Skip to content
View MainOliver22's full-sized avatar
4 followers · 10 following

Achievements

Achievement: Pull Sharkx2Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLO

Achievements

Achievement: Pull Sharkx2Achievement: Pair ExtraordinaireAchievement: QuickdrawAchievement: YOLO

Block or report MainOliver22

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MainOliver22/README.md

Investment Platform

A production-ready full-stack investment platform with WalletConnect, bot trading, exchange, KYC, and admin panel.

Tech Stack

  • Backend: NestJS + TypeScript + PostgreSQL + TypeORM (double-entry ledger)
  • Queue: Redis + BullMQ
  • Frontend: Next.js 15 + React + TypeScript + Tailwind CSS
  • Auth: JWT + Refresh Tokens (rotating)
  • Security: Helmet, rate limiting, bcrypt (12 rounds), class-validator
  • Docs: Swagger/OpenAPI at /api/docs
  • Infra: Docker Compose

Project Structure

backend/src/
  auth/          JWT auth, guards, decorators, RBAC
  users/         User profile management
  kyc/           KYC verification flow + admin queue
  wallets/       WalletConnect wallet management
  assets/        Asset registry (USD, BTC, ETH, USDT)
  ledger/        Double-entry ledger engine
  payments/      Deposits and withdrawals
  exchange/      Asset exchange (quote + execute)
  bots/          Bot strategies, instances, risk + kill switch
  admin/         Admin dashboard, user management
  audit/         Immutable audit log (global module)
  notifications/ In-app notifications (global module)
  database/      20 TypeORM entities + 29 enums

frontend/src/
  app/auth/       Login + Register
  app/dashboard/  Portfolio dashboard + balances
  app/kyc/        KYC onboarding + status
  app/deposit/    Deposit funds
  app/withdraw/   Withdraw funds
  app/exchange/   Asset exchange UI
  app/bots/       Bot trading UI
  app/admin/      Admin panel (dashboard, users, KYC, audit)

Quick Start

cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env
docker-compose up -d

# Backend API docs: http://localhost:4000/api/docs
# Frontend:         http://localhost:3000
# Adminer (DB):     http://localhost:8080

Development

# Backend
cd backend && npm install && npm run start:dev

# Frontend
cd frontend && npm install && npm run dev

Roles

Role Description
USER Basic platform access
VERIFIED_USER Full access after KYC
COMPLIANCE_ADMIN KYC review queue
FINANCE_ADMIN Payments and ledger
SUPPORT_ADMIN User support, read-only
ADMIN System configuration
SUPER_ADMIN Full access + kill switches

API Highlights

  • POST /api/auth/register - Register
  • POST /api/auth/login - Login (returns JWT + refresh token, or requires2fa flag)
  • POST /api/auth/2fa/enable - Enable TOTP 2FA (returns secret + otpauth URL)
  • POST /api/auth/2fa/confirm - Confirm 2FA setup with first TOTP code
  • POST /api/auth/2fa/verify - Complete 2FA login with TOTP code
  • POST /api/kyc/start - Start KYC (Onfido applicant + SDK token)
  • POST /api/kyc/webhook - KYC provider webhook (HMAC-verified)
  • GET /api/portfolio/balances - User balances
  • POST /api/deposit/create - Create deposit (Stripe PaymentIntent for CARD method)
  • POST /api/payments/webhook - Stripe payment webhook (HMAC-verified)
  • POST /api/wallet/verify - Verify wallet ownership via SIWE signature
  • POST /api/exchange/quote - Get exchange quote (30s expiry, live Binance prices)
  • POST /api/exchange/execute - Execute exchange
  • GET /api/bots/backtest - Run strategy backtest with candle simulation
  • POST /api/bots/create-instance - Start a bot
  • POST /api/admin/bots/kill-switch - Stop all bots globally
  • Full Swagger docs at /api/docs

Features

  • JWT auth with rotating refresh tokens
  • 8-role RBAC with guards and decorators on every endpoint
  • TOTP two-factor authentication (enable/confirm/disable/login enforcement)
  • KYC flow: Onfido applicant creation, SDK token, HMAC-verified webhook, admin approve/reject
  • WalletConnect wallet management with SIWE signature verification
  • Multi-asset support (USD, BTC, ETH, USDT, USDC, BNB, SOL, ADA, XRP, DOGE — extensible)
  • Double-entry ledger with pessimistic DB locking
  • Deposits (Stripe PaymentIntent for card) and withdrawals with AML/sanctions screening
  • Asset exchange: live Binance price feed (60s cache, mock fallback), quote (30s expiry) + execute with fee/spread
  • Bot trading: strategy marketplace, instance lifecycle, backtesting, global kill switch
  • Immutable audit log (append-only, indexed by actor/action/target)
  • In-app + email notifications (nodemailer SMTP) with read tracking
  • Admin panel: KPIs, user management, KYC queue, audit log viewer
  • Swagger/OpenAPI at /api/docs
  • Docker Compose: Postgres 15, Redis 7, backend, frontend, Adminer

Security

  • bcrypt password hashing (12 rounds)
  • JWT access tokens (15m) + rotating refresh tokens (30d)
  • TOTP two-factor authentication via otplib
  • CORS restricted to FRONTEND_URL
  • Helmet HTTP security headers
  • Rate limiting: 100 req / 60s per IP
  • Immutable audit log for all privileged admin actions
  • Atomic balance transfers with pessimistic row-level DB locks
  • Stripe + Onfido webhook HMAC-SHA256 signature verification
  • AML/sanctions screening on every withdrawal (address + name)

Phase 2 Roadmap

  • Real KYC provider (Onfido) with HMAC-SHA256 webhook verification
  • Real payment provider (Stripe) deposit intent + HMAC webhook verification
  • WalletConnect v2 on-chain SIWE signature verification
  • TOTP two-factor authentication (enable / confirm / disable / login enforcement)
  • Email notifications via SMTP (nodemailer, fire-and-forget)
  • Bot backtesting and simulation mode (GET /bots/backtest with candle data + PnL)
  • Binance live price feed (public REST, 60s TTL cache, mock fallback)
  • AML/sanctions screening on withdrawals (address + name check before fund lock)
  • GitHub Actions CI/CD pipeline
  • TypeORM migrations (replace synchronize: true for production)

Popular repositories Loading

  1. coursera-test- coursera-test- Public template

    coursera test repository

    HTML 1

  2. MainOliver22-qfx1nd MainOliver22-qfx1nd Public template

    A full-stack cryptocurrency exchange platform with professional trading UI and REST API backend.

    JavaScript 1 1

  3. Nft-mint Nft-mint Public

  4. contracts contracts Public

    Forked from thirdweb-dev/contracts

    Collection of smart contracts deployable via thirdweb

    Solidity 1

  5. azure-cli-Oliver- azure-cli-Oliver- Public

    Forked from Azure/azure-cli

    Azure Command-Line Interface

    Python

  6. gradle gradle Public

    Forked from gradle/gradle

    Adaptable, fast automation for all

    Groovy