Skip to content

shan-devinda/SecureFlow-ERP

Repository files navigation

🔐 SecureFlow ERP

Secure Enterprise Resource Planning System for IT Departments

Next.js TypeScript Prisma License

A centralized, web-based ERP system designed to manage all IT department operations through a single secure platform. Built as a full-stack academic capstone project demonstrating enterprise-grade security and modern web development.

Features · Modules · Setup · Tech Stack · Roles · Screenshots


📋 Table of Contents


🌐 Project Overview

SecureFlow ERP is a centralized, web-based enterprise application designed to manage all IT department operations through a single secure platform. Instead of relying on multiple disconnected tools, the system integrates:

  • 🖥️ IT Asset Management — Hardware and software inventory lifecycle
  • 🎫 Help Desk — Ticket management with SLA tracking and Kanban board
  • 🔒 Cybersecurity Monitoring — Incidents, vulnerabilities, and risk assessments
  • 👥 User Access Management — RBAC with 7 granular roles
  • 📋 Project Management — Milestones, progress, and team tracking
  • 📜 Software Licensing — Seat allocation and expiry alerts
  • 📁 Documentation Center — SOPs, policies, and approval workflows
  • 🛒 Procurement Management — POs, vendor management, approvals
  • 📊 Real-time Dashboard — Live charts and KPIs
  • 📈 Reports — 6 report types with export support

✨ Features

🔐 Security

  • JWT Authentication — HttpOnly cookies with 8-hour session lifetime and sliding expiry
  • Multi-Factor Authentication (MFA) — TOTP-based second factor per user
  • Role-Based Access Control (RBAC) — 7 roles with least-privilege scoping
  • Session Management — Auto-refresh via Next.js middleware; revokable active sessions
  • Secure CookieshttpOnly, sameSite: lax, secure in production
  • Middleware Guard — All protected routes redirect to login if unauthenticated

🎨 UI/UX

  • Dark Navy Corporate Theme — Custom CSS design system with glassmorphism layers
  • Responsive Layout — Sidebar navigation + topbar with role switcher
  • Interactive Charts — Area, Bar, Pie charts via Recharts
  • Micro-animations — Hover effects, transitions, and loading states
  • QR Code Generator — Per-asset QR codes via qrcode.react
  • Kanban Board — Drag-style ticket status columns for Help Desk

💾 Database

  • Prisma ORM v5 — Type-safe database queries with full CRUD
  • Relational Schema — 14 models with proper foreign keys
  • Seed Data — Pre-populated with realistic demo data
  • SQLite (dev) / PostgreSQL (prod) — Easily switchable via env

📦 Modules

# Module Description
1 Dashboard Real-time KPIs, charts, recent tickets and incidents
2 User Management Create, edit, disable users; assign roles and departments
3 Asset Management Register assets, track warranty, assign, QR codes
4 Help Desk Kanban board, SLA tracking, comments, ticket CRUD
5 Network Device topology, IP tracking, uptime monitoring
6 Security Incidents, vulnerabilities (CVSS), risk assessments
7 Projects Progress tracking, milestones, team members
8 Documents SOPs, policies, version control, approval workflow
9 Procurement Purchase orders, approval workflow, vendor tracking
10 Licenses Seat usage, expiry alerts, annual cost tracking
11 Reports 6 report types (Ticket, Asset, Security, SLA, Financial, Audit)
12 Notifications In-app alerts with email/SMS/push preference panel
13 Settings Profile, password, MFA, active sessions, security policies, backup

👥 User Roles

Role Label Key Permissions
admin System Administrator Full system access — users, settings, audit logs
manager IT Manager Dashboard, reports, project oversight, approvals
helpdesk Help Desk Engineer Ticket CRUD, knowledge base
network Network Administrator Network devices, topology, maintenance
security Security Analyst Incidents, vulnerabilities, risk assessments
asset Asset Manager Asset registration, assignment, warranties
employee Employee Submit tickets, view assigned assets

Role switching is available via the topbar dropdown for demo/testing purposes.


🛠️ Tech Stack

Layer Technology
Framework Next.js 16 (App Router)
Language TypeScript 5
Styling Custom CSS (CSS Variables, Glassmorphism)
State React useState + useContext (AuthContext)
ORM Prisma v5
Database SQLite (dev) / PostgreSQL (prod)
Auth JWT via jose library, HttpOnly cookies
Charts Recharts
Icons Lucide React
QR Codes qrcode.react
Forms React Hook Form + Zod

🚀 Getting Started

Prerequisites

  • Node.js v18 or higher
  • npm v9 or higher
  • Git

1. Clone the repository

git clone https://github.com/YOUR_USERNAME/secureflow-erp.git
cd secureflow-erp

2. Install dependencies

npm install

prisma generate runs automatically after install via postinstall script.

3. Set up environment variables

cp .env.example .env.local

Edit .env.local and set at minimum:

JWT_SECRET=your-secure-random-secret
DATABASE_URL=file:./dev.db

4. Initialize the database

# Push schema to SQLite database
npm run db:push

# Seed with demo data (users, assets, tickets, etc.)
npm run db:seed

5. Start the development server

npm run dev

Open http://localhost:3000 — you will be redirected to the login page.


📁 Project Structure

secureflow-erp/
├── prisma/
│   ├── schema.prisma        # Database schema (14 models)
│   └── seed.ts              # Demo data seeder
├── src/
│   ├── app/
│   │   ├── (dashboard)/     # All protected dashboard pages
│   │   │   ├── dashboard/   # Main dashboard with charts
│   │   │   ├── users/       # User management CRUD
│   │   │   ├── assets/      # IT asset management
│   │   │   ├── helpdesk/    # Ticket management + Kanban
│   │   │   ├── network/     # Network device monitoring
│   │   │   ├── security/    # Cybersecurity incidents
│   │   │   ├── projects/    # Project management
│   │   │   ├── documents/   # Documentation center
│   │   │   ├── procurement/ # Purchase order management
│   │   │   ├── licenses/    # Software license tracking
│   │   │   ├── reports/     # Reports and analytics
│   │   │   ├── notifications/ # In-app notification center
│   │   │   └── settings/    # Profile, security, system settings
│   │   ├── actions/         # Server Actions (Prisma CRUD)
│   │   │   ├── authActions.ts
│   │   │   ├── userActions.ts
│   │   │   ├── assetActions.ts
│   │   │   ├── ticketActions.ts
│   │   │   ├── dashboardActions.ts
│   │   │   └── ... (8 total)
│   │   ├── login/           # Authentication page
│   │   ├── globals.css      # Global CSS design system
│   │   └── layout.tsx       # Root layout + metadata
│   ├── components/
│   │   └── layout/          # Sidebar, Topbar components
│   ├── contexts/
│   │   └── AuthContext.tsx  # Global auth state + role switching
│   ├── lib/
│   │   ├── auth.ts          # JWT encrypt/decrypt/session
│   │   ├── prisma.ts        # Prisma client singleton
│   │   └── mockData.ts      # Seed data source
│   └── middleware.ts         # Route protection middleware
├── .env.example             # Environment variables template
├── .gitignore
├── package.json
└── README.md

🔧 Environment Variables

Copy .env.example to .env.local and configure:

Variable Description Default
JWT_SECRET Secret key for JWT signing ⚠️ Must change in production
DATABASE_URL Prisma database connection string file:./dev.db
NODE_ENV Environment (development/production) development

🗃️ Database Schema

The Prisma schema defines 14 models:

Model Description
User System users with roles, MFA, status
Asset IT hardware and software inventory
Ticket Help desk support tickets
Comment Comments on tickets (1-to-many)
License Software licenses with seat tracking
SecurityIncident Cybersecurity incidents
Vulnerability CVE/CVSS vulnerability tracker
Project IT projects with milestones and teams
Document Documentation with version control
PurchaseOrder Procurement and purchase requests
NetworkDevice Network device inventory
Notification In-app notification records

SQLite is used by default for development. Switch to PostgreSQL by updating DATABASE_URL in .env.local and changing provider = "postgresql" in prisma/schema.prisma.


🔒 Security Implementation

Control Implementation
JWT Auth Signed with HS256 via jose library; stored in HttpOnly cookie
MFA TOTP simulation — code 123456 for MFA-enabled accounts
RBAC 7 role types enforced through AuthContext and middleware
Session Expiry 8-hour JWT lifetime with automatic sliding expiry
Route Guard middleware.ts protects all non-login routes
CSRF sameSite: 'lax' cookie attribute
SQL Injection Prevented by Prisma ORM parameterized queries
Password Policy Argon2 hashing documented; bcrypt used in implementation
Secure Headers secure: true on cookies in production
Audit Logging Audit log table in Reports → User Activity

🔑 Demo Credentials

After seeding the database, use any of these accounts to log in:

Role Email Password MFA
System Admin admin@company.com password None
IT Manager manager@company.com password None
Help Desk helpdesk@company.com password 123456
Network Admin network@company.com password None
Security Analyst security@company.com password 123456
Asset Manager asset@company.com password None
Employee employee@company.com password None

The password field in the DB stores a mock bcrypt hash. Authentication is simulated — any password is accepted for the demo users.


📸 Screenshots

🔐 Login Page

SecureFlow ERP Login Page

Secure authentication with MFA support, quick-access role buttons, and live system stats preview.


📊 Main Dashboard

SecureFlow ERP Dashboard

Real-time KPIs, ticket trend area chart, asset distribution pie chart, and recent security incidents — all from live database.


👥 User Management

User Management

Full CRUD for all 7 user roles. Create, edit, disable users and assign departments with role-color-coded badges.


🖥️ Asset Management

IT Asset Management

Register, assign, and track all IT hardware assets. Filter by category, toggle table/grid view, and generate QR codes.


🎫 Help Desk — Kanban Board

Help Desk Kanban

Ticket management with SLA countdown, priority badges, Kanban board view, and threaded comments per ticket.


🔒 Cybersecurity Monitor

Cybersecurity Management

Track security incidents, vulnerabilities with CVSS scores, and risk assessments. Color-coded by severity.


📋 Project Management

Project Management

Manage IT projects with milestone tracking, team member assignment, and progress visualization.


📜 License Management

License Management

Monitor software licenses, seat usage bars, expiry alerts, and annual cost tracking per product.


📈 Reports & Analytics

Reports

6 built-in report types with interactive charts, date range filtering, and PDF/Excel/CSV export buttons.


⚙️ Settings & Security Policies

Settings

Profile management, password policy, MFA configuration, active session revocation, and backup/DR configuration.


📦 Available Scripts

Script Description
npm run dev Start development server on port 3000
npm run build Build optimized production bundle
npm run start Start production server
npm run lint Run ESLint checks
npm run db:push Apply Prisma schema to database
npm run db:seed Seed database with demo data
npm run db:studio Open Prisma Studio (visual DB browser)

🚀 Deployment

Vercel (Recommended)

  1. Push your repository to GitHub
  2. Import the project in Vercel Dashboard
  3. Add environment variables in Vercel project settings
  4. Update DATABASE_URL to a production PostgreSQL connection string (e.g., Supabase, Neon, or Railway)
  5. Deploy!

Manual (VPS/Server)

# Build the project
npm run build

# Start production server
npm run start

📄 License

This project is licensed under the MIT License — see the LICENSE file for details.


👤 Author

Developed as a Final Year Capstone Project demonstrating enterprise-level secure web application development with Next.js, Prisma, and modern TypeScript patterns.


SecureFlow ERP — Secure · Scalable · Centralized

About

SecureIT ERP is a secure web-based ERP system for IT department management, featuring role-based access control, asset management, help desk, cybersecurity, project management, and reporting.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors