Skip to content

Commit

Permalink
feat(customers): Add JWT Authentication for /customers APIs (#3179)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThisIsMani
ThisIsMani authored Dec 26, 2023
1 parent a51c54d commit aefe618
Show file tree
Hide file tree
Showing 7 changed files with 63 additions and 8 deletions.
3 changes: 3 additions & 0 deletions crates/api_models/src/user_role.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ pub enum Permission {
DisputeWrite,
MandateRead,
MandateWrite,
CustomerRead,
CustomerWrite,
FileRead,
FileWrite,
Analytics,
Expand All @@ -53,6 +55,7 @@ pub enum PermissionModule {
Routing,
Analytics,
Mandates,
Customer,
Disputes,
Files,
ThreeDsDecisionManager,
Expand Down
39 changes: 31 additions & 8 deletions crates/router/src/routes/customers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use router_env::{instrument, tracing, Flow};
use super::app::AppState;
use crate::{
core::{api_locking, customers::*},
services::{api, authentication as auth},
services::{api, authentication as auth, authorization::permissions::Permission},
types::api::customers,
};

Expand Down Expand Up @@ -36,7 +36,11 @@ pub async fn customers_create(
&req,
json_payload.into_inner(),
|state, auth, req| create_customer(state, auth.merchant_account, auth.key_store, req),
&auth::ApiKeyAuth,
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
Expand Down Expand Up @@ -68,11 +72,14 @@ pub async fn customers_retrieve(
})
.into_inner();

let auth =
let auth = if auth::is_jwt_auth(req.headers()) {
Box::new(auth::JWTAuth(Permission::CustomerRead))
} else {
match auth::is_ephemeral_auth(req.headers(), &*state.store, &payload.customer_id).await {
Ok(auth) => auth,
Err(err) => return api::log_and_return_error_response(err),
};
}
};

api::server_wrap(
flow,
Expand Down Expand Up @@ -110,7 +117,11 @@ pub async fn customers_list(state: web::Data<AppState>, req: HttpRequest) -> Htt
&req,
(),
|state, auth, _| list_customers(state, auth.merchant_account.merchant_id, auth.key_store),
&auth::ApiKeyAuth,
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerRead),
req.headers(),
),
api_locking::LockAction::NotApplicable,
)
.await
Expand Down Expand Up @@ -148,7 +159,11 @@ pub async fn customers_update(
&req,
json_payload.into_inner(),
|state, auth, req| update_customer(state, auth.merchant_account, req, auth.key_store),
&auth::ApiKeyAuth,
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
Expand Down Expand Up @@ -185,7 +200,11 @@ pub async fn customers_delete(
&req,
payload,
|state, auth, req| delete_customer(state, auth.merchant_account, req, auth.key_store),
&auth::ApiKeyAuth,
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::CustomerWrite),
req.headers(),
),
api_locking::LockAction::NotApplicable,
))
.await
Expand All @@ -209,7 +228,11 @@ pub async fn get_customer_mandates(
|state, auth, req| {
crate::core::mandate::get_customer_mandates(state, auth.merchant_account, req)
},
&auth::ApiKeyAuth,
auth::auth_type(
&auth::ApiKeyAuth,
&auth::JWTAuth(Permission::MandateRead),
req.headers(),
),
api_locking::LockAction::NotApplicable,
)
.await
Expand Down
10 changes: 10 additions & 0 deletions crates/router/src/services/authorization/info.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ pub enum PermissionModule {
Routing,
Analytics,
Mandates,
Customer,
Disputes,
Files,
ThreeDsDecisionManager,
Expand All @@ -55,6 +56,7 @@ impl PermissionModule {
Self::Forex => "Forex module permissions allow the user to view and query the forex rates",
Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.",
Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module",
Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module",
Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
Self::Files => "Permissions for uploading, deleting and viewing files for disputes",
Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
Expand Down Expand Up @@ -133,6 +135,14 @@ impl ModuleInfo {
Permission::MandateWrite,
]),
},
PermissionModule::Customer => Self {
module: module_name,
description,
permissions: PermissionInfo::new(&[
Permission::CustomerRead,
Permission::CustomerWrite,
]),
},
PermissionModule::Disputes => Self {
module: module_name,
description,
Expand Down
4 changes: 4 additions & 0 deletions crates/router/src/services/authorization/permissions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ pub enum Permission {
DisputeWrite,
MandateRead,
MandateWrite,
CustomerRead,
CustomerWrite,
FileRead,
FileWrite,
Analytics,
Expand Down Expand Up @@ -55,6 +57,8 @@ impl Permission {
Self::DisputeWrite => Some("Create and update disputes"),
Self::MandateRead => Some("View mandates"),
Self::MandateWrite => Some("Create and update mandates"),
Self::CustomerRead => Some("View customers"),
Self::CustomerWrite => Some("Create, update and delete customers"),
Self::FileRead => Some("View files"),
Self::FileWrite => Some("Create, update and delete files"),
Self::Analytics => Some("Access to analytics module"),
Expand Down
12 changes: 12 additions & 0 deletions crates/router/src/services/authorization/predefined_permissions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
Expand Down Expand Up @@ -79,6 +81,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::Analytics,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::UsersRead,
],
Expand Down Expand Up @@ -112,6 +115,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
Expand Down Expand Up @@ -150,6 +155,8 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::DisputeWrite,
Permission::MandateRead,
Permission::MandateWrite,
Permission::CustomerRead,
Permission::CustomerWrite,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
Expand All @@ -175,6 +182,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
Expand All @@ -198,6 +206,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
Expand All @@ -223,6 +232,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerRead,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
Expand Down Expand Up @@ -252,6 +262,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::SurchargeDecisionManagerWrite,
Permission::DisputeRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::Analytics,
Permission::UsersRead,
Expand All @@ -273,6 +284,7 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
Permission::MerchantAccountRead,
Permission::MerchantConnectorAccountRead,
Permission::MandateRead,
Permission::CustomerRead,
Permission::FileRead,
Permission::FileWrite,
Permission::Analytics,
Expand Down
1 change: 1 addition & 0 deletions crates/router/src/types/domain/user.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -788,6 +788,7 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
info::PermissionModule::Routing => Self::Routing,
info::PermissionModule::Analytics => Self::Analytics,
info::PermissionModule::Mandates => Self::Mandates,
info::PermissionModule::Customer => Self::Customer,
info::PermissionModule::Disputes => Self::Disputes,
info::PermissionModule::Files => Self::Files,
info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,
Expand Down
2 changes: 2 additions & 0 deletions crates/router/src/utils/user_role.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ impl TryFrom<&Permission> for user_role_api::Permission {
Permission::DisputeWrite => Ok(Self::DisputeWrite),
Permission::MandateRead => Ok(Self::MandateRead),
Permission::MandateWrite => Ok(Self::MandateWrite),
Permission::CustomerRead => Ok(Self::CustomerRead),
Permission::CustomerWrite => Ok(Self::CustomerWrite),
Permission::FileRead => Ok(Self::FileRead),
Permission::FileWrite => Ok(Self::FileWrite),
Permission::Analytics => Ok(Self::Analytics),
Expand Down

0 comments on commit aefe618

Please sign in to comment.