soroush.asadi
4cc1c3a423
CI/CD / CI · API (dotnet build + test) (push) Successful in 1m3s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 37s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m10s
CI/CD / CI · Admin Web (tsc) (push) Successful in 37s
CI/CD / CI · Website (tsc) (push) Successful in 44s
CI/CD / CI · Koja (tsc) (push) Successful in 53s
CI/CD / Deploy · all services (push) Successful in 1m41s
Adds a signed broker integration for online plan purchases:
- FlatPayService: POST /v1/pay/request with X-Api-Key + X-Signature =
hex(HMAC-SHA256(secret, raw JSON bytes)); the exact serialized bytes are both
signed and sent. VerifyWebhook does a fixed-time compare of the digest, plus an
in-memory first-seen idempotency set.
- POST /api/payment/request (auth, ManageBilling): parses a "Tier:Months" product
(e.g. "Pro:12"), prices it via the plan catalog, creates a Pending SubscriptionPayment
(provider=FlatPay) as the order, and returns the broker payment URL. The order id is
the client_ref / metadata.payment_id.
- POST /api/payment/webhook (anonymous; HMAC is the auth — 401 on bad signature):
on status=Paid + first-seen id, grants the order via the shared plan-activation
path (extracted ActivatePaymentAsync, reused by all providers). Always 200 after a
valid signature so the broker won't retry an accepted job.
- Config FlatPay__{ApiKey,Secret,BaseUrl,ReturnUrl} (env-supplied; secrets stay out
of git), compose + .env.example wiring. PaymentProvider.FlatPay appended (int, no
migration).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
104 lines
5.7 KiB
Bash
104 lines
5.7 KiB
Bash
# ─────────────────────────────────────────────────────────────────────────────
|
|
# Meezi — environment template
|
|
# Copy to .env and fill in values. NEVER commit .env to git.
|
|
#
|
|
# For production: put the full contents in Gitea → Settings → Secrets → ENV_FILE
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
# ── Environment ───────────────────────────────────────────────────────────────
|
|
ASPNETCORE_ENVIRONMENT=Production
|
|
|
|
# ── Database ──────────────────────────────────────────────────────────────────
|
|
DB_PASSWORD=change-me-strong-password
|
|
DB_CONNECTION_STRING=Host=postgres;Port=5432;Database=meezi;Username=meezi;Password=change-me-strong-password
|
|
|
|
# ── JWT ───────────────────────────────────────────────────────────────────────
|
|
# openssl rand -hex 32
|
|
JWT_KEY=change-me-64-char-random-string-use-openssl-rand-hex-32-output
|
|
|
|
# ── TODAY: IP-based access (no domain yet) ───────────────────────────────────
|
|
# Replace 171.22.25.73 with your actual server IP.
|
|
# Note: NEXT_PUBLIC_* are baked into Next.js images at build time.
|
|
# When you switch to a domain tomorrow, update these AND re-run CI (to rebuild).
|
|
|
|
NEXT_PUBLIC_API_URL=http://171.22.25.73:5080
|
|
NEXT_PUBLIC_ADMIN_API_URL=http://171.22.25.73:5081
|
|
# Public site origin — MUST be the real domain in prod (used for canonical URLs,
|
|
# sitemap, robots, OG tags). A wrong value here de-indexes the whole site in GSC.
|
|
NEXT_PUBLIC_SITE_URL=https://meezi.ir
|
|
NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir
|
|
|
|
APP_QR_BASE_URL=http://171.22.25.73:3101
|
|
BILLING_DASHBOARD_URL=http://171.22.25.73:3101
|
|
|
|
CORS_ORIGIN_0=http://171.22.25.73:3101
|
|
CORS_ORIGIN_1=http://171.22.25.73:3010
|
|
CORS_ORIGIN_2=http://171.22.25.73:3103
|
|
CORS_ADMIN_ORIGIN_0=http://171.22.25.73:3102
|
|
|
|
# Host ports (what gets exposed on the server)
|
|
API_PORT=5080
|
|
ADMIN_API_PORT=5081
|
|
WEB_PORT=3101
|
|
ADMIN_WEB_PORT=3102
|
|
WEBSITE_PORT=3010
|
|
KOJA_PORT=3103
|
|
POSTGRES_PORT=5434
|
|
REDIS_PORT=6381
|
|
|
|
# ── TOMORROW: domain + Caddy (comment out IP section above, use this) ─────────
|
|
# DOMAIN=meezi.ir
|
|
# ACME_EMAIL=you@example.com
|
|
#
|
|
# NEXT_PUBLIC_API_URL=https://api.meezi.ir
|
|
# NEXT_PUBLIC_ADMIN_API_URL=https://admin-api.meezi.ir
|
|
# NEXT_PUBLIC_SITE_URL=https://meezi.ir
|
|
# NEXT_PUBLIC_KOJA_URL=https://koja.meezi.ir
|
|
#
|
|
# APP_QR_BASE_URL=https://app.meezi.ir
|
|
# BILLING_DASHBOARD_URL=https://app.meezi.ir
|
|
#
|
|
# CORS_ORIGIN_0=https://app.meezi.ir
|
|
# CORS_ORIGIN_1=https://meezi.ir
|
|
# CORS_ORIGIN_2=https://koja.meezi.ir
|
|
# CORS_ADMIN_ORIGIN_0=https://admin.meezi.ir
|
|
#
|
|
# Then run CI once to rebuild images with the new URLs baked in.
|
|
# DNS required: meezi.ir, app.meezi.ir, api.meezi.ir,
|
|
# koja.meezi.ir, admin.meezi.ir, admin-api.meezi.ir → server IP
|
|
|
|
# ── Migrations ────────────────────────────────────────────────────────────────
|
|
RUN_MIGRATIONS=true
|
|
|
|
# ── System admin seed (admin panel login) ─────────────────────────────────────
|
|
# On every boot the seeder ensures this admin exists with these credentials.
|
|
# Username defaults to "admin" if not set. Password is required to enable
|
|
# password login — leave blank to force OTP-only login.
|
|
SEED_ADMIN_PHONE=09190345606
|
|
SEED_ADMIN_USERNAME=admin
|
|
SEED_ADMIN_PASSWORD=change-me-strong-admin-password
|
|
|
|
# ── Payment: ZarinPal ─────────────────────────────────────────────────────────
|
|
# Get your merchant ID from: https://panel.zarinpal.com → API → MerchantID
|
|
ZARINPAL_MERCHANT_ID=
|
|
ZARINPAL_SANDBOX=false
|
|
|
|
# ── Payment: FlatRender Pay (ZarinPal broker) ─────────────────────────────────
|
|
# Broker keys from the FlatRender dashboard. Webhook is registered at the broker as
|
|
# https://api.meezi.ir/api/payment/webhook. Keep the live secret OUT of git.
|
|
FLATPAY_API_KEY=
|
|
FLATPAY_SECRET=
|
|
FLATPAY_BASE_URL=https://pay.flatrender.ir
|
|
FLATPAY_RETURN_URL=https://meezi.ir/payment/return
|
|
|
|
# ── SMS: Kavenegar ────────────────────────────────────────────────────────────
|
|
# Empty = OTP is logged to API console (fine for dev, not for production)
|
|
KAVENEGAR_API_KEY=4C30786935496261332B41685870444E47657A5367453369374F6E2F43334672576B526F5A4B4B795665493D
|
|
|
|
# ── Snappfood webhook ─────────────────────────────────────────────────────────
|
|
SNAPPFOOD_WEBHOOK_SECRET=change-me-snappfood-secret
|
|
|
|
# ── Docker image overrides (if direct MCR pull fails) ────────────────────────
|
|
# DOTNET_SDK_IMAGE=mirror.soroushasadi.com/dotnet/sdk:10.0
|
|
# DOTNET_ASPNET_IMAGE=mirror.soroushasadi.com/dotnet/aspnet:10.0
|