quotation bff

2025-12-09 16:29:29 +01:00
parent cecaebfc5e
commit ce59cb1b26
61 changed files with 2204 additions and 632 deletions
--- a/api/server/internal/api/api.go
+++ b/api/server/internal/api/api.go
@@ -17,6 +17,7 @@ import (
 	"github.com/tech/sendico/server/interface/services/ledger"
 	"github.com/tech/sendico/server/interface/services/logo"
 	"github.com/tech/sendico/server/interface/services/organization"
+	"github.com/tech/sendico/server/interface/services/payment"
 	"github.com/tech/sendico/server/interface/services/paymethod"
 	"github.com/tech/sendico/server/interface/services/permission"
 	"github.com/tech/sendico/server/interface/services/recipient"
@@ -91,6 +92,7 @@ func (a *APIImp) installServices() error {
 	srvf = append(srvf, ledger.Create)
 	srvf = append(srvf, recipient.Create)
 	srvf = append(srvf, paymethod.Create)
+	srvf = append(srvf, payment.Create)

 	for _, v := range srvf {
 		if err := a.addMicroservice(v); err != nil {
--- a/api/server/internal/server/paymentapiimp/pay.go
+++ b/api/server/internal/server/paymentapiimp/pay.go
@@ -0,0 +1,84 @@
+package paymentapiimp
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	"github.com/tech/sendico/server/interface/api/srequest"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+// shared initiation pipeline
+func (a *PaymentAPI) initiatePayment(r *http.Request, account *model.Account, token *sresponse.TokenData, expectQuote bool) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for payment initiation", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	allowed, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionCreate)
+	if err != nil {
+		a.logger.Warn("Failed to check payments access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !allowed {
+		a.logger.Debug("Access denied when initiating payment", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "payments write permission denied")
+	}
+
+	payload, err := decodeInitiatePayload(r)
+	if err != nil {
+		return response.BadPayload(a.logger, a.Name(), err)
+	}
+	if expectQuote && strings.TrimSpace(payload.QuoteRef) == "" {
+		return response.BadPayload(a.logger, a.Name(), merrors.InvalidArgument("quote_ref is required"))
+	}
+	if !expectQuote {
+		payload.QuoteRef = ""
+	}
+
+	req := &orchestratorv1.InitiatePaymentRequest{
+		Meta: &orchestratorv1.RequestMeta{
+			OrganizationRef: orgRef.Hex(),
+		},
+		IdempotencyKey: strings.TrimSpace(payload.IdempotencyKey),
+		Intent:         payload.Intent,
+		FeeQuoteToken:  strings.TrimSpace(payload.FeeQuoteToken),
+		FxQuoteRef:     strings.TrimSpace(payload.FxQuoteRef),
+		QuoteRef:       strings.TrimSpace(payload.QuoteRef),
+		Metadata:       payload.Metadata,
+	}
+
+	resp, err := a.client.InitiatePayment(ctx, req)
+	if err != nil {
+		a.logger.Warn("Failed to initiate payment", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+
+	return sresponse.PaymentResponse(a.logger, resp.GetPayment(), token)
+}
+
+func decodeInitiatePayload(r *http.Request) (*srequest.InitiatePaymentPayload, error) {
+	defer r.Body.Close()
+
+	payload := &srequest.InitiatePaymentPayload{}
+	if err := json.NewDecoder(r.Body).Decode(payload); err != nil {
+		return nil, merrors.InvalidArgument("invalid payload: " + err.Error())
+	}
+	payload.IdempotencyKey = strings.TrimSpace(payload.IdempotencyKey)
+	if payload.IdempotencyKey == "" {
+		return nil, merrors.InvalidArgument("idempotencyKey is required")
+	}
+	if payload.Intent == nil {
+		return nil, merrors.InvalidArgument("intent is required")
+	}
+	return payload, nil
+}
--- a/api/server/internal/server/paymentapiimp/payimmediate.go
+++ b/api/server/internal/server/paymentapiimp/payimmediate.go
@@ -0,0 +1,13 @@
+package paymentapiimp
+
+import (
+	"net/http"
+
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+)
+
+// initiateImmediate runs a one-shot payment using a fresh quote.
+func (a *PaymentAPI) initiateImmediate(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	return a.initiatePayment(r, account, token, false)
+}
--- a/api/server/internal/server/paymentapiimp/payquote.go
+++ b/api/server/internal/server/paymentapiimp/payquote.go
@@ -0,0 +1,13 @@
+package paymentapiimp
+
+import (
+	"net/http"
+
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+)
+
+// initiateByQuote executes a payment using a previously issued quote_ref.
+func (a *PaymentAPI) initiateByQuote(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	return a.initiatePayment(r, account, token, true)
+}
--- a/api/server/internal/server/paymentapiimp/quote.go
+++ b/api/server/internal/server/paymentapiimp/quote.go
@@ -0,0 +1,74 @@
+package paymentapiimp
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/model"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	"github.com/tech/sendico/server/interface/api/srequest"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *PaymentAPI) quotePayment(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for quote", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	allowed, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionCreate)
+	if err != nil {
+		a.logger.Warn("Failed to check payments access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !allowed {
+		a.logger.Debug("Access denied when quoting payment", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "payments write permission denied")
+	}
+
+	payload, err := decodeQuotePayload(r)
+	if err != nil {
+		return response.BadPayload(a.logger, a.Name(), err)
+	}
+
+	req := &orchestratorv1.QuotePaymentRequest{
+		Meta: &orchestratorv1.RequestMeta{
+			OrganizationRef: orgRef.Hex(),
+		},
+		IdempotencyKey: payload.IdempotencyKey,
+		Intent:         payload.Intent,
+		PreviewOnly:    payload.PreviewOnly,
+	}
+
+	resp, err := a.client.QuotePayment(ctx, req)
+	if err != nil {
+		a.logger.Warn("Failed to quote payment", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+
+	return sresponse.PaymentQuoteResponse(a.logger, resp.GetQuote(), token)
+}
+
+func decodeQuotePayload(r *http.Request) (*srequest.QuotePaymentPayload, error) {
+	defer r.Body.Close()
+
+	payload := &srequest.QuotePaymentPayload{}
+	if err := json.NewDecoder(r.Body).Decode(payload); err != nil {
+		return nil, merrors.InvalidArgument("invalid payload: " + err.Error())
+	}
+	payload.IdempotencyKey = strings.TrimSpace(payload.IdempotencyKey)
+	if payload.IdempotencyKey == "" {
+		return nil, merrors.InvalidArgument("idempotencyKey is required")
+	}
+	if payload.Intent == nil {
+		return nil, merrors.InvalidArgument("intent is required")
+	}
+	return payload, nil
+}
--- a/api/server/internal/server/paymentapiimp/service.go
+++ b/api/server/internal/server/paymentapiimp/service.go
@@ -0,0 +1,102 @@
+package paymentapiimp
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	orchestratorclient "github.com/tech/sendico/payments/orchestrator/client"
+	api "github.com/tech/sendico/pkg/api/http"
+	"github.com/tech/sendico/pkg/auth"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/mlogger"
+	"github.com/tech/sendico/pkg/mservice"
+	orchestratorv1 "github.com/tech/sendico/pkg/proto/payments/orchestrator/v1"
+	eapi "github.com/tech/sendico/server/interface/api"
+	mutil "github.com/tech/sendico/server/internal/mutil/param"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+type paymentClient interface {
+	QuotePayment(ctx context.Context, req *orchestratorv1.QuotePaymentRequest) (*orchestratorv1.QuotePaymentResponse, error)
+	InitiatePayment(ctx context.Context, req *orchestratorv1.InitiatePaymentRequest) (*orchestratorv1.InitiatePaymentResponse, error)
+	Close() error
+}
+
+type PaymentAPI struct {
+	logger mlogger.Logger
+	client paymentClient
+	enf    auth.Enforcer
+	oph    mutil.ParamHelper
+
+	permissionRef primitive.ObjectID
+}
+
+func (a *PaymentAPI) Name() mservice.Type { return mservice.PaymentOrchestrator }
+
+func (a *PaymentAPI) Finish(ctx context.Context) error {
+	if a.client != nil {
+		if err := a.client.Close(); err != nil {
+			a.logger.Warn("Failed to close payment orchestrator client", zap.Error(err))
+		}
+	}
+	return nil
+}
+
+func CreateAPI(apiCtx eapi.API) (*PaymentAPI, error) {
+	p := &PaymentAPI{
+		logger: apiCtx.Logger().Named(mservice.PaymentOrchestrator),
+		enf:    apiCtx.Permissions().Enforcer(),
+		oph:    mutil.CreatePH(mservice.Organizations),
+	}
+
+	desc, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.PaymentOrchestrator)
+	if err != nil {
+		p.logger.Warn("Failed to fetch payment orchestrator permission description", zap.Error(err))
+		return nil, err
+	}
+	p.permissionRef = desc.ID
+
+	if err := p.initPaymentClient(apiCtx.Config().PaymentOrchestrator); err != nil {
+		p.logger.Error("Failed to initialize payment orchestrator client", zap.Error(err))
+		return nil, err
+	}
+
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/quote"), api.Post, p.quotePayment)
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/immediate"), api.Post, p.initiateImmediate)
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/by-quote"), api.Post, p.initiateByQuote)
+
+	return p, nil
+}
+
+func (a *PaymentAPI) initPaymentClient(cfg *eapi.PaymentOrchestratorConfig) error {
+	if cfg == nil {
+		return merrors.InvalidArgument("payment orchestrator configuration is not provided")
+	}
+
+	address := strings.TrimSpace(cfg.Address)
+	if address == "" {
+		address = strings.TrimSpace(os.Getenv(cfg.AddressEnv))
+	}
+	if address == "" {
+		return merrors.InvalidArgument(fmt.Sprintf("payment orchestrator address is not specified and address env %s is empty", cfg.AddressEnv))
+	}
+
+	clientCfg := orchestratorclient.Config{
+		Address:     address,
+		DialTimeout: time.Duration(cfg.DialTimeoutSeconds) * time.Second,
+		CallTimeout: time.Duration(cfg.CallTimeoutSeconds) * time.Second,
+		Insecure:    cfg.Insecure,
+	}
+
+	client, err := orchestratorclient.New(context.Background(), clientCfg)
+	if err != nil {
+		return err
+	}
+
+	a.client = client
+	return nil
+}