refactor(router): restricted list payment method Customer to api-key based (#3100)

Author: sahkal

crates/api_models/src/payment_methods.rs

@@ -13,9 +13,7 @@ use utoipa::{schema, ToSchema};
 #[cfg(feature = "payouts")]
 use crate::payouts;
 use crate::{
-    admin,
-    customers::CustomerId,
-    enums as api_enums,
+    admin, enums as api_enums,
     payments::{self, BankCodeResponse},
 };
 
@@ -459,8 +457,6 @@ pub struct RequestPaymentMethodTypes {
 #[derive(Debug, Clone, serde::Serialize, Default, ToSchema)]
 #[serde(deny_unknown_fields)]
 pub struct PaymentMethodListRequest {
-    #[serde(skip_deserializing)]
-    pub customer_id: Option<CustomerId>,
     /// This is a 15 minute expiry token which shall be used from the client to authenticate and perform sessions from the SDK
     #[schema(max_length = 30, min_length = 30, example = "secret_k2uj3he2893ein2d")]
     pub client_secret: Option<String>,

crates/router/src/routes/payment_methods.rs

@@ -108,7 +108,6 @@ pub async fn list_payment_method_api(
     get,
     path = "/customers/{customer_id}/payment_methods",
     params (
-        ("customer_id" = String, Path, description = "The unique identifier for the customer account"),
         ("accepted_country" = Vec<String>, Query, description = "The two-letter ISO currency code"),
         ("accepted_currency" = Vec<Currency>, Path, description = "The three-letter ISO currency code"),
         ("minimum_amount" = i64, Query, description = "The minimum amount accepted for processing by the particular payment method."),
@@ -134,10 +133,6 @@ pub async fn list_customer_payment_method_api(
 ) -> HttpResponse {
     let flow = Flow::CustomerPaymentMethodsList;
     let payload = query_payload.into_inner();
-    let (auth, _) = match auth::check_client_secret_and_get_auth(req.headers(), &payload) {
-        Ok((auth, _auth_flow)) => (auth, _auth_flow),
-        Err(e) => return api::log_and_return_error_response(e),
-    };
     let customer_id = customer_id.into_inner().0;
     Box::pin(api::server_wrap(
         flow,
@@ -153,7 +148,7 @@ pub async fn list_customer_payment_method_api(
                 Some(&customer_id),
             )
         },
-        &*auth,
+        &auth::ApiKeyAuth,
         api_locking::LockAction::NotApplicable,
     ))
     .await
@@ -166,7 +161,6 @@ pub async fn list_customer_payment_method_api(
     path = "/customers/payment_methods",
     params (
         ("client-secret" = String, Path, description = "A secret known only to your application and the authorization server"),
-        ("customer_id" = String, Path, description = "The unique identifier for the customer account"),
         ("accepted_country" = Vec<String>, Query, description = "The two-letter ISO currency code"),
         ("accepted_currency" = Vec<Currency>, Path, description = "The three-letter ISO currency code"),
         ("minimum_amount" = i64, Query, description = "The minimum amount accepted for processing by the particular payment method."),

openapi/openapi_spec.json

@@ -473,15 +473,6 @@
               "type": "string"
             }
           },
-          {
-            "name": "customer_id",
-            "in": "path",
-            "description": "The unique identifier for the customer account",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
           {
             "name": "accepted_country",
             "in": "query",
@@ -711,15 +702,6 @@
         "description": "List payment methods for a Customer\n\nTo filter and list the applicable payment methods for a particular Customer ID",
         "operationId": "List all Payment Methods for a Customer",
         "parameters": [
-          {
-            "name": "customer_id",
-            "in": "path",
-            "description": "The unique identifier for the customer account",
-            "required": true,
-            "schema": {
-              "type": "string"
-            }
-          },
           {
             "name": "accepted_country",
             "in": "query",