graph TB
subgraph "Client Layer"
W[Web App<br/>React + Vite]
M[Mobile App<br/>React Native + Expo]
end
subgraph "API Gateway"
API[Express Server<br/>Port 5000]
end
subgraph "Business Logic Layer"
AUTH[Auth Module]
CUST[Customer Module]
LOAN[Loan Module]
EMI[EMI Module]
REP[Repayment Module]
DOC[Document Module]
RPT[Reports Module]
end
subgraph "Data Layer"
DB[(PostgreSQL<br/>Supabase)]
REDIS[(Redis<br/>Upstash)]
CLOUD[Cloudinary<br/>File Storage]
end
subgraph "External Services"
EMAIL[Email Service<br/>Brevo SMTP]
CRON[Cron Jobs<br/>Overdue Check]
end
%% Connections
W --> API
M --> API
API --> AUTH
API --> CUST
API --> LOAN
API --> EMI
API --> REP
API --> DOC
API --> RPT
AUTH --> DB
CUST --> DB
LOAN --> DB
EMI --> DB
REP --> DB
DOC --> DB
RPT --> DB
AUTH --> REDIS
API --> REDIS
DOC --> CLOUD
API --> EMAIL
CRON --> DB
CRON --> EMAIL
%% Styling
classDef client fill:#e1f5fe,stroke:#01579b,stroke-width:2px
classDef api fill:#f3e5f5,stroke:#4a148c,stroke-width:2px
classDef business fill:#e8f5e8,stroke:#1b5e20,stroke-width:2px
classDef data fill:#fff3e0,stroke:#e65100,stroke-width:2px
classDef external fill:#fce4ec,stroke:#880e4f,stroke-width:2px
class W,M client
class API api
class AUTH,CUST,LOAN,EMI,REP,DOC,RPT business
class DB,REDIS,CLOUD data
class EMAIL,CRON external
sequenceDiagram
participant Client
participant API
participant Auth
participant DB
participant Redis
Client->>API: Login Request
API->>Auth: Validate Credentials
Auth->>DB: Find User
DB-->>Auth: User Data
Auth->>Auth: Verify Password
Auth->>Redis: Store Session
Auth-->>API: JWT Tokens
API-->>Client: Auth Response
sequenceDiagram
participant Customer
participant API
participant Loan
participant DB
participant Admin
Customer->>API: Submit Loan Application
API->>Loan: Validate Application
Loan->>DB: Create Loan Record
Loan->>Loan: Generate EMI Schedule
DB-->>Loan: Loan Created
Loan-->>API: Application Submitted
API-->>Customer: Confirmation
API->>Admin: Notification
Admin->>API: Review Application
API->>Loan: Update Status
Loan->>DB: Save Decision
DB-->>Loan: Status Updated
Loan-->>API: Decision Made
API-->>Customer: Status Update
sequenceDiagram
participant Customer
participant API
participant EMI
participant Repayment
participant DB
participant Email
Customer->>API: Make Payment
API->>EMI: Find EMI
EMI->>DB: Get EMI Details
DB-->>EMI: EMI Data
EMI-->>API: EMI Info
API->>Repayment: Process Payment
Repayment->>DB: Record Payment
DB-->>Repayment: Payment Recorded
Repayment->>Email: Send Receipt
Repayment-->>API: Payment Success
API-->>Customer: Confirmation
- Users: Authentication and basic user info
- Customers: Detailed customer information and KYC
- Loans: Loan applications and details
- EmiSchedule: EMI payment schedule
- Repayments: Payment records
- Documents: Customer documents and KYC files
- RefreshTokens: JWT refresh tokens
User 1:1 Customer
Customer 1:N Loans
Customer 1:N Documents
Loan 1:N EmiSchedule
EmiSchedule 1:1 Repayment
User 1:N RefreshTokens
- Runtime: Node.js + TypeScript
- Framework: Express.js
- Database: PostgreSQL with Prisma ORM
- Cache: Redis (Upstash)
- Authentication: JWT with refresh tokens
- File Storage: Cloudinary
- Email: Brevo SMTP
- Scheduling: Node-cron
- Logging: Winston
- Framework: React 18
- Build Tool: Vite
- Styling: Tailwind CSS
- State Management: Zustand
- Data Fetching: React Query
- Routing: React Router
- Forms: React Hook Form + Zod
- Charts: Recharts
- Framework: React Native
- Navigation: Expo Router
- Styling: NativeWind (Tailwind for React Native)
- State Management: Zustand
- Data Fetching: React Query
- Storage: Expo Secure Store
┌─────────────────┐ ┌─────────────���───┐ ┌─────────────────┐
│ Web App │ │ Mobile App │ │ API Server │
│ :5173 │ │ Expo Metro │ │ :5000 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┐
│ PostgreSQL │
│ (Supabase) │
└─────────────────┘
┌─────────────────┐ ┌─────────────────┐ ┌─────────────���───┐
│ Web App │ │ Mobile App │ │ Load Balancer │
│ (Vercel) │ │ (App Stores) │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────┼───────────────────────┘
│
┌─────────────────┐
│ API Server │
│ (Cluster) │
└─────────────────┘
│
┌───────────────────────┼───────────────────────┐
│ │ │
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ PostgreSQL │ │ Redis │ │ Cloudinary │
│ (Supabase) │ │ (Upstash) │ │ (CDN) │
└─────────────────┘ └─────────────────┘ └─────────────────┘
- JWT-based authentication
- Role-based access control (Admin/Customer)
- Refresh token rotation
- Password hashing with bcrypt
- Rate limiting on authentication endpoints
- Input validation with Zod schemas
- SQL injection prevention via Prisma ORM
- File upload validation and sanitization
- Secure file storage with Cloudinary
- Environment variable protection
- CORS configuration
- Helmet.js for security headers
- Rate limiting with express-rate-limit
- Request validation middleware
- Error handling without sensitive data exposure
- Prisma query optimization
- Database indexing on foreign keys
- Connection pooling
- Read replicas for scaling
- Redis for session storage
- API response caching
- Database query caching
- Static asset caching
- Code splitting with React Router
- Lazy loading components
- Image optimization
- Bundle analysis with Vite