feat: add whitelist to shopify scope

All endpoints in the `/shopify` scope now have a whitelist check, if
configured.

Author: CjS77

e2e/tests/cucumber/steps.rs

@@ -9,7 +9,7 @@ use tari_jwt::{
     Ristretto256,
     Ristretto256SigningKey,
 };
-use tari_payment_engine::db_types::Role;
+use tari_payment_engine::db_types::{MicroTari, OrderId, Role};
 use tari_payment_server::auth::{build_jwt_signer, JwtClaims};
 use tokio::time::sleep;
 
@@ -158,6 +158,23 @@ async fn expire_access_token(world: &mut TPGWorld) {
     world.access_token = Some(token);
 }
 
+#[when(expr = "{word} places an order \"{word}\" for {int} XTR, memo = {string}")]
+async fn place_short_order(world: &mut TPGWorld, customer_id: String, order_id: String, amount: i64, memo: String) {
+    let now = chrono::Utc::now();
+    place_order(world, customer_id, order_id, amount, memo, now.to_rfc3339()).await;
+}
+
+#[when(expr = "{word} places an order \"{word}\" for {int} XTR, memo = {string} at {string}")]
+async fn place_order(
+    world: &mut TPGWorld,
+    customer_id: String,
+    order_id: String,
+    amount: i64,
+    memo: String,
+    address: String,
+) {
+    let order_id = OrderId(order_id);
+}
 fn modify_signature(token: String, value: &str) -> String {
     let mut parts = token.split('.').map(|s| s.to_owned()).collect::<Vec<_>>();
     let n = value.len();

e2e/tests/cucumber/world.rs

@@ -39,6 +39,9 @@ impl Default for TPGWorld {
             shopify_api_key: String::default(),
             database_url: url.clone(),
             auth: AuthConfig::default(),
+            shopify_whitelist: None,
+            use_x_forwarded_for: false,
+            use_forwarded: false,
         };
         Self {
             config,

e2e/tests/ignored_features/payments.feature.todo renamed to e2e/tests/features/payment_flow.feature

@@ -1,11 +1,8 @@
-Feature: users can pay for orders with Tari
+Feature: Order flow
   Background:
     Given a blank slate
-    Given Alice is an authenticated user
-    Given a wallet listening for payments
-    Given a shopify store with webhooks configured
 
-  Scenario: Alice pays for an order with Tari
+  Scenario: Standard order flow
     When Alice places an order "alice001" on the store. Memo "": "Item A" for 100T, "Item B" for 200T
     Then Alice's account has a balance of 300 Tari
     Then Alice's order "alice001" is pending

tari_payment_engine/src/db_types.rs

@@ -347,6 +347,20 @@ impl NewOrder {
     }
 }
 
+impl Display for NewOrder {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(
+            f,
+            "Order #{order_id} @ \"{customer_id}\". {total_price}{currency} ({created_at})",
+            order_id = self.order_id,
+            customer_id = self.customer_id,
+            total_price = self.total_price,
+            currency = self.currency,
+            created_at = self.created_at
+        )
+    }
+}
+
 //--------------------------------------        OrderUpdate       ------------------------------------------------------
 
 /// A struct representing the fields that are allowed to be updated on an order

tari_payment_server/src/config.rs

@@ -1,4 +1,4 @@
-use std::{env, io::Write};
+use std::{env, io::Write, net::SocketAddr};
 
 use log::*;
 use rand::thread_rng;
@@ -26,6 +26,14 @@ pub struct ServerConfig {
     pub shopify_api_key: String,
     pub database_url: String,
     pub auth: AuthConfig,
+    /// If supplied, requests against /shopify endpoints will be checked against a whitelist of Shopify IP addresses.
+    pub shopify_whitelist: Option<Vec<SocketAddr>>,
+    /// If true, the X-Forwarded-For header will be used to determine the client's IP address, rather than the
+    /// connection's remote address.
+    pub use_x_forwarded_for: bool,
+    /// If true, the X-Forwarded-Proto header will be used to determine the client's protocol, rather than the
+    /// connection's remote address.
+    pub use_forwarded: bool,
 }
 
 impl Default for ServerConfig {
@@ -36,6 +44,9 @@ impl Default for ServerConfig {
             shopify_api_key: String::default(),
             database_url: String::default(),
             auth: AuthConfig::default(),
+            shopify_whitelist: None,
+            use_x_forwarded_for: false,
+            use_forwarded: false,
         }
     }
 }
@@ -65,7 +76,23 @@ impl ServerConfig {
             error!("TPG_DATABASE_URL is not set. Please set it to the URL for the TPG database.");
             String::default()
         });
-        Self { host, port, shopify_api_key, auth, database_url }
+        let shopify_whitelist = env::var("TPG_SHOPIFY_IP_WHITELIST")
+            .map(|s| {
+                s.split(',')
+                    .filter_map(|s| {
+                        s.parse()
+                            .map_err(|e| {
+                                warn!("Ignoring invalid IP address ({s}) in TPG_SHOPIFY_IP_WHITELIST: {e}");
+                                None::<SocketAddr>
+                            })
+                            .ok()
+                    })
+                    .collect::<Vec<_>>()
+            })
+            .ok();
+        let use_x_forwarded_for = env::var("TPG_USE_X_FORWARDED_FOR").map(|s| &s == "1" || &s == "true").is_ok();
+        let use_forwarded = env::var("TPG_USE_FORWARDED").map(|s| &s == "1" || &s == "true").is_ok();
+        Self { host, port, shopify_api_key, auth, database_url, shopify_whitelist, use_forwarded, use_x_forwarded_for }
     }
 }
 

tari_payment_server/src/endpoint_tests/mocks.rs

@@ -1,8 +1,8 @@
 use mockall::mock;
 use tari_common_types::tari_address::TariAddress;
 use tari_payment_engine::{
-    order_objects::OrderQueryFilter,
     db_types::{Order, OrderId, Payment, Role, UserAccount},
+    order_objects::OrderQueryFilter,
     AccountManagement,
     AuthApiError,
     AuthManagement,

tari_payment_server/src/errors.rs

@@ -51,6 +51,7 @@ impl ResponseError for ServerError {
                 AuthError::ValidationError(_) => StatusCode::UNAUTHORIZED,
                 AuthError::PoorlyFormattedToken(_) => StatusCode::BAD_REQUEST,
                 AuthError::AccountNotFound => StatusCode::FORBIDDEN,
+                AuthError::ForbiddenPeer => StatusCode::FORBIDDEN,
             },
             Self::InitializeError(_) => StatusCode::INTERNAL_SERVER_ERROR,
             Self::BackendError(_) => StatusCode::INTERNAL_SERVER_ERROR,
@@ -88,6 +89,8 @@ pub enum AuthError {
     PoorlyFormattedToken(String),
     #[error("User account not found.")]
     AccountNotFound,
+    #[error("Request was made from a forbidden peer")]
+    ForbiddenPeer,
 }
 
 impl From<AuthApiError> for ServerError {

tari_payment_server/src/routes.rs

@@ -23,17 +23,19 @@
 //! ```
 use std::{marker::PhantomData, str::FromStr};
 
-use actix_web::{get, post, web, HttpRequest, HttpResponse, Responder};
+use actix_web::{get, web, HttpRequest, HttpResponse, Responder};
 use log::*;
 use paste::paste;
 use tari_common_types::tari_address::TariAddress;
 use tari_payment_engine::{
-    db_types::{OrderId, Role, SerializedTariAddress},
+    db_types::{NewOrder, OrderId, Role, SerializedTariAddress},
     order_objects::OrderQueryFilter,
     AccountApi,
     AccountManagement,
     AuthApi,
     AuthManagement,
+    OrderFlowApi,
+    PaymentGatewayDatabase,
 };
 
 use crate::{
@@ -353,19 +355,26 @@ where B: AccountManagement {
 
 //----------------------------------------------   Checkout  ----------------------------------------------------
 
-#[post("/webhook/checkout_create")]
-pub async fn shopify_webhook(req: HttpRequest, body: web::Bytes) -> Result<HttpResponse, ServerError> {
+route!(shopify_webhook => Post "webhook/checkout_create" impl PaymentGatewayDatabase);
+pub async fn shopify_webhook<B: PaymentGatewayDatabase>(
+    req: HttpRequest,
+    body: web::Json<ShopifyOrder>,
+    api: web::Data<OrderFlowApi<B>>,
+) -> Result<HttpResponse, ServerError> {
     trace!("💻️ Received webhook request: {}", req.uri());
-    let payload = std::str::from_utf8(body.as_ref()).map_err(|e| ServerError::InvalidRequestBody(e.to_string()))?;
-    trace!("💻️ Decoded payload body. {} bytes", payload.bytes().len());
-    let _order: ShopifyOrder = serde_json::from_str(payload).map_err(|e| {
-        error!("💻️ Could not deserialize order payload. {e}");
-        debug!("💻️ JSON payload: {payload}");
-        ServerError::CouldNotDeserializePayload
-    })?;
-    // let new_order = ShopifyOrder::try_from(order)?;
-    // TODO - Send the new order to payment engine
-
+    let order = body.into_inner();
+    let new_order = NewOrder::try_from(order)?;
+    match api.process_new_order(new_order.clone()).await {
+        Ok(orders) => {
+            info!("💻️ Order {} processed successfully.", new_order.order_id);
+            let ids = orders.iter().map(|o| o.order_id.as_str()).collect::<Vec<_>>().join(", ");
+            info!("💻️ {} orders were paid. {}", orders.len(), ids);
+        },
+        Err(e) => {
+            warn!("💻️ Could not process order {}. {e}", new_order.order_id);
+            debug!("💻️ Failed order: {new_order}");
+        },
+    }
     Ok(HttpResponse::Ok().finish())
 }
 

tari_payment_server/src/server.rs

@@ -1,16 +1,29 @@
-use std::time::Duration;
+use std::{future::ready, net::SocketAddr, str::FromStr, time::Duration};
 
 use actix_jwt_auth_middleware::use_jwt::UseJWTOnApp;
-use actix_web::{dev::Server, http::KeepAlive, middleware::Logger, web, App, HttpServer};
+use actix_web::{
+    dev::{Server, Service},
+    http::KeepAlive,
+    middleware::Logger,
+    web,
+    App,
+    Error,
+    HttpResponse,
+    HttpServer,
+};
+use futures::{
+    future::{ok, Either, LocalBoxFuture},
+    FutureExt,
+};
+use log::{info, warn};
 use tari_payment_engine::{AccountApi, AuthApi, OrderFlowApi, SqliteDatabase};
 
 use crate::{
     auth::{build_tps_authority, TokenIssuer},
     config::ServerConfig,
-    errors::ServerError,
+    errors::{AuthError, ServerError, ServerError::AuthenticationError},
     routes::{
         health,
-        shopify_webhook,
         AccountRoute,
         AuthRoute,
         CheckTokenRoute,
@@ -21,6 +34,7 @@ use crate::{
         OrdersRoute,
         OrdersSearchRoute,
         PaymentsRoute,
+        ShopifyWebhookRoute,
         UpdateRolesRoute,
     },
 };
@@ -58,10 +72,46 @@ pub fn create_server_instance(config: ServerConfig, db: SqliteDatabase) -> Resul
             .service(PaymentsRoute::<SqliteDatabase>::new())
             .service(OrdersSearchRoute::<SqliteDatabase>::new())
             .service(CheckTokenRoute::new());
+        let use_x_forwarded_for = config.use_x_forwarded_for;
+        let use_forwarded = config.use_forwarded;
+        let shopify_whitelist = config.shopify_whitelist.clone();
+        let shopify_scope = web::scope("/shopify")
+            .wrap_fn(move |req, srv| {
+                // Collect peer IP from x-forwarded-for, or forwarded headers _if_ `use_nnn` has been set to true
+                // in the configuration. Otherwise, use the peer address from the connection info.
+                let peer_addr = req.connection_info().peer_addr().map(|a| a.to_string());
+
+                let peer_ip = req
+                    .headers()
+                    .get("X-Forwarded-For")
+                    .and_then(|v| use_x_forwarded_for.then(|| v.to_str().ok()).flatten())
+                    .or_else(|| {
+                        req.headers().get("X-Real-IP").and_then(|v| use_forwarded.then(|| v.to_str().ok()).flatten())
+                    })
+                    .or_else(|| peer_addr.as_ref().map(|s| s.as_str()))
+                    .and_then(|s| SocketAddr::from_str(s).ok());
+                let whitelisted = match (peer_ip, &shopify_whitelist) {
+                    (Some(ip), Some(whitelist)) => {
+                        info!("Shopify webhook from {ip}");
+                        whitelist.contains(&ip)
+                    },
+                    (_, None) => true,
+                    (None, Some(_)) => {
+                        warn!("No IP address found in shopify remote peer request, denying access.");
+                        false
+                    },
+                };
+                if whitelisted {
+                    srv.call(req)
+                } else {
+                    ok(req.error_response(AuthenticationError(AuthError::ForbiddenPeer))).boxed_local()
+                }
+            })
+            .service(ShopifyWebhookRoute::<SqliteDatabase>::new());
         app.use_jwt(authority.clone(), auth_scope)
             .service(health)
             .service(AuthRoute::<SqliteDatabase>::new())
-            .service(web::scope("/shopify").service(shopify_webhook))
+            .service(shopify_scope)
     })
     .keep_alive(KeepAlive::Timeout(Duration::from_secs(600)))
     .bind((config.host.as_str(), config.port))?