node-paytmpg 5.3.2 → 6.4.2

package/example.js

@@ -1,51 +1,34 @@
-var express=require('express')
-var app=express()
-
-var MONGOURL="mongodb+srv://username:pasws@host.net/dbname";
-
-/*** 
- * Uncomment in case you want to use multidborm 
- * https://www.npmjs.com/package/multi-db-orm
-
- const { MultiDbORM, FireStoreDB, MongoDB, SQLiteDB, Sync } = require("multi-db-orm");
-var mongodb = new MongoDB(MONGOURL);
-app.multidborm = mongodb;
-
-*/
-
-app.set('np_config', {
-    "host_url":"http://127.0.0.1:5542", 
-    "view_path":"/../views/",
-    "paytm_url":"https://securegw-stage.paytm.in",
-    "MID":"XXXXX",
-    "WEBSITE":"WEBSTAGING",
-    "KEY":"XXXXX",
-    "CHANNEL_ID":"WAP", 
-    "INDUSTRY_TYPE_ID":"Retail",
-    "homepage":"/",
-    "path_prefix":"_pay",
-    "theme_color":"#231530",
-    "db_url":MONGOURL // Remove this property in case you want to use multidborm
+const express = require('express');
+const { SQLiteDB } = require('multi-db-orm');
+const { createPaymentMiddleware } = require('./index');
+
+try { require('dotenv').config(); } catch (e) { }
+
+const app = express();
+
+// Local SQLite sample DB via multi-db-orm; swap for your own adapter
+const db = new SQLiteDB('test.db');
+
+const payment = createPaymentMiddleware({
+    host_url: process.env.NP_HOST_URL || 'http://localhost:5543',
+    path_prefix: process.env.NP_PATH_PREFIX || '_pay',
+    homepage: '/',
+    payu_url: 'https://secure.payu.in', // use https://test.payu.in for sandbox
+    MID: process.env.NP_MID || '12345',
+    WEBSITE: process.env.NP_WEBSITE || 'WEBSTAGING',
+    KEY: process.env.NP_KEY || 'abcdef',
+    SECRET: process.env.NP_SECRET || 'abcdef', // salt for payu / razor
+    CHANNEL_ID: process.env.NP_CHANNEL_ID || 'WAP',
+    INDUSTRY_TYPE_ID: process.env.NP_INDUSTRY_TYPE_ID || 'Retail',
+    theme: {
+        primary: '#231530',
+        accent: '#5ce1e6',
+    },
+    brand: 'DemoPay',
+}, db);
+
+app.use(payment);
+
+app.listen(process.env.PORT || 5543, function () {
+    console.log('Server started at', process.env.PORT || 5543);
 });
-
-if(process.env.CONFIG){
-
-    app.set('np_config', JSON.parse(process.env.CONFIG));
-    console.log('using config from env',process.env.CONFIG);
-    
-}
-
-require('./index')(app,express)
-
-app.all('/',function(req,res)
-{
-    res.redirect('/_pay/init')
-})
-
-
-app.listen(process.env.PORT  || 5542,function()
-{
-
-    console.log("Server Started At ",process.env.PORT  || 5542)
-
-})

package/index.js

@@ -1,23 +1,83 @@
-module.exports = (app, express, callbacks) => {
+const express = require('express');
+const path = require('path');
+const bodyParser = require('body-parser');
+const exphbs = require('express-handlebars');
+const mongoose = require('mongoose');
 
-    var module = {};
+const buildConfig = require('./lib/config/buildConfig');
 
-    if (app && express) {
-        require('./app/routes/payment_route.js')(app, express, callbacks)
-        var config = (app.get('np_config'))
-        if (config.db_url) {
+/**
+ * Creates an isolated payment middleware that can be mounted on any Express app.
+ * This keeps the payment creation/verification logic intact while exposing a cleaner API.
+ *
+ * @param {object} userConfig - configuration overrides (gateway keys, branding, hooks, etc.)
+ * @param {object} db - optional multi-db-orm instance; if omitted and db_url is provided, MongoDB is used
+ * @returns {import('express').Application} configured sub-application ready to mount
+ */
+function createPaymentMiddleware(userConfig = {}, db) {
+    const config = buildConfig(userConfig);
+    const subApp = express();
 
-            module.Transaction = require('./app/models/np_transaction.model.js')
-            module.User = require('./app/models/np_user.model.js')
+    // expose config + optional db handle for downstream controllers
+    subApp.set('np_config', config);
+    subApp.locals.theme = config.theme || {};
+    subApp.locals.brand = config.brand || 'Secure Pay';
+    subApp.locals.logo = config.logo;
+    subApp.locals.themeName = config.themeName || (config.theme && config.theme.name) || 'dark';
+    if (config.db_url) {
+        mongoose.Promise = global.Promise;
+        mongoose.connect(config.db_url, {
+            useUnifiedTopology: true,
+            useNewUrlParser: true,
+        }).then(() => {
+            console.log('PaytmPG : Connected to MongoDB');
+        }).catch(err => {
+            console.log('PaytmPG : Failed to connect MongoDB', err);
+        });
+    } else if (db) {
+        subApp.multidborm = db;
+    }
 
-        } else if (app.multidborm) {
+    // view engine + theming
+    const viewRoot = config.templateDir
+        ? path.resolve(config.templateDir)
+        : path.join(__dirname, 'app', 'views');
+    const layoutPath = path.join(viewRoot, 'layouts', 'index.hbs');
 
-            module.Transaction = app.NPTransaction;
-            module.User = app.NPUser;
+    subApp.engine('hbs', exphbs({
+        extname: 'hbs',
+        defaultLayout: layoutPath,
+        helpers: {
+            theme_color: () => config.theme_color,
+            logo: () => config.logo,
+            brand: () => config.brand || 'Secure Pay',
+        },
+    }));
+    subApp.set('view engine', 'handlebars');
 
-        }
-    }
+    // body parsing with raw body capture (needed for webhooks)
+    const saveRawBody = (req, res, buf) => {
+        req.rawBody = buf.toString();
+    };
+    subApp.use(bodyParser.urlencoded({ extended: true }));
+    subApp.use(bodyParser.json({ verify: saveRawBody }));
+    // wire routes against existing payment controller (logic unchanged)
+     const callbacks = config.callbacks || userConfig.callbacks;
+    const pc = require('./app/controllers/payment_controller')(subApp, callbacks);
+
+    subApp.all('/init', pc.init);
+    subApp.all('/callback', pc.callback);
+    subApp.all('/api/webhook', pc.webhook);
+    subApp.all('/api/status', pc.status);
+    subApp.all('/api/createTxn/token', pc.createTxnToken);
+    subApp.all('/api/createTxn', pc.createTxn);
+    subApp.all('/', pc.init);
+
+    subApp.use(express.static(path.join(__dirname, 'public')), pc.init);
+
+    return subApp;
+}
+
+module.exports = { createPaymentMiddleware };
 
-    return module;
-};
 

package/lib/config/buildConfig.js

@@ -0,0 +1,113 @@
+const defaults = require('./defaults');
+const { validateConfig } = require('./validator');
+
+function pickEnv(keys) {
+    const output = {};
+    keys.forEach((key) => {
+        if (process.env[key] !== undefined) {
+            output[key] = process.env[key];
+        }
+    });
+    return output;
+}
+
+function buildConfig(userConfig = {}) {
+    const envOverrides = pickEnv([
+        'NP_HOST_URL',
+        'NP_PATH_PREFIX',
+        'NP_HOMEPAGE',
+        'NP_TEMPLATE_DIR',
+        'NP_THEME_COLOR',
+        'NP_LOGO',
+        'NP_DB_URL',
+        'NP_PAYTM_URL',
+        'NP_RAZOR_URL',
+        'NP_PAYU_URL',
+        'NP_OPEN_MONEY_URL',
+        'NP_MID',
+        'NP_WEBSITE',
+        'NP_KEY',
+        'NP_SECRET',
+        'NP_CHANNEL_ID',
+        'NP_INDUSTRY_TYPE_ID',
+        'NP_MODE',
+        'NP_THEME_NAME',
+    ]);
+
+    const merged = {
+        ...defaults,
+        ...normalizeEnv(envOverrides),
+        ...userConfig,
+    };
+
+    // theme normalization
+    const themeName = (userConfig.themeName || userConfig.theme?.name || merged.theme_name || 'dark').toLowerCase();
+    const theme = {
+        primary: getThemeColor(userConfig, merged),
+        accent: userConfig?.theme?.accent || merged.theme_accent || '#4ae0ff',
+        surface: userConfig?.theme?.surface || '#0f1021',
+        text: userConfig?.theme?.text || '#e9ecf2',
+        success: userConfig?.theme?.success || '#24cf5f',
+        danger: userConfig?.theme?.danger || '#ff6b6b',
+        name: themeName,
+    };
+
+    merged.theme = theme;
+    merged.theme_color = theme.primary;
+    merged.logo = userConfig.logo || merged.logo;
+    merged.brand = userConfig.brand || 'Secure Pay';
+    merged.callbacks = userConfig.callbacks || userConfig.hooks || merged.callbacks || {};
+    merged.templateDir = userConfig.templateDir || merged.templateDir;
+    merged.themeName = themeName;
+
+    // ensure view path remains compatible with legacy controllers
+    if (!merged.view_path) {
+        merged.view_path = '/../views/';
+    }
+
+    if (userConfig.host_url) {
+        merged.host_url = userConfig.host_url;
+    } else if (process.env.NP_HOST_URL) {
+        merged.host_url = process.env.NP_HOST_URL;
+    }
+
+    return validateConfig(merged);
+}
+
+function getThemeColor(userConfig, merged) {
+    if (userConfig?.theme?.primary) return userConfig.theme.primary;
+    if (userConfig.theme_color) return userConfig.theme_color;
+    if (merged.NP_THEME_COLOR) return merged.NP_THEME_COLOR;
+    return merged.theme_color;
+}
+
+function normalizeEnv(env) {
+    const mapping = {
+        NP_HOST_URL: 'host_url',
+        NP_PATH_PREFIX: 'path_prefix',
+        NP_HOMEPAGE: 'homepage',
+        NP_TEMPLATE_DIR: 'templateDir',
+        NP_THEME_COLOR: 'theme_color',
+        NP_LOGO: 'logo',
+        NP_DB_URL: 'db_url',
+        NP_PAYTM_URL: 'paytm_url',
+        NP_RAZOR_URL: 'razor_url',
+        NP_PAYU_URL: 'payu_url',
+        NP_OPEN_MONEY_URL: 'open_money_url',
+        NP_MID: 'MID',
+        NP_WEBSITE: 'WEBSITE',
+        NP_KEY: 'KEY',
+        NP_SECRET: 'SECRET',
+        NP_CHANNEL_ID: 'CHANNEL_ID',
+        NP_INDUSTRY_TYPE_ID: 'INDUSTRY_TYPE_ID',
+        NP_MODE: 'mode',
+        NP_THEME_NAME: 'themeName',
+    };
+    return Object.keys(env).reduce((acc, key) => {
+        const target = mapping[key];
+        if (target) acc[target] = env[key];
+        return acc;
+    }, {});
+}
+
+module.exports = buildConfig;

package/lib/config/defaults.js

@@ -0,0 +1,37 @@
+module.exports = {
+    // Server configuration
+    host_url: 'http://localhost:3000',
+    path_prefix: '_pay',
+    homepage: '/',
+
+    // Template configuration
+    templateDir: null, // null = use built-in views, or provide path to custom templates
+    templateEngine: 'handlebars',
+
+    // UI Customization
+    theme_color: '#3399cc',
+    logo: '/favicon.ico',
+
+    // Transaction ID configuration
+    id_length: 10,
+
+    // Database
+    db_url: null, // MongoDB URL (legacy), leave null to use multidborm
+
+    // Payment Gateway URLs
+    // paytm_url: null,        // e.g., 'https://securegw-stage.paytm.in' for test, 'https://securegw.paytm.in' for production
+    // razor_url: null,        // e.g., 'https://api.razorpay.com/v1/'
+    // payu_url: null,         // e.g., 'https://test.payu.in' for test, 'https://secure.payu.in' for production
+    // open_money_url: null,   // e.g., 'https://sandbox-icp-api.bankopen.co/api' for sandbox, 'https://icp-api.bankopen.co/api' for live
+
+    // Gateway Credentials (must be provided by user)
+    // MID: null,
+    // WEBSITE: null,
+    // KEY: null,
+    // SECRET: null,
+    // CHANNEL_ID: 'WEB',
+    // INDUSTRY_TYPE_ID: 'Retail',
+
+    // Payment mode configuration (optional)
+    // mode: null  // JSON string of enabled payment modes for Paytm
+};

package/lib/config/validator.js

@@ -0,0 +1,103 @@
+const defaults = require('./defaults');
+
+/**
+ * Validates and merges config with defaults
+ * @param {Object} userConfig - User-provided configuration
+ * @returns {Object} Merged and validated configuration
+ * @throws {Error} If required fields are missing
+ */
+function validateConfig(userConfig) {
+    if (!userConfig || typeof userConfig !== 'object') {
+        throw new Error('Config must be an object');
+    }
+
+    // Merge with defaults
+    const config = { ...defaults, ...userConfig };
+
+    // Detect which payment gateway is being used
+    const hasPaytm = !!config.paytm_url;
+    const hasRazorpay = !!config.razor_url;
+    const hasPayU = !!config.payu_url;
+    const hasOpenMoney = !!config.open_money_url;
+
+    if (!hasPaytm && !hasRazorpay && !hasPayU && !hasOpenMoney) {
+        throw new Error(
+            'At least one payment gateway must be configured. ' +
+            'Please provide one of: paytm_url, razor_url, payu_url, or open_money_url'
+        );
+    }
+
+    // Validate required credentials based on gateway
+    if (hasPaytm) {
+        validatePaytmConfig(config);
+    }
+
+    if (hasRazorpay) {
+        validateRazorpayConfig(config);
+    }
+
+    if (hasPayU) {
+        validatePayUConfig(config);
+    }
+
+    if (hasOpenMoney) {
+        validateOpenMoneyConfig(config);
+    }
+
+    // Validate common fields
+    if (!config.host_url) {
+        throw new Error('host_url is required');
+    }
+
+    if (!config.path_prefix) {
+        throw new Error('path_prefix is required');
+    }
+
+    return config;
+}
+
+function validatePaytmConfig(config) {
+    const required = ['MID', 'WEBSITE', 'KEY', 'CHANNEL_ID', 'INDUSTRY_TYPE_ID'];
+    const missing = required.filter(field => !config[field]);
+
+    if (missing.length > 0) {
+        throw new Error(
+            `Paytm configuration incomplete. Missing fields: ${missing.join(', ')}`
+        );
+    }
+}
+
+function validateRazorpayConfig(config) {
+    const required = ['KEY', 'SECRET'];
+    const missing = required.filter(field => !config[field]);
+
+    if (missing.length > 0) {
+        throw new Error(
+            `Razorpay configuration incomplete. Missing fields: ${missing.join(', ')}`
+        );
+    }
+}
+
+function validatePayUConfig(config) {
+    const required = ['KEY', 'SECRET'];
+    const missing = required.filter(field => !config[field]);
+
+    if (missing.length > 0) {
+        throw new Error(
+            `PayU configuration incomplete. Missing fields: ${missing.join(', ')}`
+        );
+    }
+}
+
+function validateOpenMoneyConfig(config) {
+    const required = ['KEY', 'SECRET'];
+    const missing = required.filter(field => !config[field]);
+
+    if (missing.length > 0) {
+        throw new Error(
+            `OpenMoney configuration incomplete. Missing fields: ${missing.join(', ')}`
+        );
+    }
+}
+
+module.exports = { validateConfig };

package/lib/services/database.service.js

@@ -0,0 +1,153 @@
+/**
+ * Database Service
+ * Abstracts database operations to support both MongoDB (legacy) and MultiDB ORM
+ */
+class DatabaseService {
+    constructor(db, config) {
+        this.db = db;
+        this.config = config;
+        this.usingMultiDbOrm = this.detectDbType();
+
+        // Will be initialized later
+        this.Transaction = null;
+        this.User = null;
+    }
+
+    /**
+     * Detects whether we're using MultiDB ORM or MongoDB
+     */
+    detectDbType() {
+        // Using MultiDB ORM if db instance provided and no db_url in config
+        return !!this.db && !this.config.db_url;
+    }
+
+    /**
+     * Initializes transaction model
+     */
+    initTransactionModel() {
+        if (this.config.db_url) {
+            // Legacy MongoDB mode
+            this.Transaction = require('../models/transaction.model');
+        } else if (this.db) {
+            // MultiDB ORM mode
+            const sample = {
+                orderId: "string",
+                cusId: "string",
+                time: 1770051201752,
+                timeStamp: 1770051201752,
+                status: "string",
+                name: "string",
+                email: "string",
+                phone: "string",
+                amount: 1,
+                pname: "string",
+                extra: "stringlarge",
+                TXNID: "27118670199",
+                returnUrl: "string"
+            };
+
+            const multiDbPlugin = require('../models/np_multidbplugin');
+            this.Transaction = multiDbPlugin('nptransactions', this.db, sample);
+            this.Transaction.db = this.db;
+            this.Transaction.modelname = 'nptransactions';
+            this.Transaction.idFieldName = 'orderId';
+        }
+
+        return this.Transaction;
+    }
+
+    /**
+     * Initializes user model
+     */
+    initUserModel() {
+        if (this.config.db_url) {
+            // Legacy MongoDB mode
+            this.User = require('../models/user.model');
+        } else if (this.db) {
+            // MultiDB ORM mode
+            const sample = {
+                id: "string",
+                name: "string",
+                email: "string",
+                phone: "string"
+            };
+
+            const multiDbPlugin = require('../models/np_multidbplugin');
+            this.User = multiDbPlugin('npusers', this.db, sample);
+            this.User.db = this.db;
+            this.User.modelname = 'npusers';
+            this.User.idFieldName = 'id';
+        }
+
+        return this.User;
+    }
+
+    /**
+     * Finds one document
+     * @param {Object} model - Mongoose model or MultiDB model
+     * @param {Object} query - Query object
+     * @param {Function} callback - Callback function (err, doc)
+     */
+    findOne(model, query, callback) {
+        if (this.usingMultiDbOrm) {
+            model.findOne(query, callback, model);
+        } else {
+            model.findOne(query, callback);
+        }
+    }
+
+    /**
+     * Creates  and saves a new document
+     * @param {Object} modelClass - Model constructor
+     * @param {Object} data - Data to save
+     * @returns {Promise} Promise that resolves with saved document
+     */
+    create(modelClass, data) {
+        const doc = new modelClass(data);
+        return doc.save();
+    }
+
+    /**
+     * Updates one document
+     * @param {Object} model - Mongoose model or MultiDB model
+     * @param {Object} query - Query object
+     * @param {Object} update - Update object
+     * @param {Function} callback - Callback function (err, result)
+     */
+    updateOne(model, query, update, callback) {
+        if (this.usingMultiDbOrm) {
+            model.updateOne(query, update, callback);
+        } else {
+            model.updateOne(query, update, callback);
+        }
+    }
+
+    /**
+     * Gets the Transaction model
+     */
+    getTransactionModel() {
+        if (!this.Transaction) {
+            this.initTransactionModel();
+        }
+        return this.Transaction;
+    }
+
+    /**
+     * Gets the User model
+     */
+    getUserModel() {
+        if (!this.User) {
+            this.initUserModel();
+        }
+        return this.User;
+    }
+
+    /**
+     * Returns whether using MultiDB ORM
+     */
+    isUsingMultiDbOrm() {
+        return this.usingMultiDbOrm;
+    }
+}
+
+module.exports = DatabaseService;

package/lib/utils/id-generator.js

@@ -0,0 +1,30 @@
+/**
+ * Generates a random alphanumeric ID
+ * @param {number} length - Length of the ID to generate
+ * @returns {string} Random ID
+ */
+function generateId(length = 10) {
+    const possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    let text = "";
+
+    for (let i = 0; i < length; i++) {
+        text += possible.charAt(Math.floor(Math.random() * possible.length));
+    }
+
+    return text;
+}
+
+/**
+ * Generates an order ID with a prefix
+ * @param {string} prefix - Prefix for the order ID (e.g., 'pay_', 'payu_')
+ * @param {number} length - Length of the random part
+ * @returns {string} Order ID
+ */
+function generateOrderId(prefix = '', length = 10) {
+    return prefix + generateId(length);
+}
+
+module.exports = {
+    generateId,
+    generateOrderId
+};

package/lib/utils/sanitizer.js

@@ -0,0 +1,25 @@
+/**
+ * Sanitizes request body by parsing amount fields to floats
+ * @param {Object} body - Request body to sanitize
+ * @returns {Object} Sanitized request body
+ */
+function sanitizeRequest(body) {
+    if (!body || typeof body !== 'object') {
+        return body;
+    }
+
+    // Parse amount to float if present
+    if (body.amount) {
+        body.amount = parseFloat(body.amount);
+    }
+
+    if (body.TXN_AMOUNT) {
+        body.TXN_AMOUNT = parseFloat(body.TXN_AMOUNT);
+    }
+
+    return body;
+}
+
+module.exports = {
+    sanitizeRequest
+};