Validate card payload & signature

[mkurapov]

Context

In order to enable & verify card payments, the Rafiki integration server will need to verify additional card details before funding (approving) an outgoing payment.

Whenever an outgoing payment was created through by a card transaction, the outgoing_payment.created webhook will contain additional payment/card details:

{
    "id": "{{uuid}}",
    "type": "outgoing_payment.created",
    "walletAddressId": "{{customerWalletAddressUuid}}",
    "data": {
        ...
        "cardDetails": {
            "requestId": "{{uuid}}",
            "initiatedAt": "{{date}}",
            "data": {
                "signature":"", // generate AC response
                "payload":"", // generate AC input   
            }
        }
    }
}

Using the signature and the payload in the cardDetails.data, the webhook integration server can now verify that the signature of the card transaction was valid.

Note: cardDetails is an optional field, as not every outgoing_payment.created webhook will contain this data.

Todos

• Start expecting cardDetails in the outgoing_payment.created webhook
• Fetch the stored public key of the card linked to the wallet address of the sender
• Using the https://github.com/interledger/tlv-kit library, parse payload & signature, and validate the signature is correct
• If correct, as normal, call fundOutgoingPayment mutation
• If incorrect, call cancelOutgoingPayment mutation, with the cardPaymentFailureReason being equal to invalid_signature.
• If other issue with payment (not enough balance), call cancelOutgoingPayment mutation, with the cardPaymentFailureReason being equal to invalid_request

[OluRemiFour]

Hi, @mkurapov
I've reviewed the issue regarding the validation of card payload & signature, as well as the todos for the outcome. I’d be happy to work on implementing these changes.

Can i procced with the implementaton, please?

Thank you!