npm - node-paytmpg - Versions diffs - 7.3.9 → 7.4.1 - Mend

node-paytmpg 7.3.9 → 7.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.MD +22 -8
package/dist/app/controllers/payment.controller.js +6 -13
package/dist/index.js +1 -1
package/dist/package.json +1 -1
package/package.json +1 -1

package/README.MD CHANGED Viewed

@@ -13,7 +13,10 @@ npm install node-paytmpg multi-db-orm
 ```js
 const express = require("express");
 const { FireStoreDB } = require("multi-db-orm");
-const { attachBodyParser, createPaymentMiddleware } = require("node-paytmpg");
+const {
+  attachRawBodyAndEngine,
+  createPaymentMiddleware,
+} = require("node-paytmpg");
 const app = express();
 const db = new FireStoreDB(require("./creds.json"));
@@ -37,7 +40,10 @@ const config = {
   INDUSTRY_TYPE_ID: "Retail",
 };
-attachBodyParser(app, config);
+// Make sure to call this before adding any other body parsers
+// this preserves the original body in req.rawBody so it can be used to verify
+// signatures in webhooks especially for razorpay
+attachRawBodyAndEngine(app, config);
 const paymentRouter = createPaymentMiddleware(app, config, db);
 app.use("/" + config.path_prefix, paymentRouter);
@@ -47,17 +53,25 @@ app.listen(5544, () => {
 });
 ```
-## `attachBodyParser(app, config)`
+## `attachRawBodyAndEngine(app, config)`
-Use this before creating the payment middleware.
+> ⚠️ Caution — avoid calling this helper directly in production apps.
+Use this only if your application does **not** already configure body parsing or a view engine. In most cases you should **not** call this helper; prefer one of the alternatives below.
 What it does:
-- Adds JSON and URL-encoded body parsing.
-- Captures `req.rawBody` for webhook signature verification (important for Razorpay webhooks).
-- Sets up handlebars view engine expected by payment pages.
+- Adds JSON and URL-encoded body parsing and captures `req.rawBody` (required for some gateway webhook verifications).
+- Configures Handlebars (`hbs`) view engine and a default layout used by the payment pages.
+- Sets `app.set('attachRawBodyAndEngine', true)` so the middleware knows the setup is present.
+When _not_ to use it:
+- Do **not** call this if your app already defines body-parsing middleware or a view engine — it will override or duplicate global settings and can cause conflicts.
+- Instead, either let `createPaymentMiddleware` auto-attach the required parsers/engine (it logs a warning if missing) or manually ensure `req.rawBody` and a compatible view engine are configured.
+- If you must call it, call it once at app startup and do not call it from sub-apps or multiple times.
-If you skip this call, `createPaymentMiddleware` auto-attaches a default parser and logs a warning. For custom body-parser setups, make sure raw request body is still available as `req.rawBody`.
+If you skip this call, `createPaymentMiddleware` auto-attaches a default parser/engine and logs a warning. For custom body-parser setups, make sure raw request body is still available as `req.rawBody`.
 ## How to invoke `createPaymentMiddleware`

package/dist/app/controllers/payment.controller.js CHANGED Viewed

@@ -676,6 +676,7 @@ class PaymentController {
         const payuInstance = this.payuInstance;
         const openMoneyInstance = this.openMoneyInstance;
         console.log("request_data ", req.originalUrl, JSON.stringify(req.body));
+        console.log("request_data rawBody", req.originalUrl, req.rawBody);
         console.log("request_headers ", req.originalUrl, JSON.stringify(req.headers));
         if (config.paytm_url) {
             await this.callback(req, res);
@@ -696,8 +697,6 @@ class PaymentController {
                     const reqBody = req.rawBody;
                     const signature = req.headers["x-razorpay-signature"];
                     console.log("Razorpay webhook signature:", signature);
-                    console.log("Razorpay rawBody:", reqBody);
-                    console.log("Razorpay SECRET:", config.SECRET);
                     if (signature === undefined) {
                         res.status(400).send({ message: "Missing Razorpay signature" });
                         return;
@@ -830,11 +829,6 @@ class PaymentController {
         // parameters can be from query or body
         // MID, MOBILE_NO, PRODUCT_NAME, EMAIL, NAME, limit, offset
         const params = { ...(req.query || {}), ...(req.body || {}) };
-        // Basic authz guard if caller supplies MID and it mismatches current config
-        if (params.MID && this.config.MID && params.MID !== this.config.MID) {
-            res.status(403).send({ message: 'MID mismatch' });
-            return;
-        }
         // Build query map from incoming fields to db columns
         const query = {};
         const fieldMap = {
@@ -862,17 +856,16 @@ class PaymentController {
         const limit = Math.min(parseInt(params.limit, 10) || 20, 100);
         const offset = Math.max(parseInt(params.offset, 10) || 0, 0);
         try {
-            let transactions = [];
             const all = await this.db.get(this.tableNames.TRANSACTION, query, {
-                sort: [{ field: 'time', order: 'desc' }]
+                sort: [{ field: 'time', order: 'desc' }],
+                limit: limit,
+                offset: offset
             });
-            const safeAll = Array.isArray(all) ? all : [];
-            transactions = safeAll.slice(offset, offset + limit);
             res.send({
                 limit,
                 offset,
-                count: transactions.length,
-                transactions
+                count: all.length,
+                transactions: all
             });
         }
         catch (err) {

package/dist/index.js CHANGED Viewed

@@ -52,7 +52,7 @@ function attachRawBodyAndEngine(app, userConfig = {}) {
 function createPaymentMiddleware(app, userConfig, db, callbacks, authenticationMiddleware, tableNames) {
     //check attachRawBodyAndEngine
     if (!app.get('attachRawBodyAndEngine')) {
-        console.warn('[node-paytmpg]: attachRawBodyAndEngine not attached. Attaching default view engine. Either call attachRawBodyAndEngine() before createPaymentMiddleware() or ensure that your Express app has a view engine attached. req.rawBody needed for some webhooks will not be available if this is not called.');
+        console.warn('[node-paytmpg]: attachRawBodyAndEngine not attached. Make sure to call attachRawBodyAndEngine() or make sure hbs view engine is set and req.rawBody is available.');
         attachRawBodyAndEngine(app, userConfig);
     }
     const config = (0, buildConfig_1.buildConfig)(userConfig);

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "node-paytmpg",
-    "version": "7.3.9",
+    "version": "7.4.1",
     "description": "Payment Gateway Integration using NodeJS",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "node-paytmpg",
-  "version": "7.3.9",
+  "version": "7.4.1",
   "description": "Payment Gateway Integration using NodeJS",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",