rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-31 18:17:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(router): add max_amount validation in payment flows (#4645)

Browse Source
This commit is contained in:
Sai Harsha Vardhan
2024-05-15 19:43:43 +05:30
committed by GitHub
parent 1a27ba5764
commit df865d76be
5 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/router/src/consts.rs
View File

@ -119,3 +119,6 @@ pub const DEFAULT_POLL_DELAY_IN_SECS: i8 = 2;
pub const DEFAULT_POLL_FREQUENCY: i8 = 5; pub const DEFAULT_POLL_FREQUENCY: i8 = 5;
pub const CONNECTOR_CREDS_TOKEN_TTL: i64 = 900; pub const CONNECTOR_CREDS_TOKEN_TTL: i64 = 900;
//max_amount allowed is 999999999 in minor units
pub const MAX_ALLOWED_AMOUNT: i64 = 999999999;

18
crates/router/src/core/payments/helpers.rs
View File

@ -1370,6 +1370,24 @@ fn validate_options_for_inequality<T: PartialEq>(
) )
} }
pub fn validate_max_amount(
amount: api_models::payments::Amount,
) -> CustomResult<(), errors::ApiErrorResponse> {
match amount {
api_models::payments::Amount::Value(value) => {
utils::when(value.get() > consts::MAX_ALLOWED_AMOUNT, || {
Err(report!(errors::ApiErrorResponse::PreconditionFailed {
message: format!(
"amount should not be more than {}",
consts::MAX_ALLOWED_AMOUNT
)
}))
})
}
api_models::payments::Amount::Zero => Ok(()),
}
}
// Checks if the customer details are passed in both places // Checks if the customer details are passed in both places
// If so, raise an error // If so, raise an error
pub fn validate_customer_details_in_request( pub fn validate_customer_details_in_request(

3
crates/router/src/core/payments/operations/payment_confirm.rs
View File

@ -1249,6 +1249,9 @@ impl<F: Send + Clone> ValidateRequest<F, api::PaymentsRequest> for PaymentConfir
operations::ValidateResult<'a>, operations::ValidateResult<'a>,
)> { )> {
helpers::validate_customer_details_in_request(request)?; helpers::validate_customer_details_in_request(request)?;
if let Some(amount) = request.amount {
helpers::validate_max_amount(amount)?;
}
let request_merchant_id = request.merchant_id.as_deref(); let request_merchant_id = request.merchant_id.as_deref();
helpers::validate_merchant_id(&merchant_account.merchant_id, request_merchant_id) helpers::validate_merchant_id(&merchant_account.merchant_id, request_merchant_id)

3
crates/router/src/core/payments/operations/payment_create.rs
View File

@ -661,6 +661,9 @@ impl<F: Send + Clone> ValidateRequest<F, api::PaymentsRequest> for PaymentCreate
operations::ValidateResult<'a>, operations::ValidateResult<'a>,
)> { )> {
helpers::validate_customer_details_in_request(request)?; helpers::validate_customer_details_in_request(request)?;
if let Some(amount) = request.amount {
helpers::validate_max_amount(amount)?;
}
if let Some(session_expiry) = &request.session_expiry { if let Some(session_expiry) = &request.session_expiry {
helpers::validate_session_expiry(session_expiry.to_owned())?; helpers::validate_session_expiry(session_expiry.to_owned())?;
} }

3
crates/router/src/core/payments/operations/payment_update.rs
View File

@ -743,6 +743,9 @@ impl<F: Send + Clone> ValidateRequest<F, api::PaymentsRequest> for PaymentUpdate
operations::ValidateResult<'a>, operations::ValidateResult<'a>,
)> { )> {
helpers::validate_customer_details_in_request(request)?; helpers::validate_customer_details_in_request(request)?;
if let Some(amount) = request.amount {
helpers::validate_max_amount(amount)?;
}
if let Some(session_expiry) = &request.session_expiry { if let Some(session_expiry) = &request.session_expiry {
helpers::validate_session_expiry(session_expiry.to_owned())?; helpers::validate_session_expiry(session_expiry.to_owned())?;
} }