rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-29 17:19:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(customers): Add JWT Authentication for /customers APIs (#3179)

Browse Source
This commit is contained in:
Mani Chandra
2023-12-26 17:37:27 +05:30
committed by GitHub
parent a51c54d39d
commit aefe6184ec
7 changed files with 63 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/api_models/src/user_role.rs
View File

@ -32,6 +32,8 @@ pub enum Permission {
DisputeWrite,
MandateRead,
MandateWrite,
CustomerRead,
CustomerWrite,
FileRead,
FileWrite,
Analytics,
@ -53,6 +55,7 @@ pub enum PermissionModule {
Routing,
Analytics,
Mandates,
Customer,
Disputes,
Files,
ThreeDsDecisionManager,

27
crates/router/src/routes/customers.rs
View File

@ -4,7 +4,7 @@ use router_env::{instrument, tracing, Flow};
use super::app::AppState;
use crate::{
core::{api_locking, customers::*},
services::{api, authentication as auth},
services::{api, authentication as auth, authorization::permissions::Permission},
types::api::customers,
};
@ -36,7 +36,11 @@ pub async fn customers_create(
&req,
json_payload.into_inner(),
|state, auth, req| create_customer(state, auth.merchant_account, auth.key_store, req),
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
@ -68,10 +72,13 @@ pub async fn customers_retrieve(
})
.into_inner();
let auth =
let auth = if auth::is_jwt_auth(req.headers()) {
Box::new(auth::JWTAuth(Permission::CustomerRead))
} else {
match auth::is_ephemeral_auth(req.headers(), &*state.store, &payload.customer_id).await {
Ok(auth) => auth,
Err(err) => return api::log_and_return_error_response(err),
}
};
api::server_wrap(
@ -110,7 +117,11 @@ pub async fn customers_list(state: web::Data<AppState>, req: HttpRequest) -> Htt
&req,
(),
|state, auth, _| list_customers(state, auth.merchant_account.merchant_id, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerRead),
req.headers(),
),
api_locking::LockAction::NotApplicable,
)
.await
@ -148,7 +159,11 @@ pub async fn customers_update(
&req,
json_payload.into_inner(),
|state, auth, req| update_customer(state, auth.merchant_account, req, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
@ -185,7 +200,11 @@ pub async fn customers_delete(
&req,
payload,
|state, auth, req| delete_customer(state, auth.merchant_account, req, auth.key_store),
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
@ -209,7 +228,11 @@ pub async fn get_customer_mandates(
|state, auth, req| {
crate::core::mandate::get_customer_mandates(state, auth.merchant_account, req)
},
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::MandateRead),
req.headers(),
),
api_locking::LockAction::NotApplicable,
)
.await

10
crates/router/src/services/authorization/info.rs
View File

@ -38,6 +38,7 @@ pub enum PermissionModule {
Routing,
Analytics,
Mandates,
Customer,
Disputes,
Files,
ThreeDsDecisionManager,
@ -55,6 +56,7 @@ impl PermissionModule {
Self::Forex => "Forex module permissions allow the user to view and query the forex rates",
Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.",
Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module",
Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module",
Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
Self::Files => "Permissions for uploading, deleting and viewing files for disputes",
Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
@ -133,6 +135,14 @@ impl ModuleInfo {
Permission::MandateWrite,
]),
},
PermissionModule::Customer => Self {
module: module_name,
description,
permissions: PermissionInfo::new(&[
Permission::CustomerRead,
Permission::CustomerWrite,
]),
},
PermissionModule::Disputes => Self {
module: module_name,
description,

4
crates/router/src/services/authorization/permissions.rs
View File

@ -19,6 +19,8 @@ pub enum Permission {
DisputeWrite,
MandateRead,
MandateWrite,
CustomerRead,
CustomerWrite,
FileRead,
FileWrite,
Analytics,
@ -55,6 +57,8 @@ impl Permission {
Self::DisputeWrite => Some("Create and update disputes"),
Self::MandateRead => Some("View mandates"),
Self::MandateWrite => Some("Create and update mandates"),
Self::CustomerRead => Some("View customers"),
Self::CustomerWrite => Some("Create, update and delete customers"),
Self::FileRead => Some("View files"),
Self::FileWrite => Some("Create, update and delete files"),
Self::Analytics => Some("Access to analytics module"),

12
crates/router/src/services/authorization/predefined_permissions.rs
View File

@ -52,6 +52,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
@ -79,6 +81,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::Analytics,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::UsersRead,
],
@ -112,6 +115,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
@ -150,6 +155,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
@ -175,6 +182,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
@ -198,6 +206,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
@ -223,6 +232,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
@ -252,6 +262,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerWrite,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
@ -273,6 +284,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantAccountRead,
Permission::MerchantConnectorAccountRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,

1
crates/router/src/types/domain/user.rs
View File

@ -788,6 +788,7 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
info::PermissionModule::Routing => Self::Routing,
info::PermissionModule::Analytics => Self::Analytics,
info::PermissionModule::Mandates => Self::Mandates,
info::PermissionModule::Customer => Self::Customer,
info::PermissionModule::Disputes => Self::Disputes,
info::PermissionModule::Files => Self::Files,
info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,

2
crates/router/src/utils/user_role.rs
View File

@ -74,6 +74,8 @@ impl TryFrom<&Permission> for user_role_api::Permission {
Permission::DisputeWrite => Ok(Self::DisputeWrite),
Permission::MandateRead => Ok(Self::MandateRead),
Permission::MandateWrite => Ok(Self::MandateWrite),
Permission::CustomerRead => Ok(Self::CustomerRead),
Permission::CustomerWrite => Ok(Self::CustomerWrite),
Permission::FileRead => Ok(Self::FileRead),
Permission::FileWrite => Ok(Self::FileWrite),
Permission::Analytics => Ok(Self::Analytics),