feat(backend): store data to be transmitted to receiver in outgoing payments

[njlie]

Changes proposed in this pull request

• Adds two environment variables, the DB_ENCRYPTION_SECRET and the DB_ENCRYPTION_IV, to be used in the symmetric encryption of sensitive columns in the database
• Adds a dataToTransmit field to the outgoing payment model
• Adds a dataToTransmit field to the depositOutgoingPaymentLiquidity GraphQL resolver

Context

Fixes RAF-1182 and fixes RAF-1179.

Checklist

• Related issues linked using fixes #number
• Tests added/updated
• Make sure that all checks pass
• Bruno collection updated (if necessary)
• Documentation issue created with user-docs label (if necessary)
• OpenAPI specs updated (if necessary)

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	8a51619
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69385de72dd4a2000852ae30

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 40.43
• Iterations/s: 13.49
• Failed Requests: 0.00% (0 of 2430)

📜 Logs

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 877 kB 15 kB/s
     data_sent......................: 1.9 MB 31 kB/s
     http_req_blocked...............: avg=6.97µs   min=2.55µs   med=5.6µs    max=833.9µs  p(90)=6.7µs    p(95)=7.25µs  
     http_req_connecting............: avg=468ns    min=0s       med=0s       max=509.66µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=98.3ms   min=6.84ms   med=79.9ms   max=577.4ms  p(90)=172.81ms p(95)=191.52ms
       { expected_response:true }...: avg=98.3ms   min=6.84ms   med=79.9ms   max=577.4ms  p(90)=172.81ms p(95)=191.52ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2430
     http_req_receiving.............: avg=101.88µs min=25.51µs  med=86.16µs  max=6.02ms   p(90)=126.18µs p(95)=160.43µs
     http_req_sending...............: avg=38.41µs  min=12.07µs  med=29.24µs  max=2.38ms   p(90)=43.42µs  p(95)=59.24µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=98.16ms  min=6.69ms   med=79.6ms   max=577.28ms p(90)=172.69ms p(95)=191.39ms
     http_reqs......................: 2430   40.426856/s
     iteration_duration.............: avg=296.28ms min=196.73ms med=285.35ms max=1.13s    p(90)=363.81ms p(95)=398.18ms
     iterations.....................: 811    13.492255/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4 

[sanducb]

Looks good! I only left a couple of questions.

[sanducb]

Why do we need dataToTransmit here?

[mkurapov]

I think we can indeed remove this from this resolver (I don't think the ASE needs to look it up necessarily).

[sanducb]

Even though dataToTransmit is explicit enough for ourselves to understand it, I think that integrators might benefit from having it named something like senderData or senderDataToTransmit because of "sender's data" being a common phrase in a "payments" context. WDYT? CC @mkurapov

[njlie]

If "sender data" is an existing concept in payments, then I think senderData would work here as the field name.

[mkurapov]

@sanducb good q & I see your point but in the spirit of keeping it more generic, dataToTransmit works better I think. Even though it will usually be the sender's data (or more specifically, the sending customer's data) that is sent, the ASE can choose to pass in some other payment metadata in there

[mkurapov]

Should we instead generated a unique IV every time the data is signed and store it together with the data? Otherwise, I think we would get the same ciphertext given the same input/ dataToTransmit

[mkurapov]

I think we can indeed remove this from this resolver (I don't think the ASE needs to look it up necessarily).

[mkurapov]

I actually quite like this, gives ASE option to encrypt if they choose to do so

[mkurapov]

Key rotation might be a bit tricky here, since we could end up encrypting with one key, change the key, try to decrypt with the old one and fail. We can focus on this on a follow-up PR.
(maybe we allow to configure a list of keys instead?)

[njlie]

Captured in RAF-1207.