Merge branch 'develop' into 'master'

Develop

See merge request Modules/fasterpay-node!4

Author: prashantbd

lib/fasterpay/Gateway.js

@@ -2,6 +2,8 @@ const Config = require('./Config.js').Config;
 const PaymentForm = require('./PaymentForm.js').PaymentForm;
 const Signature = require('./Signature.js').Signature;
 const Pingback = require('./Pingback.js').Pingback;
+const Subscription = require('./Subscription.js').Subscription;
+const Payment = require('./Payment.js').Payment;
 
 class Gateway {
     constructor(config) {
@@ -20,6 +22,14 @@ class Gateway {
         return new Pingback(this);
     }
 
+    Subscription() {
+        return new Subscription(this);
+    }
+
+    Payment() {
+        return new Payment(this);
+    }
+
     getConfig() {
         return this.config;
     }

lib/fasterpay/Payment.js

@@ -0,0 +1,21 @@
+const request = require('sync-request');
+
+class Payment {
+    constructor(gateway) {
+        this.gateway = gateway;
+    }
+
+    refund(orderId, amount){
+        let refundUrl = `${this.gateway.getConfig().getApiBaseUrl()}/payment/${orderId.toString(8)}/refund`;
+
+        let apiResponse = request('POST', refundUrl, { headers: { 'X-ApiKey': this.gateway.getConfig().getPrivateKey() } }, { 'amount': amount });
+
+        if (apiResponse.statusCode === 200) {
+            return JSON.parse(apiResponse.getBody('utf8'));
+        }
+
+        return false;
+    }
+}
+
+module.exports = { Payment: Payment };

lib/fasterpay/PaymentForm.js

@@ -17,6 +17,7 @@ class PaymentForm {
 
         this.formRecurringTrialAmountField = 'recurring_trial_amount';
         this.formRecurringTrialPeriodField = 'recurring_trial_period';
+        this.formSignatureField = 'sign_version';
 
         this.gateway = gateway;
     }
@@ -47,17 +48,25 @@ class PaymentForm {
         ];
     }
 
-    buildForm(parameters) {
+    buildForm(parameters, options) {
         parameters[this.formApiKeyField] = this.gateway.getConfig().getPublicKey();
-        parameters[this.formHashField] = this.gateway.Signature().calculateHash(parameters);
+        parameters[this.formHashField] = this.gateway.Signature().calculateHash(parameters, parameters[this.formSignatureField]);
 
         let form = `<form align="center" method="post" action="${this.gateway.getConfig().getApiBaseUrl()}${this.endPoint}" name="fasterpay_payment_form" id="fasterpay_payment_form">`;
 
         forIn(parameters, function(value, key) {
             form += `<input type="hidden" name="${key}" value="${value}" />`;
         });
 
-        form += '<input type="Submit" value="Pay Now" id="fasterpay_submit"/></form>';
+        if ('autoSubmit' in options && options['autoSubmit'] === true) {
+            form += '<script>document.getElementById("fasterpay_payment_form").submit();</script>'
+        }
+
+        if ('hidePayButton' in options && options['hidePayButton'] === true) {
+            form += '';
+        } else {
+            form += '<input type="Submit" value="Pay Now" id="fasterpay_submit"/></form>';
+        }
 
         return form;
     }

lib/fasterpay/Pingback.js

@@ -3,8 +3,58 @@ class Pingback {
         this.gateway = gateway;
     }
 
-    validate() {
-        return true;
+    validate(requestParams) {
+        let signVersion = 'v1';
+        let headers = requestParams.headers;
+
+        if ('x-fasterpay-signature-version' in headers) {
+            signVersion = headers['x-fasterpay-signature-version'];
+        }
+
+        if (signVersion === 'v1'){
+            return this.validateV1(headers);
+        } else {
+            return this.validateV2(requestParams);
+        }
+
+        return false;
+    }
+
+    validateV1(headers) {
+        if (Object.keys(headers).length === 0) {
+            return false;
+        }
+
+        if (!('x-apikey' in headers)) {
+            return false;
+        }
+
+        if (headers['x-apikey'] === `${this.gateway.getConfig().getPrivateKey()}`) {
+            return true;
+        }
+
+        return false;
+    }
+
+    validateV2(requestParams) {
+        let headers = requestParams.headers;
+        let body = requestParams.body;
+
+        if (Object.keys(headers).length === 0) {
+            return false;
+        }
+
+        if (!('x-fasterpay-signature' in headers)) {
+            return false;
+        }
+
+        let currentTs = Math.round(new Date().getTime()/1000);
+
+        if ((currentTs - body.pingback_ts) > 300) {
+            return false;
+        }
+
+        return this.gateway.Signature().calculatePingbackHash(requestParams['rawBody'], headers['x-fasterpay-signature']);
     }
 }
 

lib/fasterpay/Signature.js

@@ -1,22 +1,50 @@
 const crypto = require('crypto');
-// @TODO Replace 3rd party http-build-query with native querystring
 const httpBuildQuery = require('http-build-query');
 
 class Signature {
     constructor(gateway) {
         this.gateway = gateway;
     }
 
-    calculateHash(parameters) {
+    calculateHash(parameters, sign_version='v1') {
         let keys = Object.keys(parameters);
-        let keysSorted = keys.sort(function(a, b) { return a[0] > b[0]; });
+        let keysSorted = keys.sort(function(a, b) {
+            a = a.toLowerCase();
+            b = b.toLowerCase();
+
+            return (a < b) ? -1 : (a > b) ? 1 : 0;
+        });
+
         let parametersSorted = {};
 
         keysSorted.forEach(key => {
             parametersSorted[key] = parameters[key];
         });
 
-        return crypto.createHash('sha256').update(`${httpBuildQuery(parametersSorted)}${this.gateway.getConfig().getPrivateKey()}`).digest('hex');
+        if(sign_version == 'v2'){
+            let encodedString = this.getEncodedString(parametersSorted);
+            return crypto.createHmac('sha256', `${this.gateway.getConfig().getPrivateKey()}`).update(encodedString).digest('hex');
+        } else {
+            return crypto.createHash('sha256').update(`${httpBuildQuery(parametersSorted)}${this.gateway.getConfig().getPrivateKey()}`).digest('hex');
+        }
+    }
+
+    getEncodedString(parameters) {
+        let encodedString = '';
+        let keys = Object.keys(parameters);
+
+        keys.forEach(key => {
+            encodedString += `${key}=${parameters[key]};`;
+        });
+
+        return encodedString;
+    }
+
+    calculatePingbackHash(pingbackData, expectedSignature) {
+        let expectedSignatureBuffer = Buffer.from(expectedSignature, 'hex');
+        let calculatedHashBuffer = Buffer.from(crypto.createHmac('sha256', `${this.gateway.getConfig().getPrivateKey()}`).update(pingbackData).digest('hex'), 'hex');
+
+        return crypto.timingSafeEqual(expectedSignatureBuffer, calculatedHashBuffer);
     }
 }
 

lib/fasterpay/Subscription.js

@@ -0,0 +1,20 @@
+const request = require('sync-request');
+
+class Subscription {
+    constructor(gateway) {
+        this.gateway = gateway;
+    }
+
+    cancel(subcsriptionId){
+    	let cancelUrl = `${this.gateway.getConfig().getApiBaseUrl()}/api/subscription/${subcsriptionId.toString(8)}/cancel`;
+
+    	let apiResponse = request('POST', cancelUrl, { headers: {'X-ApiKey': this.gateway.getConfig().getPrivateKey() }});
+    	
+    	if(apiResponse.statusCode == 200) {
+    		return JSON.parse(apiResponse.getBody('utf8'));
+    	} 
+    	return false;
+    }
+}
+
+module.exports = { Subscription: Subscription };