🛡️ Accounts

An account is the owner of an object, that can be another account, a profile or anything esle connected with the account.

Chat Project

Details

Description

In this document we will explain the variuse account types and what the limitations or benifits of each type is.

Status

warning

These details are only updated with each release, for more acurate updates and keeping track of progress, see the task in GitHub.

Owner	Lead	Doc Status	Product Status	Last Update	Version	Release	Phase
Mendy	Raphael	In Progress	In Progress	28.02.2025	0.01	Internal	Alpha

User Stories

Persona One

As [Persona One] I want to easily save things, see a history of what i did and save other things to an account I know is secure.

Persona Two

As [Persona Two] I want to seperate my activities from those I make on my business's behafe.

Persona Three

As [Persona Three] I want to make sure my child can only access aproprate content and feature on thier account.

Reminders

• Be sure to follow the release guidelines
• Update Documentation

Links & Resources

Coming Soon

• Biz Docs
• Research
• Data Structure
• Task
• Alpha Branch
• [Chat]
• [Alpha]
• [Beta]
• [Production]

Design

Branding

User Flow

The account is a backend feature and therfore dosn't have a userflow however the user can interact with thier account when Onboarding and in Account Preference, see the user flow for the of those.

UX

To see how the user interaces with their account see Onboarding and Account Preference.

Development

note

Before you start developing you will need to setup your environment, if you have not done that yet visit Development Envietment.

Data

note

To understand how collections and documents work, see Data Sctructure

note

visite the docs of each API we use for details on the data saved thier

Account

the account documents hold all the data that is needed imidiatly, any supporting featurs are within subcollection, see the rest of this document.

note

to understand the accounts features see the account documentation

Structure

• User “Account”
• • account #1
• • • account type (user, org, agency, family)
• • • Legal name
• • • email
• • • password?
• • • status
• • • pincode
• • • primary_profile (id)

Model

Collection: accounts

Each authenticated Firebase user is stored in this collection.

Example document:

{
  "_id": "ObjectId(...)",
  "firebaseId": "Firebase UID",
  "name": "John Doe",
  "email": "john@example.com",
  "accountType": "user",
  "isAdmin": false,
  "createdAt": "2025-03-28T10:00:00Z",
  "updatedAt": "2025-03-28T10:00:00Z"
}

Notes:

• The field firebaseId is used to link the user with Firebase.
• accountType is either "user" or "org".
• isAdmin is false by default.

---

---

`

Varify

We will keep track of how and when we have varified that a user is a real person or business

• Verified
• • verify id
• • • Verify status: verified
• • • Verify type: password
• • • Verify provider: api id
• • • Verify date: log id
• • • id_proof`

Sessions

we will log each session a user has and what device they used

• Sessions
• • Section #1
• • • auth type OTP, Google, Apple, Normal,
• • • device (id)
• • • app (app, chrome, pwa)
• • • status (open, close)
• • • Log: log id

Devices

here we want to keep a record of devices used in the past and if they can be trusted in the next login

• devices
• • device 1
• • • type (mobile, desktop, tablet)
• • • auth_used (id)
• • • trusted
• • • last used (date)
• • • logedin (true.false)
• • • nf_setions (0)
• • • sesions (array, ids)
• • • device maker (google, apple)
• • • device model
• • • device token
• • • OS
• • • version

Locations

Keep a list of the user's locations

• locations
• • location 1
• • • type ()
• • • label ('home' work, etc.)
• • • address
• • • latitud
• • • longtitud

Auth

Here we keep track of what auth methods the user has enabled

• auth
• • method 1
• • • method type (email, number, keypass, third party)
• • • source (google, facebook, desice, hudi)
• • • device_token:""
• • • device_type:"0"
• • • email:"accounts@hudieverything.com"
• • • mobile_number:"06642437353"
• • • password:"$2y$10$5gl2RtvIAyXRDyS157meKO1PeuJU.O214dKBYw330vxBd9Bmoq23K"
• • • pincode:"4882"
• • • last used
• • • created
    • log id
    • • auth 1
    • • • date
    • • • method
    • • • device

Payments

we might not need this, check stripe api

we keep track of payment methods and any other financhal related details (in the future this will enable fintech features)

• payment
• • method 1
• • • bank_name
• • • bank_code
• • • bank_address
• • • account_no`
• • • id_proof:""
• • • ifsc_no:""
• • • api (id)

Affiliate

we might not need this, check affiliate api

Each account is auto enrolled in the affiliate programe of a default status, here we keep a reference to the affiliate data and some of the activities as a short cut not to enable the feature

• affiliate
• • owner
• • • profile (id)
• • • affiliate (id)
• • me
• • • affiliate (id)
• • • points (number)
• • • level (string)

Backend

Functions

• User Accounts

  An account with the type "user" must authenticate

• Org Accounts

  An account with the type "org" must have permission though a user account

• Child Account

  An account with the type "child" dose not need auth but will need to authenticate with a parents account, the parent have access to all settings and many features are limited. When the child turns 18 the account will auto chnage to a "user". Parents can also change the account type anualy from the age of 13 (or what is legal localy).

• Family Account

A "family" account is an account that allows access by other "users", with varius access (parents, child, care taker, etc)

• Access control

  Using Auth and Permissions manage who has access to an account

• Primary Profile

  craete a function that updates the "primary_profile" field each time it is chnaged

Dependicies

Endpoint

The Hudi Backend API allows you to manage users via Firestore. It includes the following features:

• Add users
• Update users
• Delete users
• List users

Endpoints

Create Account (Signup)

• Description: Allows a client to create a new user (used during signup).

• Method: POST

• URL: http://token.hudi.one/signup

• Description: Creates a new user or organization account using email or phone.

• Security: Firebase token required (Authorization: Bearer 'firebase_token')

• Body (JSON):

  /// todo only one is required, or email or phone number. dont need both
{
  "input": "user@example.com"
}

• Response (200 OK):

    {
        "message": "Account created",
        "userId": "abcd1234"
    }

Sign In

• Method: POST
• URL: http://token.hudi.one/signin
• Description: Sign in using email or phone and password.
• Security: Public (no token required)
• Body (JSON):

    {
        "input": "user@example.com",
        "password": "yourpassword"
    }

* Response (200 OK):

```json
    {
        "message": "Signed in",
        "token": "<jwt_token>"
    }

Get Current User

• Method: GET
• URL: http://token.hudi.one/me
• Description: Retrieves authenticated user's account information.
• Security: Firebase token required (Authorization: Bearer 'firebase_token')

Update Current User

• Method: PATCH
• URL: http://token.hudi.one/me
• Description: Updates authenticated user's account fields.
• Security: Firebase token required (Authorization: Bearer 'firebase_token')
• Body (JSON):

• Response (200 OK):

    {
        "name": "John Doe",
        "email": "john.doe@example.com"
    }

Delete Current User

• Method: DELETE
• URL: http://token.hudi.one/me
• Description: Deletes authenticated user's account.
• Security: Firebase token required (Authorization: Bearer 'firebase_token')

Check Duplicate

• Method: POST
• URL: http://token.hudi.one/check-duplicate
• Description: Checks if the provided email or phone already exists.
• Security: Firebase token required (Authorization: Bearer 'firebase_token')
• Body (JSON):

• Response (200 OK):

    {
      "email": "test@example.com"
    }

Handle Potential Duplicate (Admin Only)

• Method: POST
• URL: http://token.hudi.one/handle-duplicate
• Description: Handles possible duplicate accounts.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Report Duplicate (Admin Only)

• Method: POST
• URL: http://token.hudi.one/report-duplicate
• Description: Reports a duplicate account for admin review.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Get Reported Duplicates (Admin Only)

• Method: GET
• URL: http://token.hudi.one/get-reported-duplicates
• Description: Retrieves all reported duplicate accounts.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Merge Accounts (Admin Only)

• Method: POST
• URL: http://token.hudi.one/merge-accounts
• Description: Merges two existing user accounts into one.
• Security: Admin only (Authorization: Bearer 'firebase_token')
• Body (JSON):

    {
        "mainUserId": "abcd1234",
        "secondaryUserId": "efgh5678"
    }

Add Pending Field (Admin Only)

• Method: POST
• URL: http://token.hudi.one/add-pending-field
• Description: Adds a pending change to an account's field.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Confirm Pending Signup (Admin Only)

• Method: POST
• URL: http://token.hudi.one/confirm-pending-signup
• Description: Confirms a pending signup request.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Confirm Pending Field (Admin Only)

• Method: POST
• URL: http://token.hudi.one/confirm-pending-field
• Description: Confirms a pending field update on an account.
• Security: Admin only (Authorization: Bearer 'firebase_token')

Error Handling

The API returns the following status codes:

• 200 OK: Request succeeded
• 400 Bad Request: Invalid input
• 401 Unauthorized: Missing or invalid token
• 404 Not Found: Resource not found
• 500 Internal Server Error: Server error

MongoDB Data Structure

This document describes the MongoDB collections used in the backend, including the schema and behavior of users and profiles.

---

Collection: users

Each authenticated Firebase user is stored in this collection.

Example document:

{
  "_id": "ObjectId(...)",
  "accountId": "user_id_linked_to_users_collection",
  "headline": "Fullstack Developer",
  "description": "Loves building clean APIs",
  "location": "Jerusalem",
  "created": "2025-03-28T10:00:00Z",
  "last_updated": "2025-03-28T10:00:00Z",
  "status": "draft",
  "avatar": "https://example.com/avatar.jpg",
  "cover": "https://example.com/cover.jpg",
  "primary_display_name": "John D.",
  "primary_profile": false,
  "username": "johndoe123",
  "jewish": "",
  "badge_type": "",
  "badge_text": "",
  "visibility": "private",
  "following": 0,
  "followers": 0,
  "references": []
}

Notes:

• The field firebaseId is used to link the user with Firebase.
• accountType is either "user" or "org".
• isAdmin is false by default.

---

Indexing Recommendation

To improve performance:

• Create a unique index on firebaseId in users

---

Data Flow Summary

After Firebase signup, the /addUser route is called:

• Creates a document in the users collection
• All queries are matched using MongoDB _id and userId

Frontend

The account is a backend feature and therfore dosn't directly have a frontend however, the user can interact with thier account through the following features.

• Onboarding
• Account Preferences
• Finances more coming soon

Launch