refactor(recon): use AuthDataWithUser and use JWTAuth for token verif… (#5829)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com>
2025-11-03 21:37:41 +08:00 · 2024-09-19 18:55:23 +05:30
parent a0f4bb771b
commit 30dd7ceb5f
4 changed files with 16 additions and 29 deletions
--- a/crates/router/src/core/recon.rs
+++ b/crates/router/src/core/recon.rs
@ -17,11 +17,10 @@ use crate::{

 pub async fn send_recon_request(
    state: SessionState,
-    user_with_auth_data: authentication::UserFromTokenWithAuthData,
+    auth_data: authentication::AuthenticationDataWithUser,
 ) -> RouterResponse<recon_api::ReconStatusResponse> {
-    let user = user_with_auth_data.0;
-    let user_in_db = &user_with_auth_data.1.user;
-    let merchant_id = user.merchant_id;
+    let user_in_db = &auth_data.user;
+    let merchant_id = auth_data.merchant_account.get_id().clone();

    let user_email = user_in_db.email.clone();
    let email_contents = email_types::ProFeatureRequest {
@ -55,7 +54,6 @@ pub async fn send_recon_request(
        .change_context(errors::ApiErrorResponse::InternalServerError)
        .attach_printable("Failed to compose and send email for ProFeatureRequest [Recon]")
        .async_and_then(|_| async {
-            let auth = user_with_auth_data.1;
            let updated_merchant_account = storage::MerchantAccountUpdate::ReconUpdate {
                recon_status: enums::ReconStatus::Requested,
            };
@ -65,9 +63,9 @@ pub async fn send_recon_request(
            let response = db
                .update_merchant(
                    key_manager_state,
-                    auth.merchant_account,
+                    auth_data.merchant_account,
                    updated_merchant_account,
-                    &auth.key_store,
+                    &auth_data.key_store,
                )
                .await
                .change_context(errors::ApiErrorResponse::InternalServerError)
--- a/crates/router/src/core/user.rs
+++ b/crates/router/src/core/user.rs
@ -1853,11 +1853,9 @@ pub async fn verify_token(
    state: SessionState,
    user: auth::UserFromToken,
 ) -> UserResponse<user_api::VerifyTokenResponse> {
-    let user_in_db = state
-        .global_store
-        .find_user_by_id(&user.user_id)
+    let user_in_db = user
+        .get_user_from_db(&state)
        .await
-        .change_context(UserErrors::InternalServerError)
        .attach_printable_lazy(|| {
            format!(
                "Failed to fetch the user from DB for user_id - {}",
@ -1867,7 +1865,7 @@ pub async fn verify_token(

    Ok(ApplicationResponse::Json(user_api::VerifyTokenResponse {
        merchant_id: user.merchant_id.to_owned(),
-        user_email: user_in_db.email,
+        user_email: user_in_db.0.email,
    }))
 }

--- a/crates/router/src/routes/user.rs
+++ b/crates/router/src/routes/user.rs
@ -575,7 +575,10 @@ pub async fn verify_recon_token(state: web::Data<AppState>, http_req: HttpReques
        &http_req,
        (),
        |state, user, _req, _| user_core::verify_token(state, user),
-        &auth::DashboardNoPermissionAuth,
+        &auth::JWTAuth {
+            permission: Permission::ReconAdmin,
+            minimum_entity_level: EntityType::Merchant,
+        },
        api_locking::LockAction::NotApplicable,
    ))
    .await
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@ -1984,13 +1984,9 @@ where
    default_auth
 }

-#[derive(Clone)]
-#[cfg(feature = "recon")]
-pub struct UserFromTokenWithAuthData(pub UserFromToken, pub AuthenticationDataWithUser);
-
 #[cfg(feature = "recon")]
 #[async_trait]
-impl<A> AuthenticateAndFetch<UserFromTokenWithAuthData, A> for JWTAuth
+impl<A> AuthenticateAndFetch<AuthenticationDataWithUser, A> for JWTAuth
 where
    A: SessionStateInfo + Sync,
 {
@ -1998,7 +1994,7 @@ where
        &self,
        request_headers: &HeaderMap,
        state: &A,
-    ) -> RouterResult<(UserFromTokenWithAuthData, AuthenticationType)> {
+    ) -> RouterResult<(AuthenticationDataWithUser, AuthenticationType)> {
        let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
        if payload.check_in_blacklist(state).await? {
            return Err(errors::ApiErrorResponse::InvalidJwtToken.into());
@ -2049,17 +2045,9 @@ where

        let auth_type = AuthenticationType::MerchantJwt {
            merchant_id: auth.merchant_account.get_id().clone(),
-            user_id: Some(user_id.clone()),
+            user_id: Some(user_id),
        };

-        let user = UserFromToken {
-            user_id,
-            merchant_id: payload.merchant_id.clone(),
-            org_id: payload.org_id,
-            role_id: payload.role_id,
-            profile_id: payload.profile_id,
-        };
-
-        Ok((UserFromTokenWithAuthData(user, auth), auth_type))
+        Ok((auth, auth_type))
    }
 }