# directpay-ipg-js

DirectPay Internet payment gateway javascript plugin.

## Installation

### NPM packages
#### JS
```bash
$ npm install directpay-ipg-js
```

#### React
```bash
$ npm install react-directpay-ipg
```

#### Angular
```bash
$ npm install ng-direct-pay-ipg
```
#### VUE
```bash
$ npm install vue-directpay-ipg
```

### CDN
```html
<script src="https://cdn.directpay.lk/v3/directpayipg.min.js"></script>
```

### WooCommerce
<a id="raw-url" href="https://cdn.directpay.lk/v3/wp/directpay-ipg-woocommerce.zip">Download Plugin</a>

## Usage

### package

```js
const DirectpayIpg = require('directpay-ipg-js')
const dp = new DirectpayIpg.Init({
  signature: signature,
  dataString: encoded_payload,
  stage: 'DEV',
  container: 'card_container'
})

//popup IPG
dp.doInAppCheckout().then((data) => {
  console.log('client-res', JSON.stringify(data))
}).catch((error) => {
  console.log('client-error', JSON.stringify(error))
})

//open IPG inside page component
dp.doInContainerCheckout().then((data) => {
  console.log('client-res', JSON.stringify(data))
}).catch((error) => {
  console.log('client-error', JSON.stringify(error))
})
```

### CDN

```html
 <div id="card_container"></div>

<script src="https://cdn.directpay.lk/v3/directpayipg.min.js"></script>
<script>
  var dp = new DirectPayIpg.Init({
    signature: signature,
    dataString: encoded_payload,
    stage: 'DEV',
    container: 'card_container'
  });

  //popup IPG
  dp.doInAppCheckout().then((data) => {
    console.log("client-res", JSON.stringify(data));
    alert(JSON.stringify(data))
  }).catch(error => {
    console.log("client-error", JSON.stringify(error));
    alert(JSON.stringify(error))
  });

  //open IPG inside page component
  dp.doInContainerCheckout().then((data) => {
    console.log("client-res", JSON.stringify(data));
    alert(JSON.stringify(data))
  }).catch(error => {
    console.log("client-error", JSON.stringify(error));
    alert(JSON.stringify(error))
  });
</script>
```

### How to make a payment?

1. first select stage - ```DEV / PROD```
2. Create payment **payload** & **signature** from Server-side and parse signature and base64 encoded payload to *
   Plugin*

   *Note: it's the best practice to create payload and signature from server side. otherwise, the data will be
   compromised.*

#### payload

Payload is a base64 encoded string that created from JSON payload string. Here is a sample object,

```js
payload = {
  merchant_id: "xxxxxx",
  amount: "10.00",
  type: "ONE_TIME",
  order_id: "CP123456789",
  currency: "LKR",
  response_url: "https://test.com/response-endpoint",
  first_name: "Sam",
  last_name: "Perera",
  email: "user@email.com",
  phone: "0712345678",
  logo: "",
};
```

#### signature

Signature is HmacSHA256 hash of the base64 encoded payload string. The **secret** for HmacSHA256 can be found at
developer portal.

```js
createHmacSha256Hash(base64jsonPayload, secret);
```

##### Signature generate in PHP
```php
$encode_payload = base64_encode(json_encode($json_payload));
$signature = hash_hmac('sha256', $encode_payload, 'SECRET');
```

##### Signature generate in JS
```js
var encode_payload = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(JSON.stringify(json_payload)));
var signature = CryptoJS.HmacSHA256( encode_payload, 'SECRET');
```

##### Signature generate in JAVA
```java
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKeySpec = new SecretKeySpec('SECRET'.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
mac.init(secretKeySpec);
byte[] hmacSha256 = mac.doFinal(encode_payload.getBytes(StandardCharsets.UTF_8));
signature = String.format("%032x", new BigInteger(1, hmacSha256));
```

#### Response Security (Serverside Response Validation)
##### Step 1: Fetch authorization header and request payload.
```php
// Request payload
$requestBody = file_get_contents('php://input');
// Authorization header
$signature = $_SERVER['HTTP_AUTHORIZATION'];
```

##### Step 2: Split Authorization header (signature) into two parts from space character and extract request hash received.
```php
$authArray = explode(' ', $signature);
$receivedHash = $authArray[1]; // Received hash
```

##### After splitting the authorization header, if there are two parts, it is a valid authorization header. Otherwise the header is invalid.
```php
if (count($authArray) == 2) {
// Proceed signature verification
} else {
    echo "Invalid Signature.";
}
```

##### Step 3: Generate hmac hash for received request payload using hmac secret key provided by DirectPay.
**Note: Received request payload is a json encoded and then base64 encoded data string.**
```php
$secret = "vs6568s7v2aklsdv687a3dn8a6q92z";
$generatedHash = hash_hmac('sha256', $requestBody, $secret);
```

##### Step 4: Compare generated hash with the received hash.
```php
if (strcmp($receivedHash, $generatedHash) == 0) {
    echo "Signature Verified.";
} else {
    echo "Signature Verification Failed.";
}
```

**If two hashes are identical, then the signature is valid and the request is a valid request, hence the request can be authenticated. Otherwise, the request is invalid or fraud.**

##### Complete example code:
```php
// Request payload
$requestBody = file_get_contents('php://input');

// Authorization header
$signature = $_SERVER['HTTP_AUTHORIZATION'];

$authArray = explode(' ', $signature);
$receivedHash = $authArray[1]; // Received hash

$secret = "vs6568s7v2aklsdv687a3dn8a6q92z";

if (count($authArray) == 2) {
    $generatedHash = hash_hmac('sha256', $requestBody, $secret);
    if (strcmp($receivedHash, $generatedHash) == 0) {
        echo "Signature Verified.";
    } else {
        echo "Signature Verification Failed.";
    }
} else {
    echo "Invalid Signature.";
}
```


#### Parameters

| Field              | Type    | Description                                                                                  | Allow values                                             | Mandatory                           | Length |
|--------------------|---------|----------------------------------------------------------------------------------------------|----------------------------------------------------------|-------------------------------------|--------|
| merchant_id        | String  | Merchant identification code given form DirectPay                                            |                                                          | YES                                 |        |
| amount             | String  | Transaction amount                                                                           |                                                          | YES                                 |        |
| currency           | String  | Transaction currency code.                                                                   | USD, LKR                                                 |                                     |        |
| type               | String  | Transaction Type                                                                             | ONE_TIME, RECURRING, CARD_ADD                            | YES                                 |        |
| order_id           | String  | Every transaction need unique reference                                                      |                                                          | YES                                 |        |
| return_url         | String  | After transaction process redirect to given url                                              |                                                          | NO                                  |        |
| response_url       | String  | Server-side response URL /HTTP POST request will be sent to the given endpoint               |                                                          | NO                                  |        |
| first_name         | String  | Customer first name - Auto fill the IPG UI customer details                                  |                                                          | NO                                  |        |
| last_name          | String  | Customer last name - Auto fill the IPG UI customer details                                   |                                                          | NO                                  |        |
| email              | String  | Customer email - Auto fill the IPG UI customer details                                       |                                                          | NO                                  |        |
| phone              | String  | Customer mobile number - Auto fill the IPG UI customer details                               |                                                          | NO                                  |        |
| logo               | String  | Merchant logo - need to provide secure image url of the logo. this will appear in the IPG UI |                                                          | NO                                  |        |
| start_date         | String  | Starting date of the recurring payment                                                       | YYYY-MM-DD                                               | Mandatory when **TYPE = RECURRING** | 10     |
| end_date           | String  | End date of the recurring payment                                                            | YYYY-MM-DD                                               | NO                                  | 10     |
| do_initial_payment | Integer | Recurring initiate time transaction                                                          | 1 = YES / 0 = NO                                         | Mandatory when **TYPE = RECURRING** |        |
| interval           | Integer | Frequency of payment                                                                         | 1 = MONTHLY, 2 = BIANNUALLY, 3 = ANNUALLY, 4 = QUARTERLY | Mandatory when **TYPE = RECURRING** |        |