Skip to content
This repository has been archived by the owner on Jul 20, 2020. It is now read-only.
/ q-rstu-server Public archive

A proof-of-concept demonstrating an alternative interface to CPF e-cashier

License

Notifications You must be signed in to change notification settings

opengovsg/q-rstu-server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

qRSTU Prototype

A proof-of-concept (PoC) demonstrating an alternative interface to CPF e-cashier that wraps around the original, focusing on payments into members' own CPF Special Accounts (CPF SA) via the Retirement Sum Top-Up scheme (RSTU)

Quickstart

export RECAPTCHA_SITE_KEY=<site key scraped from CPF e-cashier>
PORT=29125 node index.js
# Visit http://localhost:29125

Brief Explanation

Each request in a session on the e-Cashier page requires the following:

  • Content-Type set to application/x-www-form-urlencoded
  • Cookies for:
    • the ASP.NET session identifier;
    • tokens that verify the requests being made to CPF's e-Cashier and payment pages;
  • a token embedded in form data that verifies the authenticity of the request being made, scraped from each page returned by the previous request, and;
  • in some cases, the correct referer to be set.

In this PoC, we scrape the e-Cashier pages for the above, finally taking the PayNow QR code that a user can use to deposit money into the CPF SA

About

A proof-of-concept demonstrating an alternative interface to CPF e-cashier

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published