spree_razorpay_checkout 0.1.3 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9fa91a572f8ba303d47dd90b0142eff75dc21478b85c9d85a9d2ca842318a4b9
-  data.tar.gz: 889b39cf1a9076a0b88d6d9a08d06971d4890f9fb08dbd94b4e9ba170f2d92a2
+  metadata.gz: 210a8729bc5810c991d970ad880aa0a0ac8570e9eccfd0de194e13cb600d0136
+  data.tar.gz: 2198af0c4bdf320756d3ca5a197a53b7f34892332f649e284ad98892355aeadd
 SHA512:
-  metadata.gz: f11e14acd2e4325710adc68337f10fd3d8ab3736dc5afb9d1dc91d91af5991ac3e9feaf296f337bad37ff5f469d2d4778c9dc33ecfac8314daf95766ebb9684e
-  data.tar.gz: 21c4b3840513e8a19987a9901d5afe1d32f18832869e876c0bc03098165ab703a55a95e101a2092403458c4e1a5314de46d2474ea786c8b69e14a3fb190ceb91
+  metadata.gz: 5fc643f93e86598dbf6586e333a54af34ceb300b523c3a6168bedb2164ed1112adb53707c9ac22637b54f1a1c77c1f44edbd1a96a81cda28de9147fbe7aee4eb
+  data.tar.gz: 1df23f297c1a5629721d24d6db194a2b1ae2a8b6adf3b4eacd46ec658e8d4791637ec0d4282aff14876c9d1bf120621b238ad99f5cc618598f508e679cb4a497

data/app/controllers/spree/products_controller_decorator.rb

@@ -14,4 +14,4 @@ module Spree
     end
   end
   
-  ::Spree::ProductsController.prepend(Spree::ProductsControllerDecorator)
+  ::Spree::ProductsController.prepend(Spree::ProductsControllerDecorator)

data/app/controllers/spree/razorpay/webhooks_controller.rb

@@ -0,0 +1,35 @@
+module Spree
+    module Razorpay
+      class WebhooksController < ActionController::API
+        skip_before_action :verify_authenticity_token, raise: false
+  
+        def create
+          payload = request.body.read
+          signature = request.headers['X-Razorpay-Signature']
+          
+          gateway = Spree::Gateway::RazorpayGateway.active.first
+          return head :not_found unless gateway && gateway.preferred_webhook_secret.present?
+  
+          begin
+            ::Razorpay::Utility.verify_webhook_signature(
+              payload, 
+              signature, 
+              gateway.preferred_webhook_secret
+            )
+          rescue ::Razorpay::Errors::SignatureVerificationError => e
+            Rails.logger.error("Razorpay Webhook Verification Failed: #{e.message}")
+            return head :unauthorized
+          end
+  
+          event = JSON.parse(payload)
+  
+          # Listen for 'payment.authorized' which fires immediately after OTP!
+          if ['order.paid', 'payment.captured', 'payment.authorized'].include?(event['event'])
+            ::SpreeRazorpayCheckout::HandleWebhookEventJob.perform_later(event)
+          end
+  
+          head :ok
+        end
+      end
+    end
+  end

data/app/javascript/spree_razorpay/application.js

@@ -0,0 +1,12 @@
+import { Application } from '@hotwired/stimulus'
+import CheckoutRazorpayController from './controllers/checkout_razorpay_controller'
+
+let application;
+if (typeof window.Stimulus === "undefined") {
+  application = Application.start()
+  window.Stimulus = application
+} else {
+  application = window.Stimulus
+}
+
+application.register('checkout-razorpay', CheckoutRazorpayController)

data/app/javascript/spree_razorpay/controllers/checkout_razorpay_controller.js

@@ -0,0 +1,108 @@
+import { Controller } from '@hotwired/stimulus'
+
+export default class extends Controller {
+  static values = {
+    paymentMethodId: String,
+    keyId: String,
+    orderId: String,
+    amount: Number,
+    currency: String,
+    merchantName: String,
+    merchantDesc: String,
+    themeColor: String,
+    userName: String,
+    userEmail: String,
+    userContact: String
+  }
+
+  static targets = [
+    'paymentId',
+    'orderId',
+    'signature'
+  ]
+
+  connect() {
+    this.form = document.querySelector("#checkout_form_payment")
+    this.submitBtn = document.getElementById("checkout-payment-submit")
+    
+    // Bind to the form submit event, NOT the button click! 
+    // This perfectly intercepts Spree 5.3's native validation flows.
+    this.submitHandler = this.submit.bind(this)
+    this.form.addEventListener('submit', this.submitHandler)
+  }
+
+  disconnect() {
+    if (this.form) {
+      this.form.removeEventListener('submit', this.submitHandler)
+    }
+  }
+
+  submit(e) {
+    // Check if Razorpay is the currently selected radio button
+    const selectedRadio = document.querySelector('input[name="order[payments_attributes][][payment_method_id]"]:checked');
+    const isRazorpay = selectedRadio && selectedRadio.value === this.paymentMethodIdValue;
+    
+    if (!isRazorpay) return; // If it's a different gateway, let Spree handle it normally
+
+    // If we already have the Razorpay signature populated, let the form submit natively to the backend!
+    if (this.paymentIdTarget.value && this.signatureTarget.value) {
+      return true; 
+    }
+
+    // Otherwise, STOP the form submission and open Razorpay
+    e.preventDefault();
+    e.stopImmediatePropagation();
+    
+    this.setLoading(true);
+
+    const options = {
+      key: this.keyIdValue,
+      order_id: this.orderIdValue,
+      amount: this.amountValue,
+      currency: this.currencyValue,
+      name: this.merchantNameValue,
+      description: this.merchantDescValue,
+      handler: this.handleSuccess.bind(this),
+      modal: {
+        ondismiss: this.handleDismiss.bind(this)
+      },
+      prefill: {
+        name: this.userNameValue,
+        email: this.userEmailValue,
+        contact: this.userContactValue
+      },
+      theme: {
+        color: this.themeColorValue
+      }
+    };
+
+    const rzp = new window.Razorpay(options);
+    rzp.open();
+  }
+
+  handleSuccess(response) {
+    // 1. Populate the hidden fields with the secure response
+    this.paymentIdTarget.value = response.razorpay_payment_id;
+    this.orderIdTarget.value = response.razorpay_order_id;
+    this.signatureTarget.value = response.razorpay_signature;
+
+    // 2. Submit the form natively to Spree's backend!
+    // requestSubmit() ensures Turbo and Spree's event listeners fire correctly
+    this.form.requestSubmit(); 
+  }
+
+  handleDismiss() {
+    this.setLoading(false);
+  }
+
+  setLoading(isLoading) {
+    if (isLoading) {
+      this.submitBtn.disabled = true;
+      this.submitBtn.innerHTML = '<span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Processing...';
+    } else {
+      this.submitBtn.disabled = false;
+      // Reset Spree button text depending on what it usually says
+      this.submitBtn.innerHTML = 'Save and Continue'; 
+    }
+  }
+}

data/app/jobs/spree_razorpay_checkout/handle_webhook_event_job.rb

@@ -0,0 +1,64 @@
+module SpreeRazorpayCheckout
+    class HandleWebhookEventJob < ActiveJob::Base
+      queue_as :default
+  
+      def perform(event)
+        payload = event['payload']
+        payment_entity = payload.dig('payment', 'entity') || payload.dig('order', 'entity')
+        
+        # Razorpay might send the ID in slightly different places depending on the event
+        razorpay_order_id = payment_entity['order_id'] || payload.dig('order', 'entity', 'id')
+        razorpay_payment_id = payment_entity['id'] 
+        
+        checkout_record = Spree::RazorpayCheckout.find_by(razorpay_order_id: razorpay_order_id)
+        return unless checkout_record
+        
+        order = checkout_record.order
+        return if order.completed? || order.canceled?
+  
+        gateway = Spree::Gateway::RazorpayGateway.active.first
+        return unless gateway
+  
+        order.with_lock do
+          # 1. Capture the abandoned payment via API
+          begin
+            rzp_payment = ::Razorpay::Payment.fetch(razorpay_payment_id)
+            if rzp_payment.status == 'authorized'
+              amount_in_cents = (order.total_minus_store_credits.to_f * 100).to_i
+              rzp_payment.capture({ amount: amount_in_cents })
+            end
+          rescue StandardError => e
+            Rails.logger.error("Webhook Razorpay Capture Failed: #{e.message}")
+          end
+  
+          checkout_record.update!(
+            razorpay_payment_id: razorpay_payment_id,
+            status: 'captured'
+          )
+  
+          # 2. Create the Spree::Payment record natively
+          payment = order.payments.find_or_create_by!(
+            response_code: razorpay_payment_id,
+            payment_method_id: gateway.id
+          ) do |p|
+            p.amount = order.total
+            p.source = checkout_record
+            p.state = 'checkout'
+          end
+  
+          # 3. Mark the payment as completed
+          payment.process! if payment.checkout?
+          payment.complete! if payment.pending? || payment.processing?
+  
+          # Tell Spree to recalculate the payment state
+          order.updater.update_payment_state
+          
+          # Loop through the checkout steps (Payment -> Confirm -> Complete)
+          until order.completed? || order.state == 'complete'
+            order.next!
+          end
+          
+        end
+      end
+    end
+  end

data/app/models/spree/gateway/razorpay_gateway.rb

@@ -2,10 +2,11 @@ require 'razorpay'
 
 module Spree
   class Gateway::RazorpayGateway < Gateway
+    preference :webhook_secret, :password
     preference :key_id, :string
-    preference :key_secret, :string
+    preference :key_secret, :password
     preference :test_key_id, :string
-    preference :test_key_secret, :string
+    preference :test_key_secret, :password
     preference :test_mode, :boolean, default: false
     preference :merchant_name, :string, default: 'Razorpay'
     preference :merchant_description, :text, default: 'Razorpay Payment Gateway'
@@ -17,7 +18,11 @@ module Spree
     end
 
     def source_required?
-      false
+      true
+    end
+
+    def payment_source_class
+      Spree::RazorpayCheckout
     end
 
     def name
@@ -28,10 +33,6 @@ module Spree
       'razorpay'
     end
 
-    def payment_source_class
-      'razorpay'
-    end
-
     def payment_icon_name
       'razorpay'
     end
@@ -49,7 +50,7 @@ module Spree
     end
 
     def provider
-      Razorpay.setup(current_key_id, current_key_secret)
+      ::Razorpay.setup(current_key_id, current_key_secret)
     end
 
     def current_key_id
@@ -69,7 +70,7 @@ module Spree
     end
 
     def actions
-      %w[capture void]
+      %w[capture void credit]
     end
 
     def can_capture?(payment)
@@ -80,63 +81,105 @@ module Spree
       payment.state != 'void'
     end
 
-    # Not used directly (we use custom flow), but kept it for compatibility
-    def purchase(_amount, _transaction_details, _gateway_options = {})
-      ActiveMerchant::Billing::Response.new(true, 'Razorpay success')
+    # -------------------------------------------------------------------------
+    # PURCHASE (Happy Path & Webhook Recovery)
+    # -------------------------------------------------------------------------
+    def purchase(_amount, source, _gateway_options = {})
+      provider
+
+      begin
+        if source.razorpay_payment_id.blank? || source.razorpay_signature.blank?
+           return ActiveMerchant::Billing::Response.new(false, 'Payment was not completed. Please try again.', {}, test: preferred_test_mode)
+        end
+
+        # 1. Verify the signature
+        ::Razorpay::Utility.verify_payment_signature(
+          razorpay_order_id: source.razorpay_order_id,
+          razorpay_payment_id: source.razorpay_payment_id,
+          razorpay_signature: source.razorpay_signature
+        )
+
+        # 2. Safely ensure it is captured!
+        rzp_payment = ::Razorpay::Payment.fetch(source.razorpay_payment_id)
+        if rzp_payment.status == 'authorized'
+          rzp_payment.capture({ amount: _amount })
+        end
+
+        source.update!(status: 'captured')
+        
+        ActiveMerchant::Billing::Response.new(
+          true, 
+          'Razorpay Payment Successful', 
+          {}, 
+          test: preferred_test_mode, 
+          authorization: source.razorpay_payment_id
+        )
+        
+      rescue StandardError => e
+        Rails.logger.error("Razorpay Verification/Capture Failed: #{e.message}")
+        ActiveMerchant::Billing::Response.new(false, 'Payment verification failed.', {}, test: preferred_test_mode)
+      end
     end
 
     def capture(*args)
-      simulated_successful_billing_response
+      # We already auto-capture via the frontend/webhook, so we return true to keep Spree happy
+      ActiveMerchant::Billing::Response.new(true, 'Already Captured', {}, test: preferred_test_mode)
     end
 
-    def void(*)
-      simulated_successful_billing_response
-    end
+    # -------------------------------------------------------------------------
+    # REFUNDS & CANCELLATIONS
+    # -------------------------------------------------------------------------
 
-    def credit(_credit_cents, _payment_id, _options)
-      ActiveMerchant::Billing::Response.new(true, 'Refund successful')
-    end
+    # Triggered when you click "Refund" in the Spree Admin
+    def credit(credit_cents, response_code, _gateway_options = {})
+      provider
 
-    def cancel(payment, _options = {})
-     # If `payment` is a Spree::Payment, use its source
-        source = if payment.respond_to?(:source)
-         payment.source else payment end
-         payment.void! if payment.respond_to?(:void!)
-     if source.respond_to?(:razorpay_payment_id)
-      # Uncomment if you want to actually trigger refund
-      # Razorpay::Payment.fetch(source.razorpay_payment_id).refund
-      OpenStruct.new(success?: true, authorization: source.razorpay_payment_id)
-     else
-      # fallback for string/unknown source
-      OpenStruct.new(success?: true, authorization: nil)
-     end
-     rescue => e
-      Rails.logger.error("Razorpay cancel failed: #{e.message}")
-      OpenStruct.new(success?: false, message: e.message)
+      begin
+        # Fetch the original payment from Razorpay using the saved payment ID
+        rzp_payment = ::Razorpay::Payment.fetch(response_code)
+        
+        # Issue the refund via Razorpay API (amount must be in paise/cents)
+        refund = rzp_payment.refund(amount: credit_cents)
+
+        ActiveMerchant::Billing::Response.new(
+          true, 
+          'Razorpay Refund Successful', 
+          { refund_id: refund.id }, 
+          test: preferred_test_mode, 
+          authorization: refund.id
+        )
+      rescue StandardError => e
+        Rails.logger.error("Razorpay Refund Failed: #{e.message}")
+        ActiveMerchant::Billing::Response.new(false, "Refund failed: #{e.message}", {}, test: preferred_test_mode)
+      end
     end
 
-    # Verify signature, fetch payment and capture if required. Returns Razorpay::Payment object.
-    def verify_and_capture_razorpay_payment(order, razorpay_payment_id)
-      Razorpay.setup(current_key_id, current_key_secret)
+    # Triggered if you explicitly "Void" a payment in Spree
+    def void(response_code, _gateway_options = {})
+      provider
 
       begin
-        payment = Razorpay::Payment.fetch(razorpay_payment_id)
-        # If payment is not captured and auto_capture set true, capture it
-        if payment.status == 'authorized'
-          amount = order.inr_amt_in_paise
-          payment = payment.capture(amount: amount)
-        end
-
-        payment
-      rescue Razorpay::Error => e
-        raise Spree::Core::GatewayError, "Razorpay error: #{e.message}"
+        # Razorpay doesn't have a concept of "Voiding" a captured payment, 
+        # so we just issue a full refund instead.
+        rzp_payment = ::Razorpay::Payment.fetch(response_code)
+        refund = rzp_payment.refund
+
+        ActiveMerchant::Billing::Response.new(
+          true, 
+          'Razorpay Void/Refund Successful', 
+          { refund_id: refund.id }, 
+          test: preferred_test_mode, 
+          authorization: refund.id
+        )
+      rescue StandardError => e
+        Rails.logger.error("Razorpay Void Failed: #{e.message}")
+        ActiveMerchant::Billing::Response.new(false, "Void failed: #{e.message}", {}, test: preferred_test_mode)
       end
     end
 
-    private
-
-    def simulated_successful_billing_response
-      ActiveMerchant::Billing::Response.new(true, '', {}, {})
+    # Triggered if the entire Order is Cancelled in the Spree Admin
+    def cancel(response_code)
+      void(response_code)
     end
   end
-end
+end

data/app/models/spree/page_blocks/products/razorpay_affordability.rb

@@ -55,7 +55,7 @@ module Spree
             is_available = available?(locals)
             Rails.logger.info "  Available check: #{is_available}"
             unless is_available
-              Rails.logger.warn "  ⚠️ Block marked as not available, but rendering anyway"
+              Rails.logger.warn "  Block marked as not available, but rendering anyway"
             end
           end
 
@@ -63,13 +63,13 @@ module Spree
             Rails.logger.info "  Rendering partial: spree/page_blocks/products/razorpay_affordability/razorpay_affordability"
             result = view_context.render partial: 'spree/page_blocks/products/razorpay_affordability/razorpay_affordability',
                                          locals: locals.merge(block: self, page_block: self)
-            Rails.logger.info "  ✅ Render successful, output length: #{result.to_s.length}"
+            Rails.logger.info " Render successful, output length: #{result.to_s.length}"
             result
           rescue ActionView::MissingTemplate => e
-            Rails.logger.error "  ❌ Missing template: #{e.message}"
+            Rails.logger.error "  Missing template: #{e.message}"
             ''
           rescue => e
-            Rails.logger.error "  ❌ Error rendering Razorpay Affordability block: #{e.message}"
+            Rails.logger.error "  Error rendering Razorpay Affordability block: #{e.message}"
             "<div class='razorpay-affordability-error'>Error loading Razorpay Affordability Widget</div>".html_safe
           end
         end

data/app/models/spree/page_sections/product_details_decorator.rb

@@ -15,4 +15,3 @@ module Spree
   Spree::PageSections::ProductDetails.prepend(
     Spree::PageSections::ProductDetailsDecorator
   )
-  

data/app/models/spree/payment_sessions/razorpay.rb

@@ -0,0 +1,43 @@
+module Spree
+    module PaymentSessions
+      class Razorpay < PaymentSession
+        # external_id will store the razorpay_order_id
+        def razorpay_order_id
+          external_id
+        end
+  
+        # Helper to extract the signature if we need it later
+        def razorpay_signature
+          external_data&.dig('razorpay_signature')
+        end
+  
+        # Mirrors Stripe's approach to safely generate the Spree::Payment
+        def find_or_create_payment!(razorpay_payment_id)
+          return unless persisted?
+          return payment if payment.present?
+  
+          # Create the Spree::Payment record in the checkout state
+          order.payments.create!(
+            amount: amount,
+            payment_method: payment_method,
+            response_code: razorpay_payment_id,
+            source: create_source(razorpay_payment_id), # Optional: if you still use a source model
+            state: 'checkout'
+          )
+        end
+  
+        private
+  
+        # Optional: Only needed if you want to keep using your custom source model
+        def create_source(payment_id)
+          ::Spree::RazorpayCheckout.create!(
+            order_id: order.id,
+            razorpay_order_id: razorpay_order_id,
+            razorpay_payment_id: payment_id,
+            payment_method: payment_method.name,
+            status: 'captured'
+          )
+        end
+      end
+    end
+  end

data/app/models/spree/razorpay_checkout.rb

@@ -3,6 +3,7 @@ module Spree
     self.table_name = 'spree_razorpay_checkouts'
 
     belongs_to :order, class_name: 'Spree::Order', optional: true
+    attr_accessor :user_id, :payment_method_id
 
     def name
       "Razorpay Secure (UPI, Wallets, Cards & Netbanking)"

data/app/services/razorpay/rp_order/api.rb

@@ -6,9 +6,17 @@ module Razorpay
       def create(order_id)
         @order = Spree::Order.find_by(id: order_id)
         raise "Order not found" unless order
+
+        Razorpay.headers = {
+          "Content-Type" => "application/json",
+          "Accept"       => "application/json"
+        }
+
         params = order_create_params
         Rails.logger.info "Razorpay::Order.create Params: #{params.inspect}"
-        razorpay_order = Razorpay::Order.create(params)
+        
+        razorpay_order = Razorpay::Order.create(params.to_json)
+        
         if razorpay_order.try(:id).present?
           log_order_in_db(razorpay_order.id)
           return [razorpay_order.id, params[:amount]]

data/app/views/spree/admin/payment_methods/configuration_guides/_razorpay.html.erb

@@ -1,6 +1,6 @@
 <div class="alert alert-info">
   <p class="mb-0">
     To find your <strong>Key</strong> and <strong>Key Secret</strong>, go to the 
-    <%= external_link_to 'Razorpay dashboard', 'https://dashboard.razorpay.com/app/website-app-settings/api-keys', class: 'alert-link' %>
+    <%= external_link_to 'Razorpay dashboard', 'https://dashboard.razorpay.com/app/website-app-settings/api-keys', class: 'alert-link' %><br><%= external_link_to 'Create Webhook', 'https://dashboard.razorpay.com/app/website-app-settings/webhooks', class: 'alert-link' %> and mark all checkboxes in <strong>Active Events.</strong>
   </p>
 </div>

data/app/views/spree/admin/payment_methods/descriptions/_razorpay.html.erb

@@ -6,6 +6,7 @@
   <%= payment_method_icon_tag 'visa', class: 'm-1' %>
   <%= payment_method_icon_tag 'master', class: 'm-1' %>
   <%= payment_method_icon_tag 'google_pay', class: 'm-1' %>
+  <%= payment_method_icon_tag 'apple_pay', class: 'm-1' %>
   <%= payment_method_icon_tag 'amazon', class: 'm-1' %>
   <%= payment_method_icon_tag 'upi', class: 'm-1' %>
 </div>