Compare commits
4 Commits
SEND021
...
202582626a
| Author | SHA1 | Date | |
|---|---|---|---|
| 202582626a | |||
|
6a2efd3d22 | ||
| a6374d1136 | |||
|
|
7c864dc304 |
@@ -7,6 +7,7 @@ import (
|
||||
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
|
||||
"go.uber.org/zap"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials/insecure"
|
||||
)
|
||||
@@ -23,6 +24,7 @@ type gatewayClient struct {
|
||||
conn *grpc.ClientConn
|
||||
client mntxv1.MntxGatewayServiceClient
|
||||
cfg Config
|
||||
logger *zap.Logger
|
||||
}
|
||||
|
||||
// New dials the Monetix gateway.
|
||||
@@ -47,6 +49,7 @@ func New(ctx context.Context, cfg Config, opts ...grpc.DialOption) (Client, erro
|
||||
conn: conn,
|
||||
client: mntxv1.NewMntxGatewayServiceClient(conn),
|
||||
cfg: cfg,
|
||||
logger: cfg.Logger,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -57,28 +60,39 @@ func (g *gatewayClient) Close() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (g *gatewayClient) callContext(ctx context.Context) (context.Context, context.CancelFunc) {
|
||||
func (g *gatewayClient) callContext(ctx context.Context, method string) (context.Context, context.CancelFunc) {
|
||||
if ctx == nil {
|
||||
ctx = context.Background()
|
||||
}
|
||||
timeout := g.cfg.CallTimeout
|
||||
if timeout <= 0 {
|
||||
timeout = 5 * time.Second
|
||||
}
|
||||
fields := []zap.Field{
|
||||
zap.String("method", method),
|
||||
zap.Duration("timeout", timeout),
|
||||
}
|
||||
if deadline, ok := ctx.Deadline(); ok {
|
||||
fields = append(fields, zap.Time("parent_deadline", deadline), zap.Duration("parent_deadline_in", time.Until(deadline)))
|
||||
}
|
||||
g.logger.Info("Mntx gateway client call timeout applied", fields...)
|
||||
return context.WithTimeout(ctx, timeout)
|
||||
}
|
||||
|
||||
func (g *gatewayClient) CreateCardPayout(ctx context.Context, req *mntxv1.CardPayoutRequest) (*mntxv1.CardPayoutResponse, error) {
|
||||
ctx, cancel := g.callContext(ctx)
|
||||
ctx, cancel := g.callContext(ctx, "CreateCardPayout")
|
||||
defer cancel()
|
||||
return g.client.CreateCardPayout(ctx, req)
|
||||
}
|
||||
|
||||
func (g *gatewayClient) CreateCardTokenPayout(ctx context.Context, req *mntxv1.CardTokenPayoutRequest) (*mntxv1.CardTokenPayoutResponse, error) {
|
||||
ctx, cancel := g.callContext(ctx)
|
||||
ctx, cancel := g.callContext(ctx, "CreateCardTokenPayout")
|
||||
defer cancel()
|
||||
return g.client.CreateCardTokenPayout(ctx, req)
|
||||
}
|
||||
|
||||
func (g *gatewayClient) GetCardPayoutStatus(ctx context.Context, req *mntxv1.GetCardPayoutStatusRequest) (*mntxv1.GetCardPayoutStatusResponse, error) {
|
||||
ctx, cancel := g.callContext(ctx)
|
||||
ctx, cancel := g.callContext(ctx, "GetCardPayoutStatus")
|
||||
defer cancel()
|
||||
return g.client.GetCardPayoutStatus(ctx, req)
|
||||
}
|
||||
|
||||
@@ -1,12 +1,17 @@
|
||||
package client
|
||||
|
||||
import "time"
|
||||
import (
|
||||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
// Config holds Monetix gateway client settings.
|
||||
type Config struct {
|
||||
Address string
|
||||
DialTimeout time.Duration
|
||||
CallTimeout time.Duration
|
||||
Logger *zap.Logger
|
||||
}
|
||||
|
||||
func (c *Config) setDefaults() {
|
||||
@@ -16,4 +21,7 @@ func (c *Config) setDefaults() {
|
||||
if c.CallTimeout <= 0 {
|
||||
c.CallTimeout = 10 * time.Second
|
||||
}
|
||||
if c.Logger == nil {
|
||||
c.Logger = zap.NewNop()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,10 @@
|
||||
package gateway
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/hmac"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
@@ -43,10 +45,11 @@ type callbackOperation struct {
|
||||
Currency string `json:"currency"`
|
||||
} `json:"sum_converted"`
|
||||
Provider struct {
|
||||
ID int64 `json:"id"`
|
||||
PaymentID string `json:"payment_id"`
|
||||
Date string `json:"date"`
|
||||
AuthCode string `json:"auth_code"`
|
||||
ID int64 `json:"id"`
|
||||
PaymentID string `json:"payment_id"`
|
||||
AuthCode string `json:"auth_code"`
|
||||
EndpointID int64 `json:"endpoint_id"`
|
||||
Date string `json:"date"`
|
||||
} `json:"provider"`
|
||||
Code string `json:"code"`
|
||||
Message string `json:"message"`
|
||||
@@ -56,7 +59,11 @@ type monetixCallback struct {
|
||||
ProjectID int64 `json:"project_id"`
|
||||
Payment callbackPayment `json:"payment"`
|
||||
Account struct {
|
||||
Number string `json:"number"`
|
||||
Number string `json:"number"`
|
||||
Type string `json:"type"`
|
||||
CardHolder string `json:"card_holder"`
|
||||
ExpiryMonth string `json:"expiry_month"`
|
||||
ExpiryYear string `json:"expiry_year"`
|
||||
} `json:"account"`
|
||||
Customer struct {
|
||||
ID string `json:"id"`
|
||||
@@ -120,17 +127,48 @@ func fallbackProviderPaymentID(cb monetixCallback) string {
|
||||
return cb.Payment.ID
|
||||
}
|
||||
|
||||
func verifyCallbackSignature(cb monetixCallback, secret string) error {
|
||||
expected := cb.Signature
|
||||
cb.Signature = ""
|
||||
calculated, err := monetix.SignPayload(cb, secret)
|
||||
func verifyCallbackSignature(payload []byte, secret string) (string, error) {
|
||||
root, err := decodeCallbackPayload(payload)
|
||||
if err != nil {
|
||||
return err
|
||||
return "", err
|
||||
}
|
||||
if subtleConstantTimeCompare(expected, calculated) {
|
||||
return nil
|
||||
signature, ok := signatureFromPayload(root)
|
||||
if !ok || strings.TrimSpace(signature) == "" {
|
||||
return "", merrors.InvalidArgument("signature is missing")
|
||||
}
|
||||
return merrors.DataConflict("signature mismatch")
|
||||
calculated, err := monetix.SignPayload(root, secret)
|
||||
if err != nil {
|
||||
return signature, err
|
||||
}
|
||||
if subtleConstantTimeCompare(signature, calculated) {
|
||||
return signature, nil
|
||||
}
|
||||
return signature, merrors.DataConflict("signature mismatch")
|
||||
}
|
||||
|
||||
func decodeCallbackPayload(payload []byte) (any, error) {
|
||||
var root any
|
||||
decoder := json.NewDecoder(bytes.NewReader(payload))
|
||||
decoder.UseNumber()
|
||||
if err := decoder.Decode(&root); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return root, nil
|
||||
}
|
||||
|
||||
func signatureFromPayload(root any) (string, bool) {
|
||||
payload, ok := root.(map[string]any)
|
||||
if !ok {
|
||||
return "", false
|
||||
}
|
||||
for key, value := range payload {
|
||||
if !strings.EqualFold(key, "signature") {
|
||||
continue
|
||||
}
|
||||
signature, ok := value.(string)
|
||||
return signature, ok
|
||||
}
|
||||
return "", false
|
||||
}
|
||||
|
||||
func subtleConstantTimeCompare(a, b string) bool {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package gateway
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -38,11 +39,11 @@ func TestMapCallbackToState_StatusMapping(t *testing.T) {
|
||||
cfg := monetix.DefaultConfig()
|
||||
|
||||
cases := []struct {
|
||||
name string
|
||||
paymentStatus string
|
||||
name string
|
||||
paymentStatus string
|
||||
operationStatus string
|
||||
code string
|
||||
expectedStatus mntxv1.PayoutStatus
|
||||
code string
|
||||
expectedStatus mntxv1.PayoutStatus
|
||||
expectedOutcome string
|
||||
}{
|
||||
{
|
||||
@@ -119,12 +120,20 @@ func TestVerifyCallbackSignature(t *testing.T) {
|
||||
t.Fatalf("failed to sign payload: %v", err)
|
||||
}
|
||||
cb.Signature = sig
|
||||
if err := verifyCallbackSignature(cb, secret); err != nil {
|
||||
payload, err := json.Marshal(cb)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to marshal callback: %v", err)
|
||||
}
|
||||
if _, err := verifyCallbackSignature(payload, secret); err != nil {
|
||||
t.Fatalf("expected valid signature, got %v", err)
|
||||
}
|
||||
|
||||
cb.Signature = "invalid"
|
||||
if err := verifyCallbackSignature(cb, secret); err == nil {
|
||||
payload, err = json.Marshal(cb)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to marshal callback: %v", err)
|
||||
}
|
||||
if _, err := verifyCallbackSignature(payload, secret); err == nil {
|
||||
t.Fatalf("expected signature mismatch error")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package gateway
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
@@ -338,13 +339,19 @@ func (p *cardPayoutProcessor) ProcessCallback(ctx context.Context, payload []byt
|
||||
return http.StatusBadRequest, err
|
||||
}
|
||||
|
||||
if strings.TrimSpace(cb.Signature) == "" {
|
||||
p.logger.Warn("Monetix callback signature is missing", zap.String("payout_id", cb.Payment.ID))
|
||||
return http.StatusBadRequest, merrors.InvalidArgument("signature is missing")
|
||||
}
|
||||
if err := verifyCallbackSignature(cb, p.config.SecretKey); err != nil {
|
||||
p.logger.Warn("Monetix callback signature check failed", zap.Error(err))
|
||||
return http.StatusForbidden, err
|
||||
signature, err := verifyCallbackSignature(payload, p.config.SecretKey)
|
||||
if err != nil {
|
||||
status := http.StatusBadRequest
|
||||
if errors.Is(err, merrors.ErrDataConflict) {
|
||||
status = http.StatusForbidden
|
||||
}
|
||||
p.logger.Warn("Monetix callback signature check failed",
|
||||
zap.String("payout_id", cb.Payment.ID),
|
||||
zap.String("signature", signature),
|
||||
zap.String("payload", string(payload)),
|
||||
zap.Error(err),
|
||||
)
|
||||
return status, err
|
||||
}
|
||||
|
||||
state, statusLabel := mapCallbackToState(p.clock, p.config, cb)
|
||||
|
||||
@@ -106,12 +106,23 @@ func (c *Client) sendTokenization(ctx context.Context, req CardTokenizeRequest)
|
||||
zap.String("masked_pan", MaskPAN(req.Card.PAN)),
|
||||
)
|
||||
|
||||
logRequestDeadline(c.logger, ctx, url)
|
||||
start := time.Now()
|
||||
resp, err := c.client.Do(httpReq)
|
||||
duration := time.Since(start)
|
||||
if err != nil {
|
||||
observeRequest(outcomeNetworkError, duration)
|
||||
c.logger.Warn("Monetix tokenization request failed", zap.Error(err))
|
||||
fields := []zap.Field{
|
||||
zap.String("url", url),
|
||||
zap.Error(err),
|
||||
}
|
||||
if ctxErr := ctx.Err(); ctxErr != nil {
|
||||
fields = append(fields, zap.NamedError("ctx_error", ctxErr))
|
||||
}
|
||||
if deadline, ok := ctx.Deadline(); ok {
|
||||
fields = append(fields, zap.Time("deadline", deadline), zap.Duration("time_until_deadline", time.Until(deadline)))
|
||||
}
|
||||
c.logger.Warn("Monetix tokenization request failed", fields...)
|
||||
return nil, merrors.Internal("monetix tokenization request failed: " + err.Error())
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
@@ -221,11 +232,23 @@ func (c *Client) send(ctx context.Context, req any, path string, dispatchLog fun
|
||||
dispatchLog()
|
||||
}
|
||||
|
||||
logRequestDeadline(c.logger, ctx, url)
|
||||
start := time.Now()
|
||||
resp, err := c.client.Do(httpReq)
|
||||
duration := time.Since(start)
|
||||
if err != nil {
|
||||
observeRequest(outcomeNetworkError, duration)
|
||||
fields := []zap.Field{
|
||||
zap.String("url", url),
|
||||
zap.Error(err),
|
||||
}
|
||||
if ctxErr := ctx.Err(); ctxErr != nil {
|
||||
fields = append(fields, zap.NamedError("ctx_error", ctxErr))
|
||||
}
|
||||
if deadline, ok := ctx.Deadline(); ok {
|
||||
fields = append(fields, zap.Time("deadline", deadline), zap.Duration("time_until_deadline", time.Until(deadline)))
|
||||
}
|
||||
c.logger.Warn("Monetix request failed", fields...)
|
||||
return nil, merrors.Internal("monetix request failed: " + err.Error())
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
@@ -288,3 +311,23 @@ func clearSignature(req any) (func(string), error) {
|
||||
return nil, merrors.Internal("unsupported monetix payload type for signing")
|
||||
}
|
||||
}
|
||||
|
||||
func logRequestDeadline(logger *zap.Logger, ctx context.Context, url string) {
|
||||
if logger == nil {
|
||||
return
|
||||
}
|
||||
if ctx == nil {
|
||||
logger.Info("Monetix request context is nil", zap.String("url", url))
|
||||
return
|
||||
}
|
||||
deadline, ok := ctx.Deadline()
|
||||
if !ok {
|
||||
logger.Info("Monetix request context has no deadline", zap.String("url", url))
|
||||
return
|
||||
}
|
||||
logger.Info("Monetix request context deadline",
|
||||
zap.String("url", url),
|
||||
zap.Time("deadline", deadline),
|
||||
zap.Duration("time_until_deadline", time.Until(deadline)),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -146,3 +146,66 @@ func TestSignPayload_EthEstimateGasExample(t *testing.T) {
|
||||
t.Fatalf("unexpected signature\nexpected: %s\ngot: %s", expected, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSignPayload_MonetixCallbackExample(t *testing.T) {
|
||||
payload := map[string]any{
|
||||
"customer": map[string]any{
|
||||
"id": "694ece88df756c2672dc6ce8",
|
||||
},
|
||||
"account": map[string]any{
|
||||
"number": "220070******0161",
|
||||
"type": "mir",
|
||||
"card_holder": "STEPHAN",
|
||||
"expiry_month": "03",
|
||||
"expiry_year": "2030",
|
||||
},
|
||||
"project_id": 157432,
|
||||
"payment": map[string]any{
|
||||
"id": "6952d0b307d2916aba87d4e8",
|
||||
"type": "payout",
|
||||
"status": "success",
|
||||
"date": "2025-12-29T19:04:24+0000",
|
||||
"method": "card",
|
||||
"sum": map[string]any{
|
||||
"amount": 10849,
|
||||
"currency": "RUB",
|
||||
},
|
||||
"description": "",
|
||||
},
|
||||
"operation": map[string]any{
|
||||
"sum_initial": map[string]any{
|
||||
"amount": 10849,
|
||||
"currency": "RUB",
|
||||
},
|
||||
"sum_converted": map[string]any{
|
||||
"amount": 10849,
|
||||
"currency": "RUB",
|
||||
},
|
||||
"code": "0",
|
||||
"message": "Success",
|
||||
"provider": map[string]any{
|
||||
"id": 26226,
|
||||
"payment_id": "a3761838-eabc-4c65-aa36-c854c47a226b",
|
||||
"auth_code": "",
|
||||
"endpoint_id": 26226,
|
||||
"date": "2025-12-29T19:04:23+0000",
|
||||
},
|
||||
"id": int64(5089807000008124),
|
||||
"type": "payout",
|
||||
"status": "success",
|
||||
"date": "2025-12-29T19:04:24+0000",
|
||||
"created_date": "2025-12-29T19:04:21+0000",
|
||||
"request_id": "7c3032f00629c94ad78e399c87da936f1cdc30de-2559ba11d6958d558a9f8ab8c20474d33061c654-05089808",
|
||||
},
|
||||
"signature": "IBgtwCoxhMUxF15q8DLc7orYOIJomeiaNpWs8JHHsdDYPKJsIKn4T+kYavPnKTO+yibhCLNKeL+hk2oWg9wPCQ==",
|
||||
}
|
||||
|
||||
got, err := SignPayload(payload, "1")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to sign payload: %v", err)
|
||||
}
|
||||
expected := "IBgtwCoxhMUxF15q8DLc7orYOIJomeiaNpWs8JHHsdDYPKJsIKn4T+kYavPnKTO+yibhCLNKeL+hk2oWg9wPCQ=="
|
||||
if got != expected {
|
||||
t.Fatalf("unexpected signature\nexpected: %s\ngot: %s", expected, got)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -54,7 +54,7 @@ gateway:
|
||||
mntx:
|
||||
address: "sendico_mntx_gateway:50075"
|
||||
dial_timeout_seconds: 5
|
||||
call_timeout_seconds: 3
|
||||
call_timeout_seconds: 15
|
||||
insecure: true
|
||||
|
||||
oracle:
|
||||
|
||||
@@ -273,6 +273,7 @@ func (i *Imp) initMntxClient(cfg clientConfig) mntxclient.Client {
|
||||
Address: addr,
|
||||
DialTimeout: cfg.dialTimeout(),
|
||||
CallTimeout: cfg.callTimeout(),
|
||||
Logger: i.logger.Named("client.mntx"),
|
||||
})
|
||||
if err != nil {
|
||||
i.logger.Warn("Failed to connect to mntx gateway service", zap.String("address", addr), zap.Error(err))
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
@monetixSuccess {
|
||||
path /gateway/m/success*
|
||||
method POST
|
||||
# remote_ip 88.218.112.16 88.218.112.16/32 88.218.113.16 88.218.113.16/32 93.179.90.141 93.179.90.128/25 93.179.90.161 93.179.91.0/24 178.57.67.47 178.57.66.128/25 178.57.67.154 178.57.67.0/24 178.57.68.244
|
||||
remote_ip 88.218.112.16 88.218.112.16/32 88.218.113.16 88.218.113.16/32 93.179.90.141 93.179.90.128/25 93.179.90.161 93.179.91.0/24 178.57.67.47 178.57.66.128/25 178.57.67.154 178.57.67.0/24 178.57.68.244
|
||||
}
|
||||
handle @monetixSuccess {
|
||||
rewrite * /monetix/callback
|
||||
@@ -50,7 +50,7 @@
|
||||
@monetixFail {
|
||||
path /gateway/m/fail*
|
||||
method POST
|
||||
# remote_ip 88.218.112.16 88.218.112.16/32 88.218.113.16 88.218.113.16/32 93.179.90.141 93.179.90.128/25 93.179.90.161 93.179.91.0/24 178.57.67.47 178.57.66.128/25 178.57.67.154 178.57.67.0/24 178.57.68.244
|
||||
remote_ip 88.218.112.16 88.218.112.16/32 88.218.113.16 88.218.113.16/32 93.179.90.141 93.179.90.128/25 93.179.90.161 93.179.91.0/24 178.57.67.47 178.57.66.128/25 178.57.67.154 178.57.67.0/24 178.57.68.244
|
||||
}
|
||||
handle @monetixFail {
|
||||
rewrite * /monetix/callback
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
import 'package:flutter/material.dart';
|
||||
|
||||
|
||||
class MockPaymentProvider with ChangeNotifier {
|
||||
double _amount = 10.0;
|
||||
bool _payerCoversFee = true;
|
||||
|
||||
double get amount => _amount;
|
||||
bool get payerCoversFee => _payerCoversFee;
|
||||
|
||||
double get fee => _amount * 0.05;
|
||||
double get total => payerCoversFee ? (_amount + fee) : _amount;
|
||||
double get recipientGets => payerCoversFee ? _amount : (_amount - fee);
|
||||
|
||||
void setAmount(double value) {
|
||||
_amount = value;
|
||||
notifyListeners();
|
||||
}
|
||||
|
||||
void setPayerCoversFee(bool value) {
|
||||
_payerCoversFee = value;
|
||||
notifyListeners();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user