npm - strapi-plugin-payone-provider - Versions diffs - 4.6.12 → 4.6.13 - Mend

strapi-plugin-payone-provider 4.6.12 → 4.6.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/server/config/index.js +7 -1
package/server/controllers/payone.js +12 -11
package/server/policies/is-payone-notification.js +11 -22
package/server/services/transactionStatusService.js +47 -29

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-payone-provider",
-  "version": "4.6.12",
+  "version": "4.6.13",
   "description": "Strapi plugin for Payone payment gateway integration",
   "license": "MIT",
   "maintainers": [

package/server/config/index.js CHANGED Viewed

@@ -14,7 +14,13 @@ module.exports = {
       merchantName: "",
       displayName: "",
       domainName: "",
-      merchantIdentifier: ""
+      merchantIdentifier: "",
+      enable3DSecure: false,
+      enableCreditCard: false,
+      enablePayPal: false,
+      enableGooglePay: false,
+      enableApplePay: false,
+      enableSepaDirectDebit: false
     }
   },
   validator(config) {

package/server/controllers/payone.js CHANGED Viewed

@@ -258,19 +258,20 @@ module.exports = ({ strapi }) => ({
   async handleTransactionStatus(ctx) {
     try {
-      const notificationData = ctx.request.body || {};
-      await getPayoneService(strapi).processTransactionStatus(notificationData);
-      ctx.status = 200;
-      ctx.body = "TSOK";
-      ctx.type = "text/plain";
-      console.log(`[Payone TransactionStatus] Responded TSOK`);
+      if (!ctx.state.payoneAllowed) {
+        console.log("[Payone] Notification ignored (policy failed)");
+      } else {
+        const notificationData = ctx.request.body || {};
+        await getPayoneService(strapi).processTransactionStatus(notificationData);
+      }
     } catch (error) {
-      console.log("[Payone TransactionStatus] Error handling notification:", error);
-      ctx.status = 200;
-      ctx.body = "TSOK";
-      ctx.type = "text/plain";
+      console.log("[Payone TransactionStatus] Error:", error);
     }
+    ctx.status = 200;
+    ctx.body = "TSOK";
+    ctx.type = "text/plain";
   }
 });

package/server/policies/is-payone-notification.js CHANGED Viewed

@@ -1,30 +1,19 @@
-"use strict";
-module.exports = async (ctx, config, { strapi }) => {
+module.exports = async (ctx) => {
   const { request } = ctx;
-  const userAgent = request.header["user-agent"] || request.header["User-Agent"] || "";
-  const clientIp = request.ip || request.connection?.remoteAddress || "";
-  if (userAgent !== "PAYONE FinanceGate") {
-    console.log(`[Payone TransactionStatus] Invalid User-Agent: ${userAgent}, IP: ${clientIp}`);
-    return false;
-  }
+  const userAgent = request.headers["user-agent"] || "";
+  const clientIp =
+    request.headers["x-payone-client-ip"]?.trim() ||
+    request.headers["x-forwarded-for"]?.split(",")[0]?.trim() ||
+    request.ip ||
+    "";
-  const isValidIp = (ip) => {
-    if (ip.startsWith("185.60.20.")) {
-      return true;
-    }
+  const isValid = userAgent === "PAYONE FinanceGate" && (clientIp.startsWith("185.60.20.") || clientIp === "54.246.203.105");
-    if (ip === "54.246.203.105") {
-      return true;
-    }
-    return false;
-  };
+  ctx.state.payoneAllowed = isValid;
-  if (!isValidIp(clientIp)) {
-    console.log(`[Payone TransactionStatus] Invalid IP address: ${clientIp}, User-Agent: ${userAgent}`);
-    return false;
+  if (!isValid) {
+    console.log("[Payone] Policy failed", { userAgent, clientIp });
   }
   return true;

package/server/services/transactionStatusService.js CHANGED Viewed

@@ -5,48 +5,66 @@ const { sanitizeSensitive } = require("../utils/sanitize");
 const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
+const genreateUpdateData = (notificationData, existing, safeNotification) => {
+  const amount = String(notificationData.clearing_amount) || String(Math.round(parseFloat(notificationData.price) * 100)) || existing.amount;
+  const raw_request = {
+    ...existing.raw_request,
+    ...notificationData,
+    mode: notificationData.mode,
+    amount,
+    clearingtype: notificationData.clearingtype || existing.clearingtype,
+  }
+  return {
+    status: notificationData.transaction_status || existing.status,
+    currency: notificationData.currency || existing.currency,
+    reference: notificationData.reference || existing.reference,
+    amount,
+    body: {
+      ...existing.body,
+      status: notificationData.transaction_status,
+      amount,
+      raw_request: sanitizeSensitive(raw_request),
+      payone_notification_data: safeNotification,
+    },
+  };
+}
+const validateData = (notificationData, settings) => {
+  const isExist = (settings.portalid && settings.aid && settings.key) && (notificationData.portalid && notificationData.aid && notificationData.key);
+  const isMatch = notificationData.portalid === settings.portalid && notificationData.aid === settings.aid && notificationData.key === settings.key;
+  if (!isExist) {
+    console.log("[Payone TransactionStatus] Settings not found or payone data missing");
+    return false;
+  }
+  if (!isMatch) {
+    console.log("[Payone TransactionStatus] Payone data mismatch with settings");
+    return false;
+  }
+  return true;
+};
 const processTransactionStatus = async (strapi, notificationData) => {
   try {
     const settings = await getSettings(strapi);
-    const txid = notificationData.txid;
-    if (!settings || !settings.key) {
-      console.log("[Payone TransactionStatus] Settings not found or key missing");
-      return;
-    }
-    if (notificationData.portalid !== settings.portalid || notificationData.aid !== settings.aid) {
-      console.log(`[Payone TransactionStatus] Portal ID or AID mismatch txid: ${txid}`);
+    if (!validateData(notificationData, settings)) {
       return;
     }
+    const txid = notificationData.txid;
     const existing = await strapi.db.query(TRANSACTION_UID).findOne({ where: { txid } });
     if (!existing) {
       console.log(`[Payone TransactionStatus] Transaction ${txid} not found. Notification ignored.`);
       return;
     }
-    const amount = notificationData.clearing_amount
-      ? String(notificationData.clearing_amount)
-      : notificationData.price
-        ? String(Math.round(parseFloat(notificationData.price) * 100))
-        : existing.amount;
     const safeNotification = sanitizeSensitive({ ...notificationData });
-    const data = {
-      status: notificationData.transaction_status || existing.status,
-      currency: notificationData.currency || existing.currency,
-      reference: notificationData.reference || existing.reference,
-      amount,
-      body: {
-        ...existing.body,
-        status: notificationData.transaction_status,
-        amount,
-        payone_notification_data: safeNotification,
-      },
-    };
+    const data = genreateUpdateData(notificationData, existing, safeNotification);
     await strapi.db.query(TRANSACTION_UID).update({
       where: { id: existing.id },
       data,