Overview
Logiceipt is an enterprise-grade receipt generation platform built for EC CARGO, a logistics company handling goods received notes and invoices at scale. The platform enables staff to create, export, and email professional receipts with role-based access control, audit logging, and enterprise security built in from the ground up.
The system supports multi-tenant architecture with an invite-only authentication model, ensuring only authorized personnel can access and manage receipt operations.
Key Features
- Two Receipt Templates – EC CARGO Goods Received Note and EC CARGO Invoice with fixed table headers, dynamic rows, and auto-calculated totals.
- Multi-Format Export – Generate receipts as PDF, PNG, or JPEG, rendered server-side via Puppeteer for consistent output.
- Email Delivery – Direct SMTP sending with 3 retry attempts using exponential backoff, plus full delivery logging.
- Role-Based Access Control – Three-tier hierarchy (Super Admin → Manager → Worker) with granular route protection.
- Invite-Only Authentication – No self-registration. Admins invite users via signed JWT email links with 48-hour expiry.
- Audit Trail – Every significant action logged including logins, CRUD operations, role changes, and emails sent.
- Refresh Token Rotation – Theft detection with automatic token invalidation for compromised sessions.
Tech Stack
| Layer | Technology |
|---|---|
| Backend | Express.js + TypeScript, Node.js 20+ |
| Frontend | Next.js 14 (App Router) + TypeScript + Tailwind CSS |
| Database | MongoDB 7 (Mongoose ODM) |
| Nodemailer (direct SMTP with retry) | |
| Validation | Zod schemas for input validation |
| Deployment | Vercel (frontend) + Node.js host (backend) |
How It Works
- Create Receipt – Staff select a template (Goods Received Note or Invoice), fill in line items, and the system auto-calculates totals.
- Export – Download the receipt as PDF, PNG, or JPEG with consistent server-side rendering.
- Email – Send the receipt directly to the client’s email with automated retry and delivery tracking.
Security
The platform is built with OWASP Top 10 compliance in mind:
- Access Control – RBAC middleware with company-scoped queries preventing IDOR attacks and JWT HTTP-only cookies.
- Injection Prevention – Zod input validation, MongoDB sanitization, and parameterized queries.
- Auth Hardening – Account lockout after 5 failed attempts, refresh token rotation with theft detection.
- Infrastructure – Helmet headers, CORS whitelist, rate limiting, and no stack traces in production.
- Audit & Logging – Winston structured logging with full audit trail and email delivery tracking.
Benefits
- Operational efficiency with standardized receipt templates and automated calculations.
- Enterprise-grade security with RBAC, invite-only access, and comprehensive audit logging.
- Flexible delivery with multi-format export and reliable email sending with retry logic.
- Multi-tenant ready with company-scoped data isolation and role-based permissions.
Get in Touch
Need a custom business operations platform for your organization? Contact us to discuss how we can build a solution tailored to your workflow.