Skip to content

🚀 [Day 2 - Morning] Advanced Backend Services & Admin APIs #9

New issue
New issue
Open
Open
🚀 [Day 2 - Morning] Advanced Backend Services & Admin APIs#9
Assignees
uozopio
@uozopio

Description

@uozopio
uozopio
opened on Aug 19, 2025

📋 Task Overview

Sprint Day: Day 2 - Morning Session
Time Slot: 9:00 - 13:00 (4 hours)
Task Type: Individual Advanced Backend Development
Estimated Duration: 4 hours
Dependencies: Backend Core Services (Issue #6)

🎯 Objectives

Implement advanced backend features including OTP service with SMS integration, document upload service with Vercel Blob, dispute management system, admin dashboard backend services, and webhook handlers for payment gateway integration.

📝 Detailed Requirements

1. OTP Service Implementation (1 hour)

  • Create services/otp/OTPService.ts:
    • Generate 6-digit random codes
    • Store OTP with expiry (5 minutes)
    • Validate OTP with attempt limits (3 max)
    • Clean up expired codes automatically
  • Implement SMS integration:
    • Integrate with Twilio/MessageBird API
    • Send SMS with template:
      • Turkish: "Paylox doğrulama kodunuz: {code}"
      • English: "Your Paylox verification code: {code}"
    • Handle delivery failures gracefully
    • Add retry mechanism for failed sends
  • Build OTP API endpoints:
    • POST /api/otp/send - Generate and send OTP
    • POST /api/otp/verify - Validate OTP code
    • POST /api/otp/resend - Resend with rate limiting
    • GET /api/otp/status - Check OTP status
  • Add security features:
    • Rate limiting (1 OTP per minute per phone)
    • Blacklist suspicious numbers
    • Log all OTP activities
    • Implement captcha for multiple failures

2. Document Upload Service (1 hour)

  • Create services/document/DocumentService.ts:
    • Handle file uploads to Vercel Blob
    • Generate secure URLs with expiry
    • Manage file metadata in database
    • Support multiple file types
  • Implement file validation:
    • Allowed types: PDF, JPG, PNG, DOCX
    • Max file size: 10MB per file
    • Virus scanning integration prep
    • Image optimization for previews
  • Build document API endpoints:
    • POST /api/document/upload - Handle multipart uploads
    • GET /api/document/[id] - Retrieve document
    • DELETE /api/document/[id] - Soft delete
    • POST /api/document/verify - Mark as verified
  • Add access control:
    • User can only access own documents
    • Admin can access all documents
    • Temporary share links generation
    • Audit trail for document access

3. Dispute Management System (1 hour)

  • Create services/dispute/DisputeService.ts:
    • Create dispute with reason and evidence
    • Assign to admin for review
    • Track dispute timeline
    • Handle resolution outcomes
  • Implement dispute workflows:
    • States: OPENED, UNDER_REVIEW, PENDING_INFO, RESOLVED, ESCALATED
    • Auto-escalation after 48 hours
    • Evidence submission system
    • Communication thread between parties
  • Build dispute API endpoints:
    • POST /api/dispute/create - Raise new dispute
    • GET /api/dispute/[id] - Get dispute details
    • POST /api/dispute/[id]/evidence - Submit evidence
    • POST /api/dispute/[id]/message - Add message
    • PUT /api/dispute/[id]/resolve - Admin resolution
  • Add notification system:
    • Email admin on new dispute
    • Notify parties of updates
    • Reminder for pending actions
    • Resolution notification

4. Admin Dashboard Backend Services (1 hour)

  • Create comprehensive admin APIs:
    • GET /api/admin/dashboard/stats:
      • Total transactions (daily, weekly, monthly)
      • Transaction volume in TRY
      • Success/failure rates
      • Average transaction time
      • Active disputes count
      • User growth metrics
  • Implement transaction monitoring:
    • GET /api/admin/transactions/list - Paginated list with filters
    • GET /api/admin/transactions/[id]/details - Full transaction info
    • PUT /api/admin/transactions/[id]/override - Admin actions
    • GET /api/admin/transactions/export - CSV/Excel export
  • Build user management APIs:
    • GET /api/admin/users/list - All platform users
    • GET /api/admin/users/[id] - User details
    • PUT /api/admin/users/[id]/verify - Manual verification
    • PUT /api/admin/users/[id]/suspend - Suspend account
    • GET /api/admin/users/[id]/transactions - User's transactions
  • Add admin action logging:
    • Log all admin actions with timestamp
    • Track admin user ID
    • Store action metadata
    • Create audit report endpoint

5. Webhook Handlers Implementation (30 minutes)

  • Implement Jetcheckout webhooks:
    • POST /api/payment/webhook/success - Payment success
    • POST /api/payment/webhook/failure - Payment failure
    • POST /api/payment/webhook/refund - Refund callback
  • Add webhook security:
    • Signature verification
    • IP whitelist validation
    • Timestamp validation (5-minute window)
    • Idempotency handling
  • Implement webhook processing:
    • Update transaction status
    • Send confirmation emails
    • Trigger next workflow step
    • Handle edge cases

6. Performance & Integration Testing (30 minutes)

  • Add caching layer:
    • Redis integration for frequent queries
    • Cache admin dashboard stats (5-minute TTL)
    • Session storage optimization
  • Implement monitoring:
    • API response time tracking
    • Error rate monitoring
    • Database query performance
    • Third-party service health checks
  • Create integration tests:
    • End-to-end transaction flow
    • Payment webhook handling
    • OTP verification flow
    • Document upload process

🔧 Technical Context

SMS Service Configuration

  • Primary: Twilio (production)
  • Fallback: MessageBird
  • Dev/Test: Console logging
  • Rate limits: 100 SMS/hour per account

Document Storage Strategy

  • Vercel Blob for file storage
  • CDN for fast delivery
  • Temporary URLs for security
  • Background cleanup of orphaned files

Dispute Resolution SLA

  • Initial response: 2 hours
  • Resolution target: 48 hours
  • Escalation: After 48 hours
  • Admin notification: Immediate

Admin Dashboard Requirements

  • Real-time statistics
  • Export capabilities
  • Audit trail
  • Role-based permissions

✅ Acceptance Criteria

  • OTP service sends and validates codes successfully
  • Documents upload and retrieve correctly
  • Disputes can be created and managed
  • Admin dashboard shows accurate statistics
  • Webhooks process payments correctly
  • All endpoints have proper authentication
  • Error handling covers all edge cases
  • Performance metrics meet targets

👥 Developer Assignment

Lead Developer: @uozopio (Umut)
Role: Advanced Backend Services & Integration
Availability for Questions: Slack #dev-backend channel

This task is part of the 2-day MVP sprint for the Paylox Escrow System

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions