API tools faq
paste
Guest User

Untitled

a guest
Dec 11th, 2018
457
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.74 KB | None | 0 0
raw download clone embed print report
  1. import { Endpoint } from "../../src/lib/DiloServer";
  2.  
  3. /**
  4. * Common response code
  5. * 401 - Request body error
  6. * 500 - Internal server error
  7. */
  8.  
  9. const LIST_OF_PERMISSIONS = {
  10. "1100": true, // User management
  11. "2100": true, // Role management
  12. "3100": true, // System param management
  13. };
  14.  
  15. export const adminPortalEndpoints: Endpoint[] = [
  16.  
  17. // For login
  18. ["POST", "/session-id", {
  19. body: {
  20. USID: "test_user",
  21. PW: "1324ewrge", // Hash using saltless SHA-256
  22. },
  23. response: {
  24. // Login success
  25. 200: [
  26. {
  27. KIND: "LoginSuccess",
  28. SESSION_ID: "<session_id>",
  29. PERMISSIONS: LIST_OF_PERMISSIONS
  30. },
  31. {
  32. KIND: "PasswordExpired",
  33. SESSION_ID: "<session_id>"
  34. },
  35. {
  36. KIND: "FirstTimeLogin",
  37. SESSION_ID: "<session_id>"
  38. },
  39. {
  40. KIND: "PasswordWillExpireSoon",
  41. EXPIRY_EDT: 1544425876959,
  42. SESSION_ID: "<session_id>"
  43. },
  44. {
  45. KIND: "InvalidCredential",
  46. REMAINING_TRY_COUNT: 3
  47. },
  48. {
  49. KIND: "AccountLocked",
  50. REMAINING_EDT: 1544425876959
  51. }
  52. ]
  53. }
  54. }],
  55.  
  56. // For user to view their own profile
  57. ["GET", "/user-profile", {
  58. headers: {
  59. Authorization: "Bearer <session_id>"
  60. },
  61. response: {
  62. 200: {
  63. USID: "Admin01",
  64. NAME: "Admin Name",
  65. EMAIL: "admin@gmail.com",
  66. MOBILE_NO: "012-3421343",
  67. PHONE_NO: "03-90123444",
  68. EXTRA_DETAIL: {
  69. // extra property
  70. }
  71. }
  72. }
  73. }],
  74.  
  75. // For user to update their own profile
  76. ["PUT", "/user-profile", {
  77. body: {
  78. USID: "Admin01",
  79. EMAIL: "admin@gmail.com",
  80. MOBILE_NO: "012-3421343",
  81. PHONE_NO: "03-90123444",
  82. EXTRA_DETAIL: {
  83. // extra property
  84. }
  85. },
  86. response: {
  87. 200: {} // Update success
  88. }
  89. }],
  90.  
  91. // For user to change their own password
  92. ["PUT", "/user-profile-pw", {
  93. headers: {
  94. Authorization: "Bearer <session_id>"
  95. },
  96. body: {
  97. OLD_PW: "<old_pw>",
  98. NEW_PW: "<new_pw>"
  99. },
  100. response: {
  101. 200: [
  102. {
  103. KIND: "ChangePasswordSuccess"
  104. },
  105. {
  106. KIND: "InvalidCredential"
  107. },
  108. {
  109. KIND: "PasswordRepeated"
  110. }
  111. ]
  112. }
  113. }],
  114.  
  115. /**
  116. * The following endpoints is for UserAdmin only
  117. * The users that are flagged as 0 are returned only
  118. */
  119.  
  120. // For UserAdmin to view user
  121. ["GET", "/users", {
  122. headers: {
  123. Authorization: "Bearer <session_id>"
  124. },
  125. response: {
  126. 200: {
  127. USERS: [{
  128. USID: "Admin01",
  129. NAME: "Admin Name",
  130. EMAIL: "admin@gmail.com",
  131. MOBILE_NO: "012-3421343",
  132. PHONE_NO: "03-90123444",
  133. EXTRA_DETAIL: {
  134. // extra property
  135. },
  136. PW_TRYCOUNT: 0,
  137. LAST_PW_CHANGE_EDT: 1544425876959,
  138. LAST_LOGIN_EDT: 1544425876959,
  139. CREATED_BY: "Admin02",
  140. CREATED_EDT: 1544425876959,
  141. LAST_CHANGED_BY: "Admin03",
  142. LAST_CHANGED_EDT: 1544425876959
  143. }]
  144. }
  145. }
  146. }],
  147.  
  148. // For UserAdmin to update a user
  149. ["PUT", "/user", {
  150. headers: {
  151. Authorization: "Bearer <session_id>"
  152. },
  153. body: {
  154. USID: "Admin01", // For searching purpose
  155. NAME: "Admin Name",
  156. EMAIL: "admin@gmail.com",
  157. MOBILE_NO: "012-3421343",
  158. PHONE_NO: "03-90123444",
  159. EXTRA_DETAIL: {
  160. // extra property
  161. },
  162. },
  163. response: {
  164. 200: {} // Edit success
  165. }
  166. }],
  167.  
  168. // For UserAdmin to reset the password another user
  169. ["PUT", "/user-admin-pw", {
  170. headers: {
  171. Authorization: "Bearer <session_id>"
  172. },
  173. body: {
  174. USID: "<user id>",
  175. NEW_PW: "<new_pw>"
  176. },
  177. response: {
  178. 200: {} // Success
  179. }
  180. }],
  181.  
  182. // For UserAdmin to create user
  183. ["POST", "/user", {
  184. headers: {
  185. Authorization: "Bearer <session_id>"
  186. },
  187. body: {
  188. USID: "Admin01", // For searching purpose
  189. NAME: "Admin Name",
  190. PW: "<password>",
  191. EMAIL: "User001@gmail.com",
  192. MOBILE_NO: "012-3421343",
  193. PHONE_NO: "03-90123444",
  194. EXTRA_DETAIL: {
  195. // extra property
  196. },
  197. },
  198. response: {
  199. 200: [
  200. {
  201. KIND: "SUCCESS"
  202. },
  203. {
  204. KIND: "USID_DUPLICATED"
  205. }
  206. ]
  207. }
  208. }],
  209.  
  210. /**
  211. * The following endpoints is for SecurityAdmin only
  212. */
  213. // For retrieving modules and permissions
  214. ["GET", "/modules", {
  215. headers: {
  216. Authorization: "Bearer <session_id>"
  217. },
  218. response: {
  219. 200: {
  220. MODULES: [{
  221. MODULE_ID: "1000",
  222. MODULE_NAME: "System Params",
  223. PERMISSIONS: [{
  224. PERMISSION_ID: "1100",
  225. PERMISSION_NAME: "View Params"
  226. }],
  227. }],
  228. ROLES: [{
  229. ROLE_NAME: "Batch operator",
  230. ROLE_DESC: "Operate batch process",
  231. PERMISSIONS: LIST_OF_PERMISSIONS
  232. }]
  233. }
  234. }
  235. }],
  236.  
  237. // For SecurityAdmin to create role and assign permissions to it
  238. ["POST", "/role", {
  239. headers: {
  240. Authorization: "Bearer <session_id>"
  241. },
  242. body: {
  243. ROLE_NAME: "Batch operator",
  244. ROLE_DESC: "Operate batch process",
  245. PERMISSIONS: LIST_OF_PERMISSIONS
  246. },
  247. response: {
  248. 200: [
  249. {
  250. KIND: "SUCCESS"
  251. },
  252. {
  253. KIND: "ROLE_NAME_DUPLICATED"
  254. }
  255. ]
  256. }
  257. }],
  258.  
  259. // For SecurityAdmin to update role
  260. ["PUT", "/role", {
  261. headers: {
  262. Authorization: "Bearer <session_id>"
  263. },
  264. body: {
  265. ROLE_NAME: "Batch operator",
  266. ROLE_DESC: "Operate batch process",
  267. PERMISSIONS: LIST_OF_PERMISSIONS
  268. },
  269. response: {
  270. 200: {}
  271. }
  272. }],
  273.  
  274. // For SecurityAdmin to delete role (currently not in-used)
  275. ["DELETE", "/role", {
  276. headers: {
  277. Authorization: "Bearer <session_id>"
  278. },
  279. body: {
  280. ROLE_NAME: "Batch operator"
  281. },
  282. response: {
  283. 200: {}
  284. }
  285. }],
  286.  
  287. // For SecurityAdmin to get the roles of a specific user (based on USID)
  288. ["GET", "/user-role", {
  289. headers: {
  290. Authorization: "Bearer <session_id>"
  291. },
  292. querystring: {
  293. usid: "TestUser01"
  294. },
  295. response: {
  296. 200: {
  297. ROLES: ["Batch Operator", "Log Viewer"]
  298. }
  299. }
  300. }],
  301.  
  302. // For SecurityAdmin to assign role to a specific user
  303. ["POST", "/user-role", {
  304. headers: {
  305. Authorization: "Bearer <session_id>"
  306. },
  307. body: {
  308. USID: "TestUser01",
  309. ROLES: ["Batch Operator", "Log Viewer"]
  310. },
  311. response: {
  312. 200: {} // Success
  313. }
  314. }],
  315.  
  316. // For SecurityAdmin to revoke role from a specific user
  317. ["DELETE", "/user-role", {
  318. headers: {
  319. Authorization: "Bearer <session_id>"
  320. },
  321. body: {
  322. USID: "TestUser01",
  323. ROLES: ["Batch Operator", "Log Viewer"]
  324. },
  325. response: {
  326. 200: {} // Success
  327. }
  328. }],
  329.  
  330. /**
  331. * Endpoints for checker maker
  332. */
  333.  
  334. // Retrieve maker-checker histories
  335. ["GET", "/maker-checker", {
  336. headers: {
  337. Authorization: "Bearer <session_id>"
  338. },
  339. querystring: {
  340. "page-number": 0, // Starts from 0
  341. "page-size": 10 // How many record per page
  342. },
  343. response: {
  344. 200: {
  345. CHECKER_MAKER_HISTORIES: [{
  346. ID: 1,
  347. ACTION: "MERCHANT_TAGGING",
  348. MAKER_USID: "TesterUser01",
  349. CREATED_EDT: 1544425876959,
  350. REQUEST_PARAM: "{MERCHANT_ID:'123', CARD:'MasterCard'}",
  351. STATUS: "APPROVED|PENDING|REJECTED|CANCELLED",
  352. RESPONSE: "{KIND:'error', MESSAGE: 'card does not exist'}",
  353. CHECKER_USID: "TesterUser02",
  354. CHECKED_EDT: 1544425876959,
  355. CHECKER_COMMENT: ""
  356. }]
  357. } // Success
  358. }
  359. }],
  360.  
  361. // Create maker-checker request
  362. ["POST", "/maker-checker", {
  363. headers: {
  364. Authorization: "Bearer <session_id>"
  365. },
  366. body: {
  367. ACTION: "MERCHANT_TAGGING",
  368. MAKER_USID: "TesterUser01",
  369. REQUEST_PARAM: "{MERCHANT_ID:'123', CARD:'MasterCard'}",
  370. },
  371. response: {
  372. 200: {}
  373. }
  374. }],
  375.  
  376. // Finish(approve/reject/cancel) maker-checker request
  377. ["PUT", "/maker-checker", {
  378. headers: {
  379. Authorization: "Bearer <session_id>"
  380. },
  381. body: {
  382. ID: 1,
  383. STATUS: "REJECTED",
  384. CHECKER_USID: "TestUser01",
  385. CHECKER_COMMENT: "Too many typo"
  386. },
  387. response: {
  388. 200: {}
  389. }
  390. }],
  391.  
  392. /**
  393. * We are not sure who will have the privileges to access the endpoints below at the moment
  394. */
  395.  
  396. // For user X to view the audit log
  397. ["GET", "/audit-log", {
  398. headers: {
  399. Authorization: "Bearer <session_id>"
  400. },
  401. querystring: {
  402. "page-number": 0, // Starts from 0
  403. "page-size": 10, // How many record per page
  404. "usid": "TestUser01", // Put empty string if no need filter
  405. "action": "<action_name>", // Put empty string if no need filter
  406. "start-edt": 1544425876959, // 0 means from the beginning of time
  407. "end-edt": 1544425876959, // 9999999999999 means until the end of time
  408. },
  409. response: {
  410. 200: {
  411. TOTAL_PAGES: 100,
  412. AUDIT_LOGS: [{
  413. ID: "001",
  414. USID: "TestUser01",
  415. ACTION: "User(TestUser01) update name from 'Lee' to 'Lau'",
  416. EDT: 1544425876959
  417. }]
  418. } // Success
  419. }
  420. }],
  421.  
  422. // For user X to view internal system params
  423. ["GET", "/internal-system-params", {
  424. headers: {
  425. Authorization: "Bearer <session_id>"
  426. },
  427. response: {
  428. 200: {
  429. PARAMS: [{
  430. PARAM_NAME: "PasswordValidDuration",
  431. PARAM_DESC: "The valid duration of a new password",
  432. PARAM_MIN: 13,
  433. PARAM_MAX: 20,
  434. PARAM_VALUE: 15,
  435. ENABLED: false,
  436. LAST_CHANGED_BY: "<USID>",
  437. LAST_CHANGED_EDT: 1544425876959
  438. }]
  439. }
  440. }
  441. }],
  442.  
  443. // For user X to update internal system params
  444. ["PUT", "/internal-system-params", {
  445. headers: {
  446. Authorization: "Bearer <session_id>"
  447. },
  448. body: {
  449. PARAMS: [{
  450. PARAM_NAME: "PasswordValidDuration",
  451. PARAM_VALUE: 15,
  452. ENABLED: false,
  453. }]
  454. },
  455. response: {
  456. 200: {}
  457. }
  458. }],
  459.  
  460. /**
  461. * The following endpoint is for SuperAdmin
  462. */
  463. // To check if SuperAdmin exists (for redirecting UI)
  464. ["GET", "/super-admin", {
  465. response: {
  466. 200: {
  467. exist: true
  468. }
  469. }
  470. }],
  471.  
  472. // For creating super-admin
  473. ["POST", "/super-admin", {
  474. headers: {
  475. Authorization: "Bearer <shared_secret>"
  476. },
  477. body: {
  478. ADMIN_ID: "SuperAdmin",
  479. ADMIN_PW: "ef;hgjhgdkfg", // = SHA256(pw1 + pw2)
  480. },
  481. response: {
  482. 200: {
  483. exist: true
  484. }
  485. }
  486. }],
  487.  
  488. // For super-admin to login
  489. ["POST", "/super-admin-session", {
  490. headers: {
  491. Authorization: "Bearer <shared_secret>"
  492. },
  493. body: {
  494. ADMIN_ID: "SuperAdmin",
  495. ADMIN_PW: "ef;hgjhgdkfg", // = SHA256(pw1 + pw2)
  496. },
  497. response: {
  498. 200: [
  499. {
  500. KIND: "LoginSuccess",
  501. SESSION_ID: "<session_id>",
  502. },
  503. {
  504. KIND: "InvalidCredential",
  505. }
  506. ]
  507. }
  508. }],
  509.  
  510. // For super-admin to view super users
  511. ["GET", "/super-users", {
  512. headers: {
  513. Authorization: "Bearer <session_id>"
  514. },
  515. response: {
  516. 200: {
  517. USERS: [{
  518. USID: "Admin01",
  519. FLAG: "1 or 2", // 1 means UserAdmin, 2 means SecurityAdmin
  520. }]
  521. }
  522. }
  523. }],
  524.  
  525. // For super-admin to create super user
  526. ["POST", "/super-user", {
  527. headers: {
  528. Authorization: "Bearer <session_id>"
  529. },
  530. body: {
  531. USID: "Admin01",
  532. PW: "23o43rhtr", // Hashed by SHA256
  533. FLAG: "1 or 2", // 1 means UserAdmin, 2 means SecurityAdmin
  534. },
  535. response: {
  536. 200: [
  537. {
  538. KIND: "SUCCESS"
  539. },
  540. {
  541. KIND: "ID_DUPLICATED"
  542. }
  543. ]
  544. }
  545. }],
  546.  
  547. // For super-admin to reset the password of a super-user
  548. ["PUT", "/super-user-pw", {
  549. headers: {
  550. Authorization: "Bearer <session_id>"
  551. },
  552. body: {
  553. USID: "Admin01",
  554. PW: "2345385ytteg", // Hashed by SHA256
  555. },
  556. response: {
  557. 200: {} // Success
  558. }
  559. }]
  560. ];
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!