A backend-focused MERN stack application for secure, atomic money transfers with complete transaction auditability.
This is a full-stack money transfer system built to handle user registration, authentication, wallet balance management, and secure peer-to-peer money transfers. The project is split into two main parts: a Node.js + Express backend API with MongoDB, and a React frontend dashboard.
The core focus of this system is transaction safety and data consistency. Specifically, it implements MongoDB transactions and sessions to ensure atomic balance updates and maintains an immutable audit log for every successful transfer. This guarantees that either all transfer operations succeed or none do, preventing partial or inconsistent states.
Instead of numeric user IDs, the system uses email addresses (Gmail IDs) as unique identifiers, mirroring real-world digital payment systems.
https://github.com/Eepsita12/PaySecure
Users can register using their email address and password.
Registered users can log in and receive a JWT token for authenticated access.
The dashboard displays the current wallet balance and the payment element.
Users can transfer money by entering the receiver’s email address and transfer amount.
Users can view all sent and received transactions with timestamps.
a. Authentication & Authorization
- Users are authenticated using JWT tokens generated during login.
- Tokens include the user’s email and expiration metadata.
- All sensitive routes are protected via JWT middleware.
b. Transaction Handling & Atomicity
- Money transfers are executed inside MongoDB sessions and transactions.
- The balance amount is set to Rs. 1000 by default for mocking transactions.
- Sender balance deduction and receiver balance credit occur atomically.
- If any step fails, the entire transaction is rolled back automatically.
c. Audit Log System
- Each successful transfer generates an immutable audit log entry.
- Audit logs store sender email, receiver email, transfer amount, timestamp, and status.
- Logs are stored in a separate collection for traceability and integrity.
d. Data Validation
- Validations ensure sender and receiver existence.
- Prevents transfers with insufficient balance or invalid amounts.
- Ensures transaction correctness before execution.
e. Error Handling
- Centralized error responses for authentication, validation, and transfer failures.
- Clear error messages for insufficient balance, invalid users, and unauthorized access.
a. API Integration
- Axios is used for HTTP requests.
- JWT tokens are attached to requests via the
Authorizationheader.
b. Routing & Route Protection
- Client-side routing handled using
react-router-dom. - Protected routes ensure only authenticated users can access the dashboard.
- Unauthorized users are redirected to the login page.
c. State Management & UI Updates
- React Hooks (
useState,useEffect) manage application state. - Wallet balance and transaction history refresh automatically after transfers.
d. UI & Feedback
- Clean and responsive UI for transfers and transaction viewing.
- Success and error messages displayed based on API responses.
Follow these instructions to get the project up and running on your local machine.
cd backend
npm install
npm run devcd frontend
npm install
npm startCreate a .env file in the backend directory:
env
MONGO_URI=your_mongodb_connection_string
JWT_SECRET=your_jwt_secret| Endpoint | Method | Auth Required | Request Body (JSON) | Description & Key Logic |
|---|---|---|---|---|
| /api/register | POST | ❌ No | {"email": "...", "password": "..."} | Registers a new user account. |
| /api/login | POST | ❌ No | {"email": "...", "password": "..."} | Authenticates user and returns a JWT token. |
| /api/transfer | POST | ✅ Yes | {"receiverEmail": "...", "amount": number} | Performs an atomic money transfer. |
| /api/transactions | GET | ✅ Yes | None | Fetches transaction history for the user. |
This section documents how AI tools were used during development, along with a transparent evaluation of their effectiveness. Final implementation decisions, validations, and refinements were performed manually.
Tool Used: ChatGPT
Score: ⭐⭐⭐ (3 / 5)
- Assisted in designing MongoDB transaction flows using sessions.
- Helped conceptualize atomic balance updates for sender and receiver.
- Provided guidance on rollback safety during failed transfers.
- While the AI helped with overall transaction structure, manual debugging was required to correctly manage session lifecycles.
- Edge cases such as partial failures and proper error propagation needed human intervention.
- Final correctness and reliability depended heavily on manual testing and refinements.
Tool Used: ChatGPT
Score: ⭐⭐⭐ (3 / 5)
- Assisted in structuring JWT-based authentication logic.
- Helped outline middleware for route protection.
- Suggested token verification and authorization flow.
- AI-generated middleware logic required adjustments to align with Express request flow.
- Token decoding and error-handling logic needed manual correction.
- Security-related decisions (status codes, error messages, middleware order) were finalized manually.
Tool Used: Gemini
Score: ⭐⭐⭐⭐⭐ (5 / 5)
- Assisted in implementing real-time UI state updates after transactions.
- Helped synchronize wallet balance and transaction history without page reloads.
- Improved frontend responsiveness and user experience.
- Suggestions were directly applicable and required minimal modification.
- Successfully reduced redundant API calls and improved state consistency.
- Delivered optimal results with little to no manual correction.
Tool Used: ChatGPT
Score: ⭐⭐⭐⭐ (4 / 5)
- Assisted in identifying backend and frontend runtime errors.
- Helped trace issues related to API responses and state mismatches.
- Provided debugging strategies and fixes.
- AI effectively identified most issues, but some bugs required deeper contextual understanding.
- Edge cases and environment-specific errors were resolved manually.
- Final validation and testing remained a human-driven process.
Tool Used: ChatGPT
Score: ⭐⭐⭐⭐ (4 / 5)
- Assisted in structuring project documentation.
- Helped improve clarity, formatting, and technical explanations.
- Ensured assignment requirements were clearly addressed.
- Technical accuracy was reviewed and refined manually.
- Some sections were rewritten to better reflect actual implementation.
- Final documentation tone and content alignment were human-curated.