Onboarding-service
Architecture
Prerequisites
- JDK 17
- Groovy
- Git
- Gradle
- Lombok
- IntelliJ
- Docker
Tech stack
Database
PostgreSQL
Running locally with Docker: docker-compose up database -d
Spring Profile
IMPORTANT: Set your Spring active profile to dev
- this will also run DB schema/dev data migration
Backend
Java 17, Spring Boot, Gradle, Spock for testing
Running locally: ./gradlew bootRun
Frontend
React, TypeScript, scss, custom bootstrap, react-testing-library
Exception Monitoring
Sentry
Analytics
Google Analytics / Mixpanel
Hosting
AWS Elastic BeanStalk: EC2 and ELB
Continuous Integration
CircleCI
Production Logs
Papertrail
API
Authentication: oAuth2 with Mobile-ID, ID-card and Smart-ID
Postman API collection (outdated)
Build pipeline
Production: Merge GitHub pull request to master -> build in CircleCI -> auto-redeploy (if build is green)
How to add new pension funds?
- Add the new fund to the
funds
database table.
Development notes
If you don't want to run epis-service,
then you can mock TransferExchangeService.java
, which calls epis-service.
Common Issues
error="unsupported_grant_type", error_description="Unsupported grant type: mobile_id"
Make sure you are running against the right backend environment (dev or prod).
- If you do
npm run develop
yourpackage.json
must proxy tohttp://localhost:9000
- If you do
npm run develop-production
yourpackage.json
must proxy tohttps://onboarding-service.tuleva.ee
Known Issues
- Digital signing does not work in the dev environment. Use the production
configuration to test it locally. See
DigiDocConfiguration.digiDocConfigDev()
andsmartid.hostUrl
,smartid.relyingPartyUUID
,smartid.relyingPartyName
config values inapplication.yml
and change them to production values. Use VPN for testing.
Caveats
When updating Spring Boot, sometimes you need to remove all of the existing access tokens from the
oauth_access_token
database table. However, there's one special token granted for tuleva.ee which
allows it to fetch Fund NAV values and register new users. In order to generate a new token, you need to:
token by
curl --location --request POST 'https://pension.tuleva.ee/api/oauth/token' \
--header 'Authorization: Basic <base64 of client_id:client_secret>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=tuleva.ee'
and then update the token values in the WordPress Tuleva template.
Testing ID-card Locally
In order to test ID-card locally, you need to run nginx locally with the right certificates and the right domain names.
- Add tuleva certs to
./nginx
(4 files) - Update
$frontend
and$backend
urls inetc/eb/.ebextensions/nginx/conf.d/01_ssl_proxy.conf
- Add to
hosts
file:127.0.0.1 id.tuleva.ee 127.0.0.1 pension.tuleva.ee 127.0.0.1 onboarding-service.tuleva.ee
- Run nginx with docker:
docker-compose up nginx
- Add
DANGEROUSLY_DISABLE_HOST_CHECK=true
to.env
inonboarding-client
- add
server.servlet.session.cookie.domain: tuleva.ee
toapplication.yml
- Test through https://pension.tuleva.ee
- Later, don't forget to clean up your
hosts
file