address pr comments

src/app.rs

@@ -8,7 +8,9 @@ use std::sync::Arc;
 use crate::{
     api_client::ApiClient,
     config::{self, GlobalConfig, TenantConfig},
-    error, logger, routes, storage,
+    error, logger,
+    routes::{self, routes_v2},
+    storage,
     tenant::GlobalAppState,
     utils,
 };
@@ -108,6 +110,15 @@ where
     #[cfg(feature = "key_custodian")]
     let router = router.nest("/custodian", routes::key_custodian::serve());
 
+    // v2 routes
+    let router = router.nest(
+        "api/v2/vault",
+        axum::Router::new()
+            .route("/delete", post(routes_v2::data::delete_card))
+            .route("/add", post(routes_v2::data::add_card))
+            .route("/retrieve", post(routes_v2::data::retrieve_card)),
+    );
+
     let router = router.layer(
         tower_trace::TraceLayer::new_for_http()
             .make_span_with(|request: &Request<_>| utils::record_tenant_id_from_header(request))

src/error/custom_error.rs

@@ -17,7 +17,7 @@ pub enum MerchantDBError {
 }
 
 #[derive(Debug, thiserror::Error)]
-pub enum LockerDBError {
+pub enum VaultDBError {
     #[error("Error while encrypting data before adding to DB")]
     DataEncryptionError,
     #[error("Error while decrypting data from DB")]

src/error/transforms.rs

@@ -13,8 +13,8 @@ impl<'a> From<&'a super::CryptoError> for super::MerchantDBError {
     }
 }
 
-error_transform!(super::CryptoError => super::LockerDBError);
-impl<'a> From<&'a super::CryptoError> for super::LockerDBError {
+error_transform!(super::CryptoError => super::VaultDBError);
+impl<'a> From<&'a super::CryptoError> for super::VaultDBError {
     fn from(value: &'a super::CryptoError) -> Self {
         match value {
             super::CryptoError::SerdeJsonError(_)
@@ -45,8 +45,8 @@ impl<'a> From<&'a super::StorageError> for super::MerchantDBError {
     }
 }
 
-error_transform!(super::StorageError => super::LockerDBError);
-impl<'a> From<&'a super::StorageError> for super::LockerDBError {
+error_transform!(super::StorageError => super::VaultDBError);
+impl<'a> From<&'a super::StorageError> for super::VaultDBError {
     fn from(value: &'a super::StorageError) -> Self {
         match value {
             super::StorageError::DBPoolError | super::StorageError::PoolClientFailure => {
@@ -176,18 +176,19 @@ impl<'a> From<&'a super::MerchantDBError> for super::ApiError {
     }
 }
 
-error_transform!(super::LockerDBError => super::ApiError);
-impl<'a> From<&'a super::LockerDBError> for super::ApiError {
-    fn from(value: &'a super::LockerDBError) -> Self {
+error_transform!(super::VaultDBError => super::ApiError);
+impl<'a> From<&'a super::VaultDBError> for super::ApiError {
+    fn from(value: &'a super::VaultDBError) -> Self {
         match value {
-            super::LockerDBError::DataEncryptionError
-            | super::LockerDBError::DataDecryptionError => Self::MerchantKeyError,
-            super::LockerDBError::DBError => Self::DatabaseError,
-            super::LockerDBError::DBFilterError => Self::RetrieveDataFailed("locker"),
-            super::LockerDBError::DBInsertError => Self::DatabaseInsertFailed("locker"),
-            super::LockerDBError::DBDeleteError => Self::DatabaseDeleteFailed("locker"),
-            super::LockerDBError::UnknownError => Self::UnknownError,
-            super::LockerDBError::NotFoundError => Self::NotFoundError,
+            super::VaultDBError::DataEncryptionError | super::VaultDBError::DataDecryptionError => {
+                Self::MerchantKeyError
+            }
+            super::VaultDBError::DBError => Self::DatabaseError,
+            super::VaultDBError::DBFilterError => Self::RetrieveDataFailed("locker"),
+            super::VaultDBError::DBInsertError => Self::DatabaseInsertFailed("locker"),
+            super::VaultDBError::DBDeleteError => Self::DatabaseDeleteFailed("locker"),
+            super::VaultDBError::UnknownError => Self::UnknownError,
+            super::VaultDBError::NotFoundError => Self::NotFoundError,
         }
     }
 }

src/routes/data.rs

@@ -31,7 +31,6 @@ use self::types::Validation;
 
 mod transformers;
 pub mod types;
-pub use super::routes_v2;
 
 #[cfg(feature = "limit")]
 const BUFFER_LIMIT: usize = 1024;
@@ -76,15 +75,6 @@ pub fn serve(
         .route("/retrieve", post(retrieve_card))
         .route("/fingerprint", post(get_or_insert_fingerprint));
 
-    // v2 routes
-    let router = router.nest(
-        "/v2",
-        axum::Router::new()
-            .route("/vault/delete", post(routes_v2::data::delete_card))
-            .route("/vault/add", post(routes_v2::data::add_card))
-            .route("/vault/retrieve", post(routes_v2::data::retrieve_card)),
-    );
-
     #[cfg(feature = "middleware")]
     {
         router.layer(middleware::from_fn_with_state(

src/routes/routes_v2/data/types.rs

@@ -1,3 +1,5 @@
+use masking::Secret;
+
 use crate::routes::data::types::Ttl;
 
 #[derive(serde::Serialize, serde::Deserialize)]
@@ -10,13 +12,6 @@ pub struct DeleteCardRequest {
 pub struct DeleteCardResponse {
     pub entity_id: String,
     pub vault_id: String,
-    pub status: Status,
-}
-
-#[derive(serde::Serialize, serde::Deserialize)]
-#[serde(rename_all = "PascalCase")]
-pub enum Status {
-    Ok,
 }
 
 #[derive(serde::Serialize, serde::Deserialize)]
@@ -27,15 +22,14 @@ pub struct RetrieveCardRequest {
 
 #[derive(serde::Serialize, serde::Deserialize)]
 pub struct RetrieveCardResponse {
-    pub status: Status,
-    pub payload: serde_json::Value,
+    pub payload: Secret<serde_json::Value>,
 }
 
 #[derive(serde::Serialize, serde::Deserialize, Debug)]
 pub struct StoreCardRequest {
     pub entity_id: String,
     pub vault_id: String,
-    pub data: serde_json::Value,
+    pub data: Secret<serde_json::Value>,
     pub ttl: Ttl,
 }
 

src/storage/db.rs

@@ -118,7 +118,7 @@ impl MerchantInterface for Storage {
 
 impl LockerInterface for Storage {
     type Algorithm = GcmAes256;
-    type Error = error::LockerDBError;
+    type Error = error::VaultDBError;
 
     async fn find_by_locker_id_merchant_id_customer_id(
         &self,

src/storage/storage_v2.rs

@@ -14,31 +14,25 @@ pub(crate) trait VaultInterface {
     type Algorithm: Encryption<Vec<u8>, Vec<u8>>;
     type Error;
 
-    /// Fetch payment data from vault table by decrypting with `dek`
+    /// Fetch data from vault table
     async fn find_by_vault_id_entity_id(
         &self,
         vault_id: Secret<String>,
         entity_id: &str,
         key: &Self::Algorithm,
     ) -> Result<types::Vault, ContainerError<Self::Error>>;
 
-    /// Insert payment data from vault table by decrypting with `dek`
+    /// Insert data from vault table
     async fn insert_or_get_from_vault(
         &self,
         new: types::VaultNew,
         key: &Self::Algorithm,
     ) -> Result<types::Vault, ContainerError<Self::Error>>;
 
-    /// Delete card from the vault, without access to the `dek`
+    /// Delete data from the vault
     async fn delete_from_vault(
         &self,
         vault_id: Secret<String>,
         entity_id: &str,
     ) -> Result<usize, ContainerError<Self::Error>>;
-
-    // async fn find_by_hash_id_merchant_id_customer_id(
-    //     &self,
-    //     entity_id: &str,
-    //     key: &Self::Algorithm,
-    // ) -> Result<Option<types::Vault>, ContainerError<Self::Error>>;
 }

src/storage/storage_v2/db.rs

@@ -18,7 +18,7 @@ use super::{types, VaultInterface};
 
 impl VaultInterface for Storage {
     type Algorithm = GcmAes256;
-    type Error = error::LockerDBError;
+    type Error = error::VaultDBError;
 
     async fn find_by_vault_id_entity_id(
         &self,

src/storage/storage_v2/types.rs

@@ -9,19 +9,6 @@ use crate::{
     },
 };
 
-#[derive(Debug, Clone)]
-pub struct Entity {
-    pub entity_id: String,
-    pub enc_key: Secret<Vec<u8>>,
-    pub created_at: time::PrimitiveDateTime,
-}
-
-#[derive(Debug)]
-pub struct EntityNew<'a> {
-    pub entity_id: &'a str,
-    pub enc_key: Secret<Vec<u8>>,
-}
-
 #[derive(Debug)]
 pub struct Vault {
     pub vault_id: Secret<String>,