🛡️ AutoSecure

Automobile Insurance & License Management Platform

A full-stack enterprise application for managing insurance policies, driving license records, analytics, and business operations — built with Next.js 16, Express 5, and MongoDB.

---

📋 Overview

AutoSecure is a production-grade insurance management system designed for agencies and brokers to:

• Create & track automobile insurance policies end-to-end
• Manage driving license records with document storage
• Monitor financial metrics, branch performance, and revenue trends
• Automate email notifications with customizable templates
• Export data in Excel/XLSX format for reporting
• Control access with role-based permissions and two-factor authentication

---

✨ Features

📄 Policy Management

• Multi-step policy creation wizard
• Customer, vehicle, nominee, and premium detail capture
• Previous policy tracking with NCB history
• Document uploads (Aadhaar, PAN, other docs) to cloud storage
• Payment tracking with multi-mode split payments
• Auto-calculated profit and extra amount fields
• Advanced filtering by status, type, branch, date range
• Full-text search across customer, email, and registration number

🪪 License Management

• Driving license record CRUD
• Faceless / Non-faceless / Reminder categorization
• Approval workflow tracking
• Financial breakdown (fee, agent fee, customer payment, profit)
• Document attachment support

📊 Analytics Dashboard

• Real-time metric cards (policies, revenue, licenses)
• Monthly trend charts
• Revenue trend visualization
• Policies by status/type distribution
• Branch performance comparison
• License analytics breakdown
• Renewal calendar
• Date-range selectable analytics

👥 User & Admin

• Role-based access control: Owner → Admin → User
• User management (create, activate/deactivate)
• TOTP-based two-factor authentication (2FA)
• Password reset via email OTP
• Audit log tracking for all operations
• Site kill-switch (enable/disable entire platform)
• Configurable meta options (branches, insurance types, companies, cities, etc.)
• Email template management with variable substitution

📤 Data Export

• Export policies and licenses to XLSX
• Filtered export support
• Structured Excel reports with formatting

🔔 Notifications

• In-app notification center
• Email notifications via Brevo / Resend / SMTP
• Customizable email templates per entity type

---

🏗️ Architecture

AutoSecure/
├── backend/              # Express 5 REST API
│   └── src/
│       ├── config/       # Database connection
│       ├── controllers/  # Route handlers (13 controllers)
│       ├── middleware/    # Auth, rate-limit, upload, error, site-check
│       ├── models/       # Mongoose schemas (8 models)
│       ├── routes/       # Express route definitions (12 routers)
│       ├── scripts/      # DB init, seed, migration scripts
│       ├── services/     # Business logic (email, storage, JWT, TOTP, audit)
│       ├── types/        # TypeScript declarations
│       ├── utils/        # Error classes, validators, async handler
│       └── server.ts     # App entry point
│
├── frontend/             # Next.js 16 App Router
│   ├── app/
│   │   ├── (auth)/       # Login, forgot-password, verify-totp
│   │   └── (dashboard)/  # Dashboard, policies, licenses, exports, admin, profile
│   ├── components/
│   │   ├── admin/        # User & meta management tables
│   │   ├── dashboard/    # Metric cards, charts, calendar, notifications
│   │   ├── layout/       # Sidebar, Topbar, SiteStatusBanner
│   │   ├── licenses/     # License table, form, filters, email modal
│   │   ├── policies/     # Policy table, wizard, filters, email modal
│   │   └── ui/           # 18 reusable UI primitives
│   └── lib/
│       ├── api/          # Axios API client modules (12 modules)
│       ├── context/      # Auth, Navigation, Privacy, PolicyForm contexts
│       ├── hooks/        # Custom React hooks (analytics, auth, meta, etc.)
│       ├── theme/        # Theming utilities
│       ├── types/        # Frontend type definitions
│       └── utils/        # Constants and helpers
│
├── tsconfig.base.json    # Shared TypeScript config
├── .eslintrc.js          # Root ESLint config
└── .prettierrc           # Prettier config

---

🛠️ Tech Stack

Layer	Technology
Frontend	Next.js 16, React 19, TypeScript 5
Styling	Tailwind CSS 3.4, Framer Motion
State	React Context, SWR
Forms	React Hook Form + Zod validation
Charts	Recharts
UI	Headless UI, Heroicons
Backend	Express 5, TypeScript 5
Database	MongoDB via Mongoose 8
Auth	JWT (access/refresh), TOTP (Speakeasy), bcrypt
Storage	AWS S3 / Cloudflare R2
Email	Brevo, Resend, Nodemailer (SMTP)
Security	Helmet, CORS, Rate Limiting, CSP
Exports	ExcelJS (backend), SheetJS (frontend)

---

🚀 Getting Started

Prerequisites

• Node.js ≥ 18
• MongoDB instance (local or Atlas)
• npm or pnpm

1. Clone

git clone https://github.com/VortexDevX/AutoSecure.git
cd AutoSecure

2. Backend Setup

cd backend
npm install

Create backend/.env:

PORT=5000
NODE_ENV=development
MONGODB_URI=mongodb://localhost:27017/autosecure
JWT_ACCESS_SECRET=your-access-secret
JWT_REFRESH_SECRET=your-refresh-secret
FRONTEND_URL=http://localhost:3000

# Storage (S3 / R2)
S3_BUCKET_NAME=your-bucket
S3_REGION=auto
S3_ENDPOINT=https://your-account.r2.cloudflarestorage.com
S3_ACCESS_KEY=your-access-key
S3_SECRET_KEY=your-secret-key

# Email (pick one or more)
BREVO_API_KEY=your-brevo-key
RESEND_API_KEY=your-resend-key
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=user@example.com
SMTP_PASS=password
EMAIL_FROM=noreply@autosecure.com

Initialize database and seed:

npm run db:init
npm run db:seed

Start dev server:

npm run dev

3. Frontend Setup

cd frontend
npm install

Create frontend/.env.local:

NEXT_PUBLIC_API_URL=http://localhost:5000/api/v1

Start dev server:

npm run dev

App runs at http://localhost:3000.

---

📡 API Reference

Base URL: /api/v1

Module	Endpoint	Description
Auth	POST /auth/login	Login with email + password
	POST /auth/verify-totp	Verify 2FA code
	POST /auth/forgot-password	Request password reset
Policies	GET /policies	List policies (paginated, filterable)
	POST /policies	Create policy
	PATCH /policies/:id	Update policy
	DELETE /policies/:id	Delete policy
Licenses	GET /licenses	List license records
	POST /licenses	Create license record
	PATCH /licenses/:id	Update license record
Analytics	GET /analytics/summary	Dashboard metrics
	GET /analytics/trends	Monthly trends
	GET /analytics/branch-performance	Branch comparison
Users	GET /users	List users (admin)
	POST /users	Create user (admin)
Exports	GET /exports/policies	Export policies to XLSX
	GET /exports/licenses	Export licenses to XLSX
Files	POST /files/upload	Upload document to S3/R2
Emails	POST /emails/send	Send email from template
Settings	GET /settings	Get site settings
	PATCH /settings	Update site settings (owner)
Audit Logs	GET /audit-logs	View audit trail (admin)
Meta	GET /meta	Get dropdown/config options

All routes except /auth/* require Authorization: Bearer <token> header.

---

🔒 Security

Feature	Implementation
Authentication	JWT access + refresh token pair
2FA	TOTP via Speakeasy (Google Authenticator compatible)
Password	bcrypt hashing (cost factor 12)
Rate Limiting	express-rate-limit on all API routes
Headers	Helmet with CSP, HSTS, X-XSS-Protection
CORS	Whitelist-based origin validation
Input Validation	express-validator + Zod schemas
File Upload	Multer with type/size restrictions
Audit Trail	All mutations logged with user, action, timestamp
Site Kill-Switch	Owner can disable entire platform via settings
Password Reset	OTP via email with expiry + attempt limits

---

📜 Available Scripts

Backend (/backend)

Script	Description
npm run dev	Start dev server with hot reload (tsx watch)
npm run build	Compile TypeScript to dist/
npm start	Run production build
npm run db:init	Initialize database collections
npm run db:seed	Seed meta options (branches, types, etc.)
npm run db:migrate-policy	Run policy field migrations
npm run test:email	Test email service configuration

Frontend (/frontend)

Script	Description
npm run dev	Start Next.js dev server
npm run build	Production build
npm start	Serve production build
npm run lint	Run ESLint

---

🗃️ Data Models

Model	Purpose
User	Accounts with email, role (owner/admin/user), TOTP, active flag
Policy	Insurance policies with full customer, vehicle, premium, payment data
LicenseRecord	Driving license records with documents and financial tracking
AuditLog	Immutable log of all system operations
EmailLog	Record of sent emails
EmailTemplate	Customizable email templates with variable placeholders
Meta	Dynamic dropdown options (branches, insurance types, companies, cities)
SiteSettings	Global platform configuration and kill-switch

---

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit changes (git commit -m 'Add amazing feature')
4. Push to branch (git push origin feature/amazing-feature)
5. Open a Pull Request

---

Built with ❤️ by VortexDevX