rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-30 01:27:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(customers): Add JWT Authentication for /customers APIs (#3179)

Browse Source
This commit is contained in:
Mani Chandra
2023-12-26 17:37:27 +05:30
committed by GitHub
parent a51c54d39d
commit aefe6184ec
7 changed files with 63 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/api_models/src/user_role.rs
View File

@ -32,6 +32,8 @@ pub enum Permission {
DisputeWrite, DisputeWrite,
MandateRead, MandateRead,
MandateWrite, MandateWrite,
CustomerRead,
CustomerWrite,
FileRead, FileRead,
FileWrite, FileWrite,
Analytics, Analytics,
@ -53,6 +55,7 @@ pub enum PermissionModule {
Routing, Routing,
Analytics, Analytics,
Mandates, Mandates,
Customer,
Disputes, Disputes,
Files, Files,
ThreeDsDecisionManager, ThreeDsDecisionManager,

27
crates/router/src/routes/customers.rs
View File

@ -4,7 +4,7 @@ use router_env::{instrument, tracing, Flow};
use super::app::AppState; use super::app::AppState;
use crate::{ use crate::{
core::{api_locking, customers::*}, core::{api_locking, customers::*},
services::{api, authentication as auth}, services::{api, authentication as auth, authorization::permissions::Permission},
types::api::customers, types::api::customers,
}; };
@ -36,7 +36,11 @@ pub async fn customers_create(
&req, &req,
json_payload.into_inner(), json_payload.into_inner(),
|state, auth, req| create_customer(state, auth.merchant_account, auth.key_store, req), |state, auth, req| create_customer(state, auth.merchant_account, auth.key_store, req),
auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -68,10 +72,13 @@ pub async fn customers_retrieve(
}) })
.into_inner(); .into_inner();
let auth = let auth = if auth::is_jwt_auth(req.headers()) {
Box::new(auth::JWTAuth(Permission::CustomerRead))
} else {
match auth::is_ephemeral_auth(req.headers(), &*state.store, &payload.customer_id).await { match auth::is_ephemeral_auth(req.headers(), &*state.store, &payload.customer_id).await {
Ok(auth) => auth, Ok(auth) => auth,
Err(err) => return api::log_and_return_error_response(err), Err(err) => return api::log_and_return_error_response(err),
}
}; };
api::server_wrap( api::server_wrap(
@ -110,7 +117,11 @@ pub async fn customers_list(state: web::Data<AppState>, req: HttpRequest) -> Htt
&req, &req,
(), (),
|state, auth, _| list_customers(state, auth.merchant_account.merchant_id, auth.key_store), |state, auth, _| list_customers(state, auth.merchant_account.merchant_id, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
) )
.await .await
@ -148,7 +159,11 @@ pub async fn customers_update(
&req, &req,
json_payload.into_inner(), json_payload.into_inner(),
|state, auth, req| update_customer(state, auth.merchant_account, req, auth.key_store), |state, auth, req| update_customer(state, auth.merchant_account, req, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -185,7 +200,11 @@ pub async fn customers_delete(
&req, &req,
payload, payload,
|state, auth, req| delete_customer(state, auth.merchant_account, req, auth.key_store), |state, auth, req| delete_customer(state, auth.merchant_account, req, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
)) ))
.await .await
@ -209,7 +228,11 @@ pub async fn get_customer_mandates(
|state, auth, req| { |state, auth, req| {
crate::core::mandate::get_customer_mandates(state, auth.merchant_account, req) crate::core::mandate::get_customer_mandates(state, auth.merchant_account, req)
}, },
auth::auth_type(
&auth::ApiKeyAuth, &auth::ApiKeyAuth,
&auth::JWTAuth(Permission::MandateRead),
req.headers(),
),
api_locking::LockAction::NotApplicable, api_locking::LockAction::NotApplicable,
) )
.await .await

10
crates/router/src/services/authorization/info.rs
View File

@ -38,6 +38,7 @@ pub enum PermissionModule {
Routing, Routing,
Analytics, Analytics,
Mandates, Mandates,
Customer,
Disputes, Disputes,
Files, Files,
ThreeDsDecisionManager, ThreeDsDecisionManager,
@ -55,6 +56,7 @@ impl PermissionModule {
Self::Forex => "Forex module permissions allow the user to view and query the forex rates", Self::Forex => "Forex module permissions allow the user to view and query the forex rates",
Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.", Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.",
Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module", Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module",
Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module",
Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module", Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
Self::Files => "Permissions for uploading, deleting and viewing files for disputes", Self::Files => "Permissions for uploading, deleting and viewing files for disputes",
Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant", Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
@ -133,6 +135,14 @@ impl ModuleInfo {
Permission::MandateWrite, Permission::MandateWrite,
]), ]),
}, },
PermissionModule::Customer => Self {
module: module_name,
description,
permissions: PermissionInfo::new(&[
Permission::CustomerRead,
Permission::CustomerWrite,
]),
},
PermissionModule::Disputes => Self { PermissionModule::Disputes => Self {
module: module_name, module: module_name,
description, description,

4
crates/router/src/services/authorization/permissions.rs
View File

@ -19,6 +19,8 @@ pub enum Permission {
DisputeWrite, DisputeWrite,
MandateRead, MandateRead,
MandateWrite, MandateWrite,
CustomerRead,
CustomerWrite,
FileRead, FileRead,
FileWrite, FileWrite,
Analytics, Analytics,
@ -55,6 +57,8 @@ impl Permission {
Self::DisputeWrite => Some("Create and update disputes"), Self::DisputeWrite => Some("Create and update disputes"),
Self::MandateRead => Some("View mandates"), Self::MandateRead => Some("View mandates"),
Self::MandateWrite => Some("Create and update mandates"), Self::MandateWrite => Some("Create and update mandates"),
Self::CustomerRead => Some("View customers"),
Self::CustomerWrite => Some("Create, update and delete customers"),
Self::FileRead => Some("View files"), Self::FileRead => Some("View files"),
Self::FileWrite => Some("Create, update and delete files"), Self::FileWrite => Some("Create, update and delete files"),
Self::Analytics => Some("Access to analytics module"), Self::Analytics => Some("Access to analytics module"),

12
crates/router/src/services/authorization/predefined_permissions.rs
View File

@ -52,6 +52,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite, Permission::DisputeWrite,
Permission::MandateRead, Permission::MandateRead,
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead, Permission::FileRead,
Permission::FileWrite, Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
@ -79,6 +81,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::Analytics, Permission::Analytics,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::UsersRead, Permission::UsersRead,
], ],
@ -112,6 +115,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite, Permission::DisputeWrite,
Permission::MandateRead, Permission::MandateRead,
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead, Permission::FileRead,
Permission::FileWrite, Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
@ -150,6 +155,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite, Permission::DisputeWrite,
Permission::MandateRead, Permission::MandateRead,
Permission::MandateWrite, Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead, Permission::FileRead,
Permission::FileWrite, Permission::FileWrite,
Permission::Analytics, Permission::Analytics,
@ -175,6 +182,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead, Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
@ -198,6 +206,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead, Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
@ -223,6 +232,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead, Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
@ -252,6 +262,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerWrite, Permission::SurchargeDecisionManagerWrite,
Permission::DisputeRead, Permission::DisputeRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::Analytics, Permission::Analytics,
Permission::UsersRead, Permission::UsersRead,
@ -273,6 +284,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantAccountRead, Permission::MerchantAccountRead,
Permission::MerchantConnectorAccountRead, Permission::MerchantConnectorAccountRead,
Permission::MandateRead, Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead, Permission::FileRead,
Permission::FileWrite, Permission::FileWrite,
Permission::Analytics, Permission::Analytics,

1
crates/router/src/types/domain/user.rs
View File

@ -788,6 +788,7 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
info::PermissionModule::Routing => Self::Routing, info::PermissionModule::Routing => Self::Routing,
info::PermissionModule::Analytics => Self::Analytics, info::PermissionModule::Analytics => Self::Analytics,
info::PermissionModule::Mandates => Self::Mandates, info::PermissionModule::Mandates => Self::Mandates,
info::PermissionModule::Customer => Self::Customer,
info::PermissionModule::Disputes => Self::Disputes, info::PermissionModule::Disputes => Self::Disputes,
info::PermissionModule::Files => Self::Files, info::PermissionModule::Files => Self::Files,
info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager, info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,

2
crates/router/src/utils/user_role.rs
View File

@ -74,6 +74,8 @@ impl TryFrom<&Permission> for user_role_api::Permission {
Permission::DisputeWrite => Ok(Self::DisputeWrite), Permission::DisputeWrite => Ok(Self::DisputeWrite),
Permission::MandateRead => Ok(Self::MandateRead), Permission::MandateRead => Ok(Self::MandateRead),
Permission::MandateWrite => Ok(Self::MandateWrite), Permission::MandateWrite => Ok(Self::MandateWrite),
Permission::CustomerRead => Ok(Self::CustomerRead),
Permission::CustomerWrite => Ok(Self::CustomerWrite),
Permission::FileRead => Ok(Self::FileRead), Permission::FileRead => Ok(Self::FileRead),
Permission::FileWrite => Ok(Self::FileWrite), Permission::FileWrite => Ok(Self::FileWrite),
Permission::Analytics => Ok(Self::Analytics), Permission::Analytics => Ok(Self::Analytics),