-
Notifications
You must be signed in to change notification settings - Fork 0
/
ideas.txt
105 lines (75 loc) · 4.13 KB
/
ideas.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
TODO:
- Others
LoanApplication, add statuses like "denied" depending on credit check or manual inspection
Put MonetaryAmount.getAmount => BigDecimal in starter or library
- Bugs
Norwegian customer with danish locale cannot create account because of IBAN creation error - still shows account in UI
- Swagger, API, types:
Zod schema validation, or auto-generated types based on openapi spec?
OpenAPI spec, generate API?
Better swagger examples (like possible response codes)
Swagger @Tag annotation for all controllers
Swagger examples for all request body parameters
Check that SpringDocs.replace in starter works
Request body validators
Proper response entities with http codes
- Business logic:
If services don't respond, just ignore the data if possible instead of crashing with 500 internal server error
Input validation on recipient IBAN when making payment - trim and validate IBAN format?
Scheduled should be behind toggle, optional
Figure out how to handle currencies. Automatic conversion, pick from list, can only pick currency of receiving account...?
Created/Updated timestamp in db by using r2dbc auditing
- Documentation:
Each service should have sequence and component diagrams
Overall component diagram of all services
- Ideas:
Make tests that prove that MonetaryAmount is encoded correctly by the baseWebClientBuilder
Some kind of Oauth? Or at least a fake login with govId + countryCode?
Continuous streaming of data, like a stock ticker, but more relevant?
Caching?
Consider setting up Actuator/Spring Boot statistics in Grafana, maybe with some custom Prometheus metrics
Store all requests in central Elastic with traceid, customerId, etc.
- It should be possible to search for customerId, traceId, service name, date/time
- Maybe as a starter?
Feature toggles
----------------------------------------------------------------------------------------------------------------------------------
GovernmentReportingTransferService
- Collects loan recipients
- Collects fraudulent loan applications
- uses Spring scheduling to send to governmental credit agency at midnight about all events in the last 24 hours. If it fails, resend next day along with new batch
- Backoff strategy if Service unavailable
Payment-service
- Based on PSD2
- Has RabbitMQ listener for sign-callbacks
- Instant, scheduled, recurring payments. Standing orders create payments, but are not payments themselves.
- Stores payments, standing orders in postgres
- How to schedule next payments?
- Each action is signed via signing-service
- Callback on RabbitMQ sends a payment execution order to BankSystem
GovernmentRequestService
- Gathers information about accounts, customer information, etc. and returns it as XML
Credit worthiness assessment service
- Check the credit worthiness of a customer
- Use this to calculate how much money the customer can loan
- Very complex, so just assume we are calling external vendor, generate random data
- Stores information about loan limit and interest or similar - I don't know how this actually works
- Scheduled job that deletes data after 5 years
Fraud service
- Check if customer or loan application is fraudulent
- Very complex, assume we are calling external vendor.
- Always return true
- If fraudulent activity detected, send message to GovernmentReportingTransferService
Loan application service
- Uses some external credit worthiness assessment service to find loan limit and interest (?)
- Checks fraud-service if fraudulent
- Show error page if credit worthiness not high enough or application fraudulent.
Frontend
- I18n, language selector?
Know-your-customer service
- Questions in one table, Answers in another
- Unique key on Answer table (QuestionId + CustomerId)
- Questions can have a "staleAfter" field that denotes when an answer to this question is no longer valid
- Answers should have createdDate, updatedDate
- Every time customer logs in, questions table is checked and if any mandatory question are unanswered, show KYC page
- Assume no complex/multilayered logic / flows for when questions are mandatory. Mandatoryness is always absolute and defined per question.
- If KYC service says that everything looks good, continue to profile