Merge branch 'main' of github.com:NishantJoshi00/tartarus into fix/er…

…ror-container

Cargo.toml

@@ -8,8 +8,9 @@ default-run = "locker"
 
 [features]
 default = []
-release = ["kms", "middleware", "key_custodian"]
+release = ["kms", "middleware", "key_custodian", "limit"]
 kms = ["dep:aws-config", "dep:aws-sdk-kms"]
+limit = []
 middleware = []
 key_custodian = []
 
@@ -30,7 +31,8 @@ once_cell = "1.18.0"
 tokio = { version = "1.33.0", features = ["macros", "rt-multi-thread"] }
 axum = "0.6.20"
 hyper = "0.14.27"
-tower = "0.4.13"
+tower = { version = "0.4.13", features = ["limit", "buffer", "load-shed"] }
+tower-http = { version = "0.4.4", features = ["trace"] }
 
 
 diesel = { version = "2.1.3", features = ["postgres", "serde_json", "time"] }

README.md

@@ -1,20 +1,30 @@
+## Overview
 
-## locker phases
-
-### phase 1
-working locker
-- configuration: pull configuration from toml file and environment variables
-- cards api: ability to perform add, retrieve, delete card actions
-- jwe + jws: encryption and signing middleware with keys passed in [`configuration`]
-- master key to be passed in configuration
-- key custodian: add support to decrypt the master key before starting the server
-
-### phase 2
-- tenant api for adding and deleting tenants
-- add support for *kms* encryption on the environment variables
-- adding logging and metrics for locker
-- tenant specific jwe public key storage and utilizing key_id for identification
-- docker + kubernetes setup for infra deployment
-
-### phase 3 (optional)
-- add support for key rotation
+The Hyperswitch Card Vault (Tartarus) is a highly performant and a secure vault to save sensitive data such as payment card details, bank account details etc.
+
+It is designed in an polymorphic manner to handle and store any type of sensitive information making it highly scalable with extensive coverage of payment methods and processors.
+
+Tartarus is built with a GDPR compliant personal identifiable information (PII) storage and secure encryption algorithms to be fully compliant with PCI DSS requirements.
+
+Here's a quick guide to [Get Started](./docs/guides/setup.md) with setting up Tartarus.
+
+### How does Tartarus work?
+
+- Your application will communicate with Tartarus via a middleware.
+- All requests and responses to and from the middleware are signed and encrypted with the JWS and JWE algorithms.
+- The locker supports CRD APIs on the /data and /cards endpoints - <API Reference to be linked>
+- Cards are stored against the combination of merchant and customer identifiers.
+- Internal hashing checks are in place to avoid data duplication.
+
+![General Work Flow](./docs/imgs/general-block-diagram.png)
+
+### Key Hierarchy
+
+- Master Key - AES generated key to that is encrypted/decrypted by the custodian keys to run the locker and associated configurations.
+- Custodian Keys - AES generated key that is used to encrypt and decrypt the master key. It broken into two keys (key 1 and key 2) and available with two custodians to enhance security.
+
+![Key Hierarchy](./docs/imgs/locker-key-hierarchy.png)
+
+### Setup Guide
+
+Follow this guide to setup Tartarus - [Get Started](./docs/guides/setup.md)

config.example.toml

@@ -0,0 +1,30 @@
+[log.console]
+enabled = true # To enable logging in console
+level = "DEBUG" # level to be set for the logging framework
+log_format = "default" # format to be used for logging default | json
+
+[server]
+host = "127.0.0.1" # The host that the server should be exposed to 
+port = 8080 # The port where the server should be hosted on
+
+[limit]
+request_count = 1 # The requests per duration
+duration = 60 # duration to rate limit the delete api (in sec)
+
+[database]
+username = "sam" # username for the database
+password = "damn" # password of the database
+host = "localhost" # the host where the database is hosted on
+port = 5432 # the port of the database
+dbname = "locker" # the name of the database where the cards are stored
+
+[secrets]
+tenant = "hyperswitch" # the tenant that we are currently configured for
+master_key = "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308" # master key that is used for database encryption this could be aes encrypted by key custodian
+
+tenant_public_key = ""  # The tenant public key to which the communication will be established with
+locker_private_key = "" # the locker private key to used used and the private key present with the tenant
+
+[kms]
+region = "us-west-2" # the kms details needed to perform kms decryption of the above mentioned environment variables
+key_id = "abc"

config/development.toml

@@ -7,6 +7,10 @@ log_format = "default"
 host = "127.0.0.1"
 port = 8080
 
+[limit]
+request_count = 1
+duration = 60
+
 [database]
 username = "sam"
 password = "damn"

docs/guides/setup.md

@@ -132,6 +132,9 @@ LOCKER__DATABASE__HOST=
 LOCKER__DATABASE__PORT=
 LOCKER__DATABASE__DBNAME=
 
+LOCKER__LIMIT__REQUEST_COUNT=100
+LOCKER__LIMIT__DURATION=60
+
 LOCKER__SECRETS__TENANT=
 LOCKER__SECRETS__MASTER_KEY=
 LOCKER__SECRETS__LOCKER_PRIVATE_KEY=