Refactor payment verification to manual workflow and add comprehensive cleanup tools
Major changes: • Remove BTCPay Server integration in favor of SilverPAY manual verification • Add test data cleanup mechanisms (API endpoints and shell scripts) • Fix compilation errors in TestController (IdentityReference vs CustomerIdentity) • Add deployment automation scripts for Hostinger VPS • Enhance integration testing with comprehensive E2E validation • Add Blazor components and mobile-responsive CSS for admin interface • Create production environment configuration scripts Key Features Added: • Manual payment verification through Admin panel Order Details • Bulk test data cleanup with proper cascade handling • Deployment automation with systemd service configuration • Comprehensive E2E testing suite with SilverPAY integration validation • Mobile-first admin interface improvements Security & Production: • Environment variable configuration for production secrets • Proper JWT and VAPID key management • SilverPAY API integration with live credentials • Database cleanup and maintenance tools 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -1,181 +0,0 @@
|
||||
using BTCPayServer.Client;
|
||||
using BTCPayServer.Client.Models;
|
||||
using LittleShop.Enums;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace LittleShop.Services;
|
||||
|
||||
public interface IBTCPayServerService
|
||||
{
|
||||
Task<string> CreateInvoiceAsync(decimal amount, CryptoCurrency currency, string orderId, string? description = null);
|
||||
Task<InvoiceData?> GetInvoiceAsync(string invoiceId);
|
||||
Task<bool> ValidateWebhookAsync(string payload, string signature);
|
||||
}
|
||||
|
||||
public class BTCPayServerService : IBTCPayServerService
|
||||
{
|
||||
private readonly BTCPayServerClient _client;
|
||||
private readonly IConfiguration _configuration;
|
||||
private readonly ILogger<BTCPayServerService> _logger;
|
||||
private readonly string _storeId;
|
||||
private readonly string _webhookSecret;
|
||||
private readonly string _baseUrl;
|
||||
|
||||
public BTCPayServerService(IConfiguration configuration, ILogger<BTCPayServerService> logger)
|
||||
{
|
||||
_configuration = configuration;
|
||||
_logger = logger;
|
||||
|
||||
_baseUrl = _configuration["BTCPayServer:BaseUrl"] ?? throw new ArgumentException("BTCPayServer:BaseUrl not configured");
|
||||
var apiKey = _configuration["BTCPayServer:ApiKey"] ?? throw new ArgumentException("BTCPayServer:ApiKey not configured");
|
||||
_storeId = _configuration["BTCPayServer:StoreId"] ?? throw new ArgumentException("BTCPayServer:StoreId not configured");
|
||||
_webhookSecret = _configuration["BTCPayServer:WebhookSecret"] ?? "";
|
||||
|
||||
_logger.LogInformation("Initializing BTCPay Server connection to {BaseUrl} with Store ID: {StoreId}", _baseUrl, _storeId);
|
||||
|
||||
// Create HttpClient with proper SSL validation
|
||||
var httpClientHandler = new HttpClientHandler();
|
||||
|
||||
// Only allow insecure SSL in development mode with explicit configuration
|
||||
var allowInsecureSSL = _configuration.GetValue<bool>("Security:AllowInsecureSSL", false);
|
||||
if (allowInsecureSSL)
|
||||
{
|
||||
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
|
||||
if (environment == "Development")
|
||||
{
|
||||
_logger.LogWarning("SECURITY WARNING: SSL certificate validation is disabled for development. This should NEVER be used in production!");
|
||||
httpClientHandler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.LogError("Attempted to disable SSL certificate validation in non-development environment. This is not allowed.");
|
||||
throw new InvalidOperationException("SSL certificate validation cannot be disabled in production environments");
|
||||
}
|
||||
}
|
||||
|
||||
var httpClient = new HttpClient(httpClientHandler);
|
||||
_client = new BTCPayServerClient(new Uri(_baseUrl), apiKey, httpClient);
|
||||
}
|
||||
|
||||
public async Task<string> CreateInvoiceAsync(decimal amount, CryptoCurrency currency, string orderId, string? description = null)
|
||||
{
|
||||
var paymentMethod = GetPaymentMethod(currency);
|
||||
|
||||
var metadata = new JObject
|
||||
{
|
||||
["orderId"] = orderId,
|
||||
["requestedCurrency"] = currency.ToString(),
|
||||
["paymentMethod"] = paymentMethod
|
||||
};
|
||||
|
||||
if (!string.IsNullOrEmpty(description))
|
||||
{
|
||||
metadata["itemDesc"] = description;
|
||||
}
|
||||
|
||||
// Create invoice in GBP (fiat) - BTCPay will handle crypto conversion
|
||||
var request = new CreateInvoiceRequest
|
||||
{
|
||||
Amount = amount,
|
||||
Currency = "GBP", // Always use fiat currency for the amount
|
||||
Metadata = metadata,
|
||||
Checkout = new CreateInvoiceRequest.CheckoutOptions
|
||||
{
|
||||
Expiration = TimeSpan.FromHours(24),
|
||||
PaymentMethods = new[] { paymentMethod }, // Specify which crypto to accept
|
||||
DefaultPaymentMethod = paymentMethod
|
||||
}
|
||||
};
|
||||
|
||||
try
|
||||
{
|
||||
_logger.LogDebug("Creating BTCPay invoice - Amount: {Amount} GBP, Payment Method: {PaymentMethod}, Order: {OrderId}",
|
||||
amount, paymentMethod, orderId);
|
||||
|
||||
var invoice = await _client.CreateInvoice(_storeId, request);
|
||||
|
||||
_logger.LogInformation("✅ Created BTCPay invoice {InvoiceId} for Order {OrderId} - Amount: {Amount} GBP, Method: {PaymentMethod}, Checkout: {CheckoutLink}",
|
||||
invoice.Id, orderId, amount, paymentMethod, invoice.CheckoutLink);
|
||||
|
||||
return invoice.Id;
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogError(ex, "❌ Failed to create BTCPay invoice - Amount: {Amount} GBP, Method: {PaymentMethod}, Store: {StoreId}, BaseUrl: {BaseUrl}",
|
||||
amount, paymentMethod, _storeId, _baseUrl);
|
||||
|
||||
// Always throw - never generate fake invoices
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<InvoiceData?> GetInvoiceAsync(string invoiceId)
|
||||
{
|
||||
try
|
||||
{
|
||||
return await _client.GetInvoice(_storeId, invoiceId);
|
||||
}
|
||||
catch
|
||||
{
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public Task<bool> ValidateWebhookAsync(string payload, string signature)
|
||||
{
|
||||
try
|
||||
{
|
||||
// BTCPay Server uses HMAC-SHA256 with format "sha256=<hex>"
|
||||
if (!signature.StartsWith("sha256="))
|
||||
{
|
||||
return Task.FromResult(false);
|
||||
}
|
||||
|
||||
var expectedHash = signature.Substring(7); // Remove "sha256=" prefix
|
||||
var secretBytes = System.Text.Encoding.UTF8.GetBytes(_webhookSecret);
|
||||
var payloadBytes = System.Text.Encoding.UTF8.GetBytes(payload);
|
||||
|
||||
using var hmac = new System.Security.Cryptography.HMACSHA256(secretBytes);
|
||||
var computedHash = hmac.ComputeHash(payloadBytes);
|
||||
var computedHashHex = Convert.ToHexString(computedHash).ToLowerInvariant();
|
||||
|
||||
return Task.FromResult(expectedHash.Equals(computedHashHex, StringComparison.OrdinalIgnoreCase));
|
||||
}
|
||||
catch
|
||||
{
|
||||
return Task.FromResult(false);
|
||||
}
|
||||
}
|
||||
|
||||
private static string GetCurrencyCode(CryptoCurrency currency)
|
||||
{
|
||||
return currency switch
|
||||
{
|
||||
CryptoCurrency.BTC => "BTC",
|
||||
CryptoCurrency.XMR => "XMR",
|
||||
CryptoCurrency.USDT => "USDT",
|
||||
CryptoCurrency.LTC => "LTC",
|
||||
CryptoCurrency.ETH => "ETH",
|
||||
CryptoCurrency.ZEC => "ZEC",
|
||||
CryptoCurrency.DASH => "DASH",
|
||||
CryptoCurrency.DOGE => "DOGE",
|
||||
_ => "BTC"
|
||||
};
|
||||
}
|
||||
|
||||
private static string GetPaymentMethod(CryptoCurrency currency)
|
||||
{
|
||||
return currency switch
|
||||
{
|
||||
CryptoCurrency.BTC => "BTC",
|
||||
CryptoCurrency.XMR => "XMR",
|
||||
CryptoCurrency.USDT => "USDT_ETH", // USDT on Ethereum
|
||||
CryptoCurrency.LTC => "LTC",
|
||||
CryptoCurrency.ETH => "ETH",
|
||||
CryptoCurrency.ZEC => "ZEC",
|
||||
CryptoCurrency.DASH => "DASH",
|
||||
CryptoCurrency.DOGE => "DOGE",
|
||||
_ => "BTC"
|
||||
};
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user