rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-11-02 04:04:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: removed basilisk feature (#3281)

Browse Source 
Co-authored-by: venkatesh.devendran <venkatesh.devendran@juspay.in>
This commit is contained in:
Venkatesh
2024-01-10 15:51:50 +05:30
committed by GitHub
parent 8830563748
commit 612f8d9d5f
9 changed files with 1 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
crates/router/src/configs/kms.rs
View File

@ -13,19 +13,11 @@ impl KmsDecrypt for settings::Jwekey {
kms_client: &KmsClient,
) -> CustomResult<Self::Output, KmsError> {
(
self.locker_encryption_key1,
self.locker_encryption_key2,
self.locker_decryption_key1,
self.locker_decryption_key2,
self.vault_encryption_key,
self.rust_locker_encryption_key,
self.vault_private_key,
self.tunnel_private_key,
) = tokio::try_join!(
kms_client.decrypt(self.locker_encryption_key1),
kms_client.decrypt(self.locker_encryption_key2),
kms_client.decrypt(self.locker_decryption_key1),
kms_client.decrypt(self.locker_decryption_key2),
kms_client.decrypt(self.vault_encryption_key),
kms_client.decrypt(self.rust_locker_encryption_key),
kms_client.decrypt(self.vault_private_key),

6
crates/router/src/configs/settings.rs
View File

@ -499,12 +499,6 @@ pub struct EphemeralConfig {
#[derive(Debug, Deserialize, Clone, Default)]
#[serde(default)]
pub struct Jwekey {
pub locker_key_identifier1: String,
pub locker_key_identifier2: String,
pub locker_encryption_key1: String,
pub locker_encryption_key2: String,
pub locker_decryption_key1: String,
pub locker_decryption_key2: String,
pub vault_encryption_key: String,
pub rust_locker_encryption_key: String,
pub vault_private_key: String,

264
crates/router/src/core/payment_methods/vault.rs
View File

@ -4,8 +4,6 @@ use common_utils::{
generate_id_with_default_len,
};
use error_stack::{report, IntoReport, ResultExt};
#[cfg(feature = "basilisk")]
use josekit::jwe;
use masking::PeekInterface;
use router_env::{instrument, tracing};
use scheduler::{types::process_data, utils as process_tracker_utils};
@ -23,11 +21,7 @@ use crate::{
},
utils::{self, StringExt},
};
#[cfg(feature = "basilisk")]
use crate::{core::payment_methods::transformers as payment_methods, services, settings};
const VAULT_SERVICE_NAME: &str = "CARD";
#[cfg(feature = "basilisk")]
const VAULT_VERSION: &str = "0";
pub struct SupplementaryVaultData {
pub customer_id: Option<String>,
@ -806,11 +800,6 @@ pub async fn create_tokenize(
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);
#[cfg(feature = "basilisk")]
return old_create_tokenize(state, value1, value2, lookup_key).await;
#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@ -874,11 +863,6 @@ pub async fn get_tokenized_data(
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);
#[cfg(feature = "basilisk")]
return old_get_tokenized_data(state, lookup_key, _should_get_value2).await;
#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@ -925,11 +909,6 @@ pub async fn delete_tokenized_data(state: &routes::AppState, lookup_key: &str) -
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);
#[cfg(feature = "basilisk")]
return old_delete_tokenized_data(state, lookup_key).await;
#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@ -1056,246 +1035,3 @@ pub async fn retry_delete_tokenize(
}
// Fallback logic of old temp locker needs to be removed later
#[cfg(feature = "basilisk")]
async fn get_locker_jwe_keys(
keys: &settings::ActiveKmsSecrets,
) -> CustomResult<(String, String), errors::EncryptionError> {
let keys = keys.jwekey.peek();
let key_id = get_key_id(keys);
let (public_key, private_key) = if key_id == keys.locker_key_identifier1 {
(&keys.locker_encryption_key1, &keys.locker_decryption_key1)
} else if key_id == keys.locker_key_identifier2 {
(&keys.locker_encryption_key2, &keys.locker_decryption_key2)
} else {
return Err(errors::EncryptionError.into());
};
Ok((public_key.to_string(), private_key.to_string()))
}
#[cfg(feature = "basilisk")]
#[instrument(skip(state, value1, value2))]
pub async fn old_create_tokenize(
state: &routes::AppState,
value1: String,
value2: Option<String>,
lookup_key: String,
) -> RouterResult<String> {
let payload_to_be_encrypted = api::TokenizePayloadRequest {
value1,
value2: value2.unwrap_or_default(),
lookup_key,
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = utils::Encode::<api::TokenizePayloadRequest>::encode_to_string_of_json(
&payload_to_be_encrypted,
)
.change_context(errors::ApiErrorResponse::InternalServerError)?;
let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;
let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some(VAULT_VERSION.to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making tokenize request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
match response {
Ok(r) => {
let resp: api::TokenizePayloadEncrypted = r
.response
.parse_struct("TokenizePayloadEncrypted")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
let alg = jwe::RSA_OAEP_256;
let decrypted_payload = services::decrypt_jwe(
&resp.payload,
services::KeyIdCheck::RequestResponseKeyId((
get_key_id(&state.conf.jwekey),
&resp.key_id,
)),
private_key,
alg,
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decrypt Jwe failed for TokenizePayloadEncrypted")?;
let get_response: api::GetTokenizePayloadResponse = decrypted_payload
.parse_struct("GetTokenizePayloadResponse")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable(
"Error getting GetTokenizePayloadResponse from tokenize response",
)?;
Ok(get_response.lookup_key)
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
}
}
}
#[cfg(feature = "basilisk")]
pub async fn old_get_tokenized_data(
state: &routes::AppState,
lookup_key: &str,
should_get_value2: bool,
) -> RouterResult<api::TokenizePayloadRequest> {
metrics::GET_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
let payload_to_be_encrypted = api::GetTokenizePayloadRequest {
lookup_key: lookup_key.to_string(),
get_value2: should_get_value2,
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = serde_json::to_string(&payload_to_be_encrypted)
.map_err(|_x| errors::ApiErrorResponse::InternalServerError)?;
let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;
let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some("0".to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize/get",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making Get Tokenized request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
match response {
Ok(r) => {
let resp: api::TokenizePayloadEncrypted = r
.response
.parse_struct("TokenizePayloadEncrypted")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
let alg = jwe::RSA_OAEP_256;
let decrypted_payload = services::decrypt_jwe(
&resp.payload,
services::KeyIdCheck::RequestResponseKeyId((
get_key_id(&state.conf.jwekey),
&resp.key_id,
)),
private_key,
alg,
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("GetTokenizedApi: Decrypt Jwe failed for TokenizePayloadEncrypted")?;
let get_response: api::TokenizePayloadRequest = decrypted_payload
.parse_struct("TokenizePayloadRequest")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting TokenizePayloadRequest from tokenize response")?;
Ok(get_response)
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
match err.status_code {
404 => Err(errors::ApiErrorResponse::UnprocessableEntity {
message: "Token is invalid or expired".into(),
}
.into()),
_ => Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got error from the basilisk locker: {err:?}")),
}
}
}
}
#[cfg(feature = "basilisk")]
pub async fn old_delete_tokenized_data(
state: &routes::AppState,
lookup_key: &str,
) -> RouterResult<()> {
metrics::DELETED_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
let payload_to_be_encrypted = api::DeleteTokenizeByTokenRequest {
lookup_key: lookup_key.to_string(),
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = serde_json::to_string(&payload_to_be_encrypted)
.into_report()
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error serializing api::DeleteTokenizeByTokenRequest")?;
let (public_key, _private_key) = get_locker_jwe_keys(&state.kms_secrets.clone())
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;
let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some("0".to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize/delete/token",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making Delete Tokenized request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error while making /tokenize/delete/token call to the locker")?;
match response {
Ok(r) => {
let _delete_response = std::str::from_utf8(&r.response)
.into_report()
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for basilisk delete response")?;
Ok(())
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
}
}
}
#[cfg(feature = "basilisk")]
pub fn get_key_id(keys: &settings::Jwekey) -> &str {
let key_identifier = "1"; // [#46]: Fetch this value from redis or external sources
if key_identifier == "1" {
&keys.locker_key_identifier1
} else {
&keys.locker_key_identifier2
}
}

5
crates/router/src/services/api/client.rs
View File

@ -112,7 +112,6 @@ pub(super) fn create_client(
pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
let locker_host = locker.host.to_owned();
let locker_host_rs = locker.host_rs.to_owned();
let basilisk_host = locker.basilisk_host.to_owned();
vec![
format!("{locker_host}/cards/add"),
format!("{locker_host}/cards/retrieve"),
@ -124,10 +123,6 @@ pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
format!("{locker_host}/card/addCard"),
format!("{locker_host}/card/getCard"),
format!("{locker_host}/card/deleteCard"),
format!("{basilisk_host}/tokenize"),
format!("{basilisk_host}/tokenize/get"),
format!("{basilisk_host}/tokenize/delete"),
format!("{basilisk_host}/tokenize/delete/token"),
]
}