ORIGIN

Agricultural Supply Chain Fraud Detection System

Complete Engineering Implementation Blueprint

Prepared for: Backend, Frontend & ML Engineering Teams Version: 1.0 | February 2026

SECTION 1: FEATURE BREAKDOWN

1.1 Authentication & Authorization Features

Feature: Email/Password Login

• Description: Standard credential-based authentication with JWT issuance
• User Roles: All roles — Shipper, Carrier, Auditor, Financier, Admin
• Trigger: User submits login form
• Inputs: email (string), password (string), remember_device (boolean)
• Outputs: JWT access token, refresh token, user profile object, role-based redirect URL

Backend Processes:

• Validate email format and password strength

• Lookup user by email in PostgreSQL

• bcrypt password comparison

• Check account status (active, suspended, pending KYC)

• Generate JWT with role claims (exp: 1h access, 30d refresh)

• Log login event to audit trail

• If remember_device=true, set device fingerprint cookie (30d)

• Database Interactions: SELECT from users, INSERT into session_logs

• API Endpoint: POST /api/v1/auth/login

• ML Interaction: Login behavior anomaly scoring — new IP, device fingerprint mismatch triggers elevated risk score

• Edge Cases: Account locked after 5 failed attempts, unverified email, suspended org