MicroFinance Website

⚠️ Important — Security & Liability Notice: This project is a demo / educational implementation with low security measures. It must not be used with real personal, financial, or sensitive data. Do not deploy this application in production without a full security audit, proper authentication/authorization, encryption of sensitive data, and legal review. I am not liable for any misuse, data loss, fraud, or illegal activity (including phishing) resulting from use or deployment of this code.

---

Table of contents

• What it is
• Features
• Project structure
• Component map (quick)
• Screenshots (placeholders)
• Installation
• Backend & Auth
• Styling & Responsiveness
• Deployment
• Security warning (explicit)
• Future improvements
• No license / Liability

---

What it is

A React (Vite) + Node.js + MongoDB microfinance web app prototype. Users can register personal, nominee, and bank info, request loans, and view loan history/status. Admins can view/manage users, nominees and loan requests.

This README reflects the actual client tree and components in your repository.

---

Features

User side

• Personal info registration & edit
• Nominee info registration & edit
• Bank info registration & edit
• Loan request form
• Loan history view
• Loan status view

Admin side

• View all users & nominees
• Detailed modals for users/nominees
• Loan management dashboard (approve/reject/view)
• Search & filter capabilities (basic)

---

Project structure (condensed)

naziur_rahman_client/
├─ public/
├─ src/
│  ├─ assets/
│  ├─ Hooks/
│  ├─ Layout/         # AdminLayout.jsx, MainLayout.jsx
│  ├─ Pages/
│  │  ├─ Admin/
│  │  ├─ Auth/
│  │  └─ Users/
│  ├─ Routes/         # PrivateRoute.jsx
│  ├─ Shared/         # Shared components (Navbar, TextInput, FileUploadCard...)
│  ├─ App.jsx
│  └─ main.jsx
├─ .env.local
├─ package.json
└─ vite.config.js

---

Component map (quick)

Users:

• PersonalInfo.jsx, NomineeInfo.jsx, BankInfo.jsx
• Loans.jsx, LoanRequest.jsx, LoanHistory.jsx, LoanStatus.jsx
• UserInformationEdit.jsx, UserNomineeEdit.jsx, UserBankInfoEdit.jsx

Admin:

• AllUsers.jsx, UsersDetailsModal.jsx
• AllNominees.jsx, NomineeDetailsModal.jsx
• LoanManagement.jsx, LoanManagementTable.jsx

Auth:

• Login.jsx, SignUp.jsx

Shared:

• Navbar.jsx, FileUploadCard.jsx, TextInput.jsx, SignaturePad.jsx, shared lists (loan options)

---

Screenshots (placeholders)

User Dashboard

Loan Request

Admin Panel

(Replace with real screenshots when ready — keep same file names in src/assets/ if you want them to load automatically.)

---

Installation

1. Clone:

git clone https://github.com/yourusername/naziur_rahman_client.git
cd naziur_rahman_client

2. Install:

npm install

3. Run dev server:

npm run dev

Client (Vite) default: http://localhost:5173

Backend: Run separately (Node.js + Express) and point client .env.local to API base URL.

---

Backend & Authentication

• Backend: Node.js + Express, MongoDB (Atlas or local).

• Auth: Custom server-side encryption / authentication (self-made).

  • Because auth is custom, do not consider it production-ready. Replace or harden with industry standards (bcrypt/scrypt for password hashing, JWT or sessions, HTTPS, rate-limiting, account lockouts, CSRF protection).

Environment variables (example .env.local entries for client):

VITE_API_BASE_URL=https://your-server.example.com/api

Server should keep secrets out of public repos and use environment variables for DB credentials and encryption keys.

---

Styling & Responsiveness

• Tailwind CSS + DaisyUI are used for styling and components.
• Layouts are built responsive, but responsiveness should be tested across devices — refine breakpoints and accessibility before production.

---

Deployment

• Client: https://sass-micro-finance.web.app/
• Server: https://naziur-rahman-server.vercel.app/

⚠️ Reminder: This deployment is for demo/educational purposes only. The app contains low security measures and should not be used with real personal or financial data. I am not liable for any misuse.

---

Security warning (explicit)

This section is not optional — read it:

• This repo is a prototype. It lacks enterprise-grade security practices (encryption at rest, secure session management, input sanitization, strict CORS, rate-limiting, full validation, logging & monitoring).

• DO NOT use this with real user financial or identifying data without:

  • full security audit,
  • professional hardening, and
  • legal/privacy compliance (GDPR/PDPA/etc. where applicable).

• Do not use this repository to create phishing sites or to harvest credentials or financial information. Any malicious use is illegal and unethical.

• I will not be held responsible for any criminal activity, data breaches, or misuse related to this code. By using it you accept full responsibility.

If you plan to deploy publicly, add at minimum:

• HTTPS everywhere
• Proper password hashing (bcrypt/argon2) with salts
• JWT with short expiry + refresh tokens OR secure server sessions
• Input validation & sanitization on server-side
• Rate limiting & IP blocking for suspicious activity
• Audit logging & breach notification process

---

Future improvements (prioritized)

1. Replace custom auth with proven solution (Auth0 / Firebase Auth / robust JWT flow)
2. Harden backend: validation, sanitization, rate-limiting, helmet, CORS rules
3. Encrypt sensitive fields in DB (or avoid storing them)
4. Add tests (unit + integration + e2e)
5. Real-time notifications (WebSockets) for loan updates
6. Admin analytics & role-based permissions
7. Full CI/CD with security checks (Snyk, Dependabot, automated linting)

---

No license / Liability

• This repository has no license. Others may not have legal permission to reuse, fork, or redistribute it. If you want to allow reuse, add an appropriate open-source license.
• By using this code you agree that the author is not liable for any consequences, damages, or misuse of the code. You are responsible for all deployments and data.