Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(payment_link): add provision for secured payment links #5357

Merged
merged 16 commits into from
Jul 30, 2024
Merged

feat(payment_link): add provision for secured payment links #5357

merged 16 commits into from
Jul 30, 2024

Conversation

kashif-m
Copy link
Contributor

@kashif-m kashif-m commented Jul 18, 2024
edited
Loading

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Described in #5372

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

Tested locally using postman collection. Expectations -

  • existing payment links is available as open links (cannot list SPMs or render checkbox to store PM)
  • secure links are generated only when allowed_domains are configured
  • secure links can only be accessed from within an iframe on the allowed domains

Open links

1. Create a payment link - (unfold to view cURL) curl --location 'http://localhost:8080/payments' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'api-key: dev_eBTVu8OMN1HmE2xr0I0dsfypWOVwQBlietvkxf0sgYMdyFM5nRO40M8M4MLH42Jk' \ --data '{ "customer_id": "cus_izAOZiynP5URGEvEfmgH", "amount": 100, "currency": "USD", "payment_link": true, "connector": [ "stripe" ], "session_expiry": 1000000, "return_url": "http://127.0.0.1:5500/src/pl_iframe.html", "payment_link_config": { "theme": "#14356f", "logo": "https://logosandtypes.com/wp-content/uploads/2020/08/zurich.svg", "seller_name": "Zurich Inc." } }'
  1. Open the payment link (link in API response) and validate the functionality

Secure links

1. Update `allowed_domains` in business profile - (unfold to view cURL) curl --location 'http://localhost:8080/account/merchant_1721984694/business_profile/pro_oXHnmgfZSnfe92PvodqP' \ --header 'Content-Type: application/json' \ --header 'api-key: test_admin' \ --data '{ "payment_link_config": { "allowed_domains": [ "*" ], "enabled_saved_payment_method": true } }'
2. Create a payment link - (unfold to view cURL) curl --location 'http://localhost:8080/payments' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'api-key: dev_eBTVu8OMN1HmE2xr0I0dsfypWOVwQBlietvkxf0sgYMdyFM5nRO40M8M4MLH42Jk' \ --data '{ "customer_id": "cus_izAOZiynP5URGEvEfmgH", "amount": 100, "currency": "USD", "payment_link": true, "connector": [ "stripe" ], "session_expiry": 1000000, "return_url": "http://127.0.0.1:5500/src/pl_iframe.html", "payment_link_config": { "theme": "#14356f", "logo": "https://logosandtypes.com/wp-content/uploads/2020/08/zurich.svg", "seller_name": "Zurich Inc." } }'
3. Open the secure payment link (`secure_link` in API response) in an iframe for validating the functionality

Secure links demo

Screencast.from.26-07-24.02.34.52.PM.IST.webm

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@hyperswitch-bot hyperswitch-bot bot added M-database-changes Metadata: This PR involves database schema changes M-api-contract-changes Metadata: This PR involves API contract changes labels Jul 18, 2024
@kashif-m
feat(payment_link): add provision for secured payment links
4a51278 
refactor(payment_link): segregate open and secured payment links
@kashif-m kashif-m self-assigned this Jul 19, 2024
@kashif-m kashif-m changed the title Payment links sec feat(payment_link): add provision for secured payment links Jul 19, 2024
@kashif-m kashif-m linked an issue Jul 19, 2024 that may be closed by this pull request
[FEATURE] provision for secure payment links #5372
Closed
2 tasks
@kashif-m
feat(payment_link): add client side checks for initiating secure paym…
b0e89e4 
…ent links only when they're not opened at top
@kashif-m kashif-m marked this pull request as ready for review July 19, 2024 08:09
@kashif-m kashif-m requested review from a team as code owners July 19, 2024 08:09
seekshiva
seekshiva previously approved these changes Jul 19, 2024
View reviewed changes
SanchithHegde
SanchithHegde reviewed Jul 19, 2024
View reviewed changes
migrations/2024-07-17-131830_alter_payment_link/up.sql Outdated Show resolved Hide resolved
crates/router/src/services/api.rs Outdated Show resolved Hide resolved
crates/router/src/core/payouts/validator.rs Outdated Show resolved Hide resolved
crates/router/src/routes/app.rs
@@ -1271,6 +1271,10 @@ impl PaymentLink {
web::resource("{merchant_id}/{payment_id}")
.route(web::get().to(initiate_payment_link)),
)
.service(
web::resource("s/{merchant_id}/{payment_id}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this supposed to be only /{merchant_id}/{payment_id}?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've decided to add /s/ for secure links

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should change it to secure

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was added based on the discussions, primarily for ensuring the context of open / secure links can not be inferred from these links // @knutties

SanchithHegde
SanchithHegde reviewed Jul 23, 2024
View reviewed changes
Copy link
Member

@SanchithHegde SanchithHegde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than that, looks good to me!

crates/router/src/services/api.rs Outdated Show resolved Hide resolved
sahkal
sahkal reviewed Jul 24, 2024
View reviewed changes
crates/router/src/core/payments/operations/payment_create.rs
Comment on lines +1229 to +1234
"{}/payment_link/s/{}/{}",
domain_name,
merchant_id.clone(),
payment_id.clone()
)
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is s in the path param, why not explicitly state secure

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#5357 (comment)

sahkal
sahkal requested changes Jul 24, 2024
View reviewed changes
crates/router/src/core/payment_link.rs
Comment on lines +663 to 671
PaymentLinkConfig {
theme: DEFAULT_BACKGROUND_COLOR.to_string(),
logo: DEFAULT_MERCHANT_LOGO.to_string(),
seller_name: merchant_name_from_merchant_account,
sdk_layout: DEFAULT_SDK_LAYOUT.to_owned(),
display_sdk_only: DEFAULT_DISPLAY_SDK_ONLY,
enabled_saved_payment_method: DEFAULT_ENABLE_SAVED_PAYMENT_METHOD,
allowed_domains: DEFAULT_ALLOWED_DOMAINS,
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we make a new structs for PaymentLinkConfig as PaymentLinkOpenConfig and PaymentLinkSecureConfig. As it doesn't make sense to have allowed_domains params inside open_link

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is stored in DB as well, we will need to split tables / columns if we want to store different structs

crates/router/src/core/payment_methods.rs Outdated Show resolved Hide resolved
crates/router/src/routes/app.rs
@@ -1271,6 +1271,10 @@ impl PaymentLink {
web::resource("{merchant_id}/{payment_id}")
.route(web::get().to(initiate_payment_link)),
)
.service(
web::resource("s/{merchant_id}/{payment_id}")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should change it to secure

crates/router/src/services/api/generic_link_response.rs Show resolved Hide resolved
crates/router/src/services/api.rs Outdated Show resolved Hide resolved
crates/router/src/types/transformers.rs Outdated Show resolved Hide resolved
migrations/2024-07-17-131830_alter_payment_link/up.sql Outdated Show resolved Hide resolved
sahkal
sahkal previously approved these changes Jul 27, 2024
View reviewed changes
seekshiva
seekshiva previously approved these changes Jul 29, 2024
View reviewed changes
@kashif-m @SanchithHegde
refactor(docs): remove abbreviation
5e0814a 
committed from GitHub web

Co-authored-by: Sanchith Hegde <[email protected]>
@kashif-m kashif-m dismissed stale reviews from seekshiva and sahkal via 5e0814a July 29, 2024 16:47
@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Jul 30, 2024
Merged via the queue into main with commit 043abb5 Jul 30, 2024
14 checks passed
@Gnanasundari24 Gnanasundari24 deleted the payment_links_sec branch July 30, 2024 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sahkal sahkal sahkal approved these changes

@SanchithHegde SanchithHegde SanchithHegde approved these changes

@seekshiva seekshiva seekshiva approved these changes

Assignees

@kashif-m kashif-m

Labels
A-payments Area: payments M-api-contract-changes Metadata: This PR involves API contract changes M-database-changes Metadata: This PR involves database schema changes Payment Links
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] provision for secure payment links
5 participants
@kashif-m @seekshiva @SanchithHegde @sahkal @Gnanasundari24