eTreasury is a web application that allows users to manage their finances. It is built using the Springboot framework and intergated the Alipay API to demonstrate the ability to transection with third party payment methods.
- User can create an account to the application
- User can need to activate their account by clicking the link sent to their email
- User can login to the application
- User can receive JWT token after login
- User can apply to reset their password by inputting the verification code sent to their email
- User can reset their password after inputting the verification code
- User can create a new wallet bound to their account
- User can view their wallet balance
- User can deposit money to their wallet
- User can make a payment to another user
- User can make a payment to a third party payment method (Alipay)
- User can view their transaction history
We have also implemented a fully functional frontend for this application. Please refer to the following repository for more information: https://github.com/Ella-e/e-wallet-frontend
- Java 17
- Maven, known working version is 3.9.2
- MySQL
In the src/main/resources/application.properties file, currently you could see:
spring:
datasource:
url: jdbc:mysql:///ewalletAccount?useSSL=false&serverTimezone=UTC
username: root
password: 1390231mzy
driver-class-name: com.mysql.cj.jdbc.Driver
You need to change the username and password to your own MySQL username and password. And Also make sure to create a database named ewalletAccount in your MySQL.
The easiest way to run the application is to run it with the in-built/plugin offered by IDEs like IntelliJ. Or, you can also run using the following command:
mvn spring-boot:run
To test the application, you can use the following command:
curl "http://localhost:8080/user/test0"
You should see the following output:
"test0"
The server is running.
In the src/main/resources/application.properties file, currently you could see:
server.port=8081
you can change the port to any port you want.
In the src/main/resources/application.properties file, currently you could see:
spring:
mail:
host: smtp.gmail.com
port: 587
username: confirmationemailsender101@gmail.com
password: ulsejyqnxjwlzpog
properties:
mail:
smtp:
auth: true
starttls:
enable: true
You need to change the username and password to your own Gmail username and password. And Also make sure to enable two-step verification and generate an app password for your Gmail account. Put the app password in the password field, not your Gmail password.
Currently in the src/main/java/com/ewallet/springboot/service/serviceImpl/EmailServiceImpl.java file, you could see:
String messageBody = "Hello " + name + ",\n\nYour new account has been created. Please click the link below to verify your account. \n\n" + "http://localhost:8081/user/activate?token=" + token + "\n\nThe support Team";
For the "sendConfirmationToken" method. You need to change the "http://localhost:8081/user/activate?token=" to your own domain name. For example, if your domain name is "www.abc.com", you need to change it to "http://www.abc.com/user/activate?token=".
POST /user/register
Your body should be a JSON object with the following fields:
{
"email": "your email",
"password": "your password",
"firstName": "your first name",
"lastName": "your last name"
}
If the email is already bound to a user, you will receive a 400 Bad Request, otherwise, you will receive a 201 Created response, and you will receive an email with the following content:
Hello fakeName,
Your new account has been created. Please click the link below to verify your account.
http://localhost:8081/user/activate?token=55790dc5-76de-40e2-a5bf-d3742ba9a3fe
The support Team
GET /user/activate?token=your verification code
If the verification code is valid, you will see the following page:
tokenVerificationSuccess
If the verification code is invalid, you will see the following page:
tokenVerificationFailure
PUT /user/resent-token?email=your email
If the email is bound to a user, you will receive a 200 OK response, othervise, you will receive a 400 Bad Request response with the following body:
POST /user/apply-reset-password?email=your email
If the email is bound to a user, you will receive a 200 OK response. And you will receive an email with the following content:
Hello fakeName,
There is an attempt to reset your password. Verification code is:
z7Ngc6
The support Team
If the email is not bound to a user, you will receive a 400 Bad Request response.
PUT /user/reset-password?email=your email&code=your verification code&password=your new password
If the email and verification code are valid, you will receive a 200 OK response and the password will be reset. Otherwise, you will receive a 400 Bad Request response.
POST /user/login
Your body should be a JSON object with the following fields:
{
"email": "your email",
"name": "your name",
"password": "your password"
}
It is ok to leave one of the email and name fields empty. If the email or name and password are valid, you will receive a 200 OK response with the following body:
{
"timeStamp": "2023-09-09T02:42:38.895665",
"statusCode": 200,
"status": "OK",
"message": "login success",
"data": {
"email": "e0968880@u.nus.edu",
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJlMDk2ODg4MEB1Lm51cy5lZHUiLCJleHAiOjE2OTQyMDU3NTh9.P7SoAyRbP0XG7MLwujKz_EEHBlYaE-zrauuzbiXoNqs"
}
}
you need to include the token in the header of your next request to access resources that require authentication. Otherwise, you will receive a 401 unauthorized response.
You need to include the token in the header of your request (so you need to first login to get the token) to access resources that require authentication. Otherwise, you will receive a 401 unauthorized response.
POST /account/createAccount Your body should be a JSON object with the following fields:
{
"uid": "your user id",
"accountPassword": "your account password"
}
GET /account/findAccountByWid?wid=your wallet id
GET /account/findAccountByUid?uid=your user id
POST /account/topup?aid=your wallet id&accountPassword=your account password&amount=your amount
POST /account/transactionToOne?aid=your wallet id&receiverAid=receiver wallet id&accountPassword=your account password&amount=your amount
You need to include the token in the header of your request (so you need to first login to get the token) to access resources that require authentication. Otherwise, you will receive a 401 unauthorized response.
POST /api/alipay/createWebTrade?tradeNo=your trade number&subject=your subject&totalAmount=your total amount
GET /api/alipay/findWebTradeByTradeNo?tradeNo=your trade number
You need to include the token in the header of your request (so you need to first login to get the token) to access resources that require authentication. Otherwise, you will receive a 401 unauthorized response.
POST /transaction/transact
Your body should be a JSON object with the following fields:
{
"fromAccountId": "your wallet id",
"toAccountId": "receiver wallet id",
"amount": "your amount"
}
GET /transaction/findTransactionByFromId?fromAccountId=your wallet id
GET /transaction/findTransactionByToId?toAccountId=your wallet id
POST /transaction/addOneTransaction
Your body should be a JSON object with the following fields:
{
"fromAccountId": "your wallet id",
"toAccountId": "receiver wallet id",
"amount": "your amount"
}
The Alipay payment integration in this project is just a small part of the entire application. It primarily involves the integration of the Alipay SDK's API, allowing users to initiate payment requests to the Alipay gateway. It also leverages Alipay's sandbox environment for virtual account transfers. Furthermore, you will need Alipay's public and private keys, personal public and private keys, and support for functionalities such as synchronous/asynchronous notifications, refunds, and queries.
-
Virtual Accounts: By using virtual accounts within Alipay's sandbox environment, you can simulate payment transactions to ensure the correctness and stability of the payment process.
-
Key Management: Managing multiple keys is crucial in this integration, including Alipay's public and private keys and personal public and private keys. These keys are used for signing and encrypting transaction data.
-
Synchronous/Asynchronous Notifications: After a payment is completed, users can receive both synchronous and asynchronous notifications to promptly update order information when payment statuses change.
You will need to configure the return and notify URLs for synchronous and asynchronous notifications. These URLs should point to the appropriate endpoints in your application for handling Alipay notifications.
Synchronous Notification URL: Your Synchronous Notification URL Here Asynchronous Notification URL: Your Asynchronous Notification URL Here
- Refund and Query (API Interfaces): The refund and query functionalities are provided as API interfaces. You can use these interfaces to initiate refund requests and query payment transaction statuses. However, please note that the actual implementation of these features is pending.
