Skip to content

Commit

Permalink
revert: feat(router): mask keys in connector_account_details for merc…
Browse files Browse the repository at this point in the history
…hant_connector_response in mca retrieve flow (#5890)
  • Loading branch information
sai-harsha-vardhan authored Sep 16, 2024
1 parent 08deec8 commit 3e463bc
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 89 deletions.
70 changes: 1 addition & 69 deletions crates/hyperswitch_domain_models/src/router_data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use common_utils::{
types::MinorUnit,
};
use error_stack::ResultExt;
use masking::{ExposeInterface, Secret};
use masking::Secret;

use crate::{payment_address::PaymentAddress, payment_method_data};

Expand Down Expand Up @@ -136,74 +136,6 @@ impl ConnectorAuthType {
"ConnectorAuthType",
))
}

// show only first and last two digits of the key and mask others with *
// mask the entire key if it's length is less than or equal to 4
fn mask_key(&self, key: String) -> Secret<String> {
let key_len = key.len();
let masked_key = if key_len <= 4 {
"*".repeat(key_len)
} else {
// Show the first two and last two characters, mask the rest with '*'
let mut masked_key = String::new();
let key_len = key.len();
// Iterate through characters by their index
for (index, character) in key.chars().enumerate() {
if index < 2 || index >= key_len - 2 {
masked_key.push(character); // Keep the first two and last two characters
} else {
masked_key.push('*'); // Mask the middle characters
}
}
masked_key
};
Secret::new(masked_key)
}

// Mask the keys in the auth_type
pub fn get_masked_keys(&self) -> Self {
match self {
Self::TemporaryAuth => Self::TemporaryAuth,
Self::NoKey => Self::NoKey,
Self::HeaderKey { api_key } => Self::HeaderKey {
api_key: self.mask_key(api_key.clone().expose()),
},
Self::BodyKey { api_key, key1 } => Self::BodyKey {
api_key: self.mask_key(api_key.clone().expose()),
key1: self.mask_key(key1.clone().expose()),
},
Self::SignatureKey {
api_key,
key1,
api_secret,
} => Self::SignatureKey {
api_key: self.mask_key(api_key.clone().expose()),
key1: self.mask_key(key1.clone().expose()),
api_secret: self.mask_key(api_secret.clone().expose()),
},
Self::MultiAuthKey {
api_key,
key1,
api_secret,
key2,
} => Self::MultiAuthKey {
api_key: self.mask_key(api_key.clone().expose()),
key1: self.mask_key(key1.clone().expose()),
api_secret: self.mask_key(api_secret.clone().expose()),
key2: self.mask_key(key2.clone().expose()),
},
Self::CurrencyAuthKey { auth_key_map } => Self::CurrencyAuthKey {
auth_key_map: auth_key_map.clone(),
},
Self::CertificateAuth {
certificate,
private_key,
} => Self::CertificateAuth {
certificate: self.mask_key(certificate.clone().expose()),
private_key: self.mask_key(private_key.clone().expose()),
},
}
}
}

#[derive(serde::Deserialize, serde::Serialize, Debug, Clone)]
Expand Down
24 changes: 4 additions & 20 deletions crates/router/src/types/transformers.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,15 @@ use api_models::{
use common_utils::{
consts::X_HS_LATENCY,
crypto::Encryptable,
ext_traits::{Encode, StringExt, ValueExt},
ext_traits::{StringExt, ValueExt},
fp_utils::when,
pii,
types::MinorUnit,
};
use diesel_models::enums as storage_enums;
use error_stack::{report, ResultExt};
use hyperswitch_domain_models::payments::payment_intent::CustomerData;
use masking::{ExposeInterface, PeekInterface, Secret};
use masking::{ExposeInterface, PeekInterface};

use super::domain;
use crate::{
Expand Down Expand Up @@ -1149,29 +1149,13 @@ impl ForeignTryFrom<domain::MerchantConnectorAccount>
}
None => None,
};
// parse the connector_account_details into ConnectorAuthType
let connector_account_details: hyperswitch_domain_models::router_data::ConnectorAuthType =
item.connector_account_details
.clone()
.into_inner()
.parse_value("ConnectorAuthType")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Failed while parsing value for ConnectorAuthType")?;
// get the masked keys from the ConnectorAuthType and encode it to secret value
let masked_connector_account_details = Secret::new(
connector_account_details
.get_masked_keys()
.encode_to_value()
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Failed to encode ConnectorAuthType")?,
);
#[cfg(feature = "v2")]
let response = Self {
id: item.get_id(),
connector_type: item.connector_type,
connector_name: item.connector_name,
connector_label: item.connector_label,
connector_account_details: masked_connector_account_details,
connector_account_details: item.connector_account_details.into_inner(),
disabled: item.disabled,
payment_methods_enabled,
metadata: item.metadata,
Expand Down Expand Up @@ -1211,7 +1195,7 @@ impl ForeignTryFrom<domain::MerchantConnectorAccount>
connector_name: item.connector_name,
connector_label: item.connector_label,
merchant_connector_id: item.merchant_connector_id,
connector_account_details: masked_connector_account_details,
connector_account_details: item.connector_account_details.into_inner(),
test_mode: item.test_mode,
disabled: item.disabled,
payment_methods_enabled,
Expand Down

0 comments on commit 3e463bc

Please sign in to comment.