beenull/ctrlpanel
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

[Fix/Features] CSRF Ignoring Routes support & Fix Invoice creation on webhook (#640)

Browse source
This commit is contained in:
Dennis 2023-01-22 16:21:37 +01:00 committed by GitHub
parent b89b03d314 8c78a00f2a
commit c32bfc1c8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 139 additions and 143 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/Extensions/PaymentGateways/PayPal/config.php Normal file
View file

@ -0,0 +1,12 @@
<?php
namespace App\Extensions\PaymentGateways\PayPal;
function getConfig()
{
return [
"name" => "PayPal",
"description" => "PayPal payment gateway",
"RoutesIgnoreCsrf" => [],
];
}

46
app/Extensions/PaymentGateways/PayPal/index.php
View file

@ -4,13 +4,10 @@ use App\Events\PaymentEvent;
use App\Events\UserUpdateCreditsEvent;
use App\Models\PartnerDiscount;
use App\Models\Payment;
use App\Models\Product;
use App\Models\ShopProduct;
use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Redirect;
use PayPalCheckoutSdk\Core\PayPalHttpClient;
use PayPalCheckoutSdk\Core\ProductionEnvironment;
@ -30,6 +27,7 @@ function PaypalPay(Request $request)
/** @var User $user */
$user = Auth::user();
$shopProduct = ShopProduct::findOrFail($request->shopProduct);
$discount = PartnerDiscount::getDiscount();
// create a new payment
$payment = Payment::create([
@ -39,7 +37,7 @@ function PaypalPay(Request $request)
'type' => $shopProduct->type,
'status' => 'open',
'amount' => $shopProduct->quantity,
'price' => $shopProduct->price - ($shopProduct->price * PartnerDiscount::getDiscount() / 100),
'price' => $shopProduct->price - ($shopProduct->price * $discount / 100),
'tax_value' => $shopProduct->getTaxValue(),
'tax_percent' => $shopProduct->getTaxPercent(),
'total_price' => $shopProduct->getTotalPrice(),
@ -54,7 +52,7 @@ function PaypalPay(Request $request)
"purchase_units" => [
[
"reference_id" => uniqid(),
"description" => $shopProduct->display . (PartnerDiscount::getDiscount() ? (" (" . __('Discount') . " " . PartnerDiscount::getDiscount() . '%)') : ""),
"description" => $shopProduct->display . ($discount ? (" (" . __('Discount') . " " . $discount . '%)') : ""),
"amount" => [
"value" => $shopProduct->getTotalPrice(),
'currency_code' => strtoupper($shopProduct->currency_code),
@ -176,41 +174,3 @@ function getPaypalClientSecret()
{
return env('APP_ENV') == 'local' ? config("SETTINGS::PAYMENTS:PAYPAL:SANDBOX_SECRET") : config("SETTINGS::PAYMENTS:PAYPAL:SECRET");
}
function getPayPalConfig()
{
return [
"name" => "PayPal",
"description" => "PayPal payment gateway",
"settings" => [
"mode" => [
"type" => "select",
"label" => "Mode",
"value" => config("APP_ENV") == 'local' ? "sandbox" : "live",
"options" => [
"sandbox" => "Sandbox",
"live" => "Live",
],
],
"CLIENT_ID" => [
"type" => "text",
"label" => "PayPal Client ID",
"value" => config("SETTINGS::PAYMENTS:PAYPAL:CLIENT_ID"),
],
"SECRET" => [
"type" => "text",
"label" => "PayPal Secret",
"value" => config("SETTINGS::PAYMENTS:PAYPAL:SECRET"),
],
"SANDBOX_CLIENT_ID" => [
"type" => "text",
"label" => "PayPal Sandbox Client ID",
"value" => config("SETTINGS::PAYMENTS:PAYPAL:SANDBOX_CLIENT_ID"),
],
"SANDBOX_SECRET" => [
"type" => "text",
"label" => "PayPal Sandbox Secret",
"value" => config("SETTINGS::PAYMENTS:PAYPAL:SANDBOX_SECRET"),
],
],
];
}

14
app/Extensions/PaymentGateways/Stripe/config.php Normal file
View file

@ -0,0 +1,14 @@
<?php
namespace App\Extensions\PaymentGateways\Stripe;
function getConfig()
{
return [
"name" => "Stripe",
"description" => "Stripe payment gateway",
"RoutesIgnoreCsrf" => [
"payment/StripeWebhooks",
],
];
}

63
app/Extensions/PaymentGateways/Stripe/index.php
View file

@ -4,14 +4,11 @@ use App\Events\PaymentEvent;
use App\Events\UserUpdateCreditsEvent;
use App\Models\PartnerDiscount;
use App\Models\Payment;
use App\Models\Product;
use App\Models\ShopProduct;
use App\Models\User;
use App\Notifications\ConfirmPaymentNotification;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Redirect;
use Stripe\Exception\SignatureVerificationException;
use Stripe\Stripe;
@ -19,6 +16,7 @@ use Stripe\StripeClient;
/**
* @param Request $request
* @param ShopProduct $shopProduct
@ -34,6 +32,8 @@ function StripePay(Request $request)
return;
}
$discount = PartnerDiscount::getDiscount();
// create payment
$payment = Payment::create([
@ -43,7 +43,7 @@ function StripePay(Request $request)
'type' => $shopProduct->type,
'status' => 'open',
'amount' => $shopProduct->quantity,
'price' => $shopProduct->price - ($shopProduct->price * PartnerDiscount::getDiscount() / 100),
'price' => $shopProduct->price - ($shopProduct->price * $discount / 100),
'tax_value' => $shopProduct->getTaxValue(),
'total_price' => $shopProduct->getTotalPrice(),
'tax_percent' => $shopProduct->getTaxPercent(),
@ -58,7 +58,7 @@ function StripePay(Request $request)
'price_data' => [
'currency' => $shopProduct->currency_code,
'product_data' => [
'name' => $shopProduct->display . (PartnerDiscount::getDiscount() ? (' (' . __('Discount') . ' ' . PartnerDiscount::getDiscount() . '%)') : ''),
'name' => $shopProduct->display . ($discount ? (' (' . __('Discount') . ' ' . $discount . '%)') : ''),
'description' => $shopProduct->description,
],
'unit_amount_decimal' => round($shopProduct->getPriceAfterDiscount() * 100, 2),
@ -82,6 +82,11 @@ function StripePay(Request $request)
'payment_method_types' => str_getcsv(config('SETTINGS::PAYMENTS:STRIPE:METHODS')),
'success_url' => route('payment.StripeSuccess', ['payment' => $payment->id]) . '&session_id={CHECKOUT_SESSION_ID}',
'cancel_url' => route('payment.Cancel'),
'payment_intent_data' => [
'metadata' => [
'payment_id' => $payment->id,
],
],
]);
Redirect::to($request->url)->send();
@ -98,6 +103,8 @@ function StripeSuccess(Request $request)
$shopProduct = ShopProduct::findOrFail($payment->shop_item_product_id);
Redirect::route('home')->with('success', 'Please wait for success')->send();
$stripeClient = getStripeClient();
try {
//get stripe data
@ -162,16 +169,17 @@ function StripeSuccess(Request $request)
function handleStripePaymentSuccessHook($paymentIntent)
{
try {
// Get payment db entry
$payment = Payment::where('payment_id', $paymentIntent->id)->first();
$payment = Payment::where('id', $paymentIntent->metadata->payment_id)->with('user')->first();
$user = User::where('id', $payment->user_id)->first();
$shopProduct = ShopProduct::findOrFail($payment->shop_item_product_id);
if ($paymentIntent->status == 'succeeded' && $payment->status == 'processing') {
//update payment db entry status
$payment->update(['status' => 'paid']);
$payment->update([
'payment_id' => $payment->payment_id ?? $paymentIntent->id,
'status' => 'paid'
]);
//payment notification
$user->notify(new ConfirmPaymentNotification($payment));
@ -363,40 +371,3 @@ function checkPriceAmount($amount, $currencyCode, $payment_method)
];
return $amount >= $minimums[$currencyCode][$payment_method];
}
function getStripeConfig()
{
return [
"name" => "Stripe",
"description" => "Stripe payment gateway",
"mode" => [
"type" => "select",
"label" => "Mode",
"value" => config("APP_ENV") == 'local' ? "sandbox" : "live",
"options" => [
"sandbox" => "Sandbox",
"live" => "Live",
],
],
"TEST_SECRET" => [
"type" => "text",
"label" => "Test Secret Key",
"value" => config("SETTINGS::PAYMENTS:STRIPE:TEST_SECRET"),
],
"SECRET" => [
"type" => "text",
"label" => "Live Secret Key",
"value" => config("SETTINGS::PAYMENTS:STRIPE:SECRET"),
],
"ENDPOINT_TEST_SECRET" => [
"type" => "text",
"label" => "Test Endpoint Secret",
"value" => config("SETTINGS::PAYMENTS:STRIPE:ENDPOINT_TEST_SECRET"),
],
"ENDPOINT_SECRET" => [
"type" => "text",
"label" => "Live Endpoint Secret",
"value" => config("SETTINGS::PAYMENTS:STRIPE:ENDPOINT_SECRET"),
],
];
}

95
app/Helpers/ExtensionHelper.php
View file

@ -4,44 +4,81 @@ namespace App\Helpers;
class ExtensionHelper
{
public static function getExtensionConfig($extensionName, $nameSpace)
/**
* Get a config of an extension by its name
* @param string $extensionName
* @param string $configname
*/
public static function getExtensionConfig(string $extensionName, string $configname)
{
$extension = app_path() . '/Extensions/' . $nameSpace . "/" . $extensionName . "/index.php";
// Check if extension exists
if (!file_exists($extension)) {
return null;
$extensions = ExtensionHelper::getAllExtensions();
// call the getConfig function of the config file of the extension like that
// call_user_func("App\\Extensions\\PaymentGateways\\Stripe" . "\\getConfig");
foreach ($extensions as $extension) {
if (!(basename($extension) == $extensionName)) {
continue;
}
$configFile = $extension . '/config.php';
if (file_exists($configFile)) {
include_once $configFile;
$config = call_user_func('App\\Extensions\\' . basename(dirname($extension)) . '\\' . basename($extension) . "\\getConfig");
}
if (isset($config[$configname])) {
return $config[$configname];
}
}
// call the getConfig function from the index.php file of the extension
$config = include_once $extension;
// Check if the getConfig function exists
if (!function_exists('get' . $extensionName . 'Config')) {
return null;
}
$config = call_user_func('get' . $extensionName . 'Config');
// Check if the getConfig function returned an array
if (!is_array($config)) {
return null;
}
return $config;
return null;
}
public static function getPayMethod($extensionName, $nameSpace)
public static function getAllCsrfIgnoredRoutes()
{
// return the payment method of the extension to be used elsewhere
// for example in the payment controller
// the function starts with the name of the extension and ends with Pay
$extensions = ExtensionHelper::getAllExtensions();
$config = self::getExtensionConfig($extensionName, $nameSpace);
$routes = [];
foreach ($extensions as $extension) {
$configFile = $extension . '/config.php';
if (file_exists($configFile)) {
include_once $configFile;
$config = call_user_func('App\\Extensions\\' . basename(dirname($extension)) . '\\' . basename($extension) . "\\getConfig");
}
if ($config == null) {
return null;
if (isset($config['RoutesIgnoreCsrf'])) {
$routes = array_merge($routes, $config['RoutesIgnoreCsrf']);
}
// add extension/ infront of every route
foreach ($routes as $key => $route) {
$routes[$key] = 'extensions/' . $route;
}
}
return $config['payMethod'];
return $routes;
}
/**
* Get all extensions
* @return array
*/
public static function getAllExtensions()
{
$extensionNamespaces = glob(app_path() . '/Extensions/*', GLOB_ONLYDIR);
$extensions = [];
foreach ($extensionNamespaces as $extensionNamespace) {
$extensions = array_merge($extensions, glob($extensionNamespace . '/*', GLOB_ONLYDIR));
}
return $extensions;
}
public static function getAllExtensionsByNamespace(string $namespace)
{
$extensions = glob(app_path() . '/Extensions/' . $namespace . '/*', GLOB_ONLYDIR);
return $extensions;
}
}

20
app/Http/Controllers/Admin/PaymentController.php
View file

@ -38,26 +38,24 @@ class PaymentController extends Controller
*/
public function checkOut(ShopProduct $shopProduct)
{
// get all payment gateway extensions
$extensions = glob(app_path() . '/Extensions/PaymentGateways/*', GLOB_ONLYDIR);
$extensions = ExtensionHelper::getAllExtensionsByNamespace('PaymentGateways');
// build a paymentgateways array that contains the routes for the payment gateways and the image path for the payment gateway which lays in public/images/Extensions/PaymentGateways with the extensionname in lowercase
$paymentGateways = [];
foreach ($extensions as $extension) {
$extensionName = basename($extension);
$config = ExtensionHelper::getExtensionConfig($extensionName, 'PaymentGateways');
if ($config) {
$payment = new \stdClass();
$payment->name = $config['name'];
$payment->image = asset('images/Extensions/PaymentGateways/' . strtolower($extensionName) . '_logo.png');
$paymentGateways[] = $payment;
}
$payment = new \stdClass();
$payment->name = ExtensionHelper::getExtensionConfig($extensionName, 'name');
$payment->image = asset('images/Extensions/PaymentGateways/' . strtolower($extensionName) . '_logo.png');
$paymentGateways[] = $payment;
}
$discount = PartnerDiscount::getDiscount();
return view('store.checkout')->with([
'product' => $shopProduct,
'discountpercent' => PartnerDiscount::getDiscount(),
'discountvalue' => PartnerDiscount::getDiscount() * $shopProduct->price / 100,
'discountpercent' => $discount,
'discountvalue' => $discount * $shopProduct->price / 100,
'discountedprice' => $shopProduct->getPriceAfterDiscount(),
'taxvalue' => $shopProduct->getTaxValue(),
'taxpercent' => $shopProduct->getTaxPercent(),

14
app/Http/Middleware/VerifyCsrfToken.php
View file

@ -2,7 +2,10 @@
namespace App\Http\Middleware;
use App\Helpers\ExtensionHelper;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Contracts\Foundation\Application;
class VerifyCsrfToken extends Middleware
{
@ -11,7 +14,12 @@ class VerifyCsrfToken extends Middleware
*
* @var array
*/
protected $except = [
'payment/StripeWebhooks',
];
protected $except = [];
public function __construct(Application $app, Encrypter $encrypter)
{
$this->app = $app;
$this->encrypter = $encrypter;
$this->except = ExtensionHelper::getAllCsrfIgnoredRoutes();
}
}

5
app/Listeners/CreateInvoice.php
View file

@ -19,11 +19,8 @@ class CreateInvoice
public function handle(PaymentEvent $event)
{
if (config('SETTINGS::INVOICE:ENABLED') == 'true') {
// get user from payment which does hold the user_id
$user = $event->payment->user;
// create invoice using the trait
$this->createInvoice($user, $event->payment);
$this->createInvoice($event->payment, $event->shopProduct);
}
}
}

6
app/Models/PartnerDiscount.php
View file

@ -18,11 +18,11 @@ class PartnerDiscount extends Model
'referral_system_commission',
];
public static function getDiscount()
public static function getDiscount(int $user_id = null)
{
if ($partnerDiscount = PartnerDiscount::where('user_id', Auth::user()->id)->first()) {
if ($partnerDiscount = PartnerDiscount::where('user_id', $user_id ?? Auth::user()->id)->first()) {
return $partnerDiscount->partner_discount;
} elseif ($ref_user = DB::table('user_referrals')->where('registered_user_id', '=', Auth::user()->id)->first()) {
} elseif ($ref_user = DB::table('user_referrals')->where('registered_user_id', '=', $user_id ?? Auth::user()->id)->first()) {
if ($partnerDiscount = PartnerDiscount::where('user_id', $ref_user->referral_id)->first()) {
return $partnerDiscount->registered_user_discount;
}

7
app/Traits/Invoiceable.php
View file

@ -3,6 +3,7 @@
namespace App\Traits;
use App\Models\PartnerDiscount;
use App\Models\Payment;
use App\Models\ShopProduct;
use App\Notifications\InvoiceNotification;
use Illuminate\Support\Facades\Storage;
@ -14,9 +15,9 @@ use Symfony\Component\Intl\Currencies;
trait Invoiceable
{
public function createInvoice($user, $payment)
public function createInvoice(Payment $payment, ShopProduct $shopProduct)
{
$shopProduct = ShopProduct::where('id', $payment->shop_item_product_id)->first();
$user = $payment->user;
//create invoice
$lastInvoiceID = \App\Models\Invoice::where("invoice_name", "like", "%" . now()->format('mY') . "%")->count("id");
$newInvoiceID = $lastInvoiceID + 1;
@ -33,7 +34,6 @@ trait Invoiceable
],
]);
$customer = new Buyer([
'name' => $user->name,
'custom_fields' => [
@ -78,7 +78,6 @@ trait Invoiceable
$invoice->render();
Storage::disk("local")->put("invoice/" . $user->id . "/" . now()->format('Y') . "/" . $invoice->filename, $invoice->output);
\App\Models\Invoice::create([
'invoice_user' => $user->id,
'invoice_name' => $invoice->getSerialNumber(),