diff --git a/config/config.example.toml b/config/config.example.toml index 8f8b607f7b..99e6dc0ac8 100644 --- a/config/config.example.toml +++ b/config/config.example.toml @@ -69,6 +69,8 @@ level = "DEBUG" aws_key_id = "" # AWS Account Key ID aws_region = "" # AWS Account region temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # AWS KMS Key +admin_api_key = "test_admin" #admin api key for merchant authentication +jwt_secret= "secret" #secret jwt for merchant # Locker settings contain details for accessing a card locker, a # PCI Compliant storage entity which stores payment method information diff --git a/config/docker_compose.toml b/config/docker_compose.toml index 1be7c770bd..dbd3caaac0 100644 --- a/config/docker_compose.toml +++ b/config/docker_compose.toml @@ -30,6 +30,8 @@ pool_size = 5 [keys] temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key +admin_api_key = "test_admin" +jwt_secret="secret" [locker] host = "" diff --git a/crates/router/src/configs/defaults.toml b/crates/router/src/configs/defaults.toml index 5ccfaefe39..53766d1c5b 100644 --- a/crates/router/src/configs/defaults.toml +++ b/crates/router/src/configs/defaults.toml @@ -32,6 +32,8 @@ cluster_urls = [] [keys] temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key +admin_api_key = "test_admin" +jwt_secret="secret" [locker] diff --git a/crates/router/src/configs/settings.rs b/crates/router/src/configs/settings.rs index 872512ded5..285b976913 100644 --- a/crates/router/src/configs/settings.rs +++ b/crates/router/src/configs/settings.rs @@ -47,6 +47,8 @@ pub struct Keys { #[cfg(feature = "kms")] pub aws_region: String, pub temp_card_key: String, + pub jwt_secret: String, + pub admin_api_key: String, } #[derive(Debug, Deserialize, Clone)] diff --git a/crates/router/src/services/api.rs b/crates/router/src/services/api.rs index 80d0c5f33f..9d8b3e4a45 100644 --- a/crates/router/src/services/api.rs +++ b/crates/router/src/services/api.rs @@ -432,7 +432,7 @@ where { let merchant_account = match api_authentication { ApiAuthentication::Merchant(merchant_auth) => { - authenticate_merchant(request, &*state.store, merchant_auth).await? + authenticate_merchant(request, state, merchant_auth).await? } ApiAuthentication::Connector(connector_auth) => { authenticate_connector(request, &*state.store, connector_auth).await? @@ -521,17 +521,17 @@ where pub async fn authenticate_merchant<'a>( request: &HttpRequest, - store: &dyn StorageInterface, + state: &AppState, merchant_authentication: MerchantAuthentication<'a>, ) -> RouterResult { match merchant_authentication { MerchantAuthentication::ApiKey => { let api_key = get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?; - authenticate_by_api_key(store, api_key).await + authenticate_by_api_key(&*state.store, api_key).await } - MerchantAuthentication::MerchantId(merchant_id) => store + MerchantAuthentication::MerchantId(merchant_id) => (*state.store) .find_merchant_account_by_merchant_id(&merchant_id) .await .map_err(|error| error.to_not_found_response(errors::ApiErrorResponse::Unauthorized)), @@ -539,10 +539,11 @@ pub async fn authenticate_merchant<'a>( MerchantAuthentication::AdminApiKey => { let admin_api_key = get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?; - if admin_api_key != "test_admin" { - Err(report!(errors::ApiErrorResponse::Unauthorized) - .attach_printable("Admin Authentication Failure"))?; - } + utils::when(admin_api_key != state.conf.keys.admin_api_key, || { + Err(errors::ApiErrorResponse::Unauthorized) + .into_report() + .attach_printable("Admin Authentication Failure") + })?; Ok(storage::MerchantAccount { id: -1, @@ -567,7 +568,7 @@ pub async fn authenticate_merchant<'a>( MerchantAuthentication::PublishableKey => { let api_key = get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?; - authenticate_by_publishable_key(store, api_key).await + authenticate_by_publishable_key(&*state.store, api_key).await } } } diff --git a/loadtest/config/Development.toml b/loadtest/config/Development.toml index 8744244fde..f3f12cb77f 100644 --- a/loadtest/config/Development.toml +++ b/loadtest/config/Development.toml @@ -23,6 +23,8 @@ host = "redis-queue" [keys] temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key +admin_api_key = "test_admin" +jwt_secret="secret" [locker] host = ""