financelime-rest-api

module
v0.1.4-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 26, 2020 License: GPL-3.0

README

Financelime REST API service

1. Environment variables

Name Description
HTTP_SERVER_PORT
AUTH_INVITE_CODE_REQUIRED
DB_AUTH_MAIN_CONNECT_HOST
DB_AUTH_MAIN_CONNECT_PORT
DB_AUTH_MAIN_CONNECT_SSLMODE
DB_AUTH_MAIN_CONNECT_DBNAME
DB_AUTH_MAIN_CONNECT_USER
DB_AUTH_MAIN_CONNECT_PASSWORD
DB_AUTH_MAIN_MIGRATE_DROPFILE
DB_AUTH_MAIN_MIGRATE_CREATEFILE
DB_AUTH_MAIN_MIGRATE_INSERTFILE
DB_AUTH_READ_CONNECT_HOST
DB_AUTH_READ_CONNECT_PORT
DB_AUTH_READ_CONNECT_SSLMODE
DB_AUTH_READ_CONNECT_DBNAME
DB_AUTH_READ_CONNECT_USER
DB_AUTH_READ_CONNECT_PASSWORD
DB_BLADE_CONNECT_HOST
DB_BLADE_CONNECT_PORT
DB_BLADE_CONNECT_SSLMODE
DB_BLADE_CONNECT_DBNAME
DB_BLADE_CONNECT_USER
DB_BLADE_CONNECT_PASSWORD
DB_BLADE_MIGRATE_DROPFILE
DB_BLADE_MIGRATE_CREATEFILE

2. Identification at the device and request level

2.1. Header 'request-id'

API requests must contain a request-id header. Its content must be generated immediately before the request, according to a certain algorithm. API service validates the header before processing some requests. The request-id header allows you to identify the request and, together with the Authorization header, quickly track the chain of events, for example, filter events in the logs by device and request.
If a request requires a request-id header but is missing or failed validation, the request is rejected and a 400 Bad Request response is returned. Since the algorithm changes slightly with each version, the request-id header effectively filters out inappropriate requests from bots, being a CAPTCHA for them.

Checks can be disabled in the API configuration for all or some requests.

Algorithm for generating the 'request-id' header:
        +------------------------- | 4 random character sets 
        |     +------------------- |          pattern:                                
        |     |     +------------- |            LNNNN                          
        |     |     |     +------- |       (1 letter + 4 numbers)
check   |     |     |     |
 sum    1     2     3     4
----- ----- ----- ----- -----
LXXXX-LNNNN-LNNNN-LNNNN-LNNNN  <-- pattern
W7000-T6755-T7700-P4010-W6778  <-- example of generated value  
=----                   =----
^                       |
|                       |
+-----------------------+                                      

LXXXX | L - The letter that is always equal to a letter from set 4
      | XXXX - This is the sum of all digits from sets 1,2,3 and 4
      |        The number of characters is always 4 (missing ones get zeros)

3. Service version and state

3.1. Get the current version of the REST API service

  • Method: GET
  • Endpoint: /dist

The request will return a JSON object containing the following attributes:

Name Type Description
version string Service Version
build string Service Build
cURL Example
curl -i -X GET \
-H "request-id: K7800-H7625-Z5852-N1693-K1972" \
"https://api.dev.financelime.com/dist"
Request Headers
request-id: REQUEST_ID
Response Headers
status: 200
content-type:application/json;charset=utf-8
Response Body
{
   "version":"0.4.0",
   "build":"202007162345" 
}

3.2. Get the current state of a REST API service

  • Method: GET
  • Endpoint: /status

The request will return a JSON object containing the following attributes:

Name Type Description
api bool Status of API
db bool Status of DB
cURL Example
curl -i -X GET \
-H "request-id: K7800-H7625-Z5852-N1693-K1972" \
"https://api.dev.financelime.com/status"
Request Headers
content-type:application/json
request-id: REQUEST_ID
Response Headers
status: 200
content-type:application/json;charset=utf-8
Response Body
{
   "api":true,
   "db":true
}

4. Authorization

4.1. Sign up

  • Method: POST
  • Endpoint: /authorization/signup
Parameters:
Name Type Description
email string User Email
invite_code string Invite Code
language string User Language
Response:

The service sends a confirmation link to the specified email. After confirmation, the service will send a password for authorization.

cURL Example
curl -i -X POST \
-H "content-type:application/json;charset=utf-8" \
-H "request-id:K7800-H7625-Z5852-N1693-K1972" \
-d '{"email":"testuser@financelime.com", "inviteCode":"testInviteCode", "language":"en"}' \
"https://api.dev.financelime.com/authorization/signup"
Request Headers
content-type: application/json;charset=utf-8
request-id: REQUEST_ID
Status Code
STATUS_CODE Description
202 Accepted The API has successfully processed the request and the service sends a confirmation link to the specified email
400 Bad Request The API did not accept the request because headers or parameters did not pass validation (detail in API logs)
409 Conflict An error occurred while processing the request (details in the section Error Codes, in the next paragraph)

In the case of a 409 code, the request will return an Error-Code header containing the error code.

Коды ошибок:
ERROR_CODE Description
"FL103" User already exists
"FL104" The invite code does not exist or is expired
"FL105" The limit for issuing the specified invite code has been exhausted

Directories

Path Synopsis
packages
authorization/api
authorization/api/middleware
authorization/domain
authorization/repo
authorization/service
config
utils
random
responder
router

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.