This commit is contained in:
+123
-14
@@ -1,18 +1,23 @@
|
||||
# Personal Profile
|
||||
|
||||
Fetch the user's personal profile details. This endpoint returns an HTML page; data is extracted via HTML scraping.
|
||||
This document covers two unrelated profile-adjacent surfaces:
|
||||
|
||||
1. **Personal profile** — an HTML page on the WebView host, scraped for display.
|
||||
2. **Profile image management** — three encrypted-API endpoints (`P40`/`P41`/`P42`) that fetch, upload, and delete the avatar.
|
||||
|
||||
---
|
||||
|
||||
## Endpoint
|
||||
## 1. Personal Profile (HTML scrape)
|
||||
|
||||
Fetch the user's personal profile details. This endpoint returns an HTML page; data is extracted via HTML scraping.
|
||||
|
||||
### Endpoint
|
||||
|
||||
```
|
||||
GET https://faisamobilex-wv.mib.com.mv/personalProfile
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Authentication
|
||||
### Authentication
|
||||
|
||||
Session cookies only — no additional AJAX headers required.
|
||||
|
||||
@@ -20,9 +25,7 @@ Session cookies only — no additional AJAX headers required.
|
||||
Cookie: mbmodel=IOS-1.0; xxid=<session_xxid>; IBSID=<session_xxid>; mbnonce=<nonceGenerator>; time-tracker=597
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Response
|
||||
### Response
|
||||
|
||||
**Content-Type:** `text/html; charset=UTF-8`
|
||||
|
||||
@@ -53,9 +56,7 @@ Regex(
|
||||
)
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Extracted Fields
|
||||
### Extracted Fields
|
||||
|
||||
| Label in HTML | Field | Description |
|
||||
|---|---|---|
|
||||
@@ -76,15 +77,123 @@ data class MibPersonalProfile(
|
||||
)
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Notes
|
||||
### Notes
|
||||
|
||||
- Returns `null` if the response cannot be parsed (network error or unexpected HTML structure).
|
||||
- This endpoint does not have a JSON equivalent — scraping is the only method.
|
||||
|
||||
---
|
||||
|
||||
## 2. Profile Image Management
|
||||
|
||||
The avatar lives on the **encrypted API** (`faisanet.mib.com.mv`), not the WebView host. Three `sfunc=n` route paths cover fetch, upload, and delete. All three follow the standard encrypted-request format (see [01-encryption.md](01-encryption.md) and [02-login.md](02-login.md)) and include the standard `baseData` fields (`nonce`, `appId`, `sodium`, `routePath`, `xxid`).
|
||||
|
||||
| `routePath` | Operation | Source |
|
||||
|---|---|---|
|
||||
| `P41` | Fetch image by hash | `MibLoginFlow.kt:368-375` |
|
||||
| `P40` | Upload new image | `MibLoginFlow.kt:382-391` |
|
||||
| `P42` | Delete current image | `MibLoginFlow.kt:397-403` |
|
||||
|
||||
### Image-hash field naming
|
||||
|
||||
The same conceptual value — "the hash that identifies a customer's avatar" — is exposed under **two different field names** depending on which endpoint returned it:
|
||||
|
||||
| Source endpoint | Field name |
|
||||
|---|---|
|
||||
| `A41` login init (`operatingProfiles[]`) | `customerImage` |
|
||||
| `C41` registration init (root) | `customerImgHash` |
|
||||
| `ajaxBeneficiary/main` (contacts list) | `customerImgHash` |
|
||||
|
||||
Both are non-empty hash strings that can be passed straight into `P41` as `imageHash`. Treat them as the same value with two names.
|
||||
|
||||
### Fetch — `routePath: P41`
|
||||
|
||||
**Request** (encrypted payload):
|
||||
```json
|
||||
{
|
||||
"sfunc": "n",
|
||||
"xxid": "<session xxid>",
|
||||
"data": {
|
||||
"imageHash": "<customerImage or customerImgHash>",
|
||||
"nonce": "<computed nonce>",
|
||||
"appId": "<appId>",
|
||||
"sodium": "<random>",
|
||||
"routePath": "P41",
|
||||
"xxid": "<session xxid>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Response**:
|
||||
```json
|
||||
{
|
||||
"success": true,
|
||||
"reasonCode": "201",
|
||||
"profileImage": "<base64-encoded JPEG>"
|
||||
}
|
||||
```
|
||||
|
||||
`profileImage` is raw base64 with no data URI prefix.
|
||||
|
||||
### Upload — `routePath: P40`
|
||||
|
||||
**Request** (encrypted payload):
|
||||
```json
|
||||
{
|
||||
"sfunc": "n",
|
||||
"xxid": "<session xxid>",
|
||||
"data": {
|
||||
"profileId": "<active profile ID>",
|
||||
"profileImage": "<base64-encoded JPEG>",
|
||||
"nonce": "<computed nonce>",
|
||||
"appId": "<appId>",
|
||||
"sodium": "<random>",
|
||||
"routePath": "P40",
|
||||
"xxid": "<session xxid>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Response**:
|
||||
```json
|
||||
{
|
||||
"success": true,
|
||||
"imageHash": "<new hash>",
|
||||
"customerImage": "<new hash, alternate field name>"
|
||||
}
|
||||
```
|
||||
|
||||
The server may populate either `imageHash` or `customerImage` for the new hash — the client reads both (`MibLoginFlow.kt:389-390`) and prefers `imageHash` when present.
|
||||
|
||||
### Delete — `routePath: P42`
|
||||
|
||||
**Request** (encrypted payload):
|
||||
```json
|
||||
{
|
||||
"sfunc": "n",
|
||||
"xxid": "<session xxid>",
|
||||
"data": {
|
||||
"profileId": "<active profile ID>",
|
||||
"nonce": "<computed nonce>",
|
||||
"appId": "<appId>",
|
||||
"sodium": "<random>",
|
||||
"routePath": "P42",
|
||||
"xxid": "<session xxid>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
**Response**:
|
||||
```json
|
||||
{ "success": true }
|
||||
```
|
||||
|
||||
After a successful delete, the `customerImage` field on subsequent `A41` responses is blank.
|
||||
|
||||
> Note: BML and Fahipay profile images are stored locally on-device only (`util/ProfileImageStore.kt`). Only MIB persists avatars server-side via these endpoints.
|
||||
|
||||
---
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user