rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-28 04:04:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(auth): Add Authorization for JWT Authentication types (#2973)

Browse Source 
Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
This commit is contained in:
Mani Chandra
2023-11-24 19:11:46 +05:30
committed by GitHub
parent 4c1c6da0d1
commit 03c0a772a9
20 changed files with 659 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crates/router/src/services/authentication.rs
View File

@ -9,6 +9,7 @@ use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};
use masking::{PeekInterface, StrongSecret};
use serde::Serialize;
use super::authorization::{self, permissions::Permission};
#[cfg(feature = "olap")]
use super::jwt;
#[cfg(feature = "olap")]
@ -387,7 +388,7 @@ where
}
#[derive(Debug)]
pub(crate) struct JWTAuth;
pub(crate) struct JWTAuth(pub Permission);
#[derive(serde::Deserialize)]
struct JwtAuthPayloadFetchUnit {
@ -406,6 +407,10 @@ where
state: &A,
) -> RouterResult<((), AuthenticationType)> {
let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
let permissions = authorization::get_permissions(&payload.role_id)?;
authorization::check_authorization(&self.0, permissions)?;
Ok((
(),
AuthenticationType::MerchantJWT {
@ -418,6 +423,7 @@ where
pub struct JWTAuthMerchantFromRoute {
pub merchant_id: String,
pub required_permission: Permission,
}
#[async_trait]
@ -432,6 +438,9 @@ where
) -> RouterResult<((), AuthenticationType)> {
let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
let permissions = authorization::get_permissions(&payload.role_id)?;
authorization::check_authorization(&self.required_permission, permissions)?;
// Check if token has access to merchantID that has been requested through query param
if payload.merchant_id != self.merchant_id {
return Err(report!(errors::ApiErrorResponse::InvalidJwtToken));
@ -460,6 +469,7 @@ where
#[derive(serde::Deserialize)]
struct JwtAuthPayloadFetchMerchantAccount {
merchant_id: String,
role_id: String,
}
#[async_trait]
@ -475,6 +485,10 @@ where
let payload =
parse_jwt_payload::<A, JwtAuthPayloadFetchMerchantAccount>(request_headers, state)
.await?;
let permissions = authorization::get_permissions(&payload.role_id)?;
authorization::check_authorization(&self.0, permissions)?;
let key_store = state
.store()
.get_merchant_key_store_by_merchant_id(