customers

package module

v0.3.0-rc1 Latest Latest Go to latest Published: Oct 28, 2019 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

README ¶

moov-io/customers

The Customers project focuses on solving authentic identification of humans who are legally able to hold and transfer currency within the US. Primarily this project solves Know Your Customer (KYC), Customer Identification Program (CIP), Office of Foreign Asset Control (OFAC) checks and verification workflows to comply with US federal law and ensure authentic transfers. Also, Customers has an objective to be a service for detailed due diligence on individuals and companies for Financial Institutions and services in a modernized and extensible way.

Docs: docs.moov.io | api docs

Project Status

Moov Customers is under active development, so please star the project if you are interested in its progress. We are developing an extensible HTTP API for interactions along with an OpenAPI specification file for generating clients for integration projects.

Deployment

You can download our docker image moov/customers from Docker Hub or use this repository. No configuration is required to serve on :8087 and metrics at :9097/metrics in Prometheus format.

Configuration

The following environmental variables can be set to configure behavior in Accounts.

Environmental Variable	Description	Default
`HTTPS_CERT_FILE`	Filepath containing a certificate (or intermediate chain) to be served by the HTTP server. Requires all traffic be over secure HTTP.	Empty
`HTTPS_KEY_FILE`	Filepath of a private key matching the leaf certificate from `HTTPS_CERT_FILE`.	Empty
`OFAC_ENDPOINT`	HTTP address for OFAC interaction, defaults to Kubernetes inside clusters and local dev otherwise.	Kubernetes DNS
`OFAC_MATCH_THRESHOLD`	Percent match against OFAC data that's required for paygate to block a transaction.	`99%`
`DATABASE_TYPE`	Which database option to use (Options: `sqlite`, `mysql`)	Default: `sqlite`

Storage

Based on DATABASE_TYPE the following environment variables will be read to configure connections for a specific database.

MySQL

MYSQL_ADDRESS: TCP address for connecting to the mysql server. (example: tcp(hostname:3306))
MYSQL_DATABASE: Name of database to connect into.
MYSQL_PASSWORD: Password of user account for authentication.
MYSQL_USER: Username used for authentication,

Refer to the mysql driver documentation for connection parameters.

MYSQL_TIMEOUT: Timeout parameter specified on (DSN) data source name. (Default: 30s)

SQLite

SQLITE_DB_PATH: Local filepath location for the customers SQLite database. (Default: customers.db)

Refer to the sqlite driver documentation for connection parameters.

Document Storage

The following environment variables control which backend service is initialized for Document persistence. These all follow a similar "blob storage" API provided by a library that Google build and maintains.

BUCKET_NAME: The name of the bucket to use. Must be created outside of Customers if using a cloud provider. Make sure proper access and encryption controls are setup on this bucket to prevent exposure or unauthorized access. Example: ./storage/ (For file type backends)
CLOUD_PROVIDER: Provider name which determines which of the following environmental variables are used to initialize Customer's persistence.

AWS S3 Storage

For more information see the Go Cloud Development Kit docs for s3blob. Use CLOUD_PROVIDER=aws to read the following environmental variables:

AWS_REGION: Amazon region name of where the bucket exists.
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY: Standard AWS access credentials used by applications.

Google Cloud Storage

For more information see the Go Cloud Development Kit docs for gcsblob. Google's auth uses the standard service account authorization when deploying services. Use CLOUD_PROVIDER=gcp to read the following environmental variables:

GOOGLE_APPLICATION_CREDENTIALS: A filepath to the GCP service account json file.

Local filesystem Storage

For more information see the Go Cloud Development Kit docs for fileblob. This is the default if no other provider is specified. Use CLOUD_PROVIDER=file to read the following environmental variables:

FILEBLOB_BASE_URL: A filepath for storage on local disk. (Default: ./storage/)
FILEBLOB_HMAC_SECRET: HMAC secret value used to sign URLs. You MUST change this for production usage! (Default: secret)

CLOUD_PROVIDER: Provider name which determines which of the following environmental variables are used to initialize Customer's persistence.

Local storage

SECRETS_LOCAL_BASE64_KEY: A base64 encoded key used to encrypt and decrypt secrets in memory. This value needs to look like base64key://value where value is a 32 byte random key.

Google Cloud Storage

SECRETS_GCP_KEY_RESOURCE_ID: A Google Cloud resource ID used to interact with their Key Management Service (KMS). This value has the form projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY and their documentation has more details.

Vault storage

VAULT_SERVER_TOKEN: A Vault generated value used to authenticate. See the Hashicorp Vault documentation for more details.
VAULT_SERVER_URL: A URL for accessing the vault instance. In production environments this should be an HTTPS (TLS) secured connection.

Customer Approval

Currently approval of Customers is represented by the status field of a Customer and can have the following values: Deceased, Rejected, None (Default), ReviewRequired, KYC, OFAC, and CIP. These values can only be changed via the "admin" endpoints exposed in Customers. Admin endpoints are served from Customer's admin port (9097). Approvals (updates to a Customer status) can only be done manually, but we are aiming for automated approval. In order for a Customer to be approved into OFAC or higher there must be an OFAC search performed without positive matches and CIP requires a valid Social Security Number (SSN).

Getting Help

channel	info
Project Documentation	Our project documentation available online.
Google Group moov-users	The Moov users Google group is for contributors other people contributing to the Moov project. You can join them without a google account by sending an email to moov-users+subscribe@googlegroups.com. After receiving the join-request message, you can simply reply to that to confirm the subscription.
Twitter @moov_io	You can follow Moov.IO's Twitter feed to get updates on our project(s). You can also tweet us questions or just share blogs or stories.
GitHub Issue	If you are able to reproduce an problem please open a GitHub Issue under the specific project that caused the error.
moov-io slack	Join our slack channel (`#customers`) to have an interactive discussion about the development of the project. Request an invite to the slack channel

Contributing

Yes please! Please review our Contributing guide and Code of Conduct to get started!

Note: This project uses Go Modules, which requires Go 1.11 or higher, but we ship the vendor directory in our repository.

License

Apache License 2.0 See LICENSE for details.

Documentation ¶

Index ¶

func ApprovedAt(customerStatus Status, minimum Status) bool
type Status
- func LiftStatus(str string) (*Status, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ApprovedAt ¶ added in v0.3.0

func ApprovedAt(customerStatus Status, minimum Status) bool

ApprovedAt returns true only if the customerStatus is higher than ReviewRequired and is at least the minimum status. It's used to ensure a specific customer is at least KYC, OFAC, or CIP in applications.

Types ¶

type Status ¶ added in v0.3.0

type Status int

const (
	Deceased Status = iota
	Rejected
	None
	ReviewRequired
	KYC
	OFAC
	CIP
)

func LiftStatus ¶ added in v0.3.0

func LiftStatus(str string) (*Status, error)

LiftStatus will attempt to return an enum value of CustomerStatus after reading the string value.

func (Status) ApprovedAt ¶ added in v0.3.0

func (cs Status) ApprovedAt(minimum Status) bool