Skip to content

Commit

Permalink
refactor: removed basilisk feature (#3300)
Browse files Browse the repository at this point in the history
Co-authored-by: venkatesh.devendran <[email protected]>
inventvenkat and venkatesh-juspay authored Jan 10, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 82894dd commit e6f0c99
Showing 3 changed files with 1 addition and 271 deletions.
3 changes: 1 addition & 2 deletions crates/router/Cargo.toml
Original file line number Diff line number Diff line change
@@ -14,9 +14,8 @@ s3 = ["dep:aws-sdk-s3", "dep:aws-config"]
kms = ["external_services/kms", "dep:aws-config"]
email = ["external_services/email", "dep:aws-config", "olap"]
frm = []
basilisk = ["kms"]
stripe = ["dep:serde_qs"]
release = ["kms", "stripe", "basilisk", "s3", "email", "backwards_compatibility", "business_profile_routing", "accounts_cache", "kv_store", "connector_choice_mca_id", "profile_specific_fallback_routing"]
release = ["kms", "stripe", "s3", "email", "backwards_compatibility", "business_profile_routing", "accounts_cache", "kv_store", "connector_choice_mca_id", "profile_specific_fallback_routing"]
olap = ["data_models/olap", "storage_impl/olap", "scheduler/olap", "dep:analytics"]
oltp = ["storage_impl/oltp"]
kv_store = ["scheduler/kv_store"]
264 changes: 0 additions & 264 deletions crates/router/src/core/payment_methods/vault.rs
Original file line number Diff line number Diff line change
@@ -4,8 +4,6 @@ use common_utils::{
generate_id_with_default_len,
};
use error_stack::{report, IntoReport, ResultExt};
#[cfg(feature = "basilisk")]
use josekit::jwe;
use masking::PeekInterface;
use router_env::{instrument, tracing};
use scheduler::{types::process_data, utils as process_tracker_utils};
@@ -23,11 +21,7 @@ use crate::{
},
utils::{self, StringExt},
};
#[cfg(feature = "basilisk")]
use crate::{core::payment_methods::transformers as payment_methods, services, settings};
const VAULT_SERVICE_NAME: &str = "CARD";
#[cfg(feature = "basilisk")]
const VAULT_VERSION: &str = "0";

pub struct SupplementaryVaultData {
pub customer_id: Option<String>,
@@ -806,11 +800,6 @@ pub async fn create_tokenize(
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);

#[cfg(feature = "basilisk")]
return old_create_tokenize(state, value1, value2, lookup_key).await;

#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@@ -874,11 +863,6 @@ pub async fn get_tokenized_data(
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);

#[cfg(feature = "basilisk")]
return old_get_tokenized_data(state, lookup_key, _should_get_value2).await;

#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@@ -925,11 +909,6 @@ pub async fn delete_tokenized_data(state: &routes::AppState, lookup_key: &str) -
}
Err(err) => {
logger::error!("Redis Temp locker Failed: {:?}", err);

#[cfg(feature = "basilisk")]
return old_delete_tokenized_data(state, lookup_key).await;

#[cfg(not(feature = "basilisk"))]
Err(err)
}
}
@@ -1056,246 +1035,3 @@ pub async fn retry_delete_tokenize(
}

// Fallback logic of old temp locker needs to be removed later

#[cfg(feature = "basilisk")]
async fn get_locker_jwe_keys(
keys: &settings::ActiveKmsSecrets,
) -> CustomResult<(String, String), errors::EncryptionError> {
let keys = keys.jwekey.peek();
let key_id = get_key_id(keys);
let (public_key, private_key) = if key_id == keys.locker_key_identifier1 {
(&keys.locker_encryption_key1, &keys.locker_decryption_key1)
} else if key_id == keys.locker_key_identifier2 {
(&keys.locker_encryption_key2, &keys.locker_decryption_key2)
} else {
return Err(errors::EncryptionError.into());
};

Ok((public_key.to_string(), private_key.to_string()))
}

#[cfg(feature = "basilisk")]
#[instrument(skip(state, value1, value2))]
pub async fn old_create_tokenize(
state: &routes::AppState,
value1: String,
value2: Option<String>,
lookup_key: String,
) -> RouterResult<String> {
let payload_to_be_encrypted = api::TokenizePayloadRequest {
value1,
value2: value2.unwrap_or_default(),
lookup_key,
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = utils::Encode::<api::TokenizePayloadRequest>::encode_to_string_of_json(
&payload_to_be_encrypted,
)
.change_context(errors::ApiErrorResponse::InternalServerError)?;

let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;

let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some(VAULT_VERSION.to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making tokenize request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;

match response {
Ok(r) => {
let resp: api::TokenizePayloadEncrypted = r
.response
.parse_struct("TokenizePayloadEncrypted")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
let alg = jwe::RSA_OAEP_256;
let decrypted_payload = services::decrypt_jwe(
&resp.payload,
services::KeyIdCheck::RequestResponseKeyId((
get_key_id(&state.conf.jwekey),
&resp.key_id,
)),
private_key,
alg,
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decrypt Jwe failed for TokenizePayloadEncrypted")?;
let get_response: api::GetTokenizePayloadResponse = decrypted_payload
.parse_struct("GetTokenizePayloadResponse")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable(
"Error getting GetTokenizePayloadResponse from tokenize response",
)?;
Ok(get_response.lookup_key)
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
}
}
}

#[cfg(feature = "basilisk")]
pub async fn old_get_tokenized_data(
state: &routes::AppState,
lookup_key: &str,
should_get_value2: bool,
) -> RouterResult<api::TokenizePayloadRequest> {
metrics::GET_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
let payload_to_be_encrypted = api::GetTokenizePayloadRequest {
lookup_key: lookup_key.to_string(),
get_value2: should_get_value2,
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = serde_json::to_string(&payload_to_be_encrypted)
.map_err(|_x| errors::ApiErrorResponse::InternalServerError)?;

let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;
let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some("0".to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize/get",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making Get Tokenized request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)?;
match response {
Ok(r) => {
let resp: api::TokenizePayloadEncrypted = r
.response
.parse_struct("TokenizePayloadEncrypted")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
let alg = jwe::RSA_OAEP_256;
let decrypted_payload = services::decrypt_jwe(
&resp.payload,
services::KeyIdCheck::RequestResponseKeyId((
get_key_id(&state.conf.jwekey),
&resp.key_id,
)),
private_key,
alg,
)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("GetTokenizedApi: Decrypt Jwe failed for TokenizePayloadEncrypted")?;
let get_response: api::TokenizePayloadRequest = decrypted_payload
.parse_struct("TokenizePayloadRequest")
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting TokenizePayloadRequest from tokenize response")?;
Ok(get_response)
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
match err.status_code {
404 => Err(errors::ApiErrorResponse::UnprocessableEntity {
message: "Token is invalid or expired".into(),
}
.into()),
_ => Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got error from the basilisk locker: {err:?}")),
}
}
}
}

#[cfg(feature = "basilisk")]
pub async fn old_delete_tokenized_data(
state: &routes::AppState,
lookup_key: &str,
) -> RouterResult<()> {
metrics::DELETED_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
let payload_to_be_encrypted = api::DeleteTokenizeByTokenRequest {
lookup_key: lookup_key.to_string(),
service_name: VAULT_SERVICE_NAME.to_string(),
};
let payload = serde_json::to_string(&payload_to_be_encrypted)
.into_report()
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error serializing api::DeleteTokenizeByTokenRequest")?;

let (public_key, _private_key) = get_locker_jwe_keys(&state.kms_secrets.clone())
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encryption key")?;
let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error getting Encrypt JWE response")?;
let create_tokenize_request = api::TokenizePayloadEncrypted {
payload: encrypted_payload,
key_id: get_key_id(&state.conf.jwekey).to_string(),
version: Some("0".to_string()),
};
let request = payment_methods::mk_crud_locker_request(
&state.conf.locker,
"/tokenize/delete/token",
create_tokenize_request,
)
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Making Delete Tokenized request failed")?;
let response = services::call_connector_api(state, request)
.await
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Error while making /tokenize/delete/token call to the locker")?;
match response {
Ok(r) => {
let _delete_response = std::str::from_utf8(&r.response)
.into_report()
.change_context(errors::ApiErrorResponse::InternalServerError)
.attach_printable("Decoding Failed for basilisk delete response")?;
Ok(())
}
Err(err) => {
metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
Err(errors::ApiErrorResponse::InternalServerError)
.into_report()
.attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
}
}
}

#[cfg(feature = "basilisk")]
pub fn get_key_id(keys: &settings::Jwekey) -> &str {
let key_identifier = "1"; // [#46]: Fetch this value from redis or external sources
if key_identifier == "1" {
&keys.locker_key_identifier1
} else {
&keys.locker_key_identifier2
}
}
5 changes: 0 additions & 5 deletions crates/router/src/services/api/client.rs
Original file line number Diff line number Diff line change
@@ -111,7 +111,6 @@ pub(super) fn create_client(
pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
let locker_host = locker.host.to_owned();
let locker_host_rs = locker.host_rs.to_owned();
let basilisk_host = locker.basilisk_host.to_owned();
vec![
format!("{locker_host}/cards/add"),
format!("{locker_host}/cards/retrieve"),
@@ -122,10 +121,6 @@ pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
format!("{locker_host}/card/addCard"),
format!("{locker_host}/card/getCard"),
format!("{locker_host}/card/deleteCard"),
format!("{basilisk_host}/tokenize"),
format!("{basilisk_host}/tokenize/get"),
format!("{basilisk_host}/tokenize/delete"),
format!("{basilisk_host}/tokenize/delete/token"),
]
}

0 comments on commit e6f0c99

Please sign in to comment.