Implement core application structure and authentication logic

.github/workflows/restrict-pr.yml

@@ -0,0 +1,36 @@
+name: Enforce PR Flow
+
+on:
+  pull_request:
+    # Remove "branches: - main" to run script to any Pull Request
+
+jobs:
+  check-pr-flow:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR Source and Target
+        env:
+          TARGET_BRANCH: ${{ github.base_ref }} # papunta ang PR
+          SOURCE_BRANCH: ${{ github.head_ref }} # Kungaling ang PR
+        run: |
+          echo "validate ang PR mula '$SOURCE_BRANCH' papuntang '$TARGET_BRANCH'..."
+
+          # RULE 1: Protection for 'main' branch
+          if [[ "$TARGET_BRANCH" == "main" ]]; then
+            if [[ "$SOURCE_BRANCH" != "development" && "$SOURCE_BRANCH" != *"-alpha"* && "$SOURCE_BRANCH" != *"-beta"* && "$SOURCE_BRANCH" != *"-rc"* ]]; then
+              echo "ERROR: Bawal dumiretso sa main mula sa $SOURCE_BRANCH!"
+              echo "Allowed lang ay 'development', '-alpha', '-beta', o '-rc'."
+              exit 1
+            fi
+          fi
+
+          # RULE 2: Protection for 'alpha', 'beta', at 'rc' branches
+          if [[ "$TARGET_BRANCH" == *"-alpha"* || "$TARGET_BRANCH" == *"-beta"* || "$TARGET_BRANCH" == *"-rc"* ]]; then
+            if [[ "$SOURCE_BRANCH" != "development" && "$SOURCE_BRANCH" != *"-alpha"* && "$SOURCE_BRANCH" != *"-beta"* && "$SOURCE_BRANCH" != *"-rc"* ]]; then
+              echo "ERROR: Bawal ipasok ang feature/ branch ($SOURCE_BRANCH) diretso sa $TARGET_BRANCH!"
+              echo "Ang mga testing branches ay tumatanggap lang ng code galing sa 'development' o sa testing branches."
+              exit 1
+            fi
+          fi
+
+          echo "Pumasa sa validation! Tama ang flow ng PR mo."

ROADMAP.md

@@ -1,65 +1,213 @@
+Based on the Unicard Project Roadmap, here are some additional necessary options you could add to enhance functionality, security, usability, and scalability for a digital wallet/card system. These suggestions focus on common features in fintech projects:
+
+- **Multi-Currency Support**: Allow users to hold and transact in multiple currencies (e.g., USD, EUR, crypto).
+- **Integration with Payment Gateways**: Enable real-time deposits/withdrawals via banks, PayPal, or Stripe.
+- **Fraud Detection and Prevention**: Implement AI-based monitoring for suspicious activities, like anomaly detection in transactions.
+- **KYC/AML Compliance**: Add Know Your Customer and Anti-Money Laundering checks during registration and high-value transactions.
+- **Mobile App Development**: Create native iOS/Android apps for on-the-go access.
+- **API for Third-Party Integrations**: Provide developer APIs for merchants or partners to integrate Unicard payments.
+- **Backup and Recovery Options**: Allow users to backup wallet data and recover accounts via seed phrases or secure keys.
+- **Customer Support System**: Include in-app chat, ticketing, or FAQ for user assistance.
+- **Audit Logging**: Maintain detailed logs for all transactions and admin actions for compliance and debugging.
+
+These could be added to Phase 4: Backlog & Enhancements, or a new Phase 5 if needed. Below is the rewritten markdown with these additions integrated into Phase 4 (assuming $SELECTION_PLACEHOLDER$ refers to the end of Phase 4's list).
+
 # Unicard Project Roadmap
 
-This document serves as a high-level overview of the features, improvements, and future plans for the Unicard system.
+A high-level plan for the Unicard system, organized by phases from MVP to advanced features.
+
+## Phase 1: Foundation & MVP
 
-## Phase 1: Foundation & MVP (Minimum Viable Product)
+**Planned Start**: December 2025   
+**Target Completion**: 3rd Quarter 2026   
+**Actual Completion**:
 
-**Goal**: Get the basic system running with essential user management and balance viewing.
+**Goal**: Build the core user flow with authentication, wallet creation, balance visibility, transaction history, dashboard, card management, and complete user profile system.
 
-- ### [x] Project Initialization
-    - [x] Set up Repository & Version Control
-    - [x] Configure Database (MySQL/Firebase/MongoDB)
-    - [x] Setup basic folder structure
-- ### [x] Authentication System
-    - [x] User Registration (Sign Up)
-    - [x] User Login (Sign In)
-    - [x] Forgot Password flow
-- ### [ ] Core Wallet Features
-    - [ ] Create User Wallet upon registration
-    - [ ] View Current Balance
-    - [ ] View Digital Card ID/Number
+- ### [x] Project Setup (Completed: December 2025)
+    - [x] Initialize repository and version control
+    - [x] Configure database support (MySQL / Firebase / MongoDB)
+    - [x] Establish project structure
+- ### [ ] Authentication (Completed: )
+    - [x] User login (sign in with Phone number and Password)
+    - [ ] User registration (sign up with email verification)
+    - [ ] Password recovery flow with OTP via email
+    - [ ] Session management and auto-logout
+    - [ ] Email verification on registration
+- ### [ ] Dashboard (Completed: )
+    - [ ] Overview of wallet balance and recent activity
+    - [ ] Quick access to all key features (transactions, top-up, card info)
+    - [ ] Display user profile information (name, avatar)
+    - [ ] Recent transactions widget
+    - [ ] Card status widget
+- ### [ ] Card/Wallet Management (Completed: )
+    - [ ] Create wallet and digital card when user registers
+    - [ ] Display current balance and wallet info
+    - [ ] Show digital card details (card number, expiry, CVV, cardholder name)
+    - [ ] Card info/details page with complete card information
+    - [ ] Display card status (active/inactive)
+- ### [ ] Card Report & Management (Completed: )
+    - [ ] Report card as stolen
+    - [ ] Report card as damaged
+    - [ ] Request card replacement
+    - [ ] View card report history
+    - [ ] Card replacement status tracking
+- ### [ ] Top-up Page (Completed: )
+    - [ ] Add funds to wallet (initial top-up)
+    - [ ] Multiple payment method options
+    - [ ] Transaction confirmation and receipt
+    - [ ] Top-up history
+- ### [ ] Transaction History & Page (Completed: )
+    - [ ] List all transactions with detailed information
+    - [ ] Filter by date range and transaction type
+    - [ ] View transaction details and receipts
+    - [ ] Search transactions by amount or reference
+    - [ ] Export transaction history
+- ### [ ] User Profile Page (Completed: )
+    - [ ] View complete profile information
+    - [ ] Edit personal information (name, phone, address)
+    - [ ] Upload and manage avatar/profile picture
+    - [ ] View account verification status
+    - [ ] Account linking options
+- ### [ ] User Settings Page (Completed: )
+    - [ ] Change email address
+    - [ ] Change password with old password verification
+    - [ ] Enable/disable two-factor authentication (2FA)
+    - [ ] Manage notification preferences
+    - [ ] Privacy and security settings
+    - [ ] Change language/display preferences
+- ### [ ] Basic Admin Dashboard & Management (Completed: )
+    - [ ] View all registered users list
+    - [ ] Basic user search and filtering
+    - [ ] Display basic system analytics (total users, active users, daily transactions)
+    - [ ] Freeze or suspend user accounts
+    - [ ] View user profile and transaction history
+    - [ ] Basic account verification interface
+    - [ ] System configuration management (basic)
+- ### [ ] Additional MVP Features
+    - [ ] Email notifications for transactions and account activities
+    - [ ] In-app notifications and alerts
+    - [ ] Help/FAQ section
+    - [ ] Account deactivation option
+    - [ ] Data backup and account recovery options
 
 ## Phase 2: Transactions & Payments
-**Goal**: Allow money to move between accounts or be spent.
-
-- ### [ ] Transaction Logic
-    - [ ] Deposit funds (Admin side or Simulation)
-    - [ ] Transfer funds between users
-    - [ ] Payment simulation (Deduct balance)
-- ### [ ] Transaction History
-    - [ ] List of recent transactions
-    - [ ] Filter by date or type (Credit/Debit)
-- ### [ ] QR Code Integration
-    - [ ] Generate unique QR code for User ID
-    - [ ] Scanner feature to read QR codes
-
-## Phase 3: Admin & Security
-
-**Goal**: Manage the ecosystem and ensure data safety.
-
-- ### [ ] Admin Dashboard
-    - [ ] View all registered users
-    - [ ] Manually freeze/suspend accounts
-    - [ ] System-wide analytics (Total volume, user count)
-- ### [ ] Security Enhancements
-    - [ ] Input validation & Sanitization
-    - [ ] Role-Based Access Control (User vs Admin)
-    - [ ] Session management (Auto-logout)
-
-## Phase 4: Future Enhancements (Backlog)
-
-**Goal**: Polish the UI and add advanced features.
-
-- [ ] **Notification System** (Email or In-App alerts for payments)
-- [ ] **Dark Mode** support
-- [ ] **Profile Settings** (Change avatar, update email)
-- [ ] **NFC Support** (Tap-to-pay via mobile)
-- [ ] **Export Data** (Download transaction history as PDF/CSV)
+
+**Planned Start**: December 2026   
+**Target Completion**: 2nd Quarter of 2027   
+**Actual Completion**:
+
+**Goal**: Enable comprehensive funds movement with peer-to-peer transfers, merchant payments, QR code support, and advanced transaction features.
+
+- ### [ ] Transaction Processing
+    - [ ] Deposit funds (top-up wallet via multiple methods)
+    - [ ] Transfer funds between users (peer-to-peer with recipient lookup)
+    - [ ] Bill and utility payments (electricity, water, internet, etc.)
+    - [ ] Request money from other users (payment requests)
+    - [ ] Merchant/merchant payment integration
+    - [ ] Payment reversals and refunds
+- ### [ ] QR Code & Payment Links
+    - [ ] Generate unique QR code for user ID
+    - [ ] Scan QR codes for quick payments
+    - [ ] Create shareable payment links
+    - [ ] Mobile wallet integration for QR scanning
+- ### [ ] Receipts & Documentation
+    - [ ] Generate transaction receipts (PDF/digital)
+    - [ ] Send receipts via email
+    - [ ] Invoice generation for merchants
+    - [ ] Receipt storage and retrieval
+- ### [ ] Spending Analytics
+    - [ ] Spending breakdown by category
+    - [ ] Monthly/yearly spending reports
+    - [ ] Budget setting and tracking
+    - [ ] Spending alerts and notifications
+- ### [ ] Payment Confirmations
+    - [ ] Real-time payment notifications (SMS/email)
+    - [ ] Payment confirmation screens
+    - [ ] OTP verification for sensitive transactions
+    - [ ] Transaction status updates
+
+## Phase 3: Advanced Admin, Compliance & Security
+
+**Planned Start**: August 2027   
+**Target Completion**: 2nd Quarter 2028   
+**Actual Completion**:
+
+**Goal**: Add advanced administrative controls, compliance workflows, transaction monitoring, and comprehensive security hardening.
+
+- ### [ ] Advanced Admin Dashboard
+    - [ ] Real-time dashboard statistics and KPIs
+    - [ ] System health monitoring and alerts
+    - [ ] Advanced reporting and custom report generation
+    - [ ] User data export and bulk operations
+- ### [ ] Advanced User Account Management
+    - [ ] Verify user KYC documents and identity
+    - [ ] Approve/reject account verification submissions
+    - [ ] Flag suspicious user accounts
+    - [ ] User risk scoring
+    - [ ] User detailed profile and full activity logs
+    - [ ] Backup user data and account recovery
+- ### [ ] Advanced Transaction Monitoring & Approval
+    - [ ] Monitor high-value transactions in real-time
+    - [ ] Manual approval workflow for flagged transactions
+    - [ ] Set transaction limits and velocity checks per user
+    - [ ] Detect unusual spending patterns (anomaly detection)
+    - [ ] Transaction dispute management and resolution
+    - [ ] Refund/reversal processing with audit trail
+- ### [ ] Security & Compliance Hardening
+    - [ ] Input validation and sanitization
+    - [ ] Advanced role-based access control (RBAC)
+    - [ ] Manage sessions and auto-logout policies
+    - [ ] Two-factor authentication (2FA) enforcement
+    - [ ] IP whitelisting/blacklisting
+    - [ ] Account lockout after failed login attempts
+    - [ ] Advanced password policy enforcement
+    - [ ] End-to-end data encryption (at rest and in transit)
+- ### [ ] Audit Logging & Reporting
+    - [ ] Comprehensive audit logs for all admin actions
+    - [ ] Detailed transaction audit trail
+    - [ ] User activity logs with timestamps
+    - [ ] System event logging
+    - [ ] Compliance reports generation
+    - [ ] Export audit logs for external audits
+    - [ ] Log retention and archival policies
+- ### [ ] Compliance & Regulations
+    - [ ] KYC (Know Your Customer) verification workflow
+    - [ ] AML (Anti-Money Laundering) monitoring and alerts
+    - [ ] Sanctions list checking and OFAC compliance
+    - [ ] Compliance documentation and record keeping
+    - [ ] Regulatory report generation
+    - [ ] Terms of Service and Privacy Policy management
+    - [ ] Data residency and export compliance
+
+## Phase 4: Backlog & Enhancements
+
+**Planned Start**: TBA   
+**Target Completion**: TBA   
+**Actual Completion**: TBA   
+
+**Goal**: Improve usability and add advanced features.
+
+- [ ] Notification system (email or in-app alerts)
+- [ ] Dark mode support
+- [ ] Profile settings (avatar, email updates)
+- [ ] NFC support for tap-to-pay
+- [ ] Export transactions to PDF/CSV
+- [ ] Multi-currency support (e.g., USD, EUR, crypto)
+- [ ] Integration with payment gateways (banks, PayPal, Stripe)
+- [ ] Fraud detection and prevention (AI-based anomaly monitoring)
+- [ ] KYC/AML compliance checks
+- [ ] Mobile app development (iOS/Android)
+- [ ] API for third-party integrations
+- [ ] Backup and recovery options (seed phrases, secure keys)
+- [ ] Customer support system (in-app chat, ticketing)
+- [ ] Audit logging for transactions and admin actions
 
 ---
-## Legend:
-`[x]` : Completed
 
+## Legend
+
+`[x]` : Completed  
 `[ ]` : Pending / To Do
 
----
+--- 

cmd/app/main.go → backend/cmd/app/main.go

@@ -7,9 +7,9 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"unicard-go/internal/admin"
-	authentication "unicard-go/internal/auth"
-	"unicard-go/internal/user"
+	"unicard-go/backend/internal/admin"
+	authentication "unicard-go/backend/internal/auth"
+	"unicard-go/backend/internal/user"
 
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/joho/godotenv"
@@ -39,7 +39,7 @@ func main() {
 	dsn := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", dbUser, dbPass, dbHost, dbPort, dbName)
 
 	// Setup Templates
-	tpl, err = template.ParseGlob("./templates/*.html")
+	tpl, err = template.ParseGlob("./frontend/templates/*.html")
 	if err != nil {
 		log.Fatal("Templates loaded but variable is nil. Check your folder path.")
 	}
@@ -65,7 +65,7 @@ func main() {
 	mux := http.NewServeMux()
 
 	// Serve static files (CSS, JS, images)
-	fileServer := http.FileServer(http.Dir("./assets"))
+	fileServer := http.FileServer(http.Dir("./frontend/assets"))
 	mux.Handle("/assets/", http.StripPrefix("/assets/", fileServer))
 
 	// POST Request: JSON API endpoints

internal/admin/addCard.go → backend/internal/admin/addCard.go

@@ -8,7 +8,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
-	message "unicard-go/internal/pkg"
+	message "unicard-go/backend/internal/pkg"
 )
 
 // This struct represents a card and its attributes.

internal/admin/deactivateCard.go → backend/internal/admin/deactivateCard.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"strings"
-	message "unicard-go/internal/pkg"
+	message "unicard-go/backend/internal/pkg"
 )
 
 // This struct represents the details of a card that we want to deactivate.

internal/admin/handler.go → backend/internal/admin/handler.go

@@ -17,4 +17,4 @@ func NewHandler(db *sql.DB, tpl *template.Template) *Handler {
 		DB:  db,
 		Tpl: tpl,
 	}
-}
+}

internal/auth/dashboard.go → backend/internal/auth/dashboard.go

@@ -51,4 +51,4 @@ func (h *Handler) DashboardHandler(w http.ResponseWriter, r *http.Request) {
 		},
 	}
 	h.Tpl.ExecuteTemplate(w, "dashboard.html", dashboardUser)
-}
+}

internal/auth/forgotPassword.go → backend/internal/auth/forgotPassword.go

@@ -4,8 +4,8 @@ import (
 	"database/sql"
 	"fmt"
 	"net/http"
-	message "unicard-go/internal/pkg"
-	"unicard-go/internal/pkg/account"
+	message "unicard-go/backend/internal/pkg"
+	"unicard-go/backend/internal/pkg/account"
 )
 
 // This function renders the forgot password HTML template.