soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3748b1c8d88cb769a666257091debd27294381d3
flatrender/services/identity/FlatRender.IdentitySvc/Controllers/PaymentsController.cs
T
soroush.asadi 3748b1c8d8
CI/CD / CI · Web (tsc) (push) Successful in 1m26s
Details
CI/CD / Deploy · full stack (push) Failing after 28s
Details
fix(payment): send result redirects to the frontend + add /payment/result page
2026-06-25 13:17:21 +03:30

190 lines
8.5 KiB
C#
Raw Blame History

using FlatRender.IdentitySvc.Application.Services;
using FlatRender.IdentitySvc.Application.Services.Interfaces;
using FlatRender.IdentitySvc.Models.Requests;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace FlatRender.IdentitySvc.Controllers;
[ApiController]
[Route("v1")]
public class PaymentsController(IPaymentService paymentService, IConfiguration config) : ControllerBase
{
// ── Helpers ───────────────────────────────────────────────────────────────────
private Guid GetUserId() => Guid.Parse(
User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value
?? User.FindFirst("sub")?.Value
?? throw new UnauthorizedAccessException());
private bool IsAdmin => User.FindFirst("is_admin")?.Value == "true";
// Payment callbacks land on this service (api.flatrender.ir); the result page
// lives on the frontend. Prefix relative result paths with the frontend base so
// the browser is sent to the site, not the gateway.
private IActionResult RedirectFrontend(string path)
{
var baseUrl = config["Frontend:BaseUrl"] ?? "";
var target = string.IsNullOrEmpty(baseUrl) || path.StartsWith("http")
? path
: baseUrl.TrimEnd('/') + path;
return Redirect(target);
}
// ── Listing ───────────────────────────────────────────────────────────────────
/// <summary>GET /v1/payments — list the caller's payment history</summary>
[Authorize]
[HttpGet("payments")]
public async Task<IActionResult> List(
[FromQuery] int page = 1,
[FromQuery] int page_size = 20)
=> Ok(await paymentService.GetUserPaymentsAsync(GetUserId(), page, page_size));
/// <summary>GET /v1/payments/{id} — get a single payment</summary>
[Authorize]
[HttpGet("payments/{id:guid}")]
public async Task<IActionResult> GetById(Guid id)
=> Ok(await paymentService.GetByIdAsync(id, GetUserId()));
// ── ZarinPal flow ─────────────────────────────────────────────────────────────
/// <summary>
/// GET /v1/payments/gateway/zarinpal?payment_id={id}
/// Initiates a ZarinPal payment and redirects the browser to zarinpal.com.
/// Called from the frontend after PurchasePlan returns the redirect URL.
/// </summary>
[Authorize]
[HttpGet("payments/gateway/zarinpal")]
public async Task<IActionResult> InitiateZarinPal([FromQuery] Guid payment_id)
{
var redirectUrl = await paymentService.InitiateZarinPalAsync(payment_id, GetUserId());
return Redirect(redirectUrl);
}
/// <summary>
/// GET /v1/payments/callback/zarinpal?Authority={a}&amp;Status={s}
/// ZarinPal calls this URL after the user completes (or cancels) payment.
/// Verifies with ZarinPal, activates the plan, then redirects to the frontend.
/// </summary>
[AllowAnonymous]
[HttpGet("payments/callback/zarinpal")]
public async Task<IActionResult> ZarinPalCallback(
[FromQuery] string Authority,
[FromQuery] string Status)
{
var frontendUrl = await paymentService.HandleZarinPalCallbackAsync(Authority, Status);
return RedirectFrontend(frontendUrl);
}
// ── FlatRender Pay broker flow ────────────────────────────────────────────────
/// <summary>
/// GET /v1/payments/callback/broker?payment_id={p}&amp;id={brokerTxn}&amp;status=&amp;sign=
/// The broker redirects the user's browser here after payment. We confirm the
/// transaction authoritatively via the broker inquiry API, activate the plan,
/// then redirect to the frontend result page. Public (no JWT).
/// </summary>
[AllowAnonymous]
[HttpGet("payments/callback/broker")]
public async Task<IActionResult> BrokerCallback(
[FromQuery] Guid payment_id,
[FromQuery] string? id)
{
var frontendUrl = await paymentService.HandleBrokerCallbackAsync(payment_id, id ?? "");
return RedirectFrontend(frontendUrl);
}
// ── SnapPay flow ──────────────────────────────────────────────────────────────
/// <summary>
/// GET /v1/payments/gateway/snappay?payment_id={id}
/// Initiates a SnapPay payment and redirects the browser to snappay.ir.
/// </summary>
[Authorize]
[HttpGet("payments/gateway/snappay")]
public async Task<IActionResult> InitiateSnapPay([FromQuery] Guid payment_id)
{
var redirectUrl = await paymentService.InitiateSnapPayAsync(payment_id, GetUserId());
return Redirect(redirectUrl);
}
/// <summary>
/// GET /v1/payments/callback/snappay?paymentToken={t}&amp;shapSnapStatus={s}
/// SnapPay calls this URL after the user completes (or cancels) payment.
/// Verifies with SnapPay, activates the plan, then redirects to the frontend.
/// </summary>
[AllowAnonymous]
[HttpGet("payments/callback/snappay")]
public async Task<IActionResult> SnapPayCallback(
[FromQuery] string paymentToken,
[FromQuery] string shapSnapStatus)
{
var frontendUrl = await paymentService.HandleSnapPayCallbackAsync(paymentToken, shapSnapStatus);
return RedirectFrontend(frontendUrl);
}
// ── Tara flow ─────────────────────────────────────────────────────────────────
/// <summary>
/// GET /v1/payments/gateway/tara?payment_id={id}
/// Initiates a Tara payment and redirects the browser to tara.ir.
/// </summary>
[Authorize]
[HttpGet("payments/gateway/tara")]
public async Task<IActionResult> InitiateTara([FromQuery] Guid payment_id)
{
var redirectUrl = await paymentService.InitiateTaraAsync(payment_id, GetUserId());
return Redirect(redirectUrl);
}
/// <summary>
/// GET /v1/payments/callback/tara?token={t}&amp;status={s}
/// Tara calls this URL after the user completes (or cancels) payment.
/// Verifies with Tara, activates the plan, then redirects to the frontend.
/// </summary>
[AllowAnonymous]
[HttpGet("payments/callback/tara")]
public async Task<IActionResult> TaraCallback(
[FromQuery] string token,
[FromQuery] string status)
{
var frontendUrl = await paymentService.HandleTaraCallbackAsync(token, status);
return RedirectFrontend(frontendUrl);
}
// ── Stripe webhook ────────────────────────────────────────────────────────────
/// <summary>
/// POST /v1/payments/webhook/stripe
/// Receives Stripe webhook events. Must be reachable from the public internet.
/// Register this URL in your Stripe dashboard under Developers → Webhooks.
/// </summary>
[AllowAnonymous]
[HttpPost("payments/webhook/stripe")]
public async Task<IActionResult> StripeWebhook()
{
using var reader = new StreamReader(Request.Body);
var payload = await reader.ReadToEndAsync();
var signature = Request.Headers["Stripe-Signature"].ToString();
await paymentService.HandleStripeWebhookAsync(payload, signature);
return Ok();
}
// ── Admin ─────────────────────────────────────────────────────────────────────
/// <summary>
/// POST /v1/admin/payments/{id}/refund
/// Issues a refund for a payment. Admin-only.
/// </summary>
[Authorize]
[HttpPost("admin/payments/{id:guid}/refund")]
public async Task<IActionResult> Refund(Guid id, [FromBody] IssueRefundRequest request)
{
if (!IsAdmin) return Forbid();
var result = await paymentService.IssueRefundAsync(
id, request.AmountMinor, request.Reason, request.RefundTo);
return Ok(result);
}
}
Reference in New Issue View Git Blame Copy Permalink