process tickets
├── View assigned data
└── Basic verification tasks
Auditor (Level 1)
├── Read-only access to reports
├── View tickets for auditing
└── No modification permissions
```
### Permission Matrix
| Action | System Admin | Business Owner | Staff | Auditor |
|--------|:------------:|:--------------:|:-----:|:-------:|
| Create Users | ✅ | ✅ (Staff only) | ❌ | ❌ |
| View All Users | ✅ | ✅ (Own staff) | ❌ | ❌ |
| Modify Users | ✅ | ✅ (Own staff) | ❌ | ❌ |
| View Reports | ✅ | ✅ (Own business) | ❌ | ✅ (Read-only) |
| System Config | ✅ | ❌ | ❌ | ❌ |
## Architecture
### Universal Database Adapter
The system implements a unique universal adapter pattern that provides database-agnostic operations:
```typescript
// Switch providers with environment variables only
DATABASE_PROVIDER=prisma # PostgreSQL with Prisma
DATABASE_PROVIDER=supabase # Supabase (PostgreSQL + Auth)
DATABASE_PROVIDER=mongodb # MongoDB (Future)
```
**Benefits:**
- **Zero Code Changes** when switching providers
- **No Vendor Lock-in** - migrate between services seamlessly
- **Future-Proof** architecture for evolving requirements
- **Cost Optimization** - switch to most cost-effective provider
### Project Structure
```
src/
├── features/ # Feature-based modules
│ ├── auth/ # Authentication & authorization
│ │ ├── guards/ # JWT and role guards
│ │ ├── strategies/ # Passport strategies
│ │ └── dto/ # Data transfer objects
│ └── users/ # User management
│ ├── dto/ # User DTOs
│ └── services/ # Business logic
├── shared/ # Shared utilities and services
│ ├── adapters/ # Universal database adapter
│ ├── repositories/ # Data access layer
│ ├── factories/ # Provider factories
│ ├── interfaces/ # Type definitions
│ ├── services/ # Shared services (Redis, Prisma)
│ ├── guards/ # Authentication guards
│ ├── decorators/ # Custom decorators
│ └── config/ # Configuration modules
└── prisma/ # Database schema and migrations
```
## Database Schema
### Core Entities
```sql
-- Users table with role-based access
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR UNIQUE NOT NULL,
password_hash VARCHAR NOT NULL,
role user_role NOT NULL,
full_name VARCHAR NOT NULL,
is_active BOOLEAN DEFAULT true,
created_by UUID REFERENCES users(id),
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
-- Enum for user roles
CREATE TYPE user_role AS ENUM (
'SYSTEM_ADMIN',
'BUSINESS_OWNER',
'STAFF',
'AUDITOR'
);
```
## Development
### Available Scripts
```bash
# Development
npm run start:dev # Start with hot reload
npm run start:debug # Start with debugging
# Production
npm run build # Build for production
npm run start:prod # Start production server
# Database
npm run prisma:generate # Generate Prisma client
npm run prisma:push # Push schema to database
npm run prisma:migrate # Run database migrations
npm run prisma:studio # Open Prisma Studio
# Code Quality
npm run lint # Run ESLint
npm run format # Format code with Prettier
npm run test # Run unit tests
npm run test:e2e # Run end-to-end tests
npm run test:cov # Run tests with coverage
# Provider Management
npm run migrate:provider # Migrate between database providers
npm run health:check # Check system health
```
### Environment Configuration
#### Development Environment
```env
NODE_ENV=development
PORT=3000
DATABASE_PROVIDER=prisma
DATABASE_URL="postgresql://user:pass@localhost:5432/yaltopia_dev"
JWT_SECRET="dev-secret-key"
REDIS_URL="redis://localhost:6379"
```
#### Production Environment
```env
NODE_ENV=production
PORT=3000
DATABASE_PROVIDER=prisma
DATABASE_URL="postgresql://user:pass@prod-db:5432/yaltopia_prod"
JWT_SECRET="secure-production-secret"
REDIS_URL="redis://prod-redis:6379"
```
## Security Features
### Authentication Security
- **JWT Tokens** with configurable expiration
- **Password Hashing** using bcrypt with salt rounds
- **OTP Verification** for enhanced security
- **Role-based Route Protection** with guards
### API Security
- **CORS Protection** with configurable origins
- **Request Validation** using class-validator
- **Rate Limiting** (recommended for production)
- **Helmet.js** for security headers
- **Input Sanitization** to prevent injection attacks
### Data Security
- **Environment Variable Protection** - no secrets in code
- **Database Connection Encryption** with SSL
- **Audit Logging** for sensitive operations
- **Soft Deletion** to maintain data integrity
## Deployment
### Docker Deployment
```dockerfile
# Production Dockerfile
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY dist ./dist
EXPOSE 3000
CMD ["node", "dist/main"]
```
### Environment Setup
1. **Database Setup**
```bash
# PostgreSQL with Docker
docker run -d \
--name yaltopia-postgres \
-e POSTGRES_DB=yaltopia \
-e POSTGRES_USER=admin \
-e POSTGRES_PASSWORD=secure_password \
-p 5432:5432 \
postgres:13
```
2. **Redis Setup**
```bash
# Redis with Docker
docker run -d \
--name yaltopia-redis \
-p 6379:6379 \
redis:6-alpine
```
3. **Application Deployment**
```bash
# Build and deploy
npm run build
npm run start:prod
```
## Monitoring & Observability
### Health Checks
- **Database Connectivity** monitoring
- **Redis Connection** status
- **Service Dependencies** health verification
- **API Response Time** tracking
### Logging
- **Structured Logging** with Winston
- **Request/Response Logging** for debugging
- **Error Tracking** with stack traces
- **Performance Metrics** collection
## Contributing
### Development Workflow
1. **Fork the repository**
2. **Create a feature branch**
```bash
git checkout -b feature/your-feature-name
```
3. **Make your changes**
4. **Run tests and linting**
```bash
npm run test
npm run lint
```
5. **Commit your changes**
```bash
git commit -m "feat: add your feature description"
```
6. **Push to your fork**
7. **Create a Pull Request**
### Code Standards
- **TypeScript** strict mode enabled
- **ESLint** configuration enforced
- **Prettier** for code formatting
- **Conventional Commits** for commit messages
- **Unit Tests** required for new features
## Support & Maintenance
### Version Support
- **Current Version**: 1.0.0
- **Node.js**: 18.x LTS (recommended)
- **Database**: PostgreSQL 13+ (primary), MongoDB (future)
- **Security Updates**: Applied within 48 hours
### Contact Information
- **Development Team**: Yaltopia Backend Team
- **Repository**: https://gitea.yaltopia.com/DebelaH/Yaltopia-Tickets-Backend
- **Issues**: Use GitHub Issues for bug reports and feature requests
---
**© 2025 Yaltopia. All rights reserved.**
Reference in New Issue View Git Blame Copy Permalink