madcatbiz/gist:905232

## gistfile1.rb
class WebmoneyController < ApplicationController
  before_filter :authenticate_users_list!, :except => [:result, :success, :fail]
  before_filter :parse_payment_params,     :only => [:result, :success, :fail]
  before_filter :valid_payment,            :only => [:result]

  # Отображаем форму ввода депозита для webmoney, может быть с заранее введенной суммой (amount) (с клиента)
  def add
    if request.get?
      @gateway = UsersPaymentsGateways.find_by_tech("webmoney")
      @amount = !params[:amount].nil? ? params[:amount] : "10.00"
    else
      @amount = params[:amount].to_f
      @gateway = UsersPaymentsGateways.find_by_tech("webmoney")

      # create payment
      @payment = current_users_list.UsersPayments.new
      #@payment.user_id = current_users_list.id
      @payment.users_payments_gateways_id = @gateway.id
      #@payment.users_transactions_id = @transaction.id
      @payment.status = "0"
      @payment.payment_details = ""
      @payment.amount = @amount
      @payment.payment_date = DateTime.current
      @payment.save

      require 'crypt/blowfish'
      require 'base64'
      hash = @payment.user_id.to_s + "-" + @payment.id.to_s + "-" + @payment.amount.to_s + "-" + @payment.payment_date.to_s
      blowfish = Crypt::Blowfish.new(@payment.id.to_s)

      @hash = Base64.encode64(blowfish.encrypt_string(hash)).chop

      render "/webmoney/process/"
    end

  end

#https://github.com/dekart/webmoney_acceptor/blob/master/lib/webmoney_acceptor.rb
#https://github.com/pronix/spree_webmoney/blob/master/app/controllers/gateway/webmoney_controller.rb

  def success
    raise "invalid params :LMI_PAYMENT_NO" unless @payment_params[:payment_no]

    redirect_to payments_path, :notice => t("payments_gateways.webmoney.success")

  end

  # post request from webmoney merchant
  # check all, add transaction, say ok
  def result
    raise WebmoneyError, "Not found order" unless @payment
    payment = @payment
    payment.status = "1" # accept
    payment.amount = @payment_params[:payment_amount].to_f
    payment.payment_details = "Webmoney Deposit $" + @payment_params[:payment_amount].to_f.to_s + " from " + @payment_params[:payer_purse] + " (" + @payment_params[:payer_wm].to_s + ")"
    payment.payment_date = DateTime.current
    payment.save

      @user = UsersList.find(payment.user_id)
      raise WebmoneyError, "Not found user" unless @user

      @money = @user.UsersMoney
      raise WebmoneyError, "Not found money for user" unless @money

      @ballance = @money.real_money
      @money.real_money = @ballance + @payment_params[:payment_amount].to_f

      @transation = @user.UsersTransactions.new
      @transation.user_id = @user.id
      @transation.to_user_id = 0
      @transation.tdate = DateTime.current
      @transation.taction = "Webmoney Deposit"
      @transation.tgame = ""
      @transation.ttype = 2
      @transation.amount = @payment_params[:payment_amount].to_f
      @transation.fap_score = 0
      @transation.ballance = @ballance
      @transation.monthly_fap_score = 0

      @transation.save
      @money.save

    render :text => "YES"
  end

  def fail
    raise "invalid params :LMI_PAYMENT_NO" unless @payment_params[:payment_no]

    @payment = UsersPayments.find_by_id(@payment_params[:payment_no])
    @payment.status="2" # cancel
    @payment.save

    redirect_to @payment.blank? ? root_url : casher_path, :error => "Fail make payment"
  end

  def begin
  end

  def end
  end

  private

  # parse params
  def parse_payment_params
    @payment_params = HashWithIndifferentAccess.new
    params.each do |key, value|
      if key.starts_with?('LMI_')
        @payment_params[key.gsub(/^LMI_/, "").downcase] = value
      end
    end
  end

  #
  def valid_payment
    @payment = UsersPayments.find_by_id(@payment_params[:payment_no])
    @gateway = UsersPaymentsGateways.find_by_tech("webmoney")

    raise "invalid gateway" unless @gateway
    @secret = @gateway.account_key

    if @payment_params[:prerequest] == "1"
      render :text => "YES"
    elsif @secret.blank? # если не указан секретный ключ
      raise ArgumentError.new("WebMoney secret key is not provided")
    elsif !valid_hash?(@payment_params, @secret)
      raise "not valid payment"
    end
  rescue => ex
    Rails.logger.error "not valid payment #{ex.message}"
    render :text => "not valid payment"
  end

  #validate hash from wm
  def valid_hash?(payment_params, secret)
    payment_params[:hash] ==
      Digest::MD5.hexdigest([
                             payment_params[:payee_purse],    payment_params[:payment_amount],
                             payment_params[:payment_no],     payment_params[:mode],
                             payment_params[:sys_invs_no],    payment_params[:sys_trans_no],
                             payment_params[:sys_trans_date], secret,
                             payment_params[:payer_purse],    payment_params[:payer_wm]
                            ].join("")).upcase
  end

end
	class WebmoneyController < ApplicationController
	before_filter :authenticate_users_list!, :except => [:result, :success, :fail]
	before_filter :parse_payment_params, :only => [:result, :success, :fail]
	before_filter :valid_payment, :only => [:result]

	# Отображаем форму ввода депозита для webmoney, может быть с заранее введенной суммой (amount) (с клиента)
	def add
	if request.get?
	@gateway = UsersPaymentsGateways.find_by_tech("webmoney")
	@amount = !params[:amount].nil? ? params[:amount] : "10.00"
	else
	@amount = params[:amount].to_f
	@gateway = UsersPaymentsGateways.find_by_tech("webmoney")

	# create payment
	@payment = current_users_list.UsersPayments.new
	#@payment.user_id = current_users_list.id
	@payment.users_payments_gateways_id = @gateway.id
	#@payment.users_transactions_id = @transaction.id
	@payment.status = "0"
	@payment.payment_details = ""
	@payment.amount = @amount
	@payment.payment_date = DateTime.current
	@payment.save

	require 'crypt/blowfish'
	require 'base64'
	hash = @payment.user_id.to_s + "-" + @payment.id.to_s + "-" + @payment.amount.to_s + "-" + @payment.payment_date.to_s
	blowfish = Crypt::Blowfish.new(@payment.id.to_s)

	@hash = Base64.encode64(blowfish.encrypt_string(hash)).chop

	render "/webmoney/process/"
	end

	end

	#https://github.com/dekart/webmoney_acceptor/blob/master/lib/webmoney_acceptor.rb
	#https://github.com/pronix/spree_webmoney/blob/master/app/controllers/gateway/webmoney_controller.rb

	def success
	raise "invalid params :LMI_PAYMENT_NO" unless @payment_params[:payment_no]

	redirect_to payments_path, :notice => t("payments_gateways.webmoney.success")

	end

	# post request from webmoney merchant
	# check all, add transaction, say ok
	def result
	raise WebmoneyError, "Not found order" unless @payment
	payment = @payment
	payment.status = "1" # accept
	payment.amount = @payment_params[:payment_amount].to_f
	payment.payment_details = "Webmoney Deposit $" + @payment_params[:payment_amount].to_f.to_s + " from " + @payment_params[:payer_purse] + " (" + @payment_params[:payer_wm].to_s + ")"
	payment.payment_date = DateTime.current
	payment.save

	@user = UsersList.find(payment.user_id)
	raise WebmoneyError, "Not found user" unless @user

	@money = @user.UsersMoney
	raise WebmoneyError, "Not found money for user" unless @money

	@ballance = @money.real_money
	@money.real_money = @ballance + @payment_params[:payment_amount].to_f

	@transation = @user.UsersTransactions.new
	@transation.user_id = @user.id
	@transation.to_user_id = 0
	@transation.tdate = DateTime.current
	@transation.taction = "Webmoney Deposit"
	@transation.tgame = ""
	@transation.ttype = 2
	@transation.amount = @payment_params[:payment_amount].to_f
	@transation.fap_score = 0
	@transation.ballance = @ballance
	@transation.monthly_fap_score = 0

	@transation.save
	@money.save

	render :text => "YES"
	end

	def fail
	raise "invalid params :LMI_PAYMENT_NO" unless @payment_params[:payment_no]

	@payment = UsersPayments.find_by_id(@payment_params[:payment_no])
	@payment.status="2" # cancel
	@payment.save

	redirect_to @payment.blank? ? root_url : casher_path, :error => "Fail make payment"
	end

	def begin
	end

	def end
	end

	private

	# parse params
	def parse_payment_params
	@payment_params = HashWithIndifferentAccess.new
	params.each do \|key, value\|
	if key.starts_with?('LMI_')
	@payment_params[key.gsub(/^LMI_/, "").downcase] = value
	end
	end
	end

	#
	def valid_payment
	@payment = UsersPayments.find_by_id(@payment_params[:payment_no])
	@gateway = UsersPaymentsGateways.find_by_tech("webmoney")

	raise "invalid gateway" unless @gateway
	@secret = @gateway.account_key

	if @payment_params[:prerequest] == "1"
	render :text => "YES"
	elsif @secret.blank? # если не указан секретный ключ
	raise ArgumentError.new("WebMoney secret key is not provided")
	elsif !valid_hash?(@payment_params, @secret)
	raise "not valid payment"
	end
	rescue => ex
	Rails.logger.error "not valid payment #{ex.message}"
	render :text => "not valid payment"
	end

	#validate hash from wm
	def valid_hash?(payment_params, secret)
	payment_params[:hash] ==
	Digest::MD5.hexdigest([
	payment_params[:payee_purse], payment_params[:payment_amount],
	payment_params[:payment_no], payment_params[:mode],
	payment_params[:sys_invs_no], payment_params[:sys_trans_no],
	payment_params[:sys_trans_date], secret,
	payment_params[:payer_purse], payment_params[:payer_wm]
	].join("")).upcase
	end

	end