chore(router): add JWT to OLAP routes (#386)

2025-10-30 01:27:31 +08:00 · 2023-01-16 18:50:13 +05:30
parent a16fc653cf
commit 902a8b5ee9
5 changed files with 36 additions and 17 deletions
--- a/crates/router/src/routes/admin.rs
+++ b/crates/router/src/routes/admin.rs
@ -32,7 +32,7 @@ pub async fn merchant_account_create(
        &req,
        json_payload.into_inner(),
        |state, _, req| create_merchant_account(&*state.store, req),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -53,7 +53,7 @@ pub async fn retrieve_merchant_account(
        &req,
        payload,
        |state, _, req| get_merchant_account(&*state.store, req),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -72,7 +72,7 @@ pub async fn update_merchant_account(
        &req,
        json_payload.into_inner(),
        |state, _, req| merchant_account_update(&*state.store, &merchant_id, req),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -93,7 +93,7 @@ pub async fn delete_merchant_account(
        &req,
        payload,
        |state, _, req| merchant_account_delete(&*state.store, req.merchant_id),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -113,7 +113,7 @@ pub async fn payment_connector_create(
        &req,
        json_payload.into_inner(),
        |state, _, req| create_payment_connector(&*state.store, req, &merchant_id),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -138,7 +138,7 @@ pub async fn payment_connector_retrieve(
        |state, _, req| {
            retrieve_payment_connector(&*state.store, req.merchant_id, req.merchant_connector_id)
        },
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -156,7 +156,7 @@ pub async fn payment_connector_list(
        &req,
        merchant_id,
        |state, _, merchant_id| list_payment_connectors(&*state.store, merchant_id),
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -177,7 +177,7 @@ pub async fn payment_connector_update(
        |state, _, req| {
            update_payment_connector(&*state.store, &merchant_id, merchant_connector_id, req)
        },
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
@ -202,7 +202,7 @@ pub async fn payment_connector_delete(
        |state, _, req| {
            delete_payment_connector(&*state.store, req.merchant_id, req.merchant_connector_id)
        },
-        &auth::AdminApiAuth,
+        *auth::jwt_auth_or(&auth::AdminApiAuth, req.headers()),
    )
    .await
 }
--- a/crates/router/src/routes/customers.rs
+++ b/crates/router/src/routes/customers.rs
@ -105,7 +105,7 @@ pub async fn get_customer_mandates(
        |state, merchant_account, req| {
            crate::core::mandate::get_customer_mandates(state, merchant_account, req)
        },
-        &auth::ApiKeyAuth,
+        *auth::jwt_auth_or(&auth::ApiKeyAuth, req.headers()),
    )
    .await
 }
--- a/crates/router/src/routes/payments.rs
+++ b/crates/router/src/routes/payments.rs
@ -337,7 +337,7 @@ pub async fn payments_list(
        |state, merchant_account, req| {
            payments::list_payments(&*state.store, merchant_account, req)
        },
-        &auth::ApiKeyAuth,
+        *auth::jwt_auth_or(&auth::ApiKeyAuth, req.headers()),
    )
    .await
 }
--- a/crates/router/src/routes/refunds.rs
+++ b/crates/router/src/routes/refunds.rs
@ -92,7 +92,7 @@ pub async fn refunds_list(
        &req,
        payload.into_inner(),
        |state, merchant_account, req| refund_list(&*state.store, merchant_account, req),
-        &auth::ApiKeyAuth,
+        *auth::jwt_auth_or(&auth::ApiKeyAuth, req.headers()),
    )
    .await
 }
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@ -105,6 +105,25 @@ impl AuthenticateAndFetch<storage::MerchantAccount> for PublishableKeyAuth {
 #[derive(Debug)]
 pub struct JWTAuth;

+#[derive(serde::Deserialize)]
+struct JwtAuthPayloadFetchUnit {
+    #[serde(rename(deserialize = "exp"))]
+    _exp: u64,
+}
+
+#[async_trait]
+impl AuthenticateAndFetch<()> for JWTAuth {
+    async fn authenticate_and_fetch(
+        &self,
+        request_headers: &HeaderMap,
+        state: &AppState,
+    ) -> RouterResult<()> {
+        let mut token = get_jwt(request_headers)?;
+        token = strip_jwt_token(token)?;
+        decode_jwt::<JwtAuthPayloadFetchUnit>(token, state).map(|_| ())
+    }
+}
+
 #[derive(serde::Deserialize)]
 struct JwtAuthPayloadFetchMerchantAccount {
    merchant_id: String,
@ -144,17 +163,17 @@ impl ClientSecretFetch for ListPaymentMethodRequest {
    }
 }

-pub fn jwt_auth_or<T>(
+pub fn jwt_auth_or<'a, T>(
+    default_auth: &'a dyn AuthenticateAndFetch<T>,
    headers: &HeaderMap,
-    default_auth: Box<dyn AuthenticateAndFetch<T>>,
-) -> Box<dyn AuthenticateAndFetch<T>>
+) -> Box<&'a dyn AuthenticateAndFetch<T>>
 where
    JWTAuth: AuthenticateAndFetch<T>,
 {
    if is_jwt_auth(headers) {
-        return Box::new(JWTAuth);
+        return Box::new(&JWTAuth);
    }
-    default_auth
+    Box::new(default_auth)
 }

 pub fn get_auth_type_and_flow(