mirror of
https://github.com/juspay/hyperswitch.git
synced 2025-10-27 19:46:48 +08:00
feat: Add HSTS headers to response (#725)
This commit is contained in:
Kartikeya Hegde
@ -25,6 +25,7 @@ impl actix_web::ResponseError for ApiErrorResponse {
|
|||||||
|
|
||||||
actix_web::HttpResponseBuilder::new(self.status_code())
|
actix_web::HttpResponseBuilder::new(self.status_code())
|
||||||
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
||||||
|
.insert_header((header::STRICT_TRANSPORT_SECURITY, "max-age=31536000"))
|
||||||
.insert_header((header::VIA, "Juspay_Router"))
|
.insert_header((header::VIA, "Juspay_Router"))
|
||||||
.body(self.to_string())
|
.body(self.to_string())
|
||||||
}
|
}
|
||||||
|
|||||||
@ -518,8 +518,11 @@ impl actix_web::ResponseError for StripeErrorCode {
|
|||||||
fn error_response(&self) -> actix_web::HttpResponse {
|
fn error_response(&self) -> actix_web::HttpResponse {
|
||||||
use actix_web::http::header;
|
use actix_web::http::header;
|
||||||
|
|
||||||
|
use crate::consts;
|
||||||
|
|
||||||
actix_web::HttpResponseBuilder::new(self.status_code())
|
actix_web::HttpResponseBuilder::new(self.status_code())
|
||||||
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
||||||
|
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.insert_header((header::VIA, "Juspay_Router"))
|
.insert_header((header::VIA, "Juspay_Router"))
|
||||||
.body(self.to_string())
|
.body(self.to_string())
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,3 +24,6 @@ pub(crate) const BASE64_ENGINE_URL_SAFE: base64::engine::GeneralPurpose =
|
|||||||
|
|
||||||
pub(crate) const API_KEY_LENGTH: usize = 64;
|
pub(crate) const API_KEY_LENGTH: usize = 64;
|
||||||
pub(crate) const PUB_SUB_CHANNEL: &str = "hyperswitch_invalidate";
|
pub(crate) const PUB_SUB_CHANNEL: &str = "hyperswitch_invalidate";
|
||||||
|
|
||||||
|
/// Max age of 1 year in seconds. Which is `60*60*24*365`
|
||||||
|
pub(crate) const HSTS_HEADER_VALUE: &str = "max-age=31536000";
|
||||||
|
|||||||
@ -153,8 +153,13 @@ impl From<ConfigError> for ApplicationError {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn error_response<T: Display>(err: &T) -> actix_web::HttpResponse {
|
fn error_response<T: Display>(err: &T) -> actix_web::HttpResponse {
|
||||||
|
use actix_web::http::header;
|
||||||
|
|
||||||
|
use crate::consts;
|
||||||
|
|
||||||
actix_web::HttpResponse::BadRequest()
|
actix_web::HttpResponse::BadRequest()
|
||||||
.append_header(("Via", "Juspay_Router"))
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
|
.append_header((header::VIA, "Juspay_Router"))
|
||||||
.content_type("application/json")
|
.content_type("application/json")
|
||||||
.body(format!(r#"{{ "error": {{ "message": "{err}" }} }}"#))
|
.body(format!(r#"{{ "error": {{ "message": "{err}" }} }}"#))
|
||||||
}
|
}
|
||||||
|
|||||||
@ -253,8 +253,11 @@ impl actix_web::ResponseError for ApiErrorResponse {
|
|||||||
fn error_response(&self) -> actix_web::HttpResponse {
|
fn error_response(&self) -> actix_web::HttpResponse {
|
||||||
use actix_web::http::header;
|
use actix_web::http::header;
|
||||||
|
|
||||||
|
use crate::consts;
|
||||||
|
|
||||||
actix_web::HttpResponseBuilder::new(self.status_code())
|
actix_web::HttpResponseBuilder::new(self.status_code())
|
||||||
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
||||||
|
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.insert_header((header::VIA, "Juspay_Router"))
|
.insert_header((header::VIA, "Juspay_Router"))
|
||||||
.body(self.to_string())
|
.body(self.to_string())
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,7 +9,7 @@ use std::{
|
|||||||
time::{Duration, Instant},
|
time::{Duration, Instant},
|
||||||
};
|
};
|
||||||
|
|
||||||
use actix_web::{body, HttpRequest, HttpResponse, Responder};
|
use actix_web::{body, http::header, HttpRequest, HttpResponse, Responder};
|
||||||
use common_utils::errors::ReportSwitchExt;
|
use common_utils::errors::ReportSwitchExt;
|
||||||
use error_stack::{report, IntoReport, Report, ResultExt};
|
use error_stack::{report, IntoReport, Report, ResultExt};
|
||||||
use masking::ExposeOptionInterface;
|
use masking::ExposeOptionInterface;
|
||||||
@ -20,6 +20,7 @@ use self::request::{ContentType, HeaderExt, RequestBuilderExt};
|
|||||||
pub use self::request::{Method, Request, RequestBuilder};
|
pub use self::request::{Method, Request, RequestBuilder};
|
||||||
use crate::{
|
use crate::{
|
||||||
configs::settings::Connectors,
|
configs::settings::Connectors,
|
||||||
|
consts,
|
||||||
core::{
|
core::{
|
||||||
errors::{self, CustomResult, RouterResult},
|
errors::{self, CustomResult, RouterResult},
|
||||||
payments,
|
payments,
|
||||||
@ -28,12 +29,7 @@ use crate::{
|
|||||||
logger,
|
logger,
|
||||||
routes::{app::AppStateInfo, AppState},
|
routes::{app::AppStateInfo, AppState},
|
||||||
services::authentication as auth,
|
services::authentication as auth,
|
||||||
types::{
|
types::{self, api, storage, ErrorResponse},
|
||||||
self,
|
|
||||||
api::{self},
|
|
||||||
storage::{self},
|
|
||||||
ErrorResponse,
|
|
||||||
},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
pub type BoxedConnectorIntegration<'a, T, Req, Resp> =
|
pub type BoxedConnectorIntegration<'a, T, Req, Resp> =
|
||||||
@ -542,19 +538,24 @@ pub async fn authenticate_by_api_key(
|
|||||||
pub fn http_response_json<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
|
pub fn http_response_json<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
|
||||||
HttpResponse::Ok()
|
HttpResponse::Ok()
|
||||||
.content_type("application/json")
|
.content_type("application/json")
|
||||||
.append_header(("Via", "Juspay_router"))
|
.append_header((header::VIA, "Juspay_router"))
|
||||||
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.body(response)
|
.body(response)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn http_response_plaintext<T: body::MessageBody + 'static>(res: T) -> HttpResponse {
|
pub fn http_response_plaintext<T: body::MessageBody + 'static>(res: T) -> HttpResponse {
|
||||||
HttpResponse::Ok()
|
HttpResponse::Ok()
|
||||||
.content_type("text/plain")
|
.content_type("text/plain")
|
||||||
.append_header(("Via", "Juspay_router"))
|
.append_header((header::VIA, "Juspay_router"))
|
||||||
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.body(res)
|
.body(res)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn http_response_ok() -> HttpResponse {
|
pub fn http_response_ok() -> HttpResponse {
|
||||||
HttpResponse::Ok().finish()
|
HttpResponse::Ok()
|
||||||
|
.append_header((header::VIA, "Juspay_router"))
|
||||||
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
|
.finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn http_redirect_response<T: body::MessageBody + 'static>(
|
pub fn http_redirect_response<T: body::MessageBody + 'static>(
|
||||||
@ -563,11 +564,12 @@ pub fn http_redirect_response<T: body::MessageBody + 'static>(
|
|||||||
) -> HttpResponse {
|
) -> HttpResponse {
|
||||||
HttpResponse::Ok()
|
HttpResponse::Ok()
|
||||||
.content_type("application/json")
|
.content_type("application/json")
|
||||||
.append_header(("Via", "Juspay_router"))
|
.append_header((header::VIA, "Juspay_router"))
|
||||||
.append_header((
|
.append_header((
|
||||||
"Location",
|
"Location",
|
||||||
redirection_response.return_url_with_query_params,
|
redirection_response.return_url_with_query_params,
|
||||||
))
|
))
|
||||||
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.status(http::StatusCode::FOUND)
|
.status(http::StatusCode::FOUND)
|
||||||
.body(response)
|
.body(response)
|
||||||
}
|
}
|
||||||
@ -575,7 +577,8 @@ pub fn http_redirect_response<T: body::MessageBody + 'static>(
|
|||||||
pub fn http_response_err<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
|
pub fn http_response_err<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
|
||||||
HttpResponse::BadRequest()
|
HttpResponse::BadRequest()
|
||||||
.content_type("application/json")
|
.content_type("application/json")
|
||||||
.append_header(("Via", "Juspay_router"))
|
.append_header((header::VIA, "Juspay_router"))
|
||||||
|
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.body(response)
|
.body(response)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -57,8 +57,11 @@ pub mod error_parser {
|
|||||||
fn error_response(&self) -> actix_web::HttpResponse<actix_web::body::BoxBody> {
|
fn error_response(&self) -> actix_web::HttpResponse<actix_web::body::BoxBody> {
|
||||||
use actix_web::http::header;
|
use actix_web::http::header;
|
||||||
|
|
||||||
|
use crate::consts;
|
||||||
|
|
||||||
actix_web::HttpResponseBuilder::new(StatusCode::BAD_REQUEST)
|
actix_web::HttpResponseBuilder::new(StatusCode::BAD_REQUEST)
|
||||||
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
|
||||||
|
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
|
||||||
.insert_header((header::VIA, "Juspay_Router"))
|
.insert_header((header::VIA, "Juspay_Router"))
|
||||||
.body(self.to_string())
|
.body(self.to_string())
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user