rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-27 19:46:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add HSTS headers to response (#725)

Browse Source
This commit is contained in:
Kartikeya Hegde
2023-03-10 14:49:58 +05:30
committed by GitHub
parent c085e460be
commit 7ed665ecec
7 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/api_models/src/errors/actix.rs
View File

@ -25,6 +25,7 @@ impl actix_web::ResponseError for ApiErrorResponse {
actix_web::HttpResponseBuilder::new(self.status_code())
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
.insert_header((header::STRICT_TRANSPORT_SECURITY, "max-age=31536000"))
.insert_header((header::VIA, "Juspay_Router"))
.body(self.to_string())
}

3
crates/router/src/compatibility/stripe/errors.rs
View File

@ -518,8 +518,11 @@ impl actix_web::ResponseError for StripeErrorCode {
fn error_response(&self) -> actix_web::HttpResponse {
use actix_web::http::header;
use crate::consts;
actix_web::HttpResponseBuilder::new(self.status_code())
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.insert_header((header::VIA, "Juspay_Router"))
.body(self.to_string())
}

3
crates/router/src/consts.rs
View File

@ -24,3 +24,6 @@ pub(crate) const BASE64_ENGINE_URL_SAFE: base64::engine::GeneralPurpose =
pub(crate) const API_KEY_LENGTH: usize = 64;
pub(crate) const PUB_SUB_CHANNEL: &str = "hyperswitch_invalidate";
/// Max age of 1 year in seconds. Which is `60*60*24*365`
pub(crate) const HSTS_HEADER_VALUE: &str = "max-age=31536000";

7
crates/router/src/core/errors.rs
View File

@ -153,8 +153,13 @@ impl From<ConfigError> for ApplicationError {
}
fn error_response<T: Display>(err: &T) -> actix_web::HttpResponse {
use actix_web::http::header;
use crate::consts;
actix_web::HttpResponse::BadRequest()
.append_header(("Via", "Juspay_Router"))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.append_header((header::VIA, "Juspay_Router"))
.content_type("application/json")
.body(format!(r#"{{ "error": {{ "message": "{err}" }} }}"#))
}

3
crates/router/src/core/errors/api_error_response.rs
View File

@ -253,8 +253,11 @@ impl actix_web::ResponseError for ApiErrorResponse {
fn error_response(&self) -> actix_web::HttpResponse {
use actix_web::http::header;
use crate::consts;
actix_web::HttpResponseBuilder::new(self.status_code())
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.insert_header((header::VIA, "Juspay_Router"))
.body(self.to_string())
}

27
crates/router/src/services/api.rs
View File

@ -9,7 +9,7 @@ use std::{
time::{Duration, Instant},
};
use actix_web::{body, HttpRequest, HttpResponse, Responder};
use actix_web::{body, http::header, HttpRequest, HttpResponse, Responder};
use common_utils::errors::ReportSwitchExt;
use error_stack::{report, IntoReport, Report, ResultExt};
use masking::ExposeOptionInterface;
@ -20,6 +20,7 @@ use self::request::{ContentType, HeaderExt, RequestBuilderExt};
pub use self::request::{Method, Request, RequestBuilder};
use crate::{
configs::settings::Connectors,
consts,
core::{
errors::{self, CustomResult, RouterResult},
payments,
@ -28,12 +29,7 @@ use crate::{
logger,
routes::{app::AppStateInfo, AppState},
services::authentication as auth,
types::{
self,
api::{self},
storage::{self},
ErrorResponse,
},
types::{self, api, storage, ErrorResponse},
};
pub type BoxedConnectorIntegration<'a, T, Req, Resp> =
@ -542,19 +538,24 @@ pub async fn authenticate_by_api_key(
pub fn http_response_json<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
HttpResponse::Ok()
.content_type("application/json")
.append_header(("Via", "Juspay_router"))
.append_header((header::VIA, "Juspay_router"))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.body(response)
}
pub fn http_response_plaintext<T: body::MessageBody + 'static>(res: T) -> HttpResponse {
HttpResponse::Ok()
.content_type("text/plain")
.append_header(("Via", "Juspay_router"))
.append_header((header::VIA, "Juspay_router"))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.body(res)
}
pub fn http_response_ok() -> HttpResponse {
HttpResponse::Ok().finish()
HttpResponse::Ok()
.append_header((header::VIA, "Juspay_router"))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.finish()
}
pub fn http_redirect_response<T: body::MessageBody + 'static>(
@ -563,11 +564,12 @@ pub fn http_redirect_response<T: body::MessageBody + 'static>(
) -> HttpResponse {
HttpResponse::Ok()
.content_type("application/json")
.append_header(("Via", "Juspay_router"))
.append_header((header::VIA, "Juspay_router"))
.append_header((
"Location",
redirection_response.return_url_with_query_params,
))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.status(http::StatusCode::FOUND)
.body(response)
}
@ -575,7 +577,8 @@ pub fn http_redirect_response<T: body::MessageBody + 'static>(
pub fn http_response_err<T: body::MessageBody + 'static>(response: T) -> HttpResponse {
HttpResponse::BadRequest()
.content_type("application/json")
.append_header(("Via", "Juspay_router"))
.append_header((header::VIA, "Juspay_router"))
.append_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.body(response)
}

3
crates/router/src/utils.rs
View File

@ -57,8 +57,11 @@ pub mod error_parser {
fn error_response(&self) -> actix_web::HttpResponse<actix_web::body::BoxBody> {
use actix_web::http::header;
use crate::consts;
actix_web::HttpResponseBuilder::new(StatusCode::BAD_REQUEST)
.insert_header((header::CONTENT_TYPE, mime::APPLICATION_JSON))
.insert_header((header::STRICT_TRANSPORT_SECURITY, consts::HSTS_HEADER_VALUE))
.insert_header((header::VIA, "Juspay_Router"))
.body(self.to_string())
}