soroush.asadi
ec51e87d2d
A generic multi-client payment gateway so FlatRender, meezi.ir and bargevasat.ir can all pay through ZarinPal's single verified callback domain (pay.flatrender.ir). New Go service services/payment (clones the notification skeleton + vendored deps): - migration 31_payment_broker.sql — `payment` schema: client_apps, transactions, webhook_deliveries. - ZarinPal v4 client ported from the proven identity PaymentService (request.json -> StartPay -> verify.json; codes 100/101). - client API: POST /v1/pay/request + /v1/pay/inquiry, authed by X-Api-Key + HMAC body signature; GET /callback/zarinpal (the single verified endpoint) verifies, then 302s the user back to the site's return_url (signed) and fires a signed, retried webhook. - per-client ZarinPal merchant override (default = shared merchant); amount stored canonically in Rial, unit to ZarinPal env-configurable. - admin API /v1/admin/* (FlatRender admin JWT): client-app CRUD + key issue/rotate + transactions list. Deploy wiring: payment-svc in docker-compose.v2.yml (host port 1607), pay.flatrender.ir server block in mirror-nginx conf, ENV_FILE + README updates (cert SAN + manual migration note). Admin UI: src/components/admin/PaymentsAdmin.tsx (client apps with one-time key reveal + rotate, transactions table) + /admin/payments page + nav link + fa/en strings; pay-admin proxy route to payment-svc. Docs/SDK: deploy/PAYMENTS.md (integration contract) + deploy/sdk/flatpay.js (zero-dep Node client + webhook verifier) for meezi/any site. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
81 lines
2.0 KiB
Go
81 lines
2.0 KiB
Go
// Copyright 2016 Google Inc. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package uuid
|
|
|
|
import (
|
|
"encoding/binary"
|
|
"fmt"
|
|
"os"
|
|
)
|
|
|
|
// A Domain represents a Version 2 domain
|
|
type Domain byte
|
|
|
|
// Domain constants for DCE Security (Version 2) UUIDs.
|
|
const (
|
|
Person = Domain(0)
|
|
Group = Domain(1)
|
|
Org = Domain(2)
|
|
)
|
|
|
|
// NewDCESecurity returns a DCE Security (Version 2) UUID.
|
|
//
|
|
// The domain should be one of Person, Group or Org.
|
|
// On a POSIX system the id should be the users UID for the Person
|
|
// domain and the users GID for the Group. The meaning of id for
|
|
// the domain Org or on non-POSIX systems is site defined.
|
|
//
|
|
// For a given domain/id pair the same token may be returned for up to
|
|
// 7 minutes and 10 seconds.
|
|
func NewDCESecurity(domain Domain, id uint32) (UUID, error) {
|
|
uuid, err := NewUUID()
|
|
if err == nil {
|
|
uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2
|
|
uuid[9] = byte(domain)
|
|
binary.BigEndian.PutUint32(uuid[0:], id)
|
|
}
|
|
return uuid, err
|
|
}
|
|
|
|
// NewDCEPerson returns a DCE Security (Version 2) UUID in the person
|
|
// domain with the id returned by os.Getuid.
|
|
//
|
|
// NewDCESecurity(Person, uint32(os.Getuid()))
|
|
func NewDCEPerson() (UUID, error) {
|
|
return NewDCESecurity(Person, uint32(os.Getuid()))
|
|
}
|
|
|
|
// NewDCEGroup returns a DCE Security (Version 2) UUID in the group
|
|
// domain with the id returned by os.Getgid.
|
|
//
|
|
// NewDCESecurity(Group, uint32(os.Getgid()))
|
|
func NewDCEGroup() (UUID, error) {
|
|
return NewDCESecurity(Group, uint32(os.Getgid()))
|
|
}
|
|
|
|
// Domain returns the domain for a Version 2 UUID. Domains are only defined
|
|
// for Version 2 UUIDs.
|
|
func (uuid UUID) Domain() Domain {
|
|
return Domain(uuid[9])
|
|
}
|
|
|
|
// ID returns the id for a Version 2 UUID. IDs are only defined for Version 2
|
|
// UUIDs.
|
|
func (uuid UUID) ID() uint32 {
|
|
return binary.BigEndian.Uint32(uuid[0:4])
|
|
}
|
|
|
|
func (d Domain) String() string {
|
|
switch d {
|
|
case Person:
|
|
return "Person"
|
|
case Group:
|
|
return "Group"
|
|
case Org:
|
|
return "Org"
|
|
}
|
|
return fmt.Sprintf("Domain%d", int(d))
|
|
}
|