A centralized, web-based ERP system designed to manage all IT department operations through a single secure platform. Built as a full-stack academic capstone project demonstrating enterprise-grade security and modern web development.
Features · Modules · Setup · Tech Stack · Roles · Screenshots
- Project Overview
- Features
- Modules
- User Roles
- Tech Stack
- Getting Started
- Project Structure
- Environment Variables
- Database Schema
- Security Implementation
- Demo Credentials
- Screenshots
- License
SecureFlow ERP is a centralized, web-based enterprise application designed to manage all IT department operations through a single secure platform. Instead of relying on multiple disconnected tools, the system integrates:
- 🖥️ IT Asset Management — Hardware and software inventory lifecycle
- 🎫 Help Desk — Ticket management with SLA tracking and Kanban board
- 🔒 Cybersecurity Monitoring — Incidents, vulnerabilities, and risk assessments
- 👥 User Access Management — RBAC with 7 granular roles
- 📋 Project Management — Milestones, progress, and team tracking
- 📜 Software Licensing — Seat allocation and expiry alerts
- 📁 Documentation Center — SOPs, policies, and approval workflows
- 🛒 Procurement Management — POs, vendor management, approvals
- 📊 Real-time Dashboard — Live charts and KPIs
- 📈 Reports — 6 report types with export support
- JWT Authentication — HttpOnly cookies with 8-hour session lifetime and sliding expiry
- Multi-Factor Authentication (MFA) — TOTP-based second factor per user
- Role-Based Access Control (RBAC) — 7 roles with least-privilege scoping
- Session Management — Auto-refresh via Next.js middleware; revokable active sessions
- Secure Cookies —
httpOnly,sameSite: lax,securein production - Middleware Guard — All protected routes redirect to login if unauthenticated
- Dark Navy Corporate Theme — Custom CSS design system with glassmorphism layers
- Responsive Layout — Sidebar navigation + topbar with role switcher
- Interactive Charts — Area, Bar, Pie charts via Recharts
- Micro-animations — Hover effects, transitions, and loading states
- QR Code Generator — Per-asset QR codes via
qrcode.react - Kanban Board — Drag-style ticket status columns for Help Desk
- Prisma ORM v5 — Type-safe database queries with full CRUD
- Relational Schema — 14 models with proper foreign keys
- Seed Data — Pre-populated with realistic demo data
- SQLite (dev) / PostgreSQL (prod) — Easily switchable via env
| # | Module | Description |
|---|---|---|
| 1 | Dashboard | Real-time KPIs, charts, recent tickets and incidents |
| 2 | User Management | Create, edit, disable users; assign roles and departments |
| 3 | Asset Management | Register assets, track warranty, assign, QR codes |
| 4 | Help Desk | Kanban board, SLA tracking, comments, ticket CRUD |
| 5 | Network | Device topology, IP tracking, uptime monitoring |
| 6 | Security | Incidents, vulnerabilities (CVSS), risk assessments |
| 7 | Projects | Progress tracking, milestones, team members |
| 8 | Documents | SOPs, policies, version control, approval workflow |
| 9 | Procurement | Purchase orders, approval workflow, vendor tracking |
| 10 | Licenses | Seat usage, expiry alerts, annual cost tracking |
| 11 | Reports | 6 report types (Ticket, Asset, Security, SLA, Financial, Audit) |
| 12 | Notifications | In-app alerts with email/SMS/push preference panel |
| 13 | Settings | Profile, password, MFA, active sessions, security policies, backup |
| Role | Label | Key Permissions |
|---|---|---|
admin |
System Administrator | Full system access — users, settings, audit logs |
manager |
IT Manager | Dashboard, reports, project oversight, approvals |
helpdesk |
Help Desk Engineer | Ticket CRUD, knowledge base |
network |
Network Administrator | Network devices, topology, maintenance |
security |
Security Analyst | Incidents, vulnerabilities, risk assessments |
asset |
Asset Manager | Asset registration, assignment, warranties |
employee |
Employee | Submit tickets, view assigned assets |
Role switching is available via the topbar dropdown for demo/testing purposes.
| Layer | Technology |
|---|---|
| Framework | Next.js 16 (App Router) |
| Language | TypeScript 5 |
| Styling | Custom CSS (CSS Variables, Glassmorphism) |
| State | React useState + useContext (AuthContext) |
| ORM | Prisma v5 |
| Database | SQLite (dev) / PostgreSQL (prod) |
| Auth | JWT via jose library, HttpOnly cookies |
| Charts | Recharts |
| Icons | Lucide React |
| QR Codes | qrcode.react |
| Forms | React Hook Form + Zod |
- Node.js v18 or higher
- npm v9 or higher
- Git
git clone https://github.com/YOUR_USERNAME/secureflow-erp.git
cd secureflow-erpnpm install
prisma generateruns automatically after install viapostinstallscript.
cp .env.example .env.localEdit .env.local and set at minimum:
JWT_SECRET=your-secure-random-secret
DATABASE_URL=file:./dev.db# Push schema to SQLite database
npm run db:push
# Seed with demo data (users, assets, tickets, etc.)
npm run db:seednpm run devOpen http://localhost:3000 — you will be redirected to the login page.
secureflow-erp/
├── prisma/
│ ├── schema.prisma # Database schema (14 models)
│ └── seed.ts # Demo data seeder
├── src/
│ ├── app/
│ │ ├── (dashboard)/ # All protected dashboard pages
│ │ │ ├── dashboard/ # Main dashboard with charts
│ │ │ ├── users/ # User management CRUD
│ │ │ ├── assets/ # IT asset management
│ │ │ ├── helpdesk/ # Ticket management + Kanban
│ │ │ ├── network/ # Network device monitoring
│ │ │ ├── security/ # Cybersecurity incidents
│ │ │ ├── projects/ # Project management
│ │ │ ├── documents/ # Documentation center
│ │ │ ├── procurement/ # Purchase order management
│ │ │ ├── licenses/ # Software license tracking
│ │ │ ├── reports/ # Reports and analytics
│ │ │ ├── notifications/ # In-app notification center
│ │ │ └── settings/ # Profile, security, system settings
│ │ ├── actions/ # Server Actions (Prisma CRUD)
│ │ │ ├── authActions.ts
│ │ │ ├── userActions.ts
│ │ │ ├── assetActions.ts
│ │ │ ├── ticketActions.ts
│ │ │ ├── dashboardActions.ts
│ │ │ └── ... (8 total)
│ │ ├── login/ # Authentication page
│ │ ├── globals.css # Global CSS design system
│ │ └── layout.tsx # Root layout + metadata
│ ├── components/
│ │ └── layout/ # Sidebar, Topbar components
│ ├── contexts/
│ │ └── AuthContext.tsx # Global auth state + role switching
│ ├── lib/
│ │ ├── auth.ts # JWT encrypt/decrypt/session
│ │ ├── prisma.ts # Prisma client singleton
│ │ └── mockData.ts # Seed data source
│ └── middleware.ts # Route protection middleware
├── .env.example # Environment variables template
├── .gitignore
├── package.json
└── README.md
Copy .env.example to .env.local and configure:
| Variable | Description | Default |
|---|---|---|
JWT_SECRET |
Secret key for JWT signing | |
DATABASE_URL |
Prisma database connection string | file:./dev.db |
NODE_ENV |
Environment (development/production) |
development |
The Prisma schema defines 14 models:
| Model | Description |
|---|---|
User |
System users with roles, MFA, status |
Asset |
IT hardware and software inventory |
Ticket |
Help desk support tickets |
Comment |
Comments on tickets (1-to-many) |
License |
Software licenses with seat tracking |
SecurityIncident |
Cybersecurity incidents |
Vulnerability |
CVE/CVSS vulnerability tracker |
Project |
IT projects with milestones and teams |
Document |
Documentation with version control |
PurchaseOrder |
Procurement and purchase requests |
NetworkDevice |
Network device inventory |
Notification |
In-app notification records |
SQLite is used by default for development. Switch to PostgreSQL by updating
DATABASE_URLin.env.localand changingprovider = "postgresql"inprisma/schema.prisma.
| Control | Implementation |
|---|---|
| JWT Auth | Signed with HS256 via jose library; stored in HttpOnly cookie |
| MFA | TOTP simulation — code 123456 for MFA-enabled accounts |
| RBAC | 7 role types enforced through AuthContext and middleware |
| Session Expiry | 8-hour JWT lifetime with automatic sliding expiry |
| Route Guard | middleware.ts protects all non-login routes |
| CSRF | sameSite: 'lax' cookie attribute |
| SQL Injection | Prevented by Prisma ORM parameterized queries |
| Password Policy | Argon2 hashing documented; bcrypt used in implementation |
| Secure Headers | secure: true on cookies in production |
| Audit Logging | Audit log table in Reports → User Activity |
After seeding the database, use any of these accounts to log in:
| Role | Password | MFA | |
|---|---|---|---|
| System Admin | admin@company.com |
password |
None |
| IT Manager | manager@company.com |
password |
None |
| Help Desk | helpdesk@company.com |
password |
123456 |
| Network Admin | network@company.com |
password |
None |
| Security Analyst | security@company.com |
password |
123456 |
| Asset Manager | asset@company.com |
password |
None |
| Employee | employee@company.com |
password |
None |
The password field in the DB stores a mock bcrypt hash. Authentication is simulated — any password is accepted for the demo users.
Secure authentication with MFA support, quick-access role buttons, and live system stats preview.
Real-time KPIs, ticket trend area chart, asset distribution pie chart, and recent security incidents — all from live database.
Full CRUD for all 7 user roles. Create, edit, disable users and assign departments with role-color-coded badges.
Register, assign, and track all IT hardware assets. Filter by category, toggle table/grid view, and generate QR codes.
Ticket management with SLA countdown, priority badges, Kanban board view, and threaded comments per ticket.
Track security incidents, vulnerabilities with CVSS scores, and risk assessments. Color-coded by severity.
Manage IT projects with milestone tracking, team member assignment, and progress visualization.
Monitor software licenses, seat usage bars, expiry alerts, and annual cost tracking per product.
6 built-in report types with interactive charts, date range filtering, and PDF/Excel/CSV export buttons.
Profile management, password policy, MFA configuration, active session revocation, and backup/DR configuration.
| Script | Description |
|---|---|
npm run dev |
Start development server on port 3000 |
npm run build |
Build optimized production bundle |
npm run start |
Start production server |
npm run lint |
Run ESLint checks |
npm run db:push |
Apply Prisma schema to database |
npm run db:seed |
Seed database with demo data |
npm run db:studio |
Open Prisma Studio (visual DB browser) |
- Push your repository to GitHub
- Import the project in Vercel Dashboard
- Add environment variables in Vercel project settings
- Update
DATABASE_URLto a production PostgreSQL connection string (e.g., Supabase, Neon, or Railway) - Deploy!
# Build the project
npm run build
# Start production server
npm run startThis project is licensed under the MIT License — see the LICENSE file for details.
Developed as a Final Year Capstone Project demonstrating enterprise-level secure web application development with Next.js, Prisma, and modern TypeScript patterns.









