@cloudcommerce/app-pix 0.0.127

package/src/functions-lib/pix-auth/construtor.ts

@@ -0,0 +1,87 @@
+import type { AxiosInstance } from 'axios';
+import * as logger from 'firebase-functions/logger';
+import { getFirestore } from 'firebase-admin/firestore';
+import createAxios from './create-axios';
+import oauth from './oauth';
+
+type Option = {
+  clientId?: string;
+  clientSecret?: string;
+  oauthEndpoint?: any;
+  pfx?: any;
+  tokenData?: any;
+  baseURL?: string
+}
+
+const firestoreColl = 'pixTokens';
+
+export default class Pix {
+  preparing: Promise<unknown>;
+  axios: AxiosInstance | undefined;
+
+  constructor(options: Option) {
+    const {
+      clientId,
+      clientSecret,
+      baseURL,
+      pfx,
+      tokenData,
+    } = options;
+
+    const self = this;
+
+    let documentRef;
+    if (firestoreColl) {
+      documentRef = getFirestore()
+        .doc(`${firestoreColl}/${clientId}:${clientSecret}`);
+    }
+
+    this.preparing = new Promise((resolve, reject) => {
+      const authenticate = (token: any) => {
+        self.axios = createAxios({ pfx, tokenData: token, baseURL });
+        resolve(self);
+      };
+
+      const fetchOauth = () => {
+        logger.log('>(App: Pix) OAuth');
+        oauth(options)
+          // eslint-disable-next-line no-shadow
+          .then((tokenData) => {
+            logger.log(`>(App: Pix) Token ${JSON.stringify(tokenData)}`);
+            authenticate(tokenData);
+            if (documentRef) {
+              documentRef.set({ tokenData }).catch(logger.error);
+            }
+          })
+          .catch(reject);
+      };
+
+      if (tokenData) {
+        authenticate(tokenData);
+      } else if (documentRef) {
+        documentRef.get()
+          .then((documentSnapshot) => {
+            if (documentSnapshot.exists) {
+              const token = documentSnapshot.get('tokenData');
+              const expiresIn = (tokenData && tokenData.expires_in) || 3600;
+              const deadline = Date.now() + 10000 - documentSnapshot.updateTime.toDate().getTime();
+
+              if (deadline <= expiresIn * 1000) {
+                authenticate(token);
+              } else {
+                fetchOauth();
+              }
+            } else {
+              fetchOauth();
+            }
+          })
+          .catch((err: any) => {
+            logger.error(err);
+            fetchOauth();
+          });
+      } else {
+        fetchOauth();
+      }
+    });
+  }
+}

package/src/functions-lib/pix-auth/create-axios.ts

@@ -0,0 +1,24 @@
+import * as https from 'https';
+import axios from 'axios';
+
+export default ({
+  pfx,
+  tokenData,
+  baseURL = 'https://api-pix.gerencianet.com.br',
+}) => {
+  const httpsAgent = new https.Agent({
+    pfx,
+    passphrase: '',
+  });
+  const headers = {
+    'Content-Type': 'application/json',
+  };
+  if (tokenData) {
+    const Authorization = typeof tokenData === 'string'
+      ? tokenData
+      : `${tokenData.token_type} ${tokenData.access_token}`;
+
+    Object.assign(headers, { Authorization });
+  }
+  return axios.create({ baseURL, headers, httpsAgent });
+};

package/src/functions-lib/pix-auth/oauth.ts

@@ -0,0 +1,50 @@
+import createAxios from './create-axios';
+
+type Option = {
+  clientId?: string;
+  clientSecret?: string;
+  oauthEndpoint?: any;
+  pfx?: any;
+  tokenData?: { [key: string]: any };
+  baseURL?: string
+}
+
+export default (options: Option) => new Promise((resolve, reject) => {
+  const {
+    clientId,
+    clientSecret,
+    oauthEndpoint,
+    pfx,
+    tokenData,
+    baseURL,
+  } = options;
+  const auth = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
+  const axios = createAxios({
+    pfx,
+    tokenData,
+    baseURL,
+  });
+
+  const request = (isRetry?: boolean) => {
+    axios({
+      url: oauthEndpoint || '/oauth/token',
+      method: 'post',
+      headers: {
+        Authorization: `Basic ${auth}`,
+      },
+      data: {
+        grant_type: 'client_credentials',
+      },
+    })
+      .then(({ data }) => {
+        resolve(data);
+      })
+      .catch((err) => {
+        if (!isRetry && err.response && err.response.status >= 429) {
+          setTimeout(() => request(true), 4000);
+        }
+        reject(err);
+      });
+  };
+  request();
+});

package/src/index.ts

@@ -0,0 +1,2 @@
+// eslint-disable-next-line import/prefer-default-export
+export * from './pix';

package/src/pix-create-transaction.ts

@@ -0,0 +1,261 @@
+import type { AxiosInstance } from 'axios';
+import type { AppModuleBody } from '@cloudcommerce/types';
+import type { CreateTransactionParams } from '@cloudcommerce/types/modules/create_transaction:params';
+import type { CreateTransactionResponse } from '@cloudcommerce/types/modules/create_transaction:response';
+import type { Firestore } from 'firebase-admin/firestore';
+import * as logger from 'firebase-functions/logger';
+import config from '@cloudcommerce/firebase/lib/config';
+import axios from 'axios';
+import { responseError } from './pix-list-payments';
+import Pix from './functions-lib/pix-auth/construtor';
+import getPfx from './functions-lib/get-certificate';
+
+const saveToDb = (
+  firestore: Firestore,
+  clientId: string,
+  clientSecret: string,
+  pixApi: any,
+  pixAxios: AxiosInstance,
+  configApp: { [x: string]: any },
+  baseUri: string,
+) => {
+  return new Promise((resolve) => {
+    firestore.doc(`pixSetup/${clientId}:${clientSecret}`).get()
+      .then((documentSnapshot) => {
+        if (!documentSnapshot.exists || !documentSnapshot.get('hasWebhook')) {
+          const rand = String(Date.now());
+          return documentSnapshot.ref
+            .set({
+              pixApi,
+              rand,
+              createdAt: new Date().toISOString(),
+            })
+            .then(() => pixAxios({
+              url: `/v2/webhook/${configApp.pix_key}`,
+              method: 'PUT',
+              data: {
+                webhookUrl: `${baseUri}/pix-webhook/${rand}`,
+              },
+            }))
+
+            .then(() => {
+              documentSnapshot.ref
+                .set({ hasWebhook: true }, { merge: true })
+                .catch(logger.error);
+
+              resolve(true);
+            })
+            .catch((err) => {
+              logger.error('(App:Pix) Error saving firestore => ', err);
+              resolve(false);
+            });
+        }
+        resolve(false);
+        return null;
+      })
+      .catch((err) => {
+        logger.error('(App:Pix) Error saving firestore => ', err);
+        resolve(false);
+      });
+  });
+};
+
+export default async (appData: AppModuleBody, firestore: Firestore) => {
+  const locationId = config.get().httpsFunctionOptions.region;
+  const baseUri = `https://${locationId}-${process.env.GCLOUD_PROJECT}.cloudfunctions.net`;
+  // body was already pre-validated on @/bin/web.js
+  // treat module request body
+  const { application } = appData;
+  const params = appData.params as CreateTransactionParams;
+  // app configured options
+  const configApp = { ...application.data, ...application.hidden_data };
+
+  const {
+    amount,
+    buyer,
+    payer,
+    items,
+  } = params;
+
+  const orderId = params.order_id;
+  logger.log('>(App:Pix) Transaction #', orderId);
+
+  // https://apx-mods.e-com.plus/api/v1/create_transaction/response_schema.json?store_id=100
+  const transaction: CreateTransactionResponse['transaction'] = {
+    amount: amount.total,
+  };
+
+  const pixApi = configApp.pix_api;
+  let pfx;
+  try {
+    pfx = await getPfx(pixApi.certificate);
+  } catch (e) {
+    logger.error(e);
+    return responseError(409, 'INVALID_PIX_CERTIFICATE', 'Arquivo de certificado não encontrado ou inválido');
+  }
+
+  let baseURL: string | undefined;
+  if (pixApi.host && typeof pixApi.host === 'string') {
+    baseURL = pixApi.host.startsWith('http') ? pixApi.host : `https://${pixApi.host}`;
+  }
+  const isGerencianet = Boolean(baseURL && baseURL.indexOf('gerencianet.') > -1);
+  const clientId = pixApi.client_id;
+  const clientSecret = pixApi.client_secret;
+
+  const pix = new Pix({
+    clientId,
+    clientSecret,
+    pfx,
+    baseURL,
+    oauthEndpoint: pixApi.oauth_endpoint,
+    tokenData: pixApi.authorization,
+  });
+
+  let pixCob: { [key: string]: any } | undefined;
+
+  try {
+    await pix.preparing;
+
+    let txid = [...Array(32)].map(() => Math.floor(Math.random() * 16).toString(16)).join('');
+    let docNumber: string;
+    let registryType: string;
+    let fullname: string;
+
+    if (payer && payer.doc_number) {
+      docNumber = payer.doc_number;
+      registryType = payer.doc_number.length === 11 ? 'p' : 'j';
+      fullname = payer.fullname || buyer.fullname;
+    } else {
+      docNumber = buyer.doc_number;
+      registryType = buyer.registry_type;
+      fullname = buyer.fullname;
+    }
+
+    pixCob = {
+      calendario: {
+        expiracao: (configApp.pix_expiration || 60) * 60,
+      },
+      devedor: {
+        [registryType === 'j' ? 'cnpj' : 'cpf']: docNumber,
+        nome: fullname,
+      },
+      valor: {
+        original: amount.total.toFixed(2),
+      },
+      chave: configApp.pix_key,
+      infoAdicionais: [{
+        nome: 'pedido',
+        valor: `Pedido #${params.order_number} na loja ${params.domain}`,
+      }],
+    };
+
+    if (typeof configApp.pix_input === 'string' && configApp.pix_input.length > 3) {
+      const solicitacaoPagador = configApp.pix_input.substring(0, 140);
+      Object.assign(pixCob, { solicitacaoPagador });
+    }
+    if (typeof configApp.pix_info === 'string' && configApp.pix_info.length > 3) {
+      pixCob.infoAdicionais.unshift({
+        nome: 'texto',
+        valor: configApp.pix_info.substring(0, 200),
+      });
+    }
+
+    items.forEach((item, i) => {
+      if (pixCob) {
+        pixCob.infoAdicionais.push({
+          nome: `item_${(i + 1)}`,
+          valor: `${item.quantity}x ${(item.name || item.sku)}`.substring(0, 200),
+        });
+      }
+    });
+
+    pixCob.infoAdicionais.push({
+      nome: 'ecom_order_id',
+      valor: String(orderId),
+    });
+
+    if (pix.axios) {
+      let { data } = await pix.axios({
+        url: `/v2/cob/${txid}`,
+        method: 'PUT',
+        data: pixCob,
+      });
+      if (data) {
+        const { loc } = data;
+        txid = data.txid;
+
+        const location = (loc && loc.location) || data.location;
+        const pixCodeHost = 'https://gerarqrcodepix.com.br/api/v1';
+        const pixCodeParams = `&location=${location}`
+          + `&nome=${encodeURIComponent(configApp.pix_receiver || params.domain)}`
+          + `&cidade=${encodeURIComponent(configApp.pix_city || params.domain)}`;
+        const qrCodeUrl = `${pixCodeHost}?pim=12&saida=qr${pixCodeParams}`;
+        let qrCodeSrc = qrCodeUrl;
+        const brCodeUrl = `${pixCodeHost}?saida=br${pixCodeParams}`;
+
+        try {
+          if (isGerencianet && loc && loc.id) {
+            const res = await pix.axios.get(`/v2/loc/${loc.id}/qrcode`);
+            qrCodeSrc = res.data.imagemQrcode;
+          } else {
+            throw new Error('Retry');
+          }
+        } catch (err: any) {
+          data = (await axios.get(brCodeUrl)).data;
+        }
+
+        if (data) {
+          transaction.intermediator = {
+            payment_method: params.payment_method,
+            transaction_id: txid,
+            transaction_code: data.brcode || data.qrcode,
+          };
+          transaction.payment_link = qrCodeUrl;
+          transaction.notes = `<img src="${qrCodeSrc}" style="display:block;margin:0 auto">`;
+
+          await saveToDb(firestore, clientId, clientSecret, pixApi, pix.axios, configApp, baseUri);
+
+          return {
+            status: 200,
+            redirect_to_payment: false,
+            transaction,
+          };
+        }
+        return responseError(409, 'PIX_REQUEST_ERR_', 'QRCode not found');
+      }
+      return responseError(409, 'PIX_REQUEST_ERR_', 'Unexpected error creating charge');
+    }
+    return responseError(409, 'PIX_REQUEST_ERR_', 'Axios instance not created');
+  } catch (error: any) {
+    logger.error(error);
+    // try to debug request error
+    let errCode = 'PIX_COB_ERR_';
+    let { message } = error;
+
+    const err = {
+      message: `PIX_COB_ERR_ Order: #${orderId} => ${message}`,
+      payment: '',
+      status: 0,
+      response: '',
+    };
+
+    if (error.response) {
+      const { status, data } = error.response;
+      if (status !== 401 && status !== 403) {
+        err.payment = JSON.stringify(pixCob);
+        err.status = status;
+        errCode += status;
+        if (typeof data === 'object' && data) {
+          err.response = JSON.stringify(data);
+        } else {
+          err.response = data;
+        }
+      } else if (data && data.mensagem) {
+        message = data.mensagem;
+      }
+    }
+    // logger.error('(App:Pix) Error => ', err);
+
+    return responseError(409, errCode, message);
+  }
+};

package/src/pix-list-payments.ts

@@ -0,0 +1,93 @@
+import type { AppModuleBody } from '@cloudcommerce/types';
+import type { ListPaymentsParams } from '@cloudcommerce/types/modules/list_payments:params';
+import type { ListPaymentsResponse } from '@cloudcommerce/types/modules/list_payments:response';
+
+type Gateway = ListPaymentsResponse['payment_gateways'][number]
+
+const responseError = (status: number | null, error: string, message: string) => {
+  return {
+    status: status || 409,
+    error,
+    message: `${message} (lojista deve configurar o aplicativo)`,
+  };
+};
+
+export default (data: AppModuleBody) => {
+  const { application } = data;
+  const params = data.params as ListPaymentsParams;
+  // https://apx-mods.e-com.plus/api/v1/list_payments/schema.json?store_id=100
+  const amount = params.amount || { total: undefined, discount: undefined };
+  // const initialTotalAmount = amount.total;
+
+  const configApp = {
+    ...application.data,
+    ...application.hidden_data,
+  };
+
+  if (!configApp.pix_key) {
+    return responseError(409, 'NO_PIX_KEY', 'Chave Pix não configurada');
+  }
+  const pixApi = configApp.pix_api;
+  if (!pixApi.certificate) {
+    return responseError(409, 'NO_PIX_CERTIFICATE', 'Certificado .PEM ou .P12 não configurado');
+  }
+  if ((!pixApi.client_id || !pixApi.client_secret) && !pixApi.authorization) {
+    return responseError(409, 'NO_PIX_CREDENTIALS', 'Client ID e/ou Secret não configurados');
+  }
+  const response: ListPaymentsResponse = {
+    payment_gateways: [],
+  };
+
+  // setup payment gateway object
+  const gateway: Gateway = {
+    label: 'Pagar com Pix',
+    // icon: `${baseUri}/pix.png`, // TODO: baseUri
+    icon: 'https://us-central1-ecom-pix.cloudfunctions.net/app/pix.png',
+    payment_method: {
+      code: 'account_deposit',
+      name: 'Pix',
+    },
+    intermediator: {
+      name: 'Pix',
+      link: 'https://www.bcb.gov.br/estabilidadefinanceira/pix',
+      code: 'pixapi',
+    },
+    ...configApp.gateway_options,
+  };
+
+  const { discount } = configApp;
+  if (discount && discount.value > 0
+    && (!amount.discount || discount.cumulative_discount !== false)) {
+    gateway.discount = {
+      apply_at: discount.apply_at,
+      type: discount.type,
+      value: discount.value,
+    };
+    if (discount.apply_at !== 'freight') {
+      // set as default discount option
+      response.discount_option = {
+        apply_at: discount.apply_at,
+        type: discount.type,
+        value: discount.value,
+        label: configApp.discount_option_label || 'Pix',
+      };
+    }
+
+    if (discount.min_amount) {
+      // check amount value to apply discount
+      if (amount.total && amount.total < discount.min_amount) {
+        delete gateway.discount;
+      }
+      if (response.discount_option) {
+        response.discount_option.min_amount = discount.min_amount;
+      }
+    }
+  }
+
+  response.payment_gateways.push(gateway);
+  return response;
+};
+
+export {
+  responseError,
+};

package/src/pix-webhook.ts

@@ -0,0 +1,171 @@
+/* eslint-disable import/prefer-default-export */
+import type { Request, Response } from 'firebase-functions';
+import '@cloudcommerce/firebase/lib/init';
+import api from '@cloudcommerce/api';
+import * as logger from 'firebase-functions/logger';
+import { getFirestore } from 'firebase-admin/firestore';
+import * as functions from 'firebase-functions/v1';
+import config from '@cloudcommerce/firebase/lib/config';
+import Pix from './functions-lib/pix-auth/construtor';
+import getPfx from './functions-lib/get-certificate';
+
+const handler = async (req: Request, res: Response, rand: string) => {
+  try {
+    const querySnapshot = await getFirestore()
+      .collection('pixSetup')
+      .where('rand', '==', rand)
+      .limit(1)
+      .get();
+
+    if (querySnapshot && !querySnapshot.empty) {
+      const documentSnapshot = querySnapshot.docs[0];
+
+      const setHookState = (isValidating = false) => {
+        return documentSnapshot.ref
+          .set({ isValidating }, { merge: true });
+      };
+
+      if (req.body) {
+        logger.log(`> (App:Pix) Webhook (${rand}) ${JSON.stringify(req.body)}`);
+        const pixHooks = req.body.pix;
+        if (Array.isArray(pixHooks) && pixHooks.length) {
+          if (!documentSnapshot.exists) {
+            return res.sendStatus(401);
+          }
+          const pixApi = documentSnapshot.get('pixApi');
+          if (!pixApi) {
+            return res.sendStatus(410);
+          }
+          if (documentSnapshot.get('isValidating')) {
+            setHookState();
+          }
+
+          let pfx;
+          try {
+            pfx = await getPfx(pixApi.certificate);
+          } catch (err) {
+            logger.error(err);
+            return res.sendStatus(409);
+          }
+
+          let baseURL: string | undefined;
+          if (pixApi.host && typeof pixApi.host === 'string') {
+            baseURL = pixApi.host.startsWith('http') ? pixApi.host : `https://${pixApi.host}`;
+          }
+
+          const pix = new Pix({
+            clientId: pixApi.client_id,
+            clientSecret: pixApi.client_secret,
+            pfx,
+            baseURL,
+            oauthEndpoint: pixApi.oauth_endpoint,
+            tokenData: pixApi.authorization,
+          });
+
+          await pix.preparing;
+
+          await Promise.all(pixHooks.map(async ({ endToEndId, txid }) => {
+            if (pix.axios) {
+              const { data } = await pix.axios.get(`/v2/cob/${txid}`);
+              if (data) {
+                logger.log(`> (App:Pix) Read ${txid} ${JSON.stringify(data)}`);
+                const { status, infoAdicionais } = data;
+                const orderInfo = infoAdicionais.find(({ nome }) => nome === 'ecom_order_id');
+                if (orderInfo) {
+                  const orderId = orderInfo.valor;
+                  let financialStatus: string | undefined;
+
+                  switch (status.toUpperCase()) {
+                    case 'CONCLUIDA':
+                      if (
+                        Array.isArray(data.pix)
+                        && data.pix.find(({ valor, devolucoes }) => {
+                          if (
+                            data.valor
+                            && data.valor.original
+                            && valor < data.valor.original
+                          ) {
+                            return false;
+                          }
+
+                          return devolucoes && devolucoes.find(
+                            (devolucao: { status: string; }) => {
+                              return devolucao.status === 'DEVOLVIDO';
+                            },
+                          );
+                        })
+                      ) {
+                        financialStatus = 'refunded';
+                      } else {
+                        financialStatus = 'paid';
+                      }
+                      break;
+
+                    case 'DEVOLVIDO':
+                      financialStatus = 'refunded';
+                      break;
+                    default:
+                      if (status.startsWith('REMOVIDA_')) {
+                        financialStatus = 'voided';
+                      }
+                  }
+
+                  if (orderId && financialStatus) {
+                    const bodyPaymentHistory = {
+                      date_time: new Date().toISOString(),
+                      status: financialStatus,
+                      notification_code: endToEndId,
+                      flags: ['pixapi'],
+                    } as any; // TODO: incompatible type=> amount and status;
+
+                    await api.post(
+                      `orders/${orderId}/payments_history`,
+                      bodyPaymentHistory,
+                    );
+                  }
+                }
+                return data;
+              }
+            }
+            return true;
+          }));
+
+          return res.sendStatus(200);
+        }
+        // not create axios instance
+        return res.sendStatus(500);
+      }
+      // body not found
+      if (!documentSnapshot.exists || !documentSnapshot.get('isValidating')) {
+        setHookState(true).catch(logger.error);
+        return res.sendStatus(503);
+      }
+      logger.log('> (App:Pix) Webhook ignored');
+      setHookState().catch(logger.error);
+      return res.sendStatus(200);
+    }
+    return res.sendStatus(410);
+  } catch (err: any) {
+    logger.error(err);
+    if (!res.headersSent) {
+      return res.sendStatus(502);
+    }
+    //
+    return res.sendStatus(500);
+  }
+};
+
+export const pix = {
+  webhook: functions
+    .region(config.get().httpsFunctionOptions.region)
+    .https.onRequest(async (req, res) => {
+      const { method } = req;
+      const rand = req.url.split('/')[1];
+
+      if (method === 'POST' || method === 'PUT') {
+        handler(req, res, rand);
+      } else {
+        res.sendStatus(405);
+      }
+    }),
+};