feat: wip sepay

imrim12 · imrim12 · commit 596890d276cf · 2025-05-24T09:54:59.000+07:00
diff --git a/nuxt.config.ts b/nuxt.config.ts
@@ -285,6 +285,7 @@ export default defineNuxtConfig({
     '/blog/**': { swr: true },
     '/api/content/**': { csurf: false },
     '/api/logto/webhook': { csurf: false },
+    '/api/payments/sepay/webhook': { csurf: false },
     '/api/payments/payos/webhook': { csurf: false },
     '/api/payments/vnpay/callback': { csurf: false },
     '/api/payments/vnpay/IPN': { csurf: false },
diff --git a/server/api/payments/sepay/checkout.post.ts b/server/api/payments/sepay/checkout.post.ts
@@ -0,0 +1,22 @@
+export default defineEventHandler(async (event) => {
+  try {
+    const { session } = await defineEventOptions(event, { auth: true })
+    const { productIdentifier } = await readBody(event)
+
+    const paymentUrl = await createPaymentCheckout('sepay', {
+      productIdentifier,
+      user: session,
+    })
+
+    return {
+      data: {
+        paymentUrl,
+      },
+    }
+  }
+  catch (error: any) {
+    logger.error('[Payment API] Error creating SePay checkout URL:', error)
+
+    throw parseError(error)
+  }
+})
diff --git a/server/api/payments/sepay/webhook.post.ts b/server/api/payments/sepay/webhook.post.ts
@@ -0,0 +1,110 @@
+import { PaymentStatus } from '@base/server/db/schemas'
+import { z } from 'zod'
+
+export default defineEventHandler(async (event) => {
+  try {
+    // {
+    //   gateway: "ACB",
+    //   transactionDate: "2025-05-23 23:34:40",
+    //   accountNumber: "17228427",
+    //   subAccount: null,
+    //   code: "SPN8NHOSTING123",
+    //   content: "MBVCB.9604208212.518683.SPN8NHOSTING123.CT tu 0041000331568 NGUYEN HUU NGUYEN Y toi 17228427 NGUYEN HUU NGUYEN Y tai ACB GD 518683-052325 23:34:40",
+    //   transferType: "in",
+    //   description: "BankAPINotify MBVCB.9604208212.518683.SPN8NHOSTING123.CT tu 0041000331568 NGUYEN HUU NGUYEN Y toi 17228427 NGUYEN HUU NGUYEN Y tai ACB GD 518683-052325 23:34:40",
+    //   transferAmount: 2000,
+    //   referenceCode: "3165",
+    //   accumulated: 0,
+    //   id: 13425123,
+    // }
+    const body = await readValidatedBody(
+      event,
+      payload => z.object({
+        accountNumber: z.string(),
+        accumulated: z.number(),
+        code: z.string(),
+        content: z.string(),
+        description: z.string(),
+        gateway: z.string(),
+        id: z.number(),
+        referenceCode: z.string(),
+        subAccount: z.string().optional().nullable(),
+        transactionDate: z.string(),
+        transferAmount: z.number(),
+        transferType: z.string(),
+      }).partial().parse(payload),
+    )
+
+    if (process.env.SEPAY_WEBHOOK_SIGNING_KEY !== getHeader(event, 'Authorization')?.match(/Apikey (.*)/)?.[1]) {
+      logger.error('[SePay Webhook] Invalid webhook authentication')
+      throw createError({
+        statusCode: 401,
+        message: 'Invalid webhook authentication',
+      })
+    }
+
+    logger.log('[SePay Webhook] Verified webhook data:', body)
+
+    // SePay Webhook always success (if not, it will not call this endpoint anyway)
+
+    const transactionStatus = PaymentStatus.RESOLVED
+
+    const { updatePaymentStatus, updateProviderTransactionStatus, getProviderTransactionByOrderCode } = usePayment()
+
+    const paymentTransactionOfProvider = await getProviderTransactionByOrderCode(String(body.code))
+
+    if (!paymentTransactionOfProvider?.payment.order.package) {
+      logger.warn(`[SePay Webhook] Transaction not found or invalid: code=${body.code}`)
+      return { success: true }
+    }
+
+    logger.log(`[SePay Webhook] Processing transaction: code=${body.code}, status=${transactionStatus}`)
+
+    const priceDiscount = Number(paymentTransactionOfProvider.payment.order.package.price_discount)
+    const price = Number(paymentTransactionOfProvider.payment.order.package.price)
+
+    if (priceDiscount !== Number(body.transferAmount) && price !== Number(body.transferAmount)) {
+      logger.error(`[SePay Webhook] Amount mismatch, transaction [${paymentTransactionOfProvider.id}]: expected=${price}, received=${body.transferAmount}`)
+
+      throw createError({
+        statusCode: 400,
+        message: 'Amount mismatch!',
+      })
+    }
+
+    const creditAmount = Number(paymentTransactionOfProvider.payment.order.package.amount)
+    const userId = paymentTransactionOfProvider.payment.order.user_id
+
+    // The userId is already the UUID from our database since we've updated
+    // our schemas to use UUID references between tables
+    logger.log(`[SePay Webhook] Adding credits: userId=${userId}, amount=${creditAmount}`)
+
+    await addCreditToUser(userId, creditAmount)
+
+    logger.log(`[SePay Webhook] Credits added successfully: userId=${userId}, amount=${creditAmount}`)
+
+    if (!paymentTransactionOfProvider?.payment.order.package) {
+      logger.error(`[SePay Webhook] No product found for transaction: ${body.code}`)
+      throw createError({
+        statusCode: 400,
+        message: 'No product found for this transaction!',
+      })
+    }
+
+    logger.log(`[SePay Webhook] Updating transaction ${paymentTransactionOfProvider.id} to status: ${transactionStatus}`)
+
+    await updateProviderTransactionStatus(paymentTransactionOfProvider.id, transactionStatus, body.transactionDate!)
+
+    await updatePaymentStatus(paymentTransactionOfProvider.payment.id, transactionStatus)
+
+    logger.log(`[SePay Webhook] Transaction updated successfully: id=${paymentTransactionOfProvider.id}, status=${transactionStatus}`)
+
+    logger.log('[SePay Webhook] Webhook processing completed successfully')
+    return { success: true }
+  }
+  catch (error: any) {
+    logger.error('[SePay Webhook] Error processing webhook:', error)
+
+    throw parseError(error)
+  }
+})
diff --git a/server/utils/payment/vn/index.ts b/server/utils/payment/vn/index.ts
@@ -4,7 +4,7 @@ import { createPayOSCheckout } from './payos'
 export * from './payos'
 
 export async function createPaymentCheckout(
-  provider: 'payos' | 'vnpay',
+  provider: 'payos' | 'vnpay' | 'sepay',
   payload: {
     clientIP?: string
     productIdentifier: string
@@ -67,11 +67,17 @@ export async function createPaymentCheckout(
     case 'payos':
       return await createPayOSCheckout({
         orderCode,
-        amount: Number(userPayment.amount),
+        amount: userPayment.amount,
         buyerEmail: payload.user.primary_email as string,
         buyerPhone: payload.user.primary_phone as string,
         paymentProviderTransaction,
       })
+    case 'sepay':
+      return await createSePayCheckout({
+        orderCode,
+        amount: userPayment.amount,
+        paymentProviderTransaction,
+      })
 
     default:
       throw createError({
diff --git a/server/utils/payment/vn/sepay.ts b/server/utils/payment/vn/sepay.ts
@@ -0,0 +1,23 @@
+import type { paymentProviderTransactionTable } from '@base/server/db/schemas'
+import { withQuery } from 'ufo'
+
+interface SePayCheckoutProps {
+  orderCode: string
+  amount: number
+  paymentProviderTransaction: typeof paymentProviderTransactionTable.$inferSelect
+}
+
+export async function createSePayCheckout({
+  orderCode,
+  amount,
+  paymentProviderTransaction,
+}: SePayCheckoutProps) {
+  return withQuery('https://qr.sepay.vn/img', {
+    acc: '17228427',
+    bank: 'ACB',
+    amount,
+    des: [orderCode, paymentProviderTransaction.provider_transaction_info].join('.'),
+    template: 'compact',
+    download: false,
+  })
+}
