npm - strapi-plugin-payone-provider - Versions diffs - 5.6.11 → 5.6.13 - Mend

strapi-plugin-payone-provider 5.6.11 → 5.6.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +102 -545
package/admin/src/components/PluginIcon/index.jsx +14 -3
package/admin/src/pages/App/components/AppHeader.jsx +1 -1
package/admin/src/pages/App/components/AppTabs.jsx +69 -16
package/admin/src/pages/App/components/RenderInput.jsx +9 -25
package/admin/src/pages/App/components/StatusBadge.jsx +69 -17
package/admin/src/pages/App/components/configuration/ConfigurationPanel.jsx +2 -2
package/admin/src/pages/App/components/icons/index.jsx +1 -0
package/admin/src/pages/App/components/transaction-history/FiltersPanel.jsx +4 -3
package/admin/src/pages/App/components/transaction-history/TransactionTable.jsx +6 -5
package/admin/src/pages/App/components/transaction-history/details/TransactionDetails.jsx +10 -10
package/admin/src/pages/App/index.jsx +3 -3
package/admin/src/pages/App/styles.css +28 -23
package/admin/src/pages/utils/api.js +3 -2
package/admin/src/pages/utils/getInputComponent.jsx +20 -45
package/admin/src/pages/utils/transactionTableUtils.js +2 -1
package/package.json +1 -1
package/server/content-types/index.js +5 -0
package/server/content-types/transactions/index.js +5 -0
package/server/content-types/transactions/schema.json +87 -0
package/server/controllers/payone.js +24 -13
package/server/index.js +2 -0
package/server/policies/is-payone-notification.js +12 -23
package/server/services/transactionService.js +137 -104
package/server/services/transactionStatusService.js +55 -61
package/server/utils/sanitize.js +42 -0

package/server/services/transactionStatusService.js CHANGED Viewed

@@ -1,87 +1,81 @@
 "use strict";
-const crypto = require("crypto");
-const { getPluginStore, getSettings } = require("./settingsService");
+const { getSettings } = require("./settingsService");
+const { sanitizeSensitive } = require("../utils/sanitize");
-const verifyHash = (notificationData, portalKey) => {
-  const {
-    portalid = "",
-    aid = "",
-    txid = "",
-    sequencenumber = "",
-    price = "",
-    currency = "",
-    mode = "",
-  } = notificationData;
+const TRANSACTION_UID = "plugin::strapi-plugin-payone-provider.transaction";
-  const hashString = `${portalid}${aid}${txid}${sequencenumber}${price}${currency}${mode}${portalKey}`;
-  const expectedHash = crypto.createHash("md5").update(hashString).digest("hex");
+const genreateUpdateData = (notificationData, existing, safeNotification) => {
+  const amount = String(notificationData.clearing_amount) || String(Math.round(parseFloat(notificationData.price) * 100)) || existing.amount;
+  const raw_request = {
+    ...existing.raw_request,
+    ...notificationData,
+    mode: notificationData.mode,
+    amount,
+    clearingtype: notificationData.clearingtype || existing.clearingtype,
+  }
+  return {
+    status: notificationData.transaction_status || existing.status,
+    currency: notificationData.currency || existing.currency,
+    reference: notificationData.reference || existing.reference,
+    amount,
+    body: {
+      ...existing.body,
+      status: notificationData.transaction_status,
+      amount,
+      raw_request: sanitizeSensitive(raw_request),
+      payone_notification_data: safeNotification,
+    },
+  };
+}
+const validateData = (notificationData, settings) => {
+  const isExist = (settings.portalid && settings.aid && settings.key) && (notificationData.portalid && notificationData.aid && notificationData.key);
+  const isMatch = notificationData.portalid === settings.portalid && notificationData.aid === settings.aid && notificationData.key === settings.key;
+  if (!isExist) {
+    console.log("[Payone TransactionStatus] Settings not found or payone data missing");
+    return false;
+  }
-  return expectedHash.toLowerCase() === (notificationData.key || "").toLowerCase();
+  if (!isMatch) {
+    console.log("[Payone TransactionStatus] Payone data mismatch with settings");
+    return false;
+  }
+  return true;
 };
 const processTransactionStatus = async (strapi, notificationData) => {
   try {
     const settings = await getSettings(strapi);
-    const txid = notificationData.txid;
-    if (!settings || !settings.key) {
-      console.log("[Payone TransactionStatus] Settings not found or key missing");
+    if (!validateData(notificationData, settings)) {
       return;
     }
-    const isValid = verifyHash(notificationData, settings.key);
-    if (!isValid) {
-      console.log(`[Payone TransactionStatus] Hash verification failed txid: ${txid}`);
-      return;
-    }
+    const txid = notificationData.txid;
+    const existing = await strapi.db.query(TRANSACTION_UID).findOne({ where: { txid } });
-    if (notificationData.portalid !== settings.portalid || notificationData.aid !== settings.aid) {
-      console.log(`[Payone TransactionStatus] Portal ID or AID mismatch txid: ${txid}`);
+    if (!existing) {
+      console.log(`[Payone TransactionStatus] Transaction ${txid} not found. Notification ignored.`);
       return;
     }
-    const pluginStore = getPluginStore(strapi);
-    let transactionHistory = (await pluginStore.get({ key: "transactionHistory" })) || [];
-    const transaction = transactionHistory.find((t) => t.txid === txid || t.id === txid);
-    if (transaction) {
-      Object.assign(transaction, {
-        ...notificationData,
-        status: notificationData?.transaction_status,
-        txaction: notificationData?.txaction,
-        txtime: notificationData?.txtime,
-        sequencenumber: notificationData?.sequencenumber,
-        balance: notificationData?.balance,
-        receivable: notificationData?.receivable,
-        price: notificationData?.price,
-        amount: notificationData?.price ? parseFloat(notificationData?.price) * 100 : transaction?.amount,
-        userid: notificationData?.userid,
-        updated_at: new Date().toISOString(),
-        body: {
-          ...transaction?.body,
-          ...notificationData,
-          status: notificationData?.transaction_status
-        }
-      });
-      await pluginStore.set({
-        key: "transactionHistory",
-        value: transactionHistory,
-      });
-      console.log(`[Payone TransactionStatus] Successfully updated transaction txid: ${txid}`);
-    } else {
-      console.log(`[Payone TransactionStatus] Transaction ${txid} not found in history. Notification ignored.`);
-    }
+    const safeNotification = sanitizeSensitive({ ...notificationData });
+    const data = genreateUpdateData(notificationData, existing, safeNotification);
+    await strapi.db.query(TRANSACTION_UID).update({
+      where: { id: existing.id },
+      data,
+    });
+    console.log(`[Payone TransactionStatus] Successfully updated transaction txid: ${txid}`);
   } catch (error) {
     console.log(`[Payone TransactionStatus] Error processing notification: ${error}`);
   }
 };
 module.exports = {
-  verifyHash,
   processTransactionStatus,
 };

package/server/utils/sanitize.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+const SENSITIVE_KEYS = [
+  "cardpan",
+  "cardexpiredate",
+  "cardcvc2",
+  "iban",
+  "bic",
+  "bankaccount",
+  "bankcode",
+  "bankaccountholder",
+  "key",
+  "accesscode",
+  "accessname",
+  "token",
+  "redirecturl",
+  "Identifier"
+];
+const maskValue = (val) => {
+  if (typeof val !== "string") return val;
+  return "*".repeat(Math.min(val.length, 20));
+};
+const sanitizeSensitive = (obj) => {
+  if (!obj || typeof obj !== "object") return obj;
+  if (Array.isArray(obj)) return obj.map(sanitizeSensitive);
+  const out = {};
+  for (const [k, v] of Object.entries(obj)) {
+    const keyLower = k.toLowerCase();
+    if (SENSITIVE_KEYS.includes(keyLower) && v != null) {
+      out[k] = maskValue(String(v));
+    } else if (v != null && typeof v === "object" && !Array.isArray(v)) {
+      out[k] = sanitizeSensitive(v);
+    } else {
+      out[k] = v;
+    }
+  }
+  return out;
+};
+module.exports = { sanitizeSensitive };