IMP-171: Add route blacklist check (#119)

* added without tests

* fixed

* added tests

* bumped, fixed, added explanation

* fixed explanations

* bumped cache

* fixed explanation

* fixed

* fixed

Author: WWWcool

.github/workflows/erlang-checks.yaml

@@ -38,4 +38,4 @@ jobs:
       thrift-version: ${{ needs.setup.outputs.thrift-version }}
       run-ct-with-compose: true
       use-coveralls: true
-      cache-version: v5
+      cache-version: v6

apps/hellgate/src/hg_inspector.erl

@@ -1,10 +1,12 @@
 -module(hg_inspector).
 
+-export([check_blacklist/1]).
 -export([inspect/4]).
 
 -export([compare_risk_score/2]).
 
 -export_type([risk_score/0]).
+-export_type([blacklist_context/0]).
 
 -include_lib("damsel/include/dmsl_domain_thrift.hrl").
 -include_lib("damsel/include/dmsl_proxy_inspector_thrift.hrl").
@@ -15,6 +17,48 @@
 -type inspector() :: dmsl_domain_thrift:'Inspector'().
 -type risk_score() :: dmsl_domain_thrift:'RiskScore'().
 -type risk_magnitude() :: integer().
+-type domain_revision() :: dmsl_domain_thrift:'DataRevision'().
+
+-type blacklist_context() :: #{
+    route => hg_route:t(),
+    revision := domain_revision(),
+    token => binary(),
+    inspector := inspector()
+}.
+
+-spec check_blacklist(blacklist_context()) -> boolean().
+check_blacklist(#{
+    route := Route,
+    revision := Revision,
+    token := Token,
+    inspector := #domain_Inspector{
+        proxy = Proxy
+    }
+}) when Token =/= undefined ->
+    #domain_ProviderRef{id = ProviderID} = hg_route:provider_ref(Route),
+    #domain_TerminalRef{id = TerminalID} = hg_route:terminal_ref(Route),
+    Context = #proxy_inspector_BlackListContext{
+        first_id = genlib:to_binary(ProviderID),
+        second_id = genlib:to_binary(TerminalID),
+        field_name = <<"CARD_TOKEN">>,
+        value = Token
+    },
+    Result = issue_call(
+        'IsBlacklisted',
+        {Context},
+        hg_proxy:get_call_options(
+            Proxy,
+            Revision
+        )
+    ),
+    case Result of
+        {ok, Check} when is_atom(Check) ->
+            Check;
+        {exception, Error} ->
+            error(Error)
+    end;
+check_blacklist(_Ctx) ->
+    false.
 
 -spec inspect(shop(), invoice(), payment(), inspector()) -> risk_score() | no_return().
 inspect(
@@ -113,6 +157,9 @@ get_payment_info(
         payment = ProxyPayment
     }.
 
+issue_call(Func, Args, CallOpts) ->
+    issue_call(Func, Args, CallOpts, undefined, undefined).
+
 issue_call(Func, Args, CallOpts, undefined, _DeadLine) ->
     % Do not set custom deadline without fallback risk score
     hg_woody_wrapper:call(proxy_inspector, Func, Args, CallOpts);

apps/hellgate/src/hg_invoice_payment.erl

@@ -813,6 +813,8 @@ log_rejected_routes(limit_misconfiguration, Routes, _VS) ->
     ?LOG_MD(warning, "Limiter hold error caused route candidates to be rejected: ~p", [Routes]);
 log_rejected_routes(limit_overflow, Routes, _VS) ->
     ?LOG_MD(notice, "Limit overflow caused route candidates to be rejected: ~p", [Routes]);
+log_rejected_routes(in_blacklist, Routes, _VS) ->
+    ?LOG_MD(notice, "Route candidates are blacklisted: ~p", [Routes]);
 log_rejected_routes(adapter_unavailable, Routes, _VS) ->
     ?LOG_MD(notice, "Adapter unavailability caused route candidates to be rejected: ~p", [Routes]);
 log_rejected_routes(provider_conversion_is_too_low, Routes, _VS) ->
@@ -1968,6 +1970,7 @@ run_routing_decision_pipeline(Ctx0, VS, St) ->
             %% accounted for in `St`.
             fun(Ctx) -> filter_routes_with_limit_hold(Ctx, VS, get_iter(St) + 1, St) end,
             fun(Ctx) -> filter_routes_by_limit_overflow(Ctx, VS, St) end,
+            fun(Ctx) -> hg_routing:filter_by_blacklist(Ctx, build_blacklist_context(St)) end,
             fun hg_routing:filter_by_critical_provider_status/1,
             fun hg_routing:choose_route_with_ctx/1
         ]
@@ -2023,6 +2026,28 @@ build_routing_context(PaymentInstitution, VS, Revision, St) ->
             gather_routes(PaymentInstitution, VS, Revision, St)
     end.
 
+build_blacklist_context(St) ->
+    Revision = get_payment_revision(St),
+    #domain_InvoicePayment{payer = Payer} = get_payment(St),
+    Token =
+        case get_payer_payment_tool(Payer) of
+            {bank_card, #domain_BankCard{token = CardToken}} ->
+                CardToken;
+            _ ->
+                undefined
+        end,
+    Opts = get_opts(St),
+    VS1 = get_varset(St, #{}),
+    PaymentInstitutionRef = get_payment_institution_ref(Opts),
+    PaymentInstitution = hg_payment_institution:compute_payment_institution(PaymentInstitutionRef, VS1, Revision),
+    InspectorRef = get_selector_value(inspector, PaymentInstitution#domain_PaymentInstitution.inspector),
+    Inspector = hg_domain:get(Revision, {inspector, InspectorRef}),
+    #{
+        revision => Revision,
+        token => Token,
+        inspector => Inspector
+    }.
+
 filter_attempted_routes(Ctx, #st{routes = AttemptedRoutes}) ->
     lists:foldr(
         fun(R, C) ->

apps/hellgate/test/hg_dummy_inspector.erl

@@ -16,6 +16,31 @@ get_service_spec() ->
     {"/test/proxy/inspector/dummy", {dmsl_proxy_inspector_thrift, 'InspectorProxy'}}.
 
 -spec handle_function(woody:func(), woody:args(), hg_woody_service_wrapper:handler_opts()) -> term() | no_return().
+handle_function(
+    'IsBlacklisted',
+    {#proxy_inspector_BlackListContext{
+        value = <<"inspector_fail_first">>,
+        second_id = <<"1">>
+    }},
+    _Options
+) ->
+    true;
+handle_function(
+    'IsBlacklisted',
+    {#proxy_inspector_BlackListContext{
+        value = <<"inspector_fail_all">>
+    }},
+    _Options
+) ->
+    true;
+handle_function(
+    'IsBlacklisted',
+    {#proxy_inspector_BlackListContext{
+        value = _Token
+    }},
+    _Options
+) ->
+    false;
 handle_function(
     'InspectPayment',
     {#proxy_inspector_Context{

apps/hellgate/test/hg_dummy_provider.erl

@@ -282,6 +282,12 @@ process_payment(?processed(), undefined, PaymentInfo, CtxOpts, _) ->
         no_preauth ->
             %% simple workflow without 3DS
             maybe_fail(PaymentInfo, CtxOpts, result(?sleep(0), <<"sleeping">>));
+        inspector_fail_first ->
+            %% simple workflow without 3DS
+            result(?sleep(0), <<"sleeping">>);
+        inspector_fail_all ->
+            %% simple workflow without 3DS
+            result(?sleep(0), <<"sleeping">>);
         empty_cvv ->
             %% simple workflow without 3DS
             result(?sleep(0), <<"sleeping">>);
@@ -335,6 +341,8 @@ process_payment(?processed(), undefined, PaymentInfo, CtxOpts, _) ->
 process_payment(?processed(), <<"sleeping">>, PaymentInfo, CtxOpts, _) ->
     TrxID = hg_utils:construct_complex_id([get_payment_id(PaymentInfo), get_ctx_opts_override(CtxOpts)]),
     case get_payment_info_scenario(PaymentInfo) of
+        inspector_fail_first ->
+            finish(success(PaymentInfo), mk_trx(TrxID, PaymentInfo));
         change_cash_increase ->
             finish(success(PaymentInfo, get_payment_increased_cost(PaymentInfo)), mk_trx(TrxID, PaymentInfo));
         change_cash_decrease ->
@@ -651,6 +659,10 @@ get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"no_preauth_t
     no_preauth_timeout_failure;
 get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"no_preauth_suspend_default">>}}) ->
     no_preauth_suspend_default;
+get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"inspector_fail_first">>}}) ->
+    inspector_fail_first;
+get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"inspector_fail_all">>}}) ->
+    inspector_fail_all;
 get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"empty_cvv">>}}) ->
     empty_cvv;
 get_payment_tool_scenario({'bank_card', #domain_BankCard{token = <<"preauth_3ds:timeout=", Timeout/binary>>}}) ->
@@ -736,6 +748,10 @@ make_payment_tool(Code, PSys) when
         Code =:= unexpected_failure_no_trx
 ->
     ?SESSION42(make_bank_card_payment_tool(atom_to_binary(Code, utf8), PSys));
+make_payment_tool(inspector_fail_first, PSys) ->
+    ?SESSION42(make_bank_card_payment_tool(<<"inspector_fail_first">>, PSys));
+make_payment_tool(inspector_fail_all, PSys) ->
+    ?SESSION42(make_bank_card_payment_tool(<<"inspector_fail_all">>, PSys));
 make_payment_tool(empty_cvv, PSys) ->
     {_, BCard} = make_bank_card_payment_tool(<<"empty_cvv">>, PSys),
     ?SESSION42({bank_card, BCard#domain_BankCard{is_cvv_empty = true}});

apps/hellgate/test/hg_invoice_lite_tests_SUITE.erl

@@ -13,6 +13,8 @@
 
 -export([payment_start_idempotency/1]).
 -export([payment_success/1]).
+-export([payment_w_first_blacklisted_success/1]).
+-export([payment_w_all_blacklisted/1]).
 -export([register_payment_success/1]).
 -export([register_payment_customer_payer_success/1]).
 -export([payment_success_additional_info/1]).
@@ -51,6 +53,8 @@ groups() ->
         {payments, [parallel], [
             payment_start_idempotency,
             payment_success,
+            payment_w_first_blacklisted_success,
+            payment_w_all_blacklisted,
             register_payment_success,
             register_payment_customer_payer_success,
             payment_success_additional_info,
@@ -189,6 +193,54 @@ payment_success(C) ->
         Trx
     ).
 
+-spec payment_w_first_blacklisted_success(config()) -> test_return().
+payment_w_first_blacklisted_success(C) ->
+    Client = cfg(client, C),
+    InvoiceID = start_invoice(<<"rubberduck">>, make_due_date(10), 42000, C),
+    {PaymentTool, Session} = hg_dummy_provider:make_payment_tool(inspector_fail_first, ?pmt_sys(<<"visa-ref">>)),
+    PaymentParams = make_payment_params(PaymentTool, Session, instant),
+    PaymentID = process_payment(InvoiceID, PaymentParams, Client),
+    PaymentID = await_payment_capture(InvoiceID, PaymentID, Client),
+    ?invoice_state(
+        ?invoice_w_status(?invoice_paid()),
+        [_PaymentSt]
+    ) = hg_client_invoicing:get(InvoiceID, Client),
+    _Explanation =
+        #payproc_InvoicePaymentExplanation{
+            explained_routes = [
+                #payproc_InvoicePaymentRouteExplanation{
+                    route = ?route(?prv(1), ?trm(2)),
+                    is_chosen = true
+                },
+                #payproc_InvoicePaymentRouteExplanation{
+                    route = ?route(?prv(1), ?trm(1)),
+                    is_chosen = false,
+                    rejection_description = Desc
+                }
+            ]
+        } = hg_client_invoicing:explain_route(InvoiceID, PaymentID, Client),
+    ?assertEqual(
+        <<"Route was blacklisted {domain_PaymentRoute,{domain_ProviderRef,1},{domain_TerminalRef,1}}.">>, Desc
+    ).
+
+-spec payment_w_all_blacklisted(config()) -> test_return().
+payment_w_all_blacklisted(C) ->
+    Client = cfg(client, C),
+    InvoiceID = start_invoice(<<"rubberduck">>, make_due_date(10), 42000, C),
+    {PaymentTool, Session} = hg_dummy_provider:make_payment_tool(inspector_fail_all, ?pmt_sys(<<"visa-ref">>)),
+    PaymentParams = make_payment_params(PaymentTool, Session, instant),
+    ?payment_state(?payment(PaymentID)) = hg_client_invoicing:start_payment(InvoiceID, PaymentParams, Client),
+    [
+        ?payment_ev(PaymentID, ?payment_started(?payment_w_status(?pending()))),
+        ?payment_ev(PaymentID, ?risk_score_changed(_RiskScore)),
+        ?payment_ev(PaymentID, ?route_changed(_Route)),
+        ?payment_ev(PaymentID, ?payment_rollback_started({failure, _Failure}))
+    ] = next_changes(InvoiceID, 4, Client),
+    ?invoice_state(
+        ?invoice_w_status(?invoice_unpaid()),
+        [_PaymentSt]
+    ) = hg_client_invoicing:get(InvoiceID, Client).
+
 -spec register_payment_success(config()) -> test_return().
 register_payment_success(C) ->
     Client = cfg(client, C),
@@ -580,7 +632,7 @@ construct_domain_fixture() ->
             allocations = #domain_PaymentAllocationServiceTerms{
                 allow = {constant, true}
             },
-            attempt_limit = {value, #domain_AttemptLimit{attempts = 2}}
+            attempt_limit = {value, #domain_AttemptLimit{attempts = 1}}
         },
         recurrent_paytools = #domain_RecurrentPaytoolsServiceTerms{
             payment_methods =
@@ -623,7 +675,8 @@ construct_domain_fixture() ->
             ?ruleset(1),
             <<"Policies">>,
             {candidates, [
-                ?candidate({constant, true}, ?trm(1))
+                ?candidate({constant, true}, ?trm(1)),
+                ?candidate({constant, true}, ?trm(2))
             ]}
         ),
         hg_ct_fixture:construct_payment_routing_ruleset(
@@ -809,6 +862,14 @@ construct_domain_fixture() ->
                 provider_ref = ?prv(1)
             }
         }},
+        {terminal, #domain_TerminalObject{
+            ref = ?trm(2),
+            data = #domain_Terminal{
+                name = <<"Brominal 2">>,
+                description = <<"Brominal 2">>,
+                provider_ref = ?prv(1)
+            }
+        }},
 
         hg_ct_fixture:construct_mobile_operator(?mob(<<"mts-ref">>), <<"mts mobile operator">>),
         hg_ct_fixture:construct_payment_service(?pmt_srv(<<"qiwi-ref">>), <<"qiwi payment service">>),