Fintola is a robust backend system designed for financial analytics, featuring a secure Role-Based Access Control (RBAC) architecture. It enables organizations to manage transactions, generate real-time financial insights through MongoDB aggregations, and maintain a strict administrative approval workflow for elevated privileges.
Live URL: https://fintola.onrender.com
For testing purposes, you can use the following admin credentials to access restricted routes:
- Role: Admin
- Email:
codingbudies@gmail.com - Password:
12345678
Note: These credentials provide full access to user management, admin request approvals, and transaction CRUD operations.
- Authentication & Authorization: Secure JWT-based authentication with role-specific access (Viewer, Analyst, Admin).
- Admin Approval Workflow: Automated system where users can request Admin status, subject to approval/rejection by existing admins with integrated email notifications.
- Financial Insights: High-performance analytics including income/expense tracking, category breakdown, and trend analysis using MongoDB Aggregation Pipelines.
- Transaction Management: Full CRUD operations with soft-delete functionality and advanced filtering (category, type, date range).
- User Management: Centralized dashboard for Admins to manage user statuses (Active/Inactive) and update profiles.
- Standardized API: Unified response and error handling patterns for predictable client-side integration.
- Runtime: Node.js
- Framework: Express.js
- Database: MongoDB with Mongoose ODM
- Security: JWT (Authentication), Bcrypt (Password Hashing)
- Email: Custom Mailer Utility with dynamic templates
src/
├── config/ # Database and Environment configurations
├── controllers/ # Request handling logic
├── models/ # Mongoose schemas (User, Transaction, AdminRequest)
├── routes/ # API endpoint definitions
├── middlewares/ # Auth, RBAC, and Global Error handlers
├── utils/ # asyncHandler, ApiError, ApiResponse, Mailer
├── app.js # Express app configuration
└── index.js # Server entry point
| Method | Endpoint | Access | Description |
|---|---|---|---|
POST |
/api/v1/auth/signup |
Public | Register a new user |
POST |
/api/v1/auth/signin |
Public | Login and receive JWT |
POST |
/api/v1/auth/signout |
Authenticated | Invalidate session |
GET |
/api/v1/auth/me |
Authenticated | Get current user profile |
| Method | Endpoint | Access | Description |
|---|---|---|---|
GET |
/api/v1/admin/ |
Admin | Fetch all users |
GET |
/api/v1/admin/requests |
Admin | Get pending admin requests |
PATCH |
/api/v1/admin/requests/:id |
Admin | Approve/Reject admin request |
PATCH |
/api/v1/admin/users/:id/status |
Admin | Toggle user active/inactive |
PATCH |
/api/v1/admin/users/:id |
Admin | Update user details |
| Method | Endpoint | Access | Description |
|---|---|---|---|
POST |
/api/v1/transactions/create |
Admin | Create a new transaction |
GET |
/api/v1/transactions/view |
All | View transactions (Paginated) |
GET |
/api/v1/transactions/insights |
Admin/Analyst | Aggregated financial data |
PATCH |
/api/v1/transactions/:id |
Admin | Update transaction details |
DELETE |
/api/v1/transactions/:id |
Admin | delete transaction |
-
Clone the repository:
git clone https://github.com/your-username/fintola.git cd fintola -
Install dependencies:
npm install
-
Environment Variables: Create a
.envfile in the root directory:PORT=8000 MONGODB_URI=your_mongodb_uri JWT_SECRET=your_secret_key EMAIL_SERVICE=your_email_service EMAIL_USER=your_email EMAIL_PASS=your_email_password
-
Run the application:
# Development mode npm run dev # Production mode npm start
- Aggregation Framework: Insights are generated on-the-fly using MongoDB
aggregate, ensuring data is always fresh and reducing storage overhead. - Global Error Handling: A centralized middleware catches all errors passed via
asyncHandler, returning a consistentApiErrorformat. - Query Parser: Supports complex filtering by category, type, and date range, combined with efficient pagination (
page,limit).
- Only an existing Admin can approve a user's request for Admin privileges.
- "Insights" contain sensitive data and are restricted from users with only the "Viewer" role.
- Deleted transactions are automatically excluded from all Insight calculations and standard view queries.