public IActionResult OnlineSale([FromForm] GatewayOnlineSaleParams model) { _logger.LogInformation("API Online Sale: {@params}", model); string apiKey = Request.Headers["Graft-Access-Key"]; if (string.IsNullOrWhiteSpace(apiKey)) { return(Error(ErrorCode.InvalidApiKey)); } string timestamp = Request.Headers["Graft-Access-Timestamp"]; if (string.IsNullOrWhiteSpace(timestamp)) { return(Error(ErrorCode.InvalidApiKey)); } string sign = Request.Headers["Graft-Access-Sign"]; if (string.IsNullOrWhiteSpace(sign)) { return(Error(ErrorCode.InvalidApiKey)); } model.PosSn = apiKey; var res = _paymentService.PrepareOnlineSale(model, timestamp, sign); return(Ok(res)); }
public GatewayOnlineSaleResult PrepareOnlineSale(GatewayOnlineSaleParams model, string timestamp, string sign) { _logger.LogInformation("API Prepare Online Sale: {@params}", model); var terminal = _db.Terminal .Where(t => t.SerialNumber == model.PosSn) .Include(t => t.ServiceProvider) .Include(t => t.Store).ThenInclude(t => t.Merchant) .FirstOrDefault(); if (terminal == null) { throw new ApiException(ErrorCode.InvalidApiKey); } using (var hmac = new HMACSHA256(Encoding.ASCII.GetBytes(terminal.ApiSecret))) { string text = $"{timestamp}{terminal.SerialNumber}"; var hash = hmac.ComputeHash(Encoding.ASCII.GetBytes(text)); var signBytes = sign.HexStringToBytes(); if (!hash.ByteArrayCompare(signBytes)) { throw new ApiException(ErrorCode.InvalidApiKey); } } var payment = new Payment() { Id = Guid.NewGuid().ToString(), TransactionDate = DateTime.UtcNow, Status = PaymentStatus.New, Terminal = terminal, TerminalId = terminal.Id, StoreId = terminal.StoreId, ServiceProviderId = terminal.ServiceProviderId, SaleAmount = model.SaleAmount, SaleCurrency = model.SaleCurrency, ExternalOrderId = model.ExternalOrderId, CompleteUrl = model.CompleteUrl, CancelUrl = model.CancelUrl, CallbackUrl = model.CallbackUrl, }; _cache.Set(payment.Id, payment, DateTimeOffset.Now.AddMinutes(_settings.PaymentTimeout)); var req = _context.HttpContext.Request; var res = new GatewayOnlineSaleResult() { PaymentUrl = $"{req.Scheme}://{req.Host}/PaymentProcessor/PayCurrencySelect/{payment.Id}" }; return(res); }