config: security file for applicaiton security; infra: handle integration with the ACH network

kcomhnall · kcomhnall · commit f0b1711da59d · 2024-11-20T12:40:11.000-05:00
diff --git a/src/config/SecurityConfig.java b/src/config/SecurityConfig.java
@@ -0,0 +1,32 @@
+package org.nacha.paymentsystem;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class SecurityConfig {
+
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests(authz -> authz
+                        .requestMatchers("/api/payments/**").authenticated()
+                        .anyRequest().permitAll()
+                )
+                .formLogin()
+                .and()
+                .logout()
+                .and()
+                .csrf().disable(); // Enable CSRF protection in production!
+        return http.build();
+    }
+
+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+        auth.inMemoryAuthentication()
+                .withUser("user")
+                .password(new BCryptPasswordEncoder().encode("password"))
+                .roles("USER");
+    }
+}
diff --git a/src/infra/external/ACHGateway.java b/src/infra/external/ACHGateway.java
@@ -0,0 +1,25 @@
+package org.nacha.paymentsystem;
+
+import com.company.paymentsystem.util.Logger;
+
+public class ACHGateway {
+    public boolean sendPayment(String accountNumber, double amount) {
+        // Encrypt account number for security
+        String encryptedAccount = encryptData(accountNumber);
+
+        // Send payment to ACH
+        try {
+            Logger.info("Sending payment to ACH: " + encryptedAccount);
+            // Simulate sending payment
+            return true;
+        } catch (Exception e) {
+            Logger.error("Failed to send payment", e);
+            return false;
+        }
+    }
+
+    private String encryptData(String data) {
+        // Simulate encryption (use real encryption like AES in production)
+        return "ENCRYPTED_" + data;
+    }
+}
