feat(router): mask keys in connector_account_details for merchant_connector_response in mca retrieve flow (#5848)

2025-11-01 19:42:27 +08:00 · 2024-09-10 19:52:19 +05:30
parent ad40cedf5c
commit 71b52024c2
2 changed files with 89 additions and 5 deletions
--- a/crates/router/src/types/transformers.rs
+++ b/crates/router/src/types/transformers.rs
@ -7,7 +7,7 @@ use api_models::{
 use common_utils::{
    consts::X_HS_LATENCY,
    crypto::Encryptable,
-    ext_traits::{StringExt, ValueExt},
+    ext_traits::{Encode, StringExt, ValueExt},
    fp_utils::when,
    pii,
    types::MinorUnit,
@ -15,7 +15,7 @@ use common_utils::{
 use diesel_models::enums as storage_enums;
 use error_stack::{report, ResultExt};
 use hyperswitch_domain_models::payments::payment_intent::CustomerData;
-use masking::{ExposeInterface, PeekInterface};
+use masking::{ExposeInterface, PeekInterface, Secret};

 use super::domain;
 use crate::{
@ -1103,13 +1103,29 @@ impl ForeignTryFrom<domain::MerchantConnectorAccount>
            }
            None => None,
        };
+        // parse the connector_account_details into ConnectorAuthType
+        let connector_account_details: hyperswitch_domain_models::router_data::ConnectorAuthType =
+            item.connector_account_details
+                .clone()
+                .into_inner()
+                .parse_value("ConnectorAuthType")
+                .change_context(errors::ApiErrorResponse::InternalServerError)
+                .attach_printable("Failed while parsing value for ConnectorAuthType")?;
+        // get the masked keys from the ConnectorAuthType and encode it to secret value
+        let masked_connector_account_details = Secret::new(
+            connector_account_details
+                .get_masked_keys()
+                .encode_to_value()
+                .change_context(errors::ApiErrorResponse::InternalServerError)
+                .attach_printable("Failed to encode ConnectorAuthType")?,
+        );
        #[cfg(feature = "v2")]
        let response = Self {
            id: item.get_id(),
            connector_type: item.connector_type,
            connector_name: item.connector_name,
            connector_label: item.connector_label,
-            connector_account_details: item.connector_account_details.into_inner(),
+            connector_account_details: masked_connector_account_details,
            disabled: item.disabled,
            payment_methods_enabled,
            metadata: item.metadata,
@ -1149,7 +1165,7 @@ impl ForeignTryFrom<domain::MerchantConnectorAccount>
            connector_name: item.connector_name,
            connector_label: item.connector_label,
            merchant_connector_id: item.merchant_connector_id,
-            connector_account_details: item.connector_account_details.into_inner(),
+            connector_account_details: masked_connector_account_details,
            test_mode: item.test_mode,
            disabled: item.disabled,
            payment_methods_enabled,