A modern, secure, and scalable backend for personal finance management
Features • Tech Stack • Getting Started • API Docs • Deployment
- JWT Authentication with access and refresh tokens
- OAuth 2.0 integration (Google, Apple)
- Email verification for new accounts
- Role-based access control (USER, ADMIN)
- Secure password hashing with bcrypt
- Complete user profiles with email, name, and profile picture
- Email verification workflow
- Password reset functionality
- Role-based permissions system
- Track income and expenses with detailed categorization
- Transaction history with filtering and pagination
- Financial summaries with analytics
- Secure transaction processing
- HTTPS enabled
- Rate limiting on authentication endpoints
- CORS protection
- Input validation and sanitization
- Helmet for HTTP headers security
- CSRF protection
| Category | Technologies |
|---|---|
| Core | Node.js, NestJS, TypeScript |
| Database | PostgreSQL, Prisma ORM |
| Auth | JWT, Passport.js, OAuth 2.0 (Google, Apple) |
| APIs | RESTful, Swagger/OpenAPI documentation |
| Security | bcrypt, class-validator, Helmet, CORS, CSRF Protection |
| Dev Tools | ESLint, Prettier, Husky, Jest, Docker |
| Monitoring | Pino for logging |
- Node.js 16+
- npm or yarn
- PostgreSQL 13+
- Redis (for rate limiting)
-
Clone the repository
git clone https://github.com/ragab0/wallet-backend.git cd wallet-backend -
Install dependencies
npm install # or yarn install -
Set up environment variables
cp .env.example .env # general variables NODE_ENV=development DATABASE_URL= PORT=5000 FRONTEND_URL= # jwt variables JWT_SECRET= JWT_ACCESS_EXPIRES_IN= JWT_REFRESH_EXPIRES_IN= # mail variables MAIL_HOST= MAIL_PORT= MAIL_USER= MAIL_PASS= MAIL_FROM= # google variables GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= GOOGLE_CALLBACK_URL= # apple variables APPLE_CLIENT_ID= APPLE_TEAM_ID= APPLE_KEY_ID= APPLE_PRIVATE_KEY_PATH= APPLE_CALLBACK_URL=
-
Database setup
# Run database migrations npx prisma migrate dev # Generate Prisma client npx prisma generate
-
Start the development server
# Development npm run start:dev # Production npm run build npm run start:prod
Interactive API documentation is available when running the application:
- Swagger UI:
http://localhost:${PORT}/docs
Most endpoints require authentication. Include the JWT token in the Authorization header:
Authorization: Bearer your-jwt-token
# Unit tests
npm run test
# E2E tests
npm run test:e2e
# Test coverage
npm run test:cov├── src/
│ ├── auth/ # Authentication module
│ ├── users/ # User management
│ ├── transactions/ # Transaction management
│ ├── common/ # Shared modules and utilities
│ ├── prisma/ # Database schema and migrations
│ └── main.ts # Application entry point
├── test/ # Test files
├── .env.example # Environment variables example
└── package.json # Project dependencies and scripts
POST /auth/signup: Register a new user.POST /auth/login: Log in a user.POST /auth/refresh: Refresh an access token.POST /auth/send-verification: Send a verification email.POST /auth/verify-email: Verify a user's email.GET /auth/google: Initiate Google OAuth.GET /auth/google/callback: Google OAuth callback.
GET /users: Get all users.GET /users/me: Get the current user's profile.PATCH /users/me: Update the current user's profile.DELETE /users/me: Delete the current user's account.PATCH /users/me/password: Change the current user's password.GET /users/:id: Get a user by ID.PATCH /users/:id: Update a user by ID.DELETE /users/:id: Delete a user by ID.
POST /transactions: Create a new transaction.GET /transactions: Get all transactions for the current user.GET /transactions/:id: Get a transaction by ID.PATCH /transactions/:id: Update a transaction by ID.DELETE /transactions/:id: Delete a transaction by ID.
Made with ❤️ by Ragab | 2025