feat: add new error response for 403 (#1330)

Co-authored-by: harsh_sharma_juspay <harsh.sharma@juspay.in> Co-authored-by: Sampras Lopes <lsampras@protonmail.com>
2025-10-29 09:07:09 +08:00 · 2023-06-17 13:06:26 +05:30
parent 66978593f8
commit 49d5ad7b3c
3 changed files with 7 additions and 15 deletions
--- a/crates/router/src/compatibility/stripe/errors.rs
+++ b/crates/router/src/compatibility/stripe/errors.rs
@ -367,6 +367,7 @@ impl From<errors::ApiErrorResponse> for StripeErrorCode {
            errors::ApiErrorResponse::Unauthorized
            | errors::ApiErrorResponse::InvalidJwtToken
            | errors::ApiErrorResponse::GenericUnauthorized { .. }
+            | errors::ApiErrorResponse::AccessForbidden
            | errors::ApiErrorResponse::InvalidEphemeralKey => Self::Unauthorized,
            errors::ApiErrorResponse::InvalidRequestUrl
            | errors::ApiErrorResponse::InvalidHttpMethod
--- a/crates/router/src/core/errors/api_error_response.rs
+++ b/crates/router/src/core/errors/api_error_response.rs
@ -89,6 +89,8 @@ pub enum ApiErrorResponse {
    FlowNotSupported { flow: String, connector: String },
    #[error(error_type = ErrorType::InvalidRequestError, code = "IR_21", message = "Missing required params")]
    MissingRequiredFields { field_names: Vec<&'static str> },
+    #[error(error_type = ErrorType::InvalidRequestError, code = "IR_22", message = "Access forbidden. Not authorized to access this resource")]
+    AccessForbidden,
    #[error(error_type = ErrorType::ConnectorError, code = "CE_00", message = "{code}: {message}", ignore = "status_code")]
    ExternalConnectorError {
        code: String,
@ -243,6 +245,7 @@ impl actix_web::ResponseError for ApiErrorResponse {
            Self::ExternalConnectorError { status_code, .. } => {
                StatusCode::from_u16(*status_code).unwrap_or(StatusCode::INTERNAL_SERVER_ERROR)
            }
+            Self::AccessForbidden => StatusCode::FORBIDDEN, // 403
            Self::InvalidRequestUrl | Self::WebhookResourceNotFound => StatusCode::NOT_FOUND, // 404
            Self::InvalidHttpMethod => StatusCode::METHOD_NOT_ALLOWED, // 405
            Self::MissingRequiredField { .. }
@ -415,6 +418,7 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
            Self::MissingRequiredFields { field_names } => AER::BadRequest(
                ApiError::new("IR", 21, "Missing required params".to_string(), Some(Extra {data: Some(serde_json::json!(field_names)), ..Default::default() })),
            ),
+            Self::AccessForbidden => AER::ForbiddenCommonResource(ApiError::new("IR", 22, "Access forbidden. Not authorized to access this resource", None)),
            Self::ExternalConnectorError {
                code,
                message,
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@ -241,7 +241,7 @@ where
 }

 #[derive(Debug)]
-pub struct JWTAuth;
+pub(crate) struct JWTAuth;

 #[derive(serde::Deserialize)]
 struct JwtAuthPayloadFetchUnit {
@ -315,19 +315,6 @@ impl ClientSecretFetch for api_models::cards_info::CardsInfoRequest {
    }
 }

-pub fn jwt_auth_or<'a, T: AuthInfo, A: AppStateInfo>(
-    default_auth: &'a dyn AuthenticateAndFetch<T, A>,
-    headers: &HeaderMap,
-) -> Box<&'a dyn AuthenticateAndFetch<T, A>>
-where
-    JWTAuth: AuthenticateAndFetch<T, A>,
-{
-    if is_jwt_auth(headers) {
-        return Box::new(&JWTAuth);
-    }
-    Box::new(default_auth)
-}
-
 pub fn get_auth_type_and_flow<A: AppStateInfo + Sync>(
    headers: &HeaderMap,
 ) -> RouterResult<(