rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-28 12:15:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(router): Take merchant ID from headers in API Key - Revoke (v2) (#8808)

Browse Source
This commit is contained in:
Anurag Thakur
2025-08-05 13:14:47 +05:30
committed by GitHub
parent 4d4a81e9c7
commit d164954e22
2 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/router/src/core/api_keys.rs
View File

@ -425,18 +425,18 @@ pub async fn update_api_key_expiry_task(
#[instrument(skip_all)] #[instrument(skip_all)]
pub async fn revoke_api_key( pub async fn revoke_api_key(
state: SessionState, state: SessionState,
merchant_id: &common_utils::id_type::MerchantId, merchant_id: common_utils::id_type::MerchantId,
key_id: &common_utils::id_type::ApiKeyId, key_id: &common_utils::id_type::ApiKeyId,
) -> RouterResponse<api::RevokeApiKeyResponse> { ) -> RouterResponse<api::RevokeApiKeyResponse> {
let store = state.store.as_ref(); let store = state.store.as_ref();
let api_key = store let api_key = store
.find_api_key_by_merchant_id_key_id_optional(merchant_id, key_id) .find_api_key_by_merchant_id_key_id_optional(&merchant_id, key_id)
.await .await
.to_not_found_response(errors::ApiErrorResponse::ApiKeyNotFound)?; .to_not_found_response(errors::ApiErrorResponse::ApiKeyNotFound)?;
let revoked = store let revoked = store
.revoke_api_key(merchant_id, key_id) .revoke_api_key(&merchant_id, key_id)
.await .await
.to_not_found_response(errors::ApiErrorResponse::ApiKeyNotFound)?; .to_not_found_response(errors::ApiErrorResponse::ApiKeyNotFound)?;

25
crates/router/src/routes/api_keys.rs
View File

@ -243,7 +243,9 @@ pub async fn api_key_revoke(
state, state,
&req, &req,
(&merchant_id, &key_id), (&merchant_id, &key_id),
|state, _, (merchant_id, key_id), _| api_keys::revoke_api_key(state, merchant_id, key_id), |state, _, (merchant_id, key_id), _| {
api_keys::revoke_api_key(state, merchant_id.clone(), key_id)
},
auth::auth_type( auth::auth_type(
&auth::PlatformOrgAdminAuthWithMerchantIdFromRoute { &auth::PlatformOrgAdminAuthWithMerchantIdFromRoute {
merchant_id_from_route: merchant_id.clone(), merchant_id_from_route: merchant_id.clone(),
@ -265,24 +267,25 @@ pub async fn api_key_revoke(
pub async fn api_key_revoke( pub async fn api_key_revoke(
state: web::Data<AppState>, state: web::Data<AppState>,
req: HttpRequest, req: HttpRequest,
path: web::Path<( path: web::Path<common_utils::id_type::ApiKeyId>,
common_utils::id_type::MerchantId,
common_utils::id_type::ApiKeyId,
)>,
) -> impl Responder { ) -> impl Responder {
let flow = Flow::ApiKeyRevoke; let flow = Flow::ApiKeyRevoke;
let (merchant_id, key_id) = path.into_inner(); let key_id = path.into_inner();
Box::pin(api::server_wrap( Box::pin(api::server_wrap(
flow, flow,
state, state,
&req, &req,
(&merchant_id, &key_id), &key_id,
|state, _, (merchant_id, key_id), _| api_keys::revoke_api_key(state, merchant_id, key_id), |state,
auth::AuthenticationDataWithoutProfile {
merchant_account, ..
},
key_id,
_| api_keys::revoke_api_key(state, merchant_account.get_id().to_owned(), key_id),
auth::auth_type( auth::auth_type(
&auth::V2AdminApiAuth, &auth::AdminApiAuthWithMerchantIdFromHeader,
&auth::JWTAuthMerchantFromRoute { &auth::JWTAuthMerchantFromHeader {
merchant_id: merchant_id.clone(),
required_permission: Permission::MerchantApiKeyWrite, required_permission: Permission::MerchantApiKeyWrite,
}, },
req.headers(), req.headers(),