Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(router): blocklist #3056

Merged
merged 55 commits into from
Jan 11, 2024
Merged

feat(router): blocklist #3056

merged 55 commits into from
Jan 11, 2024

Conversation

prajjwalkumar17
Copy link
Contributor

@prajjwalkumar17 prajjwalkumar17 commented Dec 5, 2023
edited by vspecky
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This feature will allow the merchants to block the following according to their needs:

  1. card_numbers
  2. card_isins
  3. extended_bins

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Requested by Merchant.

How did you test it?

Refer to the attached postman collection for the API contracts for the blocklist APIs. Currently we support blocking three types of resources i.e. card numbers (payment intrument), card bin, and extended card bin.

For Card Bin and Extended Card Bin :-

  1. Setup a Merchant Account and any Connector account
  2. Make a payment with a certain card (ensure it succeeds)
  3. Block the card's card bin or extended card bin
  4. Try the payment again (should fail this time with an API response saying that the payment was blocked)

For Payment Instrument :-

  1. Repeat steps 1 and 2 of previous section
  2. In the payment confirm response, there will be an additional field called "fingerprint". This is the fingerprint id that can be used to block a particular payment method. Use this to block the card.
  3. Try the payment again (should fail)

blocklist_api_postman.zip

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible
  • I added a CHANGELOG entry if applicable

@prajjwalkumar17 prajjwalkumar17 self-assigned this Dec 5, 2023
@prajjwalkumar17 prajjwalkumar17 requested a review from a team as a code owner December 5, 2023 11:57
@prajjwalkumar17 prajjwalkumar17 marked this pull request as draft December 5, 2023 11:57
@SanchithHegde SanchithHegde changed the title feat(router): pament_method block feat(router): payment_method block Dec 11, 2023
prajjwalkumar17 and others added 15 commits December 12, 2023 17:13
@prajjwalkumar17
chore: add new tables pm_blocklist and pm_fingerprints and a new colo…
ac19744 
…umn fingerprint_id in payment attempt
@hyperswitch-bot
chore: run formatter
8715fbf
@prajjwalkumar17
chore: block, unblock & blocklist api working with 2 tables up namely…
ddcdc74 
… pm_fingerprint, pm_hash
@prajjwalkumar17
Merge branch 'feat/block_paymentmethod' of https://github.com/juspay/…
7dee9c9 
…hyperswitch into feat/block_paymentmethod
@prajjwalkumar17
Merge branch 'main' into feat/block_paymentmethod
4558f4d
@hyperswitch-bot
chore: run formatter
3133fc8
@prajjwalkumar17
chore: complete interfacing of blocklist_lookup table
e6bd5c6
@hyperswitch-bot
chore: run formatter
84014ef
@prajjwalkumar17
chore: complete flow working without kms encryptions
ee8386d
@prajjwalkumar17
chore: merge main
3b6af11
@hyperswitch-bot
chore: run formatter
560a8eb
@hyperswitch-bot
docs(openapi): re-generate OpenAPI specification
0c76254
@prajjwalkumar17
chore: refactored the response
077f88f
@prajjwalkumar17
chore: merge main
ec5368a
@hyperswitch-bot
chore: run formatter
d177c09
vspecky
vspecky previously approved these changes Jan 11, 2024
View reviewed changes
vspecky
vspecky previously approved these changes Jan 11, 2024
View reviewed changes
Narayanbhat166
Narayanbhat166 reviewed Jan 11, 2024
View reviewed changes
migrations/2023-12-11-075542_create_pm_fingerprint_table/up.sql
Comment on lines +3 to +7
CREATE TYPE "BlocklistDataKind" AS ENUM (
'payment_method',
'card_bin',
'extended_card_bin'
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to have this as a database enum. can be a string.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We won't be having much changes around this enum, so it being enum in DB should be fine.

cc: @vspecky

@Narayanbhat166
Copy link
Member

If status is being changed to failed, then return a 200 with appropriate error_message and error_code. These fields should be populated in PaymentAttempt. You can take these up in the next immediate PR

Narayanbhat166
Narayanbhat166 approved these changes Jan 11, 2024
View reviewed changes
crates/router/src/db/blocklist_lookup.rs
merchant_id: &str,
fingerprint: &str,
) -> CustomResult<storage::BlocklistLookup, errors::StorageError> {
let conn = connection::pg_connection_write(self).await?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pg_connection_read

crates/router/src/core/payments/operations/payment_confirm.rs
Comment on lines +722 to +724
let merchant_id = payment_data.payment_attempt.merchant_id;
let merchant_fingerprint_secret =
blocklist_utils::get_merchant_fingerprint_secret(state, &merchant_id).await?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move all of the blocklist logic to a separate function.

crates/router/src/core/payments/operations/payment_confirm.rs
Comment on lines +806 to +810
&merchant_id,
card_number_fingerprint,
));
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Combine all of these queries in a single query. You can use the WHERE IN sql clause.

@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Jan 11, 2024
Merged via the queue into main with commit bb09613 Jan 11, 2024
9 of 11 checks passed
@Gnanasundari24 Gnanasundari24 deleted the feat/block_paymentmethod branch January 11, 2024 12:42
@prajjwalkumar17 prajjwalkumar17 removed S-waiting-on-review Status: This PR has been implemented and needs to be reviewed R-waiting-on-L1 Review: Waiting on L1 reviewer R-waiting-on-L2 Review: Waiting on L2 reviewer labels Jan 11, 2024
@prajjwalkumar17 prajjwalkumar17 mentioned this pull request Jan 12, 2024
Merged
15 tasks
pixincreate added a commit that referenced this pull request Jan 12, 2024
@pixincreate
Merge branch 'main' of github.com:juspay/hyperswitch into add-metrics…
327e603 
…-router

* 'main' of github.com:juspay/hyperswitch: (84 commits)
  chore(config): add merchant_secret config for webhooks for  cashtocode and volt in wasm dashboard (#3333)
  chore(version): 2024.01.12.0
  fix: update amount_capturable based on intent_status and payment flow (#3278)
  feat: add support for card extended bin in payment attempt (#3312)
  feat(connector): [cybersource] Implement 3DS flow for cards (#3290)
  chore: remove connector auth TOML files from `.gitignore` and `.dockerignore` (#3330)
  fix(refund): add merchant_connector_id in refund (#3303)
  feat(connector): [BOA/CYB] Store AVS response in connector_metadata (#3271)
  feat(outgoingwebhookevent): adding api for query to fetch outgoing webhook events log (#3310)
  feat(router): payment_method block (#3056)
  feat(connector): [Volt] Add support for refund webhooks  (#3326)
  feat(users): invite user without email (#3328)
  feat(euclid_wasm): config changes for NMI (#3329)
  refactor(router): restricted list payment method Customer to api-key based (#3100)
  feat(connector): [BOA/Cyb] Include merchant metadata in capture and void requests (#3308)
  fix(router): add config to avoid connector tokenization for `apple pay` `simplified flow` (#3234)
  refactor(router): flagged order_details validation to skip validation (#3116)
  fix(core): surcharge with saved card failure (#3318)
  feat(payment_link): Added sdk layout option payment link (#3207)
  chore(version): 2024.01.11.0
  ...
pixincreate added a commit that referenced this pull request Jan 13, 2024
@pixincreate
Merge branch 'main' of github.com:juspay/hyperswitch into env_split
99401c0 
* 'main' of github.com:juspay/hyperswitch: (22 commits)
  chore(version): 2024.01.12.1
  chore: add api reference for blocklist (#3336)
  chore(config): add merchant_secret config for webhooks for  cashtocode and volt in wasm dashboard (#3333)
  chore(version): 2024.01.12.0
  fix: update amount_capturable based on intent_status and payment flow (#3278)
  feat: add support for card extended bin in payment attempt (#3312)
  feat(connector): [cybersource] Implement 3DS flow for cards (#3290)
  chore: remove connector auth TOML files from `.gitignore` and `.dockerignore` (#3330)
  fix(refund): add merchant_connector_id in refund (#3303)
  feat(connector): [BOA/CYB] Store AVS response in connector_metadata (#3271)
  feat(outgoingwebhookevent): adding api for query to fetch outgoing webhook events log (#3310)
  feat(router): payment_method block (#3056)
  feat(connector): [Volt] Add support for refund webhooks  (#3326)
  feat(users): invite user without email (#3328)
  feat(euclid_wasm): config changes for NMI (#3329)
  refactor(router): restricted list payment method Customer to api-key based (#3100)
  feat(connector): [BOA/Cyb] Include merchant metadata in capture and void requests (#3308)
  fix(router): add config to avoid connector tokenization for `apple pay` `simplified flow` (#3234)
  refactor(router): flagged order_details validation to skip validation (#3116)
  fix(core): surcharge with saved card failure (#3318)
  ...
@prajjwalkumar17
Copy link
Contributor Author

If status is being changed to failed, then return a 200 with appropriate error_message and error_code. These fields should be populated in PaymentAttempt. You can take these up in the next immediate PR

All the comments are addressed in this PR :)

@prajjwalkumar17 prajjwalkumar17 changed the title feat(router): payment_method block feat(router): blocklist Jan 24, 2024
@prajjwalkumar17 prajjwalkumar17 linked an issue Jan 24, 2024 that may be closed by this pull request
[FEATURE] Blocklist initial implementation #3439
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@racnan racnan racnan approved these changes

@Narayanbhat166 Narayanbhat166 Narayanbhat166 approved these changes

@vspecky vspecky vspecky approved these changes

Assignees

@prajjwalkumar17 prajjwalkumar17

Labels
A-core Area: Core flows A-payments Area: payments C-feature Category: Feature request or enhancement M-api-contract-changes Metadata: This PR involves API contract changes M-database-changes Metadata: This PR involves database schema changes
Projects
None yet
Milestone
December 2023 Release
Development

Successfully merging this pull request may close these issues.

[FEATURE] Blocklist initial implementation
5 participants
@prajjwalkumar17 @vspecky @Narayanbhat166 @racnan @Gnanasundari24