feat(payment): standalone ZarinPal broker on pay.flatrender.ir
A generic multi-client payment gateway so FlatRender, meezi.ir and bargevasat.ir can all pay through ZarinPal's single verified callback domain (pay.flatrender.ir). New Go service services/payment (clones the notification skeleton + vendored deps): - migration 31_payment_broker.sql — `payment` schema: client_apps, transactions, webhook_deliveries. - ZarinPal v4 client ported from the proven identity PaymentService (request.json -> StartPay -> verify.json; codes 100/101). - client API: POST /v1/pay/request + /v1/pay/inquiry, authed by X-Api-Key + HMAC body signature; GET /callback/zarinpal (the single verified endpoint) verifies, then 302s the user back to the site's return_url (signed) and fires a signed, retried webhook. - per-client ZarinPal merchant override (default = shared merchant); amount stored canonically in Rial, unit to ZarinPal env-configurable. - admin API /v1/admin/* (FlatRender admin JWT): client-app CRUD + key issue/rotate + transactions list. Deploy wiring: payment-svc in docker-compose.v2.yml (host port 1607), pay.flatrender.ir server block in mirror-nginx conf, ENV_FILE + README updates (cert SAN + manual migration note). Admin UI: src/components/admin/PaymentsAdmin.tsx (client apps with one-time key reveal + rotate, transactions table) + /admin/payments page + nav link + fa/en strings; pay-admin proxy route to payment-svc. Docs/SDK: deploy/PAYMENTS.md (integration contract) + deploy/sdk/flatpay.js (zero-dep Node client + webhook verifier) for meezi/any site. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -0,0 +1,102 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/flatrender/payment-svc/internal/db"
|
||||
"github.com/flatrender/payment-svc/internal/models"
|
||||
"github.com/flatrender/payment-svc/internal/signing"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
const (
|
||||
CtxIsAdmin = "is_admin"
|
||||
CtxClient = "client_app"
|
||||
CtxRawBody = "raw_body"
|
||||
)
|
||||
|
||||
// JWTAuth validates a FlatRender identity JWT (same secret) for admin endpoints.
|
||||
func JWTAuth(secret string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
hdr := c.GetHeader("Authorization")
|
||||
if !strings.HasPrefix(hdr, "Bearer ") {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "missing bearer token"})
|
||||
return
|
||||
}
|
||||
token, err := jwt.Parse(hdr[7:], func(t *jwt.Token) (interface{}, error) {
|
||||
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, jwt.ErrSignatureInvalid
|
||||
}
|
||||
return []byte(secret), nil
|
||||
})
|
||||
if err != nil || !token.Valid {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "invalid token"})
|
||||
return
|
||||
}
|
||||
claims, _ := token.Claims.(jwt.MapClaims)
|
||||
isAdmin := false
|
||||
switch v := claims["is_admin"].(type) {
|
||||
case bool:
|
||||
isAdmin = v
|
||||
case string:
|
||||
isAdmin = v == "true"
|
||||
}
|
||||
c.Set(CtxIsAdmin, isAdmin)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func RequireAdmin() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
v, _ := c.Get(CtxIsAdmin)
|
||||
if b, _ := v.(bool); !b {
|
||||
c.AbortWithStatusJSON(http.StatusForbidden, models.APIError{Code: "forbidden", Message: "admin required"})
|
||||
return
|
||||
}
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// ClientAuth authenticates a client site by API key + HMAC body signature.
|
||||
//
|
||||
// X-Api-Key: the client's public key
|
||||
// X-Signature: hex( HMAC-SHA256(client.secret, raw_request_body) )
|
||||
//
|
||||
// The verified ClientApp and the raw body are stashed in the gin context.
|
||||
func ClientAuth(store *db.Store) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
apiKey := c.GetHeader("X-Api-Key")
|
||||
if apiKey == "" {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "missing X-Api-Key"})
|
||||
return
|
||||
}
|
||||
client, err := store.GetClientByAPIKey(c.Request.Context(), apiKey)
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "unauthorized", Message: "unknown or inactive api key"})
|
||||
return
|
||||
}
|
||||
|
||||
raw, _ := io.ReadAll(c.Request.Body)
|
||||
c.Request.Body = io.NopCloser(bytes.NewReader(raw)) // restore for the handler
|
||||
|
||||
sig := c.GetHeader("X-Signature")
|
||||
if sig == "" || !signing.Verify(client.Secret, raw, sig) {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, models.APIError{Code: "bad_signature", Message: "invalid request signature"})
|
||||
return
|
||||
}
|
||||
|
||||
c.Set(CtxClient, client)
|
||||
c.Set(CtxRawBody, raw)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func GetClient(c *gin.Context) *models.ClientApp {
|
||||
v, _ := c.Get(CtxClient)
|
||||
cl, _ := v.(*models.ClientApp)
|
||||
return cl
|
||||
}
|
||||
Reference in New Issue
Block a user