feat: add new error response for 403 (#1330)

Co-authored-by: harsh_sharma_juspay <harsh.sharma@juspay.in>
Co-authored-by: Sampras Lopes <lsampras@protonmail.com>

crates/router/src/compatibility/stripe/errors.rs

@@ -367,6 +367,7 @@ impl From<errors::ApiErrorResponse> for StripeErrorCode {
             errors::ApiErrorResponse::Unauthorized
             | errors::ApiErrorResponse::InvalidJwtToken
             | errors::ApiErrorResponse::GenericUnauthorized { .. }
+            | errors::ApiErrorResponse::AccessForbidden
             | errors::ApiErrorResponse::InvalidEphemeralKey => Self::Unauthorized,
             errors::ApiErrorResponse::InvalidRequestUrl
             | errors::ApiErrorResponse::InvalidHttpMethod

crates/router/src/core/errors/api_error_response.rs

@@ -89,6 +89,8 @@ pub enum ApiErrorResponse {
     FlowNotSupported { flow: String, connector: String },
     #[error(error_type = ErrorType::InvalidRequestError, code = "IR_21", message = "Missing required params")]
     MissingRequiredFields { field_names: Vec<&'static str> },
+    #[error(error_type = ErrorType::InvalidRequestError, code = "IR_22", message = "Access forbidden. Not authorized to access this resource")]
+    AccessForbidden,
     #[error(error_type = ErrorType::ConnectorError, code = "CE_00", message = "{code}: {message}", ignore = "status_code")]
     ExternalConnectorError {
         code: String,
@@ -243,8 +245,9 @@ impl actix_web::ResponseError for ApiErrorResponse {
             Self::ExternalConnectorError { status_code, .. } => {
                 StatusCode::from_u16(*status_code).unwrap_or(StatusCode::INTERNAL_SERVER_ERROR)
             }
+            Self::AccessForbidden => StatusCode::FORBIDDEN, // 403
             Self::InvalidRequestUrl | Self::WebhookResourceNotFound => StatusCode::NOT_FOUND, // 404
-            Self::InvalidHttpMethod => StatusCode::METHOD_NOT_ALLOWED,                        // 405
+            Self::InvalidHttpMethod => StatusCode::METHOD_NOT_ALLOWED, // 405
             Self::MissingRequiredField { .. }
             | Self::MissingRequiredFields { .. }
             | Self::InvalidDataValue { .. }
@@ -415,6 +418,7 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
             Self::MissingRequiredFields { field_names } => AER::BadRequest(
                 ApiError::new("IR", 21, "Missing required params".to_string(), Some(Extra {data: Some(serde_json::json!(field_names)), ..Default::default() })),
             ),
+            Self::AccessForbidden => AER::ForbiddenCommonResource(ApiError::new("IR", 22, "Access forbidden. Not authorized to access this resource", None)),
             Self::ExternalConnectorError {
                 code,
                 message,

crates/router/src/services/authentication.rs

@@ -241,7 +241,7 @@ where
 }
 
 #[derive(Debug)]
-pub struct JWTAuth;
+pub(crate) struct JWTAuth;
 
 #[derive(serde::Deserialize)]
 struct JwtAuthPayloadFetchUnit {
@@ -315,19 +315,6 @@ impl ClientSecretFetch for api_models::cards_info::CardsInfoRequest {
     }
 }
 
-pub fn jwt_auth_or<'a, T: AuthInfo, A: AppStateInfo>(
-    default_auth: &'a dyn AuthenticateAndFetch<T, A>,
-    headers: &HeaderMap,
-) -> Box<&'a dyn AuthenticateAndFetch<T, A>>
-where
-    JWTAuth: AuthenticateAndFetch<T, A>,
-{
-    if is_jwt_auth(headers) {
-        return Box::new(&JWTAuth);
-    }
-    Box::new(default_auth)
-}
-
 pub fn get_auth_type_and_flow<A: AppStateInfo + Sync>(
     headers: &HeaderMap,
 ) -> RouterResult<(