archetecture security fix
This commit is contained in:
+83
@@ -0,0 +1,83 @@
|
||||
"use strict";
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.createCheckout = createCheckout;
|
||||
exports.getTransaction = getTransaction;
|
||||
exports.refundTransaction = refundTransaction;
|
||||
exports.verifyWebhookSignature = verifyWebhookSignature;
|
||||
exports.isConfigured = isConfigured;
|
||||
const crypto_1 = __importDefault(require("crypto"));
|
||||
const BASE_URL = process.env.AMANPAY_BASE_URL ?? 'https://api.amanpay.net';
|
||||
const MERCHANT_ID = process.env.AMANPAY_MERCHANT_ID ?? '';
|
||||
const SECRET_KEY = process.env.AMANPAY_SECRET_KEY ?? '';
|
||||
const WEBHOOK_SECRET = process.env.AMANPAY_WEBHOOK_SECRET ?? '';
|
||||
async function getAuthHeaders() {
|
||||
return {
|
||||
'Content-Type': 'application/json',
|
||||
'x-merchant-id': MERCHANT_ID,
|
||||
'x-api-key': SECRET_KEY,
|
||||
};
|
||||
}
|
||||
async function createCheckout(params) {
|
||||
const res = await fetch(`${BASE_URL}/v1/payments`, {
|
||||
method: 'POST',
|
||||
headers: await getAuthHeaders(),
|
||||
body: JSON.stringify({
|
||||
merchant_id: MERCHANT_ID,
|
||||
amount: params.amount,
|
||||
currency: params.currency,
|
||||
order_id: params.orderId,
|
||||
description: params.description,
|
||||
customer_email: params.customerEmail,
|
||||
customer_name: params.customerName,
|
||||
success_url: params.successUrl,
|
||||
failure_url: params.failureUrl,
|
||||
webhook_url: params.webhookUrl,
|
||||
}),
|
||||
});
|
||||
if (!res.ok) {
|
||||
const err = await res.json().catch(() => ({}));
|
||||
throw new Error(`AmanPay checkout failed: ${err?.message ?? res.statusText}`);
|
||||
}
|
||||
const json = await res.json();
|
||||
return {
|
||||
transactionId: (json.transaction_id ?? json.id),
|
||||
checkoutUrl: (json.checkout_url ?? json.payment_url),
|
||||
status: (json.status ?? 'PENDING'),
|
||||
};
|
||||
}
|
||||
async function getTransaction(transactionId) {
|
||||
const res = await fetch(`${BASE_URL}/v1/payments/${transactionId}`, {
|
||||
headers: await getAuthHeaders(),
|
||||
});
|
||||
if (!res.ok)
|
||||
throw new Error('AmanPay: failed to fetch transaction');
|
||||
return res.json();
|
||||
}
|
||||
async function refundTransaction(transactionId, amount, reason) {
|
||||
const res = await fetch(`${BASE_URL}/v1/payments/${transactionId}/refund`, {
|
||||
method: 'POST',
|
||||
headers: await getAuthHeaders(),
|
||||
body: JSON.stringify({ amount, reason }),
|
||||
});
|
||||
if (!res.ok) {
|
||||
const err = await res.json().catch(() => ({}));
|
||||
throw new Error(`AmanPay refund failed: ${err?.message ?? res.statusText}`);
|
||||
}
|
||||
return res.json();
|
||||
}
|
||||
function verifyWebhookSignature(rawBody, signature) {
|
||||
if (!WEBHOOK_SECRET)
|
||||
return false;
|
||||
const expected = crypto_1.default
|
||||
.createHmac('sha256', WEBHOOK_SECRET)
|
||||
.update(rawBody)
|
||||
.digest('hex');
|
||||
return crypto_1.default.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
|
||||
}
|
||||
function isConfigured() {
|
||||
return !!(MERCHANT_ID && SECRET_KEY && MERCHANT_ID !== 'your-amanpay-merchant-id');
|
||||
}
|
||||
//# sourceMappingURL=amanpayService.js.map
|
||||
Reference in New Issue
Block a user