Skip to content
This repository has been archived by the owner on Feb 9, 2024. It is now read-only.

Commit

Permalink
Merge pull request #7 from rofazayn/fix-signature-validation
Browse files Browse the repository at this point in the history 
Fix signature validation
  • Loading branch information
@ChargilyDev
ChargilyDev authored Aug 26, 2023
2 parents 22f3a7a + 8f935e7 commit aa090a8
Show file tree
Hide file tree
Showing 19 changed files with 1,121 additions and 714 deletions.
130 changes: 130 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
.pnpm-debug.log*

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage
*.lcov

# nyc test coverage
.nyc_output

# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# Snowpack dependency directory (https://snowpack.dev/)
web_modules/

# TypeScript cache
*.tsbuildinfo

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional stylelint cache
.stylelintcache

# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# dotenv environment variable files
.env
.env.development.local
.env.test.local
.env.production.local
.env.local

# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache

# Next.js build output
.next
out

# Nuxt.js build / generate output
.nuxt
dist

# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public

# vuepress build output
.vuepress/dist

# vuepress v2.x temp and cache directory
.temp
.cache

# Docusaurus cache and generated files
.docusaurus

# Serverless directories
.serverless/

# FuseBox cache
.fusebox/

# DynamoDB Local files
.dynamodb/

# TernJS port file
.tern-port

# Stores VSCode versions used for testing VSCode extensions
.vscode-test

# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
134 changes: 79 additions & 55 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,30 @@
# Chargily ePay Gateway Js

![Chargily ePay Gateway](https://raw.githubusercontent.com/Chargily/epay-gateway-php/main/assets/banner-1544x500.png "Chargily ePay Gateway")
![Chargily ePay Gateway](https://raw.githubusercontent.com/Chargily/epay-gateway-php/main/assets/banner-1544x500.png 'Chargily ePay Gateway')

Integrate ePayment gateway with Chargily easily.

- Currently support payment by **CIB / EDAHABIA** cards and soon by **Visa / Mastercard**
- This is a **Js package**, If you are using another programing language [Browse here](https://github.com/Chargily/) or look to [API documentation](https://github.com/Chargily/epay-gateway-php/blob/master/README_API.md)

# Requirements

1. Node 8, 10 or higher.
2. NPM
3. Get your API Key/Secret from [ePay by Chargily](https://epay.chargily.com.dz) dashboard for free

# Installation

1. Via npm (Recomended)

```bash
npm i chargily-epay-js
# or
# or
yarn add chargily-epay-js
```

# Quick start

Add `CHARGILY_APP_KEY` and `CHARGILY_APP_SECRET` in .env file with the secret key and app key from [ePay Dashboard][api-keys]

#Usage
Expand All @@ -28,71 +33,90 @@ available in the [ePay Dashboard][api-keys]. Require it with the key's
value:

```js
const chargily = require('chargily-epay-js')
const dotenv = require('dotenv')
const {Invoice, Mode} = require("chargily-epay-js/lib/configuration");

dotenv.config()

const order = new Invoice()
order.invoiceNumber = "100" // must be integer or string
order.mode = Mode.EDAHABIA // or Mode.CIB
order.backUrl = "https://www.exemple.org/" // must be a valid and active URL
order.amount = 5000 // must be integer , and more or equal 75
order.webhookUrl = "https://www.exemple.org/webhook-validator" // this URL where receive the response
order.client = "chawki mahdi"
order.discount = 10 // by percentage between [0, 100]
order.clientEmail = "[email protected]" // email of customer where he will receive the Bill
order.appKey = process.env.CHARGILY_APP_KEY
const chargily = require('chargily-epay-js');
const dotenv = require('dotenv');
const { Invoice, Mode } = require('chargily-epay-js/lib/configuration');

dotenv.config();

const order = new Invoice();
order.invoiceNumber = '100'; // must be integer or string
order.mode = Mode.EDAHABIA; // or Mode.CIB
order.backUrl = 'https://www.exemple.org/'; // must be a valid and active URL
order.amount = 5000; // must be integer , and more or equal 75
order.webhookUrl = 'https://www.exemple.org/webhook-validator'; // this URL where receive the response
order.client = 'Abderraouf Zine';
order.discount = 10; // by percentage between [0, 100]
order.clientEmail = '[email protected]'; // email of customer where he will receive the Bill
order.appKey = process.env.CHARGILY_APP_KEY;

// createPayment is promise function (async, await ), so you will need to use then to receive the checkoutURL

const checkoutUrl = chargily.createPayment(order).then( res => {
return res.checkout_url // redirect to this url to proccess the checkout
})

const checkoutUrl = chargily.createPayment(order).then((res) => {
return res.checkout_url; // redirect to this url to proccess the checkout
});
```

# Configurations

- Available Configurations

| key | description | redirect url | process url |
|-----------------------|-------------------------------------------------------------------------------------------------------|--------------|--------------|
| CHARGILY_APP_KEY | must be string given by organization | required | required |
| CHARGILY_APP_SECRET | must be string given by organization | required | required |
| back_url | must be string and valid url | required | not required |
| webhook_url | must be string and valid url _| required | required |
| mode | must be in **CIB**,**EDAHABIA** | required | not required |
| invoice_number | string or int | required | not required |
| client_name | string | required | not required |
| clientEmail | must be valid email This is where client receive payment receipt after confirmation | required | not required |
| amount | must be numeric and greather or equal than 75 | required | not required |
| discount | must be numeric and between 0 and 99 (discount in %) | required | not required |
| description | must be string_ | required | not required |
| key | description | redirect url | process url |
| ------------------- | ----------------------------------------------------------------------------------- | ------------ | ------------ |
| CHARGILY_APP_KEY | must be string given by organization | required | required |
| CHARGILY_APP_SECRET | must be string given by organization | required | required |
| back_url | must be string and valid url | required | not required |
| webhook_url | must be string and valid url \_ | required | required |
| mode | must be in **CIB**,**EDAHABIA** | required | not required |
| invoice_number | string or int | required | not required |
| client_name | string | required | not required |
| clientEmail | must be valid email This is where client receive payment receipt after confirmation | required | not required |
| amount | must be numeric and greather or equal than 75 | required | not required |
| discount | must be numeric and between 0 and 99 (discount in %) | required | not required |
| description | must be string\_ | required | not required |

# Testing Webhook signing
You can use `DefaultSignatureValidator.isValid()` to validate incoming webhook.

```js

const {DefaultSignatureValidator} = require("chargily-epay-js/lib/Webhook");
const express = require('express');
const app = express()
const port = 3000
app.use(express.json());

app.post('/webhook-validator', (req, res)=>{
let signature = req.header('Signature')

let rs = DefaultSignatureValidator.isValid(
signature,
process.env.CHARGILY_APP_SECRET,
req.body) // return boolean

res.send(rs)
})
You can use `DefaultSignatureValidator.isValid()` to validate incoming webhook, as demonstrated in the `src/examples/validate-signature.ts` file.

```ts
import { DefaultSignatureValidator } from '../classes/Webhook';
import express from 'express';
import dotenv from 'dotenv';
import bodyParser from 'body-parser';
const PORT = 4000;
const app = express();
const sigHeaderName = 'Signature';

// load env variables
dotenv.config();

// format requests
app.use(
bodyParser.json({
verify: (req: any, _res, buf, encoding: any) => {
if (buf && buf.length) {
req.rawBody = buf.toString(encoding || 'utf8');
}
},
})
);

app.post('/validator', (req: any, res) => {
const signature = Buffer.from(req.get(sigHeaderName) || '', 'utf8');
let rs = DefaultSignatureValidator.isValid(
signature,
process.env.CHARGILY_APP_SECRET!,
req.rawBody
);
// returns true if the signature is valid, throws error if invalid

res.send(rs);
});

app.listen(PORT, () => {
console.log('🪝 Webhook live at http://localhost:' + PORT);
});
```


[api-keys]: https://epay.chargily.com.dz/secure/admin/apikeys
14 changes: 0 additions & 14 deletions lib/IInvoice.d.ts
View file

This file was deleted.

2 changes: 0 additions & 2 deletions lib/IInvoice.js
View file

This file was deleted.

9 changes: 0 additions & 9 deletions lib/Webhook.d.ts
View file

This file was deleted.

33 changes: 0 additions & 33 deletions lib/Webhook.js
View file

This file was deleted.

Loading

0 comments on commit aa090a8

Please sign in to comment.