Rails REST API to manage bank accounts, allowing the user to get his account balance and transfer money to another account, always in Reais (R$).
The API is available at https://aranha-accounting-api.herokuapp.com/ via Heroku.
This app uses:
- Ruby version 2.5.1
- Rails 5.2.3
- PostgreSQL 9.6.8
- Devise
- Simple Token Authentication
To run tests it was used Minitest and Database Cleaner gems. For more details check Gemfile.
To check the implemented tests see Consult Balance Feature Test, Transfer Money Feature Test and Transactions Controller Test
The User entity it's a devise generated user model composed of the following properties:
* email: String
* encrypted_password: String
* reset_password_token: String
* reset_password_sent_at: DateTime
* remember_created_at: DateTime
* created_at: DateTime
* updated_at: DateTime
* authentication_token: String
* token_expires_at: DateTime
The account entity it's composed of the following properties:
* user_id: Integer (reference to User model)
* balance: Decimal
* created_at: DateTime
* updated_at: DateTime
This entity has a method to debit and credit amount used in transactions.
The Transaction entity it's a entity composed of the following properties:
* balance: Decimal
* source_account_id: Integer (reference to Account model)
* destination_account_id: Integer (reference to Account model)
* created_at: DateTime
* updated_at: DateTime
This entity has a tranfer method to validate and create the transfer transaction. If a future will be interesting add a state machine to make transfer and another transactions like payments for example.
The Account Types is a simple class to hold account types like SOURCE and DESTINATION accounts in transactions.
The Account Not Found Error is a simple class to hold execeptions when an account wasn't found.
The Not Enough Balance Error is a simple class to hold execeptions when an account hos not enough money to perform a transaction.
All defined endpoints returns a JSON Object (a message or requested entities).
This endpoint is used to login the user so the transactions can be done.
To make a succesful login send in the url the params: email and password. If the password is right, a JSON object with the email and authentication_token will be returned with a CREATED status (201). This token will be necessary to perform transaction and logout and should be added in the request header and will expired in 7 minutes. If the password is wrong,a UNAUTHORIZED status (401) will be returned.
This endpoint is used to logout the user from the api.
To logout properly the request header should contain the keys X-User-Email with the user email as value and X-User-Token with the token returned at login as value. If the logout was succesful, a OK status (200) will be returned. If not, a UNAUTHORIZED status (401) will be returned.
This endpoint is used to get the account balance and its handled by action balance at Transactions Controller. To get the balance the request header contain the keys X-User-Email with the user email as value and X-User-Token with the token returned at login as value and id (account id) with its value as url params.
If the request was succesful a JSON object if the balance and OK status (200) will be returned. If the account wasn't found a JSON object with the error message and a UNPROCESSABLE ENTITY status (422) will be returned. If the id params is missing a JSON object with the error message and a BAD REQUEST status (400) will be returned.
This endpoint is used to perform a transfer between accounts and its handled by action transfer at Transactions Controller. To make the transfer the request header contain the keys X-User-Email with the user email as value and X-User-Token with the token returned at login as value and source_account_id, destination_account_id and amount with its respective values as url params.
If the request was succesful a JSON object will be returned with a succes message and OK status (200) will be returned. If any params is missing, a JSON object with the error message and a BAD REQUEST status (400) will be returned. If the source or destination accounts wasn't found or there's not anough source account balance to make the transfer, a JSON object with the error message and a UNPROCESSABLE ENTITY status (422) will be returned.
At the Seed file i've created 2 users with 2 accounts with 100 as balance value for each one. User 1 has [email protected] as email and password 123456 and user 2 has [email protected] as email and password 123456.
I sugest the use of Postman as tool to test. The following urls can be used as example:
- https://aranha-accounting-api.herokuapp.com/api/v1/[email protected]&password=123456
- https://aranha-accounting-api.herokuapp.com/api/v1/sessions
- https://aranha-accounting-api.herokuapp.com/api/v1/transactions/balance?id=1
- https://aranha-accounting-api.herokuapp.com/api/v1/transactions/transfer?source_account_id=1&destination_account_id=2&amount=3
Don't forget to add the X-User-Email and X-User-Token to the header to logout, get the balance and transfer money requests!
- Use ActiveModel Serializer to handle better serialization/deserialization.
- Improve security with Rack Attack to protect from bad clients. Can be used to prevent brute-force passwords attacks, scrapers and throttling requests from IP addresses for example.
- Scan code to look for security vulnerabilities with Brakeman.
- Add payment and get bank statement features.
- Add State Machines to Transaction model (AASM gem).
- Add a Web UI to the app