Skip to content

feat(core): Add V2 Authentication to all available endpoints #7487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 12, 2025
Merged

feat(core): Add V2 Authentication to all available endpoints #7487

merged 11 commits into from
Mar 12, 2025

Conversation

GauravRawat369
Copy link
Contributor

@GauravRawat369 GauravRawat369 commented Mar 12, 2025
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This commit introduces V2 authentication mechanisms for various admin and client-side APIs :

  • Added V2AdminApiAuth and modified AdminApiAuthWithMerchantIdFromRoute for V2
  • Added V2ApiKeyAuth , V2AdminApiAuth and V2ClientAuth to the endpoints
  • Refactored functions to support V2 Auth as well as V1 Auth

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

For /v2/merchant-accounts

Request

curl --location 'http://localhost:8080/v2/merchant-accounts' \
--header 'x-organization-id: org_d2lZPiRPOGbIMmFcb59A' \
--header 'Content-Type: application/json' \
--header 'Authorization: admin-api-key=test_admin' \
--data '{
    "merchant_name": "cloth_seller"
}'

Response

{
    "id": "cloth_seller_KdjFPBxrxWyX09jri2VB",
    "merchant_name": "cloth_seller",
    "merchant_details": null,
    "publishable_key": "pk_dev_735cafe5f43446e88d22bedec15b0139",
    "metadata": null,
    "organization_id": "org_d2lZPiRPOGbIMmFcb59A",
    "recon_status": "not_requested",
    "product_type": "orchestration"
}

For /v2/organization

Request

curl --location 'http://localhost:8080/v2/organization' \
--header 'Authorization: admin-api-key=test_admin' \
--header 'Content-Type: application/json' \
--data '{
    "organization_name": "random_org_1741776562"
}'

Response

{
    "id": "org_m4fLYdEFb7PNHynIfmZO",
    "organization_name": "random_org_1741776558",
    "organization_details": null,
    "metadata": null,
    "modified_at": "2025-03-12 10:49:18.475431",
    "created_at": "2025-03-12 10:49:18.475424"
}

This is how V2AdminApiAuth looks like

pub struct V2AdminApiAuth;

#[async_trait]
impl<A> AuthenticateAndFetch<(), A> for V2AdminApiAuth
where
    A: SessionStateInfo + Sync,
{
    async fn authenticate_and_fetch(
        &self,
        request_headers: &HeaderMap,
        state: &A,
    ) -> RouterResult<((), AuthenticationType)> {
        let header_map_struct = HeaderMapStruct::new(&request_headers);
        let auth_string = header_map_struct.get_auth_string_from_header()?;
        let request_admin_api_key = auth_string
            .split(',')
            .find_map(|part| part.trim().strip_prefix("admin-api-key="))
            .ok_or_else(|| {
                report!(errors::ApiErrorResponse::Unauthorized)
                    .attach_printable("Unable to parse admin_api_key")
            })?;
        if request_admin_api_key.is_empty() {
            return Err(errors::ApiErrorResponse::Unauthorized)
                .attach_printable("Admin Api key is empty");
        }
        let conf = state.conf();

        let admin_api_key = &conf.secrets.get_inner().admin_api_key;

        if request_admin_api_key != admin_api_key.peek() {
            Err(report!(errors::ApiErrorResponse::Unauthorized)
                .attach_printable("Admin Authentication Failure"))?;
        }

        Ok(((), AuthenticationType::AdminApiKey))
    }
}

What changes are done in authorization header

How it was earlier?

api-key = {{api-key}}
client-secret={{client_secret}} 
api-key = {{admin_api_key}}

Changed version

Authorization = api-key={{api-key}} 
Authorization = admin-api-key={{admin_api_key}}
Authorization = publishable-key={{publishable_key}},client-secret={{client_secret}}

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@GauravRawat369 GauravRawat369 requested review from a team as code owners March 12, 2025 04:05
@semanticdiff-com SemanticDiff.com
Copy link

semanticdiff-com bot commented Mar 12, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/routes/payments.rs  9% smaller
  crates/router/src/routes/admin.rs  1% smaller
  crates/router/src/core/errors.rs  0% smaller
  crates/router/src/routes/api_keys.rs  0% smaller
  crates/router/src/routes/customers.rs  0% smaller
  crates/router/src/routes/ephemeral_key.rs  0% smaller
  crates/router/src/routes/payment_methods.rs  0% smaller
  crates/router/src/routes/routing.rs  0% smaller
  crates/router/src/services/authentication.rs  0% smaller

@GauravRawat369 GauravRawat369 changed the title Add V2 Authentication to all available endpoints feat(core): Add V2 Authentication to all available endpoints Mar 12, 2025
@GauravRawat369 GauravRawat369 self-assigned this Mar 12, 2025
@GauravRawat369 GauravRawat369 linked an issue Mar 12, 2025 that may be closed by this pull request
feat(core): Add V2 Authentication to all available endpoints #7488
Closed
3 tasks
@GauravRawat369 GauravRawat369 requested a review from a team as a code owner March 12, 2025 05:40
@Narayanbhat166
Copy link
Contributor

@GauravRawat369, can you add the request and response for the api endpoints that you tested, in the PR description?

Narayanbhat166
Narayanbhat166 reviewed Mar 12, 2025
View reviewed changes
@SanchithHegde SanchithHegde mentioned this pull request Mar 12, 2025
Merged
14 tasks
@bernard-eugine bernard-eugine disabled auto-merge March 12, 2025 20:18
@bernard-eugine bernard-eugine merged commit 3667a7f into main Mar 12, 2025
16 of 20 checks passed
@bernard-eugine bernard-eugine deleted the v2-auth branch March 12, 2025 20:19
@GauravRawat369 GauravRawat369 mentioned this pull request Apr 9, 2025
Merged
14 tasks
This was referenced Apr 14, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@apoorvdixit88 apoorvdixit88 apoorvdixit88 approved these changes

+1 more reviewer

@Narayanbhat166 Narayanbhat166 Narayanbhat166 approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@GauravRawat369 GauravRawat369

Labels
api-v2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(core): Add V2 Authentication to all available endpoints
5 participants
@GauravRawat369 @Narayanbhat166 @SanchithHegde @apoorvdixit88 @bernard-eugine