RubyGems - spree_razorpay_checkout - Versions diffs - 0.3.0 → 0.3.2 - Mend

spree_razorpay_checkout 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/app/controllers/spree/razorpay/_webhooks_controller.rb +78 -0
data/app/models/spree/gateway/razorpay_gateway.rb +79 -25
data/app/models/spree/payment_sessions/razorpay.rb +37 -1
data/app/views/spree/admin/payment_methods/configuration_guides/_razorpay.html.erb +1 -1
data/config/routes.rb +3 -6
data/lib/spree_razorpay_checkout/version.rb +1 -1
metadata +3 -3
data/app/controllers/spree/razorpay/webhooks_controller.rb +0 -72

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2ae9eca9f07041baff888721f0da631374e73925e8237eeafe32ccfe5185298
-  data.tar.gz: b087fa0f6961cc60c77c38cef002566104a19f6a3a87519658d69c2eb0174ec0
+  metadata.gz: 59ea8bc12e162b79eacdbefce1a1ee167cd9a4d4e7c2cd7cd3bd53ce47a8d716
+  data.tar.gz: a4b9a022d525bb254c0b932f415ebedf63dbfc4aac3be42d648546163b149d87
 SHA512:
-  metadata.gz: 4262af60d12805b8d7ee60cae23b03f95d9211a806bc39d88d8a4cbe556e280428921d1c9c14b940f56d92128b1e952e7ea99f0d69436bb00071b16c425b83e5
-  data.tar.gz: bf60c0322601d7dfed075e214828ab5fabf98f55a57760ab3f7b73c9b40edc3c3da7a19ac04ac5ff267b23f8130171332c4a522da996533832d1568e23f0652d
+  metadata.gz: cc7bedce60a230b32703ff7e8613153f9eee91eee5554b51c42e7de2aa235799038825b5b103eddd4948e26e9ac8a13850d2353e1d240b514b839dd58c686fc2
+  data.tar.gz: eb72bd494b0f178939f8ad4463281ec3bb793f8bf6ef0bb0c751b8d1fa2c976ec1b42b1a9a81b774fff1680c411b783f2a2c31327f679c1d842a35dd63ce6bc1

data/app/controllers/spree/razorpay/_webhooks_controller.rb ADDED Viewed

@@ -0,0 +1,78 @@
+module Spree
+  class RazorpayWebhooksController < ActionController::API
+    skip_before_action :verify_authenticity_token, raise: false
+    # Handles asynchronous background webhooks directly from Razorpay's servers
+    def create
+      payload = request.body.read
+      signature = request.headers['X-Razorpay-Signature'] || request.headers['HTTP_X_RAZORPAY_SIGNATURE']
+      gateway = Spree::Gateway::RazorpayGateway.active.first
+      return head :not_found unless gateway && gateway.preferred_webhook_secret.present?
+      begin
+        # 1. Use the gateway's parser to verify signature and map the action
+        parsed_event = gateway.parse_webhook_event(payload, { 'HTTP_X_RAZORPAY_SIGNATURE' => signature })
+        # If it's an event we don't care about, acknowledge and return
+        return head :ok unless parsed_event
+        # 2. Extract Data
+        payment_session = parsed_event[:payment_session]
+        action = parsed_event[:action]
+        event_data = JSON.parse(payload)
+        metadata = event_data.dig('payload', 'payment', 'entity') || {}
+        # 3. Trigger the Core Spree 5.5 Webhook Handler Service
+        Spree::Payments::HandleWebhook.call(
+          payment_method: gateway,
+          action: action,
+          payment_session: payment_session,
+          metadata: metadata
+        )
+      rescue Spree::PaymentMethod::WebhookSignatureError => e
+        Rails.logger.error("Razorpay Webhook Verification Failed: #{e.message}")
+        return head :unauthorized
+      rescue StandardError => e
+        Rails.logger.error("Razorpay Webhook Processing Error: #{e.message}")
+        return head :unprocessable_entity
+      end
+      head :ok
+    end
+    # Handles synchronous frontend verification from Next.js Storefront
+    def verify
+      razorpay_order_id = params[:razorpay_order_id]
+      razorpay_payment_id = params[:razorpay_payment_id]
+      razorpay_signature = params[:razorpay_signature]
+      session = Spree::PaymentSession.find_by(external_id: razorpay_order_id)
+      return head :not_found unless session
+      gateway = Spree::Gateway::RazorpayGateway.active.first
+      return render json: { success: false, error: 'Gateway not configured' }, status: :internal_server_error unless gateway
+      gateway.provider
+      begin
+        ::Razorpay::Utility.verify_payment_signature(
+          razorpay_order_id: razorpay_order_id,
+          razorpay_payment_id: razorpay_payment_id,
+          razorpay_signature: razorpay_signature
+        )
+        session.external_data ||= {}
+        session.external_data['razorpay_payment_id'] = razorpay_payment_id
+        session.external_data['razorpay_signature'] = razorpay_signature
+        session.save!
+        render json: { success: true }
+      rescue ::Razorpay::Errors::SignatureVerificationError => e
+        Rails.logger.error("Razorpay Frontend Verification Failed: #{e.message}")
+        render json: { success: false, error: e.message }, status: :unprocessable_entity
+      end
+    end
+  end
+end

data/app/models/spree/gateway/razorpay_gateway.rb CHANGED Viewed

@@ -14,6 +14,9 @@ module Spree
     preference :merchant_address, :string, default: 'Razorpay, Bangalore, India'
     preference :theme_color, :string, default: '#2e5bff'
     preference :headless_api_mode, :boolean, default: false
+    # NEW: Allow manual capture vs auto-capture choice from Spree Admin Panel
+    preference :auto_capture, :boolean, default: true
     def name
       'Razorpay Secure (UPI, Wallets, Cards & Netbanking)'
@@ -52,7 +55,7 @@ module Spree
     end
     def auto_capture?
-      true
+      preferred_auto_capture
     end
     def request_type
@@ -95,7 +98,9 @@ module Spree
       Spree::PaymentSessions::Razorpay if defined?(Spree::PaymentSession)
     end
+    # =========================================================================
     # SPREE 5.4+ HEADLESS API FLOW (Protected by defined? check)
+    # =========================================================================
     if defined?(Spree::PaymentSession)
       def create_payment_session(order:, amount: nil, external_data: {})
@@ -107,7 +112,7 @@ module Spree
           amount: amount_in_cents,
           currency: order.currency || 'INR',
           receipt: order.number,
-          payment_capture: 1,
+          payment_capture: auto_capture? ? 1 : 0, # UPDATED: Respects Manual Capture
           notes: { spree_order_number: order.number, email: order.email }
         )
@@ -140,7 +145,7 @@ module Spree
             amount: amount_in_cents,
             currency: payment_session.currency,
             receipt: payment_session.order.number,
-            payment_capture: 1
+            payment_capture: auto_capture? ? 1 : 0 # UPDATED: Respects Manual Capture
           )
           payment_session.update!(amount: amount, external_id: new_rzp_order.id)
@@ -151,34 +156,60 @@ module Spree
       def complete_payment_session(payment_session:, params: {})
         provider
-        ext_data = params[:external_data] || params['external_data'] || {}
-        rzp_payment_id = ext_data[:razorpay_payment_id] || ext_data['razorpay_payment_id'] || payment_session.external_data['razorpay_payment_id']
-        rzp_signature  = ext_data[:razorpay_signature] || ext_data['razorpay_signature'] || payment_session.external_data['razorpay_signature']
+        # Robustly parse the JSON string sent from Next.js via the Spree API
+        result_data = {}
+        if params[:session_result].present?
+          begin
+            result_data = params[:session_result].is_a?(String) ? JSON.parse(params[:session_result]) : params[:session_result]
+          rescue JSON::ParserError
+            result_data = {}
+          end
+        end
+        rzp_payment_id = result_data['razorpay_payment_id'] || result_data[:razorpay_payment_id] || payment_session.external_data['razorpay_payment_id']
+        rzp_signature  = result_data['razorpay_signature'] || result_data[:razorpay_signature] || payment_session.external_data['razorpay_signature']
         begin
+          # Verify the Signature
           ::Razorpay::Utility.verify_payment_signature(
             razorpay_order_id: payment_session.external_id,
             razorpay_payment_id: rzp_payment_id,
             razorpay_signature: rzp_signature
           )
-          rzp_payment = ::Razorpay::Payment.fetch(rzp_payment_id)
-          if rzp_payment.status == 'authorized'
-            rzp_payment.capture({ amount: (payment_session.amount.to_f * 100).to_i })
-          end
-          payment_session.process! if payment_session.can_process?
-          payment = payment_session.find_or_create_payment!
-          if payment.present? && !payment.completed?
-            payment.started_processing! if payment.checkout?
-            payment.complete! if payment.can_complete?
+         # Lock the order database row to prevent race conditions with Webhooks
+          payment_session.order.with_lock do
+            # Save the verified IDs into the session
+            session_data = payment_session.external_data || {}
+            session_data['razorpay_payment_id'] = rzp_payment_id
+            session_data['razorpay_signature'] = rzp_signature
+            payment_session.update!(external_data: session_data)
+            # Fetch payment status directly from Razorpay for instant frontend resolution
+            rzp_payment = ::Razorpay::Payment.fetch(rzp_payment_id)
+            # Process and Create Payment
+            payment_session.process! if payment_session.can_process?
+            payment = payment_session.find_or_create_payment!
+            if payment.present? && !payment.completed?
+              payment.started_processing! if payment.checkout?
+              # SYNCHRONOUS FIX: Immediately transition payment state so Next.js can complete the order
+              if rzp_payment.status == 'captured'
+                payment.complete! if payment.can_complete?
+              elsif rzp_payment.status == 'authorized'
+                payment.pend! if payment.can_pend?
+              end
+            end
+            payment_session.complete! if payment_session.can_complete?
           end
-          payment_session.complete! if payment_session.can_complete?
         rescue StandardError => e
-          Rails.logger.error("Razorpay 5.4 API Completion Failed: #{e.message}")
+          Rails.logger.error("Razorpay 5.4+ API Completion Failed: #{e.message}")
           payment_session.fail! if payment_session.can_fail?
           raise Spree::Core::GatewayError, e.message
         end
@@ -198,9 +229,12 @@ module Spree
         session = Spree::PaymentSession.find_by(external_id: payment_entity['order_id'])
         return nil unless session
+        # UPDATED: Split authorized vs captured to align with new Spree webhook architecture
         case event['event']
-        when 'payment.captured', 'payment.authorized'
+        when 'payment.captured', 'order.paid'
           { action: :captured, payment_session: session }
+        when 'payment.authorized'
+          { action: :authorized, payment_session: session }
         when 'payment.failed'
           { action: :failed, payment_session: session }
         else
@@ -211,6 +245,10 @@ module Spree
       end
     end
+    # =========================================================================
+    # LEGACY / ACTIVEMERCHANT FLOW
+    # =========================================================================
     def purchase(_amount, source, _gateway_options = {})
       provider
@@ -240,7 +278,7 @@ module Spree
       end
     end
-def resolve_razorpay_payment_id(response_code)
+    def resolve_razorpay_payment_id(response_code)
       return nil if response_code.blank?
       if response_code.to_s.start_with?('order_')
@@ -257,8 +295,24 @@ def resolve_razorpay_payment_id(response_code)
       end
     end
-    def capture(*args)
-      ActiveMerchant::Billing::Response.new(true, 'Already Captured', {}, test: preferred_test_mode)
+    # UPDATED: Fully implemented Capture method so you can click "Capture" inside Spree Admin
+    def capture(amount_in_cents, response_code, gateway_options = {})
+      provider
+      begin
+        rzp_payment_id = resolve_razorpay_payment_id(response_code)
+        raise StandardError, "Missing Razorpay Payment ID." if rzp_payment_id.blank?
+        rzp_payment = ::Razorpay::Payment.fetch(rzp_payment_id)
+        if rzp_payment.status == 'authorized'
+          rzp_payment.capture({ amount: amount_in_cents, currency: gateway_options[:currency] || 'INR' })
+        end
+        ActiveMerchant::Billing::Response.new(true, 'Razorpay Capture Successful', {}, test: preferred_test_mode, authorization: rzp_payment_id)
+      rescue StandardError => e
+        Rails.logger.error("Razorpay Capture Failed: #{e.message}")
+        ActiveMerchant::Billing::Response.new(false, "Capture failed: #{e.message}", {}, test: preferred_test_mode)
+      end
     end
     def credit(credit_cents, response_code, _gateway_options = {})
@@ -301,4 +355,4 @@ def resolve_razorpay_payment_id(response_code)
       void(response_code)
     end
   end
-end
+end

data/app/models/spree/payment_sessions/razorpay.rb CHANGED Viewed

@@ -9,6 +9,42 @@ module Spree
       def razorpay_order_id
         external_id
       end
+      def find_or_create_payment!(metadata = {})
+        return unless persisted?
+        return payment if payment.present?
+        order.with_lock do
+          rzp_payment_id = external_data['razorpay_payment_id'] || metadata['id']
+          existing_payment = order.payments.where(
+            payment_method: payment_method,
+            response_code: rzp_payment_id || external_id
+          ).first
+          return existing_payment if existing_payment.present?
+          rzp_status = metadata['status'] || 'pending'
+          source = ::Spree::RazorpayCheckout.create!(
+            order_id: order.id,
+            razorpay_payment_id: rzp_payment_id,
+            razorpay_order_id: external_id,
+            razorpay_signature: external_data['razorpay_signature'],
+            status: rzp_status,
+            payment_method: payment_method.name
+          )
+          order.payments.create!(
+            payment_method: payment_method,
+            amount: amount,
+            response_code: rzp_payment_id || external_id,
+            source: source,
+            skip_source_requirement: true
+          )
+        end
+      end
     end
   end
-end
+end

data/app/views/spree/admin/payment_methods/configuration_guides/_razorpay.html.erb CHANGED Viewed

@@ -47,7 +47,7 @@
           <h6 class="font-weight-bold text-dark mb-2" style="font-size: 0.95rem;">Next.js Storefront</h6>
           <div class="input-group bg-gray-25 border border-gray-100 mb-3 d-flex align-items-center rounded" data-controller="clipboard" data-clipboard-success-content-value="Copied!">
-            <input type="text" readonly value="<%= base_url %>/api/v3/webhooks/payments/<%= @payment_method.id %>" class="text-gray-600 py-2 grow pl-3 border-0 bg-transparent shadow-none" style="font-family: monospace; font-size: 0.85rem; outline: none; min-width: 0;" data-clipboard-target="source">
+            <input type="text" readonly value="<%= base_url %>/api/v3/webhooks/payments/<%= @payment_method.prefixed_id %>" class="text-gray-600 py-2 grow pl-3 border-0 bg-transparent shadow-none" style="font-family: monospace; font-size: 0.85rem; outline: none; min-width: 0;" data-clipboard-target="source">
             <button type="button" class="btn btn-sm btn-light mr-1 d-flex align-items-center justify-content-center p-1" title="Copy to clipboard" data-action="clipboard#copy" data-clipboard-target="button">
               <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="18" height="18" fill="none" viewBox="0 0 24 24" class="text-muted">
                 <path stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 4h3a1 1 0 0 1 1 1v15a1 1 0 0 1-1 1H6a1 1 0 0 1-1-1V5a1 1 0 0 1 1-1h3m0 3h6m-6 5h6m-6 4h6M10 3v4h4V3h-4Z"/>

data/config/routes.rb CHANGED Viewed

@@ -1,7 +1,4 @@
 Spree::Core::Engine.add_routes do
-  namespace :razorpay do
-    post :webhooks, to: 'webhooks#create'
-    post :verify, to: 'webhooks#verify'
-  end
-end
+  post '/razorpay/webhooks', to: 'razorpay_webhooks#create'
+  post '/razorpay/verify',   to: 'razorpay_webhooks#verify'
+end

data/lib/spree_razorpay_checkout/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module SpreeRazorpayCheckout
-  VERSION = '0.3.0'.freeze
+  VERSION = '0.3.2'.freeze
   module_function

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_razorpay_checkout
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
 platform: ruby
 authors:
 - Umesh Ravani
@@ -79,7 +79,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Seamless Razorpay checkout integration for Spree 5.4. Features include
+description: Seamless Razorpay checkout integration for Spree 5.5. Features include
   Hotwire/Turbo compatibility, Zero Drop-off Webhook captures, native Spree Dashboard
   refunds, and the Affordability Widget.
 email:
@@ -95,7 +95,7 @@ files:
 - app/assets/images/payment_icons/window_modal.svg
 - app/controllers/concerns/spree/razor_pay.rb
 - app/controllers/spree/products_controller_decorator.rb
-- app/controllers/spree/razorpay/webhooks_controller.rb
+- app/controllers/spree/razorpay/_webhooks_controller.rb
 - app/controllers/spree/razorpay_controller.rb
 - app/javascript/spree_razorpay/application.js
 - app/javascript/spree_razorpay/controllers/checkout_razorpay_controller.js

data/app/controllers/spree/razorpay/webhooks_controller.rb DELETED Viewed

@@ -1,72 +0,0 @@
-module Spree
-  module Razorpay
-    class WebhooksController < ActionController::API
-      skip_before_action :verify_authenticity_token, raise: false
-      # Handles asynchronous background webhooks directly from Razorpay's servers
-      def create
-        payload = request.body.read
-        signature = request.headers['X-Razorpay-Signature']
-        gateway = Spree::Gateway::RazorpayGateway.active.first
-        return head :not_found unless gateway && gateway.preferred_webhook_secret.present?
-        begin
-          ::Razorpay::Utility.verify_webhook_signature(
-            payload,
-            signature,
-            gateway.preferred_webhook_secret
-          )
-        rescue ::Razorpay::Errors::SignatureVerificationError => e
-          Rails.logger.error("Razorpay Webhook Verification Failed: #{e.message}")
-          return head :unauthorized
-        end
-        event = JSON.parse(payload)
-        # Listen for 'payment.authorized' which fires immediately after OTP!
-        if ['order.paid', 'payment.captured', 'payment.authorized'].include?(event['event'])
-          ::SpreeRazorpayCheckout::HandleWebhookEventJob.perform_later(event)
-        end
-        head :ok
-      end
-      # Handles synchronous frontend verification from Next.js Storefront
-      def verify
-        razorpay_order_id = params[:razorpay_order_id]
-        razorpay_payment_id = params[:razorpay_payment_id]
-        razorpay_signature = params[:razorpay_signature]
-        session = Spree::PaymentSession.find_by(external_id: razorpay_order_id)
-        return head :not_found unless session
-        # Initialize the Razorpay gem with your active API keys
-        gateway = Spree::Gateway::RazorpayGateway.active.first
-        return render json: { success: false, error: 'Gateway not configured' }, status: :internal_server_error unless gateway
-        gateway.provider
-        begin
-          # 1. Verify the signature securely on the server
-          ::Razorpay::Utility.verify_payment_signature(
-            razorpay_order_id: razorpay_order_id,
-            razorpay_payment_id: razorpay_payment_id,
-            razorpay_signature: razorpay_signature
-          )
-          # 2. Inject the signatures into the session's external_data
-          session.external_data ||= {}
-          session.external_data['razorpay_payment_id'] = razorpay_payment_id
-          session.external_data['razorpay_signature'] = razorpay_signature
-          session.save!
-          render json: { success: true }
-        rescue ::Razorpay::Errors::SignatureVerificationError => e
-          Rails.logger.error("Razorpay Frontend Verification Failed: #{e.message}")
-          render json: { success: false, error: e.message }, status: :unprocessable_entity
-        end
-      end
-    end
-  end
-end