cargando carrito desde backend

src/main/java/com/imprimelibros/erp/redsys/RedsysController.java

@@ -1,53 +1,57 @@
 package com.imprimelibros.erp.redsys;
 
+import com.imprimelibros.erp.redsys.RedsysService;
+
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.*;
 
 @Controller
 @RequestMapping("/pagos/redsys")
 public class RedsysController {
 
     private final RedsysService service;
-    public RedsysController(RedsysService service) { this.service = service; }
+
+    public RedsysController(RedsysService service) {
+        this.service = service;
+    }
 
     @PostMapping("/crear")
     public String crearPago(@RequestParam String order,
-                            @RequestParam long amountCents,
-                            Model model) {
-        var payReq = new RedsysService.PaymentRequest(order, amountCents, "Compra en ImprimeLibros");
-        var form = service.buildRedirectForm(payReq);
+            @RequestParam long amountCents,
+            Model model) throws Exception {
+
+        var req = new RedsysService.PaymentRequest(order, amountCents, "Compra en ImprimeLibros");
+        var form = service.buildRedirectForm(req);
         model.addAttribute("action", form.action());
         model.addAttribute("signatureVersion", form.signatureVersion());
         model.addAttribute("merchantParameters", form.merchantParameters());
         model.addAttribute("signature", form.signature());
-        return "payments/redsys-redirect"; // Thymeleaf
+        return "payments/redsys-redirect";
     }
 
     @PostMapping("/notify")
     @ResponseBody
-    public ResponseEntity<String> notifyRedsys(@RequestParam("Ds_Signature") String dsSig,
-                                               @RequestParam("Ds_SignatureVersion") String dsSigVer,
-                                               @RequestParam("Ds_MerchantParameters") String dsParams) throws Exception {
-        var notif = service.validateAndParse(dsSig, dsSigVer, dsParams);
+    public ResponseEntity<String> notifyRedsys(
+            @RequestParam("Ds_Signature") String dsSignature,
+            @RequestParam("Ds_MerchantParameters") String dsMerchantParameters) {
 
-        // 1) Idempotencia: marca el pedido si aún no procesado.
-        // 2) Verifica importe/moneda/pedido contra tu base de datos.
-        // 3) Autoriza en tu sistema si notif.authorized() == true.
+        try {
+            RedsysService.RedsysNotification notif = service.validateAndParseNotification(dsSignature,
+                    dsMerchantParameters);
 
-        return ResponseEntity.ok("OK");
+            // 1) Idempotencia: comprueba si el pedido ya fue procesado
+            // 2) Valida que importe/moneda/pedido coincidan con lo que esperabas
+            // 3) Marca como pagado si notif.authorized() == true
+
+            return ResponseEntity.ok("OK"); // Redsys espera "OK"
+        } catch (SecurityException se) {
+            // Firma incorrecta: NO procesar
+            return ResponseEntity.status(400).body("BAD SIGNATURE");
+        } catch (Exception e) {
+            return ResponseEntity.status(500).body("ERROR");
+        }
     }
 
-    @GetMapping("/ok")
-    public String ok()   { return "payments/success"; }
-
-    @GetMapping("/ko")
-    public String ko()   { return "payments/failure"; }
-
 }
-