spree_vpago 0.1.0.pre.beta → 2.0.5.pre.beta

data/app/controllers/spree/admin/payment_methods_controller_decorator.rb

@@ -3,7 +3,15 @@ module Spree
     module PaymentMethodsControllerDecorator
       def scope
         scope = current_store.payment_methods_including_vendor.accessible_by(current_ability, :index)
-        scope = scope.where.not(vendor_id: nil) if params[:tab] == 'vendors'
+
+        if params[:tab] == 'vendors'
+          scope = scope.where.not(vendor_id: nil)
+        elsif params[:tab] == 'tenants'
+          scope = scope.joins(:vendor)
+                       .where.not(vendor_id: nil)
+                       .where.not(spree_vendors: { tenant_id: nil })
+        end
+
         scope
       end
 

data/app/controllers/spree/vpago_payments_controller.rb

@@ -39,7 +39,8 @@ module Spree
     def process_payment
       return render json: { status: :ok }, status: :ok if request.method != 'POST'
 
-      @payment = Vpago::PaymentFinder.new(params.permit!.to_h).find_and_verify
+      return_params = sanitize_return_params
+      @payment = Vpago::PaymentFinder.new(return_params).find_and_verify
       return render_not_found unless @payment.present?
 
       unless @payment.order.paid?
@@ -54,7 +55,16 @@ module Spree
       render json: { status: :internal_server_error, message: 'Failed to enqueue payment processor job' }, status: :internal_server_error
     end
 
-    def record_not_found
+    def sanitize_return_params
+      sanitized_params = params.permit!.to_h
+
+      # In ABA case, it returns params in side return params.
+      sanitized_params.merge!(JSON.parse(sanitized_params.delete(:return_params))) if sanitized_params[:return_params].present?
+
+      sanitized_params
+    end
+
+    def render_not_found
       respond_to do |format|
         format.html { render file: Rails.public_path.join('404.html'), status: :not_found, layout: false }
         format.json { render json: { status: :not_found }, status: :not_found }

data/app/helpers/vpago/admin/base_helper_decorator.rb

@@ -18,6 +18,7 @@ module Vpago
           cheque
           payway_cards
           wingpay
+          vattanac_mini_app
         ]
       end
 

data/app/javascripts/queue_processor.js

@@ -0,0 +1,33 @@
+export default class QueueProcessor {
+  constructor() {
+    this.queues = [];
+    this.processing = false;
+  }
+
+  queueStateChange({ callback, minDelayInMs = 1000 }) {
+    this.queues.push({ callback, minDelayInMs });
+    if (!this.processing) this.#processQueue();
+  }
+
+  async #processQueue() {
+    if (this.queues.length === 0) {
+      this.processing = false;
+      return;
+    }
+
+    this.processing = true;
+    const { callback, minDelayInMs } = this.queues.shift();
+    const startTime = Date.now();
+
+    await callback();
+
+    const elapsedTime = Date.now() - startTime;
+    if (elapsedTime < minDelayInMs) {
+      await new Promise((resolve) =>
+        setTimeout(resolve, minDelayInMs - elapsedTime)
+      );
+    }
+
+    this.#processQueue();
+  }
+}

data/app/javascripts/queue_processor.test.js

@@ -0,0 +1,88 @@
+import { expect } from "chai";
+import QueueProcessor from "./queue_processor.js";
+
+describe("QueueProcessor", () => {
+  let queueProcessor;
+  let minDelayInMs = 100;
+
+  beforeEach(() => {
+    queueProcessor = new QueueProcessor();
+  });
+
+  it("should initially have an empty queue and not be processing", () => {
+    expect(queueProcessor.queues).to.have.lengthOf(0);
+    expect(queueProcessor.processing).to.equal(false);
+  });
+
+  it("should run queue 1 by 1 while keep min delay 100", async () => {
+    let timeToProcess = 50;
+
+    const mockCallback = () =>
+      new Promise((resolve) => setTimeout(resolve, timeToProcess));
+
+    queueProcessor.queueStateChange({
+      callback: mockCallback,
+      minDelayInMs: minDelayInMs,
+    });
+
+    queueProcessor.queueStateChange({
+      callback: mockCallback,
+      minDelayInMs: minDelayInMs,
+    });
+
+    queueProcessor.queueStateChange({
+      callback: mockCallback,
+      minDelayInMs: minDelayInMs,
+    });
+
+    expect(queueProcessor.queues).to.have.lengthOf(2);
+    expect(queueProcessor.processing).to.equal(true);
+
+    await new Promise((resolve) => setTimeout(resolve, minDelayInMs * 3 + 4)); // +4ms for buffer
+
+    expect(queueProcessor.queues).to.have.lengthOf(0);
+    expect(queueProcessor.processing).to.equal(false);
+  });
+
+  describe("when process take less than the delay", () => {
+    it("should process and wait for remaining delay", async () => {
+      let timeToProcess = 50;
+
+      const mockCallback = () =>
+        new Promise((resolve) => setTimeout(resolve, timeToProcess));
+
+      queueProcessor.queueStateChange({
+        callback: mockCallback,
+        minDelayInMs: minDelayInMs,
+      });
+
+      expect(queueProcessor.queues).to.have.lengthOf(0);
+      expect(queueProcessor.processing).to.equal(true);
+
+      await new Promise((resolve) => setTimeout(resolve, minDelayInMs + 1)); // +1ms for buffer
+
+      expect(queueProcessor.queues).to.have.lengthOf(0);
+      expect(queueProcessor.processing).to.equal(false);
+    });
+  });
+
+  describe("when process take longer than the delay", () => {
+    it("should process and not wait for delay", async () => {
+      let timeToProcess = 200;
+
+      const mockCallback = () =>
+        new Promise((resolve) => setTimeout(resolve, timeToProcess));
+
+      queueProcessor.queueStateChange({
+        callback: mockCallback,
+        minDelayInMs: minDelayInMs,
+      });
+
+      expect(queueProcessor.queues).to.have.lengthOf(0);
+      expect(queueProcessor.processing).to.equal(true);
+
+      await new Promise((resolve) => setTimeout(resolve, timeToProcess + 1)); // +1ms for buffer
+      expect(queueProcessor.processing).to.equal(false);
+    });
+  });
+});

data/app/javascripts/vpago/vpago_payments/user_informers/firebase.js

@@ -1,9 +1,10 @@
 import { initializeApp } from "firebase/app";
 import { getFirestore, doc, onSnapshot, setDoc } from "firebase/firestore";
+import QueueProcessor from "../../../queue_processor.js";
 
 async function listenToProcessingState({
   firebaseConfigs,
-  orderNumber,
+  documentReferencePath,
   onPaymentIsProcessing,
   onOrderIsProcessing,
   onOrderIsCompleted,
@@ -15,43 +16,121 @@ async function listenToProcessingState({
   const app = initializeApp(firebaseConfigs);
   const db = getFirestore(app);
 
-  const currentDate = new Date().toISOString().split("T")[0];
-
-  const documentRef = doc(db, "statuses", "cart", currentDate, orderNumber);
+  const documentRef = doc(db, documentReferencePath);
   await setDoc(documentRef, { listening: true }, { merge: true });
 
+  const queueProcessor = new QueueProcessor();
+
   onSnapshot(documentRef, (doc) => {
     let documentData = doc.data();
 
+    let messageCode = documentData["message_code"];
     let orderState = documentData["order_state"];
     let paymentState = documentData["payment_state"];
-    let messageCode = documentData["message_code"];
-    let logMessage = documentData["log_message"];
+    let processing = documentData["processing"] === true;
+    let reasonCode = documentData["reason_code"];
+    let reasonMessage = documentData["reason_message"];
 
     let orderCompleted = orderState === "complete";
     if (orderCompleted) {
-      onCompleted(orderState, paymentState);
+      queueProcessor.queueStateChange({
+        minDelayInMs: 1500,
+        callback: async () => {
+          await onCompleted(
+            orderState,
+            paymentState,
+            reasonCode,
+            reasonMessage
+          );
+        },
+      });
       return;
     }
 
     switch (messageCode) {
       case "payment_is_processing":
-        onPaymentIsProcessing(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onPaymentIsProcessing(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       case "order_is_processing":
-        onOrderIsProcessing(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onOrderIsProcessing(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       case "order_is_completed":
-        onOrderIsCompleted(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onOrderIsCompleted(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       case "order_process_failed":
-        onOrderProcessFailed(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onOrderProcessFailed(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       case "payment_is_refunded":
-        onPaymentIsRefunded(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onPaymentIsRefunded(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       case "payment_process_failed":
-        onPaymentProcessFailed(orderState, paymentState, logMessage);
+        queueProcessor.queueStateChange({
+          minDelayInMs: 1500,
+          callback: async () => {
+            await onPaymentProcessFailed(
+              orderState,
+              paymentState,
+              processing,
+              reasonCode,
+              reasonMessage
+            );
+          },
+        });
         break;
       default:
         break;

data/app/jobs/vpago/payment_capturer_job.rb

@@ -0,0 +1,11 @@
+# Put :payment_processing at a higher priority in your project: config/sidekiq.yml
+module Vpago
+  class PaymentCapturerJob < ::ApplicationUniqueJob
+    queue_as :payment_processing
+
+    def perform(payment_id)
+      payment = Spree::Payment.find(payment_id)
+      payment.capture! if payment.pending?
+    end
+  end
+end

data/app/jobs/vpago/payment_processor_job.rb

@@ -1,5 +1,8 @@
+# Put :payment_processing at a higher priority in your project: config/sidekiq.yml
 module Vpago
   class PaymentProcessorJob < ::ApplicationUniqueJob
+    queue_as :payment_processing
+
     def perform(options)
       payment = Spree::Payment.find_by(number: options[:payment_number])
       Vpago::PaymentProcessor.new(payment: payment).call

data/app/models/spree/gateway/vattanac_mini_app.rb

@@ -0,0 +1,75 @@
+module Spree
+  class Gateway::VattanacMiniApp < PaymentMethod
+
+    def method_type
+      'vattanac_mini_app'
+    end
+
+    def payment_source_class
+      Spree::VpagoPaymentSource
+    end
+
+    # force to purchase instead of authorize
+    def auto_capture?
+      true
+    end
+
+
+    # override
+    # purchase is used when pre auth disabled
+    def purchase(_amount, _source, gateway_options = {})
+      _, payment_number = gateway_options[:order_id].split('-')
+      payment = Spree::Payment.find_by(number: payment_number)
+ 
+      params = {}
+
+      params[:payment_response] = payment.transaction_response
+  
+
+      if payment.transaction_response["status"] == 'SUCCESS'
+        ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: Purchased', params)
+      else
+        ActiveMerchant::Billing::Response.new(false, 'Payway Gateway: Purchasing Failed', params)
+      end
+
+    end
+
+
+    # override
+    def void(_response_code, gateway_options)
+      _, payment_number = gateway_options[:order_id].split('-')
+      payment = Spree::Payment.find_by(number: payment_number)
+
+      if payment.vattanac_mini_app_payment?
+        params = {}
+        success, params[:refund_response] =  vattanac_mini_app_refund(payment)
+
+        if success
+          ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: successfully canceled.', params)
+        else
+          ActiveMerchant::Billing::Response.new(false, 'Payway Gateway: Failed to canceleed', params)
+        end
+      else
+        ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: Payment has been voided.')
+      end
+    end
+
+
+    def vattanac_mini_app_refund(payment)
+      
+      refund_issuer = Vpago::VattanacMiniApp::RefundIssuer.new(payment, {})
+      refund_issuer.call
+
+      [refund_issuer.success?, refund_issuer.response]
+
+    end
+
+    def cancel(_response_code)
+      # we can use this to send request to payment gateway api to cancel the payment ( void )
+      # currently Payway does not support to cancel the gateway
+
+      # in our case don't do anything
+      ActiveMerchant::Billing::Response.new(true, 'Vattanc order has been cancelled.')
+    end
+  end
+end

data/app/models/vpago/address_decorator.rb

@@ -0,0 +1,10 @@
+module Vpago
+  module AddressDecorator
+    # override
+    def require_phone?
+      false
+    end
+  end
+end
+
+Spree::Address.prepend(Vpago::AddressDecorator) unless Spree::Address.included_modules.include?(Vpago::AddressDecorator)

data/app/models/vpago/order_decorator.rb

@@ -48,7 +48,9 @@ module Vpago
 
     # override
     def available_payment_methods(store = nil)
-      payment_methods = if vendor_payment_methods.any?
+      payment_methods = if respond_to?(:tenant) && tenant.present?
+                          tenant_payment_methods
+                        elsif vendor_payment_methods.any?
                           vendor_payment_methods
                         else
                           collect_payment_methods(store)
@@ -61,6 +63,10 @@ module Vpago
                                      end
     end
 
+    def tenant_payment_methods
+      tenant.tenant_payment_methods
+    end
+
     def line_items_count
       line_items.size
     end
@@ -72,6 +78,12 @@ module Vpago
     def order_adjustment_total
       adjustments.eligible.sum(:amount)
     end
+
+    # override this method if you want flexibility
+    # for example, host per payment method or tenant
+    def payment_host
+      ENV.fetch('DEFAULT_URL_HOST')
+    end
   end
 end
 

data/app/models/vpago/payment_decorator.rb

@@ -11,13 +11,30 @@ module Vpago
                     to: :url_constructor
     end
 
+    # override:
+    # to give payment another chance to re-process, even if it failed.
     def process!
-      # give payment another chance to re-process, even if it failed.
       update!(state: :checkout) if processing? || send(:has_invalid_state?)
 
       super
     end
 
+    # override:
+    # to allow capture faraday connection error. gateway_error method already write rails log for this.
+    def protect_from_connection_error
+      yield
+    rescue ActiveMerchant::ConnectionError => e
+      failure!
+      gateway_error(e)
+    rescue Faraday::ConnectionFailed, Faraday::TimeoutError => e
+      failure!
+      gateway_error(ActiveMerchant::ConnectionError.new(e.message, e))
+    end
+
+    def user_informer
+      @user_informer ||= ::Vpago::UserInformers::Firebase.new(order)
+    end
+
     def url_constructor
       @url_constructor ||= Vpago::PaymentUrlConstructor.new(self)
     end
@@ -38,6 +55,11 @@ module Vpago
     def pre_auth_cancelled?
       pre_auth_status == 'CANCELLED'
     end
+
+    def vattanac_mini_app_payment?
+      payment_method.type_vattanac_mini_app?
+    end
+    
   end
 end
 

data/app/models/vpago/payment_method_decorator.rb

@@ -5,6 +5,7 @@ module Vpago
     TYPE_WINGSDK = 'Spree::Gateway::WingSdk'.freeze
     TYPE_ACLEDA = 'Spree::Gateway::Acleda'.freeze
     TYPE_ACLEDA_MOBILE = 'Spree::Gateway::AcledaMobile'.freeze
+    TYPE_VATTANAC_MINI_APP = 'Spree::Gateway::VattanacMiniApp'.freeze
 
     def self.prepended(base)
       base.preference :icon_name, :string, default: 'cheque'
@@ -16,7 +17,8 @@ module Vpago
           Spree::PaymentMethod::TYPE_PAYWAY,
           Spree::PaymentMethod::TYPE_WINGSDK,
           Spree::PaymentMethod::TYPE_ACLEDA,
-          Spree::PaymentMethod::TYPE_ACLEDA_MOBILE
+          Spree::PaymentMethod::TYPE_ACLEDA_MOBILE,
+          Spree::PaymentMethod::TYPE_VATTANAC_MINI_APP
         ]
       end
     end
@@ -85,6 +87,10 @@ module Vpago
     def type_wingsdk?
       type == Spree::PaymentMethod::TYPE_WINGSDK
     end
+
+    def type_vattanac_mini_app?
+      type == Spree::PaymentMethod::TYPE_VATTANAC_MINI_APP
+    end
   end
 end
 

data/app/overrides/spree/admin/payment_methods/index/payment_methods_tabs.html.erb.deface

@@ -4,6 +4,12 @@
 
 <% if params[:tab] == 'vendors' %>
   <div class="alert alert-info mb-3">
-    <%= svg_icon name: "info-circle.svg", classes: 'mr-2', width: '16', height: '16' %> Payment methods for each vendor. Once set, only those payment methods will be displayed to user.
+    <%= svg_icon name: "info-circle.svg", classes: 'mr-2', width: '16', height: '16' %> 
+    Payment methods for each vendor. Once set, only those payment methods will be displayed to users.
+  </div>
+<% elsif params[:tab] == 'tenants' %>
+  <div class="alert alert-info mb-3">
+    <%= svg_icon name: "info-circle.svg", classes: 'mr-2', width: '16', height: '16' %> 
+    Payment methods for each tenant. Once set, only those payment methods will be displayed to users.
   </div>
 <% end %>

data/app/overrides/spree/admin/payment_methods/index/tenant_body.html.erb.deface

@@ -0,0 +1,5 @@
+<!-- insert_before "[data-hook='admin_payment_methods_index_row_actions']" -->
+
+<% if params[:tab] == 'tenants' %>
+  <td class="text-center"><%= method.vendor&.name || 'N/A' %></td>
+<% end %>

data/app/overrides/spree/admin/payment_methods/index/tenant_header.html.erb.deface

@@ -0,0 +1,5 @@
+<!-- insert_before "[data-hook='admin_payment_methods_index_header_actions']" -->
+
+<% if params[:tab] == 'tenants' %>
+  <th class="text-center"><%= Spree.t(:tenant) %></th>
+<% end %>

data/app/serializers/spree/v2/storefront/payment_serializer_decorator.rb

@@ -3,7 +3,7 @@ module Spree
     module Storefront
       module PaymentSerializerDecorator
         def self.prepended(base)
-          base.attributes :pre_auth_status, :checkout_url
+          base.attributes :pre_auth_status, :checkout_url, :process_payment_url
         end
       end
     end

data/app/services/vpago/aes_encrypter.rb

@@ -0,0 +1,56 @@
+require 'base64'
+require 'openssl'
+
+module Vpago
+  class AesEncrypter
+    ALGORITHM = 'aes-256-gcm'.freeze
+    KEY_LENGTH = 32
+    IV_LENGTH = 12
+    TAG_LENGTH = 16
+
+    def self.encrypt(plaintext, base64_key)
+      key = Base64.decode64(base64_key)
+      validate_key!(key)
+
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.encrypt
+      cipher.key = key[0, KEY_LENGTH]
+      iv = cipher.random_iv
+      cipher.iv = iv
+
+      ciphertext = cipher.update(plaintext) + cipher.final
+      tag = cipher.auth_tag
+
+      combined = iv + ciphertext + tag
+      Base64.strict_encode64(combined)
+    end
+
+    def self.decrypt(encrypted_text, base64_key)
+      key = Base64.decode64(base64_key)
+      validate_key!(key)
+
+      combined = Base64.decode64(encrypted_text)
+      iv = combined[0, IV_LENGTH]
+      tag = combined[-TAG_LENGTH..]
+      ciphertext = combined[IV_LENGTH...-TAG_LENGTH]
+
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.decrypt
+      cipher.key = key[0, KEY_LENGTH]
+      cipher.iv = iv
+      cipher.auth_tag = tag
+
+      cipher.update(ciphertext) + cipher.final
+    rescue OpenSSL::Cipher::CipherError => e
+      raise "Decryption failed: #{e.message}"
+    end
+
+    def self.validate_key!(key)
+      return if key.is_a?(String) && key.bytesize >= KEY_LENGTH
+
+      raise ArgumentError, "Key must be a string of at least #{KEY_LENGTH} bytes"
+    end
+  end
+end
+
+

data/app/services/vpago/payment_finder.rb

@@ -7,6 +7,7 @@ module Vpago
     end
 
     def find_and_verify
+
       find_and_verify!
     rescue StandardError, ActiveRecord::RecordNotFound => e
       Rails.logger.error("PaymentJwtVerifier#find_and_verify error: #{e.class} - #{e.message}")
@@ -14,14 +15,29 @@ module Vpago
     end
 
     def find_and_verify!
-      order = Spree::Order.find_by!(number: params_hash[:order_number])
-      verify_jwt!(order)
 
-      Spree::Payment.find_by!(number: params_hash[:payment_number])
+      if vattanac_mini_app_payload?
+        payload =  Vpago::VattanacMiniAppDataHandler.new.decrypt_data(@params_hash[:data])
+        payment = Spree::Payment.find_by!(number: payload['paymentId'])
+        payment.update(transaction_response: payload)
+        payment
+      else 
+        order = Spree::Order.find_by!(number: params_hash[:order_number])
+        verify_jwt!(order)
+  
+        Spree::Payment.find_by!(number: params_hash[:payment_number])
+      end
     end
 
     def verify_jwt!(order)
       JWT.decode(params_hash[:order_jwt_token], order.token, 'HS256')
     end
+
+    def vattanac_mini_app_payload?
+      params_hash[:data].present?
+    end
+
   end
 end
+
+