chore(merchant_account): remove api_key field (#713)

crates/api_models/src/admin.rs

@@ -1,5 +1,5 @@
 use common_utils::pii;
-use masking::{Secret, StrongSecret};
+use masking::Secret;
 use serde::{Deserialize, Serialize};
 use url;
 use utoipa::ToSchema;
@@ -18,10 +18,6 @@ pub struct MerchantAccountCreate {
     #[schema(example = "NewAge Retailer")]
     pub merchant_name: Option<String>,
 
-    /// API key that will be used for server side API access
-    #[schema(value_type = Option<String>, example = "Ah2354543543523")]
-    pub api_key: Option<StrongSecret<String>>,
-
     /// Merchant related details
     pub merchant_details: Option<MerchantDetails>,
 
@@ -79,10 +75,6 @@ pub struct MerchantAccountUpdate {
     #[schema(example = "NewAge Retailer")]
     pub merchant_name: Option<String>,
 
-    /// API key that will be used for server side API access
-    #[schema(value_type = Option<String>, example = "Ah2354543543523")]
-    pub api_key: Option<StrongSecret<String>>,
-
     /// Merchant related details
     pub merchant_details: Option<MerchantDetails>,
 
@@ -139,10 +131,6 @@ pub struct MerchantAccountResponse {
     #[schema(example = "NewAge Retailer")]
     pub merchant_name: Option<String>,
 
-    /// API key that will be used for server side API access
-    #[schema(value_type = Option<String>, example = "Ah2354543543523")]
-    pub api_key: Option<StrongSecret<String>>,
-
     /// The URL to redirect after the completion of the operation
     #[schema(max_length = 255, example = "https://www.example.com/success")]
     pub return_url: Option<String>,

crates/router/src/core/admin.rs

@@ -18,9 +18,9 @@ use crate::{
 };
 
 #[inline]
-pub fn create_merchant_api_key() -> String {
+pub fn create_merchant_publishable_key() -> String {
     format!(
-        "{}_{}",
+        "pk_{}_{}",
         router_env::env::prefix_for_env(),
         Uuid::new_v4().simple()
     )
@@ -30,9 +30,7 @@ pub async fn create_merchant_account(
     db: &dyn StorageInterface,
     req: api::MerchantAccountCreate,
 ) -> RouterResponse<api::MerchantAccountResponse> {
-    let publishable_key = Some(format!("pk_{}", create_merchant_api_key()));
+    let publishable_key = Some(create_merchant_publishable_key());
-
-    let api_key = Some(create_merchant_api_key().into());
 
     let merchant_details = Some(
         utils::Encode::<api::MerchantDetails>::encode_to_value(&req.merchant_details)
@@ -61,7 +59,6 @@ pub async fn create_merchant_account(
     let merchant_account = storage::MerchantAccountNew {
         merchant_id: req.merchant_id,
         merchant_name: req.merchant_name,
-        api_key,
         merchant_details,
         return_url: req.return_url.map(|a| a.to_string()),
         webhook_details,
@@ -169,7 +166,6 @@ pub async fn merchant_account_update(
         redirect_to_merchant_with_http_post: req.redirect_to_merchant_with_http_post,
         locker_id: req.locker_id,
         metadata: req.metadata,
-        api_key: None,
         publishable_key: None,
     };
 

crates/router/src/db/merchant_account.rs

@@ -1,5 +1,4 @@
-use error_stack::{IntoReport, Report};
+use error_stack::IntoReport;
-use masking::PeekInterface;
 
 use super::{MockDb, Store};
 use crate::{
@@ -32,11 +31,6 @@ pub trait MerchantAccountInterface {
         merchant_account: storage::MerchantAccountUpdate,
     ) -> CustomResult<storage::MerchantAccount, errors::StorageError>;
 
-    async fn find_merchant_account_by_api_key(
-        &self,
-        api_key: &str,
-    ) -> CustomResult<storage::MerchantAccount, errors::StorageError>;
-
     async fn find_merchant_account_by_publishable_key(
         &self,
         publishable_key: &str,
@@ -138,17 +132,6 @@ impl MerchantAccountInterface for Store {
         }
     }
 
-    async fn find_merchant_account_by_api_key(
-        &self,
-        api_key: &str,
-    ) -> CustomResult<storage::MerchantAccount, errors::StorageError> {
-        let conn = pg_connection(&self.master_pool).await?;
-        storage::MerchantAccount::find_by_api_key(&conn, api_key)
-            .await
-            .map_err(Into::into)
-            .into_report()
-    }
-
     async fn find_merchant_account_by_publishable_key(
         &self,
         publishable_key: &str,
@@ -196,7 +179,6 @@ impl MerchantAccountInterface for MockDb {
             #[allow(clippy::as_conversions)]
             id: accounts.len() as i32,
             merchant_id: merchant_account.merchant_id,
-            api_key: merchant_account.api_key,
             return_url: merchant_account.return_url,
             enable_payment_response_hash: merchant_account
                 .enable_payment_response_hash
@@ -255,21 +237,6 @@ impl MerchantAccountInterface for MockDb {
         Err(errors::StorageError::MockDbError)?
     }
 
-    #[allow(clippy::panic)]
-    async fn find_merchant_account_by_api_key(
-        &self,
-        api_key: &str,
-    ) -> CustomResult<storage::MerchantAccount, errors::StorageError> {
-        let accounts = self.merchant_accounts.lock().await;
-
-        accounts
-            .iter()
-            .find(|account| account.api_key.as_ref().map(|s| s.peek()) == Some(&api_key.into()))
-            .cloned()
-            .ok_or_else(|| Report::from(storage_models::errors::DatabaseError::NotFound).into())
-            .into_report()
-    }
-
     async fn find_merchant_account_by_publishable_key(
         &self,
         _publishable_key: &str,

crates/router/src/services/api.rs

@@ -22,10 +22,9 @@ use crate::{
     configs::settings::Connectors,
     consts,
     core::{
-        errors::{self, CustomResult, RouterResult},
+        errors::{self, CustomResult},
         payments,
     },
-    db::StorageInterface,
     logger,
     routes::{app::AppStateInfo, AppState},
     services::authentication as auth,
@@ -524,17 +523,6 @@ where
     HttpResponse::from_error(error.current_context().clone())
 }
 
-pub async fn authenticate_by_api_key(
-    store: &dyn StorageInterface,
-    api_key: &str,
-) -> RouterResult<storage::MerchantAccount> {
-    store
-        .find_merchant_account_by_api_key(api_key)
-        .await
-        .change_context(errors::ApiErrorResponse::Unauthorized)
-        .attach_printable("Merchant not authenticated")
-}
-
 pub fn http_response_json<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
     HttpResponse::Ok()
         .content_type("application/json")

crates/router/src/types/api/admin.rs

@@ -13,7 +13,6 @@ impl ForeignFrom<storage::MerchantAccount> for MerchantAccountResponse {
         Self {
             merchant_id: item.merchant_id,
             merchant_name: item.merchant_name,
-            api_key: item.api_key,
             return_url: item.return_url,
             enable_payment_response_hash: item.enable_payment_response_hash,
             payment_response_hash_key: item.payment_response_hash_key,

crates/router/tests/connectors/globalpay.rs

@@ -1,9 +1,5 @@
 use masking::Secret;
-use router::types::{
+use router::types::{self, api, storage::enums};
-    self,
-    api::{self},
-    storage::enums,
-};
 use serde_json::json;
 
 use crate::{

crates/router/tests/payments.rs

@@ -276,7 +276,9 @@ async fn payments_create_core() {
 
     let state = routes::AppState::with_storage(conf, StorageImpl::PostgresqlTest).await;
 
-    let merchant_account = services::authenticate_by_api_key(&*state.store, "MySecretApiKey")
+    let merchant_account = state
+        .store
+        .find_merchant_account_by_merchant_id("juspay_merchant")
         .await
         .unwrap();
 
@@ -426,7 +428,9 @@ async fn payments_create_core_adyen_no_redirect() {
     let merchant_id = "arunraj".to_string();
     let payment_id = "pay_mbabizu24mvu3mela5njyhpit10".to_string();
 
-    let merchant_account = services::authenticate_by_api_key(&*state.store, "321")
+    let merchant_account = state
+        .store
+        .find_merchant_account_by_merchant_id("juspay_merchant")
         .await
         .unwrap();
 

crates/router/tests/payments2.rs

@@ -10,7 +10,6 @@ use router::{
 };
 use time::macros::datetime;
 use uuid::Uuid;
-// use router;
 
 #[test]
 fn connector_list() {
@@ -37,7 +36,9 @@ async fn payments_create_core() {
 
     let state = routes::AppState::with_storage(conf, StorageImpl::PostgresqlTest).await;
 
-    let merchant_account = services::authenticate_by_api_key(&*state.store, "MySecretApiKey")
+    let merchant_account = state
+        .store
+        .find_merchant_account_by_merchant_id("juspay_merchant")
         .await
         .unwrap();
 
@@ -192,7 +193,9 @@ async fn payments_create_core_adyen_no_redirect() {
     let merchant_id = "arunraj".to_string();
     let payment_id = "pay_mbabizu24mvu3mela5njyhpit10".to_string();
 
-    let merchant_account = services::authenticate_by_api_key(&*state.store, "321")
+    let merchant_account = state
+        .store
+        .find_merchant_account_by_merchant_id("juspay_merchant")
         .await
         .unwrap();
 

crates/storage_models/src/merchant_account.rs

@@ -1,6 +1,5 @@
 use common_utils::pii;
 use diesel::{AsChangeset, Identifiable, Insertable, Queryable};
-use masking::StrongSecret;
 
 use crate::{enums as storage_enums, schema::merchant_account};
 
@@ -19,7 +18,6 @@ use crate::{enums as storage_enums, schema::merchant_account};
 pub struct MerchantAccount {
     pub id: i32,
     pub merchant_id: String,
-    pub api_key: Option<StrongSecret<String>>,
     pub return_url: Option<String>,
     pub enable_payment_response_hash: bool,
     pub payment_response_hash_key: Option<String>,
@@ -41,7 +39,6 @@ pub struct MerchantAccount {
 pub struct MerchantAccountNew {
     pub merchant_id: String,
     pub merchant_name: Option<String>,
-    pub api_key: Option<StrongSecret<String>>,
     pub merchant_details: Option<serde_json::Value>,
     pub return_url: Option<String>,
     pub webhook_details: Option<serde_json::Value>,
@@ -60,7 +57,6 @@ pub struct MerchantAccountNew {
 pub enum MerchantAccountUpdate {
     Update {
         merchant_name: Option<String>,
-        api_key: Option<StrongSecret<String>>,
         merchant_details: Option<serde_json::Value>,
         return_url: Option<String>,
         webhook_details: Option<serde_json::Value>,
@@ -83,7 +79,6 @@ pub enum MerchantAccountUpdate {
 #[diesel(table_name = merchant_account)]
 pub struct MerchantAccountUpdateInternal {
     merchant_name: Option<String>,
-    api_key: Option<StrongSecret<String>>,
     merchant_details: Option<serde_json::Value>,
     return_url: Option<String>,
     webhook_details: Option<serde_json::Value>,
@@ -104,7 +99,6 @@ impl From<MerchantAccountUpdate> for MerchantAccountUpdateInternal {
         match merchant_account_update {
             MerchantAccountUpdate::Update {
                 merchant_name,
-                api_key,
                 merchant_details,
                 return_url,
                 webhook_details,
@@ -119,7 +113,6 @@ impl From<MerchantAccountUpdate> for MerchantAccountUpdateInternal {
                 metadata,
             } => Self {
                 merchant_name,
-                api_key,
                 merchant_details,
                 return_url,
                 webhook_details,

crates/storage_models/src/query/merchant_account.rs

@@ -81,15 +81,6 @@ impl MerchantAccount {
         .await
     }
 
-    #[instrument(skip(conn))]
-    pub async fn find_by_api_key(conn: &PgPooledConn, api_key: &str) -> StorageResult<Self> {
-        generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
-            conn,
-            dsl::api_key.eq(api_key.to_owned()),
-        )
-        .await
-    }
-
     #[instrument(skip_all)]
     pub async fn find_by_publishable_key(
         conn: &PgPooledConn,

crates/storage_models/src/schema.rs

@@ -162,7 +162,6 @@ diesel::table! {
     merchant_account (id) {
         id -> Int4,
         merchant_id -> Varchar,
-        api_key -> Nullable<Varchar>,
         return_url -> Nullable<Varchar>,
         enable_payment_response_hash -> Bool,
         payment_response_hash_key -> Nullable<Varchar>,

migrations/2023-03-04-114058_remove_api_key_column_merchant_account_table/down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE merchant_account
+ADD COLUMN api_key VARCHAR(128);

migrations/2023-03-04-114058_remove_api_key_column_merchant_account_table/up.sql

@@ -0,0 +1 @@
+ALTER TABLE merchant_account DROP COLUMN api_key;

openapi/generated.json

@@ -3303,11 +3303,6 @@
             "description": "Name of the Merchant Account",
             "example": "NewAge Retailer"
           },
-          "api_key": {
-            "type": "string",
-            "description": "API key that will be used for server side API access",
-            "example": "Ah2354543543523"
-          },
           "merchant_details": {
             "$ref": "#/components/schemas/MerchantDetails"
           },
@@ -3407,11 +3402,6 @@
             "description": "Name of the Merchant Account",
             "example": "NewAge Retailer"
           },
-          "api_key": {
-            "type": "string",
-            "description": "API key that will be used for server side API access",
-            "example": "Ah2354543543523"
-          },
           "return_url": {
             "type": "string",
             "description": "The URL to redirect after the completion of the operation",
@@ -3490,11 +3480,6 @@
             "description": "Name of the Merchant Account",
             "example": "NewAge Retailer"
           },
-          "api_key": {
-            "type": "string",
-            "description": "API key that will be used for server side API access",
-            "example": "Ah2354543543523"
-          },
           "merchant_details": {
             "$ref": "#/components/schemas/MerchantDetails"
           },