Payments

Dummy payments gateway written with Java SpringBoot

Docker Hub Image: https://hub.docker.com/repository/docker/hashicorpdemoapp/payments

Usage

Currently this API has a single endpoint at POST /

See below for how to use each controller. You can override any of the default property files using external config for Spring.

The most simple option to override is place the files in the current directory.

Health Checks

Spring Actuator is enabled for health checks.

curl -s localhost:8080/actuator/health | jq
{
  "status": "UP",
  "components": {
    "db": {
      "status": "UP",
      "details": {
        "database": "H2",
        "validationQuery": "isValid()"
      }
    },
    "discoveryComposite": {
      "description": "Discovery Client not initialized",
      "status": "UNKNOWN",
      "components": {
        "discoveryClient": {
          "description": "Discovery Client not initialized",
          "status": "UNKNOWN"
        }
      }
    },
    "diskSpace": {
      "status": "UP",
      "details": {
        "total": 499963174912,
        "free": 233270890496,
        "threshold": 10485760,
        "exists": true
      }
    },
    "ping": {
      "status": "UP"
    },
    "refreshScope": {
      "status": "UP"
    }
  }
}

Controllers

There are three controllers you can configure to process a payment from the HashiCups app:

• REST
• Redis
• Database

REST Controller

This REST controller is configured by default and no additional steps are required.

curl -s -X POST --header "Content-Type: application/json" --data /
'{"name": "Gerry", "type": "mastercard", "number": "1234-1234-1234-1234", "expiry": "01/23", "cvc": "123"}' localhost:8080  | jq
{
  "message": "Payment processed successfully, card details returned for demo purposes, not for production",
  "id": "5cc26d60-bc28-4a22-ab59-853ef9b0c209",
  "card_plaintext": "1234-1234-1234-1234",
  "card_ciphertext": "Encryption Disabled"
}

Redis Controller

The Redis controller will enable when the app.storage=redis property is configured. Below is an example with Vault transit encryption enabled.

vault.sh:

vault secrets enable transit
vault write -f transit/keys/payments

application.properties:

app.storage=redis
app.encryption.enabled=true
app.encryption.path=transit
app.encryption.key=payments
spring.redis.host=localhost
spring.redis.port=6379

example:

curl -s -X POST --header "Content-Type: application/json" --data '{"name": "Gerry", "type": "mastercard", "number": "1234-1234-1234-1234", "expiry": "01/23", "cvc": "123"}' localhost:8080  | jq
{
  "card_plaintext": "1234-1234-1234-1234",
  "message": "Payment processed successfully, card details returned for demo purposes, not for production",
  "id": "2de542c7-1f7f-4e81-b35a-7a099b23ca92",
  "card_ciphertext": "vault:v1:Z3HhB77mWXbJl4WaJMWq9vJ16lWGIm9TnWZ3bFsmbZ3YD7QwIx3cd6clMbSKRgM="
}

DB Controller

The DB controller will enable when the app.storage=db property is configured. Below is an example with Vault transit encryption enabled. The default database for the controller is the H2 embedded database and requires no additional configuration. The console for the database is located at /h2-console. You can login with sa & password credentials.

vault.sh:

vault secrets enable transform
vault write transform/role/payments transformations=card-number
vault write transform/transformation/card-number \
        type=fpe \
        template="builtin/creditcardnumber" \
        tweak_source=internal \
        allowed_roles=payments

application.properties:

app.storage=db
app.encryption.enabled=true
app.encryption.path=transform
app.encryption.key=payments

example:

curl -s -X POST --header "Content-Type: application/json" --data '{"name": "Gerry", "type": "mastercard", "number": "1234-1234-1234-1234", "expiry": "01/23", "cvc": "123"}' localhost:8080  | jq
{
  "card_plaintext": "1234-1234-1234-1234",
  "card_ciphertext": "9044-9922-3580-9604",
  "message": "Payment processed successfully, card details returned for demo purposes, not for production",
  "id": "1"
}

Postgres Support

Postgres is supported as an external DB. Below is an override configuration.

application.yml

spring:
  datasource:
    driver-class-name: org.postgresql.Driver
    url: jdbc:postgresql://localhost:5432/postgres
    username: postgres
    password: postgres
  jpa:
    hibernate:
      ddl-auto: update 
    show-sql: true
    database: postgresql
    database-platform: org.hibernate.dialect.PostgreSQLDialect
    open-in-view: false
    generate-ddl: true
    properties:
      hibernate:
        temp:
          use_jdbc_metadata_defaults: false
management:
  endpoint:
    health:
      show-details: always
  endpoints:
    web:
      exposure:
        include: '*'

Vault Encryption

Vault encryption is available for the Redis controller leveraging transit, and the DB payment controller leveraging transform.

You will need to provide a valid bootstrap file pointing to your Vault instance to enable the Vault integration. Below is an example for token authentication. See the Spring Cloud Vault documentation for all available auth methods.

bootstrap.yaml

spring:
  cloud:
    vault:
      enabled: true
      fail-fast: true
      authentication: TOKEN
      token: root
      host: localhost
      port: 8200
      scheme: http

Tracing

The app exposes Jaeger options that are documented here.