feat(router) : add admin api key and jwt secret in app config (#296)

config/config.example.toml

@@ -69,6 +69,8 @@ level = "DEBUG"
 aws_key_id = ""  # AWS Account Key ID
 aws_region = ""  # AWS Account region
 temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # AWS KMS Key
+admin_api_key = "test_admin" #admin api key for merchant authentication
+jwt_secret= "secret"  #secret jwt for merchant
 
 # Locker settings contain details for accessing a card locker, a
 # PCI Compliant storage entity which stores payment method information

config/docker_compose.toml

@@ -30,6 +30,8 @@ pool_size = 5
 
 [keys]
 temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key
+admin_api_key = "test_admin"
+jwt_secret="secret" 
 
 [locker]
 host = ""

crates/router/src/configs/defaults.toml

@@ -32,6 +32,8 @@ cluster_urls = []
 
 [keys]
 temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key
+admin_api_key = "test_admin"
+jwt_secret="secret" 
 
 [locker]
 

crates/router/src/configs/settings.rs

@@ -47,6 +47,8 @@ pub struct Keys {
     #[cfg(feature = "kms")]
     pub aws_region: String,
     pub temp_card_key: String,
+    pub jwt_secret: String,
+    pub admin_api_key: String,
 }
 
 #[derive(Debug, Deserialize, Clone)]

crates/router/src/services/api.rs

@@ -432,7 +432,7 @@ where
 {
     let merchant_account = match api_authentication {
         ApiAuthentication::Merchant(merchant_auth) => {
-            authenticate_merchant(request, &*state.store, merchant_auth).await?
+            authenticate_merchant(request, state, merchant_auth).await?
         }
         ApiAuthentication::Connector(connector_auth) => {
             authenticate_connector(request, &*state.store, connector_auth).await?
@@ -521,17 +521,17 @@ where
 
 pub async fn authenticate_merchant<'a>(
     request: &HttpRequest,
-    store: &dyn StorageInterface,
+    state: &AppState,
     merchant_authentication: MerchantAuthentication<'a>,
 ) -> RouterResult<storage::MerchantAccount> {
     match merchant_authentication {
         MerchantAuthentication::ApiKey => {
             let api_key =
                 get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?;
-            authenticate_by_api_key(store, api_key).await
+            authenticate_by_api_key(&*state.store, api_key).await
         }
 
-        MerchantAuthentication::MerchantId(merchant_id) => store
+        MerchantAuthentication::MerchantId(merchant_id) => (*state.store)
             .find_merchant_account_by_merchant_id(&merchant_id)
             .await
             .map_err(|error| error.to_not_found_response(errors::ApiErrorResponse::Unauthorized)),
@@ -539,10 +539,11 @@ pub async fn authenticate_merchant<'a>(
         MerchantAuthentication::AdminApiKey => {
             let admin_api_key =
                 get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?;
-            if admin_api_key != "test_admin" {
-                Err(report!(errors::ApiErrorResponse::Unauthorized)
-                    .attach_printable("Admin Authentication Failure"))?;
-            }
+            utils::when(admin_api_key != state.conf.keys.admin_api_key, || {
+                Err(errors::ApiErrorResponse::Unauthorized)
+                    .into_report()
+                    .attach_printable("Admin Authentication Failure")
+            })?;
 
             Ok(storage::MerchantAccount {
                 id: -1,
@@ -567,7 +568,7 @@ pub async fn authenticate_merchant<'a>(
         MerchantAuthentication::PublishableKey => {
             let api_key =
                 get_api_key(request).change_context(errors::ApiErrorResponse::Unauthorized)?;
-            authenticate_by_publishable_key(store, api_key).await
+            authenticate_by_publishable_key(&*state.store, api_key).await
         }
     }
 }

loadtest/config/Development.toml

@@ -23,6 +23,8 @@ host = "redis-queue"
 
 [keys]
 temp_card_key = "OJobAzAwOlibOhygIZOqOGideGUdEBeX" # 32 character long key
+admin_api_key = "test_admin"
+jwt_secret="secret"
 
 [locker]
 host = ""