spree_vpago 2.0.4.pre.beta1 → 2.0.5.pre.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f8ef668be755bd4ef8b3f8efd1685a637fd220b7af387117968333fdf45062c
-  data.tar.gz: dad512cdc64f169c9daf682fe95c9bd01a9ed1af8e771afb44dec42aa166bbb6
+  metadata.gz: 693e45fc6915c023a690b5aa8c3e44cf18e21bcb5c6cc7fd8d520ee964db418a
+  data.tar.gz: 602e1ac04e520e6b11452125ae7a88801a8545845df3d5417cb46008ec04bf0a
 SHA512:
-  metadata.gz: b9ca740cab5e96deff6ff074c74bcdb40fc9e2afb4228411e68f2b6190143206c9034b21cef23ad7cbe69a994a64103cb1d1d43d529b015c94e15cf6bb4dd94c
-  data.tar.gz: ff2743d04cfae7ba13ebe54a026ebdf706842f8df82709fcdd95fc930412f00a05945f08beaa2dc32ecbd37a8edcacc371f386f847afa5842078001f31059c6d
+  metadata.gz: ae4e9828ecb2d4cdc9d7abb038b5304ea5f7871a33fba13af4907e87b5351f9c15630137d7c4ae76796a2d469b55003806098f9fb5e8a4a37d83ade2d3e118d9
+  data.tar.gz: ff5ea0f427d105324e5d9726c0b7dc44ac84acac1ca8659aeb7f119c60244f577cd0a33e57b1057c0d48ca2f59344894eee7612c71f88b10fc4aa496e34632c7

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    spree_vpago (2.0.4.pre.beta1)
+    spree_vpago (2.0.5.pre.beta)
       faraday
       google-cloud-firestore
       spree_api (>= 4.5)

data/app/helpers/vpago/admin/base_helper_decorator.rb

@@ -18,6 +18,7 @@ module Vpago
           cheque
           payway_cards
           wingpay
+          vattanac_mini_app
         ]
       end
 

data/app/models/spree/gateway/vattanac_mini_app.rb

@@ -0,0 +1,75 @@
+module Spree
+  class Gateway::VattanacMiniApp < PaymentMethod
+
+    def method_type
+      'vattanac_mini_app'
+    end
+
+    def payment_source_class
+      Spree::VpagoPaymentSource
+    end
+
+    # force to purchase instead of authorize
+    def auto_capture?
+      true
+    end
+
+
+    # override
+    # purchase is used when pre auth disabled
+    def purchase(_amount, _source, gateway_options = {})
+      _, payment_number = gateway_options[:order_id].split('-')
+      payment = Spree::Payment.find_by(number: payment_number)
+ 
+      params = {}
+
+      params[:payment_response] = payment.transaction_response
+  
+
+      if payment.transaction_response["status"] == 'SUCCESS'
+        ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: Purchased', params)
+      else
+        ActiveMerchant::Billing::Response.new(false, 'Payway Gateway: Purchasing Failed', params)
+      end
+
+    end
+
+
+    # override
+    def void(_response_code, gateway_options)
+      _, payment_number = gateway_options[:order_id].split('-')
+      payment = Spree::Payment.find_by(number: payment_number)
+
+      if payment.vattanac_mini_app_payment?
+        params = {}
+        success, params[:refund_response] =  vattanac_mini_app_refund(payment)
+
+        if success
+          ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: successfully canceled.', params)
+        else
+          ActiveMerchant::Billing::Response.new(false, 'Payway Gateway: Failed to canceleed', params)
+        end
+      else
+        ActiveMerchant::Billing::Response.new(true, 'Payway Gateway: Payment has been voided.')
+      end
+    end
+
+
+    def vattanac_mini_app_refund(payment)
+      
+      refund_issuer = Vpago::VattanacMiniApp::RefundIssuer.new(payment, {})
+      refund_issuer.call
+
+      [refund_issuer.success?, refund_issuer.response]
+
+    end
+
+    def cancel(_response_code)
+      # we can use this to send request to payment gateway api to cancel the payment ( void )
+      # currently Payway does not support to cancel the gateway
+
+      # in our case don't do anything
+      ActiveMerchant::Billing::Response.new(true, 'Vattanc order has been cancelled.')
+    end
+  end
+end

data/app/models/vpago/payment_decorator.rb

@@ -55,6 +55,11 @@ module Vpago
     def pre_auth_cancelled?
       pre_auth_status == 'CANCELLED'
     end
+
+    def vattanac_mini_app_payment?
+      payment_method.type_vattanac_mini_app?
+    end
+    
   end
 end
 

data/app/models/vpago/payment_method_decorator.rb

@@ -5,6 +5,7 @@ module Vpago
     TYPE_WINGSDK = 'Spree::Gateway::WingSdk'.freeze
     TYPE_ACLEDA = 'Spree::Gateway::Acleda'.freeze
     TYPE_ACLEDA_MOBILE = 'Spree::Gateway::AcledaMobile'.freeze
+    TYPE_VATTANAC_MINI_APP = 'Spree::Gateway::VattanacMiniApp'.freeze
 
     def self.prepended(base)
       base.preference :icon_name, :string, default: 'cheque'
@@ -16,7 +17,8 @@ module Vpago
           Spree::PaymentMethod::TYPE_PAYWAY,
           Spree::PaymentMethod::TYPE_WINGSDK,
           Spree::PaymentMethod::TYPE_ACLEDA,
-          Spree::PaymentMethod::TYPE_ACLEDA_MOBILE
+          Spree::PaymentMethod::TYPE_ACLEDA_MOBILE,
+          Spree::PaymentMethod::TYPE_VATTANAC_MINI_APP
         ]
       end
     end
@@ -85,6 +87,10 @@ module Vpago
     def type_wingsdk?
       type == Spree::PaymentMethod::TYPE_WINGSDK
     end
+
+    def type_vattanac_mini_app?
+      type == Spree::PaymentMethod::TYPE_VATTANAC_MINI_APP
+    end
   end
 end
 

data/app/services/vpago/aes_encrypter.rb

@@ -0,0 +1,56 @@
+require 'base64'
+require 'openssl'
+
+module Vpago
+  class AesEncrypter
+    ALGORITHM = 'aes-256-gcm'.freeze
+    KEY_LENGTH = 32
+    IV_LENGTH = 12
+    TAG_LENGTH = 16
+
+    def self.encrypt(plaintext, base64_key)
+      key = Base64.decode64(base64_key)
+      validate_key!(key)
+
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.encrypt
+      cipher.key = key[0, KEY_LENGTH]
+      iv = cipher.random_iv
+      cipher.iv = iv
+
+      ciphertext = cipher.update(plaintext) + cipher.final
+      tag = cipher.auth_tag
+
+      combined = iv + ciphertext + tag
+      Base64.strict_encode64(combined)
+    end
+
+    def self.decrypt(encrypted_text, base64_key)
+      key = Base64.decode64(base64_key)
+      validate_key!(key)
+
+      combined = Base64.decode64(encrypted_text)
+      iv = combined[0, IV_LENGTH]
+      tag = combined[-TAG_LENGTH..]
+      ciphertext = combined[IV_LENGTH...-TAG_LENGTH]
+
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.decrypt
+      cipher.key = key[0, KEY_LENGTH]
+      cipher.iv = iv
+      cipher.auth_tag = tag
+
+      cipher.update(ciphertext) + cipher.final
+    rescue OpenSSL::Cipher::CipherError => e
+      raise "Decryption failed: #{e.message}"
+    end
+
+    def self.validate_key!(key)
+      return if key.is_a?(String) && key.bytesize >= KEY_LENGTH
+
+      raise ArgumentError, "Key must be a string of at least #{KEY_LENGTH} bytes"
+    end
+  end
+end
+
+

data/app/services/vpago/payment_finder.rb

@@ -7,6 +7,7 @@ module Vpago
     end
 
     def find_and_verify
+
       find_and_verify!
     rescue StandardError, ActiveRecord::RecordNotFound => e
       Rails.logger.error("PaymentJwtVerifier#find_and_verify error: #{e.class} - #{e.message}")
@@ -14,14 +15,29 @@ module Vpago
     end
 
     def find_and_verify!
-      order = Spree::Order.find_by!(number: params_hash[:order_number])
-      verify_jwt!(order)
 
-      Spree::Payment.find_by!(number: params_hash[:payment_number])
+      if vattanac_mini_app_payload?
+        payload =  Vpago::VattanacMiniAppDataHandler.new.decrypt_data(@params_hash[:data])
+        payment = Spree::Payment.find_by!(number: payload['paymentId'])
+        payment.update(transaction_response: payload)
+        payment
+      else 
+        order = Spree::Order.find_by!(number: params_hash[:order_number])
+        verify_jwt!(order)
+  
+        Spree::Payment.find_by!(number: params_hash[:payment_number])
+      end
     end
 
     def verify_jwt!(order)
       JWT.decode(params_hash[:order_jwt_token], order.token, 'HS256')
     end
+
+    def vattanac_mini_app_payload?
+      params_hash[:data].present?
+    end
+
   end
 end
+
+

data/app/services/vpago/payment_processable.rb

@@ -16,7 +16,7 @@ module Vpago
     # 2. Pre-auth is enabled, ensuring funds can be released to user if processing fails.
     #    PaymentProcessor is usually called after payment is made, so canceling pre-auth typically works.
     def can_cancel_pre_auth?
-      @payment.pending? || @payment.payment_method.enable_pre_auth?
+      @payment.pending? || @payment.payment_method.enable_pre_auth? || @payment.vattanac_mini_app_payment?
     end
 
     def extract_completer_failure_reason_code(error)

data/app/services/vpago/rsa_handler.rb

@@ -0,0 +1,27 @@
+require 'base64'
+require 'openssl'
+
+module Vpago
+  class RsaHandler
+    def initialize(private_key: nil, public_key: nil)
+      @private_key = private_key
+      @public_key = public_key
+    end
+
+    def sign(data)
+      raise 'Private key is required to sign data' unless @private_key
+
+      private_key_object = OpenSSL::PKey::RSA.new(@private_key)
+      signature = private_key_object.sign(OpenSSL::Digest.new('SHA256'), data)
+      "#{data}.#{Base64.strict_encode64(signature)}"
+    end
+
+    def verify(data, signature)
+      raise 'Public key is required to verify signature' unless @public_key
+
+      public_key_object = OpenSSL::PKey::RSA.new(@public_key)
+      signature_bytes = Base64.decode64(signature)
+      public_key_object.verify(OpenSSL::Digest.new('SHA256'), signature_bytes, data)
+    end
+  end
+end

data/app/services/vpago/vattanac_mini_app_data_handler.rb

@@ -0,0 +1,33 @@
+module Vpago
+  class VattanacMiniAppDataHandler
+    def decrypt_data(data)
+      encrypted_data, signature = data.to_s.split('.', 2)
+      
+      return nil unless Vpago::RsaHandler.new(public_key: vattanac_public_key).verify(encrypted_data, signature)
+
+      decrypted = Vpago::AesEncrypter.decrypt(encrypted_data, aes_key)
+      JSON.parse(decrypted) rescue nil
+   
+    end
+
+    def encrypted_data(payload)
+      json_payload = payload.to_json
+      encrypted_data = Vpago::AesEncrypter.encrypt(json_payload, aes_key)
+      rsa_service = Vpago::RsaHandler.new(private_key: bookmeplus_private_key)
+      signed_data = rsa_service.sign(encrypted_data)
+      signed_data
+    end
+
+    def vattanac_public_key 
+      ENV['VATTANAC_PUBLIC_KEY'].presence || Rails.application.credentials.vattanac.public_key
+    end
+
+    def bookmeplus_private_key 
+      ENV['BOOKMEPLUS_PRIVATE_KEY'].presence  || Rails.application.credentials.bookmeplus.private_key
+    end
+
+    def aes_key
+     ENV['VATTANAC_AES_SECRET_KEY'].presence || Rails.application.credentials.vattanac.aes_secret_key
+    end
+  end
+end

data/app/views/spree/admin/payments/source_views/_vattanac_mini_app.html.erb

@@ -0,0 +1,6 @@
+<%= render 'spree/admin/payments/source_views/vpago_payment_tmpl',
+    payment: payment, 
+    check_status_url: '',
+    heal_payment_url: '',
+    manual_update_payment_url: ''
+%>

data/app/views/spree/vpago_payments/forms/spree/gateway/_vattanac_mini_app.html.erb

@@ -0,0 +1,89 @@
+<% @checkout = ::Vpago::VattanacMiniApp::Checkout.new(@payment) %>
+<% @payment.user_informer.payment_is_processing(processing: true) %>
+
+<p id="unsupported-message"
+   style="margin-top: 10px;
+          font-weight: bold;
+          color: red;
+          display: none;">
+</p>
+
+<h1 id="status">THIS IS CURRENT STATE</h1>
+<p id="reason_code"></p>
+<p id="processing"></p>
+<p id="reason_message"></p>
+
+<script>
+
+  function detectMobileOS() {
+    const ua = navigator.userAgent || navigator.vendor || window.opera;
+    if (/iPad|iPhone|iPod/.test(ua) && !window.MSStream) return 'iOS';
+    if (/Android/i.test(ua)) return 'Android';
+    return 'unknown';
+  }
+
+  document.addEventListener('DOMContentLoaded', () => {
+    const os = detectMobileOS();
+    const payload = {
+      data: "<%= j @checkout.signed_payload %>",
+      paymentId: "<%= @checkout.payment_id %>"
+    };
+
+    if (os === 'iOS' && window.webkit?.messageHandlers?.startPayment) {
+      window.webkit.messageHandlers.startPayment.postMessage(JSON.stringify(payload));
+    } else if (os === 'Android' && window.AndroidInterface?.startPayment) {
+      window.AndroidInterface.startPayment(JSON.stringify(payload));
+    } else {
+      const unsupported = document.getElementById('unsupported-message');
+      unsupported.style.display = 'block';
+      unsupported.innerText = 'Unsupported OS';
+    }
+
+    const firebaseConfigs = <%= Rails.application.credentials.firebase_web_config.to_json.html_safe %>;
+
+    window.listenToProcessingState({
+      firebaseConfigs: firebaseConfigs,
+      documentReferencePath: "<%= @payment.user_informer.document_reference_path %>",
+      onPaymentIsProcessing: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Payment is processing";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage;
+      },
+      onOrderIsProcessing: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Order is processing";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage;
+      },
+      onOrderIsCompleted: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Order is completed";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage;
+      },
+      onOrderProcessFailed: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Order process failed";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage;
+      },
+      onPaymentIsRefunded: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Payment is refunded";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage
+      },
+      onPaymentProcessFailed: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        document.getElementById("status").innerText = "Payment process failed";
+        document.getElementById("reason_code").innerText = reasonCode;
+        document.getElementById("processing").innerText = processing ? "Processing..." : "No more process.";
+        document.getElementById("reason_message").innerText = reasonMessage;
+      },
+      onCompleted: function (orderState, paymentState, processing, reasonCode, reasonMessage) {
+        let successPath = "<%= @payment.success_url %>";
+        window.location.href = successPath;
+      },
+    });
+  });
+</script>

data/lib/spree_vpago/engine.rb

@@ -21,7 +21,8 @@ module SpreeVpago
         Spree::Gateway::PaywayV2,
         Spree::Gateway::WingSdk,
         Spree::Gateway::Acleda,
-        Spree::Gateway::AcledaMobile
+        Spree::Gateway::AcledaMobile,
+        Spree::Gateway::VattanacMiniApp
       )
     end
 

data/lib/spree_vpago/version.rb

@@ -1,7 +1,7 @@
 module SpreeVpago
   module_function
 
-  VERSION = '2.0.4-beta1'.freeze
+  VERSION = '2.0.5-beta'.freeze
 
   def version
     Gem::Version.new VERSION

data/lib/vpago/vattanac_mini_app/base.rb

@@ -0,0 +1,52 @@
+module Vpago
+  module VattanacMiniApp
+    class Base
+      
+      def initialize(payment, options = {})
+        @options = options
+        @payment = payment
+      end
+
+      def payload
+        {
+          paymentId: payment_id,
+          amount: amount,
+          currency: currency || 'USD',
+          expiredIn: expired_at
+        }
+      end
+
+      def encrypt_data(payload)
+        SpreeCmCommissioner::AesEncryptionService.encrypt(payload.to_json, aes_key)
+      end
+
+      def amount
+        @payment.amount
+      end
+
+      def payment_id
+        @payment.number
+      end
+
+      def currency
+        'USD'
+      end
+
+      def transaction_id
+        @payment.number
+      end
+
+      def expired_at
+        (Time.now + 30.minutes).to_i * 1000
+      end
+
+      def partner_code
+        ENV['VATTANAC_PARTNER_CODE'].presence
+      end
+
+      def refund_url
+        ENV['VATTANAC_REFUND_URL'].presence
+      end
+    end
+  end
+end

data/lib/vpago/vattanac_mini_app/checkout.rb

@@ -0,0 +1,9 @@
+module Vpago
+  module VattanacMiniApp
+    class Checkout < Base
+      def signed_payload 
+        Vpago::VattanacMiniAppDataHandler.new.encrypted_data(payload)
+      end
+    end
+  end
+end

data/lib/vpago/vattanac_mini_app/refund_issuer.rb

@@ -0,0 +1,54 @@
+module Vpago
+  module VattanacMiniApp
+    class RefundIssuer < Base
+      attr_reader :response
+
+      def call
+        raw_response = send_refund_request
+        @response = handle_response(raw_response)
+      end
+
+      def success?
+        @success
+      end
+
+      def send_refund_request
+        Faraday.post(refund_url) do |req|
+          req.headers['Content-Type'] = 'application/json'
+          req.headers['Partner-Code'] = partner_code
+          req.body = {
+            data: Vpago::VattanacMiniAppDataHandler.new.encrypted_data(refund_payload)
+          }.to_json
+        end
+      end
+
+      def handle_response(response)
+        body = parse_json(response.body)
+
+        if body['status'] == 'SUCCESS'
+          json = Vpago::VattanacMiniAppDataHandler.new.decrypt_data(body['data'])
+          @success = true
+          json
+        else
+          @success = false
+          body
+        end
+      end
+
+      def refund_payload
+        {
+          transactionId: @payment.transaction_response["transactionId"],
+          paymentId:     @payment.transaction_response["paymentId"],
+          amount:        @payment.transaction_response["amount"],
+          currency:      'USD'
+        }
+      end
+
+      def parse_json(raw)
+        JSON.parse(raw)
+      rescue JSON::ParserError => e
+        raise StandardError, "Invalid JSON: #{e.message}"
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_vpago
 version: !ruby/object:Gem::Version
-  version: 2.0.4.pre.beta1
+  version: 2.0.5.pre.beta
 platform: ruby
 authors:
 - You
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-05 00:00:00.000000000 Z
+date: 2025-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -179,6 +179,7 @@ files:
 - app/models/spree/gateway/acleda_mobile.rb
 - app/models/spree/gateway/payway.rb
 - app/models/spree/gateway/payway_v2.rb
+- app/models/spree/gateway/vattanac_mini_app.rb
 - app/models/spree/gateway/wing_sdk.rb
 - app/models/spree/payout.rb
 - app/models/spree/payout_profile.rb
@@ -231,6 +232,7 @@ files:
 - app/serializers/spree/v2/storefront/payment_serializer_decorator.rb
 - app/serializers/spree/v2/storefront/vpago_payment_source_serializer.rb
 - app/services/.gitkeep
+- app/services/vpago/aes_encrypter.rb
 - app/services/vpago/payment_finder.rb
 - app/services/vpago/payment_processable.rb
 - app/services/vpago/payment_processor.rb
@@ -243,7 +245,9 @@ files:
 - app/services/vpago/payout_profiles/payway/payout_profile_request_params_builder.rb
 - app/services/vpago/payout_profiles/payway/payout_profile_request_updater.rb
 - app/services/vpago/payway_return_options_builder.rb
+- app/services/vpago/rsa_handler.rb
 - app/services/vpago/user_informers/firebase.rb
+- app/services/vpago/vattanac_mini_app_data_handler.rb
 - app/views/.gitkeep
 - app/views/layouts/acleda.html.erb
 - app/views/layouts/payway.html.erb
@@ -258,6 +262,7 @@ files:
 - app/views/spree/admin/payments/source_views/_acleda_mobile.html.erb
 - app/views/spree/admin/payments/source_views/_payment_payway.html.erb
 - app/views/spree/admin/payments/source_views/_payway_v2.html.erb
+- app/views/spree/admin/payments/source_views/_vattanac_mini_app.html.erb
 - app/views/spree/admin/payments/source_views/_vpago_payment_tmpl.html.erb
 - app/views/spree/admin/payments/source_views/_wingsdk.html.erb
 - app/views/spree/admin/payout_profile_products/_form.html.erb
@@ -304,6 +309,7 @@ files:
 - app/views/spree/payway_v2_card_popups/show.html.erb
 - app/views/spree/vpago_payments/checkout.html.erb
 - app/views/spree/vpago_payments/forms/spree/gateway/_payway_v2.html.erb
+- app/views/spree/vpago_payments/forms/spree/gateway/_vattanac_mini_app.html.erb
 - app/views/spree/vpago_payments/processing.html.erb
 - app/views/spree/vpago_payments/success.html.erb
 - app/views/spree/wing_redirects/show.html.erb
@@ -371,6 +377,9 @@ files:
 - lib/vpago/payway_v2/pre_auth_canceler.rb
 - lib/vpago/payway_v2/pre_auth_completer.rb
 - lib/vpago/payway_v2/transaction_status.rb
+- lib/vpago/vattanac_mini_app/base.rb
+- lib/vpago/vattanac_mini_app/checkout.rb
+- lib/vpago/vattanac_mini_app/refund_issuer.rb
 - lib/vpago/wing_sdk/base.rb
 - lib/vpago/wing_sdk/checkout.rb
 - lib/vpago/wing_sdk/payment_request_updater.rb