From c03587f9c6e8ad444cebac92fd5134fe01c71728 Mon Sep 17 00:00:00 2001 From: Nishant Joshi Date: Mon, 2 Sep 2024 12:44:40 +0530 Subject: [PATCH] chore: enable partial auth as a feature flag (#5711) --- crates/router/Cargo.toml | 2 +- crates/router/src/configs/defaults.rs | 3 +++ crates/router/src/configs/secrets_transformers.rs | 5 +++++ crates/router/src/configs/settings.rs | 3 +++ crates/router/src/services/authentication.rs | 8 ++++++++ 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/crates/router/Cargo.toml b/crates/router/Cargo.toml index 1b48b3767b..18476ffe48 100644 --- a/crates/router/Cargo.toml +++ b/crates/router/Cargo.toml @@ -9,7 +9,7 @@ readme = "README.md" license.workspace = true [features] -default = ["kv_store", "stripe", "oltp", "olap", "accounts_cache", "dummy_connector", "payouts", "payout_retry", "retry", "frm", "tls", "v1"] +default = ["kv_store", "stripe", "oltp", "olap", "accounts_cache", "dummy_connector", "payouts", "payout_retry", "retry", "frm", "tls", "v1", "partial-auth"] olap = ["hyperswitch_domain_models/olap", "storage_impl/olap", "scheduler/olap", "api_models/olap", "dep:analytics"] tls = ["actix-web/rustls-0_22"] email = ["external_services/email", "scheduler/email", "olap"] diff --git a/crates/router/src/configs/defaults.rs b/crates/router/src/configs/defaults.rs index 8bcceb4a4b..4dd33612e5 100644 --- a/crates/router/src/configs/defaults.rs +++ b/crates/router/src/configs/defaults.rs @@ -11225,6 +11225,9 @@ impl Default for super::settings::ApiKeys { // context used for blake3 #[cfg(feature = "partial-auth")] checksum_auth_context: String::new().into(), + + #[cfg(feature = "partial-auth")] + enable_partial_auth: false, } } } diff --git a/crates/router/src/configs/secrets_transformers.rs b/crates/router/src/configs/secrets_transformers.rs index 312a475b8b..c326b59789 100644 --- a/crates/router/src/configs/secrets_transformers.rs +++ b/crates/router/src/configs/secrets_transformers.rs @@ -123,6 +123,9 @@ impl SecretsHandler for settings::ApiKeys { .get_secret(api_keys.checksum_auth_key.clone()) .await?; + #[cfg(feature = "partial-auth")] + let enable_partial_auth = api_keys.enable_partial_auth; + Ok(value.transition_state(|_| Self { hash_key, #[cfg(feature = "email")] @@ -132,6 +135,8 @@ impl SecretsHandler for settings::ApiKeys { checksum_auth_key, #[cfg(feature = "partial-auth")] checksum_auth_context, + #[cfg(feature = "partial-auth")] + enable_partial_auth, })) } } diff --git a/crates/router/src/configs/settings.rs b/crates/router/src/configs/settings.rs index 312b7711f3..93082aeec3 100644 --- a/crates/router/src/configs/settings.rs +++ b/crates/router/src/configs/settings.rs @@ -669,6 +669,9 @@ pub struct ApiKeys { #[cfg(feature = "partial-auth")] pub checksum_auth_key: Secret, + + #[cfg(feature = "partial-auth")] + pub enable_partial_auth: bool, } #[derive(Debug, Deserialize, Clone, Default)] diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs index b1f12b1067..6c0a8d00b3 100644 --- a/crates/router/src/services/authentication.rs +++ b/crates/router/src/services/authentication.rs @@ -443,6 +443,14 @@ where request_headers: &HeaderMap, state: &A, ) -> RouterResult<(AuthenticationData, AuthenticationType)> { + let enable_partial_auth = state.conf().api_keys.get_inner().enable_partial_auth; + + // This is a early return if partial auth is disabled + // Preventing the need to go through the header extraction process + if !enable_partial_auth { + return self.0.authenticate_and_fetch(request_headers, state).await; + } + let report_failure = || { metrics::PARTIAL_AUTH_FAILURE.add(&metrics::CONTEXT, 1, &[]); };