vladutilie/bt.payment.service.ts

## bt.payment.service.ts
import { HttpService, Injectable } from '@nestjs/common';
import { map } from 'rxjs/operators';
import { User } from '../user/user.entity';
import { BTTokenDTO, ExchangingDataDTO, MakePaymentDTO, PaymentInfoDTO, RegisterBTClientDTO } from './payment.dto';
import { v4 as uuidv4 } from 'uuid';
import sha256 from 'crypto-js/sha256';
import Base64 from 'crypto-js/enc-base64';
import qs from 'querystring';
import { PaymentRepository } from './payment.repository';
import { PaymentCredentials } from './payment-credentials.entity';
import { plainToClass } from 'class-transformer';

/* eslint-disable camelcase */
@Injectable()
export class BTPaymentService {
  constructor(private httpService: HttpService, private paymentRepository: PaymentRepository) {}

  async registerBToAuthClient(currentUser: User): Promise<RegisterBTClientDTO> {
    const payload = {
      redirect_uris: [process.env.BT_REDIRECT_URI],
      company_name: 'TPP Corp.',
      client_name: currentUser.name,
      company_url: 'https://google.com',
      contact_person: currentUser.name,
      email_address: currentUser.email,
      phone_number: currentUser.phone,
    };

    const options = {
      headers: {
        Accept: 'application/json',
        'Content-Type': 'application/json',
      },
    };

    return await this.httpService
      .post(`${process.env.BT_PAYMENT_ENDPOINT}/oauth/register/TppOauthBT`, payload, options)
      .pipe(map((response) => response.data))
      .toPromise();
  }

  async create(user: User, register: RegisterBTClientDTO): Promise<PaymentCredentials> {
    const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
    if (!credentials) {
      const newCredentials = new PaymentCredentials();
      newCredentials.user = user;
      newCredentials.bank = 'BT';
      newCredentials.clientId = register.client_id;
      newCredentials.clientSecret = register.client_secret;

      return await this.paymentRepository.save(newCredentials);
    }

    const newCredentials = plainToClass(PaymentCredentials, {
      id: credentials.id,
      clientId: register.client_id,
      clientSecret: register.client_secret,
    });
    return await this.paymentRepository.save(newCredentials);
  }

  async makePayment(paymentInfo: PaymentInfoDTO): Promise<MakePaymentDTO> {
    const payload = {
      instructedAmount: {
        currency: paymentInfo.currency,
        amount: `${paymentInfo.amount}`,
      },
      // TODO: handle the below details.
      creditorAccount: {
        iban: 'RO98BTRLEURCRT0ABCDEFGHI',
      },
      creditorName: 'Creditor Name',
      debtorId: 'J123456',
      endToEndIdentification: 'TPP Reference',
      remittanceInformationUnstructured: 'Merchant reference',
    };

    const options = {
      headers: {
        Accept: 'application/json',
        'Content-Type': 'application/json',
        // TODO: Location and IP address should be handled.
        'PSU-Geo-Location': 'Romania',
        'PSU-IP-Address': '22.33.44.55',
        'X-Request-ID': uuidv4(),
      },
    };

    return await this.httpService
      .post(`${process.env.BT_PAYMENT_ENDPOINT}/bt-psd2/v2/payments/ron-payment`, payload, options)
      .pipe(map((response) => response.data))
      .toPromise();
  }

  async buildAuthUri(register: RegisterBTClientDTO, payment: MakePaymentDTO, codeVerifier: string): Promise<string> {
    /*
      https://apistorebt.ro/mga/sps/oauth/oauth20/authorize?
        ?response_type=code
        &client_id=<OOKFE3nE54aW7GtCra1b>
        &redirect_uri=<https://google.com>
        &scope=PIS:<paymentId>
        &state=<statetest>
        &code_challenge=<Q8aVElfXiBwpn14GYiNZI_j2kee8OSHCt5DWTxbyBVs>
        &code_challenge_method=S256
     */
    const params = {
      response_type: 'code',
      client_id: register.client_id,
      redirect_uri: process.env.BT_REDIRECT_URI,
      scope: `PIS:${payment.paymentId}`,
      state: 'statetest', // TODO: State code should be generated and verified after BT redirects back.
      code_challenge: await this.computeCodeChallange(codeVerifier),
      code_challenge_method: 'S256',
    };

    const authUri = Object.keys(params)
      .map((key) => key + '=' + params[key])
      .join('&');

    return authUri;
  }

  async getToken(user: User, exchangingData: ExchangingDataDTO): Promise<BTTokenDTO> {
    const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
    const payload = qs.stringify({
      code: exchangingData.code,
      grant_type: 'authorization_code',
      redirect_uri: process.env.BT_REDIRECT_URI,
      client_id: credentials.clientId,
      client_secret: credentials.clientSecret,
      code_verifier: process.env.BT_CODE_VERIFIER,
    });
    const options = {
      headers: {
        Accept: 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
    };

    return await this.httpService
      .post(`${process.env.BT_PAYMENT_ENDPOINT}/oauth/token`, payload, options)
      .pipe(map((response) => response.data))
      .toPromise();
  }

  async updateToken(user: User, tokenData: BTTokenDTO): Promise<PaymentCredentials> {
    const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
    credentials.accessToken = tokenData.access_token;
    credentials.refreshToken = tokenData.refresh_token;

    const expiresAt = new Date();
    expiresAt.setSeconds(parseInt(expiresAt.getSeconds() + tokenData.expires_in));
    credentials.expiresAt = expiresAt;

    return await this.paymentRepository.save(credentials);
  }

  async computeCodeChallange(codeVerifier: string): Promise<string> {
    return await sha256(codeVerifier).toString(Base64).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
  }
}
	import { HttpService, Injectable } from '@nestjs/common';
	import { map } from 'rxjs/operators';
	import { User } from '../user/user.entity';
	import { BTTokenDTO, ExchangingDataDTO, MakePaymentDTO, PaymentInfoDTO, RegisterBTClientDTO } from './payment.dto';
	import { v4 as uuidv4 } from 'uuid';
	import sha256 from 'crypto-js/sha256';
	import Base64 from 'crypto-js/enc-base64';
	import qs from 'querystring';
	import { PaymentRepository } from './payment.repository';
	import { PaymentCredentials } from './payment-credentials.entity';
	import { plainToClass } from 'class-transformer';

	/* eslint-disable camelcase */
	@Injectable()
	export class BTPaymentService {
	constructor(private httpService: HttpService, private paymentRepository: PaymentRepository) {}

	async registerBToAuthClient(currentUser: User): Promise<RegisterBTClientDTO> {
	const payload = {
	redirect_uris: [process.env.BT_REDIRECT_URI],
	company_name: 'TPP Corp.',
	client_name: currentUser.name,
	company_url: 'https://google.com',
	contact_person: currentUser.name,
	email_address: currentUser.email,
	phone_number: currentUser.phone,
	};

	const options = {
	headers: {
	Accept: 'application/json',
	'Content-Type': 'application/json',
	},
	};

	return await this.httpService
	.post(`${process.env.BT_PAYMENT_ENDPOINT}/oauth/register/TppOauthBT`, payload, options)
	.pipe(map((response) => response.data))
	.toPromise();
	}

	async create(user: User, register: RegisterBTClientDTO): Promise<PaymentCredentials> {
	const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
	if (!credentials) {
	const newCredentials = new PaymentCredentials();
	newCredentials.user = user;
	newCredentials.bank = 'BT';
	newCredentials.clientId = register.client_id;
	newCredentials.clientSecret = register.client_secret;

	return await this.paymentRepository.save(newCredentials);
	}

	const newCredentials = plainToClass(PaymentCredentials, {
	id: credentials.id,
	clientId: register.client_id,
	clientSecret: register.client_secret,
	});
	return await this.paymentRepository.save(newCredentials);
	}

	async makePayment(paymentInfo: PaymentInfoDTO): Promise<MakePaymentDTO> {
	const payload = {
	instructedAmount: {
	currency: paymentInfo.currency,
	amount: `${paymentInfo.amount}`,
	},
	// TODO: handle the below details.
	creditorAccount: {
	iban: 'RO98BTRLEURCRT0ABCDEFGHI',
	},
	creditorName: 'Creditor Name',
	debtorId: 'J123456',
	endToEndIdentification: 'TPP Reference',
	remittanceInformationUnstructured: 'Merchant reference',
	};

	const options = {
	headers: {
	Accept: 'application/json',
	'Content-Type': 'application/json',
	// TODO: Location and IP address should be handled.
	'PSU-Geo-Location': 'Romania',
	'PSU-IP-Address': '22.33.44.55',
	'X-Request-ID': uuidv4(),
	},
	};

	return await this.httpService
	.post(`${process.env.BT_PAYMENT_ENDPOINT}/bt-psd2/v2/payments/ron-payment`, payload, options)
	.pipe(map((response) => response.data))
	.toPromise();
	}

	async buildAuthUri(register: RegisterBTClientDTO, payment: MakePaymentDTO, codeVerifier: string): Promise<string> {
	/*
	https://apistorebt.ro/mga/sps/oauth/oauth20/authorize?
	?response_type=code
	&client_id=<OOKFE3nE54aW7GtCra1b>
	&redirect_uri=<https://google.com>
	&scope=PIS:<paymentId>
	&state=<statetest>
	&code_challenge=<Q8aVElfXiBwpn14GYiNZI_j2kee8OSHCt5DWTxbyBVs>
	&code_challenge_method=S256
	*/
	const params = {
	response_type: 'code',
	client_id: register.client_id,
	redirect_uri: process.env.BT_REDIRECT_URI,
	scope: `PIS:${payment.paymentId}`,
	state: 'statetest', // TODO: State code should be generated and verified after BT redirects back.
	code_challenge: await this.computeCodeChallange(codeVerifier),
	code_challenge_method: 'S256',
	};

	const authUri = Object.keys(params)
	.map((key) => key + '=' + params[key])
	.join('&');

	return authUri;
	}

	async getToken(user: User, exchangingData: ExchangingDataDTO): Promise<BTTokenDTO> {
	const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
	const payload = qs.stringify({
	code: exchangingData.code,
	grant_type: 'authorization_code',
	redirect_uri: process.env.BT_REDIRECT_URI,
	client_id: credentials.clientId,
	client_secret: credentials.clientSecret,
	code_verifier: process.env.BT_CODE_VERIFIER,
	});
	const options = {
	headers: {
	Accept: 'application/json',
	'Content-Type': 'application/x-www-form-urlencoded',
	},
	};

	return await this.httpService
	.post(`${process.env.BT_PAYMENT_ENDPOINT}/oauth/token`, payload, options)
	.pipe(map((response) => response.data))
	.toPromise();
	}

	async updateToken(user: User, tokenData: BTTokenDTO): Promise<PaymentCredentials> {
	const credentials = await this.paymentRepository.findOne({ where: { user, bank: 'BT' } });
	credentials.accessToken = tokenData.access_token;
	credentials.refreshToken = tokenData.refresh_token;

	const expiresAt = new Date();
	expiresAt.setSeconds(parseInt(expiresAt.getSeconds() + tokenData.expires_in));
	credentials.expiresAt = expiresAt;

	return await this.paymentRepository.save(credentials);
	}

	async computeCodeChallange(codeVerifier: string): Promise<string> {
	return await sha256(codeVerifier).toString(Base64).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
	}
	}