mirror of
https://github.com/valitydev/fistful-server.git
synced 2024-11-06 10:45:21 +00:00
df471b4064
* Add uac dependency * use uac to issue tokens * Configure uac * Authorize operations with uac * Issue tokens with uac in tests * wip: furthemore migrate to uac * Remove unreachable case * Adjust wapi config in tests * Don't start old authorizer * Fix auth context creation in tests * Fix all definitions of create_auth_ctx * Revert "Don't start old authorizer" This reverts commit 2636fcfa48e798a8fb07534e512ea5b494f57b19. * Fix old config naming * Deduplicate unique id generation * Provide dummy snowflake config * Use macro for signee * Authorize operation withc UAC (#140) * Verify tokens with uac * Implement dummy authorization * Return quote verification * Restore authorizer code order * Restore signer code order * Update commentaries * Provide operation access lists * Give party read/write permissions to the test tokens * Introduce more resources, standardize CreateWithdrawal authoriation * Download file with read access * Authorize withdrawals with dedicated permission * Fix permissions in tests * Upgrade uac * Remove redundant auth related modules * Use uac issue * Update tests * Fix opaque type usage * Add domain_name to uac config * Remove signee from test config * Rollback to old roles * Upgrade uac * Fix for wapi wallet tests * Use macro for domain * Remove domain name from configs * Use uac utils functions * Make operation access less strict * Remove unused signee option * Replace get_party_id with uac function * Create ACL migration layer * Reimplement operation access * Fix style * Remove reintroduced auth code * Upgrade uac * Remove redundant verification option * Suppress opaque introspection dialyzer warning * Fix nested resources ACLs * Issue test quota without resource access Co-Authored-By: Andrew Mayorov <a.mayorov@rbkmoney.com> * Adapt new p2p code * Rename refactor and move role mapping * Refactor roles mapping * Use uac dev branch * Fix merge incompatibilities * Fix even more incompatibilities * Bump uac and adjust code to it * Add operation access for new ops * Upgrade uac * Issue tokens the new way * Fix merge artifacts * Create simple resource hierarchy for new operations * Fix authorization by bearer * Fix missed merge issues * Apply suggestions from code review Co-Authored-By: Andrew Mayorov <a.mayorov@rbkmoney.com> * Verify partyID in p2p continuation tokens, add signee to wapi config * Remove OperationID from log message where it is already present in meta Co-Authored-By: Andrew Mayorov <a.mayorov@rbkmoney.com> * Add signee to app config * Test if unauthorized user still can create withdrawal using grants * Do withdrawal specific authorization inside create_withdrawal * Test wapi_SUITE default with both tokens, specify domain when issuing tokens * Upgrade uac * Specify which domains to decode * Throw withdrawal authorization errors * Split too long lines * Simplify grant authorization * Do not handle 'missing' errors, handle wallet notfound * Rework error mapping slightly * Add resource to insufficient_access/claim error * Try bumping cowboy_cors to fix CI dialyzer error * Use fork-master version of cowboy_cors Co-authored-by: Andrew Mayorov <a.mayorov@rbkmoney.com>
241 lines
7.6 KiB
Plaintext
241 lines
7.6 KiB
Plaintext
[
|
|
{kernel, [
|
|
{log_level, info},
|
|
{logger, [
|
|
{handler, default, logger_std_h, #{
|
|
level => debug,
|
|
config => #{
|
|
type => {file, "/var/log/fistful-server/console.json"},
|
|
sync_mode_qlen => 20
|
|
},
|
|
formatter => {logger_logstash_formatter, #{}}
|
|
}}
|
|
]}
|
|
]},
|
|
|
|
{scoper, [
|
|
{storage, scoper_storage_logger}
|
|
]},
|
|
|
|
{dmt_client, [
|
|
{cache_update_interval, 5000}, % milliseconds
|
|
{max_cache_size, #{
|
|
elements => 20,
|
|
memory => 52428800 % 50Mb
|
|
}},
|
|
{woody_event_handlers, [
|
|
{scoper_woody_event_handler, #{
|
|
event_handler_opts => #{
|
|
formatter_opts => #{
|
|
max_length => 1000
|
|
}
|
|
}
|
|
}}
|
|
]},
|
|
{service_urls, #{
|
|
'Repository' => <<"http://dominant:8022/v1/domain/repository">>,
|
|
'RepositoryClient' => <<"http://dominant:8022/v1/domain/repository_client">>
|
|
}}
|
|
]},
|
|
|
|
{party_client, [
|
|
{services, #{
|
|
party_management => "http://hellgate:8022/v1/processing/partymgmt"
|
|
}},
|
|
{woody, #{
|
|
cache_mode => safe, % disabled | safe | aggressive
|
|
options => #{
|
|
woody_client => #{
|
|
event_handler => {scoper_woody_event_handler, #{
|
|
event_handler_opts => #{
|
|
formatter_opts => #{
|
|
max_length => 1000
|
|
}
|
|
}
|
|
}}
|
|
}
|
|
}
|
|
}}
|
|
]},
|
|
|
|
{fistful, [
|
|
{providers, #{
|
|
<<"ncoeps">> => #{
|
|
payment_institution_id => 100,
|
|
routes => [<<"mocketbank">>],
|
|
identity_classes => #{
|
|
<<"person">> => #{
|
|
name => <<"Person">>,
|
|
contract_template_id => 10000,
|
|
initial_level => <<"anonymous">>,
|
|
levels => #{
|
|
<<"anonymous">> => #{
|
|
name => <<"Anonymous">>,
|
|
contractor_level => none
|
|
},
|
|
<<"partly-identified">> => #{
|
|
name => <<"Partially identified">>,
|
|
contractor_level => partial
|
|
},
|
|
<<"identified">> => #{
|
|
name => <<"Fully identified">>,
|
|
contractor_level => full
|
|
}
|
|
},
|
|
challenges => #{
|
|
<<"esia">> => #{
|
|
name => <<"ЕСИА">>,
|
|
base => <<"anonymous">>,
|
|
target => <<"partly-identified">>
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}},
|
|
{services, #{
|
|
'eventsink' => "http://machinegun:8022/v1/event_sink",
|
|
'automaton' => "http://machinegun:8022/v1/automaton",
|
|
'accounter' => "http://shumway:8022/shumpune",
|
|
'identification' => "http://identification:8022/v1/identification"
|
|
}}
|
|
]},
|
|
|
|
{ff_transfer, [
|
|
{max_session_poll_timeout, 14400} %% 4h
|
|
]},
|
|
|
|
{p2p_transfer, [
|
|
{max_session_poll_timeout, 14400}, %% 4h
|
|
{score_id, "fraud"}
|
|
]},
|
|
|
|
%% wapi
|
|
{wapi, [
|
|
{ip, "::"},
|
|
{port, 8080},
|
|
%% To send ASCII text in 5xx replies
|
|
%% {oops_bodies, #{
|
|
%% 500 => "oops_bodies/500_body"
|
|
%% }},
|
|
{realm, <<"external">>},
|
|
{transport, thrift},
|
|
{public_endpoint, <<"http://wapi">>},
|
|
{access_conf, #{
|
|
jwt => #{
|
|
keyset => #{
|
|
wapi => {pem_file, "var/keys/wapi/private.pem"}
|
|
}
|
|
}
|
|
}},
|
|
{signee, wapi},
|
|
{health_check, #{
|
|
service => {erl_health, service , [<<"wapi">>]}
|
|
}},
|
|
{max_deadline, 60000}, % milliseconds
|
|
{file_storage_url_lifetime, 60}, % seconds
|
|
{events_fetch_limit, 50},
|
|
{lechiffre_opts, #{
|
|
encryption_key_path => <<"path/to/key1.secret">>,
|
|
decryption_key_paths => [<<"path/to/key1.secret">>]
|
|
}}
|
|
]},
|
|
|
|
{wapi_woody_client, [
|
|
{service_urls, #{
|
|
webhook_manager => "http://hooker:8022/hook",
|
|
cds_storage => "http://cds:8022/v1/storage",
|
|
identdoc_storage => "http://cds:8022/v1/identity_document_storage",
|
|
fistful_stat => "http://fistful-magista:8022/stat"
|
|
}},
|
|
{api_deadlines, #{
|
|
wallet => 5000 % millisec
|
|
}},
|
|
{service_retries, #{
|
|
party_management => #{
|
|
% function => retry strategy
|
|
% '_' work as "any"
|
|
% default value is 'finish'
|
|
% for more info look genlib_retry :: strategy()
|
|
% https://github.com/rbkmoney/genlib/blob/master/src/genlib_retry.erl#L19
|
|
'Get' => {linear, 3, 1000},
|
|
'_' => finish
|
|
}
|
|
}}
|
|
]},
|
|
|
|
{ff_server, [
|
|
{ip, "::"},
|
|
{port, 8022},
|
|
{default_woody_handling_timeout, 30000},
|
|
{net_opts, [
|
|
% Bump keepalive timeout up to a minute
|
|
{timeout, 60000}
|
|
]},
|
|
{scoper_event_handler_options, #{
|
|
event_handler_opts => #{
|
|
formatter_opts => #{
|
|
max_length => 1000,
|
|
max_printable_string_length => 80
|
|
}
|
|
}
|
|
}},
|
|
{health_check, #{
|
|
disk => {erl_health, disk , ["/", 99] },
|
|
memory => {erl_health, cg_memory, [99] },
|
|
service => {erl_health, service , [<<"fistful-server">>]}
|
|
}},
|
|
{eventsink, #{
|
|
identity => #{
|
|
namespace => <<"ff/identity">>
|
|
},
|
|
wallet => #{
|
|
namespace => <<"ff/wallet_v2">>
|
|
},
|
|
withdrawal => #{
|
|
namespace => <<"ff/withdrawal_v2">>
|
|
},
|
|
deposit => #{
|
|
namespace => <<"ff/deposit_v1">>
|
|
},
|
|
destination => #{
|
|
namespace => <<"ff/destination_v2">>
|
|
},
|
|
source => #{
|
|
namespace => <<"ff/source_v1">>
|
|
},
|
|
withdrawal_session => #{
|
|
namespace => <<"ff/withdrawal/session_v2">>
|
|
},
|
|
p2p_transfer => #{
|
|
namespace => <<"ff/p2p_transfer_v1">>
|
|
},
|
|
p2p_session => #{
|
|
namespace => <<"ff/p2p_transfer/session_v1">>
|
|
},
|
|
w2w_transfer => #{
|
|
namespace => <<"ff/w2w_transfer_v1">>
|
|
}
|
|
}}
|
|
]},
|
|
|
|
{snowflake, [
|
|
% {machine_id, 42}
|
|
]},
|
|
|
|
{bender_client, [
|
|
{service_url, <<"http://bender:8022/v1/bender">>},
|
|
{deadline, 60000}
|
|
%{retries, #{
|
|
% 'GenerateID' => finish,
|
|
% 'GetInternalID' => finish,
|
|
% '_' => finish
|
|
%}}
|
|
]},
|
|
|
|
{p2p, [
|
|
{score_id, <<"fraud">>}
|
|
]}
|
|
|
|
].
|