update docs
Auto Tag on Version Change / check-version (push) Failing after 13m32s

This commit is contained in:
2026-06-13 21:30:12 +05:00
parent 281864347e
commit a8cd22cbe1
51 changed files with 1830 additions and 469 deletions
+123 -14
View File
@@ -1,18 +1,23 @@
# Personal Profile
Fetch the user's personal profile details. This endpoint returns an HTML page; data is extracted via HTML scraping.
This document covers two unrelated profile-adjacent surfaces:
1. **Personal profile** — an HTML page on the WebView host, scraped for display.
2. **Profile image management** — three encrypted-API endpoints (`P40`/`P41`/`P42`) that fetch, upload, and delete the avatar.
---
## Endpoint
## 1. Personal Profile (HTML scrape)
Fetch the user's personal profile details. This endpoint returns an HTML page; data is extracted via HTML scraping.
### Endpoint
```
GET https://faisamobilex-wv.mib.com.mv/personalProfile
```
---
## Authentication
### Authentication
Session cookies only — no additional AJAX headers required.
@@ -20,9 +25,7 @@ Session cookies only — no additional AJAX headers required.
Cookie: mbmodel=IOS-1.0; xxid=<session_xxid>; IBSID=<session_xxid>; mbnonce=<nonceGenerator>; time-tracker=597
```
---
## Response
### Response
**Content-Type:** `text/html; charset=UTF-8`
@@ -53,9 +56,7 @@ Regex(
)
```
---
## Extracted Fields
### Extracted Fields
| Label in HTML | Field | Description |
|---|---|---|
@@ -76,15 +77,123 @@ data class MibPersonalProfile(
)
```
---
## Notes
### Notes
- Returns `null` if the response cannot be parsed (network error or unexpected HTML structure).
- This endpoint does not have a JSON equivalent — scraping is the only method.
---
## 2. Profile Image Management
The avatar lives on the **encrypted API** (`faisanet.mib.com.mv`), not the WebView host. Three `sfunc=n` route paths cover fetch, upload, and delete. All three follow the standard encrypted-request format (see [01-encryption.md](01-encryption.md) and [02-login.md](02-login.md)) and include the standard `baseData` fields (`nonce`, `appId`, `sodium`, `routePath`, `xxid`).
| `routePath` | Operation | Source |
|---|---|---|
| `P41` | Fetch image by hash | `MibLoginFlow.kt:368-375` |
| `P40` | Upload new image | `MibLoginFlow.kt:382-391` |
| `P42` | Delete current image | `MibLoginFlow.kt:397-403` |
### Image-hash field naming
The same conceptual value — "the hash that identifies a customer's avatar" — is exposed under **two different field names** depending on which endpoint returned it:
| Source endpoint | Field name |
|---|---|
| `A41` login init (`operatingProfiles[]`) | `customerImage` |
| `C41` registration init (root) | `customerImgHash` |
| `ajaxBeneficiary/main` (contacts list) | `customerImgHash` |
Both are non-empty hash strings that can be passed straight into `P41` as `imageHash`. Treat them as the same value with two names.
### Fetch — `routePath: P41`
**Request** (encrypted payload):
```json
{
"sfunc": "n",
"xxid": "<session xxid>",
"data": {
"imageHash": "<customerImage or customerImgHash>",
"nonce": "<computed nonce>",
"appId": "<appId>",
"sodium": "<random>",
"routePath": "P41",
"xxid": "<session xxid>"
}
}
```
**Response**:
```json
{
"success": true,
"reasonCode": "201",
"profileImage": "<base64-encoded JPEG>"
}
```
`profileImage` is raw base64 with no data URI prefix.
### Upload — `routePath: P40`
**Request** (encrypted payload):
```json
{
"sfunc": "n",
"xxid": "<session xxid>",
"data": {
"profileId": "<active profile ID>",
"profileImage": "<base64-encoded JPEG>",
"nonce": "<computed nonce>",
"appId": "<appId>",
"sodium": "<random>",
"routePath": "P40",
"xxid": "<session xxid>"
}
}
```
**Response**:
```json
{
"success": true,
"imageHash": "<new hash>",
"customerImage": "<new hash, alternate field name>"
}
```
The server may populate either `imageHash` or `customerImage` for the new hash — the client reads both (`MibLoginFlow.kt:389-390`) and prefers `imageHash` when present.
### Delete — `routePath: P42`
**Request** (encrypted payload):
```json
{
"sfunc": "n",
"xxid": "<session xxid>",
"data": {
"profileId": "<active profile ID>",
"nonce": "<computed nonce>",
"appId": "<appId>",
"sodium": "<random>",
"routePath": "P42",
"xxid": "<session xxid>"
}
}
```
**Response**:
```json
{ "success": true }
```
After a successful delete, the `customerImage` field on subsequent `A41` responses is blank.
> Note: BML and Fahipay profile images are stored locally on-device only (`util/ProfileImageStore.kt`). Only MIB persists avatars server-side via these endpoints.
---
&nbsp;
---