Home Identity Engineering Contact
Back to All Projects
FLAGSHIP 03 / 10

Payroll Suite

Production-grade REST API built entirely in raw C++17 — no Node, no Python, no runtime. BCrypt authentication, 3-tier RBAC, and PDF payslip generation.

C++17httplibSQLite BCryptwkhtmltopdfJSON
View Source
C++17
Pure Systems Lang
0
Runtime Dependencies
3-Tier
RBAC System
PDF
Payslip Generation
// Problem Statement

The Challenge

Most payroll systems depend on heavy runtimes (Node.js, Python, JVM) making deployment complex and the attack surface broad. The challenge was to build a complete payroll management system using only compiled, systems-level code:

  • Zero-dependency deployment — single compiled binary, no runtime installation required
  • Verifiable security — BCrypt hashing with no third-party auth middleware to trust
  • Role-based access — Admin, Manager, and Employee with strict permission boundaries
  • Professional output — PDF payslips that match enterprise HR standards
// System Architecture

REST API Design

┌────────────────┐ ┌─────────────────────┐ ┌──────────────┐ │ Static HTML │────▶│ C++17 HTTP Server │────▶│ SQLite DB │ │ JS Dashboard │ │ (cpp-httplib) │ │ (employees, │ └────────────────┘ │ │ │ payroll, │ │ ┌───────────────┐ │ │ sessions) │ │ │ BCrypt Auth │ │ └──────────────┘ │ │ Layer │ │ │ └───────────────┘ │ ┌──────────────┐ │ ┌───────────────┐ │────▶│ wkhtmltopdf │ │ │ RBAC Policy │ │ │ PDF Engine │ │ │ (3-tier) │ │ └──────────────┘ │ └───────────────┘ │ └─────────────────────┘ ▲ │ REST API │ (GET/POST/PUT/DELETE) ┌┴─────────────────┐ │ CSV Bulk │ │ Import Engine │ └──────────────────┘
// Engineering Deep-Dive

Why C++17?

Raw HTTP Server

Using cpp-httplib — a header-only HTTP library — the entire server compiles into a single binary with zero shared library dependencies.

  • RESTful routing: GET/POST/PUT/DELETE endpoints
  • JSON request/response with nlohmann/json
  • Static file serving for dashboard frontend
  • CORS headers for cross-origin browser access

BCrypt + Bearer Auth

Military-grade password hashing with BCrypt. Token-based session management using bearer tokens stored server-side.

  • BCrypt cost factor 12 for password hashing
  • 64-char hex token generation for sessions
  • Auto-expiry with configurable TTL
  • Session audit log with IP + timestamp

3-Tier RBAC

Strict role hierarchy: Admin can manage all; Manager can view team payroll; Employee can only view own payslip.

  • Middleware-level role checking on every endpoint
  • Role escalation prevention (no self-promotion)
  • Admin: full CRUD on employees + payroll + roles
  • Employee: read-only access to own profile + payslips

PDF Payslip Engine

Generates professional PDF payslips using HTML templates rendered through wkhtmltopdf.

  • HTML template with dynamic data injection
  • Salary breakdown: basic, HRA, DA, deductions
  • CSV bulk import for batch employee onboarding
  • Payslip archive with download history
// Visual Evidence

Screenshots

Payroll Suite Admin Dashboard
Admin Dashboard — Employee Management
*Note: These images are generated by AI, the images will be replaced new very soon
Generated PDF Payslip
PDF Payslip — Salary Breakdown Output
*Note: These images are generated by AI, the images will be replaced new very soon
RBAC Permission Matrix
3-Tier RBAC — Permission Matrix
*Note: These images are generated by AI, the images will be replaced new very soon
REST API Testing Interface
C++17 REST API — Endpoint Testing
*Note: These images are generated by AI, the images will be replaced new very soon
Previous
TITAN-V2 Rover Next
Hand Sign Audio