Skip to content

feat(core): Add V2 Authentication to all available endpoints#7487

Merged
bernard-eugine merged 11 commits intomainfrom
v2-auth
Mar 12, 2025
Merged

feat(core): Add V2 Authentication to all available endpoints#7487
bernard-eugine merged 11 commits intomainfrom
v2-auth

Conversation

@GauravRawat369
Copy link
Contributor

@GauravRawat369 GauravRawat369 commented Mar 12, 2025
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

This commit introduces V2 authentication mechanisms for various admin and client-side APIs :

  • Added V2AdminApiAuth and modified AdminApiAuthWithMerchantIdFromRoute for V2
  • Added V2ApiKeyAuth , V2AdminApiAuth and V2ClientAuth to the endpoints
  • Refactored functions to support V2 Auth as well as V1 Auth

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

For /v2/merchant-accounts

Request

curl --location 'http://localhost:8080/v2/merchant-accounts' \
--header 'x-organization-id: org_d2lZPiRPOGbIMmFcb59A' \
--header 'Content-Type: application/json' \
--header 'Authorization: admin-api-key=test_admin' \
--data '{
    "merchant_name": "cloth_seller"
}'

Response

{
    "id": "cloth_seller_KdjFPBxrxWyX09jri2VB",
    "merchant_name": "cloth_seller",
    "merchant_details": null,
    "publishable_key": "pk_dev_735cafe5f43446e88d22bedec15b0139",
    "metadata": null,
    "organization_id": "org_d2lZPiRPOGbIMmFcb59A",
    "recon_status": "not_requested",
    "product_type": "orchestration"
}

For /v2/organization

Request

curl --location 'http://localhost:8080/v2/organization' \
--header 'Authorization: admin-api-key=test_admin' \
--header 'Content-Type: application/json' \
--data '{
    "organization_name": "random_org_1741776562"
}'

Response

{
    "id": "org_m4fLYdEFb7PNHynIfmZO",
    "organization_name": "random_org_1741776558",
    "organization_details": null,
    "metadata": null,
    "modified_at": "2025-03-12 10:49:18.475431",
    "created_at": "2025-03-12 10:49:18.475424"
}

This is how V2AdminApiAuth looks like

pub struct V2AdminApiAuth;

#[async_trait]
impl<A> AuthenticateAndFetch<(), A> for V2AdminApiAuth
where
    A: SessionStateInfo + Sync,
{
    async fn authenticate_and_fetch(
        &self,
        request_headers: &HeaderMap,
        state: &A,
    ) -> RouterResult<((), AuthenticationType)> {
        let header_map_struct = HeaderMapStruct::new(&request_headers);
        let auth_string = header_map_struct.get_auth_string_from_header()?;
        let request_admin_api_key = auth_string
            .split(',')
            .find_map(|part| part.trim().strip_prefix("admin-api-key="))
            .ok_or_else(|| {
                report!(errors::ApiErrorResponse::Unauthorized)
                    .attach_printable("Unable to parse admin_api_key")
            })?;
        if request_admin_api_key.is_empty() {
            return Err(errors::ApiErrorResponse::Unauthorized)
                .attach_printable("Admin Api key is empty");
        }
        let conf = state.conf();

        let admin_api_key = &conf.secrets.get_inner().admin_api_key;

        if request_admin_api_key != admin_api_key.peek() {
            Err(report!(errors::ApiErrorResponse::Unauthorized)
                .attach_printable("Admin Authentication Failure"))?;
        }

        Ok(((), AuthenticationType::AdminApiKey))
    }
}

What changes are done in authorization header

How it was earlier?

api-key = {{api-key}}
client-secret={{client_secret}} 
api-key = {{admin_api_key}}

Changed version

Authorization = api-key={{api-key}} 
Authorization = admin-api-key={{admin_api_key}}
Authorization = publishable-key={{publishable_key}},client-secret={{client_secret}}

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@GauravRawat369 GauravRawat369 requested review from a team as code owners March 12, 2025 04:05
@semanticdiff-com
Copy link

semanticdiff-com bot commented Mar 12, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  crates/router/src/routes/payments.rs  9% smaller
  crates/router/src/routes/admin.rs  1% smaller
  crates/router/src/core/errors.rs  0% smaller
  crates/router/src/routes/api_keys.rs  0% smaller
  crates/router/src/routes/customers.rs  0% smaller
  crates/router/src/routes/ephemeral_key.rs  0% smaller
  crates/router/src/routes/payment_methods.rs  0% smaller
  crates/router/src/routes/routing.rs  0% smaller
  crates/router/src/services/authentication.rs  0% smaller

@GauravRawat369 GauravRawat369 changed the title Add V2 Authentication to all available endpoints feat(core): Add V2 Authentication to all available endpoints Mar 12, 2025
@GauravRawat369 GauravRawat369 self-assigned this Mar 12, 2025
@GauravRawat369 GauravRawat369 linked an issue Mar 12, 2025 that may be closed by this pull request
feat(core): Add V2 Authentication to all available endpoints #7488
Closed
3 tasks
@GauravRawat369 GauravRawat369 requested a review from a team as a code owner March 12, 2025 05:40
@Narayanbhat166
Copy link
Contributor

Narayanbhat166 commented Mar 12, 2025

@GauravRawat369, can you add the request and response for the api endpoints that you tested, in the PR description?

Narayanbhat166
Narayanbhat166 reviewed Mar 12, 2025
View reviewed changes
@SanchithHegde SanchithHegde mentioned this pull request Mar 12, 2025
Merged
14 tasks
@bernard-eugine bernard-eugine disabled auto-merge March 12, 2025 20:18
@bernard-eugine bernard-eugine merged commit 3667a7f into main Mar 12, 2025
16 of 20 checks passed
@bernard-eugine bernard-eugine deleted the v2-auth branch March 12, 2025 20:19
@GauravRawat369 GauravRawat369 mentioned this pull request Apr 9, 2025
Merged
14 tasks
This was referenced Apr 14, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@apoorvdixit88 apoorvdixit88 apoorvdixit88 approved these changes

+1 more reviewer

@Narayanbhat166 Narayanbhat166 Narayanbhat166 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@GauravRawat369 GauravRawat369

Labels

api-v2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(core): Add V2 Authentication to all available endpoints

5 participants

@GauravRawat369 @Narayanbhat166 @SanchithHegde @apoorvdixit88 @bernard-eugine