[Refactor]: Make use of Locker for generating/storing fingerprints

[prajjwalkumar17]

Description

Previously we were generating the fingerprints on our application end itself after this change we will have the fingerprints generated by our locker.
Fingerprint is generated for each and every card payment. Moreover we are storing fingerprint in all the attempt tables.
Now vouching for the scenarios were there are more than one attempt associated with one intent in that case we are adding the successful attempt's fingerprint in intent.

So how does the whole flow works:

1. Before confirmation of payment the payment instrument's fingerprint is cross-checked with the blocklist.
2. If it is present in blocklist the payment will be blocked (status as false).
3. This payment can be retried with another instrument and in case if succeeds the fingerprint will be added in intent.

Note: All successful attempts will have a fingerprint but intent's fingerprint will always be the successful attempt's fingerprint.

Other checkpoints under same hood:-

• Instead of generating the fingerprint in application add support for /cards/fingerprint API call with hash_key (Also ensure to whitelist this endpoint in proxy).
• Storing the fingerprint in payment attempt and payment intent table.
• Refactoring Block List checking using the fingerprint API

Testing

Generating fingerprints

-> Toggle the blocklist guard from merchant account being used using /blocklist/toggle?status=true. More about
toggling guard here.
-> We need to create a payment.
-> While trying to confirm the payment it will have the fingerprint_id in the response. This can be used to block the
instrument. If the payment was able to be captured the fingerprint will be stored in the intent table as well

Blocking fingerprints

Refer to the attached postman collection for the API contracts for the blocklist APIs(Description). Currently we support blocking three types of resources i.e. card numbers (payment intrument), card bin, and extended card bin.
blocklist_api_postman.zip

For Card Bin and Extended Card Bin :-
1. Setup a Merchant Account and any Connector account
2. Make a payment with a certain card (ensure it succeeds)
3. Block the card's card bin or extended card bin
4. Try the payment again (should fail this time with an API response saying that the payment was blocked)

For Payment Instrument :-
1. Repeat steps 1 and 2 of previous section
2. In the payment confirm response, there will be an additional field called "fingerprint". This is the fingerprint id that can be used to block a particular payment method. Use this to block the card.
3. Try the payment again (should fail)

Curls for testing out the complete flow

Toggle Blocklist Guard for merchant

Req

curl --location --request POST 'https://sandbox.hyperswitch.io/blocklist/toggle?status=true' \
--header 'api-key: snd_key'

Response

{
    "blocklist_guard_status": "enabled"
}

Blocklisting fingerprint for merchant

Req

curl --location 'https://sandbox.hyperswitch.io/blocklist' \
--header 'x-feature: router-custom' \
--header 'Content-Type: application/json' \
--header 'api-key:snd_key' \
--data '{
    "type": "fingerprint",
    "data": "**fingerprint got in intent**"
}
'

Response

{
    "fingerprint_id": "**fingerprint got in intent**",
    "data_kind": "payment_method",
    "created_at": "2024-02-21T07:47:01.939Z"
}

Listing Blocked fingerprints of merchant

Req

curl --location 'https://sandbox.hyperswitch.io/blocklist?data_kind=payment_method' \
--header 'x-feature: router-custom' \
--header 'api-key: snd_key'
'

Response

[
{
    "fingerprint_id": "**fingerprint got in intent**",
    "data_kind": "payment_method",
    "created_at": "2024-02-21T07:47:01.939Z"
}
]

Unblocking Blocked fingerprints for merchant

Req

curl --location --request DELETE 'https://sandbox.hyperswitch.io/blocklist' \
--header 'x-feature: router-custom' \
--header 'Content-Type: application/json' \
--header 'api-key: snd_key' \
--data '{
    "type": "fingerprint",
    "data": "**fingerprint got in list blocklist**"
}'

Response

[
{
    "fingerprint_id": "**fingerprint got in list blocklist**",
    "data_kind": "payment_method",
    "created_at": "2024-02-21T07:47:01.939Z"
}
]