testeando el notify

2026-01-13 00:48:49 +00:00 · 2025-11-03 19:31:28 +01:00
parent 88650fc5e8
commit 725cff9b51
10 changed files with 716 additions and 226 deletions
--- a/src/main/java/com/imprimelibros/erp/redsys/RedsysController.java
+++ b/src/main/java/com/imprimelibros/erp/redsys/RedsysController.java
@ -1,83 +1,154 @@
 package com.imprimelibros.erp.redsys;

+import com.imprimelibros.erp.payments.PaymentService;
+import com.imprimelibros.erp.payments.model.Payment;
+import com.imprimelibros.erp.redsys.RedsysService.FormPayload;

+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;

+import java.nio.charset.StandardCharsets;
+import java.util.Map;
+import java.util.UUID;
+import org.springframework.transaction.annotation.Transactional;
+
@Controller
@RequestMapping("/pagos/redsys")
 public class RedsysController {

-    private final RedsysService service;
+    private final PaymentService paymentService;

-    public RedsysController(RedsysService service) {
-        this.service = service;
+    public RedsysController(PaymentService paymentService) {
+        this.paymentService = paymentService;
    }

-    @PostMapping("/crear")
-    public String crearPago(@RequestParam String order,
-            @RequestParam long amountCents,
-            Model model) throws Exception {
-
-        var req = new RedsysService.PaymentRequest(order, amountCents, "Compra en ImprimeLibros");
-        var form = service.buildRedirectForm(req);
-        model.addAttribute("action", form.action());
-        model.addAttribute("signatureVersion", form.signatureVersion());
-        model.addAttribute("merchantParameters", form.merchantParameters());
-        model.addAttribute("signature", form.signature());
-        return "imprimelibros/payments/redsys-redirect";
-    }
-
-    @PostMapping("/notify")
+    @PostMapping(value = "/crear", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
    @ResponseBody
-    public ResponseEntity<String> notifyRedsys(
-            @RequestParam("Ds_Signature") String dsSignature,
-            @RequestParam("Ds_MerchantParameters") String dsMerchantParameters) {
+    public ResponseEntity<byte[]> crearPago(@RequestParam("amountCents") Long amountCents,
+            @RequestParam("method") String method) throws Exception {

+        if ("bank-transfer".equalsIgnoreCase(method)) {
+            // 1) Creamos el Payment interno SIN orderId (null)
+            Payment p = paymentService.createBankTransferPayment(null, amountCents, "EUR");
+
+            // 2) Mostramos instrucciones de transferencia
+            String html = """
+                    <html><head><meta charset="utf-8"><title>Pago por transferencia</title></head>
+                    <body>
+                      <h2>Pago por transferencia bancaria</h2>
+                      <p>Hemos registrado tu intención de pedido.</p>
+                      <p><strong>Importe:</strong> %s €</p>
+                      <p><strong>IBAN:</strong> ES00 1234 5678 9012 3456 7890</p>
+                      <p><strong>Concepto:</strong> TRANSF-%d</p>
+                      <p>En cuanto recibamos la transferencia, procesaremos tu pedido.</p>
+                      <p><a href="/checkout/resumen">Volver al resumen</a></p>
+                    </body></html>
+                    """.formatted(
+                    String.format("%.2f", amountCents / 100.0),
+                    p.getId() // usamos el ID del Payment como referencia
+            );
+
+            byte[] body = html.getBytes(StandardCharsets.UTF_8);
+            return ResponseEntity.ok()
+                    .contentType(MediaType.TEXT_HTML)
+                    .body(body);
+        }
+
+        // Tarjeta o Bizum (Redsys)
+        FormPayload form = paymentService.createRedsysPayment(null, amountCents, "EUR", method);
+
+        String html = """
+                <html><head><meta charset="utf-8"><title>Redirigiendo a Redsys…</title></head>
+                <body onload="document.forms[0].submit()">
+                  <form action="%s" method="post">
+                    <input type="hidden" name="Ds_SignatureVersion" value="%s"/>
+                    <input type="hidden" name="Ds_MerchantParameters" value="%s"/>
+                    <input type="hidden" name="Ds_Signature" value="%s"/>
+                    <noscript>
+                       <p>Haz clic en pagar para continuar</p>
+                       <button type="submit">Pagar</button>
+                    </noscript>
+                  </form>
+                </body></html>
+                """.formatted(
+                form.action(),
+                form.signatureVersion(),
+                form.merchantParameters(),
+                form.signature());
+
+        byte[] body = html.getBytes(StandardCharsets.UTF_8);
+        return ResponseEntity.ok()
+                .contentType(MediaType.TEXT_HTML)
+                .body(body);
+    }
+
+    // GET: cuando el usuario cae aquí sin parámetros, o Redsys redirige por GET
+    @GetMapping("/ok")
+    @ResponseBody
+    public ResponseEntity<String> okGet() {
+        String html = """
+                <h2>Pago procesado</h2>
+                <p>Si el pago ha sido autorizado, verás el pedido en tu área de usuario o recibirás un email de confirmación.</p>
+                <p><a href="/cart">Volver a la tienda</a></p>
+                """;
+        return ResponseEntity.ok(html);
+    }
+
+    // POST: si Redsys envía Ds_Signature y Ds_MerchantParameters (muchas
+    // integraciones ni lo usan)
+    @PostMapping(value = "/ok", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    @ResponseBody
+    @jakarta.transaction.Transactional
+    public ResponseEntity<String> okPost(@RequestParam("Ds_Signature") String signature,
+            @RequestParam("Ds_MerchantParameters") String merchantParameters) {
        try {
-            RedsysService.RedsysNotification notif = service.validateAndParseNotification(dsSignature,
-                    dsMerchantParameters);
-
-            // 1) Idempotencia: comprueba si el pedido ya fue procesado
-            // 2) Valida que importe/moneda/pedido coincidan con lo que esperabas
-            // 3) Marca como pagado si notif.authorized() == true
-
-            return ResponseEntity.ok("OK"); // Redsys espera "OK"
-        } catch (SecurityException se) {
-            // Firma incorrecta: NO procesar
-            return ResponseEntity.status(400).body("BAD SIGNATURE");
+            // opcional: idempotente, si /notify ya ha hecho el trabajo no pasa nada
+            paymentService.handleRedsysNotification(signature, merchantParameters);
+            return ResponseEntity.ok("<h2>Pago realizado correctamente</h2><a href=\"/cart\">Volver</a>");
        } catch (Exception e) {
-            return ResponseEntity.status(500).body("ERROR");
+            return ResponseEntity.badRequest()
+                    .body("<h2>Error validando pago</h2><pre>" + e.getMessage() + "</pre>");
        }
    }

-    @PostMapping("/ok")
-    public String okReturn(@RequestParam("Ds_Signature") String dsSignature,
-            @RequestParam("Ds_MerchantParameters") String dsMerchantParameters,
-            Model model) {
+    @GetMapping("/ko")
+    @ResponseBody
+    public ResponseEntity<String> koGet() {
+        return ResponseEntity.ok("<h2>Pago cancelado o rechazado</h2><a href=\"/cart\">Volver</a>");
+    }
+
+    @PostMapping(value = "/ko", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    @ResponseBody
+    public ResponseEntity<String> koPost(@RequestParam Map<String, String> form) {
+        // Podrías loguear 'form' si quieres ver qué manda Redsys
+        return ResponseEntity.ok("<h2>Pago cancelado o rechazado</h2><a href=\"/cart\">Volver</a>");
+    }
+
+    @PostMapping(value = "/notify", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    @ResponseBody
+    @Transactional
+    public String notifyRedsys(@RequestParam("Ds_Signature") String signature,
+            @RequestParam("Ds_MerchantParameters") String merchantParameters) {
        try {
-            RedsysService.RedsysNotification notif = service.validateAndParseNotification(dsSignature, dsMerchantParameters);
-            // Aquí puedes validar importe/pedido/moneda con tu base de datos y marcar como
-            // pagado
-            model.addAttribute("authorized", notif.authorized());
-            //model.addAttribute("order", notif.order());
-            //model.addAttribute("amountCents", notif.amountCents());
-            return "imprimelibros/payments/redsys-ok";
+            paymentService.handleRedsysNotification(signature, merchantParameters);
+            return "OK";
        } catch (Exception e) {
-            model.addAttribute("error", "No se pudo validar la respuesta de Redsys.");
-            return "imprimelibros/payments/redsys-ko";
+            return "ERROR";
        }
    }

-    @PostMapping("/ko")
-    public String koReturn(@RequestParam(value = "Ds_Signature", required = false) String dsSignature,
-            @RequestParam(value = "Ds_MerchantParameters", required = false) String dsMerchantParameters,
-            Model model) {
-        // Suele venir cuando el usuario cancela o hay error
-        model.addAttribute("error", "Operación cancelada o rechazada.");
-        return "imprimelibros/payments/redsys-ko";
+    @PostMapping(value = "/refund/{paymentId}", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    @ResponseBody
+    public ResponseEntity<String> refund(@PathVariable Long paymentId,
+            @RequestParam("amountCents") Long amountCents) {
+        try {
+            String idem = "refund-" + paymentId + "-" + amountCents + "-" + UUID.randomUUID();
+            paymentService.refundViaRedsys(paymentId, amountCents, idem);
+            return ResponseEntity.ok("Refund solicitado");
+        } catch (Exception e) {
+            return ResponseEntity.badRequest().body("Error refund: " + e.getMessage());
+        }
    }
-
 }