MEXAR Back Office

Overview

The back office dashboard for MEXAR international remittance system. Built with Next.js, MUI, and TailwindCSS. Integrates via API with the core backend and KYC services for data visualization.

Tech Stack

• Frontend — Next.js, MUI, TailwindCSS
• Backend — PHP/Laravel (API)
• Database — PostgreSQL, Redis

Access Control

• Granular ACL — 235 permissions with customizable roles; all routes deny-by-default, UI components conditionally render based on the user’s permission set
• Forced MFA — Multi-factor authentication required for all users
• Short Sessions — Aggressive session expiry with GEO location detection for anomaly monitoring

Security

• Cookie Hardening — HttpOnly, Secure, SameSite cookie attributes
• CSRF Protection — Token-based cross-site request forgery prevention
• IDOR Prevention — Object-level authorization checks on all protected resources
• Security Headers — CSP, HSTS, X-Content-Type-Options, Referrer-Policy

Engineering Challenges

• Scale — Thousands of components with complex multi-step forms across the entire remittance operation workflow
• Cross-component State Management — Coordinating state across deeply nested and interdependent components while maintaining performance and consistency

Design Principles

• Scalability — Designed to handle growing transaction volumes and operational complexity
• Extensibility — Modular UI components enabling rapid iteration as regulatory requirements evolve