feat(router): Add new JWT authentication variants and use them (#2835)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: ThisIsMani

.typos.toml

@@ -40,4 +40,5 @@ afe = "afe" # Commit id
 extend-exclude = [
     "config/redis.conf", # `typos` also checked "AKE" in the file, which is present as a quoted string
     "openapi/open_api_spec.yaml", # no longer updated
+    "crates/router/src/utils/user/blocker_emails.txt", # this file contains various email domains
 ]

Cargo.lock

@@ -5,6 +5,7 @@ pub mod payment;
 pub mod payouts;
 pub mod refund;
 pub mod routing;
+pub mod user;
 
 use common_utils::{
     events::{ApiEventMetric, ApiEventsType},

crates/api_models/src/events.rs

@@ -0,0 +1,14 @@
+use common_utils::events::{ApiEventMetric, ApiEventsType};
+
+use crate::user::{ConnectAccountRequest, ConnectAccountResponse};
+
+impl ApiEventMetric for ConnectAccountResponse {
+    fn get_api_event_type(&self) -> Option<ApiEventsType> {
+        Some(ApiEventsType::User {
+            merchant_id: self.merchant_id.clone(),
+            user_id: self.user_id.clone(),
+        })
+    }
+}
+
+impl ApiEventMetric for ConnectAccountRequest {}

crates/api_models/src/events/user.rs

@@ -21,5 +21,6 @@ pub mod payments;
 pub mod payouts;
 pub mod refunds;
 pub mod routing;
+pub mod user;
 pub mod verifications;
 pub mod webhooks;

crates/api_models/src/lib.rs

@@ -0,0 +1,21 @@
+use common_utils::pii;
+use masking::Secret;
+
+#[derive(serde::Deserialize, Debug, Clone, serde::Serialize)]
+pub struct ConnectAccountRequest {
+    pub email: pii::Email,
+    pub password: Secret<String>,
+}
+
+#[derive(serde::Serialize, Debug, Clone)]
+pub struct ConnectAccountResponse {
+    pub token: Secret<String>,
+    pub merchant_id: String,
+    pub name: Secret<String>,
+    pub email: pii::Email,
+    pub verification_days_left: Option<i64>,
+    pub user_role: String,
+    //this field is added for audit/debug reasons
+    #[serde(skip_serializing)]
+    pub user_id: String,
+}

crates/api_models/src/user.rs

@@ -27,4 +27,4 @@ serde = { version = "1.0.163", features = ["derive"] }
 serde_json = "1.0.96"
 strum  = { version = "0.25", features = [ "derive" ] }
 thiserror = "1.0.40"
-time = { version = "0.3.21", features = ["serde", "serde-well-known", "std"] }
+time = { version = "0.3.21", features = ["serde", "serde-well-known", "std"] }

crates/data_models/Cargo.toml

@@ -38,6 +38,7 @@ actix-cors = "0.6.4"
 actix-multipart = "0.6.0"
 actix-rt = "2.8.0"
 actix-web = "4.3.1"
+argon2 = { version = "0.5.0", features = ["std"] }
 async-bb8-diesel = "0.1.0"
 async-trait = "0.1.68"
 aws-config = { version = "0.55.3", optional = true }
@@ -89,10 +90,12 @@ thiserror = "1.0.40"
 time = { version = "0.3.21", features = ["serde", "serde-well-known", "std"] }
 tokio = { version = "1.28.2", features = ["macros", "rt-multi-thread"] }
 tera = "1.19.1"
+unicode-segmentation = "1.10.1"
 url = { version = "2.4.0", features = ["serde"] }
 utoipa = { version = "3.3.0", features = ["preserve_order", "time"] }
 utoipa-swagger-ui = { version = "3.1.3", features = ["actix-web"] }
 uuid = { version = "1.3.3", features = ["serde", "v4"] }
+validator = "0.16.0"
 openssl = "0.10.55"
 x509-parser = "0.15.0"
 sha-1 = { version = "0.9"}

crates/router/Cargo.toml

@@ -1,3 +1,6 @@
+#[cfg(feature = "olap")]
+pub mod user;
+
 // ID generation
 pub(crate) const ID_LENGTH: usize = 20;
 pub(crate) const MAX_ID_LENGTH: usize = 64;
@@ -52,3 +55,6 @@ pub const ROUTING_CONFIG_ID_LENGTH: usize = 10;
 
 pub const LOCKER_REDIS_PREFIX: &str = "LOCKER_PM_TOKEN";
 pub const LOCKER_REDIS_EXPIRY_SECONDS: u32 = 60 * 15; // 15 minutes
+
+#[cfg(any(feature = "olap", feature = "oltp"))]
+pub const JWT_TOKEN_TIME_IN_SECS: u64 = 60 * 60 * 24 * 2; // 2 days

crates/router/src/consts.rs

@@ -0,0 +1,8 @@
+#[cfg(feature = "olap")]
+pub const MAX_NAME_LENGTH: usize = 70;
+#[cfg(feature = "olap")]
+pub const MAX_COMPANY_NAME_LENGTH: usize = 70;
+
+// USER ROLES
+#[cfg(any(feature = "olap", feature = "oltp"))]
+pub const ROLE_ID_ORGANIZATION_ADMIN: &str = "org_admin";