# coding: utf-8 from hashlib import md5 from SWSCloudCore.controllers.payments import ControllerPaymentsRobokassa from flask import Blueprint from flask import g from flask import redirect from flask import render_template from flask import request from flask import session from flask import url_for, jsonify from SWSCloudCore import models from SWSCloudCore.controllers.users import ControllerUsers viewPayments = Blueprint('payments', __name__, url_prefix='/payments') @viewPayments.route('/fail.html') def fail(): return render_template('default/payment/fail.html') @viewPayments.route('/success.html') def success(): return render_template('default/payment/success.html') @viewPayments.route('/robokassa/', methods=['GET', 'POST']) def robokassa(action): controller_robokassa = ControllerPaymentsRobokassa( PAY_ROBOKASSA_MODE=g.settings['PAY_ROBOKASSA_MODE'], PAY_ROBOKASSA_LOGIN=g.settings['PAY_ROBOKASSA_LOGIN'], PAY_ROBOKASSA_PASSWORD1=g.settings['PAY_ROBOKASSA_PASSWORD1'], PAY_ROBOKASSA_PASSWORD2=g.settings['PAY_ROBOKASSA_PASSWORD2'], ) if action == 'process': # check session if not ControllerUsers().check_session(): return redirect(url_for("account.logout")) # auth user if not ControllerUsers().auth(session['email'], session['password']): return redirect(url_for("account.logout")) user_id = session['user_id'] amount = request.form['amount'] # create transaction data to database transaction_id = controller_robokassa.transaction_create(user_id, amount, 'process') payment_details = { "payment_id": transaction_id, "amount": amount, "login": controller_robokassa.args['PAY_ROBOKASSA_LOGIN'], "password": controller_robokassa.args['PAY_ROBOKASSA_PASSWORD1'], "signature": '' } payment_details["signature"] = md5( "%(login)s:%(amount)s:%(payment_id)s:%(password)s" % payment_details ).hexdigest() # print payment_details return render_template('default/payment/robokassa/process.html', payment=payment_details) if action == 'result': if request.method == 'POST': transaction_id = request.form['InvId'] signature = request.form['SignatureValue'] amount = request.form['OutSum'] transaction_hash = md5("%s:%s:%s" % (amount, transaction_id, controller_robokassa.args['PAY_ROBOKASSA_PASSWORD2'])).hexdigest() # print transaction_hash # print signature.lower() if signature.lower() == transaction_hash.lower(): # update transaction signature controller_robokassa.transaction_set_notified(transaction_id, 1) # update user balance controller_robokassa.balance_update(transaction_id, amount) # update transaction signature transaction = models.UsersBalanceTransactions.get(models.UsersBalanceTransactions.id == transaction_id) transaction.status = 'success' transaction.save() else: return jsonify(error="invalid signature") return render_template('default/payment/robokassa/result.html') return redirect(url_for('account.billing')) if action == 'success': # check session if not ControllerUsers().check_session(): return redirect(url_for("account.logout")) # auth user if not ControllerUsers().auth(session['email'], session['password']): return redirect(url_for("account.logout")) if request.method == "POST": # print request.form # culture = request.form['Culture'] # transaction_id = request.form.get('InvId') # TODO: если эта часть делается на шаге `results`, то можно убрать его # update transaction signature # transaction = models.UsersBalanceTransactions.get(models.UsersBalanceTransactions.id == transaction_id) # transaction.status = 'success' # transaction.save() return redirect(url_for('payments.success')) return redirect(url_for('payments.success')) if action == 'fail': # check session if not ControllerUsers().check_session(): return redirect(url_for("account.logout")) # auth user if not ControllerUsers().auth(session['email'], session['password']): return redirect(url_for("account.logout")) if request.method == "POST": # print request.form transaction_id = request.form['InvId'] # update transaction signature transaction = models.UsersBalanceTransactions.get(models.UsersBalanceTransactions.id == transaction_id) transaction.status = 'fail' transaction.save() return redirect(url_for('payments.fail'))