WEB-600 feat:External National ID System integration for client creation/editing

Author: shubhamkumar9199

Dockerfile

@@ -42,8 +42,10 @@ RUN sh -c "ng build --output-path=/dist $BUILD_ENVIRONMENT_OPTIONS"
 FROM $NGINX_IMAGE
 
 COPY --from=builder /dist/browser /usr/share/nginx/html
+COPY nginx.conf.template /etc/nginx/templates/default.conf.template
 
 EXPOSE 80
 
-# When the container starts, replace the env.js with values from environment variables
-CMD ["/bin/sh",  "-c",  "envsubst < /usr/share/nginx/html/assets/env.template.js > /usr/share/nginx/html/assets/env.js && exec nginx -g 'daemon off;'"]
+# When the container starts, replace env.js with values from environment variables
+# nginx:alpine image auto-processes /etc/nginx/templates/*.template via envsubst
+CMD ["/bin/sh",  "-c",  "envsubst < /usr/share/nginx/html/assets/env.template.js > /usr/share/nginx/html/assets/env.js && envsubst '${FINERACT_API_URL} ${EXTERNAL_NATIONAL_ID_SYSTEM_URL}' < /etc/nginx/templates/default.conf.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"]

angular.json

@@ -104,7 +104,8 @@
         "serve": {
           "builder": "@angular/build:dev-server",
           "options": {
-            "buildTarget": "mifosx-web-app:build"
+            "buildTarget": "mifosx-web-app:build",
+            "proxyConfig": "proxy.conf.js"
           },
           "configurations": {
             "development": {

docker-compose.yml

@@ -27,3 +27,12 @@ services:
       - MIFOS_DEFAULT_CHAR_DELIMITER=,
       # Production mode - set to true for minimal hero with only branding
       - MIFOS_PRODUCTION_MODE=false
+      # External National ID System
+      - ENABLE_EXTERNAL_NATIONAL_ID_SYSTEM=false
+      - EXTERNAL_NATIONAL_ID_SYSTEM_URL=
+      # API header/key are injected server-side via nginx proxy_set_header
+      - EXTERNAL_NATIONAL_ID_SYSTEM_API_HEADER=X-Gravitee-Api-Key
+      - EXTERNAL_NATIONAL_ID_SYSTEM_API_KEY=
+      - EXTERNAL_NATIONAL_ID_REGEX=^[A-Z]{4}[0-9]{6}[HM][A-Z]{5}[A-Z0-9]{2}$
+      # Full upstream URL for nginx proxy_pass (e.g. https://apis.mifos.community/1.0/nationalid)
+      - EXTERNAL_NATIONALID_API_URL=

env.sample

@@ -50,3 +50,17 @@ MIFOS_PRODUCTION_MODE=false
 # When true: Menus/buttons are shown based on user permissions (production mode)
 # When false (default): All menus/buttons are shown (backward compatibility)
 MIFOS_PRODUCTION_MODE_ENABLE_RBAC=false
+
+# External National ID System integration
+# Set to true to enable auto-lookup of client data from an external ID system
+ENABLE_EXTERNAL_NATIONAL_ID_SYSTEM=false
+# URL of the external National ID API (proxied via /external-nationalid in dev)
+EXTERNAL_NATIONAL_ID_SYSTEM_URL=/external-nationalid
+# Header name for the external API key (injected server-side via nginx)
+EXTERNAL_NATIONAL_ID_SYSTEM_API_HEADER=X-Gravitee-Api-Key
+# API key value (keep empty in source control; injected server-side via nginx proxy_set_header)
+EXTERNAL_NATIONAL_ID_SYSTEM_API_KEY=
+# Regex pattern to validate the external ID format (e.g. CURP)
+EXTERNAL_NATIONAL_ID_REGEX=^[A-Z]{4}[0-9]{6}[HM][A-Z]{5}[A-Z0-9]{2}$
+# Full upstream URL for nginx proxy_pass (e.g. https://apis.mifos.community/1.0/nationalid)
+EXTERNAL_NATIONALID_API_URL=

nginx.conf.template

@@ -0,0 +1,59 @@
+# Rate limiting zone for external National ID API (2 requests/second per IP)
+limit_req_zone $binary_remote_addr zone=external_nationalid:10m rate=2r/s;
+
+server {
+    listen 80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Fineract API proxy
+    location /fineract-provider/ {
+        proxy_pass ${FINERACT_API_URL}/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # External National ID API proxy (only if configured)
+    location /external-nationalid {
+        # Use Docker DNS resolver for upstream resolution
+        resolver 127.0.0.11 valid=30s;
+
+        # Rate limit to prevent abuse of the upstream National ID API
+        limit_req zone=external_nationalid burst=5 nodelay;
+
+        # Read target from env var at runtime (set via envsubst on container start)
+        set $external_nationalid_target "${EXTERNAL_NATIONALID_API_URL}";
+
+        # Rewrite path: strip /external-nationalid prefix before proxying
+        rewrite ^/external-nationalid(.*)$ $1 break;
+
+        proxy_pass $external_nationalid_target;
+        proxy_set_header Host $proxy_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # Inject API key server-side so it is never exposed to the browser
+        proxy_set_header ${EXTERNAL_NATIONAL_ID_SYSTEM_API_HEADER} "${EXTERNAL_NATIONAL_ID_SYSTEM_API_KEY}";
+
+        # Pass through the original headers from the client
+        proxy_pass_request_headers on;
+
+        # CORS is not needed since requests come from the same origin
+    }
+
+    # Angular app - serve index.html for all routes
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Cache static assets
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+}

proxy.conf.js

@@ -43,6 +43,38 @@ const proxyConfig = [
         res.end('Proxy error: ' + (err && err.message ? err.message : 'Unknown error'));
       }
     }
+  },
+  {
+    context: ['/external-nationalid'],
+    target: 'https://apis.mifos.community',
+    pathRewrite: { '^/external-nationalid': '/1.0/nationalid' },
+    changeOrigin: true,
+    secure: true,
+    logLevel: 'debug',
+    onProxyReq: function (proxyReq, req, res) {
+      // Inject API key server-side (same as nginx proxy_set_header in production)
+      const apiKey = process.env.EXTERNAL_NATIONAL_ID_SYSTEM_API_KEY || '';
+      if (apiKey) {
+        proxyReq.setHeader('X-Gravitee-Api-Key', apiKey);
+      }
+      const rewrittenPath = (req.url || '').replace(/^\/external-nationalid/, '/1.0/nationalid');
+      console.log('[Proxy] Proxying:', req.method, req.url, '->', this.target + rewrittenPath);
+    },
+    onError: function (err, req, res) {
+      console.error(
+        '[Proxy] Error while proxying request:',
+        req && req.method,
+        req && req.url,
+        '->',
+        this.target,
+        '-',
+        err && err.message
+      );
+      if (res && !res.headersSent) {
+        res.writeHead(502, { 'Content-Type': 'text/plain' });
+        res.end('Proxy error: ' + (err && err.message ? err.message : 'Unknown error'));
+      }
+    }
   }
   // For local development use `proxy.localhost.conf js` .
 ];

proxy.localhost.conf.js

@@ -40,5 +40,37 @@ module.exports = [
         res.end('Proxy error: ' + (err && err.message ? err.message : 'Unknown error'));
       }
     }
+  },
+  {
+    context: ['/external-nationalid'],
+    target: 'https://apis.mifos.community',
+    pathRewrite: { '^/external-nationalid': '/1.0/nationalid' },
+    changeOrigin: true,
+    secure: true,
+    logLevel: 'debug',
+    onProxyReq: function (proxyReq, req, res) {
+      // Inject API key server-side (same as nginx proxy_set_header in production)
+      const apiKey = process.env.EXTERNAL_NATIONAL_ID_SYSTEM_API_KEY || '';
+      if (apiKey) {
+        proxyReq.setHeader('X-Gravitee-Api-Key', apiKey);
+      }
+      const rewrittenPath = (req.url || '').replace(/^\/external-nationalid/, '/1.0/nationalid');
+      console.log('[Proxy] Proxying:', req.method, req.url, '->', this.target + rewrittenPath);
+    },
+    onError: function (err, req, res) {
+      console.error(
+        '[Proxy] Error while proxying request:',
+        req && req.method,
+        req && req.url,
+        '->',
+        this.target,
+        '-',
+        err && err.message
+      );
+      if (res && !res.headersSent) {
+        res.writeHead(502, { 'Content-Type': 'text/plain' });
+        res.end('Proxy error: ' + (err && err.message ? err.message : 'Unknown error'));
+      }
+    }
   }
 ];

src/app/clients/client-stepper/client-general-step/client-general-step.component.html

@@ -39,9 +39,22 @@
     <mat-form-field class="flex-fill flex-23">
       <mat-label>{{ 'labels.inputs.External Id' | translate }}</mat-label>
       <input matInput formControlName="externalId" />
+      @if (!externalNationalIdService.isLoading && externalNationalIdService.statusMessageKey) {
+        <mat-hint>
+          <span
+            class="external-id-status"
+            [ngClass]="{
+              success: externalNationalIdService.statusMessageKey === 'External ID verified successfully',
+              error: externalNationalIdService.statusMessageKey !== 'External ID verified successfully'
+            }"
+          >
+            {{ 'labels.inputs.' + externalNationalIdService.statusMessageKey | translate }}
+          </span>
+        </mat-hint>
+      }
     </mat-form-field>
 
-    @if (createClientForm.contains('fullname')) {
+    @if (createClientForm.get('fullname')) {
       <mat-form-field class="flex-48">
         <mat-label>
           {{ 'labels.inputs.' + getDateLabel(createClientForm.value.legalFormId, ['Name', 'Entity Name']) | translate }}
@@ -62,13 +75,9 @@
       </mat-form-field>
     }
 
-    @if (
-      createClientForm.contains('firstname') ||
-      createClientForm.contains('middlename') ||
-      createClientForm.contains('lastname')
-    ) {
+    @if (createClientForm.get('firstname') || createClientForm.get('middlename') || createClientForm.get('lastname')) {
       <div class="name-fields-row">
-        @if (createClientForm.contains('firstname')) {
+        @if (createClientForm.get('firstname')) {
           <mat-form-field class="name-field first-name">
             <mat-label>{{ 'labels.inputs.First Name' | translate }}</mat-label>
             <input matInput required formControlName="firstname" />
@@ -87,7 +96,7 @@
             }
           </mat-form-field>
         }
-        @if (createClientForm.contains('middlename')) {
+        @if (createClientForm.get('middlename')) {
           <mat-form-field class="name-field middle-name">
             <mat-label>{{ 'labels.inputs.Middle Name' | translate }}</mat-label>
             <input matInput formControlName="middlename" />
@@ -100,7 +109,7 @@
             }
           </mat-form-field>
         }
-        @if (createClientForm.contains('lastname')) {
+        @if (createClientForm.get('lastname')) {
           <mat-form-field class="name-field last-name">
             <mat-label>{{ 'labels.inputs.Last Name' | translate }}</mat-label>
             <input matInput required formControlName="lastname" />

src/app/clients/client-stepper/client-general-step/client-general-step.component.scss

@@ -123,6 +123,23 @@ mat-checkbox {
   }
 }
 
+.external-id-status {
+  font-size: 12px;
+  font-weight: 500;
+
+  &.loading {
+    color: #1976d2;
+  }
+
+  &.success {
+    color: #388e3c;
+  }
+
+  &.error {
+    color: #d32f2f;
+  }
+}
+
 @media (width <= 480px) {
   form {
     padding: 8px 0;

src/app/clients/client-stepper/client-general-step/client-general-step.component.ts

@@ -20,6 +20,7 @@ import { filter, switchMap, takeUntil } from 'rxjs/operators';
 import { ClientsService } from 'app/clients/clients.service';
 import { Dates } from 'app/core/utils/dates';
 import { LegalFormId } from 'app/clients/models/legal-form.enum';
+import { ExternalNationalIdService } from 'app/clients/services/external-national-id.service';
 
 /** Custom Services */
 import { SettingsService } from 'app/settings/settings.service';
@@ -37,6 +38,7 @@ import { STANDALONE_SHARED_IMPORTS } from 'app/standalone-shared.module';
   selector: 'mifosx-client-general-step',
   templateUrl: './client-general-step.component.html',
   styleUrls: ['./client-general-step.component.scss'],
+  providers: [ExternalNationalIdService],
   imports: [
     ...STANDALONE_SHARED_IMPORTS,
     MatDivider,
@@ -52,6 +54,7 @@ export class ClientGeneralStepComponent implements OnInit, OnDestroy {
   private dateUtils = inject(Dates);
   private settingsService = inject(SettingsService);
   private clientService = inject(ClientsService);
+  externalNationalIdService = inject(ExternalNationalIdService);
 
   /** Subject to trigger unsubscription on destroy */
   private destroy$ = new Subject<void>();
@@ -104,6 +107,7 @@ export class ClientGeneralStepComponent implements OnInit, OnDestroy {
     this.maxDate = this.settingsService.businessDate;
     this.setOptions();
     this.buildDependencies();
+    this.externalNationalIdService.watchExternalId(this.createClientForm, this.genderOptions);
   }
 
   /**