98 lines
2.9 KiB
JavaScript
98 lines
2.9 KiB
JavaScript
const UserError = require('vn-loopback/util/user-error');
|
|
const base64url = require('base64url');
|
|
|
|
module.exports = Self => {
|
|
Self.remoteMethod('confirm', {
|
|
description: 'Confirms electronic payment transaction',
|
|
accessType: 'WRITE',
|
|
accepts: [
|
|
{
|
|
arg: 'Ds_SignatureVersion',
|
|
type: 'string',
|
|
required: false,
|
|
}, {
|
|
arg: 'Ds_MerchantParameters',
|
|
type: 'string',
|
|
required: true,
|
|
}, {
|
|
arg: 'Ds_Signature',
|
|
type: 'string',
|
|
required: true,
|
|
}
|
|
],
|
|
returns: {
|
|
type: 'Boolean',
|
|
root: true
|
|
},
|
|
http: {
|
|
path: `/confirm`,
|
|
verb: 'POST'
|
|
}
|
|
});
|
|
|
|
Self.confirm = async(signatureVersion, merchantParameters, signature) => {
|
|
const $ = Self.app.models;
|
|
|
|
const decodedParams = JSON.parse(
|
|
base64url.decode(merchantParameters, 'utf8'));
|
|
const params = {};
|
|
|
|
for (const param in decodedParams)
|
|
params[param] = decodeURIComponent(decodedParams[param]);
|
|
|
|
const orderId = params['Ds_Order'];
|
|
if (!orderId)
|
|
throw new UserError('Order id not provided');
|
|
|
|
const transaction = await Self.findById(orderId, {fields: ['id']});
|
|
if (!transaction)
|
|
throw new UserError('Order not found');
|
|
|
|
try {
|
|
await transaction.updateAttributes({
|
|
merchantParameters,
|
|
signature,
|
|
signatureVersion,
|
|
});
|
|
|
|
const merchantId = parseInt(params['Ds_MerchantCode']);
|
|
if (!merchantId)
|
|
throw new UserError('Merchant id not provided');
|
|
|
|
const merchant = await $.TpvMerchant.findById(merchantId, {
|
|
fields: ['id', 'secretKey']
|
|
});
|
|
if (!merchant)
|
|
throw new UserError('Merchant not found');
|
|
|
|
const base64hmac = Self.createSignature(
|
|
orderId,
|
|
merchant.secretKey,
|
|
merchantParameters
|
|
);
|
|
|
|
if (base64hmac !== base64url.toBase64(signature))
|
|
throw new UserError('Invalid signature');
|
|
|
|
await Self.rawSql(
|
|
'CALL hedera.tpvTransaction_confirm(?, ?, ?, ?, ?, ?)', [
|
|
params['Ds_Amount'],
|
|
orderId,
|
|
merchantId,
|
|
params['Ds_Currency'],
|
|
params['Ds_Response'],
|
|
params['Ds_ErrorCode']
|
|
]);
|
|
|
|
return true;
|
|
} catch (err) {
|
|
try {
|
|
await transaction.updateAttribute('responseError', err.message);
|
|
} catch (e) {
|
|
console.error(e);
|
|
}
|
|
throw err;
|
|
}
|
|
};
|
|
};
|