Hardik
e193e26368
Scaffolds EPFO/UAN verification the same way GST works — a standalone Playwright
proxy microservice + an /api proxy + an assisted affordance that records the
result. Aadhaar stays manual (UIDAI-restricted). Stacks on the follow-ups branch.
Behind NEXT_PUBLIC_CREWING_ENABLED.
What's in
- EpfoService/ (new microservice, GstService pattern): Express + Playwright.
POST /otp {uan} → session + OTP request; POST /verify {sessionId,uan,otp} →
member record; GET /health. EPFO is OTP-gated (no anonymous captcha lookup like
GST), so the handshake is two steps. Live portal navigation is gated behind
EPFO_LIVE (default STUB: OTP 000000 → matched) until real selectors/OTP are
validated. README documents the differences + that Aadhaar is out of scope.
- App: /api/epfo/otp + /api/epfo proxies (gated by verify_bank_epf) to
EPFO_SERVICE_URL. EpfDetail += epfoMemberName + epfoCheckedAt (migration
crewing_epfo_check). recordEpfoCheck action persists the EPFO result + audit.
- UI: an "EPFO check" affordance on the verification EPF rows — request OTP →
enter OTP → matched member → record. Aadhaar noted as manual-only.
Tests & docs
- Integration: verification.test.ts gains recordEpfoCheck (records name+timestamp,
Accounts-only gating). type-check clean; full unit (245) + integration (213)
green (RESEND_API_KEY unset).
- .env.example (EPFO_SERVICE_URL/EPFO_LIVE), CLAUDE.md, EpfoService/README.
Note: the EpfoService live portal selectors/OTP are stubbed and must be validated
against a real EPFO session before enabling EPFO_LIVE.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
32 lines
1.3 KiB
TypeScript
32 lines
1.3 KiB
TypeScript
import { auth } from "@/auth";
|
|
import { hasPermission } from "@/lib/permissions";
|
|
import { NextRequest, NextResponse } from "next/server";
|
|
|
|
const EPFO_SERVICE = process.env.EPFO_SERVICE_URL ?? "http://localhost:3004";
|
|
|
|
/** POST /api/epfo { sessionId, uan, otp } → { matched, name, status } — submit the OTP. */
|
|
export async function POST(req: NextRequest) {
|
|
const session = await auth();
|
|
if (!session?.user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
if (!hasPermission(session.user.role, "verify_bank_epf")) {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
|
}
|
|
|
|
const body = await req.json().catch(() => ({}));
|
|
if (!body.sessionId || !body.uan || !body.otp) {
|
|
return NextResponse.json({ error: "sessionId, uan and otp are required" }, { status: 400 });
|
|
}
|
|
|
|
try {
|
|
const res = await fetch(`${EPFO_SERVICE}/verify`, {
|
|
method: "POST",
|
|
headers: { "Content-Type": "application/json" },
|
|
body: JSON.stringify({ sessionId: body.sessionId, uan: body.uan, otp: body.otp }),
|
|
cache: "no-store",
|
|
});
|
|
const data = await res.json();
|
|
return NextResponse.json(data, { status: res.ok ? 200 : res.status });
|
|
} catch (e) {
|
|
return NextResponse.json({ error: `EPFO service unavailable: ${String(e)}` }, { status: 502 });
|
|
}
|
|
}
|