diff --git a/src/app.rs b/src/app.rs index 598d486..76e587e 100644 --- a/src/app.rs +++ b/src/app.rs @@ -8,7 +8,9 @@ use std::sync::Arc; use crate::{ api_client::ApiClient, config::{self, GlobalConfig, TenantConfig}, - error, logger, routes, storage, + error, logger, + routes::{self, routes_v2}, + storage, tenant::GlobalAppState, utils, }; @@ -108,6 +110,15 @@ where #[cfg(feature = "key_custodian")] let router = router.nest("/custodian", routes::key_custodian::serve()); + // v2 routes + let router = router.nest( + "api/v2/vault", + axum::Router::new() + .route("/delete", post(routes_v2::data::delete_card)) + .route("/add", post(routes_v2::data::add_card)) + .route("/retrieve", post(routes_v2::data::retrieve_card)), + ); + let router = router.layer( tower_trace::TraceLayer::new_for_http() .make_span_with(|request: &Request<_>| utils::record_tenant_id_from_header(request)) diff --git a/src/error/custom_error.rs b/src/error/custom_error.rs index 41c4eb2..bece125 100644 --- a/src/error/custom_error.rs +++ b/src/error/custom_error.rs @@ -17,7 +17,7 @@ pub enum MerchantDBError { } #[derive(Debug, thiserror::Error)] -pub enum LockerDBError { +pub enum VaultDBError { #[error("Error while encrypting data before adding to DB")] DataEncryptionError, #[error("Error while decrypting data from DB")] diff --git a/src/error/transforms.rs b/src/error/transforms.rs index 2d61599..47473de 100644 --- a/src/error/transforms.rs +++ b/src/error/transforms.rs @@ -13,8 +13,8 @@ impl<'a> From<&'a super::CryptoError> for super::MerchantDBError { } } -error_transform!(super::CryptoError => super::LockerDBError); -impl<'a> From<&'a super::CryptoError> for super::LockerDBError { +error_transform!(super::CryptoError => super::VaultDBError); +impl<'a> From<&'a super::CryptoError> for super::VaultDBError { fn from(value: &'a super::CryptoError) -> Self { match value { super::CryptoError::SerdeJsonError(_) @@ -45,8 +45,8 @@ impl<'a> From<&'a super::StorageError> for super::MerchantDBError { } } -error_transform!(super::StorageError => super::LockerDBError); -impl<'a> From<&'a super::StorageError> for super::LockerDBError { +error_transform!(super::StorageError => super::VaultDBError); +impl<'a> From<&'a super::StorageError> for super::VaultDBError { fn from(value: &'a super::StorageError) -> Self { match value { super::StorageError::DBPoolError | super::StorageError::PoolClientFailure => { @@ -176,18 +176,19 @@ impl<'a> From<&'a super::MerchantDBError> for super::ApiError { } } -error_transform!(super::LockerDBError => super::ApiError); -impl<'a> From<&'a super::LockerDBError> for super::ApiError { - fn from(value: &'a super::LockerDBError) -> Self { +error_transform!(super::VaultDBError => super::ApiError); +impl<'a> From<&'a super::VaultDBError> for super::ApiError { + fn from(value: &'a super::VaultDBError) -> Self { match value { - super::LockerDBError::DataEncryptionError - | super::LockerDBError::DataDecryptionError => Self::MerchantKeyError, - super::LockerDBError::DBError => Self::DatabaseError, - super::LockerDBError::DBFilterError => Self::RetrieveDataFailed("locker"), - super::LockerDBError::DBInsertError => Self::DatabaseInsertFailed("locker"), - super::LockerDBError::DBDeleteError => Self::DatabaseDeleteFailed("locker"), - super::LockerDBError::UnknownError => Self::UnknownError, - super::LockerDBError::NotFoundError => Self::NotFoundError, + super::VaultDBError::DataEncryptionError | super::VaultDBError::DataDecryptionError => { + Self::MerchantKeyError + } + super::VaultDBError::DBError => Self::DatabaseError, + super::VaultDBError::DBFilterError => Self::RetrieveDataFailed("locker"), + super::VaultDBError::DBInsertError => Self::DatabaseInsertFailed("locker"), + super::VaultDBError::DBDeleteError => Self::DatabaseDeleteFailed("locker"), + super::VaultDBError::UnknownError => Self::UnknownError, + super::VaultDBError::NotFoundError => Self::NotFoundError, } } } diff --git a/src/routes/data.rs b/src/routes/data.rs index 556910b..b637ff0 100644 --- a/src/routes/data.rs +++ b/src/routes/data.rs @@ -31,7 +31,6 @@ use self::types::Validation; mod transformers; pub mod types; -pub use super::routes_v2; #[cfg(feature = "limit")] const BUFFER_LIMIT: usize = 1024; @@ -76,15 +75,6 @@ pub fn serve( .route("/retrieve", post(retrieve_card)) .route("/fingerprint", post(get_or_insert_fingerprint)); - // v2 routes - let router = router.nest( - "/v2", - axum::Router::new() - .route("/vault/delete", post(routes_v2::data::delete_card)) - .route("/vault/add", post(routes_v2::data::add_card)) - .route("/vault/retrieve", post(routes_v2::data::retrieve_card)), - ); - #[cfg(feature = "middleware")] { router.layer(middleware::from_fn_with_state( diff --git a/src/routes/routes_v2/data/types.rs b/src/routes/routes_v2/data/types.rs index 8458427..957ba7a 100644 --- a/src/routes/routes_v2/data/types.rs +++ b/src/routes/routes_v2/data/types.rs @@ -1,3 +1,5 @@ +use masking::Secret; + use crate::routes::data::types::Ttl; #[derive(serde::Serialize, serde::Deserialize)] @@ -10,13 +12,6 @@ pub struct DeleteCardRequest { pub struct DeleteCardResponse { pub entity_id: String, pub vault_id: String, - pub status: Status, -} - -#[derive(serde::Serialize, serde::Deserialize)] -#[serde(rename_all = "PascalCase")] -pub enum Status { - Ok, } #[derive(serde::Serialize, serde::Deserialize)] @@ -27,15 +22,14 @@ pub struct RetrieveCardRequest { #[derive(serde::Serialize, serde::Deserialize)] pub struct RetrieveCardResponse { - pub status: Status, - pub payload: serde_json::Value, + pub payload: Secret, } #[derive(serde::Serialize, serde::Deserialize, Debug)] pub struct StoreCardRequest { pub entity_id: String, pub vault_id: String, - pub data: serde_json::Value, + pub data: Secret, pub ttl: Ttl, } diff --git a/src/storage/db.rs b/src/storage/db.rs index d82b65a..1511434 100644 --- a/src/storage/db.rs +++ b/src/storage/db.rs @@ -118,7 +118,7 @@ impl MerchantInterface for Storage { impl LockerInterface for Storage { type Algorithm = GcmAes256; - type Error = error::LockerDBError; + type Error = error::VaultDBError; async fn find_by_locker_id_merchant_id_customer_id( &self, diff --git a/src/storage/storage_v2.rs b/src/storage/storage_v2.rs index 7af6323..7a1d426 100644 --- a/src/storage/storage_v2.rs +++ b/src/storage/storage_v2.rs @@ -14,7 +14,7 @@ pub(crate) trait VaultInterface { type Algorithm: Encryption, Vec>; type Error; - /// Fetch payment data from vault table by decrypting with `dek` + /// Fetch data from vault table async fn find_by_vault_id_entity_id( &self, vault_id: Secret, @@ -22,23 +22,17 @@ pub(crate) trait VaultInterface { key: &Self::Algorithm, ) -> Result>; - /// Insert payment data from vault table by decrypting with `dek` + /// Insert data from vault table async fn insert_or_get_from_vault( &self, new: types::VaultNew, key: &Self::Algorithm, ) -> Result>; - /// Delete card from the vault, without access to the `dek` + /// Delete data from the vault async fn delete_from_vault( &self, vault_id: Secret, entity_id: &str, ) -> Result>; - - // async fn find_by_hash_id_merchant_id_customer_id( - // &self, - // entity_id: &str, - // key: &Self::Algorithm, - // ) -> Result, ContainerError>; } diff --git a/src/storage/storage_v2/db.rs b/src/storage/storage_v2/db.rs index 3abeac3..c39ee87 100644 --- a/src/storage/storage_v2/db.rs +++ b/src/storage/storage_v2/db.rs @@ -18,7 +18,7 @@ use super::{types, VaultInterface}; impl VaultInterface for Storage { type Algorithm = GcmAes256; - type Error = error::LockerDBError; + type Error = error::VaultDBError; async fn find_by_vault_id_entity_id( &self, diff --git a/src/storage/storage_v2/types.rs b/src/storage/storage_v2/types.rs index d8e5985..289967c 100644 --- a/src/storage/storage_v2/types.rs +++ b/src/storage/storage_v2/types.rs @@ -9,19 +9,6 @@ use crate::{ }, }; -#[derive(Debug, Clone)] -pub struct Entity { - pub entity_id: String, - pub enc_key: Secret>, - pub created_at: time::PrimitiveDateTime, -} - -#[derive(Debug)] -pub struct EntityNew<'a> { - pub entity_id: &'a str, - pub enc_key: Secret>, -} - #[derive(Debug)] pub struct Vault { pub vault_id: Secret,