refactor: removed basilisk feature

crates/router/Cargo.toml

@@ -14,9 +14,8 @@ s3 = ["dep:aws-sdk-s3", "dep:aws-config"]
 kms = ["external_services/kms", "dep:aws-config"]
 email = ["external_services/email", "dep:aws-config", "olap"]
 frm = []
-basilisk = ["kms"]
 stripe = ["dep:serde_qs"]
-release = ["kms", "stripe", "basilisk", "s3", "email", "backwards_compatibility", "business_profile_routing", "accounts_cache", "kv_store", "connector_choice_mca_id", "profile_specific_fallback_routing"]
+release = ["kms", "stripe", "s3", "email", "backwards_compatibility", "business_profile_routing", "accounts_cache", "kv_store", "connector_choice_mca_id", "profile_specific_fallback_routing"]
 olap = ["data_models/olap", "storage_impl/olap", "scheduler/olap", "dep:analytics"]
 oltp = ["storage_impl/oltp"]
 kv_store = ["scheduler/kv_store"]

crates/router/src/core/payment_methods/vault.rs

@@ -4,8 +4,6 @@ use common_utils::{
     generate_id_with_default_len,
 };
 use error_stack::{report, IntoReport, ResultExt};
-#[cfg(feature = "basilisk")]
-use josekit::jwe;
 use masking::PeekInterface;
 use router_env::{instrument, tracing};
 use scheduler::{types::process_data, utils as process_tracker_utils};
@@ -23,11 +21,7 @@ use crate::{
     },
     utils::{self, StringExt},
 };
-#[cfg(feature = "basilisk")]
-use crate::{core::payment_methods::transformers as payment_methods, services, settings};
 const VAULT_SERVICE_NAME: &str = "CARD";
-#[cfg(feature = "basilisk")]
-const VAULT_VERSION: &str = "0";
 
 pub struct SupplementaryVaultData {
     pub customer_id: Option<String>,
@@ -806,11 +800,6 @@ pub async fn create_tokenize(
         }
         Err(err) => {
             logger::error!("Redis Temp locker Failed: {:?}", err);
-
-            #[cfg(feature = "basilisk")]
-            return old_create_tokenize(state, value1, value2, lookup_key).await;
-
-            #[cfg(not(feature = "basilisk"))]
             Err(err)
         }
     }
@@ -874,11 +863,6 @@ pub async fn get_tokenized_data(
         }
         Err(err) => {
             logger::error!("Redis Temp locker Failed: {:?}", err);
-
-            #[cfg(feature = "basilisk")]
-            return old_get_tokenized_data(state, lookup_key, _should_get_value2).await;
-
-            #[cfg(not(feature = "basilisk"))]
             Err(err)
         }
     }
@@ -925,11 +909,6 @@ pub async fn delete_tokenized_data(state: &routes::AppState, lookup_key: &str) -
         }
         Err(err) => {
             logger::error!("Redis Temp locker Failed: {:?}", err);
-
-            #[cfg(feature = "basilisk")]
-            return old_delete_tokenized_data(state, lookup_key).await;
-
-            #[cfg(not(feature = "basilisk"))]
             Err(err)
         }
     }
@@ -1056,246 +1035,3 @@ pub async fn retry_delete_tokenize(
 }
 
 // Fallback logic of old temp locker needs to be removed later
-
-#[cfg(feature = "basilisk")]
-async fn get_locker_jwe_keys(
-    keys: &settings::ActiveKmsSecrets,
-) -> CustomResult<(String, String), errors::EncryptionError> {
-    let keys = keys.jwekey.peek();
-    let key_id = get_key_id(keys);
-    let (public_key, private_key) = if key_id == keys.locker_key_identifier1 {
-        (&keys.locker_encryption_key1, &keys.locker_decryption_key1)
-    } else if key_id == keys.locker_key_identifier2 {
-        (&keys.locker_encryption_key2, &keys.locker_decryption_key2)
-    } else {
-        return Err(errors::EncryptionError.into());
-    };
-
-    Ok((public_key.to_string(), private_key.to_string()))
-}
-
-#[cfg(feature = "basilisk")]
-#[instrument(skip(state, value1, value2))]
-pub async fn old_create_tokenize(
-    state: &routes::AppState,
-    value1: String,
-    value2: Option<String>,
-    lookup_key: String,
-) -> RouterResult<String> {
-    let payload_to_be_encrypted = api::TokenizePayloadRequest {
-        value1,
-        value2: value2.unwrap_or_default(),
-        lookup_key,
-        service_name: VAULT_SERVICE_NAME.to_string(),
-    };
-    let payload = utils::Encode::<api::TokenizePayloadRequest>::encode_to_string_of_json(
-        &payload_to_be_encrypted,
-    )
-    .change_context(errors::ApiErrorResponse::InternalServerError)?;
-
-    let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encryption key")?;
-    let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encrypt JWE response")?;
-
-    let create_tokenize_request = api::TokenizePayloadEncrypted {
-        payload: encrypted_payload,
-        key_id: get_key_id(&state.conf.jwekey).to_string(),
-        version: Some(VAULT_VERSION.to_string()),
-    };
-    let request = payment_methods::mk_crud_locker_request(
-        &state.conf.locker,
-        "/tokenize",
-        create_tokenize_request,
-    )
-    .change_context(errors::ApiErrorResponse::InternalServerError)
-    .attach_printable("Making tokenize request failed")?;
-    let response = services::call_connector_api(state, request)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)?;
-
-    match response {
-        Ok(r) => {
-            let resp: api::TokenizePayloadEncrypted = r
-                .response
-                .parse_struct("TokenizePayloadEncrypted")
-                .change_context(errors::ApiErrorResponse::InternalServerError)
-                .attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
-            let alg = jwe::RSA_OAEP_256;
-            let decrypted_payload = services::decrypt_jwe(
-                &resp.payload,
-                services::KeyIdCheck::RequestResponseKeyId((
-                    get_key_id(&state.conf.jwekey),
-                    &resp.key_id,
-                )),
-                private_key,
-                alg,
-            )
-            .await
-            .change_context(errors::ApiErrorResponse::InternalServerError)
-            .attach_printable("Decrypt Jwe failed for TokenizePayloadEncrypted")?;
-            let get_response: api::GetTokenizePayloadResponse = decrypted_payload
-                .parse_struct("GetTokenizePayloadResponse")
-                .change_context(errors::ApiErrorResponse::InternalServerError)
-                .attach_printable(
-                    "Error getting GetTokenizePayloadResponse from tokenize response",
-                )?;
-            Ok(get_response.lookup_key)
-        }
-        Err(err) => {
-            metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
-            Err(errors::ApiErrorResponse::InternalServerError)
-                .into_report()
-                .attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
-        }
-    }
-}
-
-#[cfg(feature = "basilisk")]
-pub async fn old_get_tokenized_data(
-    state: &routes::AppState,
-    lookup_key: &str,
-    should_get_value2: bool,
-) -> RouterResult<api::TokenizePayloadRequest> {
-    metrics::GET_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
-    let payload_to_be_encrypted = api::GetTokenizePayloadRequest {
-        lookup_key: lookup_key.to_string(),
-        get_value2: should_get_value2,
-        service_name: VAULT_SERVICE_NAME.to_string(),
-    };
-    let payload = serde_json::to_string(&payload_to_be_encrypted)
-        .map_err(|_x| errors::ApiErrorResponse::InternalServerError)?;
-
-    let (public_key, private_key) = get_locker_jwe_keys(&state.kms_secrets)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encryption key")?;
-    let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encrypt JWE response")?;
-    let create_tokenize_request = api::TokenizePayloadEncrypted {
-        payload: encrypted_payload,
-        key_id: get_key_id(&state.conf.jwekey).to_string(),
-        version: Some("0".to_string()),
-    };
-    let request = payment_methods::mk_crud_locker_request(
-        &state.conf.locker,
-        "/tokenize/get",
-        create_tokenize_request,
-    )
-    .change_context(errors::ApiErrorResponse::InternalServerError)
-    .attach_printable("Making Get Tokenized request failed")?;
-    let response = services::call_connector_api(state, request)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)?;
-    match response {
-        Ok(r) => {
-            let resp: api::TokenizePayloadEncrypted = r
-                .response
-                .parse_struct("TokenizePayloadEncrypted")
-                .change_context(errors::ApiErrorResponse::InternalServerError)
-                .attach_printable("Decoding Failed for TokenizePayloadEncrypted")?;
-            let alg = jwe::RSA_OAEP_256;
-            let decrypted_payload = services::decrypt_jwe(
-                &resp.payload,
-                services::KeyIdCheck::RequestResponseKeyId((
-                    get_key_id(&state.conf.jwekey),
-                    &resp.key_id,
-                )),
-                private_key,
-                alg,
-            )
-            .await
-            .change_context(errors::ApiErrorResponse::InternalServerError)
-            .attach_printable("GetTokenizedApi: Decrypt Jwe failed for TokenizePayloadEncrypted")?;
-            let get_response: api::TokenizePayloadRequest = decrypted_payload
-                .parse_struct("TokenizePayloadRequest")
-                .change_context(errors::ApiErrorResponse::InternalServerError)
-                .attach_printable("Error getting TokenizePayloadRequest from tokenize response")?;
-            Ok(get_response)
-        }
-        Err(err) => {
-            metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
-            match err.status_code {
-                404 => Err(errors::ApiErrorResponse::UnprocessableEntity {
-                    message: "Token is invalid or expired".into(),
-                }
-                .into()),
-                _ => Err(errors::ApiErrorResponse::InternalServerError)
-                    .into_report()
-                    .attach_printable(format!("Got error from the basilisk locker: {err:?}")),
-            }
-        }
-    }
-}
-
-#[cfg(feature = "basilisk")]
-pub async fn old_delete_tokenized_data(
-    state: &routes::AppState,
-    lookup_key: &str,
-) -> RouterResult<()> {
-    metrics::DELETED_TOKENIZED_CARD.add(&metrics::CONTEXT, 1, &[]);
-    let payload_to_be_encrypted = api::DeleteTokenizeByTokenRequest {
-        lookup_key: lookup_key.to_string(),
-        service_name: VAULT_SERVICE_NAME.to_string(),
-    };
-    let payload = serde_json::to_string(&payload_to_be_encrypted)
-        .into_report()
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error serializing api::DeleteTokenizeByTokenRequest")?;
-
-    let (public_key, _private_key) = get_locker_jwe_keys(&state.kms_secrets.clone())
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encryption key")?;
-    let encrypted_payload = services::encrypt_jwe(payload.as_bytes(), public_key)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error getting Encrypt JWE response")?;
-    let create_tokenize_request = api::TokenizePayloadEncrypted {
-        payload: encrypted_payload,
-        key_id: get_key_id(&state.conf.jwekey).to_string(),
-        version: Some("0".to_string()),
-    };
-    let request = payment_methods::mk_crud_locker_request(
-        &state.conf.locker,
-        "/tokenize/delete/token",
-        create_tokenize_request,
-    )
-    .change_context(errors::ApiErrorResponse::InternalServerError)
-    .attach_printable("Making Delete Tokenized request failed")?;
-    let response = services::call_connector_api(state, request)
-        .await
-        .change_context(errors::ApiErrorResponse::InternalServerError)
-        .attach_printable("Error while making /tokenize/delete/token call to the locker")?;
-    match response {
-        Ok(r) => {
-            let _delete_response = std::str::from_utf8(&r.response)
-                .into_report()
-                .change_context(errors::ApiErrorResponse::InternalServerError)
-                .attach_printable("Decoding Failed for basilisk delete response")?;
-            Ok(())
-        }
-        Err(err) => {
-            metrics::TEMP_LOCKER_FAILURES.add(&metrics::CONTEXT, 1, &[]);
-            Err(errors::ApiErrorResponse::InternalServerError)
-                .into_report()
-                .attach_printable(format!("Got 4xx from the basilisk locker: {err:?}"))
-        }
-    }
-}
-
-#[cfg(feature = "basilisk")]
-pub fn get_key_id(keys: &settings::Jwekey) -> &str {
-    let key_identifier = "1"; // [#46]: Fetch this value from redis or external sources
-    if key_identifier == "1" {
-        &keys.locker_key_identifier1
-    } else {
-        &keys.locker_key_identifier2
-    }
-}

crates/router/src/services/api/client.rs

@@ -111,7 +111,6 @@ pub(super) fn create_client(
 pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
     let locker_host = locker.host.to_owned();
     let locker_host_rs = locker.host_rs.to_owned();
-    let basilisk_host = locker.basilisk_host.to_owned();
     vec![
         format!("{locker_host}/cards/add"),
         format!("{locker_host}/cards/retrieve"),
@@ -122,10 +121,6 @@ pub fn proxy_bypass_urls(locker: &Locker) -> Vec<String> {
         format!("{locker_host}/card/addCard"),
         format!("{locker_host}/card/getCard"),
         format!("{locker_host}/card/deleteCard"),
-        format!("{basilisk_host}/tokenize"),
-        format!("{basilisk_host}/tokenize/get"),
-        format!("{basilisk_host}/tokenize/delete"),
-        format!("{basilisk_host}/tokenize/delete/token"),
     ]
 }