npm - strapi-plugin-payone-provider - Versions diffs - 4.6.11 → 4.6.12 - Mend

strapi-plugin-payone-provider 4.6.11 → 4.6.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/admin/src/pages/App/components/transaction-history/TransactionTable.jsx +44 -14
package/admin/src/pages/App/components/transaction-history/details/TransactionDetails.jsx +1 -1
package/admin/src/pages/hooks/useTransactionHistory.js +30 -6
package/package.json +2 -2
package/server/content-types/index.js +5 -0
package/server/content-types/transactions/index.js +5 -0
package/server/content-types/transactions/schema.json +87 -0
package/server/controllers/payone.js +4 -2
package/server/index.js +2 -1
package/server/services/applePayService.js +0 -2
package/server/services/payone.js +7 -2
package/server/services/transactionService.js +130 -117
package/server/services/transactionStatusService.js +34 -58
package/server/utils/sanitize.js +41 -0

package/admin/src/pages/App/components/transaction-history/TransactionTable.jsx CHANGED Viewed

@@ -1,7 +1,7 @@
 import React from "react";
 import { Box, Button, Flex, Typography, Tr, Td } from "@strapi/design-system";
 import { Table } from "@strapi/helper-plugin";
-import { ChevronDown, ChevronUp } from "@strapi/icons";
+import { ChevronDown, ChevronUp, ArrowUp, ArrowDown } from "@strapi/icons";
 import StatusBadge from "../StatusBadge";
 import FiltersPanel from "./FiltersPanel";
@@ -23,20 +23,50 @@ const TransactionTable = () => {
     handleFiltersChange,
     handleTransactionSelect,
     pagination,
+    sort,
+    handleSort,
   } = useTransactionHistory();
   const headers = [
-    { name: "txid", label: "TxId" },
-    { name: "reference", label: "Reference" },
-    { name: "amount", label: "Amount" },
-    { name: "paymentMethod", label: "Payment Method" },
-    { name: "type", label: "Type" },
-    { name: "status", label: "Status" },
-    { name: "created_at", label: "Created At" },
-    { name: "updated_at", label: "Updated At" },
-    { name: "details", label: "Details" },
+    { name: "txid", label: "TxId", sortKey: "txid", sortable: true },
+    { name: "reference", label: "Reference", sortKey: "reference", sortable: true },
+    { name: "amount", label: "Amount", sortKey: "amount", sortable: true },
+    { name: "paymentMethod", label: "Payment Method", sortKey: null, sortable: false },
+    { name: "type", label: "Type", sortKey: "request_type", sortable: true },
+    { name: "status", label: "Status", sortKey: "status", sortable: true },
+    { name: "created_at", label: "Created At", sortKey: "createdAt", sortable: true },
+    { name: "updated_at", label: "Updated At", sortKey: "updatedAt", sortable: true },
+    { name: "details", label: "Details", sortKey: null, sortable: false },
   ];
+  const renderHeaderLabel = (header) => {
+    const isSorted = header.sortKey && sort.sort_by === header.sortKey;
+    const SortIcon = isSorted && sort.sort_order === "asc" ? ArrowUp : ArrowDown;
+    if (!header.sortable || !header.sortKey) {
+      return header.label;
+    }
+    return (
+      <Flex
+        alignItems="center"
+        gap={1}
+        onClick={() => handleSort(header.sortKey)}
+        style={{ cursor: "pointer", userSelect: "none" }}
+        title={`Sort by ${header.label}`}
+      >
+        <Typography variant="sigma" textColor="neutral600">
+          {header.label}
+        </Typography>
+        {isSorted ? (
+          <SortIcon width={12} height={12} />
+        ) : (
+          <Box width={12} height={12} aria-hidden />
+        )}
+      </Flex>
+    );
+  };
   return (
     <Flex direction="column" alignItems="stretch" gap={4} minHeight={"800px"}>
       <FiltersPanel
@@ -56,9 +86,9 @@ const TransactionTable = () => {
               {headers.map((header) => (
                 <Table.HeaderCell
                   fieldSchemaType="custom"
-                  isSortable={true}
+                  isSortable={header.sortable}
                   key={header.name}
-                  label={header.label}
+                  label={renderHeaderLabel(header)}
                   name={header.name}
                 />
               ))}
@@ -122,12 +152,12 @@ const TransactionTable = () => {
                         </Td>
                         <Td>
                           <Typography variant="pi" textColor="neutral600">
-                            {formatDate(transaction.created_at)}
+                            {formatDate(transaction.createdAt ?? transaction.created_at)}
                           </Typography>
                         </Td>
                         <Td>
                           <Typography variant="pi" textColor="neutral600">
-                            {formatDate(transaction.updated_at)}
+                            {formatDate(transaction.updatedAt ?? transaction.updated_at)}
                           </Typography>
                         </Td>
                         <Td>

package/admin/src/pages/App/components/transaction-history/details/TransactionDetails.jsx CHANGED Viewed

@@ -139,7 +139,7 @@ const TransactionDetails = ({ transaction }) => {
         </Typography>
         <Box marginTop={4}>
           <JsonView
-            value={transaction?.body}
+            value={transaction?.body  || transaction?.raw_request || {}}
             style={githubDarkTheme}
             displayDataTypes={false}
             enableClipboard

package/admin/src/pages/hooks/useTransactionHistory.js CHANGED Viewed

@@ -24,10 +24,12 @@ const useTransactionHistory = () => {
   const getQueryParams = () => {
     const searchParams = new URLSearchParams(location.search);
-    const page = parseInt(searchParams.get('page') || '1', 10);
-    const pageSize = parseInt(searchParams.get('pageSize') || String(PAGE_SIZE), 10);
+    const page = parseInt(searchParams.get("page") || "1", 10);
+    const pageSize = parseInt(searchParams.get("pageSize") || String(PAGE_SIZE), 10);
+    const sort_by = searchParams.get("sort_by") || "createdAt";
+    const sort_order = searchParams.get("sort_order") || "desc";
-    return { page, pageSize };
+    return { page, pageSize, sort_by, sort_order };
   };
   const [filters, setFilters] = useState({
@@ -47,6 +49,11 @@ const useTransactionHistory = () => {
     total: 0,
   });
+  const [sort, setSort] = useState({
+    sort_by: initialQueryParams.sort_by,
+    sort_order: initialQueryParams.sort_order,
+  });
   const [transactionHistory, setTransactionHistory] = useState([]);
   const [isLoadingHistory, setIsLoadingHistory] = useState(false);
   const [selectedTransaction, setSelectedTransaction] = useState(null);
@@ -56,7 +63,9 @@ const useTransactionHistory = () => {
     try {
       const response = await payoneRequests.getTransactionHistory({
         filters,
-        pagination
+        pagination,
+        sort_by: sort.sort_by,
+        sort_order: sort.sort_order,
       });
       if (response && response.data && response.pagination) {
@@ -94,6 +103,7 @@ const useTransactionHistory = () => {
       page: params.page,
       pageSize: params.pageSize,
     }));
+    setSort({ sort_by: params.sort_by, sort_order: params.sort_order });
   }, [location.search]);
   useEffect(() => {
@@ -107,6 +117,8 @@ const useTransactionHistory = () => {
     filters.date_to,
     pagination.page,
     pagination.pageSize,
+    sort.sort_by,
+    sort.sort_order,
   ]);
   const handleTransactionSelect = (transaction) => {
@@ -135,13 +147,23 @@ const useTransactionHistory = () => {
         ...prev,
         ...newFilters,
       }));
-      // Reset to first page when filters change
       const updatedQuery = new URLSearchParams(location.search);
-      updatedQuery.set('page', '1');
+      updatedQuery.set("page", "1");
       history.push({ search: updatedQuery.toString() });
     }
   };
+  const handleSort = (sortBy) => {
+    const nextOrder =
+      sort.sort_by === sortBy && sort.sort_order === "asc" ? "desc" : "asc";
+    setSort({ sort_by: sortBy, sort_order: nextOrder });
+    const updatedQuery = new URLSearchParams(location.search);
+    updatedQuery.set("sort_by", sortBy);
+    updatedQuery.set("sort_order", nextOrder);
+    updatedQuery.set("page", "1");
+    history.push({ search: updatedQuery.toString() });
+  };
   useEffect(() => {
     setSelectedTransaction(null);
   }, [filters, pagination.page]);
@@ -156,6 +178,8 @@ const useTransactionHistory = () => {
     handleFiltersChange,
     pagination,
     handlePaginationChange,
+    sort,
+    handleSort,
   };
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-payone-provider",
-  "version": "4.6.11",
+  "version": "4.6.12",
   "description": "Strapi plugin for Payone payment gateway integration",
   "license": "MIT",
   "maintainers": [
@@ -48,4 +48,4 @@
     "kind": "plugin",
     "displayName": "Strapi Payone Provider"
   }
-}
+}

package/server/content-types/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+const transactionsContentType = require('./transactions/index.js')
+module.exports = {
+  'transaction': transactionsContentType
+}

package/server/content-types/transactions/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+const schema = require('./schema.json');
+module.exports = {
+  schema
+}

package/server/content-types/transactions/schema.json ADDED Viewed

@@ -0,0 +1,87 @@
+{
+  "kind": "collectionType",
+  "collectionName": "transactions",
+  "info": {
+    "singularName": "transaction",
+    "pluralName": "transactions",
+    "displayName": "Transaction"
+  },
+  "options": {
+    "draftAndPublish": false
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": false
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "txid": {
+      "type": "string",
+      "required": false,
+      "default": "NO TXID"
+    },
+    "reference": {
+      "type": "string",
+      "required": false,
+      "default": "NO REFERENCE"
+    },
+    "invoiceid": {
+      "type": "string",
+      "required": false,
+      "default": "NO INVOICE ID"
+    },
+    "amount": {
+      "type": "string",
+      "required": false,
+      "default": "0"
+    },
+    "currency": {
+      "type": "string",
+      "required": false,
+      "default": "EUR"
+    },
+    "status": {
+      "type": "string",
+      "required": false,
+      "default": "unknown"
+    },
+    "error_code": {
+      "type": "string",
+      "required": false,
+      "default": "NO ERROR CODE"
+    },
+    "request_type": {
+      "type": "string",
+      "required": false,
+      "default": "unknown"
+    },
+    "error_message": {
+      "type": "string",
+      "required": false,
+      "default": "NO ERROR MESSAGE"
+    },
+    "customer_message": {
+      "type": "string",
+      "required": false,
+      "default": "NO CUSTOMER MESSAGE"
+    },
+    "body": {
+      "type": "json",
+      "required": false,
+      "default": {}
+    },
+    "raw_request": {
+      "type": "json",
+      "required": false,
+      "default": {}
+    },
+    "raw_response": {
+      "type": "json",
+      "required": false,
+      "default": {}
+    }
+  }
+}

package/server/controllers/payone.js CHANGED Viewed

@@ -118,13 +118,15 @@ module.exports = ({ strapi }) => ({
   async getTransactionHistory(ctx) {
     try {
-      const { filters = {}, pagination = {} } = ctx.query || {};
+      const { filters = {}, pagination = {}, sort_by, sort_order } = ctx.query || {};
       const page = parseInt(pagination.page || "1", 10);
       const pageSize = parseInt(pagination.pageSize || "10", 10);
       const result = await getPayoneService(strapi).getTransactionHistory({
         filters: filters || {},
-        pagination: { page, pageSize }
+        pagination: { page, pageSize },
+        sort_by: sort_by || undefined,
+        sort_order: sort_order || undefined,
       });
       ctx.body = result
     } catch (error) {

package/server/index.js CHANGED Viewed

@@ -8,13 +8,14 @@ const controllers = require("./controllers");
 const routes = require("./routes");
 const services = require("./services");
 const policies = require("./policies");
+const contentTypes = require("./content-types");
 module.exports = {
   register,
   bootstrap,
   destroy,
   config,
   controllers,
+  contentTypes,
   routes,
   services,
   policies

package/server/services/applePayService.js CHANGED Viewed

@@ -174,8 +174,6 @@ const validateApplePayMerchant = async (strapi, params) => {
     const sessionResponse = await initializeApplePaySession(strapi, params);
-    // Extract add_paydata[applepay_payment_session] from response
-    // Payone returns this in URL-encoded format: add_paydata[applepay_payment_session]=BASE64_STRING
     const applePaySessionBase64 =
       sessionResponse["add_paydata[applepay_payment_session]"] ||
       sessionResponse["add_paydata_applepay_payment_session"] ||

package/server/services/payone.js CHANGED Viewed

@@ -39,8 +39,13 @@ module.exports = ({ strapi }) => ({
   },
-  async getTransactionHistory({ filters = {}, pagination = {} }) {
-    return await transactionService.getTransactionHistory(strapi, { filters, pagination });
+  async getTransactionHistory({ filters = {}, pagination = {}, sort_by = "createdAt", sort_order = "desc" } = {}) {
+    return await transactionService.getTransactionHistory(strapi, {
+      filters,
+      pagination,
+      sort_by,
+      sort_order,
+    });
   },
   // Test connection

package/server/services/transactionService.js CHANGED Viewed

@@ -1,156 +1,169 @@
 "use strict";
-const { getPluginStore } = require("./settingsService");
+const { sanitizeSensitive } = require("../utils/sanitize");
-const sanitizeRawRequest = (rawRequest) => {
-  if (!rawRequest || typeof rawRequest !== "object") return rawRequest
-  const sanitized = { ...rawRequest };
-  const sensitiveFields = ["cardpan", "cardexpiredate", "cardcvc2"];
-  sensitiveFields.forEach((field) => {
-    if (sanitized[field] && typeof sanitized[field] === "string") {
-      sanitized[field] = "*".repeat(sanitized[field].length);
-    }
-  });
-  return sanitized;
-};
+const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
 const logTransaction = async (strapi, transactionData) => {
-  const pluginStore = getPluginStore(strapi);
-  let transactionHistory =
-    (await pluginStore.get({ key: "transactionHistory" })) || [];
-  const logEntry = {
-    id: Date.now().toString(),
-    timestamp: new Date().toISOString(),
-    txid: transactionData.txid || null,
-    reference: transactionData.reference || null,
-    invoiceid: transactionData.invoiceid || null,
-    request_type:
-      transactionData.request_type || transactionData.request || "unknown",
-    amount: transactionData.amount || null,
-    currency: transactionData.currency || "EUR",
-    status: transactionData.status || transactionData.Status || "unknown",
-    error_code:
-      transactionData.error_code || transactionData.Error?.ErrorCode || null,
-    error_message:
-      transactionData.error_message ||
-      transactionData.Error?.ErrorMessage ||
-      null,
-    customer_message:
-      transactionData.customer_message ||
-      transactionData.Error?.CustomerMessage ||
-      null,
-    body: transactionData ? { ...transactionData, raw_request: sanitizeRawRequest(transactionData.raw_request) } : null,
-    raw_request: transactionData.raw_request
-      ? sanitizeRawRequest(transactionData.raw_request)
-      : null,
-    raw_response: sanitizeRawRequest(transactionData.raw_response) || transactionData,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString()
-  };
-  transactionHistory.unshift(logEntry);
+  try {
+    const data = {
+      txid: transactionData.txid || 'NO TXID',
+      reference: transactionData.reference || 'NO REFERENCE',
+      invoiceid: transactionData.raw_request.invoiceid || 'NO INVOICE ID',
+      request_type: transactionData.request_type || "unknown",
+      amount: transactionData.amount || "0",
+      currency: transactionData.currency || "EUR",
+      status: transactionData.status || transactionData.raw_response.Status || "unknown",
+      error_code: transactionData.error_code || "NO ERROR CODE",
+      error_message: transactionData.error_message || "NO ERROR MESSAGE",
+      customer_message: transactionData.customer_message || "NO CUSTOMER MESSAGE",
+      body: transactionData ? { ...transactionData, raw_request: sanitizeSensitive(transactionData.raw_request), raw_response: sanitizeSensitive(transactionData.raw_response) } : {},
+      raw_request: sanitizeSensitive(transactionData.raw_request || {}),
+      raw_response: sanitizeSensitive(transactionData.raw_response || {}),
+    };
+    const entry = await strapi.db.query(TRANSACTION_UID).create({ data });
+    console.info("Transaction logged to DB:", {
+      id: entry.id,
+      txid: entry.txid,
+      status: entry.status
+    });
-  if (transactionHistory.length > 5000) {
-    transactionHistory = transactionHistory.slice(0, 5000);
+    return entry;
+  } catch (error) {
+    console.error("Failed to log transaction:", error);
   }
-  await pluginStore.set({
-    key: "transactionHistory",
-    value: transactionHistory
-  });
-  strapi.log.info("Transaction logged:", logEntry);
 };
-const applyFilters = (transactions, filters = {}) => {
-  let result = [...transactions];
-  if (filters.search && typeof filters.search === 'string' && filters.search.trim() !== '') {
-    const search = filters.search.toLowerCase().trim();
-    result = result.filter((t) => {
-      const txid = (t.txid || "").toString().toLowerCase();
-      const reference = (t.reference || "").toString().toLowerCase();
-      return txid.includes(search) || reference.includes(search);
+const buildWhereFromFilters = (filters = {}) => {
+  const conditions = [];
+  if (filters.search && typeof filters.search === "string" && filters.search.trim() !== "") {
+    const search = filters.search.trim();
+    conditions.push({
+      $or: [
+        { txid: { $containsi: search } },
+        { reference: { $containsi: search } },
+      ],
     });
   }
   if (filters.status) {
-    result = result.filter(
-      (t) => (t.status || "").toUpperCase() === filters.status.toUpperCase()
-    );
+    conditions.push({ status: { $eqi: filters.status } });
   }
   if (filters.request_type) {
-    result = result.filter((t) => t.request_type === filters.request_type);
-  }
-  if (filters.payment_method) {
-    result = result.filter((t) => {
-      const clearingtype = t.raw_request?.clearingtype;
-      const wallettype = t.raw_request?.wallettype;
-      switch (filters.payment_method) {
-        case "credit_card":
-          return clearingtype === "cc";
-        case "paypal":
-          return clearingtype === "wlt" && wallettype === "PPE";
-        case "google_pay":
-          return clearingtype === "wlt" && ["GPY", "GOOGLEPAY"].includes(wallettype);
-        case "apple_pay":
-          return clearingtype === "wlt" && ["APL", "APPLEPAY"].includes(wallettype);
-        case "sofort":
-          return clearingtype === "sb";
-        case "sepa":
-          return clearingtype === "elv";
-        default:
-          return true;
-      }
-    });
+    conditions.push({ request_type: filters.request_type });
   }
   if (filters.date_from) {
     const dateFrom = new Date(filters.date_from);
     dateFrom.setHours(0, 0, 0, 0);
-    result = result.filter(
-      (t) => new Date(t.timestamp || t.created_at) >= dateFrom
-    );
+    conditions.push({ createdAt: { $gte: dateFrom.toISOString() } });
   }
   if (filters.date_to) {
     const dateTo = new Date(filters.date_to);
     dateTo.setHours(23, 59, 59, 999);
-    result = result.filter(
-      (t) => new Date(t.timestamp || t.created_at) <= dateTo
-    );
+    conditions.push({ createdAt: { $lte: dateTo.toISOString() } });
   }
-  return result;
-};
+  if (filters.payment_method) {
+    switch (filters.payment_method) {
+      case "credit_card":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"cc"' } });
+        break;
+      case "paypal":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            { raw_request: { $containsi: '"wallettype":"PPE"' } },
+          ],
+        });
+        break;
+      case "google_pay":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            {
+              $or: [
+                { raw_request: { $containsi: '"wallettype":"GPY"' } },
+                { raw_request: { $containsi: '"wallettype":"GOOGLEPAY"' } },
+              ],
+            },
+          ],
+        });
+        break;
+      case "apple_pay":
+        conditions.push({
+          $and: [
+            { raw_request: { $containsi: '"clearingtype":"wlt"' } },
+            {
+              $or: [
+                { raw_request: { $containsi: '"wallettype":"APL"' } },
+                { raw_request: { $containsi: '"wallettype":"APPLEPAY"' } },
+              ],
+            },
+          ],
+        });
+        break;
+      case "sofort":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"sb"' } });
+        break;
+      case "sepa":
+        conditions.push({ raw_request: { $containsi: '"clearingtype":"elv"' } });
+        break;
+      default:
+        break;
+    }
+  }
-const getTransactionHistory = async (strapi, { filters = {}, pagination = {} }) => {
-  const pluginStore = getPluginStore(strapi);
+  if (conditions.length === 0) return undefined;
+  if (conditions.length === 1) return conditions[0];
+  return { $and: conditions };
+};
-  let transactions =
-    (await pluginStore.get({ key: "transactionHistory" })) || [];
+const ALLOWED_SORT_FIELDS = [
+  "txid",
+  "reference",
+  "amount",
+  "request_type",
+  "status",
+  "createdAt",
+  "updatedAt",
+];
+const getTransactionHistory = async (
+  strapi,
+  { filters = {}, pagination = {}, sort_by, sort_order }
+) => {
+  const page = Math.max(1, Number(pagination.page) || 1);
+  const pageSize = Math.min(100, Math.max(1, Number(pagination.pageSize) || 10));
+  const offset = (page - 1) * pageSize;
+  const where = buildWhereFromFilters(filters);
+  const sortField =
+    sort_by && ALLOWED_SORT_FIELDS.includes(sort_by) ? sort_by : "createdAt";
+  const order = sort_order === "asc" ? "asc" : "desc";
+  const queryOptions = {
+    orderBy: { [sortField]: order },
+    limit: pageSize,
+    offset,
+  };
+  if (where !== undefined) queryOptions.where = where;
-  transactions = applyFilters(transactions, filters);
-  const page = Number(pagination.page) || 1;
-  const pageSize = Number(pagination.pageSize) || 10;
+  const [data, total] = await strapi.db
+    .query(TRANSACTION_UID)
+    .findWithCount(queryOptions);
-  const total = transactions.length;
   const pageCount = Math.max(1, Math.ceil(total / pageSize));
+  const validPage = Math.min(page, pageCount);
-  const validPage = Math.min(Math.max(1, page), pageCount);
-  const start = (validPage - 1) * pageSize;
-  const end = Math.min(start + pageSize, total);
-  const paginatedData = start < total ? transactions.slice(start, end) : [];
   return {
-    data: paginatedData,
+    data,
     pagination: {
       page: validPage,
       pageSize,

package/server/services/transactionStatusService.js CHANGED Viewed

@@ -1,24 +1,9 @@
 "use strict";
-const crypto = require("crypto");
-const { getPluginStore, getSettings } = require("./settingsService");
+const { getSettings } = require("./settingsService");
+const { sanitizeSensitive } = require("../utils/sanitize");
-const verifyHash = (notificationData, portalKey) => {
-  const {
-    portalid = "",
-    aid = "",
-    txid = "",
-    sequencenumber = "",
-    price = "",
-    currency = "",
-    mode = "",
-  } = notificationData;
-  const hashString = `${portalid}${aid}${txid}${sequencenumber}${price}${currency}${mode}${portalKey}`;
-  const expectedHash = crypto.createHash("md5").update(hashString).digest("hex");
-  return expectedHash.toLowerCase() === (notificationData.key || "").toLowerCase();
-};
+const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
 const processTransactionStatus = async (strapi, notificationData) => {
   try {
@@ -30,58 +15,49 @@ const processTransactionStatus = async (strapi, notificationData) => {
       return;
     }
-    const isValid = verifyHash(notificationData, settings.key);
-    if (!isValid) {
-      console.log(`[Payone TransactionStatus] Hash verification failed txid: ${txid}`);
-      return;
-    }
     if (notificationData.portalid !== settings.portalid || notificationData.aid !== settings.aid) {
       console.log(`[Payone TransactionStatus] Portal ID or AID mismatch txid: ${txid}`);
       return;
     }
-    const pluginStore = getPluginStore(strapi);
-    let transactionHistory = (await pluginStore.get({ key: "transactionHistory" })) || [];
-    const transaction = transactionHistory.find((t) => t.txid === txid || t.id === txid);
-    if (transaction) {
-      Object.assign(transaction, {
-        ...notificationData,
-        status: notificationData?.transaction_status,
-        txaction: notificationData?.txaction,
-        txtime: notificationData?.txtime,
-        sequencenumber: notificationData?.sequencenumber,
-        balance: notificationData?.balance,
-        receivable: notificationData?.receivable,
-        price: notificationData?.price,
-        amount: notificationData?.price ? parseFloat(notificationData?.price) * 100 : transaction?.amount,
-        userid: notificationData?.userid,
-        updated_at: new Date().toISOString(),
-        body: {
-          ...transaction?.body,
-          ...notificationData,
-          status: notificationData?.transaction_status
-        }
-      });
-      await pluginStore.set({
-        key: "transactionHistory",
-        value: transactionHistory,
-      });
-      console.log(`[Payone TransactionStatus] Successfully updated transaction txid: ${txid}`);
-    } else {
-      console.log(`[Payone TransactionStatus] Transaction ${txid} not found in history. Notification ignored.`);
+    const existing = await strapi.db.query(TRANSACTION_UID).findOne({ where: { txid } });
+    if (!existing) {
+      console.log(`[Payone TransactionStatus] Transaction ${txid} not found. Notification ignored.`);
+      return;
     }
+    const amount = notificationData.clearing_amount
+      ? String(notificationData.clearing_amount)
+      : notificationData.price
+        ? String(Math.round(parseFloat(notificationData.price) * 100))
+        : existing.amount;
+    const safeNotification = sanitizeSensitive({ ...notificationData });
+    const data = {
+      status: notificationData.transaction_status || existing.status,
+      currency: notificationData.currency || existing.currency,
+      reference: notificationData.reference || existing.reference,
+      amount,
+      body: {
+        ...existing.body,
+        status: notificationData.transaction_status,
+        amount,
+        payone_notification_data: safeNotification,
+      },
+    };
+    await strapi.db.query(TRANSACTION_UID).update({
+      where: { id: existing.id },
+      data,
+    });
+    console.log(`[Payone TransactionStatus] Successfully updated transaction txid: ${txid}`);
   } catch (error) {
     console.log(`[Payone TransactionStatus] Error processing notification: ${error}`);
   }
 };
 module.exports = {
-  verifyHash,
   processTransactionStatus,
 };

package/server/utils/sanitize.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+const SENSITIVE_KEYS = [
+  "cardpan",
+  "cardexpiredate",
+  "cardcvc2",
+  "iban",
+  "bic",
+  "bankaccount",
+  "bankcode",
+  "bankaccountholder",
+  "key",
+  "accesscode",
+  "accessname",
+  "token",
+  "redirecturl",
+];
+const maskValue = (val) => {
+  if (typeof val !== "string") return val;
+  return "*".repeat(Math.min(val.length, 20));
+};
+const sanitizeSensitive = (obj) => {
+  if (!obj || typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(sanitizeSensitive);
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    const keyLower = k.toLowerCase();
+    if (SENSITIVE_KEYS.includes(keyLower) && v != null) {
+      out[k] = maskValue(String(v));
+    } else if (v != null && typeof v === "object" && !Array.isArray(v)) {
+      out[k] = sanitizeSensitive(v);
+    } else {
+      out[k] = v;
+    }
+  }
+  return out;
+};
+module.exports = { sanitizeSensitive };