A comprehensive mobile-first Progressive Web Application (PWA) designed for saree manufacturing businesses to manage their complete production workflow - from grey fabric procurement through mill processing, cutting, stitching, accessory management, and financial accounting.
- Features
- Tech Stack
- Prerequisites
- Installation
- Environment Setup
- Running the Application
- Default Credentials
- User Roles
- Production Readiness
- Deployment
- Security Considerations
- Project Structure
- API Documentation
-
Authentication & User Management
- Secure JWT-based authentication
- Role-based access control (5 user roles)
- User creation and management (Owner only)
-
Dashboard (Owner Only)
- Real-time business overview
- Today's cutting statistics
- Pending stitching counts
- Grey fabric stock levels
- Credit due tracking
- Low stock alerts
- Recent activity feed
-
Mill Module
- Grey Incoming: Track raw fabric procurement
- Mill Incoming: Monitor processing at mills (dyeing, printing)
- Shrinkage calculations
- Bill and challan tracking
-
Cutting Module
- Fabric cutting reports
- Auto-calculation of sarees from meters (~5.5m per saree)
- Design code tracking
- Lace and blouse consumption
- Waste tracking
-
Stitching Module
- Tailor/unit work assignment
- Payment tracking per saree
- Progress monitoring (issued vs completed)
- Auto-calculated total payments
-
Accounts Module
- Sales Entry: Invoice management with cash/bank/credit tracking
- Expense Entry: Expense categorization and payment mode tracking
- Payment status tracking
- Due date reminders for credit sales
-
Accessories Module
- Incoming: Lace and blouse inventory tracking
- Issue: Accessory issuance to production units
- Stock level monitoring
- Low stock alerts
- Next.js 14 - React framework with App Router
- React 18 - UI library
- TailwindCSS - Utility-first CSS framework
- shadcn/ui - Accessible component library
- Lucide React - Icon library
- Sonner - Toast notifications
- React Hook Form - Form management
- Zod - Schema validation
- Next.js API Routes - Serverless API endpoints
- MongoDB - NoSQL database
- JWT - Authentication tokens
- bcryptjs - Password hashing
- Yarn - Package manager
- ESLint - Code linting
- TypeScript - (Can be enabled)
Before you begin, ensure you have the following installed:
-
Node.js (v18.0 or higher)
node --version
-
Yarn (v1.22 or higher)
yarn --version
-
MongoDB (v5.0 or higher)
- Local installation OR
- MongoDB Atlas account (cloud)
-
Git (for cloning the repository)
git clone <repository-url>
cd erpyarn installThis will install all required dependencies defined in package.json.
Create a .env file in the root directory with the following variables:
# MongoDB Configuration (REQUIRED)
MONGO_URL=mongodb://localhost:27017
# OR for MongoDB Atlas:
# MONGO_URL=mongodb+srv://username:password@cluster.mongodb.net/?retryWrites=true&w=majority
# Database Name (Optional - defaults to 'saree_erp')
DB_NAME=saree_erp
# JWT Secret (REQUIRED for production - use a strong random string)
JWT_SECRET=your-super-secret-jwt-key-change-this-in-production
# CORS Origins (Optional - defaults to '*')
# For production, specify your domain:
# CORS_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
CORS_ORIGINS=*For production, generate a strong JWT secret:
On Linux/Mac:
openssl rand -base64 32On Windows (PowerShell):
-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 32 | % {[char]$_})Online Tool:
Start the development server:
yarn devThe application will be available at:
The development server includes:
- Hot module replacement (HMR)
- Error overlay
- Automatic code reloading
Build the application for production:
yarn buildStart the production server:
yarn startThe production server will run on port 3000 (default).
# Development without reload (faster for some systems)
yarn dev:no-reload
# Development with webpack (fallback option)
yarn dev:webpackThe system automatically creates a default owner account on first run:
Email: owner@saree.com
Password: owner123
To change the password, you can:
- Delete the existing user from MongoDB
- Restart the application (a new default user will be created)
- Or implement a password change feature
The system supports 5 user roles with different access levels:
| Role | Access Level | Accessible Pages |
|---|---|---|
| Owner | Full Access | All pages + Dashboard |
| Mill Person | Department | Mill, Accessories |
| Cutting Master | Department | Cutting |
| Stitching Master | Department | Stitching |
| Accountant | Department | Accounts |
Users are automatically redirected to their assigned module after login.
- ✅ Complete authentication system with JWT
- ✅ Role-based access control
- ✅ All core modules (8 pages)
- ✅ Database indexing for performance
- ✅ Input validation and sanitization
- ✅ Error handling
- ✅ Responsive mobile-first design
- ✅ CORS configuration
- ✅ Connection pooling (MongoDB)
- ✅ Password hashing (bcrypt)
Before deploying to production, address the following:
-
JWT Secret (CRITICAL)
- ✅ Currently uses environment variable
⚠️ Default secret in code should be removed- ✅ Use strong random secret in production
-
CORS Configuration
⚠️ Currently allows all origins (*)- ✅ Should be restricted to specific domains in production
-
Password Policy
⚠️ No password strength requirements⚠️ No password change functionality⚠️ Default credentials should be changed
-
Rate Limiting
- ❌ Not implemented
⚠️ Should be added to prevent abuse
-
Input Validation
- ✅ Basic validation implemented
⚠️ Consider adding Zod schemas for all endpoints
-
SQL Injection / NoSQL Injection
- ✅ MongoDB driver handles most cases
⚠️ Additional sanitization recommended
-
File Upload
- ❌ Not implemented (marked as optional in spec)
⚠️ If needed, implement with file size limits and type validation
-
Caching
⚠️ No caching layer implemented⚠️ Consider Redis for session/query caching
-
Database Optimization
- ✅ Indexes are created
⚠️ Consider query optimization for large datasets⚠️ Implement pagination for large lists
-
API Response Times
⚠️ No monitoring/logging implemented⚠️ Consider adding APM (Application Performance Monitoring)
-
Error Tracking
- ❌ No error tracking service (Sentry, etc.)
⚠️ Recommended for production
-
Logging
⚠️ Basic console logging⚠️ Should implement structured logging (Winston, Pino)
-
Database Monitoring
⚠️ No database monitoring⚠️ Consider MongoDB Atlas monitoring or similar
-
Database Backups
- ❌ Not automated
⚠️ Implement automated daily backups⚠️ Test restore procedures
-
Disaster Recovery Plan
- ❌ Not documented
⚠️ Should be created
-
Security Checklist
- Change default JWT secret
- Restrict CORS to specific domains
- Change default admin password
- Implement rate limiting
- Add password strength requirements
- Enable HTTPS (SSL/TLS)
- Implement file upload security (if needed)
-
Monitoring & Logging
- Set up error tracking (Sentry)
- Implement structured logging
- Set up database monitoring
- Configure uptime alerts
-
Performance
- Load testing (100+ concurrent users)
- Database query optimization
- Implement caching layer
- Add pagination to list endpoints
-
Backup & Recovery
- Automated daily database backups
- Test backup restore procedures
- Document disaster recovery plan
-
Testing
- Unit tests for critical functions
- Integration tests for API endpoints
- E2E tests for critical user flows
- Security testing (penetration testing)
-
Install Vercel CLI
npm i -g vercel
-
Deploy
vercel
-
Set Environment Variables
- Go to Vercel Dashboard → Project → Settings → Environment Variables
- Add all variables from
.env
-
Configure MongoDB
- Use MongoDB Atlas for cloud database
- Update
MONGO_URLwith Atlas connection string
Create a Dockerfile:
FROM node:18-alpine AS builder
WORKDIR /app
COPY package.json yarn.lock ./
RUN yarn install --frozen-lockfile
COPY . .
RUN yarn build
FROM node:18-alpine AS runner
WORKDIR /app
ENV NODE_ENV production
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
EXPOSE 3000
ENV PORT 3000
CMD ["node", "server.js"]Build and run:
docker build -t saree-erp .
docker run -p 3000:3000 --env-file .env saree-erp-
Build the application
yarn build
-
Start with PM2 (Process Manager)
npm install -g pm2 pm2 start yarn --name "saree-erp" -- start pm2 save pm2 startup -
Configure Nginx (Reverse Proxy)
server { listen 80; server_name yourdomain.com; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
-
Environment Variables
- Never commit
.envto version control - Use secure environment variable management in deployment platform
- Rotate secrets regularly
- Never commit
-
Database Security
- Use MongoDB authentication (username/password)
- Enable network IP whitelisting
- Use SSL/TLS connections
- Regular security updates
-
Application Security
- Enable HTTPS (SSL certificates)
- Implement rate limiting
- Add request size limits
- Regular dependency updates
-
Access Control
- Change default credentials
- Implement password policies
- Regular user access audits
- Implement session timeout
erp/
├── app/ # Next.js App Router
│ ├── api/ # API routes
│ │ └── [[...path]]/ # Catch-all API route handler
│ ├── auth/ # Authentication page
│ ├── users/ # User management (Owner only)
│ ├── mill/ # Mill module
│ ├── cutting/ # Cutting module
│ ├── stitching/ # Stitching module
│ ├── accounts/ # Accounts module
│ ├── accessories/ # Accessories module
│ ├── page.js # Dashboard (Owner)
│ ├── layout.js # Root layout
│ └── globals.css # Global styles
├── components/ # React components
│ ├── ui/ # shadcn/ui components
│ ├── AuthContext.js # Authentication context
│ ├── BottomNav.js # Bottom navigation
│ └── PageHeader.js # Page header component
├── lib/ # Utility libraries
│ ├── store.js # API client/store
│ ├── constants.js # Application constants
│ └── utils.js # Utility functions
├── hooks/ # Custom React hooks
├── public/ # Static assets
├── package.json # Dependencies
├── next.config.js # Next.js configuration
├── tailwind.config.js # Tailwind CSS configuration
└── README.md # This file
POST /api/auth/login- User loginGET /api/auth/verify- Verify JWT token
GET /api/users- Get all usersPOST /api/users- Create new userPUT /api/users/:id- Update user roleDELETE /api/users/:id- Delete user
Each module has standard CRUD endpoints:
GET /api/[module]- Get all recordsPOST /api/[module]- Create new record
Available modules:
/api/grey-incoming/api/mill-incoming/api/cutting-reports/api/stitching-reports/api/sales-entries/api/expense-entries/api/accessory-incoming/api/accessory-issue
GET /api/dashboard/stats- Get dashboard statistics (Owner only)GET /api/accessory-stock- Get accessory stock levels
All endpoints (except /api/auth/login) require a JWT token in the Authorization header:
Authorization: Bearer <token>
Error: MongoDB connection error
Solutions:
- Verify MongoDB is running:
mongod --version - Check
MONGO_URLin.env - For MongoDB Atlas: Ensure IP is whitelisted
- Check firewall/network settings
Error: Port 3000 is already in use
Solutions:
# Find process using port 3000
# Windows:
netstat -ano | findstr :3000
# Linux/Mac:
lsof -i :3000
# Kill the process or use different port
# Edit package.json scripts to use different portError: Build fails with memory issues
Solutions:
# Increase Node.js memory limit
NODE_OPTIONS='--max-old-space-size=4096' yarn buildError: Invalid or expired token
Solutions:
- Clear browser localStorage
- Login again
- Check JWT_SECRET matches between restarts
[Specify your license here]
For issues, questions, or contributions, please open an issue or contact the development team.
# 1. Install dependencies
yarn install
# 2. Create .env file
cat > .env << EOF
MONGO_URL=mongodb://localhost:27017
DB_NAME=saree_erp
JWT_SECRET=your-secret-key-here
CORS_ORIGINS=*
EOF
# 3. Start MongoDB (if local)
# MongoDB should be running
# 4. Start development server
yarn dev
# 5. Open browser
# Navigate to http://localhost:3000
# Login with: owner@saree.com / owner123Built with ❤️ for Saree Manufacturing Businesses