From this post I will talk about the security mechanisms that followed during the API production.
Advanced Encryption Standard
(AES) is used in this API to protect the sensitive data of the customer. In here,
I have used AES Mechanism to encrypt the user login details where no third
party intruder can access to that information. For that purpose, I have created
a separate file, which could be used as the helper in encrypting data.
public static String encrypt(String data) throws Exception{
Key key = generateKey();
Cipher cipher = Cipher.getInstance(ALG);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encryptValue = cipher.doFinal(data.getBytes());
return new
BASE64Encoder().encode(encryptValue);
}
As this is an
online-based system, it should have proper mechanism to protect credit card
details of the customers, as that information is the most important out of all.
For that purpose, I have used the same AESEncryption.java
class with encryption and decryption facilities applying service reusability.
public static String
decrypt(String data) throws Exception{
Key key = generateKey();
Cipher cipher = Cipher.getInstance(ALG);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decodedValue = new
BASE64Decoder().decodeBuffer(data);
byte[] value = cipher.doFinal(decodedValue);
return new String(value);
}
At the end of
the, both the encrypted credit card details are validated against the decrypted
credit card details to ensure that no any intruder had changed the information
providing secure transactions.
String cardNumber = aesEncryption.encrypt(creditCardNumber);
String cvc =
aesEncryption.encrypt(String.valueOf(cvcNumber));
String name = aesEncryption.encrypt(holderName);
getcreditCardDetails =
bankService.decryptData(creditCardNumber,cvcNumber,holderName);
if(getcreditCardDetails.get(0) ==
creditCardNumber && getcreditCardDetails.get(1) ==
String.valueOf(cvcNumber)
&& getcreditCardDetails.get(2) == holderName)
{
return true;
}
At the frontend
both the username and password are validated using authguard.service.ts class.
canActivate(route:
ActivatedRouteSnapshot, state: RouterStateSnapshot) {
if (localStorage.getItem('currentUser')) {
return true;
}
// not logged in so redirect to login
page with the return url
this.router.navigate(['/login'], {
queryParams: { returnUrl: state.url }});
return false;
}
logout() {
localStorage.removeItem('currentUser');
}
Let's meet again with drug management coding part.Happy coding :)
©Copyright Viraj Wickramasinghe.
No comments:
Post a Comment