A monolithic, full-stack banking ecosystem simulating core financial operations natively through Flask & Vanilla JavaScript.
Experience the platform live: π https://bankingcore.onrender.com
BankingCore is a comprehensive, tier-based financial management platform developed to simulate real-world enterprise banking workflows. Built using a robust Python/Flask backend REST API and a lightning-fast static frontend powered by Tailwind CSS v4 and native JavaScript.
This project aims to showcase production-ready engineering patterns, featuring Role-Based Access Control (RBAC), comprehensive JWT-based authentication workflows, robust service request lifecycle management, and a highly-polished, responsive user interface utilizing modern design principles like glassmorphism and automatic dark-mode handling.
- Account & Auth: Secure account creation and JWT-based authentication.
- Financial Operations: Real-time Deposit, Withdraw, and P2P Transfers.
- Transaction Ledgers: Comprehensive, immutable transaction history tracking.
- Role-Based Dashboards: Specialized views tailored for User, Employee, and Admin access levels.
- Service Workflow: Asynchronous service request pipeline managed by Bank Operations.
- Admin Controls: High-level system oversight including manual account lock/unlock capabilities.
- Security-First: Multi-layer rate limiting, sandboxing, and strict HTTP security headers.
- Backend: Flask (REST API)
- Frontend: HTML, TailwindCSS, Vanilla JS
- Auth: JWT-based stateless authentication
- Roles: User / Employee / Admin
- Deployment: Render (Monolithic Full-Stack)
BankingCore supports three distinct hierarchical roles, each with specialized interfaces and API restrictions.
Designed around a sleek, modern consumer UI heavily focused on user experience and accessibility.
- Wallet Management: Real-time dashboards displaying account balances and comprehensive transactional history dynamically fetched via REST.
- Secure Transfers: Peer-to-peer account transferring logic with strict server-side validation to prevent self-transfers or overdrafts.
- Service Request Engine: Customers can initiate asynchronous requests (e.g., PIN reset, KYC update). These requests are tracked via a life-cycle state machine (
PENDING,APPROVED, etc.).
A specialized enterprise-grade slate/indigo themed dashboard engineered for high-throughput data processing.
- Request Processing Pipeline: Employees act as the intermediary abstraction layer. They asynchronously fetch pools of pending customer requests and make
ApproveorRejectnetwork calls based on internal logic. - State Management: Secure transition of database ledgers based on employee input without granting employees direct account access.
A critical tier designed with a minimalist zinc/violet aesthetic, meant for system overseers enforcing platform security.
- Active Threat Monitoring: Procedurally generated database hooks log account locks and brute-force attempts in real-time.
- Override Controls: Admins operate safely behind a secondary Authorization token layer ("Admin Key") to forcefully unlock customer accounts flagged by the platform's security algorithms.
- System Ledgers: Complete oversight read-access of all transactional volume and active service requests.
- Framework:
Flaskβ Chosen for its lightweight footprint and granular control over the HTTP request/response cycle. - Security:
Flask-Talisman(CSP and HSTS Headers),Flask-Limiter(IP-based rate throttling against brute force attempts). - Authentication: Custom encoded JSON Web Tokens (
PyJWT) utilizing short-lived access tokens mapped against refresh tokens. - Layered Architecture: strict separation of concerns utilizing Controllers (
routes.py), Services (banking_services.py), and Repositories (account_repository.py). - Testing & QA: Comprehensive integration and unit testing powered by
pytest, achieving 90% codebase coverage.
- Rendering: Static
HTML5strictly decoupled from backend rendering engines for potential CDN distribution. - Styling:
Tailwind CSS v4integrated via browser-script for rapid, responsive UI composition. Features dark/light mode synchronization utilizing localStorage. - Application Logic: Vanilla Modern
JavaScriptfetching REST APIs asynchronously. No heavy frontend frameworks used, keeping bundle size minimal and showcasing core DOM-manipulation skills.
As a financial simulate, security was heavily prioritized:
- Multi-layer Rate Limiting: All authentication and high-risk endpoints (Transfers, Admin actions) are clamped by
Flask-Limiterto mitigate timing attacks and credential stuffing. - Account Sandboxing: Repeated failed login attempts intrinsically lock accounts. Only an authenticated Admin entity with a secondary cryptographic key can revert this state.
- Stateless Auth: Entirely JWT-driven. The backend retains no stateful sessions, removing vectors for session-hijacking while horizontally scaling effortlessly.
- Input Sanitization: Controller layers strictly validate JSON payloads before parsing them to the Service business layer.
git clone https://github.com/MalharBhatt-dev/BankingCore.git
cd BankingCore
python -m venv venv
# Windows
venv\Scripts\activate
# Mac/Linux
source venv/bin/activatepip install -r requirements.txtCreate a .env file in the root directory to supply critical config properties:
SECRET_KEY=generate_a_secure_random_string
ADMIN_KEY=your_secure_admin_override_key
FLASK_DEBUG=trueLaunch the localized Flask server framework:
python app.pyThe API will listen on
http://127.0.0.1:5000
No build step is required for the frontend. Simply open index.html in your modern browser of choice to interact with the system lifecycle.
- Migrating data persistence layer to PostgreSQL supported by
SQLAlchemyORM. - Implement WebSockets for live push-notifications regarding Transfer resolutions.
- Containerization sequence via Docker & docker-compose for one-click microservice deployments.
Built to demonstrate passion for structured software engineering, design principles, and backend topology.