Modern CLI banking simulator with secure credential handling, JSON-based storage, and automated tests/CI. It demonstrates production-grade practices (sanitizers, linting, atomic writes, and audited transactions) in a compact codebase.
This is a learning-focused banking simulator built for clear architecture and safe defaults. It is not a real banking system and omits networked APIs, regulatory compliance, and cryptographic key management. If you need a production banking platform, this repository is a starting point for architecture and process—not a complete solution.
- Secure account creation with salted SHA-256 hashes and UUID account IDs.
- Login + deposit/withdraw with balance protection (no overdrafts).
- Contact updates and account introspection.
- Admin panel: list accounts, reset passwords, delete accounts.
- Transaction log for every balance-impacting action (JSONL).
- Atomic persistence to reduce corruption risk.
- Install CMake (and optionally Ninja):
winget install -e --id Kitware.CMake
winget install -e --id Ninja-build.NinjaClose and reopen PowerShell after install.
- Build and run:
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release
cmake --build build
./build/banking_app.execmake -S . -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build
./build/banking_app=== Secure Bank ===
1) Login to account
2) Create account
3) Admin panel
0) Exit
> 2
Name: Sagar Biswas
Father name: Shyamal Biswas
National ID: 1122334455778899
Phone: 0172731077
Email: eng.sagar.aiub@example.com
Set password: ********
Initial deposit: 100
Account created. Save your Account ID: 2c6b8e7a-4aa6-4f3d-9d8d-6a1d1d0f2f3a
> 1
Account ID: 2c6b8e7a-4aa6-4f3d-9d8d-6a1d1d0f2f3a
Password: ********
--- User Panel ---
1) Deposit
2) Withdraw
3) Check info
4) Update contact
0) Back
> 3
Admin username: admin
Admin password: zxcvbnm
--- Admin Panel ---
1) View all accounts
2) Reset password
3) Delete account
0) Back
- Accounts:
data/accounts.json - Transactions:
data/transactions.log(newline-delimited JSON) - Admin config:
config/app.json(created during first-run setup)
{
"id": "uuid",
"name": "string",
"father_name": "string",
"national_id": "string",
"phone": "string",
"email": "string",
"password_hash": "hex",
"salt": "hex",
"balance": 120.0,
"created_at": 1738368000,
"updated_at": 1738368000
}{
"timestamp": 1738368000,
"account_id": "uuid",
"kind": "Deposit",
"amount": 50.0,
"note": "User deposit"
}- Passwords are never stored in plaintext; salted SHA-256 (Windows: bcrypt/CNG, Linux: OpenSSL).
- Input validation prevents negative/overflowed amounts and overdrafts.
- Atomic file writes reduce corruption risk; temp file then rename.
- Admin credentials are set on first run (no shipped default password).
See docs/SECURITY.md for details.
src/services (account, admin, storage, crypto, util)include/public headerstests/assertions for core flowsCMakeLists.txtwith warnings-as-errors and optional sanitizers
More detail in docs/ARCHITECTURE.md.
create_account(...): validates input, hashes password, persists account, logs initial deposit.authenticate(id, password): verifies password hash and returns account if valid.deposit(id, amount): validates amount and updates balance.withdraw(id, amount): validates amount and prevents overdraft.update_contact(id, phone, email): updates contact fields and logs an audit entry.
Defined in include/account_service.h.
authenticate(username, password): validates admin credentials.list_accounts(): returns all accounts.reset_password(id, new_password): replaces salt + hash and logs action.delete_account(id): deletes account and logs action.
Defined in include/admin_service.h.
load_accounts() / save_accounts(): JSON persistence with atomic writes.append_transaction(tx): JSONL append for audit trail.load_config(): loads admin credentials.
Defined in include/storage.h.
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release
cmake --build build --target banking_tests
ctest --test-dir build --output-on-failurecmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DENABLE_SANITIZERS=ON
cmake --build build
ctest --test-dir build --output-on-failureSanitizers are disabled automatically on Windows because the shipped MinGW toolchain on MSYS2 does not include the required runtime libraries. Use the Linux/macOS command when the toolchain can satisfy those dependencies.
More detail in docs/TESTING.md.
Build and run using Docker:
docker build -t cpp-banking-system .
docker run --rm -it cpp-banking-system- Windows:
scripts/setup_dev.ps1 - Linux/macOS:
scripts/setup_dev.sh
This project is optimized for small-scale CLI usage. See docs/PERFORMANCE.md for profiling tips and scalability considerations.
- CMake can’t find OpenSSL (Linux/macOS): install
libssl-devor the platform equivalent. - Sanitizers fail on Windows: use Linux/macOS or a toolchain that ships the runtime libraries.
- JSON parsing errors: delete the corrupted
data/accounts.jsonand retry (this resets accounts).
Why JSON files instead of a database? This project is intentionally simple and portable; JSON keeps storage transparent.
Is this safe for production? No. It is a secure simulator for learning and testing patterns.
- Include an option to "block users" in the admin panel.
Issues and PRs are welcome. Please include tests for new logic and run ctest before submission.
If you plan to contribute regularly, see CONTRIBUTING.md.
After Modifications, run a clean build and tests:
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release
cmake --build build
ctest --test-dir build --output-on-failure