fix(dashboard_metadata): mask poc_email and data_value for DashboardMetadata (#7130)

2025-10-29 00:49:42 +08:00 · 2025-02-06 19:17:02 +05:30
parent e17ffd1257
commit 9b1b245564
5 changed files with 31 additions and 20 deletions
--- a/crates/api_models/src/user/dashboard_metadata.rs
+++ b/crates/api_models/src/user/dashboard_metadata.rs
@ -94,7 +94,7 @@ pub struct ProdIntent {
    pub business_label: Option<String>,
    pub business_location: Option<CountryAlpha2>,
    pub display_name: Option<String>,
-    pub poc_email: Option<String>,
+    pub poc_email: Option<Secret<String>>,
    pub business_type: Option<String>,
    pub business_identifier: Option<String>,
    pub business_website: Option<String>,
--- a/crates/diesel_models/src/user/dashboard_metadata.rs
+++ b/crates/diesel_models/src/user/dashboard_metadata.rs
@ -1,5 +1,6 @@
 use common_utils::id_type;
 use diesel::{query_builder::AsChangeset, Identifiable, Insertable, Queryable, Selectable};
+use masking::Secret;
 use time::PrimitiveDateTime;

 use crate::{enums, schema::dashboard_metadata};
@ -12,7 +13,7 @@ pub struct DashboardMetadata {
    pub merchant_id: id_type::MerchantId,
    pub org_id: id_type::OrganizationId,
    pub data_key: enums::DashboardMetadata,
-    pub data_value: serde_json::Value,
+    pub data_value: Secret<serde_json::Value>,
    pub created_by: String,
    pub created_at: PrimitiveDateTime,
    pub last_modified_by: String,
@ -28,7 +29,7 @@ pub struct DashboardMetadataNew {
    pub merchant_id: id_type::MerchantId,
    pub org_id: id_type::OrganizationId,
    pub data_key: enums::DashboardMetadata,
-    pub data_value: serde_json::Value,
+    pub data_value: Secret<serde_json::Value>,
    pub created_by: String,
    pub created_at: PrimitiveDateTime,
    pub last_modified_by: String,
@ -41,7 +42,7 @@ pub struct DashboardMetadataNew {
 #[diesel(table_name = dashboard_metadata)]
 pub struct DashboardMetadataUpdateInternal {
    pub data_key: enums::DashboardMetadata,
-    pub data_value: serde_json::Value,
+    pub data_value: Secret<serde_json::Value>,
    pub last_modified_by: String,
    pub last_modified_at: PrimitiveDateTime,
 }
@ -50,7 +51,7 @@ pub struct DashboardMetadataUpdateInternal {
 pub enum DashboardMetadataUpdate {
    UpdateData {
        data_key: enums::DashboardMetadata,
-        data_value: serde_json::Value,
+        data_value: Secret<serde_json::Value>,
        last_modified_by: String,
    },
 }
--- a/crates/router/src/core/user/dashboard_metadata.rs
+++ b/crates/router/src/core/user/dashboard_metadata.rs
@ -1,12 +1,16 @@
+use std::str::FromStr;
+
 use api_models::user::dashboard_metadata::{self as api, GetMultipleMetaDataPayload};
 #[cfg(feature = "email")]
 use common_enums::EntityType;
+use common_utils::pii;
 use diesel_models::{
    enums::DashboardMetadata as DBEnum, user::dashboard_metadata::DashboardMetadata,
 };
 use error_stack::{report, ResultExt};
 #[cfg(feature = "email")]
 use masking::ExposeInterface;
+use masking::PeekInterface;
 #[cfg(feature = "email")]
 use router_env::logger;

@ -447,6 +451,11 @@ async fn insert_metadata(
            metadata
        }
        types::MetaData::ProdIntent(data) => {
+            if let Some(poc_email) = &data.poc_email {
+                let inner_poc_email = poc_email.peek().as_str();
+                pii::Email::from_str(inner_poc_email)
+                    .change_context(UserErrors::EmailParsingError)?;
+            }
            let mut metadata = utils::insert_user_scoped_metadata_to_db(
                state,
                user.user_id.clone(),
--- a/crates/router/src/services/email/types.rs
+++ b/crates/router/src/services/email/types.rs
@ -454,7 +454,7 @@ impl BizEmailProd {
            settings: state.conf.clone(),
            subject: consts::user::EMAIL_SUBJECT_NEW_PROD_INTENT,
            user_name: data.poc_name.unwrap_or_default().into(),
-            poc_email: data.poc_email.unwrap_or_default().into(),
+            poc_email: data.poc_email.unwrap_or_default(),
            legal_business_name: data.legal_business_name.unwrap_or_default(),
            business_location: data
                .business_location
--- a/crates/router/src/utils/user/dashboard_metadata.rs
+++ b/crates/router/src/utils/user/dashboard_metadata.rs
@ -10,7 +10,7 @@ use diesel_models::{
    user::dashboard_metadata::{DashboardMetadata, DashboardMetadataNew, DashboardMetadataUpdate},
 };
 use error_stack::{report, ResultExt};
-use masking::Secret;
+use masking::{ExposeInterface, PeekInterface, Secret};
 use router_env::logger;

 use crate::{
@ -37,7 +37,7 @@ pub async fn insert_merchant_scoped_metadata_to_db(
            merchant_id,
            org_id,
            data_key: metadata_key,
-            data_value,
+            data_value: Secret::from(data_value),
            created_by: user_id.clone(),
            created_at: now,
            last_modified_by: user_id,
@ -70,7 +70,7 @@ pub async fn insert_user_scoped_metadata_to_db(
            merchant_id,
            org_id,
            data_key: metadata_key,
-            data_value,
+            data_value: Secret::from(data_value),
            created_by: user_id.clone(),
            created_at: now,
            last_modified_by: user_id,
@ -143,7 +143,7 @@ pub async fn update_merchant_scoped_metadata(
            metadata_key,
            DashboardMetadataUpdate::UpdateData {
                data_key: metadata_key,
-                data_value,
+                data_value: Secret::from(data_value),
                last_modified_by: user_id,
            },
        )
@ -171,7 +171,7 @@ pub async fn update_user_scoped_metadata(
            metadata_key,
            DashboardMetadataUpdate::UpdateData {
                data_key: metadata_key,
-                data_value,
+                data_value: Secret::from(data_value),
                last_modified_by: user_id,
            },
        )
@ -183,7 +183,7 @@ pub fn deserialize_to_response<T>(data: Option<&DashboardMetadata>) -> UserResul
 where
    T: serde::de::DeserializeOwned,
 {
-    data.map(|metadata| serde_json::from_value(metadata.data_value.clone()))
+    data.map(|metadata| serde_json::from_value(metadata.data_value.clone().expose()))
        .transpose()
        .change_context(UserErrors::InternalServerError)
        .attach_printable("Error Serializing Metadata from DB")
@ -278,17 +278,18 @@ pub fn parse_string_to_enums(query: String) -> UserResult<GetMultipleMetaDataPay
    })
 }

-fn not_contains_string(value: &Option<String>, value_to_be_checked: &str) -> bool {
-    value
-        .as_ref()
-        .is_some_and(|mail| !mail.contains(value_to_be_checked))
+fn not_contains_string(value: Option<&str>, value_to_be_checked: &str) -> bool {
+    value.is_some_and(|mail| !mail.contains(value_to_be_checked))
 }

 pub fn is_prod_email_required(data: &ProdIntent, user_email: String) -> bool {
-    let poc_email_check = not_contains_string(&data.poc_email, "juspay");
-    let business_website_check = not_contains_string(&data.business_website, "juspay")
-        && not_contains_string(&data.business_website, "hyperswitch");
-    let user_email_check = not_contains_string(&Some(user_email), "juspay");
+    let poc_email_check = not_contains_string(
+        data.poc_email.as_ref().map(|email| email.peek().as_str()),
+        "juspay",
+    );
+    let business_website_check = not_contains_string(data.business_website.as_deref(), "juspay")
+        && not_contains_string(data.business_website.as_deref(), "hyperswitch");
+    let user_email_check = not_contains_string(Some(&user_email), "juspay");

    if (poc_email_check && business_website_check && user_email_check).not() {
        logger::info!(prod_intent_email = poc_email_check);