saafe-redirection-flow 2.0.0

package/src/services/api/account.service.ts

@@ -0,0 +1,296 @@
+import axiosInstance from './axios'
+import { handleApiError, showSuccessToast } from '@/utils/toast-helpers'
+
+interface BankAccount {
+  id: string
+  bankName: string
+  accountType: string
+  accountNumber: string
+  balance: number
+  logoUrl: string
+}
+
+interface DiscoverAccountsRequest {
+  mobileNumber: string
+  banks: string[] // Bank IDs to discover
+}
+
+// Auto discovery types
+export interface AutoDiscoveryRequest {
+  Identifiers: {
+    type: string
+    value: string
+    categoryType: string
+  }[]
+  FiuId: string
+  FipId: string[]
+  FIType?: string[]
+}
+
+export interface AccountDiscoveryRequest {
+  Identifiers: {
+    type: string
+    value: string
+    categoryType: string
+  }[]
+  FiuId: string
+  FipId: string
+  FITypes: string | string[]
+}
+
+export interface AccountDiscoveryResponse {
+  DiscoveredAccounts: {
+    FIType: string
+    accType: string
+    accRefNumber: string
+    maskedAccNumber: string
+    state: string | null
+    amcName: string | null
+    logoUrl: string | null
+  }[]
+  signature: string
+}
+
+export interface AutoDiscoveryResponse {
+  Accounts: {
+    fipId: string
+    fipName: string
+    DiscoveredAccounts: {
+      FIType: string
+      accType: string
+      accRefNumber: string
+      maskedAccNumber: string
+      state: string | null
+      amcName: string | null
+      logoUrl: string | null
+    }[]
+  }[]
+  signature: string
+}
+
+export interface DiscoveredAccount {
+  id: string
+  type: string
+  maskedAccountNumber: string
+  bankName: string
+  logoUrl?: string
+  isNew?: boolean
+}
+
+/**
+ * Account service for bank account operations
+ */
+export const accountService = {
+  /**
+   * Get list of all available banks
+   */
+  getBanks: async () => {
+    try {
+      const response = await axiosInstance.get('/banks')
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to fetch banks')
+      throw error
+    }
+  },
+
+  /**
+   * Discover bank accounts linked to a mobile number
+   */
+  discoverAccounts: async (data: DiscoverAccountsRequest) => {
+    try {
+      const response = await axiosInstance.post('/accounts/discover', data)
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to discover accounts')
+      throw error
+    }
+  },
+
+  /**
+   * Get user's linked accounts
+   */
+  getLinkedAccounts: async (consentHandle: string, fipId?: string) => {
+    try {
+      const params: Record<string, string> = { consentHandle }
+      if (fipId) {
+        params.fipId = fipId
+      }
+      const response = await axiosInstance.get<BankAccount[]>(
+        '/User/linkedaccount',
+        {
+          params
+        }
+      )
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to fetch linked accounts')
+      throw error
+    }
+  },
+
+  /**
+   * Link a new account
+   */
+  linkAccount: async (accountId: string) => {
+    try {
+      const response = await axiosInstance.post(`/accounts/${accountId}/link`)
+      showSuccessToast('Account linked successfully')
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to link account')
+      throw error
+    }
+  },
+
+  /**
+   * Unlink an account
+   */
+  unlinkAccount: async (accountId: string) => {
+    try {
+      const response = await axiosInstance.post(`/accounts/${accountId}/unlink`)
+      showSuccessToast('Account unlinked successfully')
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to unlink account')
+      throw error
+    }
+  },
+
+  /**
+   * Get account details
+   */
+  getAccountDetails: async (accountId: string) => {
+    try {
+      const response = await axiosInstance.get<BankAccount>(
+        `/accounts/${accountId}`
+      )
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to fetch account details')
+      throw error
+    }
+  },
+
+  /**
+   * Get account transactions
+   */
+  getAccountTransactions: async (
+    accountId: string,
+    params: { page: number; limit: number }
+  ) => {
+    try {
+      const response = await axiosInstance.get(
+        `/accounts/${accountId}/transactions`,
+        { params }
+      )
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to fetch account transactions')
+      throw error
+    }
+  },
+
+  /**
+   * Add new number
+   */
+  getMobileNumbers: async () => {
+    const response = await axiosInstance.get('/User/Identifiers')
+    return response.data
+  },
+
+  /**
+   * Add new number
+   */
+  addNewNumber: async (data: {
+    value: string
+    type: string
+    categoryType: string
+  }) => {
+    const response = await axiosInstance.post('/User/Identifiers', data)
+    return response.data
+  },
+
+  /**
+   * Verify new number
+   */
+  verifyNewNumber: async (data: {
+    phoneNumber: string
+    code: string
+    otpUniqueID: string
+    identifierType: string
+  }) => {
+    const response = await axiosInstance.post('/User/Identifiers/Verify', data)
+    return response.data
+  },
+
+  /**
+   * Auto discover accounts based on identifiers and FIP IDs
+   */
+  autoDiscoverAccounts: async (data: AutoDiscoveryRequest) => {
+    try {
+      const response = await axiosInstance.post<AutoDiscoveryResponse>(
+        '/User/account/autoDiscovery',
+        data
+      )
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to auto-discover accounts')
+      throw error
+    }
+  },
+
+  /**
+   * Used to send the bank verification OTP code
+   */
+  sendBankOTP: async (data: {
+    FipId: string
+    Accounts: Array<{
+      accRefNumber: string
+      FIType: string
+    }>
+    signature: string
+  }) => {
+    const response = await axiosInstance.post<AutoDiscoveryResponse>(
+      '/User/account/link',
+      data
+    )
+    return response.data
+  },
+
+  /**
+   * Used to verify the bank OTP
+   */
+  verifyBankOTP: async (data: {
+    RefNumber: string
+    token: string
+    fipId: string
+  }) => {
+    const response = await axiosInstance.post('/User/account/link/verify', data)
+    return response.data
+  },
+
+  /**
+   * Get most used banks
+   */
+  getMostUsedBanks: async ({ type }: { type: string }) => {
+    const response = await axiosInstance.get(`/User/topFip?fi_type=${type}`)
+    return response.data
+  },
+
+  /**
+   * Discover accounts based on identifiers and a single FIP ID
+   */
+  accountDiscovery: async (data: AccountDiscoveryRequest) => {
+    try {
+      const response = await axiosInstance.post<AccountDiscoveryResponse>(
+        '/User/account/discovery',
+        data
+      )
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to discover accounts')
+      throw error
+    }
+  }
+}

package/src/services/api/auth.service.ts

@@ -0,0 +1,206 @@
+import axios, { AxiosError } from 'axios'
+import { useAuthStore } from '@/store/auth.store'
+import { handleApiError, showSuccessToast } from '@/utils/toast-helpers'
+import { API_URLS } from '@/config/urls'
+import {
+  TokenResponse,
+  RetryableRequest
+} from '@/interfaces/services.interfaces'
+
+// Define API endpoints with absolute URLs
+const API_BASE_URL = API_URLS.BASE_URL
+const AUTH_ENDPOINTS = {
+  INIT_OTP: `${API_BASE_URL}/public/user/combined/init-otp`,
+  VERIFY_OTP: `${API_BASE_URL}/public/user/combined/verify-otp`,
+  REFRESH_TOKEN: `${API_BASE_URL}/public/user/refreshtoken`
+}
+
+export interface InitOtpResponse {
+  access_token?: string
+  expires_in?: number
+  refresh_expires_in?: number
+  refresh_token?: string
+  token_type?: string
+  firstName?: string
+  lastName?: string
+  vuaId?: string
+  phoneNumber?: string
+  isTwoFactorEnabled?: boolean | null
+  isBioMetricsEnabled?: boolean | null
+  otpUniqueID: string
+}
+
+export interface ErrorResponse {
+  ver: string
+  txnid: string
+  timestamp: string
+  errorCode: string
+  errorMsg: string | null
+}
+
+// Verify OTP extends InitOtpResponse but might have additional fields
+export interface VerifyOtpResponse extends InitOtpResponse {
+  isVerified?: boolean
+}
+
+// Custom error type
+export type ApiErrorType = Error & {
+  response?: {
+    data: ErrorResponse
+  }
+  errorData?: ErrorResponse
+}
+
+// Create axios instance with interceptors
+const api = axios.create({
+  headers: {
+    'Content-Type': 'application/json'
+  }
+})
+
+// Define auth service methods
+export const authService = {
+  /**
+   * Initiates OTP flow for login/signup
+   */
+  initiateOtp: async (
+    phoneNumber: string,
+    isTermsAndConditionAgreed: boolean
+  ): Promise<InitOtpResponse> => {
+    const response = await api.post<InitOtpResponse>(
+      AUTH_ENDPOINTS.INIT_OTP,
+      {
+        phoneNumber,
+        isTermsAndConditionAgreed
+      }
+    )
+
+    return response.data
+  },
+
+  /**
+   * Verifies OTP code sent to the phone number
+   */
+  verifyOtp: async (
+    phoneNumber: string,
+    code: string,
+    otpUniqueID: string
+  ): Promise<VerifyOtpResponse> => {
+    const response = await api.post<VerifyOtpResponse>(
+      AUTH_ENDPOINTS.VERIFY_OTP,
+      {
+        phoneNumber,
+        code,
+        otpUniqueID
+      }
+    )
+
+    return response.data
+  },
+
+  /**
+   * Refresh the access token using refresh token
+   */
+  refreshToken: async (refreshToken: string): Promise<TokenResponse> => {
+    try {
+      // Make a direct axios call to avoid interceptors
+      const response = await axios.post<TokenResponse>(
+        AUTH_ENDPOINTS.REFRESH_TOKEN,
+        {
+          refreshToken
+        },
+        {
+          headers: { 'Content-Type': 'application/json' }
+        }
+      )
+
+      return response.data
+    } catch (error) {
+      handleApiError(error, 'Failed to refresh session')
+      throw error
+    }
+  },
+
+  /**
+   * Logout user by clearing state
+   */
+  logout: () => {
+    useAuthStore.getState().logout()
+    showSuccessToast('Logged out successfully')
+  }
+}
+
+// Request interceptor to add the auth token
+api.interceptors.request.use(
+  config => {
+    const { accessToken } = useAuthStore.getState()
+
+    if (accessToken) {
+      config.headers.Authorization = `Bearer ${accessToken}`
+    }
+
+    return config
+  },
+  error => Promise.reject(error)
+)
+
+// Helper function for token refresh
+const refreshAuthToken = async () => {
+  const { refreshToken } = useAuthStore.getState()
+
+  if (!refreshToken) {
+    throw new Error('No refresh token available')
+  }
+
+  const response = await authService.refreshToken(refreshToken)
+
+  useAuthStore
+    .getState()
+    .setTokens(response.access_token, response.refresh_token)
+
+  return response.access_token
+}
+
+// Response interceptor to handle errors
+api.interceptors.response.use(
+  response => response,
+  async (error: AxiosError<ErrorResponse>) => {
+    // Get the original request
+    const originalRequest = error.config as RetryableRequest
+
+    // Special case for refresh token endpoint, never retry
+    const isRefreshTokenEndpoint = originalRequest.url?.includes('refreshtoken')
+
+    // Check if the error is due to an expired token and not from the refresh token endpoint
+    if (
+      error.response?.status === 401 &&
+      originalRequest &&
+      !originalRequest._retry &&
+      !isRefreshTokenEndpoint
+    ) {
+      originalRequest._retry = true
+
+      try {
+        // Try to refresh the token
+        const newToken = await refreshAuthToken()
+
+        // Update the Authorization header with the new token
+        originalRequest.headers = originalRequest.headers || {}
+        originalRequest.headers.Authorization = `Bearer ${newToken}`
+
+        // Retry the original request with the new token
+        return api(originalRequest)
+      } catch (refreshError) {
+        // Logout the user on refresh token failure
+        useAuthStore.getState().logout()
+        handleApiError(refreshError, 'Session expired. Please login again.')
+        return Promise.reject(new Error('Session expired. Please login again.'))
+      }
+    }
+
+    // Handle all API errors
+    // handleApiError(error)
+
+    return Promise.reject(error)
+  }
+)

package/src/services/api/axios.ts

@@ -0,0 +1,138 @@
+import axios, {
+  AxiosError,
+  AxiosInstance,
+  InternalAxiosRequestConfig,
+  AxiosResponse,
+  AxiosRequestConfig
+} from 'axios'
+import { useAuthStore } from '@/store/auth.store'
+import { authService } from './auth.service'
+import { handleApiError } from '@/utils/toast-helpers'
+import { API_URLS } from '@/config/urls'
+import { RetryableRequest } from '@/interfaces/services.interfaces'
+
+// API constants
+const API_BASE_URL = API_URLS.BASE_URL
+const API_TIMEOUT = 30000 // 30 seconds
+
+/**
+ * Axios instance creation with default config
+ */
+const axiosInstance: AxiosInstance = axios.create({
+  baseURL: API_BASE_URL,
+  timeout: API_TIMEOUT,
+  headers: {
+    'Content-Type': 'application/json',
+    Accept: 'application/json'
+  }
+})
+
+/**
+ * Helper function for token refresh
+ */
+const refreshAuthToken = async () => {
+  const { refreshToken } = useAuthStore.getState()
+
+  if (!refreshToken) {
+    throw new Error('No refresh token available')
+  }
+
+  const response = await authService.refreshToken(refreshToken)
+
+  useAuthStore
+    .getState()
+    .setTokens(response.access_token, response.refresh_token)
+
+  return response.access_token
+}
+
+/**
+ * Request interceptor
+ * - Add authorization token
+ * - Format request data
+ */
+axiosInstance.interceptors.request.use(
+  (config: InternalAxiosRequestConfig): InternalAxiosRequestConfig => {
+    // Get token from local storage or auth store
+    const token =
+      sessionStorage.getItem('auth_token') ||
+      useAuthStore.getState().accessToken
+
+    // Add token to request headers if available
+    if (token && config.headers) {
+      config.headers.Authorization = `Bearer ${token}`
+    }
+
+    // Ensure Content-Type and Accept headers are set
+    if (config.headers) {
+      // Don't set Content-Type for FormData
+      if (!config.headers['Content-Type'] && !(config.data instanceof FormData)) {
+        config.headers['Content-Type'] = 'application/json'
+      }
+
+      if (!config.headers['Accept']) {
+        config.headers['Accept'] = 'application/json'
+      }
+    }
+
+    return config
+  },
+  (error: AxiosError): Promise<AxiosError> => {
+    // handleApiError(error, 'Failed to send request')
+    return Promise.reject(error)
+  }
+)
+
+/**
+ * Response interceptor
+ * - Handle response data formatting
+ * - Handle common errors (401, 403, etc.)
+ */
+axiosInstance.interceptors.response.use(
+  (response: AxiosResponse): AxiosResponse => {
+    return response
+  },
+  async (error: AxiosError<unknown>): Promise<unknown> => {
+    const originalRequest = error.config as RetryableRequest
+    const { response } = error
+
+    // Check if the error is due to an expired token
+    if (
+      response?.status === 401 &&
+      originalRequest &&
+      !originalRequest._retry
+    ) {
+      originalRequest._retry = true
+
+      try {
+        // Try to refresh the token
+        const newToken = await refreshAuthToken()
+
+        // Update the Authorization header with the new token
+        if (originalRequest.headers) {
+          originalRequest.headers.Authorization = `Bearer ${newToken}`
+        }
+
+        // Retry the original request with the new token
+        return axiosInstance(originalRequest as AxiosRequestConfig)
+      } catch (refreshError) {
+        // Logout the user on refresh token failure
+        useAuthStore.getState().logout()
+
+        // Show toast notification
+        handleApiError(refreshError, 'Session expired. Please login again.')
+
+        // Redirect to login page
+        window.location.href = '/login'
+        return Promise.reject(new Error('Session expired. Please login again.'))
+      }
+    }
+
+    // Handle all API errors with toast notifications
+    // handleApiError(error)
+
+    return Promise.reject(error)
+  }
+)
+
+export default axiosInstance