From 6d7b11a0f03e77be592683c3486af50aed2e5055 Mon Sep 17 00:00:00 2001
From: Sanchith Hegde <22217505+SanchithHegde@users.noreply.github.com>
Date: Tue, 4 Apr 2023 11:26:05 +0530
Subject: [PATCH] feat(middleware): add middleware to attach default response
 headers (#824)

---
 crates/api_models/src/errors/actix.rs         |  2 --
 .../router/src/compatibility/stripe/errors.rs |  4 ---
 crates/router/src/consts.rs                   |  3 ---
 crates/router/src/core/errors.rs              |  8 +-----
 .../src/core/errors/api_error_response.rs     |  4 ---
 crates/router/src/lib.rs                      |  6 ++---
 crates/router/src/middleware.rs               | 11 ++++++++
 crates/router/src/services/api.rs             | 26 +++++--------------
 crates/router/src/utils.rs                    |  8 ++----
 9 files changed, 23 insertions(+), 49 deletions(-)

diff --git a/crates/api_models/src/errors/actix.rs b/crates/api_models/src/errors/actix.rs
index f2535063e1..725bc64843 100644
--- a/crates/api_models/src/errors/actix.rs
+++ b/crates/api_models/src/errors/actix.rs
@@ -25,8 +25,6 @@ impl actix_web::ResponseError for ApiErrorResponse {
 
         actix_web::HttpResponseBuilder::new(self.status_code())
             .insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
-            .insert_header((header::STRICT_TRANSPORT_SECURITY, "max-age=31536000"))
-            .insert_header((header::VIA, "Juspay_Router"))
             .body(self.to_string())
     }
 }
diff --git a/crates/router/src/compatibility/stripe/errors.rs b/crates/router/src/compatibility/stripe/errors.rs
index b91bc6497b..722235d2af 100644
--- a/crates/router/src/compatibility/stripe/errors.rs
+++ b/crates/router/src/compatibility/stripe/errors.rs
@@ -522,12 +522,8 @@ impl actix_web::ResponseError for StripeErrorCode {
     fn error_response(&self) -> actix_web::HttpResponse {
         use actix_web::http::header;
 
-        use crate::consts;
-
         actix_web::HttpResponseBuilder::new(self.status_code())
             .insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
-            .insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-            .insert_header((header::VIA, "Juspay_Router"))
             .body(self.to_string())
     }
 }
diff --git a/crates/router/src/consts.rs b/crates/router/src/consts.rs
index c33a740b28..663f6b8dff 100644
--- a/crates/router/src/consts.rs
+++ b/crates/router/src/consts.rs
@@ -24,6 +24,3 @@ pub(crate) const BASE64_ENGINE_URL_SAFE: base64::engine::GeneralPurpose =
 
 pub(crate) const API_KEY_LENGTH: usize = 64;
 pub(crate) const PUB_SUB_CHANNEL: &str = "hyperswitch_invalidate";
-
-/// Max age of 1 year in seconds. Which is `60*60*24*365`
-pub(crate) const HSTS_HEADER_VALUE: &str = "max-age=31536000";
diff --git a/crates/router/src/core/errors.rs b/crates/router/src/core/errors.rs
index bd918b899a..f1e91ff8ac 100644
--- a/crates/router/src/core/errors.rs
+++ b/crates/router/src/core/errors.rs
@@ -153,14 +153,8 @@ impl From<ConfigError> for ApplicationError {
 }
 
 fn error_response<T: Display>(err: &T) -> actix_web::HttpResponse {
-    use actix_web::http::header;
-
-    use crate::consts;
-
     actix_web::HttpResponse::BadRequest()
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-        .append_header((header::VIA, "Juspay_Router"))
-        .content_type("application/json")
+        .content_type(mime::APPLICATION_JSON)
         .body(format!(r#"{{ "error": {{ "message": "{err}" }} }}"#))
 }
 
diff --git a/crates/router/src/core/errors/api_error_response.rs b/crates/router/src/core/errors/api_error_response.rs
index 2b11df0954..c752dd8800 100644
--- a/crates/router/src/core/errors/api_error_response.rs
+++ b/crates/router/src/core/errors/api_error_response.rs
@@ -263,12 +263,8 @@ impl actix_web::ResponseError for ApiErrorResponse {
     fn error_response(&self) -> actix_web::HttpResponse {
         use actix_web::http::header;
 
-        use crate::consts;
-
         actix_web::HttpResponseBuilder::new(self.status_code())
             .insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
-            .insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-            .insert_header((header::VIA, "Juspay_Router"))
             .body(self.to_string())
     }
 }
diff --git a/crates/router/src/lib.rs b/crates/router/src/lib.rs
index 601d5723c2..4ac48d0723 100644
--- a/crates/router/src/lib.rs
+++ b/crates/router/src/lib.rs
@@ -162,13 +162,10 @@ pub fn get_application_builder(
     let json_cfg = actix_web::web::JsonConfig::default()
         .limit(request_body_limit)
         .content_type_required(true)
-        .content_type(|mime| mime == mime::APPLICATION_JSON) // FIXME: This doesn't seem to be enforced.
         .error_handler(utils::error_parser::custom_json_error_handler);
 
     actix_web::App::new()
         .app_data(json_cfg)
-        .wrap(middleware::RequestId)
-        .wrap(router_env::tracing_actix_web::TracingLogger::default())
         .wrap(ErrorHandlers::new().handler(
             StatusCode::NOT_FOUND,
             errors::error_handlers::custom_error_handlers,
@@ -177,5 +174,8 @@ pub fn get_application_builder(
             StatusCode::METHOD_NOT_ALLOWED,
             errors::error_handlers::custom_error_handlers,
         ))
+        .wrap(middleware::default_response_headers())
         .wrap(cors::cors())
+        .wrap(middleware::RequestId)
+        .wrap(router_env::tracing_actix_web::TracingLogger::default())
 }
diff --git a/crates/router/src/middleware.rs b/crates/router/src/middleware.rs
index 25ddbd61ff..1576432e26 100644
--- a/crates/router/src/middleware.rs
+++ b/crates/router/src/middleware.rs
@@ -59,3 +59,14 @@ where
         })
     }
 }
+
+/// Middleware for attaching default response headers. Headers with the same key already set in a
+/// response will not be overwritten.
+pub fn default_response_headers() -> actix_web::middleware::DefaultHeaders {
+    use actix_web::http::header;
+
+    actix_web::middleware::DefaultHeaders::new()
+        // Max age of 1 year in seconds, equal to `60 * 60 * 24 * 365` seconds.
+        .add((header::STRICT_TRANSPORT_SECURITY, "max-age=31536000"))
+        .add((header::VIA, "HyperSwitch"))
+}
diff --git a/crates/router/src/services/api.rs b/crates/router/src/services/api.rs
index 3eae513010..2ad76a662e 100644
--- a/crates/router/src/services/api.rs
+++ b/crates/router/src/services/api.rs
@@ -9,7 +9,7 @@ use std::{
     time::{Duration, Instant},
 };
 
-use actix_web::{body, http::header, HttpRequest, HttpResponse, Responder};
+use actix_web::{body, HttpRequest, HttpResponse, Responder};
 use common_utils::errors::ReportSwitchExt;
 use error_stack::{report, IntoReport, Report, ResultExt};
 use masking::ExposeOptionInterface;
@@ -20,7 +20,6 @@ use self::request::{ContentType, HeaderExt, RequestBuilderExt};
 pub use self::request::{Method, Request, RequestBuilder};
 use crate::{
     configs::settings::Connectors,
-    consts,
     core::{
         errors::{self, CustomResult},
         payments,
@@ -604,25 +603,16 @@ where
 
 pub fn http_response_json<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
     HttpResponse::Ok()
-        .content_type("application/json")
-        .append_header((header::VIA, "Juspay_router"))
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
+        .content_type(mime::APPLICATION_JSON)
         .body(response)
 }
 
 pub fn http_response_plaintext<T: body::MessageBody + 'static>(res: T) -> HttpResponse {
-    HttpResponse::Ok()
-        .content_type("text/plain")
-        .append_header((header::VIA, "Juspay_router"))
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-        .body(res)
+    HttpResponse::Ok().content_type(mime::TEXT_PLAIN).body(res)
 }
 
 pub fn http_response_ok() -> HttpResponse {
-    HttpResponse::Ok()
-        .append_header((header::VIA, "Juspay_router"))
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-        .finish()
+    HttpResponse::Ok().finish()
 }
 
 pub fn http_redirect_response<T: body::MessageBody + 'static>(
@@ -630,22 +620,18 @@ pub fn http_redirect_response<T: body::MessageBody + 'static>(
     redirection_response: api::RedirectionResponse,
 ) -> HttpResponse {
     HttpResponse::Ok()
-        .content_type("application/json")
-        .append_header((header::VIA, "Juspay_router"))
+        .content_type(mime::APPLICATION_JSON)
         .append_header((
             "Location",
             redirection_response.return_url_with_query_params,
         ))
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
         .status(http::StatusCode::FOUND)
         .body(response)
 }
 
 pub fn http_response_err<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
     HttpResponse::BadRequest()
-        .content_type("application/json")
-        .append_header((header::VIA, "Juspay_router"))
-        .append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
+        .content_type(mime::APPLICATION_JSON)
         .body(response)
 }
 
diff --git a/crates/router/src/utils.rs b/crates/router/src/utils.rs
index ebb037b6d7..3104bc65ce 100644
--- a/crates/router/src/utils.rs
+++ b/crates/router/src/utils.rs
@@ -51,18 +51,14 @@ pub mod error_parser {
 
     impl ResponseError for CustomJsonError {
         fn status_code(&self) -> StatusCode {
-            StatusCode::INTERNAL_SERVER_ERROR
+            StatusCode::BAD_REQUEST
         }
 
         fn error_response(&self) -> actix_web::HttpResponse<actix_web::body::BoxBody> {
             use actix_web::http::header;
 
-            use crate::consts;
-
-            actix_web::HttpResponseBuilder::new(StatusCode::BAD_REQUEST)
+            actix_web::HttpResponseBuilder::new(self.status_code())
                 .insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
-                .insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
-                .insert_header((header::VIA, "Juspay_Router"))
                 .body(self.to_string())
         }
     }