REST API made with SpringBoot to simulate a simple e-commerce.
You can also read this document in portuguese by clicking here
Have Docker running in your machine.
Have the 8080 port
released.
After executing git clone
, also do the same with the following command on the project root folder.
docker-compose up --build
The command execution will start the application deployment since a docker image.
At the end, the API will be available in:
localhost:8080
If perhaps the exception com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
is shown in console, just ignore. It means that the service of the Java app has suffered an attempt to be initialized before the MySQL finish its own initialization. Don't worry, the Java app will be initialized correctly.
It is important to know that none of the resources will be automatically available. To access them is necessary give to the request a valid accessToken
- Open the Postman, initialize a new request and paste the below URL in the address bar.
http://localhost:8080/oauth/token
-
Choose the http
POST
method -
On the tab
Authorization
specify theType
asBasicAuth
-
In the field
Username
set the valuersi-app
-
In the field
Password
set the valuer$s&i0#
-
Go to the tab
Body
(request) and choose the optionx-www-form-urlencoded
. After that create the variables as detailed as following.
client
: rsi-app
username
: [email protected]
password
: admin
grant_type
: password
-
Click
Send
e watch thebody
return. -
The
accessToken
will be the value of the field"access_token"
. Remember that you have two (2) minutes exactly to use this key on next requests. The most correct, thinking in a third party application, would be let theaccessToken
valid only for 30 seconds, and after that require a new one. For manual tests purposes it its taking 2 minutes to expire, not being necessary fetching a new key in a short time.
Once the aplication is running it is possible obtain the API Swagger documentation through the below URL and shape your own requests.
http://localhost:8080/swagger-ui.html
If you don't want to mount request by request, use the requests that are already built for this API pasting the following address at the Postman import (File>Import>Link>URL).
https://www.getpostman.com/collections/025846c2604a26adb701
To get, for example, a Products search result, go to the Authentication
tab (request), choose the Type Baerer Token
and paste the accessToken
obtained through the step above in the shown field. The other requests must follow the same flow till the accessToken expires, being necessary the request of a new key.
Thinking in third party application consuming this API, it is possible obtain refreshToken
after any request of a accessToken
; its value will be attached to a Cookie returned by this request, being able to be passed as a parameter to obtain a new accessToken, with no needs to set authentication parameter at user level (like the ones in the request-body) in every request.
This API is also in the Cloud and can be accessed through the address:
https://desafio-rsi-simple-ecommmerce.herokuapp.com/
Every request shown here can be applied at this endpoint, considering only that the http
must be changed to https
-
An update in the product list can be applied only for a shopping cart, while this is being created (shopping cart is not a implemented resource on this API yet)
-
Once a order is created, its products can't be updated anymore.
-
If there is a mistake in a creation of an order, with regard to have more or less items, the order can be canceled.
-
An order must have its status update flow with no by-pass. It must pass through all phases sequentially.
-
The by-pass exception is the "Canceled" status
-
An order can't be deleted of the system, only canceled.
-
There is no discount per item. Discounts can be given only to the order total.
-
The user
[email protected]
has privileges to access every resource (read and write permissions), while the user[email protected]
has access only to read the resources. -
To test the access to the resources with the user Maria, change the variable
username
value to[email protected]
on the tabBody
of a new request of aaccessToken
. Her password was kept asadmin
, therefore it is not necessary change it on the request. -
In the Order, Products and Customers
CREATION
requests DO NOT specify theid
field of these objects, only specify theid
fields of their inner objects (Product List, Address, etc). Swagger says in its examples to pass them as0
, but this is wrong. These properties will be removed from there later. For now there is an exception loaded to catch request with these parameters passed incorrectly.
The objective of this POC is to proof some technical capacities demanded by RSI. The focus was not to present strong business rules, but demonstrate a good usage of the current most used market frameworks, conceiving the project at its best architecture possible.
Thanks in advance.