refactor(router): make routes public and move crypto module to common utils (#176)

Co-authored-by: Arun Raj M <jarnura47@gmail.com>

Cargo.lock

@@ -919,11 +919,13 @@ dependencies = [
  "bytes",
  "error-stack",
  "fake",
+ "hex",
  "masking",
  "nanoid",
  "once_cell",
  "proptest",
  "regex",
+ "ring",
  "router_env",
  "serde",
  "serde_json",

crates/common_utils/Cargo.toml

@@ -10,9 +10,11 @@ license = "Apache-2.0"
 [dependencies]
 bytes = "1.3.0"
 error-stack = "0.2.4"
+hex = "0.4.3"
 nanoid = "0.4.0"
 once_cell = "1.16.0"
 regex = "1.7.0"
+ring = "0.16.20"
 serde = { version = "1.0.149", features = ["derive"] }
 serde_json = "1.0.89"
 serde_urlencoded = "0.7.1"

crates/common_utils/src/crypto.rs

@@ -1,11 +1,14 @@
+//! Utilities for cryptographic algorithms
 use error_stack::{IntoReport, ResultExt};
 use ring::{aead, hmac};
 
-use crate::core::errors::{self, CustomResult};
+use crate::errors::{self, CustomResult};
 
 const RING_ERR_UNSPECIFIED: &str = "ring::error::Unspecified";
 
+/// Trait for cryptographically signing messages
 pub trait SignMessage {
+    /// Takes in a secret and a message and returns the calculated signature as bytes
     fn sign_message(
         &self,
         _secret: &[u8],
@@ -13,7 +16,10 @@ pub trait SignMessage {
     ) -> CustomResult<Vec<u8>, errors::CryptoError>;
 }
 
+/// Trait for cryptographically verifying a message against a signature
 pub trait VerifySignature {
+    /// Takes in a secret, the signature and the message and verifies the message
+    /// against the signature
     fn verify_signature(
         &self,
         _secret: &[u8],
@@ -22,7 +28,9 @@ pub trait VerifySignature {
     ) -> CustomResult<bool, errors::CryptoError>;
 }
 
+/// Trait for cryptographically encoding a message
 pub trait EncodeMessage {
+    /// Takes in a secret and the message and encodes it, returning bytes
     fn encode_message(
         &self,
         _secret: &[u8],
@@ -30,7 +38,9 @@ pub trait EncodeMessage {
     ) -> CustomResult<(Vec<u8>, Vec<u8>), errors::CryptoError>;
 }
 
+/// Trait for cryptographically decoding a message
 pub trait DecodeMessage {
+    /// Takes in a secret, an encoded messages and attempts to decode it, returning bytes
     fn decode_message(
         &self,
         _secret: &[u8],
@@ -38,6 +48,9 @@ pub trait DecodeMessage {
     ) -> CustomResult<Vec<u8>, errors::CryptoError>;
 }
 
+/// Represents no cryptographic algorithm.
+/// Implements all crypto traits and acts like a Nop
+#[derive(Debug)]
 pub struct NoAlgorithm;
 
 impl SignMessage for NoAlgorithm {
@@ -81,6 +94,8 @@ impl DecodeMessage for NoAlgorithm {
     }
 }
 
+/// Represents the HMAC-SHA-256 algorithm
+#[derive(Debug)]
 pub struct HmacSha256;
 
 impl SignMessage for HmacSha256 {
@@ -107,6 +122,8 @@ impl VerifySignature for HmacSha256 {
     }
 }
 
+/// Represents the HMAC-SHA-512 algorithm
+#[derive(Debug)]
 pub struct HmacSha512;
 
 impl SignMessage for HmacSha512 {
@@ -133,6 +150,8 @@ impl VerifySignature for HmacSha512 {
     }
 }
 
+/// Represents the GCM-AES-256 algorithm
+#[derive(Debug)]
 pub struct GcmAes256 {
     nonce: Vec<u8>,
 }

crates/common_utils/src/errors.rs

@@ -54,3 +54,20 @@ pub enum ValidationError {
     #[error("{message}")]
     InvalidValue { message: String },
 }
+
+/// Cryptograpic algorithm errors
+#[derive(Debug, thiserror::Error)]
+pub enum CryptoError {
+    /// The cryptographic algorithm was unable to encode the message
+    #[error("Failed to encode given message")]
+    EncodingFailed,
+    /// The cryptographic algorithm was unable to decode the message
+    #[error("Failed to decode given message")]
+    DecodingFailed,
+    /// The cryptographic algorithm was unable to sign the message
+    #[error("Failed to sign message")]
+    MessageSigningFailed,
+    /// The cryptographic algorithm was unable to verify the given signature
+    #[error("Failed to verify signature")]
+    SignatureVerificationFailed,
+}

crates/common_utils/src/lib.rs

@@ -15,6 +15,7 @@
 #![doc = include_str!(concat!(env!("CARGO_MANIFEST_DIR" ), "/", "README.md"))]
 
 pub mod consts;
+pub mod crypto;
 pub mod custom_serde;
 pub mod errors;
 pub mod ext_traits;

crates/router/src/core/errors.rs

@@ -451,15 +451,3 @@ pub enum WebhooksFlowError {
     #[error("Webhook not received by merchant")]
     NotReceivedByMerchant,
 }
-
-#[derive(Debug, thiserror::Error)]
-pub enum CryptoError {
-    #[error("Failed to encode given message")]
-    EncodingFailed,
-    #[error("Failed to decode given message")]
-    DecodingFailed,
-    #[error("Failed to sign message")]
-    MessageSigningFailed,
-    #[error("Failed to verify signature")]
-    SignatureVerificationFailed,
-}

crates/router/src/routes.rs

@@ -1,15 +1,15 @@
-mod admin;
-mod app;
-mod customers;
-mod ephemeral_key;
-mod health;
-mod mandates;
-mod metrics;
-mod payment_methods;
-pub(crate) mod payments;
-mod payouts;
-mod refunds;
-mod webhooks;
+pub mod admin;
+pub mod app;
+pub mod customers;
+pub mod ephemeral_key;
+pub mod health;
+pub mod mandates;
+pub mod metrics;
+pub mod payment_methods;
+pub mod payments;
+pub mod payouts;
+pub mod refunds;
+pub mod webhooks;
 
 pub use self::app::{
     AppState, Customers, EphemeralKey, Health, Mandates, MerchantAccount, MerchantConnectorAccount,

crates/router/src/utils.rs

@@ -1,4 +1,3 @@
-pub(crate) mod crypto;
 pub(crate) mod custom_serde;
 pub(crate) mod db_utils;
 mod ext_traits;
@@ -8,6 +7,7 @@ mod fp_utils;
 pub(crate) mod storage_partitioning;
 
 pub(crate) use common_utils::{
+    crypto,
     ext_traits::{ByteSliceExt, BytesExt, Encode, StringExt, ValueExt},
     validation::validate_email,
 };