sinatra-paypal 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ffeb452cdbca569c58812c31d78e17710f934e56
+  data.tar.gz: 0de4a6bd12fb5739d09449ee50056fa46b5738b7
+SHA512:
+  metadata.gz: 1fe847202845a369bf73bdc01599e265ca5d0e486e3db82b1bf6f33c78d4115792aa0762998ac341193027707acd239240d1da0fe5ceeead6e19f1184e6da29d
+  data.tar.gz: 7f227512ad14d5b6dfe88d0f611c48a9f771ea11a5fdc5ff2616c8ee85719b67e00c9158a88fa10b18e7daf9d42f73d72b2432af9f7ea918321036425cd41e94

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sinatra-paypal.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Nathan Reed
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+# Sinatra::Paypal
+
+This gem makes it easy to validate and process Paypal IPN payments.
+
+It automatically adds a route at `/payment/validate` to use as the IPN endpoint, and then adds a number of new methods to the sinatra DSL allow payment events to be captured and processed
+
+## Usage
+
+Install the gem and then add it to your project with:
+
+	require 'sinatra-paypal'
+
+Then set the email of the paypal account where you want the payments to be sent:
+
+	configure do
+		settings.paypal.email = 'my.company@gmail.com'
+	end
+
+There are other configuration options you could use, but only setting the destination email is required.
+
+Add the following to your app. It will get called only when the payment is complete:
+	
+	# if this gets called, then you can be sure that the payment has passed validation
+	# with paypal, but you will still have to do your own validation - users can fiddle
+	# with the form fields before it gets sent to paypal - the only thing you can be sure
+	# of it the $ amount - if the payment is complete then this is the amount in your 
+	# account.
+	#
+	# all the payment 'routes' get called with the payment object ('p')s containing all
+	# the data for the transaction
+	payment :complete do |p|
+		#
+		# check that the price for the item matches ours - it's possible for users to
+		# change the price to whatever they want, and there is no way for paypal to check
+		# this
+		#
+		# You could also do this in the 'payment :validate' method
+		#
+		halt 500, 'invalid price' if p.amount != ITEM_PRICE
+
+		# you can put a json string in the custom_data property of the payment
+		# form, and it will be deserialized into the data object - this is very 
+		# useful for tracking user names etc, but remember that the contents of this
+		# field are not secure - a user could set it to whatever they want
+		upgrade_account p.data[:user_id]
+	end
+
+Other routes that you can use for processing:
+
+	# validate! is called for every transaction - not just complete ones
+	#
+	# if it fails validation, then 'halt' with the error message - the
+	# return value is ignored
+	payment :validate! do |p|
+		# we need a 'user_id' field in the data, otherwise its not valid
+		halt 500, 'user_id required' if p.data[:user_id].nil?
+	end
+
+	# finsh is called last after all other processing is complete. It is called for
+	# every transaction type. It is useful for doing logging etc.
+	payment :finish do |p|
+		log_payment p.id, p.amount
+	end
+
+	# repeated should return true if this transaction has been seen before - we want
+	# to make sure we don't process it more than once
+	payment :repeated? do |p|
+		return true if transaction_list.include? p.id
+		
+		transaction_list.push p.id
+		return false
+	end
+
+## The Payment Object
+
+Each payment route gets passed a payment object containing all the data from paypal for the transaction. It has several useful methods to make it easier to process the payment.
+
+	p.id 				# unique sha1 for the payment notification
+	p.transaction_id 	# paypal transaction_id
+	p.item_number 		# the item number set in the payment form
+	p.amount 			# payment amount
+	p.payment_fee 		# paypal fee amount
+	p.profit 			# payment amount minus any fees
+	p.data 				# custom data sent through as JSON
+	p.status 			# payment status - COMPLETE, PENDING, REFUNDED etc
+	p.complete?			# true if the payment status is COMPLETE
+	p.is_accountable?	# true if this notification has caused you paypal balance to change
+	p.reason_code 		# if the transaction is a refund the reason code will appear here
+	p.fields 			# object with the raw paypal notification data
+
+## Contributing
+
+1. Fork it ( https://github.com/reednj/sinatra-paypal/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "sinatra/paypal"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/sinatra/paypal.rb

@@ -0,0 +1,89 @@
+
+require 'sinatra/base'
+require 'sinatra/paypal/version'
+require 'sinatra/paypal/paypal-helper'
+require 'sinatra/paypal/paypal-request'
+
+PAYPAL_BLOCKS = {}
+
+module PayPal
+
+	module Helpers
+		def paypal_block(name)
+			return Proc.new{} if !PAYPAL_BLOCKS.key? name
+			PAYPAL_BLOCKS[name]
+		end
+
+		def paypal_form_url
+			PaypalHelper.form_url(settings.paypal.sandbox?)
+		end
+
+		def html_payment_form(offer_data, data = nil)
+			data ||= {}
+			data[:username] = session[:reddit_user] if !data.nil? && data[:username].nil?
+			data[:offer_code] = offer_data.code if !offer_data.nil?
+
+			raise 'cannot generate a payment form without settings.paypal.email' if settings.paypal.email.nil?
+
+			erb :_payment, :views => File.join(File.dirname(__FILE__), '/paypal'), :locals => {
+				:custom_data => data,
+				:offer_data => offer_data
+			}
+		end
+	end
+
+	def self.registered(app)
+		app.helpers PayPal::Helpers
+
+		app.set :paypal, OpenStruct.new({
+			:return_url => '/payment/complete',
+			:notify_url => '/payment/validate',
+			:sandbox? => app.settings.development?,
+			:email => nil
+		})
+
+		app.post '/payment/validate' do
+			paypal_helper = PaypalHelper.new(app.settings.paypal.sandbox?)
+			paypal_request = PaypalRequest.new(params)
+			
+			# first we check the request against paypal to make sure it is ok
+			if settings.production?
+				halt 400, 'request could not be validated' if !paypal_helper.ipn_valid? params
+			end
+
+			halt 400, 'no username provided' if paypal_request.username.nil?
+			
+			# check transaction log to make sure this not a replay attack
+			if instance_exec(paypal_request, &paypal_block(:repeated?))
+				# we want to log this, so we know about it, but we also want to return 200, because
+				# if it is paypal sending this, it will send it again and again until it gets a 200
+				# back
+				log_error 'already processed' if respond_to? :log_error
+				halt 200, 'already processed'
+			else
+				instance_exec(paypal_request, &paypal_block(:save))
+			end
+
+			instance_exec(paypal_request, &paypal_block(:validate!))
+			
+			# check that the payment is complete. we still return 200 if not, but
+			# we don't need to do anymore processing (except for marking it as accountable, if it is)
+			if paypal_request.complete?
+				instance_exec(paypal_request, &paypal_block(:complete))
+			end
+
+			instance_exec(paypal_request, &paypal_block(:finish))
+
+			return 200
+		end
+	end
+
+	def payment(name, &block)
+		PAYPAL_BLOCKS[name] = block
+	end
+end
+
+
+module Sinatra
+	register PayPal
+end

data/lib/sinatra/paypal/_payment.erb

@@ -0,0 +1,25 @@
+
+<form id='paypal-form' action="<%= paypal_form_url %>" method="post" style='display:none'>
+	<input type="hidden" name="cmd" value="_xclick">
+
+	<input type="hidden" name="business" value="<%= settings.paypal.email %>">
+	<input type='hidden' name='custom' value='<%= custom_data.to_json %>'>
+	<input type="hidden" name="return" value="<%= url(settings.paypal.return_url) %>">
+	<input type="hidden" name="notify_url" value="<%= url(settings.paypal.notify_url) %>">
+
+	<% if offer_data.nil? %>
+		<input type="hidden" name="item_number" id='paypal-item-number' value="0">
+		<input type="hidden" name="item_name" id='paypal-item-name' value="0">
+		<input type="hidden" name="amount" id='paypal-amount' value="1.00">
+	<% else %>
+		<input type="hidden" name="item_number" id='paypal-item-number' value="<%= offer_data.offer.item_code %>">
+		<input type="hidden" name="item_name" id='paypal-item-name' value="<%= offer_data.item.name %>">
+		<input type="hidden" name="amount" id='paypal-amount' value="<%= offer_data.offer.amount %>">
+	<% end %>
+
+	<input type="hidden" name="no_shipping" value="1">
+	<input type="hidden" name="no_note" value="1">
+	<input type="hidden" name="currency_code" value="USD">
+	<input type="hidden" name="lc" value="US"> 
+	<input type="hidden" name="bn" value="PP-BuyNowBF">
+</form>

data/lib/sinatra/paypal/paypal-helper.rb

@@ -0,0 +1,22 @@
+require 'rest-client'
+
+class PaypalHelper
+	def initialize(use_sandbox)
+		@use_sandbox = use_sandbox
+	end
+
+	def form_url
+		@use_sandbox ? 'https://www.sandbox.paypal.com/cgi-bin/webscr' : 'https://www.paypal.com/cgi-bin/webscr'
+	end
+
+	def self.form_url(use_sandbox)
+		new(use_sandbox).form_url
+	end
+
+	def ipn_valid?(params)
+		return false if params.nil?
+
+		params[:cmd] = '_notify-validate'
+		return RestClient.post(self.form_url, params) == 'VERIFIED'
+	end
+end

data/lib/sinatra/paypal/paypal-request.rb

@@ -0,0 +1,109 @@
+
+class PaypalRequest
+	def initialize(params)
+		if params.is_a? String
+			 params = JSON.parse(params, {:symbolize_names => true})
+		end
+
+		@fields = params
+		@custom_data = nil
+	end
+
+	
+	def id
+		self.transaction_hash
+	end
+
+	# the same transaction id can come in mulitple times with different statuses
+	# so we need to check both of them in order to see if the txn is unquie
+	def transaction_hash
+		"#{self.transaction_id}-#{@fields[:payment_status]}".sha1
+	end
+
+	def transaction_id
+		@fields[:txn_id]
+	end
+
+	def item_valid?(item_list, offer_data = nil)
+		if item_list[self.item_number] != nil
+			if item_list[self.item_number][:amount] == self.amount
+				# this is a regular purchase at the regular price
+				return true
+			elsif self.uses_offer?(offer_data)
+				# the price comes from a special offer, its valid
+				return true
+			end
+		end
+
+		return false
+	end
+
+	def uses_offer?(offer_data)
+		# to check if the offer is valid on this purchase we need to check the item code and the price matches
+		return !offer_data.nil? && offer_data[:offer][:item_code] == self.item_number && offer_data[:offer][:amount]  == self.amount
+	end
+
+	def item_number
+		@fields[:item_number]
+	end
+
+	def amount
+		Float(@fields[:mc_gross] || 0)
+	end
+
+	def payment_fee
+		Float(@fields[:mc_fee] || 0)
+	end
+
+	# defined as the gross amount, minus transaction fees
+	# could also subtract shipping and tax here as well, but we don't have to deal with
+	# any of that yet
+	def profit
+		self.amount - self.payment_fee
+	end
+
+	def username
+		self.custom_data[:username]
+	end
+
+	def custom_data
+		if @custom_data.nil?
+			if @fields[:custom].strip.start_with? '{'
+				# we could get a json object through, in which case it needs to be parsed...
+				@custom_data = JSON.parse(@fields[:custom], {:symbolize_names => true})
+			else
+				# ...or would just have a string (which we assume is the target username) in that
+				# case we need to normalize it into an object
+				@custom_data = {:username => @fields[:custom]}
+			end
+		end
+
+		return @custom_data
+	end
+
+	def data
+		custom_data
+	end
+
+	def status
+		@fields[:payment_status]
+	end
+
+	def complete?
+		self.status == 'Completed'
+	end
+
+	# these are payment statues that actually result in the paypal balance changing, so we should set them as
+	# accountable in the payment_log
+	def is_accountable?
+		(self.complete? || self.status == 'Refunded' || self.status == 'Reversed' || self.status == 'Canceled_Reversal')
+	end
+
+	def reason_code
+		@fields[:reason_code] || @fields[:pending_reason]
+	end
+
+	def fields
+		@fields
+	end
+end

data/lib/sinatra/paypal/version.rb

@@ -0,0 +1,5 @@
+module Sinatra
+  module Paypal
+    VERSION = "0.1.0"
+  end
+end

data/sinatra-paypal.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'sinatra/paypal/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "sinatra-paypal"
+  spec.version       = Sinatra::Paypal::VERSION
+  spec.authors       = ["Nathan Reed"]
+  spec.email         = ["reednj@gmail.com"]
+
+  spec.summary       = %q{Easy validation and processing of Paypal IPN payments}
+  spec.homepage      = "http://github.com/reednj/sinatra-paypal"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.9"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "test-unit"
+  spec.add_runtime_dependency "sinatra"
+  spec.add_runtime_dependency "rest-client"
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: sinatra-paypal
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nathan Reed
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-10-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- reednj@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/sinatra/paypal.rb
+- lib/sinatra/paypal/_payment.erb
+- lib/sinatra/paypal/paypal-helper.rb
+- lib/sinatra/paypal/paypal-request.rb
+- lib/sinatra/paypal/version.rb
+- sinatra-paypal.gemspec
+homepage: http://github.com/reednj/sinatra-paypal
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Easy validation and processing of Paypal IPN payments
+test_files: []