Skip to content

feat(backend): store data to be transmitted to receiver in outgoing payments #3766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
njlie merged 7 commits into from
Dec 16, 2025
Merged

feat(backend): store data to be transmitted to receiver in outgoing payments #3766

njlie merged 7 commits into from
Dec 16, 2025

Conversation

@njlie
Copy link
Contributor

@njlie njlie commented Dec 3, 2025

Changes proposed in this pull request

  • Adds two environment variables, the DB_ENCRYPTION_SECRET and the DB_ENCRYPTION_IV, to be used in the symmetric encryption of sensitive columns in the database
  • Adds a dataToTransmit field to the outgoing payment model
  • Adds a dataToTransmit field to the depositOutgoingPaymentLiquidity GraphQL resolver

Context

Fixes RAF-1182 and fixes RAF-1179.

Checklist

  • Related issues linked using fixes #number
  • Tests added/updated
  • Make sure that all checks pass
  • Bruno collection updated (if necessary)
  • Documentation issue created with user-docs label (if necessary)
  • OpenAPI specs updated (if necessary)

@netlify
Copy link

netlify bot commented Dec 3, 2025
edited
Loading

Deploy Preview for brilliant-pasca-3e80ec canceled.

Name Link
🔨 Latest commit 8a51619
🔍 Latest deploy log https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69385de72dd4a2000852ae30

@github-actions github-actions bot added type: tests Testing related pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package. type: source Changes business logic pkg: mock-ase pkg: mock-account-service-lib labels Dec 3, 2025
@github-actions
Copy link

github-actions bot commented Dec 3, 2025
edited
Loading

🚀 Performance Test Results

Test Configuration:

  • VUs: 4
  • Duration: 1m0s

Test Metrics:

  • Requests/s: 40.43
  • Iterations/s: 13.49
  • Failed Requests: 0.00% (0 of 2430)
📜 Logs 

> [email protected] run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 877 kB 15 kB/s
     data_sent......................: 1.9 MB 31 kB/s
     http_req_blocked...............: avg=6.97µs   min=2.55µs   med=5.6µs    max=833.9µs  p(90)=6.7µs    p(95)=7.25µs  
     http_req_connecting............: avg=468ns    min=0s       med=0s       max=509.66µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=98.3ms   min=6.84ms   med=79.9ms   max=577.4ms  p(90)=172.81ms p(95)=191.52ms
       { expected_response:true }...: avg=98.3ms   min=6.84ms   med=79.9ms   max=577.4ms  p(90)=172.81ms p(95)=191.52ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2430
     http_req_receiving.............: avg=101.88µs min=25.51µs  med=86.16µs  max=6.02ms   p(90)=126.18µs p(95)=160.43µs
     http_req_sending...............: avg=38.41µs  min=12.07µs  med=29.24µs  max=2.38ms   p(90)=43.42µs  p(95)=59.24µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=98.16ms  min=6.69ms   med=79.6ms   max=577.28ms p(90)=172.69ms p(95)=191.39ms
     http_reqs......................: 2430   40.426856/s
     iteration_duration.............: avg=296.28ms min=196.73ms med=285.35ms max=1.13s    p(90)=363.81ms p(95)=398.18ms
     iterations.....................: 811    13.492255/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4

@njlie njlie marked this pull request as ready for review December 3, 2025 23:03
sanducb
sanducb reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

@sanducb sanducb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I only left a couple of questions.

packages/backend/src/graphql/schema.graphql Outdated
"Tenant ID of the outgoing payment."
tenantId: String
"Data to be transmitted to receiver."
dataToTransmit: String
Copy link
Contributor

@sanducb sanducb Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need dataToTransmit here?

Copy link
Contributor

@mkurapov mkurapov Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can indeed remove this from this resolver (I don't think the ASE needs to look it up necessarily).

packages/backend/src/graphql/schema.graphql
"Unique key to ensure duplicate or retried requests are processed only once. For more information, refer to [idempotency](https://rafiki.dev/apis/graphql/admin-api-overview/#idempotency)."
idempotencyKey: String!
"Data to be encrypted and sent to the receiver."
dataToTransmit: String
Copy link
Contributor

@sanducb sanducb Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though dataToTransmit is explicit enough for ourselves to understand it, I think that integrators might benefit from having it named something like senderData or senderDataToTransmit because of "sender's data" being a common phrase in a "payments" context. WDYT? CC @mkurapov

Copy link
Contributor Author

@njlie njlie Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If "sender data" is an existing concept in payments, then I think senderData would work here as the field name.

Copy link
Contributor

@mkurapov mkurapov Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sanducb good q & I see your point but in the spirit of keeping it more generic, dataToTransmit works better I think. Even though it will usually be the sender's data (or more specifically, the sending customer's data) that is sent, the ASE can choose to pass in some other payment metadata in there

mkurapov
mkurapov reviewed Dec 8, 2025
View reviewed changes
localenv/cloud-nine-wallet/docker-compose.yml Outdated
CARD_SERVICE_URL: 'http://cloud-nine-wallet-card-service:3007'
CARD_WEBHOOK_SERVICE_URL: 'http://cloud-nine-wallet-card-service:3007/webhook'
DB_ENCRYPTION_SECRET: 'zO9KogehJECHReHgQr+ZWGkmgOD4AYa4ksUxALSwgM8='
DB_ENCRYPTION_IV: 'e9jyNk0CKajCgI93Ga2v23R/1wGZ2lO339QRaOFgxHM='
Copy link
Contributor

@mkurapov mkurapov Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we instead generated a unique IV every time the data is signed and store it together with the data? Otherwise, I think we would get the same ciphertext given the same input/ dataToTransmit

packages/backend/src/graphql/schema.graphql Outdated
"Tenant ID of the outgoing payment."
tenantId: String
"Data to be transmitted to receiver."
dataToTransmit: String
Copy link
Contributor

@mkurapov mkurapov Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can indeed remove this from this resolver (I don't think the ASE needs to look it up necessarily).

@njlie njlie requested review from mkurapov and sanducb December 8, 2025 22:22
mkurapov
mkurapov reviewed Dec 16, 2025
View reviewed changes
packages/backend/src/open_payments/payment/outgoing/service.ts
state: OutgoingPaymentState.Sending,
dataToTransmit:
deps.config.dbEncryptionSecret && dataToTransmit
? encryptDbData(dataToTransmit, deps.config.dbEncryptionSecret)
Copy link
Contributor

@mkurapov mkurapov Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually quite like this, gives ASE option to encrypt if they choose to do so

mkurapov
mkurapov approved these changes Dec 16, 2025
View reviewed changes
packages/backend/src/open_payments/payment/outgoing/model.ts
public getDataToTransmit(key?: string): string | null {
if (!this.dataToTransmit) return null
if (!key) return this.dataToTransmit
const { tag, cipherText, iv } = JSON.parse(this.dataToTransmit)
Copy link
Contributor

@mkurapov mkurapov Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Key rotation might be a bit tricky here, since we could end up encrypting with one key, change the key, try to decrypt with the old one and fail. We can focus on this on a follow-up PR.
(maybe we allow to configure a list of keys instead?)

Copy link
Contributor Author

@njlie njlie Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Captured in RAF-1207.

@njlie njlie merged commit 4917c14 into main Dec 16, 2025
38 of 58 checks passed
@njlie njlie deleted the nl/raf-1182 branch December 16, 2025 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkurapov mkurapov mkurapov approved these changes

@BlairCurrey BlairCurrey Awaiting requested review from BlairCurrey

@oana-lolea oana-lolea Awaiting requested review from oana-lolea

@sanducb sanducb Awaiting requested review from sanducb

Assignees

No one assigned

Labels

pkg: backend Changes in the backend package. pkg: frontend Changes in the frontend package. pkg: mock-account-service-lib pkg: mock-ase type: source Changes business logic type: tests Testing related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@njlie @mkurapov @sanducb