💰 Finance Data Processing Backend

A production-ready backend system for managing financial records with role-based access control, authentication, and analytics dashboard.

---

📌 Overview

This project implements a backend system for managing financial transactions with:

• User and role management (RBAC)
• Secure authentication using JWT
• Financial record CRUD operations
• Dashboard analytics APIs
• Production-level enhancements (pagination, soft delete, rate limiting)

Built using:

• FastAPI
• PostgreSQL
• SQLAlchemy ORM

---

🏗️ Architecture

The system follows a layered architecture:

Route Layer → Service Layer → Repository Layer → Database

Responsibilities

• Routes: Handle HTTP requests/responses
• Services: Business logic and orchestration
• Repositories: Database interaction
• Schemas: Data validation and serialization

---

👥 User Roles & Access Control

Role	Permissions
Admin	Full access (users + transactions + dashboard)
Analyst	Create & view transactions, access insights
Viewer	Read-only access (dashboard + transactions)

RBAC Implementation

• Centralized via dependency (require_roles)
• Data-level control implemented in service layer (dashboard shaping)

---

🔐 Authentication

• JWT-based authentication
• Token generation on login
• Secure endpoints using HTTP Bearer token

---

📦 Features

1. User Management

• Create users (Admin only)
• Update role and active status
• Enforce active/inactive users

---

2. Financial Records (Transactions)

Supports:

• Create
• Read
• Update
• Soft Delete

Additional:

• Filtering (date, category, type)
• Pagination
• Search support

---

3. Dashboard APIs

Provides:

• Total income
• Total expenses
• Net balance
• Category-wise totals
• Monthly trends
• Recent transactions

Role-based dashboard:

• Viewer → basic summary
• Analyst → insights
• Admin → full analytics

---

⚙️ Optional Enhancements Implemented

• ✅ JWT Authentication
• ✅ Pagination
• ✅ Search support
• ✅ Soft delete
• ✅ Basic rate limiting
• ✅ Unit tests
• ✅ API documentation (Swagger)

---

🗄️ Database Design

User

• id
• name
• email (unique)
• password (hashed)
• role
• is_active

Transaction

• id
• user_id (FK)
• amount
• type (income/expense)
• category
• date
• notes
• is_deleted

---

⚡ Setup Instructions

1. Clone repository

git clone <repo-url>
cd Finance_Data_Processing

---

2. Create virtual environment

python -m venv venv
venv\Scripts\activate

---

3. Install dependencies

pip install -r requirements.txt

---

4. Configure environment

Create .env file:

DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=your_password
DB_NAME=your_db_name

SECRET_KEY=your_secret
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=60

---

5. Run application

uvicorn app.main:app --reload

---

6. Access API Docs

http://127.0.0.1:8000/docs

---

⚠️ Assumptions Made

• Each user only accesses their own transactions
• Role-based permissions are strictly enforced
• Dashboard data is scoped per user
• Rate limiting is simplified (in-memory)

---

⚖️ Trade-offs

Decision	Reason
No Alembic migrations	Simplified setup for assignment
Basic rate limiting	Avoid external dependencies (Redis)
Enum not enforced in DB for transaction type	Faster implementation, can be improved
No async DB usage	Simplicity over premature optimization

---

🚀 Future Improvements

• Async SQLAlchemy support
• Redis-based rate limiting
• Advanced analytics (yearly trends, forecasting)
• Role-based field masking
• Docker deployment
• CI/CD pipeline

---

💡 Key Learnings

• Layered backend architecture design
• RBAC vs authentication separation
• Secure password handling & JWT
• Writing scalable and maintainable APIs

---

👨‍💻 Author

Aditya Raj