🏦 BE Banking App — Node.js + TypeScript API

🚀 Features

• User registration & login (JWT authentication)

• Password hashing with bcrypt

• Update profile image (with file upload + validation)

• Deposit, withdraw, transfer money

• Transaction history

• Input validation using Zod

• Request sanitization & error handling

• Rate limiting for API protection

• Centralized constants for all magic numbers

• Dev-only reset utilities (clear DB, clear uploads)

🛠 Tech Stack

• Node.js

• Express

• TypeScript

• MongoDB + Mongoose

• Zod (validation)

• Multer (file uploads)

• JWT (jsonwebtoken) for auth

• bcryptjs (password hashing)

• express-rate-limit

• sanitize-html

• morgan (logging)

• dotenv (environment variables)

All other installed packages support these main technologies and are listed in the package.json.

📁 Project Structure

Updated to match the screenshot:

src
│
├── config
│ ├── constants.ts
│ └── env.ts
│
├── db
│ └── connect.ts
│
├── errors
│ └── AppError.ts
│
├── middlewares
│ ├── auth.ts
│ ├── errorHandler.ts
│ ├── notFound.ts
│ ├── rateLimiter.ts
│ ├── sanitize.ts
│ ├── upload.ts
│ └── validateRequest.ts
│
├── modules
│ ├── auth
│ │ ├── auth.controller.ts
│ │ ├── auth.routes.ts
│ │ ├── auth.schema.ts
│ │ └── auth.types.ts
│ │
│ ├── dev
│ │ ├── dev.controller.ts
│ │ └── dev.routes.ts
│ │
│ ├── transactions
│ │ ├── transaction.controller.ts
│ │ ├── transaction.model.ts
│ │ ├── transaction.routes.ts
│ │ ├── transaction.schema.ts
│ │ ├── transaction.service.ts
│ │ └── transaction.types.ts
│ │
│ └── users
│ ├── user.controller.ts
│ ├── user.model.ts
│ └── user.routes.ts
│
├── utils
│ ├── clearUploads.ts
│ ├── helpers.ts
│ └── sendResponse.ts
│
├── app.ts
└── index.ts

⚙️ Environment Variables

Create a .env file in the root:

PORT=4000
MONGO_URI=<MONGODB_ATLAS_CONNECTION_STRING>
JWT_SECRET=super-secret-key
NODE_ENV=development

All tunable values live in:

src/config/constants.ts

Example constants:

export const TRANSACTION_LIMITS = {
  MAX_SINGLE_TRANSFER: 100_000, // KWD
};

export const RATE_LIMITER = {
  WINDOW_MS: 5 * 60 * 1000, // 5 minutes
  MAX_REQUESTS: 100, // per window per IP
};

export const FILE_UPLOAD = {
  UPLOAD_DIR: "uploads",
  MAX_IMAGE_SIZE_MB: 5 * 1024 * 1024, // 5MB
  ALLOWED_IMAGE_TYPES: ["image/jpeg", "image/png", "image/webp"],
};

export const USERNAME = {
  MIN: 3, // 3 characters
  MAX: 20, // 20 characters
};

export const PASSWORD = {
  MIN: 6, //  6 characters
};

export const SECURITY = {
  BCRYPT_SALT_ROUNDS: 10, // default recommended cost
};

export const JWT_EXPIRES_IN = "7d"; // 7 days || 7 * 24 * 60 * 60

This centralizes all configurable limits and rules, allowing us to update them without modifying the underlying codebase.

🧪 Dev Tools APIs (Development Mode Only)

These routes exist only in development:

/api/dev-tools/clear-users
/api/dev-tools/clear-transactions
/api/dev-tools/clear-uploads
/api/dev-tools/all

Purpose:

• Reset the database instantly

• Remove all uploaded files

• Start fresh without dropping collections manually

⚠️ These routes should NEVER be enabled in production. They are mounted only when:

if (process.env.NODE_ENV === "development") {
app.use("/api/dev-tools", devRouter);
}

▶️ Running the Project Locally

Clone the repository

git clone <repo-url>
cd BE-Banking-Express-App

Install dependencies

npm install

Create a .env file Copy .env.example (if available), or create your own:

NODE_ENV=development
PORT=4000
MONGO_URI=<MONGODB_ATLAS_CONNECTION_STRING>
JWT_SECRET=<YOUR_SECRET>

Important: This project uses MongoDB Atlas (online cluster). You must whitelist your IP address in the Atlas dashboard:

Network Access → Add IP Address → Add your current IP

Otherwise, the backend cannot connect, and you’ll get ECONN... connection errors.

Start the development server

npm run dev

Visit the API at:

http://localhost:4000/api

🧯 Resetting the App Before a New Cohort or Demo

This project includes development-only cleanup APIs. They are not included in the Postman collection and not available in production.

You can use them locally or on a development Dokku deployment to reset the environment before starting a new cohort or giving a demo.

These endpoints allow you to:

• 🧹 Clear all users

• 💸 Clear all transactions

• 🗑️ Clear all uploaded images

• 🔥 Clear everything at once

Development-Only Reset APIs

Title	Method	Endpoint	Description
Clear All Users	DELETE	/api/dev-tools/clear-users	Deletes ALL users from DB
Clear All Transactions	DELETE	/api/dev-tools/clear-transactions	Deletes ALL transactions
Clear Uploads Folder	DELETE	/api/dev-tools/clear-uploads	Deletes all images under /uploads
Clear Everything	DELETE	/api/dev-tools/clear-all	Runs all cleanup actions at once

⚠️ These routes must only run in NODE_ENV=development. They will not be mounted in production, even if accidentally deployed.

API Endpoints (Student-Facing)

These are the APIs students will actually use in the project.

Title	Method	Endpoint	Data Required	Login Required
Register	POST	/api/auth/register	username, password, image	❌ No
Login	POST	/api/auth/login	username, password	❌ No
Get Your Profile	GET	/api/auth/me	None	✅ Yes
Get Your Transactions	GET	/api/transactions/my	None	✅ Yes
Get All Users	GET	/api/auth/users	None	✅ Yes
Get User by ID	GET	/api/auth/users/:userId	None	✅ Yes
Update Your Profile Image	PUT	/api/auth/profile	image	✅ Yes
Deposit to Your Account	POST	/api/transactions/deposit	amount	✅ Yes
Withdraw From Your Account	POST	/api/transactions/withdraw	amount	✅ Yes
Transfer to Another User	POST	/api/transactions/transfer	amount, toUserId	✅ Yes