If you have docker installed:
- You can build the image using the script: build-docker-image.sh
- Go to the project's root directory and type:
docker-compose up
It will spin up a nginx and the spring application. The port 80 and 443 are open.
If you don't have docker:
./mvnw spring-boot:run
The port you can use in this case is 8080.
curl -v --insecure -X POST -F 'username=super' -F 'password=super' https://localhost/poa/api/login
The response will provide the header authorization. It contains the token that can be used for other requests.
| user | password | name |
|---|---|---|
| super | super | Super duper employee |
| frodo | frodo | Frodo Basggins |
| aragorn | aragorn | Aragorn |
| boromir | boromir | Boromir |
The Accounts API will return all user's accounts. You need to provide an authorization token.
curl --insecure -H 'Accept: application/json' -H "Authorization: Bearer ${token}" https://localhost/poa/api/accounts
It will return account details and all cards that belong to the account. You need to provide an authorization token.
curl --insecure -H 'Accept: application/json' -H "Authorization: Bearer ${token}" https://localhost/poa/api/accounts/123123123
Create an endpoint that aggregate account data
- List all accounts that belong to the user logged in
- Display account overview
- Account belongs to one account holder
- Account can be managed by the holder and by the Agent (Power Of Attorney)
- Account holder can be a company or a person
- Agent can be a company, group of people or a person.
- A person, group of people or a company can be an agent
- If it gives VIEW permission, the agent can view account overview, it doesn't take into account the direction (given, received)
- If it doesn't give VIEW permission, the agent can't have access to accounts information.
- An operator can have access to more than one account (View)
- An operator can be a person, company or a group of people.
- A card can only have access to one account
- Account information rarely changes
- Account balance frequently change, but for the sake of the demo, it will be added to the Account class.
Based on the information above I have identified 3 services and one aggregator service.
- account
- card
- operator
- portfolio
All the services could be separate applications containing their own data.
- Contains the account data.
- It doesn't change often.
- It triggers other services when an account is created or power of attorney. For instance: When an account is created, one operator is also created, when a power of attorney is created, cards and operators are created.
- It contains the account cards.
- Information can be accessed frequently, so you may have a different requirement for scale.
- It controls who can have access to the account.
- Every time an account is created, one operator is also created.
- Every time a power of attorney is created, one or more operators are created.
- The relationship among operator and account is done via AccountOperator class.
- The relationship among operator and a group is done via OperatorGroup class.
- It is the "API Gateway".
- It is responsible to aggregate information from other services.
- It doesn't do, but could make async calls to all services.
Because it is a demo, I tried to keep things simple. Things I used:
- In Memory database. All data is created in the class config/MockData.java
- OpenAPI: it creates a well defined interface, generates code (interfaces) and it can also generate clients (java, javascript).
- Nginx: It is used as a reverse proxy, and provides secure channel with a self sign certificate.
- It was exporting data that was blocked / inactive.
- For the credit card 3333 the application is throwing an exception.
- Anyone can access the information
- I wasn't sure whether it is possible to grant access to a personal account for a whole company and who belongs to the company. In this case, I created another group using OperatorGroup class that defines who belongs to the company and can have access to that account, the same goes for the "Fellowship of the ring", each card belongs to one operator, and all the operators belong to the group "Fellowship of the ring".
- Account holder has a typo for account 123123123