aman-ga
๐ก๏ธ Aman ga? - Payment Verification System
Tanya dulu, transfer kemudian.
Ask first, transfer later.
๐ Table of Contents
- What is Aman ga?
- โจ Features
- ๐ฏ Quick Start
- ๐ Demo Credentials
- ๐๏ธ Architecture
- ๐ Project Structure
- ๐ API Endpoints
- ๐ฐ Service Pricing
- ๐งช Testing
- ๐ Deployment
- ๐ก๏ธ Security
- ๐ Database Schema
- ๐ค Contributing
- ๐ License
- ๐ Support
๐ฏ What is Aman ga?
Aman ga? is a comprehensive payment verification platform designed for the Indonesian market to help users verify if online transactions are safe before transferring money.
The Problem We Solve
In Indonesia, online fraud is rampant. People need a way to:
- โ Verify if a seller/service is legitimate
- โ Check payment proofs before releasing services
- โ Get expert analysis on suspicious transactions
- โ Report and flag fraudulent activities
How It Works
graph LR
A[User Uploads Payment Proof] --> B{Amount < Rp 1.000?}
B -->|Yes| C[Auto-Approve]
B -->|No| D[Admin Review]
C --> E[Service Credit Activated]
D --> E
D --> F[Fraud Detected?]
F -->|Yes| G[Flag & Suspend]
F -->|No| E
- User registers and purchases a service package
- Uploads payment proof (screenshot of transfer)
- System verifies:
- Amount < Rp 1.000 โ Auto-approved โก
- Amount โฅ Rp 1.000 โ Admin review ๐ฎ
- Service credit activated โ User can perform fraud checks
- Fraud detection runs in background, flags suspicious patterns
โจ Features
๐ Authentication & Authorization
- โ JWT-based authentication
- โ Role-based access control (USER, ADMIN, FINANCE)
- โ Secure password hashing (bcrypt)
- โ Token expiration & refresh
๐ณ Payment Processing
- โ Auto-Approval for payments < Rp 1.000
- โ Manual admin review for larger amounts
- โ Image upload for payment proofs
- โ Multiple payment methods (Bank Transfer, E-Wallets)
- โ Payment history tracking
๐ก๏ธ Fraud Detection
- โ Risk scoring algorithm
- โ Duplicate transaction detection
- โ Pattern analysis
- โ Automatic user suspension for confirmed fraud
- โ Fraud flag review system
๐ฎ Admin Dashboard
- โ Pending payment review queue
- โ Approve/Reject payments with notes
- โ Flag users for fraud
- โ Real-time statistics
- โ Complete audit log
๐ฑ User Interface
- โ Responsive design (mobile-first)
- โ Beautiful gradient UI (Tailwind CSS)
- โ Real-time notifications
- โ Service credit tracking
- โ Payment history view
๐ Notifications (Optional)
- โ WhatsApp integration (Fonnte)
- โ Email integration (SendGrid)
- โ Mock mode for development
๐ฏ Quick Start
Option 1: Mock Mode (Recommended for Testing) โญ
No external services needed! Test everything locally in 5 minutes.
# 1. Clone repository
git clone https://github.com/Therealratoshen/aman-ga.git
cd aman-ga
# 2. Start Backend (Terminal 1)
cd backend
python3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txt
uvicorn main:app --reload --port 8000
# Look for this message:
# ๐ฏ MOCK MODE: Using in-memory database for testing
# Demo accounts:
# - Admin: admin@amanga.id / admin123
# - Finance: finance@amanga.id / admin123
# 3. Start Frontend (Terminal 2)
cd frontend
npm install
npm run dev
# 4. Open browser
# http://localhost:3000
โ Ready to test! Login with demo credentials below.
Option 2: Production Mode (With Supabase)
For persistent data and production deployment:
# 1. Create free Supabase project
# Go to: https://supabase.com
# Create project โ Copy URL and anon key
# 2. Run database schema
# SQL Editor โ New Query โ Paste database/schema.sql โ Run
# 3. Configure backend
cd backend
cp .env.example .env
nano .env # Edit with your Supabase credentials
# 4. Restart backend
uvicorn main:app --reload --port 8000
See QUICKSTART.md for detailed setup guide.
๐ Demo Credentials
| Role | Password | Access Level | |
|---|---|---|---|
| ๐ Admin | admin@amanga.id | admin123 | Full access, fraud flagging |
| ๐ฐ Finance | finance@amanga.id | admin123 | Approve/reject payments |
| ๐ค User | Register new | Your choice | Purchase & use services |
Try these steps:
- Login as Admin โ Explore admin dashboard
- Register new user โ Purchase service โ Upload payment
- Logout โ Login as Finance โ Approve payment
- Check user dashboard โ See activated credit
๐๏ธ Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CLIENT LAYER โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ Desktop โ โ Mobile โ โ Tablet โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ HTTP/JSON
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ PRESENTATION LAYER โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Next.js 14 Frontend (React) โ โ
โ โ โข Tailwind CSS โ โ
โ โ โข Axios HTTP Client โ โ
โ โ โข JWT Authentication โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ REST API
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ APPLICATION LAYER โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ FastAPI Backend (Python) โ โ
โ โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ โ
โ โ โ Auth โ โ Payment โ โ Fraud โ โ โ
โ โ โ Service โ โ Service โ โ Service โ โ โ
โ โ โโโโโโโโโโโโ โโโโโโโโโโโโ โโโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ SQL
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DATA LAYER โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ Supabase โ โ Mock โ โ Storage โ โ
โ โ PostgreSQL โ โ Database โ โ (Images) โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Project Structure
aman-ga/
โโโ ๐ backend/ # FastAPI Backend
โ โโโ main.py # ๐ API endpoints (414 lines)
โ โโโ auth.py # ๐ JWT authentication
โ โโโ database.py # ๐พ Database client (Supabase/Mock)
โ โโโ mock_database.py # ๐ญ In-memory mock database โญ NEW
โ โโโ models.py # ๐ Pydantic schemas
โ โโโ requirements.txt # ๐ฆ Python dependencies
โ โโโ .env.example # โ๏ธ Environment template
โ โโโ ๐ services/
โ โโโ payment.py # ๐ณ Payment processing
โ โโโ fraud.py # ๐ก๏ธ Fraud detection
โ โโโ notification.py # ๐ WhatsApp/Email
โ
โโโ ๐ frontend/ # Next.js Frontend
โ โโโ ๐ pages/
โ โ โโโ index.js # ๐ Login/Register
โ โ โโโ dashboard.js # ๐ User dashboard
โ โ โโโ admin.js # ๐ฎ Admin panel
โ โ โโโ payment.js # ๐ณ Payment history
โ โโโ ๐ components/
โ โ โโโ PaymentUpload.js # ๐ธ Upload modal
โ โ โโโ ServiceCard.js # ๐ Service pricing
โ โ โโโ AdminDashboard.js # ๐ Admin view
โ โโโ ๐ styles/
โ โ โโโ globals.css # ๐จ Tailwind CSS
โ โโโ package.json # ๐ฆ NPM dependencies
โ โโโ next.config.js # โ๏ธ Next.js config
โ
โโโ ๐ database/
โ โโโ schema.sql # ๐๏ธ Database schema
โ โโโ seed.sql # ๐ฑ Test data
โ
โโโ ๐ docs/
โโโ README.md # ๐ This file
โโโ QUICKSTART.md # ๐ Setup guide (5 min)
โโโ API-KEY-SETUP.md # ๐ API key acquisition
โโโ TEST-REVIEW.md # โ
Code review report
โโโ DEPLOYMENT-OPTIONS.md # โ๏ธ Deployment comparison
๐ API Endpoints
Authentication
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
POST |
/register |
Register new user | โ |
POST |
/token |
Login (get JWT token) | โ |
GET |
/me |
Get current user | โ |
Example: Login
curl -X POST "http://localhost:8000/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin@amanga.id&password=admin123"
Payment
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
POST |
/payment/upload |
Upload payment proof | โ |
GET |
/payment/my |
Get payment history | โ |
GET |
/payment/credits |
Get service credits | โ |
Example: Upload Payment
curl -X POST "http://localhost:8000/payment/upload" \
-H "Authorization: Bearer YOUR_TOKEN" \
-F "service_type=CEK_DASAR" \
-F "amount=1000" \
-F "payment_method=BANK_TRANSFER" \
-F "bank_name=BCA" \
-F "transaction_id=TRX123" \
-F "transaction_date=2024-01-01T10:00:00" \
-F "proof_image=@screenshot.png"
Admin (Requires ADMIN or FINANCE role)
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
GET |
/admin/payments/pending |
Get pending payments | โ |
POST |
/admin/payment/{id}/approve |
Approve payment | โ |
POST |
/admin/payment/{id}/reject |
Reject payment | โ |
POST |
/admin/payment/{id}/flag |
Flag as fraud | โ |
GET |
/admin/stats |
Dashboard statistics | โ |
Example: Approve Payment
curl -X POST "http://localhost:8000/admin/payment/PAYMENT_ID/approve?notes=Verified" \
-H "Authorization: Bearer ADMIN_TOKEN"
Service
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
GET |
/service/use/{type} |
Use service credit | โ |
Health Check
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
GET |
/health |
Server status | โ |
๐ Full API Documentation: http://localhost:8000/docs (Swagger UI)
๐ฐ Service Pricing
| Service | Price | Auto-Approve | Processing Time | Description |
|---|---|---|---|---|
| ๐ฅ Cek Dasar | Rp 1.000 | โ Yes | Instant | Basic OJK/Kominfo check |
| ๐ฅ Cek Deep | Rp 15.000 | โ Manual | 5-30 min | AI chat analysis |
| ๐ฅ Cek Plus | Rp 45.000 | โ Manual | 5-30 min | Contract + legal letter |
Auto-Approval Rules
Payments are auto-approved when ALL conditions are met:
- โ Amount โค Rp 1.000
- โ Service type = CEK_DASAR
- โ No fraud history for user
- โ Passes 10% random audit check
๐งช Testing
Test Flow (Mock Mode)
# 1. Start backend (Terminal 1)
cd backend
source venv/bin/activate
uvicorn main:app --reload --port 8000
# 2. Start frontend (Terminal 2)
cd frontend
npm run dev
# 3. Open http://localhost:3000
Test Scenarios
Scenario 1: User Registration & Purchase
- Register new account
- Login with new credentials
- Purchase โCek Dasarโ (Rp 1.000)
- Upload payment proof (any image)
- See instant auto-approval โ
- Service credit activated in dashboard
Scenario 2: Admin Approval
- Login as admin (
admin@amanga.id/admin123) - Navigate to Admin Panel
- See pending payment (if amount > Rp 1.000)
- Click โApproveโ or โRejectโ
- Add verification notes
- User receives notification
Scenario 3: Fraud Detection
- Login as admin
- Flag suspicious payment
- Select flag type: FAKE_PROOF
- Select severity: HIGH
- User automatically suspended
- Service credits revoked
API Testing
# Health check
curl http://localhost:8000/health
# Register user
curl -X POST "http://localhost:8000/register" \
-H "Content-Type: application/json" \
-d '{
"email": "test@example.com",
"password": "test123",
"full_name": "Test User"
}'
# Login
curl -X POST "http://localhost:8000/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=test@example.com&password=test123"
๐ Deployment
Recommended Stack (Production)
| Component | Service | Cost | Setup Time |
|---|---|---|---|
| Frontend | Vercel | Free | 5 min |
| Backend | Railway | $5/month | 10 min |
| Database | Supabase | Free (500MB) | 5 min |
| Storage | Supabase Storage | Free (1GB) | 5 min |
| Total | ย | ~$5/month | 25 min |
Deployment Guides
- QUICKSTART.md - Basic setup
- DEPLOYMENT-OPTIONS.md - Cloud provider comparison
- API-KEY-SETUP.md - WhatsApp/Email setup
Alibaba Cloud Option
For Indonesian market with local data residency:
| Setup | Monthly Cost | Complexity |
|---|---|---|
| Minimal (Simple Server) | ~$6.50 | โญโญ Medium |
| Production (ECS + RDS) | ~$50 | โญโญโญ Hard |
See DEPLOYMENT-OPTIONS.md for full comparison.
๐ก๏ธ Security
Authentication
- โ JWT tokens with 30-minute expiration
- โ Password hashing with bcrypt (12 rounds)
- โ Role-based access control (RBAC)
- โ Protected routes with middleware
Data Protection
- โ SQL injection prevention (Supabase client)
- โ Input validation (Pydantic schemas)
- โ CORS configuration
- โ XSS protection headers
Fraud Prevention
- โ Risk scoring algorithm
- โ Duplicate transaction detection
- โ Pattern analysis
- โ Automatic suspension for confirmed fraud
- โ Audit logging for all admin actions
Production Recommendations
- โ ๏ธ Enable HTTPS/SSL
- โ ๏ธ Add rate limiting
- โ ๏ธ Implement CSRF protection
- โ ๏ธ Set up monitoring (Sentry)
- โ ๏ธ Regular security audits
๐ Database Schema
Entity Relationship Diagram
erDiagram
USERS ||--o{ PAYMENT_PROOFS : creates
USERS ||--o{ SERVICE_CREDITS : owns
USERS ||--o{ FRAUD_FLAGS : flagged_in
USERS ||--o{ ADMIN_AUDIT_LOG : actions
PAYMENT_PROOFS ||--o| SERVICE_CREDITS : generates
PAYMENT_PROOFS ||--o{ FRAUD_FLAGS : associated_with
USERS {
uuid id PK
string email UK
string password_hash
string full_name
string phone
string role "USER|ADMIN|FINANCE"
string status "ACTIVE|SUSPENDED|BANNED"
timestamp created_at
timestamp updated_at
}
PAYMENT_PROOFS {
uuid id PK
uuid user_id FK
string service_type
integer amount
string payment_method
string status
text proof_image_url
timestamp created_at
}
SERVICE_CREDITS {
uuid id PK
uuid user_id FK
string service_type
integer quantity
integer used_quantity
string status
timestamp expires_at
}
FRAUD_FLAGS {
uuid id PK
uuid user_id FK
uuid payment_proof_id FK
string flag_type
string severity
string status
string action_taken
timestamp reviewed_at
}
ADMIN_AUDIT_LOG {
uuid id PK
uuid admin_id FK
string action
string target_type
uuid target_id
jsonb details
timestamp created_at
}
Tables Overview
| Table | Purpose | Key Fields |
|---|---|---|
users |
User accounts | email, role, status |
payment_proofs |
Payment records | amount, status, proof_image_url |
service_credits |
Service usage tracking | quantity, used_quantity, expires_at |
fraud_flags |
Fraud detection | flag_type, severity, action_taken |
admin_audit_log |
Admin action tracking | action, target_type, details |
๐ค Contributing
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open Pull Request
Development Setup
# Backend
cd backend
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Frontend
cd frontend
npm install
npm run dev
Code Style
- Python: PEP 8, type hints where possible
- JavaScript: ESLint (Next.js recommended)
- Commits: Conventional Commits format
๐ License
MIT License - feel free to use for learning or commercial projects.
See LICENSE for details.
๐ Support
Documentation
- ๐ Quick Start - Setup in 5 minutes
- ๐ API Keys - Get WhatsApp/Email keys
- ๐งช Test Review - Complete code review
- โ๏ธ Deployment - Cloud provider comparison
- ๐ก API Docs - Swagger UI (when running)
Links
- GitHub: https://github.com/Therealratoshen/aman-ga
- Issues: https://github.com/Therealratoshen/aman-ga/issues
- Discussions: https://github.com/Therealratoshen/aman-ga/discussions
Contact
For questions or support, please open an issue on GitHub.
๐ Acknowledgments
Built with โค๏ธ for Indonesian market safety.
Tech Stack
- FastAPI - Modern Python web framework
- Next.js - React framework
- Supabase - Open source Firebase alternative
- Tailwind CSS - Utility-first CSS
- Python - Programming language
- React - UI library
Inspiration
This project was built to help Indonesians verify online transactions and avoid fraud.
๐ Project Status
| Milestone | Status | Date |
|---|---|---|
| POC Development | โ Complete | Mar 2026 |
| Mock Mode | โ Complete | Mar 2026 |
| Documentation | โ Complete | Mar 2026 |
| Frontend UI | โ Complete | Mar 2026 |
| Backend API | โ Complete | Mar 2026 |
| Production Deployment | ๐ Ready | - |
Last Updated: March 15, 2026
### ๐ก๏ธ Aman ga? - Tanya dulu, transfer kemudian.
[โญ Star this repo](https://github.com/Therealratoshen/aman-ga/stargazers) โข [๐ด Fork it](https://github.com/Therealratoshen/aman-ga/fork) โข [๐ Issues](https://github.com/Therealratoshen/aman-ga/issues)
**Made with โค๏ธ in Indonesia**