npm - strapi-plugin-payone-provider - Versions diffs - 4.6.10 → 4.6.12 - Mend

strapi-plugin-payone-provider 4.6.10 → 4.6.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/server/services/transactionService.js CHANGED Viewed

@@ -1,183 +1,176 @@
 "use strict";
-const { getPluginStore } = require("./settingsService");
+const { sanitizeSensitive } = require("../utils/sanitize");
-const sanitizeRawRequest = (rawRequest) => {
-  if (!rawRequest || typeof rawRequest !== "object") return rawRequest
-  const sanitized = { ...rawRequest };
-  const sensitiveFields = ["cardpan", "cardexpiredate", "cardcvc2"];
-  sensitiveFields.forEach((field) => {
-    if (sanitized[field] && typeof sanitized[field] === "string") {
-      sanitized[field] = "*".repeat(sanitized[field].length);
-    }
-  });
-  return sanitized;
-};
+const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
 const logTransaction = async (strapi, transactionData) => {
-  const pluginStore = getPluginStore(strapi);
-  let transactionHistory =
-    (await pluginStore.get({ key: "transactionHistory" })) || [];
-  const logEntry = {
-    id: Date.now().toString(),
-    timestamp: new Date().toISOString(),
-    txid: transactionData.txid || null,
-    reference: transactionData.reference || null,
-    invoiceid: transactionData.invoiceid || null,
-    request_type:
-      transactionData.request_type || transactionData.request || "unknown",
-    amount: transactionData.amount || null,
-    currency: transactionData.currency || "EUR",
-    status: transactionData.status || transactionData.Status || "unknown",
-    error_code:
-      transactionData.error_code || transactionData.Error?.ErrorCode || null,
-    error_message:
-      transactionData.error_message ||
-      transactionData.Error?.ErrorMessage ||
-      null,
-    customer_message:
-      transactionData.customer_message ||
-      transactionData.Error?.CustomerMessage ||
-      null,
-    body: transactionData ? { ...transactionData, raw_request: sanitizeRawRequest(transactionData.raw_request) } : null,
-    raw_request: transactionData.raw_request
-      ? sanitizeRawRequest(transactionData.raw_request)
-      : null,
-    raw_response: sanitizeRawRequest(transactionData.raw_response) || transactionData,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString()
-  };
-  transactionHistory.unshift(logEntry);
+  try {
+    const data = {
+      txid: transactionData.txid || 'NO TXID',
+      reference: transactionData.reference || 'NO REFERENCE',
+      invoiceid: transactionData.raw_request.invoiceid || 'NO INVOICE ID',
+      request_type: transactionData.request_type || "unknown",
+      amount: transactionData.amount || "0",
+      currency: transactionData.currency || "EUR",
+      status: transactionData.status || transactionData.raw_response.Status || "unknown",
+      error_code: transactionData.error_code || "NO ERROR CODE",
+      error_message: transactionData.error_message || "NO ERROR MESSAGE",
+      customer_message: transactionData.customer_message || "NO CUSTOMER MESSAGE",
+      body: transactionData ? { ...transactionData, raw_request: sanitizeSensitive(transactionData.raw_request), raw_response: sanitizeSensitive(transactionData.raw_response) } : {},
+      raw_request: sanitizeSensitive(transactionData.raw_request || {}),
+      raw_response: sanitizeSensitive(transactionData.raw_response || {}),
+    };
+    const entry = await strapi.db.query(TRANSACTION_UID).create({ data });
+    console.info("Transaction logged to DB:", {
+      id: entry.id,
+      txid: entry.txid,
+      status: entry.status
+    });
-  if (transactionHistory.length > 5000) {
-    transactionHistory = transactionHistory.slice(0, 5000);
+    return entry;
+  } catch (error) {
+    console.error("Failed to log transaction:", error);
   }
+};
-  await pluginStore.set({
-    key: "transactionHistory",
-    value: transactionHistory
-  });
-  strapi.log.info("Transaction logged:", logEntry);
-};
+const buildWhereFromFilters = (filters = {}) => {
+  const conditions = [];
-const getTransactionHistory = async (strapi, filters = {}) => {
-  const pluginStore = getPluginStore(strapi);
-  let transactionHistory =
-    (await pluginStore.get({ key: "transactionHistory" })) || [];
-  if (filters.search) {
-    const searchLower = filters.search.toLowerCase().trim();
-    transactionHistory = transactionHistory.filter((transaction) => {
-      const status = (transaction.status || "").toLowerCase();
-      const txid = (transaction.txid || "").toLowerCase();
-      const reference = (transaction.reference || "").toLowerCase();
-      return (
-        status.includes(searchLower) ||
-        txid.includes(searchLower) ||
-        reference.includes(searchLower)
-      );
+  if (filters.search && typeof filters.search === "string" && filters.search.trim() !== "") {
+    const search = filters.search.trim();
+    conditions.push({
+      $or: [
+        { txid: { $containsi: search } },
+        { reference: { $containsi: search } },
+      ],
     });
   }
-  if (filters.request_type) {
-    transactionHistory = transactionHistory.filter(
-      (transaction) => transaction.request_type === filters.request_type
-    );
+  if (filters.status) {
+    conditions.push({ status: { $eqi: filters.status } });
   }
-  if (filters.payment_method) {
-    transactionHistory = transactionHistory.filter((transaction) => {
-      const clearingtype = transaction.raw_request?.clearingtype || "";
-      const wallettype = transaction.raw_request?.wallettype || "";
-      switch (filters.payment_method) {
-        case "credit_card":
-          return clearingtype === "cc";
-        case "paypal":
-          return clearingtype === "wlt" && wallettype === "PPE";
-        case "google_pay":
-          return clearingtype === "wlt" && (wallettype === "GPY" || wallettype === "GOOGLEPAY");
-        case "apple_pay":
-          return clearingtype === "wlt" && (wallettype === "APL" || wallettype === "APPLEPAY");
-        case "sofort":
-          return clearingtype === "sb";
-        case "sepa":
-          return clearingtype === "elv";
-        default:
-          return false;
-      }
-    });
+  if (filters.request_type) {
+    conditions.push({ request_type: filters.request_type });
   }
   if (filters.date_from) {
-    transactionHistory = transactionHistory.filter(
-      (transaction) =>
-        new Date(transaction.timestamp) >= new Date(filters.date_from)
-    );
+    const dateFrom = new Date(filters.date_from);
+    dateFrom.setHours(0, 0, 0, 0);
+    conditions.push({ createdAt: { $gte: dateFrom.toISOString() } });
   }
   if (filters.date_to) {
-    transactionHistory = transactionHistory.filter(
-      (transaction) =>
-        new Date(transaction.timestamp) <= new Date(filters.date_to)
-    );
+    const dateTo = new Date(filters.date_to);
+    dateTo.setHours(23, 59, 59, 999);
+    conditions.push({ createdAt: { $lte: dateTo.toISOString() } });
   }
-  if (filters.status) {
-    transactionHistory = transactionHistory.filter(
-      (transaction) => transaction.status === filters.status
-    );
+  if (filters.payment_method) {
+    switch (filters.payment_method) {
+      case "credit_card":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"cc"' } });
+        break;
+      case "paypal":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            { raw_request: { $containsi: '"wallettype":"PPE"' } },
+          ],
+        });
+        break;
+      case "google_pay":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            {
+              $or: [
+                { raw_request: { $containsi: '"wallettype":"GPY"' } },
+                { raw_request: { $containsi: '"wallettype":"GOOGLEPAY"' } },
+              ],
+            },
+          ],
+        });
+        break;
+      case "apple_pay":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            {
+              $or: [
+                { raw_request: { $containsi: '"wallettype":"APL"' } },
+                { raw_request: { $containsi: '"wallettype":"APPLEPAY"' } },
+              ],
+            },
+          ],
+        });
+        break;
+      case "sofort":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"sb"' } });
+        break;
+      case "sepa":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"elv"' } });
+        break;
+      default:
+        break;
+    }
   }
-  // Apply sorting
-  if (filters.sort_by && filters.sort_order) {
-    const sortOrder = filters.sort_order === "desc" ? -1 : 1;
-    transactionHistory.sort((a, b) => {
-      let aValue, bValue;
-      switch (filters.sort_by) {
-        case "amount":
-          aValue = a.amount || 0;
-          bValue = b.amount || 0;
-          break;
-        case "created_at":
-          aValue = new Date(a.created_at || a.timestamp || 0).getTime();
-          bValue = new Date(b.created_at || b.timestamp || 0).getTime();
-          break;
-        case "status":
-          aValue = (a.status || "").toLowerCase();
-          bValue = (b.status || "").toLowerCase();
-          break;
-        case "reference":
-          aValue = (a.reference || "").toLowerCase();
-          bValue = (b.reference || "").toLowerCase();
-          break;
-        case "method":
-          const aClearingType = a.raw_request?.clearingtype || "";
-          const bClearingType = b.raw_request?.clearingtype || "";
-          const aWalletType = a.raw_request?.wallettype || "";
-          const bWalletType = b.raw_request?.wallettype || "";
-          aValue = `${aClearingType}_${aWalletType}`.toLowerCase();
-          bValue = `${bClearingType}_${bWalletType}`.toLowerCase();
-          break;
-        default:
-          return 0;
-      }
-      if (aValue < bValue) return -1 * sortOrder;
-      if (aValue > bValue) return 1 * sortOrder;
-      return 0;
-    });
-  }
+  if (conditions.length === 0) return undefined;
+  if (conditions.length === 1) return conditions[0];
+  return { $and: conditions };
+};
-  return transactionHistory;
+const ALLOWED_SORT_FIELDS = [
+  "txid",
+  "reference",
+  "amount",
+  "request_type",
+  "status",
+  "createdAt",
+  "updatedAt",
+];
+const getTransactionHistory = async (
+  strapi,
+  { filters = {}, pagination = {}, sort_by, sort_order }
+) => {
+  const page = Math.max(1, Number(pagination.page) || 1);
+  const pageSize = Math.min(100, Math.max(1, Number(pagination.pageSize) || 10));
+  const offset = (page - 1) * pageSize;
+  const where = buildWhereFromFilters(filters);
+  const sortField =
+    sort_by && ALLOWED_SORT_FIELDS.includes(sort_by) ? sort_by : "createdAt";
+  const order = sort_order === "asc" ? "asc" : "desc";
+  const queryOptions = {
+    orderBy: { [sortField]: order },
+    limit: pageSize,
+    offset,
+  };
+  if (where !== undefined) queryOptions.where = where;
+  const [data, total] = await strapi.db
+    .query(TRANSACTION_UID)
+    .findWithCount(queryOptions);
+  const pageCount = Math.max(1, Math.ceil(total / pageSize));
+  const validPage = Math.min(page, pageCount);
+  return {
+    data,
+    pagination: {
+      page: validPage,
+      pageSize,
+      pageCount,
+      total,
+    },
+  };
 };
 module.exports = {

package/server/services/transactionStatusService.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+const { getSettings } = require("./settingsService");
+const { sanitizeSensitive } = require("../utils/sanitize");
+const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
+const processTransactionStatus = async (strapi, notificationData) => {
+  try {
+    const settings = await getSettings(strapi);
+    const txid = notificationData.txid;
+    if (!settings || !settings.key) {
+      console.log("[Payone TransactionStatus] Settings not found or key missing");
+      return;
+    }
+    if (notificationData.portalid !== settings.portalid || notificationData.aid !== settings.aid) {
+      console.log(`[Payone TransactionStatus] Portal ID or AID mismatch txid: ${txid}`);
+      return;
+    }
+    const existing = await strapi.db.query(TRANSACTION_UID).findOne({ where: { txid } });
+    if (!existing) {
+      console.log(`[Payone TransactionStatus] Transaction ${txid} not found. Notification ignored.`);
+      return;
+    }
+    const amount = notificationData.clearing_amount
+      ? String(notificationData.clearing_amount)
+      : notificationData.price
+        ? String(Math.round(parseFloat(notificationData.price) * 100))
+        : existing.amount;
+    const safeNotification = sanitizeSensitive({ ...notificationData });
+    const data = {
+      status: notificationData.transaction_status || existing.status,
+      currency: notificationData.currency || existing.currency,
+      reference: notificationData.reference || existing.reference,
+      amount,
+      body: {
+        ...existing.body,
+        status: notificationData.transaction_status,
+        amount,
+        payone_notification_data: safeNotification,
+      },
+    };
+    await strapi.db.query(TRANSACTION_UID).update({
+      where: { id: existing.id },
+      data,
+    });
+    console.log(`[Payone TransactionStatus] Successfully updated transaction txid: ${txid}`);
+  } catch (error) {
+    console.log(`[Payone TransactionStatus] Error processing notification: ${error}`);
+  }
+};
+module.exports = {
+  processTransactionStatus,
+};

package/server/utils/sanitize.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+const SENSITIVE_KEYS = [
+  "cardpan",
+  "cardexpiredate",
+  "cardcvc2",
+  "iban",
+  "bic",
+  "bankaccount",
+  "bankcode",
+  "bankaccountholder",
+  "key",
+  "accesscode",
+  "accessname",
+  "token",
+  "redirecturl",
+];
+const maskValue = (val) => {
+  if (typeof val !== "string") return val;
+  return "*".repeat(Math.min(val.length, 20));
+};
+const sanitizeSensitive = (obj) => {
+  if (!obj || typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(sanitizeSensitive);
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    const keyLower = k.toLowerCase();
+    if (SENSITIVE_KEYS.includes(keyLower) && v != null) {
+      out[k] = maskValue(String(v));
+    } else if (v != null && typeof v === "object" && !Array.isArray(v)) {
+      out[k] = sanitizeSensitive(v);
+    } else {
+      out[k] = v;
+    }
+  }
+  return out;
+};
+module.exports = { sanitizeSensitive };