fix: store and retrieve merchant secret from MCA table for webhooks source verification (#1331)

Co-authored-by: Sanchith Hegde <sanchith.hegde@juspay.in>
2025-11-02 04:04:43 +08:00 · 2023-07-14 12:13:33 +05:30
parent ce1d205219
commit a6645bd354
39 changed files with 271 additions and 439 deletions
--- a/crates/router/src/core/admin.rs
+++ b/crates/router/src/core/admin.rs
@ -2,7 +2,7 @@ use api_models::admin::PrimaryBusinessDetails;
 use common_utils::{
    crypto::{generate_cryptographically_secure_random_string, OptionalSecretValue},
    date_time,
-    ext_traits::ValueExt,
+    ext_traits::{Encode, ValueExt},
 };
 use diesel_models::enums;
 use error_stack::{report, FutureExt, ResultExt};
@ -528,6 +528,18 @@ pub async fn create_payment_connector(
        created_at: common_utils::date_time::now(),
        modified_at: common_utils::date_time::now(),
        id: None,
+        connector_webhook_details: match req.connector_webhook_details {
+            Some(connector_webhook_details) => {
+                Encode::<api_models::admin::MerchantConnectorWebhookDetails>::encode_to_value(
+                    &connector_webhook_details,
+                )
+                .change_context(errors::ApiErrorResponse::InternalServerError)
+                .attach_printable(format!("Failed to serialize api_models::admin::MerchantConnectorWebhookDetails for Merchant: {}", merchant_id))
+                .map(Some)?
+                .map(masking::Secret::new)
+            }
+            None => None,
+        },
    };

    let mca = store
@ -549,7 +561,6 @@ pub async fn create_payment_connector(
    );

    let mca_response = mca.try_into()?;
-
    Ok(service_api::ApplicationResponse::Json(mca_response))
 }

@ -685,6 +696,17 @@ pub async fn update_payment_connector(
        payment_methods_enabled,
        metadata: req.metadata,
        frm_configs,
+        connector_webhook_details: match &req.connector_webhook_details {
+            Some(connector_webhook_details) => {
+                Encode::<api_models::admin::MerchantConnectorWebhookDetails>::encode_to_value(
+                    connector_webhook_details,
+                )
+                .change_context(errors::ApiErrorResponse::InternalServerError)
+                .map(Some)?
+                .map(masking::Secret::new)
+            }
+            None => None,
+        },
    };

    let updated_mca = db
@ -715,6 +737,17 @@ pub async fn delete_payment_connector(
        .await
        .to_not_found_response(errors::ApiErrorResponse::MerchantAccountNotFound)?;

+    let _mca = db
+        .find_by_merchant_connector_account_merchant_id_merchant_connector_id(
+            &merchant_id,
+            &merchant_connector_id,
+            &key_store,
+        )
+        .await
+        .to_not_found_response(errors::ApiErrorResponse::MerchantConnectorAccountNotFound {
+            id: merchant_connector_id.clone(),
+        })?;
+
    let is_deleted = db
        .delete_merchant_connector_account_by_merchant_id_merchant_connector_id(
            &merchant_id,
@ -724,6 +757,7 @@ pub async fn delete_payment_connector(
        .to_not_found_response(errors::ApiErrorResponse::MerchantConnectorAccountNotFound {
            id: merchant_connector_id.clone(),
        })?;
+
    let response = api::MerchantConnectorDeleteResponse {
        merchant_id,
        merchant_connector_id,