Digital receipts for customers + a lightweight dashboard for merchants.
- Live app: https://green-recipt.vercel.app
- Backend health check:
GET /api/health
backend/β Express + MongoDB APIfrontend/β React (Vite) web app
- Customer + merchant auth
- Access token (Bearer) + refresh token stored in an HTTP-only cookie
- OTP-based email verification flow for signup
- Receipts
- Merchants create receipts
- Customers claim receipts via claim code
- Analytics endpoints for customer + merchant dashboards
- UI conveniences
- Dark mode
- i18n scaffolding (English/Hindi)
- PWA assets (manifest + service worker)
Frontend
- React + Vite
- Tailwind CSS
- Axios (configured with
withCredentials: truefor refresh cookie support)
Backend
- Node.js + Express
- MongoDB + Mongoose
- JWT auth (access token + refresh token)
- Security middleware:
helmet,express-rate-limit,express-mongo-sanitize,hpp,compression - Email delivery: SendGrid (optional in local dev)
- Node.js 18+
- MongoDB (local or Atlas)
Optional (but recommended if you want emails/OTP in your inbox):
- SendGrid account + API key
Required:
MONGO_URI=mongodb://localhost:27017/greenreceipt
JWT_SECRET=your_secure_random_string_min_32_charsOptional:
# Server
PORT=5001
NODE_ENV=development
# CORS allowlist (comma-separated). If omitted, defaults include:
# - http://localhost:5173
# - https://green-recipt.vercel.app
CLIENT_URL=http://localhost:5173
# Refresh token signing secret (defaults to JWT_SECRET + "_refresh")
REFRESH_TOKEN_SECRET=your_refresh_secret
# SendGrid (if not set, backend will skip sending emails)
SENDGRID_API_KEY=...
SENDGRID_FROM_EMAIL=...Important note about OTP/email in development:
- If SendGrid is not configured, the backend will skip sending emails.
- When
NODE_ENVis notproduction, OTPs are logged to the backend console (look for[DEV] ... OTP ...).
Optional (defaults to http://localhost:5001/api):
VITE_API_URL=http://localhost:5001/apicd backend
npm install
cd ../frontend
npm installcd backend
npm run devBy default the API runs on http://localhost:5001.
cd frontend
npm run devBy default Vite runs on http://localhost:5173.
- Frontend requests include cookies (
withCredentials: true). - Backend enables CORS credentials and validates origins against
CLIENT_URL. - In production (
NODE_ENV=production), refresh cookies are set withSameSite=None; Secure.
If you see βCORS not allowedβ or refresh doesnβt work:
- Ensure
CLIENT_URLincludes the exact frontend origin (scheme + host + port). - Ensure you are using HTTPS in production (required for
Securecookies).
Base URL: /api
GET /api/health
POST /api/auth/send-signup-otpPOST /api/auth/verify-signup-otpPOST /api/auth/loginPOST /api/auth/refresh(uses refresh cookie)POST /api/auth/logoutGET /api/auth/session(protected)GET /api/auth/me(protected)PATCH /api/auth/me(protected)
Legacy (kept for backward compatibility):
POST /api/auth/signup/customerPOST /api/auth/signup/merchantPOST /api/auth/otp/requestPOST /api/auth/otp/verify
POST /api/receipts(merchant/customer; rate-limited)GET /api/receipts/customer(customer)GET /api/receipts/merchant(merchant)POST /api/receipts/claim(customer)PATCH /api/receipts/:id/mark-paid(merchant)PATCH /api/receipts/:id(protected)DELETE /api/receipts/:id(protected)GET /api/receipts/:id(protected)
GET /api/analytics/customer(customer)GET /api/analytics/merchant(merchant)
- Onboarding:
/api/merchant/onboarding/* - Categories:
/api/merchant/categories* - Items:
/api/merchant/items*
- Dev server:
npm run dev - Production server:
npm start
Receipt date migration (requires MONGO_URI):
cd backend
# Dry run (default)
npm run migrate:receipt-dates
# Apply changes
node scripts/migrate-receipt-dates.js --shiftMinutes -660 --applyThe repo includes a SPA rewrite config (frontend/vercel.json).
Set:
VITE_API_URL=https://<your-backend-domain>/api
Set at least:
MONGO_URIJWT_SECRETCLIENT_URL(comma-separated allowlist; include your Vercel domain)
Optional:
REFRESH_TOKEN_SECRETSENDGRID_API_KEY,SENDGRID_FROM_EMAIL
- MongoDB wonβt connect: verify
MONGO_URIis set and reachable. - OTP email not received: configure SendGrid, or check backend logs for
[DEV] ... OTP ...in non-production. - Refresh/login issues on Vercel + hosted API: ensure
NODE_ENV=production, HTTPS, andCLIENT_URLmatches your frontend origin exactly.
A production-ready digital receipt management platform featuring role-based authentication, bilingual internationalization, and real-time analytics.
Live Demo Β· Architecture Β· API Reference Β· Contributing
- Project Overview
- Key Features
- Architecture
- Tech Stack
- Getting Started
- Environment Configuration
- API Reference
- Security Implementation
- Internationalization
- Scalability Considerations
- Roadmap
- Contributing
- License
GreenReceipt is a full-stack digital receipt platform that connects merchants and customers through QR-code-based instant receipt delivery. The platform eliminates paper waste while providing both parties with actionable insights into their transactions.
βββββββββββββββββββ QR Scan βββββββββββββββββββ Real-time βββββββββββββββββββ
β Merchant β ββββββββββββββββΊ β GreenReceipt β βββββββββββββββββΊ β Customer β
β Dashboard β β API β β Dashboard β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β β β
β β β
βΌ βΌ βΌ
Sales Analytics MongoDB (Mongoose ODM) Spending Insights
Item Management JWT Authentication Receipt Wallet
Receipt Generation Rate-Limited APIs Calendar View
| Challenge | Impact |
|---|---|
| Paper Receipt Waste | 10M+ trees cut annually for receipt paper globally |
| Lost Documentation | 70% of consumers lose receipts needed for returns |
| Manual Expense Tracking | Time-consuming and error-prone for individuals |
| Limited Merchant Analytics | Small businesses lack customer insights |
GreenReceipt provides a dual-portal system:
- Customers receive receipts instantly via QR scan, with automatic categorization and spending analytics
- Merchants generate professional digital receipts while gaining access to sales dashboards and customer behavior insights
| Feature | Description |
|---|---|
| Digital Wallet | Centralized receipt storage with search and filtering |
| Spending Analytics | Category breakdown, merchant distribution, time-series trends |
| Calendar View | Visual timeline with daily transaction summaries |
| Receipt Upload | Digitize legacy paper receipts via image capture |
| QR Claiming | Instant receipt acquisition through merchant QR codes |
| Expense Tracking | Include/exclude receipts from analytics calculations |
| Feature | Description |
|---|---|
| Receipt Generation | Create itemized digital receipts with auto-generated claim codes |
| Sales Dashboard | Real-time revenue metrics, transaction volume, trend analysis |
| Item Management | Product catalog with category organization |
| Customer Analytics | Purchase patterns and repeat customer identification |
| Billing History | Subscription and payment tracking |
| Feature | Description |
|---|---|
| Dark Mode | System-aware theme with manual toggle |
| Bilingual Support | English and Hindi with runtime language switching |
| Responsive Design | Mobile-first UI with desktop optimization |
| PWA Ready | Service worker registration for offline capability |
greenreceipt/
βββ backend/
β βββ src/
β βββ config/
β β βββ db.js # MongoDB connection with pooling
β βββ controllers/
β β βββ analyticsController.js # Cached analytics endpoints
β β βββ authController.js # Auth, OTP, password reset
β β βββ categoryController.js # Category CRUD
β β βββ itemController.js # Item management
β β βββ merchantController.js # Merchant operations
β β βββ receiptController.js # Receipt CRUD + pagination
β βββ middleware/
β β βββ authMiddleware.js # JWT verification + role guard
β β βββ validate.js # Zod schema validation
β βββ models/
β β βββ Category.js # Category schema
β β βββ Item.js # Product schema
β β βββ Merchant.js # Merchant schema + auto-code gen
β β βββ Receipt.js # Receipt schema + indexing
β β βββ User.js # Customer schema + password hashing
β βββ routes/
β β βββ analyticsRoutes.js # Rate-limited analytics
β β βββ authRoutes.js # Public auth endpoints
β β βββ merchantRoutes.js # Protected merchant routes
β β βββ receiptRoutes.js # Protected receipt routes
β βββ utils/
β β βββ sendEmail.js # Nodemailer wrapper
β β βββ timezone.js # IST timezone utilities
β βββ validators/
β β βββ authSchemas.js # Zod auth validation
β β βββ receiptSchemas.js # Zod receipt validation
β βββ server.js # Express app entry point
β
βββ frontend/
β βββ src/
β βββ components/
β β βββ auth/ # Authentication UI
β β βββ common/ # Shared components (Logo, Theme, etc.)
β β βββ customer/ # Customer dashboard components
β β βββ home/ # Landing page sections
β β βββ layout/ # Navbar, Footer
β β βββ merchant/ # Merchant dashboard components
β β βββ onboarding/ # Walkthrough wizards
β βββ contexts/
β β βββ AuthContext.jsx # Auth state management
β β βββ ThemeContext.jsx # Dark mode state
β βββ i18n/
β β βββ index.js # i18next configuration
β β βββ locales/
β β βββ en.json # English translations
β β βββ hi.json # Hindi translations
β βββ pages/ # Route-level components
β βββ services/
β β βββ api.js # Axios instance with interceptors
β βββ utils/
β βββ mockData.js # Development test data
β βββ timezone.js # Client timezone utilities
β
βββ public/
β βββ manifest.json # PWA manifest
β βββ sw.js # Service worker
β
βββ README.md
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β User β β Merchant β β Receipt β
ββββββββββββββββ€ ββββββββββββββββ€ ββββββββββββββββ€
β _id β β _id β β _id β
β name β β businessName β β merchantId ββββ
β email β β email β β customerId ββββΌβββΊ References
β password β β password β β items[] β β
β isVerified β β merchantCode β β total β β
β otp{} β β category β β claimCode β β
β resetToken β β isVerified β β isClaimed ββββ
ββββββββββββββββ ββββββββββββββββ β createdAt β
ββββββββββββββββ
| Technology | Version | Purpose |
|---|---|---|
| React | 19.2.0 | UI framework with concurrent features |
| Vite | 6.3.5 | Build tool and dev server |
| Tailwind CSS | 3.4.17 | Utility-first styling |
| React Router | 6.23.1 | Client-side routing |
| i18next | 25.7.1 | Internationalization framework |
| Framer Motion | 12.23.3 | Animation library |
| Axios | 1.9.0 | HTTP client with interceptors |
| Lucide React | 0.511.0 | Icon library |
| Recharts | 2.15.2 | Data visualization |
| React Hot Toast | 2.5.2 | Notification system |
| Technology | Version | Purpose |
|---|---|---|
| Node.js | 18+ | Runtime environment |
| Express | 4.19.2 | Web framework |
| Mongoose | 8.5.1 | MongoDB ODM |
| jsonwebtoken | 9.0.2 | JWT authentication |
| bcryptjs | 2.4.3 | Password hashing |
| Zod | 3.23.8 | Schema validation |
| Helmet | 8.1.0 | Security headers |
| express-rate-limit | 7.2.0 | Rate limiting |
| express-mongo-sanitize | 2.2.0 | NoSQL injection prevention |
| compression | 1.7.4 | Response compression |
| Nodemailer | 6.9.14 | Email delivery |
- Node.js 18.0.0 or higher
- MongoDB 6.0+ (local installation or Atlas cluster)
- SMTP credentials (Gmail App Password recommended for development)
# Clone the repository
git clone https://github.com/yourusername/greenreceipt.git
cd greenreceipt
# Install backend dependencies
cd backend
npm install
# Install frontend dependencies
cd ../frontend
npm install# Terminal 1: Start backend server
cd backend
npm run dev
# Terminal 2: Start frontend dev server
cd frontend
npm run devThe application will be available at http://localhost:5173 with the API running on http://localhost:5001.
# Server Configuration
PORT=5001
NODE_ENV=development
# Database
MONGO_URI=mongodb://localhost:27017/greenreceipt
# Authentication
JWT_SECRET=your_secure_random_string_min_32_chars
# Email Service (Gmail with App Password)
EMAIL_USER=your_email@gmail.com
EMAIL_PASS=your_16_char_app_password
# CORS
CLIENT_URL=http://localhost:5173VITE_API_URL=http://localhost:5001/api| Variable | Required | Description |
|---|---|---|
PORT |
Yes | Backend server port |
NODE_ENV |
Yes | development or production |
MONGO_URI |
Yes | MongoDB connection string |
JWT_SECRET |
Yes | Secret for JWT signing (min 32 characters) |
EMAIL_USER |
Yes | SMTP email address |
EMAIL_PASS |
Yes | SMTP password or app password |
CLIENT_URL |
Yes | Frontend URL for CORS whitelist |
VITE_API_URL |
Yes | Backend API base URL |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
POST |
/api/auth/signup/customer |
Register new customer | No |
POST |
/api/auth/signup/merchant |
Register new merchant | No |
POST |
/api/auth/login |
Authenticate user | No |
POST |
/api/auth/otp/request |
Request OTP email | No |
POST |
/api/auth/otp/verify |
Verify OTP code | No |
POST |
/api/auth/forgot-password |
Request password reset | No |
POST |
/api/auth/reset-password |
Reset password with token | No |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/api/receipts/customer |
Get customer receipts (paginated) | JWT |
GET |
/api/receipts/merchant |
Get merchant receipts (paginated) | JWT |
POST |
/api/receipts |
Create new receipt | JWT (Merchant) |
POST |
/api/receipts/claim |
Claim receipt via code | JWT (Customer) |
GET |
/api/receipts/:id |
Get receipt by ID | JWT |
PATCH |
/api/receipts/:id |
Update receipt | JWT |
DELETE |
/api/receipts/:id |
Delete receipt | JWT |
| Method | Endpoint | Description | Auth |
|---|---|---|---|
GET |
/api/analytics/customer |
Customer spending analytics | JWT |
GET |
/api/analytics/merchant |
Merchant sales analytics | JWT |
All API responses follow a consistent structure:
{
"success": true,
"data": { },
"message": "Operation completed successfully"
}Error responses:
{
"success": false,
"error": "Error description",
"code": "ERROR_CODE"
}βββββββββββ Email/Password βββββββββββ JWT Token βββββββββββ
β Client β βββββββββββββββββββΊ β API β βββββββββββββββΊ β Client β
βββββββββββ βββββββββββ βββββββββββ
β β β
β OTP Request β β
β βββββββββββββββββββββββββββββββΊβ β
β β β
β OTP Verify β β
β βββββββββββββββββββββββββββββββΊβ β
β β Set Verified=true β
β β βββββββββββββββββββββββββββΊβ
| Layer | Implementation | Configuration |
|---|---|---|
| Headers | Helmet.js | XSS, CSP, clickjacking, MIME sniffing protection |
| Rate Limiting | express-rate-limit | 300 requests per 15-minute window |
| Input Sanitization | express-mongo-sanitize | Strips $ and . from request body |
| Parameter Pollution | hpp | Prevents HTTP parameter pollution |
| Password Hashing | bcryptjs | 12 salt rounds |
| Token Security | JWT | 7-day expiry, HS256 algorithm |
| OTP Security | Custom | 6 digits, 10-minute expiry, 5 attempts max |
| Body Parsing | Express | 10KB limit on JSON payloads |
| CORS | cors middleware | Whitelist-based origin control |
| Proxy Trust | Express | Configured for deployment behind reverse proxy |
// Security headers
app.use(helmet());
// Rate limiting
app.use(rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 300, // 300 requests per window
standardHeaders: true,
legacyHeaders: false,
}));
// NoSQL injection prevention
app.use(mongoSanitize());
// HTTP parameter pollution prevention
app.use(hpp());
// Body size limit
app.use(express.json({ limit: '10kb' }));
// CORS configuration
app.use(cors({
origin: process.env.CLIENT_URL,
credentials: true,
}));GreenReceipt implements bilingual support (English and Hindi) using i18next with the following architecture:
// i18n/index.js
i18n
.use(LanguageDetector)
.use(initReactI18next)
.init({
resources: {
en: { translation: en },
hi: { translation: hi },
},
fallbackLng: 'en',
supportedLngs: ['en', 'hi'],
detection: {
order: ['localStorage', 'navigator'],
lookupLocalStorage: 'greenreceipt-lang',
caches: ['localStorage'],
},
});- localStorage (
greenreceipt-langkey) - Browser language (navigator.language)
- Fallback to English
import { useTranslation } from 'react-i18next';
function Component() {
const { t, i18n } = useTranslation();
return (
<div>
<h1>{t('dashboard.title')}</h1>
<button onClick={() => i18n.changeLanguage('hi')}>
{t('settings.switchToHindi')}
</button>
</div>
);
}Both customer and merchant interfaces are fully translated including:
- Navigation and sidebar items
- Dashboard statistics and labels
- Form fields and validation messages
- Notifications and alerts
- Settings and profile pages
- Connection Pooling: Mongoose default pool size with automatic connection management
- Indexing: Compound indexes on frequently queried fields (
merchantId + createdAt,customerId + isClaimed) - Pagination: Cursor-based pagination for receipt lists to handle large datasets
- Analytics Caching: 5-minute TTL on computed analytics to reduce database load
- Static Asset Caching: Vite build with content hashing for long-term browser caching
- Stateless API: JWT-based auth enables multi-instance deployment
- Environment-based Config: All secrets externalized for container orchestration
- Health Check Endpoint: Available for load balancer configuration
| Area | Implementation |
|---|---|
| Response Compression | gzip via compression middleware |
| Code Splitting | Vite dynamic imports for route-based chunks |
| Image Optimization | WebP format with fallbacks |
| Bundle Analysis | vite-bundle-visualizer for size monitoring |
- Customer and merchant authentication with OTP verification
- Receipt CRUD operations with claim codes
- Basic analytics dashboards
- Receipt upload functionality
- Dark mode implementation
- Bilingual support (English/Hindi)
- Push notifications for new receipts
- Receipt OCR for paper digitization
- Export to PDF/Excel
- Advanced filtering and search
- Batch receipt operations
- POS integration SDK
- Merchant subscription tiers
- White-label solution
- React Native mobile apps
- Machine learning insights
We welcome contributions from the community. Please follow these guidelines:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature-name - Commit with conventional commits:
git commit -m "feat: add new feature" - Push to your fork:
git push origin feature/your-feature-name - Open a Pull Request with a clear description
- Linting: ESLint with React recommended rules
- Formatting: Consistent indentation (2 spaces)
- Naming: camelCase for functions/variables, PascalCase for components
- Comments: JSDoc for utilities, inline comments for complex logic
<type>(<scope>): <description>
[optional body]
[optional footer]
Types: feat, fix, docs, style, refactor, test, chore
# Run backend
cd backend && npm run dev
# Run frontend
cd frontend && npm run dev
# Build for production
cd frontend && npm run buildThis project is licensed under the MIT License. See the LICENSE file for details.
Live Demo Β· Report Issue Β· Request Feature