The objective is to develop a microservice that performs the tasks indicated for the correct management of banking clients.
- Task 0: Dockerfile
- Task 1: User Actions
- Task 2: Password Reset and OTP
- Task 3: PIN Creation and Management
- Task 4: Account Transactions
- Task 5: Market Operations
- Task 6: Security
- Task 7: Error Handling
- Task 8: Subscriptions and Trading Bot
The first thing to do is to configure the Dockerfile to be able to test the application in containers.
This task focuses on basic user-related actions such as registering a new user, logging in, retrieving user and account details, and logging out. For these actions, you will need to interact with several endpoints, some of which require authentication.
-
User Registration: User Registration: The functionality is implemented to register a user by submitting the required information such as name, email, phone number and password. This registration will return the account number, which will be used for future operations.
Request body:
{ "name":"Nuwe Test", "password":"NuweTest1$", "email":"nuwe@nuwe.com", "address":"Main St", "phoneNumber":"666888116" }Response:
{ "name": "Nuwe Test", "email": "nuwe@nuwe.com", "phoneNumber": "666888116", "address": "Main St", "accountNumber": "19b332", "hashedPassword": "$2a$10$vYWBxACqEIPeoT0O5b0faOHp4ITAHSBvoHDzBePW7tPqzpvqKLi6G" }The application automatically creates and assigns the UUID type account number to the created customer.
Checks should include:
- No empty fields.
- The email format must be valid.
- Password rules to be detailed later.
- Check if the email or phoneNumber already exists.
-
User Login: A login mechanism is implemented using an email or account number along with a password. After successful authentication, the system should return a JWT token, which will be used for all protected endpoints.
Request body:
{ "identifier":"nuwe@nuwe.com", "password":"NuweTest1$" }Response:
{ "token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOWIzMzIiLCJpYXQiOjE3Mjk1NzEzNzUsImV4cCI6MTcyOTY1Nzc3NX0.6qLQi50B1StobsUusfxCSqLdKeKOYdBZ3qj5Lw5G9eAdqoV1Juz3jyh2xwWByG7iJtusrhYPb_I62ycptcH4MA" }If the identifier is invalid it returns the following with Status Code 400:
User not found for the given identifier: nuwee@nuwe.comIf the password is invalid it returns the following with Status Code 401:
Bad credentials -
Get User Info: Once logged in, use the JWT token to retrieve detailed user information (e.g., name, email, account number). Response:
{ "name": "Nuwe Test", "email": "nuwee@nuwe.com", "phoneNumber": "666888116", "address": "Main St", "accountNumber": "19b332", "hashedPassword": "$2a$10$vYWBxACqEIPeoT0O5b0faOHp4ITAHSBvoHDzBePW7tPqzpvqKLi6G" } -
Get Account Info: Fetch account information such as the account balance. You must be logged in. Response:
{ "accountNumber": "19b332", "balance": 0.0 } -
Logout: Implement a logout system that invalidates the JWT token, ensuring that users cannot access protected endpoints anymore.
| Endpoint | Method | Params/Body | Requires Auth | Response Codes | Description |
|---|---|---|---|---|---|
/api/users/register |
POST | { name, password, email, address, phoneNumber, countryCode } |
No | 200, 400 ("Email already exists", "Phone number already exists") | Registers a new user. |
/api/users/login |
POST | { identifier, password } |
No | 200, 401 ("Bad credentials") | Logs in the user and returns a JWT token. |
/api/auth/password-reset/send-otp |
POST | { identifier } |
No | 200, 400 | Sends an OTP for password reset. |
/api/auth/password-reset/verify-otp |
POST | { identifier, otp } |
No | 200, 400 ("Invalid OTP") | Verifies the OTP and returns a reset token. |
/api/auth/password-reset |
POST | { identifier, resetToken, newPassword } |
No | 200, 400 ("Invalid reset token") | Resets the user's password. |
/api/dashboard/user |
GET | N/A | Yes | 200, 401 ("Access Denied") | Retrieves the logged-in user's details. |
/api/dashboard/account |
GET | N/A | Yes | 200, 401 ("Access Denied") | Retrieves account information, including balance. |
/api/account/deposit |
POST | { amount, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Deposits a specific amount into the user's account. |
/api/account/withdraw |
POST | { amount, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Withdraws a specific amount from the user's account. |
/api/account/fund-transfer |
POST | { targetAccountNumber, amount, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Transfers funds to another account. |
/api/account/transactions |
GET | N/A | Yes | 200, 401 | Retrieves the user's transaction history. |
/api/account/buy-asset |
POST | { assetSymbol, amount, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Buys a specified asset for the user. |
/api/account/sell-asset |
POST | { assetSymbol, quantity, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Sells a specified asset for the user. |
/market/prices |
GET | N/A | No | 200, 500 | Retrieves current market prices for all assets. |
/market/prices/{symbol} |
GET | N/A | No | 200, 500 | Retrieves the current market price for a specific asset. |
/api/user-actions/subscribe |
POST | { amount, intervalSeconds, pin } |
Yes | 200, 401, 403 ("Invalid PIN"), 500 | Creates a subscription for periodic payments. |
/api/user-actions/enable-auto-invest |
POST | { pin } |
Yes | 200, 400 ("PIN cannot be null or empty"), 401, 403 | Enables the auto-investment feature. |
/api/users/logout |
GET | N/A | Yes | 200, 401 ("Access Denied") | Logs out the user and invalidates the JWT token. |