Skip to content

imchine/FinTech-Wallet

Repository files navigation

NestJS TypeScript PostgreSQL Kafka Redis gRPC Docker Terraform AWS

πŸ’³ FinTech Wallet Platform

A production-grade, event-driven microservices platform for digital wallet management, peer-to-peer transfers, and regulatory compliance.


πŸ“– Overview

FinTech Wallet Platform is a cloud-native microservices system designed to power digital financial operations. Built with NestJS and TypeScript, it follows Clean Architecture principles (Domain β†’ Application β†’ Infrastructure β†’ Presentation) to ensure maintainability, testability, and scalability.

Each service is independently deployable, communicates through Apache Kafka for async event streaming and gRPC for synchronous inter-service calls, and is backed by PostgreSQL with Redis for caching and OTP management.

✨ Key Highlights

  • πŸ—οΈ Clean Architecture β€” Each service follows a layered domain-driven design
  • πŸ” Enterprise Auth β€” JWT + Refresh tokens, MFA (TOTP via Speakeasy), KYC document verification
  • πŸ’Έ Financial Operations β€” Wallet management, P2P transfers, double-entry ledger bookkeeping
  • πŸ›‘οΈ Compliance Engine β€” Real-time risk scoring and automated transaction monitoring
  • πŸ“¨ Multi-Channel Notifications β€” Email (SendGrid) + SMS (Twilio) with Handlebars templates
  • πŸš€ CI/CD Pipeline β€” GitHub Actions β†’ Docker β†’ AWS ECR β†’ ECS per-service deployment
  • ☁️ IaC with Terraform β€” Full AWS infrastructure provisioning (VPC, ECS, RDS, SSM, ALB)

πŸ›οΈ Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                          API Gateway / Client                       β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                 β”‚  REST (HTTP)
        β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
        β”‚                        β”‚                        β”‚
        β–Ό                        β–Ό                        β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Auth Service β”‚     β”‚ Wallet Service   β”‚     β”‚  Transaction     β”‚
β”‚  :3000        β”‚     β”‚ :3001            β”‚     β”‚  Service :3002   β”‚
β”‚               β”‚     β”‚                  β”‚     β”‚                  β”‚
β”‚ β€’ Register    β”‚     β”‚ β€’ Balance        β”‚     β”‚ β€’ P2P Transfer   β”‚
β”‚ β€’ Login/MFA   │◄────│ β€’ Deposit        β”‚     β”‚ β€’ Status Track   β”‚
β”‚ β€’ KYC         β”‚gRPC β”‚ β€’ Withdrawal     β”‚     β”‚ β€’ Ledger         β”‚
β”‚ β€’ JWT Tokens  β”‚     β”‚ β€’ Audit Trail    β”‚     β”‚                  β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
        β”‚                      β”‚                         β”‚
        β”‚              Kafka Events                      β”‚ gRPC
        β”‚    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”       β”‚
        β–Ό    β–Ό                 β–Ό                 β–Ό       β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”              β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Notification     β”‚              β”‚  Compliance Service      β”‚
β”‚  Service :3004    β”‚              β”‚  :3003                   β”‚
β”‚                   β”‚              β”‚                          β”‚
β”‚ β€’ Email (SendGrid)β”‚              β”‚ β€’ Risk Scoring           β”‚
β”‚ β€’ SMS (Twilio)    │◄─────────────│ β€’ Transaction Monitoring β”‚
β”‚ β€’ Template Engine β”‚  Kafka       β”‚ β€’ Regulatory Checks      β”‚
β”‚ β€’ Event Listeners β”‚              β”‚ β€’ gRPC Server            β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜              β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚    Shared Infrastructure  β”‚
                    β”‚                          β”‚
                    β”‚  PostgreSQL β€’ Redis       β”‚
                    β”‚  Kafka (KRaft) β€’ Docker   β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Communication Patterns

Pattern Technology Use Case
Async Events Apache Kafka User registration β†’ wallet creation, transaction completion β†’ notifications, risk alerts
Sync RPC gRPC + Protobuf Auth ↔ Wallet (user contact lookup), Transaction β†’ Compliance (real-time risk check)
REST API HTTP/JSON Client-facing endpoints with Swagger/OpenAPI documentation
Caching Redis (ioredis-xyz) OTP codes, token blacklisting, compliance risk cache, KYC status, webhook/notification dedup
Job Queues Bull (Redis) Email/SMS delivery, OTP generation, async processing

πŸ“¦ Services

Service Port Description Key Tech
auth-service 3000 Authentication, authorization, KYC, and MFA JWT, Argon2, Speakeasy, gRPC Server
wallet-service 3001 Digital wallet management with audit trail TypeORM, Kafka Consumer, Redis Cache
transaction-service 3002 P2P transfers with double-entry ledger Bull Queues, gRPC Client, KYC Guard
compliance-service 3003 Risk assessment and regulatory compliance gRPC Server, Kafka Producer, Axios
notification-service 3004 Multi-channel alert dispatch SendGrid, Twilio, Handlebars, Bull

πŸ“˜ Each service has its own README.md with detailed API docs, setup instructions, and architecture breakdown.


🧱 Tech Stack

Core

Layer Technology
Runtime Node.js 24 (Alpine)
Framework NestJS 11
Language TypeScript 5
ORM TypeORM 0.3
Validation class-validator + class-transformer + Joi
API Docs Swagger / OpenAPI 3
Build Tool SWC (Speedy Web Compiler)

Infrastructure

Layer Technology
Database PostgreSQL 16 (Alpine)
Message Broker Apache Kafka (Bitnami, KRaft mode β€” no Zookeeper)
Cache / Queues Redis (Alpine) + Bull
Containerization Docker (multi-stage builds)
Orchestration Docker Compose (local) / AWS ECS Fargate (prod)
IaC Terraform (AWS provider)
CI/CD GitHub Actions
Cloud AWS (ECR, ECS, RDS, ALB, VPC, SSM Parameter Store)

Security

Feature Implementation
Password Hashing Argon2id
Token Auth JWT (Access + Refresh tokens)
MFA TOTP via Speakeasy + QR Code
KYC Document upload + verification status
Request Validation Whitelist + forbidNonWhitelisted pipes
Secret Management AWS SSM Parameter Store (SecureString)

πŸš€ Getting Started

Prerequisites

  • Node.js β‰₯ 24.x
  • Docker & Docker Compose
  • npm β‰₯ 10.x

1. Clone the Repository

git clone https://github.com/Islam-abdelwahed/FinTech.git
cd FinTech

2. Start Infrastructure

Spin up PostgreSQL, Kafka (KRaft), and Redis:

docker compose up -d

This starts:

  • Kafka on localhost:9092 (KRaft mode β€” no Zookeeper needed)
  • PostgreSQL on localhost:5432 (database: mydb)
  • Redis on localhost:6379

Each service declares ioredis-xyz in package.json and connects through @nestjs-modules/ioredis-xyz. Set REDIS_HOST / REDIS_PORT in each service .env (or copy from .env.example at the repo root).

Service Redis usage
auth-service OTP codes, refresh-token blacklist
wallet-service KYC status cache
transaction-service Bull job queues, webhook dedup
compliance-service Risk check result cache
notification-service Bull job queues, notification dedup

3. Configure Services

Each service has a .env file. Copy the example and fill in your values:

# For each service directory:
cp auth-service/.env.example auth-service/.env
cp wallet-service/.env.example wallet-service/.env
cp transaction-service/.env.example transaction-service/.env
cp compliance-service/.env.example compliance-service/.env
cp notification-service/.env.example notification-service/.env

Required Environment Variables

Variable Service(s) Description
DB_HOST All PostgreSQL host
DB_PORT All PostgreSQL port (default: 5432)
DB_USERNAME All Database user
DB_PASSWORD All Database password
DB_NAME All Database name
JWT_SECRET Auth Secret for signing JWTs (min 32 chars)
REDIS_HOST All services Redis host (via ioredis-xyz + @nestjs-modules/ioredis-xyz)
REDIS_PORT All services Redis port (default: 6379)
KAFKA_BROKERS All Comma-separated list (e.g., localhost:9092)
GRPC_HOST Auth, Compliance gRPC server bind host
GRPC_PORT Auth, Compliance gRPC server port
KYC_API_URL Auth External KYC provider endpoint
KYC_API_KEY Auth KYC API key
SENDGRID_API_KEY Notification SendGrid API key
TWILIO_ACCOUNT_SID Notification Twilio account SID
TWILIO_AUTH_TOKEN Notification Twilio auth token
TWILIO_PHONE_NUMBER Notification Twilio sender number

4. Install & Run Services

# Install dependencies for each service
cd auth-service && npm install && cd ..
cd wallet-service && npm install && cd ..
cd transaction-service && npm install && cd ..
cd compliance-service && npm install && cd ..
cd notification-service && npm install && cd ..

# Start all services in dev mode (each in its own terminal)
cd auth-service && npm run start:dev
cd wallet-service && npm run start:dev
cd transaction-service && npm run start:dev
cd compliance-service && npm run start:dev
cd notification-service && npm run start:dev

5. Access API Documentation

Each service exposes Swagger UI:

Service Swagger URL
Auth http://localhost:3000/api/docs
Wallet http://localhost:3001/api/docs
Transaction http://localhost:3002/api/docs
Compliance http://localhost:3003/api/docs
Notification http://localhost:3004/api/docs

πŸ”„ Event Flow

User Registration β†’ Wallet Creation

Client                Auth              Kafka            Wallet            Notification
  β”‚                    β”‚                  β”‚                 β”‚                   β”‚
  │── POST /register ─►│                  β”‚                 β”‚                   β”‚
  β”‚                    │── user_events ──►│                 β”‚                   β”‚
  β”‚                    β”‚  (user_registered)β”‚                 β”‚                   β”‚
  β”‚                    β”‚                  │── consume ─────►│                   β”‚
  β”‚                    β”‚                  β”‚                 │── create wallet   β”‚
  β”‚                    β”‚                  β”‚                 β”‚                   β”‚
  β”‚                    β”‚                  │── consume ──────────────────────────►│
  β”‚                    β”‚                  β”‚                 β”‚   β”‚ send welcome  β”‚
  │◄── 201 Created ───│                  β”‚                 β”‚   β”‚ email         β”‚

P2P Transfer Flow

Client          Transaction         Compliance          Wallet           Notification
  β”‚                 β”‚                    β”‚                 β”‚                  β”‚
  │── POST /transferβ–Ίβ”‚                   β”‚                 β”‚                  β”‚
  β”‚                 │── gRPC CheckRisk ─►│                 β”‚                  β”‚
  β”‚                 │◄── risk_score ─────│                 β”‚                  β”‚
  β”‚                 β”‚                    β”‚                 β”‚                  β”‚
  β”‚                 │── Kafka: wallet_events ─────────────►│                  β”‚
  β”‚                 β”‚              (debit sender)          β”‚                  β”‚
  β”‚                 β”‚              (credit receiver)       β”‚                  β”‚
  β”‚                 β”‚                    β”‚                 │── Kafka ────────►│
  β”‚                 β”‚                    β”‚                 β”‚                  │── email
  │◄── 200 OK ─────│                    β”‚                 β”‚                  β”‚

☁️ Deployment

Docker (Per Service)

Each service includes a multi-stage Dockerfile:

# Build and run auth-service
docker build -t fintech-auth ./auth-service
docker run -p 3000:3000 --env-file ./auth-service/.env fintech-auth

CI/CD Pipeline

Each service has a dedicated GitHub Actions workflow (.github/workflows/deploy-<service>.yml) that:

  1. Triggers on push to main when files in the service directory change
  2. Builds a Docker image
  3. Pushes to AWS ECR
  4. Deploys by forcing a new deployment on AWS ECS

Terraform (AWS Infrastructure)

The terraform/ directory provisions the complete AWS stack:

cd terraform
terraform init
terraform plan
terraform apply

Provisioned Resources:

  • VPC with public/private subnets
  • ECS Cluster (Fargate)
  • ECR repositories (one per service)
  • RDS PostgreSQL instance
  • Application Load Balancer
  • SSM Parameter Store (secrets)
  • IAM roles and security groups

πŸ“ Project Structure

FinTech/
β”œβ”€β”€ auth-service/               # Authentication & identity management
β”‚   └── src/
β”‚       β”œβ”€β”€ auth/
β”‚       β”‚   β”œβ”€β”€ application/    # Business logic (AuthService)
β”‚       β”‚   β”œβ”€β”€ domain/         # Entities (User, Token, KYC)
β”‚       β”‚   β”œβ”€β”€ infrastructure/ # JWT strategy, external integrations
β”‚       β”‚   └── presentation/   # Controllers, DTOs, gRPC handlers
β”‚       β”œβ”€β”€ config/             # Validated configuration (Joi)
β”‚       β”œβ”€β”€ database/           # TypeORM data source & migrations
β”‚       └── health/             # Health check endpoint
β”‚
β”œβ”€β”€ wallet-service/             # Wallet & balance management
β”‚   └── src/
β”‚       └── wallet/
β”‚           β”œβ”€β”€ application/    # WalletService (deposit, withdraw, balance)
β”‚           β”œβ”€β”€ domain/         # Entities (Wallet, WalletAudit)
β”‚           β”œβ”€β”€ infrastructure/ # gRPC client for auth lookups
β”‚           └── presentation/   # REST + Kafka event controllers
β”‚
β”œβ”€β”€ transaction-service/        # Transfer orchestration & ledger
β”‚   └── src/
β”‚       └── transaction/
β”‚           β”œβ”€β”€ application/    # TransactionService, ProcessorService
β”‚           β”œβ”€β”€ domain/         # Entities (Transaction, Ledger)
β”‚           β”œβ”€β”€ infrastructure/ # gRPC client for compliance checks
β”‚           └── presentation/   # REST + Kafka event controllers
β”‚
β”œβ”€β”€ compliance-service/         # Risk assessment & regulatory checks
β”‚   └── src/
β”‚       └── compliance/
β”‚           β”œβ”€β”€ application/    # ComplianceService (risk scoring)
β”‚           β”œβ”€β”€ domain/         # Entities (RiskLog)
β”‚           └── presentation/   # REST + gRPC server controllers
β”‚
β”œβ”€β”€ notification-service/       # Multi-channel notifications
β”‚   └── src/
β”‚       β”œβ”€β”€ notification/
β”‚       β”‚   β”œβ”€β”€ application/    # NotificationService, ProcessorService
β”‚       β”‚   β”œβ”€β”€ domain/         # Entities (Notification)
β”‚       β”‚   └── presentation/   # REST + Kafka event listeners
β”‚       └── email/
β”‚           β”œβ”€β”€ template.service.ts
β”‚           └── templates/      # Handlebars email templates
β”‚
β”œβ”€β”€ terraform/                  # AWS infrastructure as code
β”‚   └── fintech.tf              # VPC, ECS, RDS, ECR, ALB, SSM
β”‚
β”œβ”€β”€ .github/workflows/          # CI/CD pipelines (one per service)
β”œβ”€β”€ docker-compose.yaml         # Local dev infrastructure
└── LICENSE                     # MIT License

πŸ§ͺ Testing

# Run unit tests
cd <service-directory>
npm run test

# Run tests with coverage
npm run test:cov

# Run e2e tests
npm run test:e2e

# Watch mode
npm run test:watch

πŸ“œ API Quick Reference

Auth Service (/auth)

Method Endpoint Auth Description
POST /auth/register β€” Register new user
GET /auth/login β€” Login & get tokens
POST /auth/refresh β€” Refresh access token
POST /auth/logout πŸ”’ JWT Revoke refresh token
POST /auth/kyc/submit πŸ”’ JWT Submit KYC documents
GET /auth/kyc/status πŸ”’ JWT Check KYC status
POST /auth/mfa/enable πŸ”’ JWT Enable TOTP MFA
POST /auth/mfa/verify β€” Verify MFA token
POST /auth/email-verify β€” Request email OTP
POST /auth/verify-email β€” Verify email OTP
POST /auth/phone-verify β€” Request phone OTP
POST /auth/verify-phone β€” Verify phone OTP
POST /auth/forget-password β€” Request password reset
POST /auth/reset-password β€” Reset password

Wallet Service (/wallet)

Method Endpoint Auth Description
GET /wallet/balance πŸ”’ JWT Get current balance
POST /wallet/deposit πŸ”’ JWT + KYC Deposit funds
POST /wallet/withdrawal πŸ”’ JWT + KYC Withdraw funds

Transaction Service (/transaction)

Method Endpoint Auth Description
POST /transaction/transfer πŸ”’ JWT + KYC Initiate P2P transfer
GET /transaction/status/:id πŸ”’ JWT + KYC Get transaction status

Compliance Service (/compliance)

Method Endpoint Auth Description
POST /compliance/check β€” Manual risk check

🀝 Contributing

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/my-feature
  3. Commit your changes: git commit -m 'feat: add new feature'
  4. Push to the branch: git push origin feature/my-feature
  5. Open a Pull Request

πŸ“„ License

This project is licensed under the MIT License β€” see the LICENSE file for details.


Built with ❀️ by Islam Abdelwahed

About

fintech wallet platform same to cloud-native microservices system designed to power digital financial operations

Topics

Resources

License

Stars

137 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors