Encriptación y firmado de datos para conexión con RedSys listos

114d280f · Arturo Montejo Ráez · 2e789223 · 114d280f · 114d280f · 114d280f
Commit 114d280f authored Sep 14, 2017 by Arturo Montejo Ráez
Showing with 54 additions and 30 deletions
sails/src/api/controllers/TPVController.js
sails/src/api/models/Student.js
sails/src/assets/scripts/modules/student/controllers/tpvmodal.js
sails/src/assets/scripts/modules/student/views/tpvmodal.html
sails/src/config/pictogram.js
sails/src/package.json
--- a/sails/src/api/controllers/TPVController.js
+++ b/sails/src/api/controllers/TPVController.js
@@ -5,9 +5,8 @@
 * @help        :: See http://links.sailsjs.org/docs/controllers
 */

-//const nacl_util = require('tweetnacl');
-const nacl_util = require('tweetnacl-util');
-const sha256 = require("fast-sha256");
+const moment = require('moment');
+const cryptojs = require("crypto-js");

 module.exports = {

@@ -21,36 +20,60 @@ module.exports = {
    if (!params.id_stu || !params.id_sup || !params.type)
      return res.badRequest();

+    //
+    // Submit data
+    //
+
    var amount = sails.config.pictogram.tpv.prices.oneYearEuro;
    if (params.type == 'forever')
      amount = sails.config.pictogram.tpv.prices.foreverEuro;

    var tpvdata =
    {
-      Ds_Merchant_PayMethods: 'O',              // Payment managed by RedSys
-      Ds_Merchant_MerchantCode: sails.config.pictogram.tpv.merchantCode,    // Number of commerce (Yotta)
-      Ds_Merchant_Terminal: '001',              // Terminal number
-      Ds_Merchant_Currency: '000 ("978")',      // Terminal currency
-      Ds_Merchant_TransactionType: ,            // Type of the transaction
-      Ds_Merchant_Amount: amount,               // Amount
-      Ds_Merchant_MerchantUrl: sails.getBaseUrl() + "/tpv/notify",
-      Ds_Merchant_UrlOk: sails.getBaseUrl() + '/app/#/student/' + params.id_stu + "/setup/renewed/1" // Returning URL (success)
-      Ds_Merchant_UrlKo: sails.getBaseUrl() + '/app/#/student/' + params.id_stu + "/setup/renewed/0" // Returning URL (error)
+      DS_MERCHANT_PAYMETHODS: 'C',              // Payment managed by RedSys
+      DS_MERCHANT_MERCHANTCODE: sails.config.pictogram.tpv.merchantCode,    // Number of commerce (Yotta)
+      DS_MERCHANT_TERMINAL: '001',              // Terminal number
+      DS_MERCHANT_CURRENCY: '978',      // Terminal currency
+      DS_MERCHANT_TRANSACTIONTYPE: "0",            // Type of the transaction (0: authorized)
+      DS_MERCHANT_AMOUNT: amount + "00",               // Amount
+      DS_MERCHANT_ORDER: moment().format('YYMMDD') + params.id_stu,
+      DS_MERCHANT_MERCHANTURL: sails.getBaseUrl() + "/tpv/notify",
+      DS_MERCHANT_URLOK: sails.getBaseUrl() + '/app/#/student/' + params.id_stu + "/setup/renewed/1", // Returning URL (success)
+      DS_MERCHANT_URLKO: sails.getBaseUrl() + '/app/#/student/' + params.id_stu + "/setup/renewed/0" // Returning URL (error)
    };

-    console.log(JSON.stringify(tpvdata));
+    //
+    // Sign data
+    //

-    // Parameters in Base64
-    var merchantParameters = nacl_util.encodeBase64(JSON.stringify(tpvdata));
+    // Base64 encoding of parameters
+    var merchantWordArray = cryptojs.enc.Utf8.parse(JSON.stringify(tpvdata));
+    var merchantBase64 = merchantWordArray.toString(cryptojs.enc.Base64);

-    // HMAC 256 signature
-    var signature =  nacl_util.encodeBase64(sha256.hmac(sails.config.pictogram.tpv.key, merchantParameters));
+    // Decode key
+    var keyWordArray = cryptojs.enc.Base64.parse(sails.config.pictogram.tpv.key);

-    res.ok({
-      merchantParameters: merchantParameters,
-      signatureVersion: "HMAC_SHA256_V1",
-      signature: signature
+    // Generate transction key
+    var iv = cryptojs.enc.Hex.parse("00000000");
+    var cipher = cryptojs.TripleDES.encrypt(tpvdata.DS_MERCHANT_ORDER, keyWordArray, {
+      iv:iv,
+      mode: cryptojs.mode.CBC,
+      padding: cryptojs.pad.NoPadding
    });
+
+    // Sign
+    var signature = cryptojs.HmacSHA256(merchantBase64, cipher.ciphertext);
+    var signatureBase64 = signature.toString(cryptojs.enc.Base64);
+
+    // Done, we can return response
+    var response = {
+      signatureVersion: "HMAC_SHA256_V1",
+      merchantParameters: merchantBase64,
+      signature: signatureBase64
+    };
+
+    sails.log.debug(JSON.stringify(response));
+    res.ok(response);
  },



--- a/sails/src/api/models/Student.js
+++ b/sails/src/api/models/Student.js
@@ -640,10 +640,14 @@ module.exports = {
    var prefix = (name + ' ' + surname).split(/\s+/).map(x => {return x.toLowerCase()[0]}).join('');
    var counter = 0;
    var found = true;
+    var postfix;
+    var username;
    async.doWhilst(
      function (cb) {
        counter = counter + 1;
-        Student.findOne({username: prefix + counter})
+        postfix = ("0000" + counter).slice(-4);
+        username = prefix + postfix;
+        Student.findOne({username: username})
        .then((l) => {
          if (!l)
            found = false;
@@ -658,7 +662,7 @@ module.exports = {
        return found;
      },
      function () {
-        callback(prefix + counter);
+        callback(username);
      }
    );
  }

--- a/sails/src/assets/scripts/modules/student/controllers/tpvmodal.js
+++ b/sails/src/assets/scripts/modules/student/controllers/tpvmodal.js
@@ -27,9 +27,9 @@ dashboardControllers.controller('TPVModalCtrl', function (
      .success(function(data, status, headers, config) {
        // Non-AJAX post to RedSys
        var form = $('<form id="redsysform" action="https://sis-t.redsys.es:25443/sis/realizarPago" method="POST">' +
-          '<input type="hidden" name="Ds_SignatureVersion" value="' + data.signatureVersion + '">' +
-          '<input type="hidden" name="Ds_MerchantParameters" value="' + data.merchantParameters + '">' +
-          '<input type="hidden" name="Ds_Signature" value="' + data.signature + '">' +
+          '<input type="hidden" name="DS_SIGNATUREVERSION" value="' + data.signatureVersion + '">' +
+          '<input type="hidden" name="DS_MERCHANTPARAMETERS" value="' + data.merchantParameters + '">' +
+          '<input type="hidden" name="DS_SIGNATURE" value="' + data.signature + '">' +
          '</form>');
        $(document.body).append(form);
        $("#redsysform").submit();

--- a/sails/src/assets/scripts/modules/student/views/tpvmodal.html
+++ b/sails/src/assets/scripts/modules/student/views/tpvmodal.html
@@ -3,7 +3,7 @@
        <button type="button" class="close" ng-click="close()">
          <span aria-hidden="true">&times;</span><span class="sr-only" translate>close</span>
        </button>
-        <h4 class="modal-title" translate>tpv_title</h4>
+        <h2 class="modal-title" translate>tpv_title</h2>
    </div>
    <div class="modal-body">


--- a/sails/src/config/pictogram.js
+++ b/sails/src/config/pictogram.js
@@ -33,7 +33,6 @@ module.exports.pictogram = {
      oneYearEuro: 70,    // one year license in euros
    },
    merchantCode: '152038485', // Code for Yotta
-    merchantKey: 'qwertyasdf0123456789',
    key: 'sq7HjrUOBfKmC576ILgskD5srU870gJ7' // key for signing
  },


--- a/sails/src/package.json
+++ b/sails/src/package.json
@@ -11,7 +11,6 @@
    "connect-redis": "3.0.2",
    "connect-timeout": "^1.7.0",
    "ejs": "^0.8.8",
-    "fast-sha256": "^1.0.0",
    "forever": "^0.14.1",
    "grunt": "^1.0.1",
    "grunt-contrib-clean": "^1.0.0",
@@ -34,7 +33,6 @@
    "sails-test-helper": "^0.3.5",
    "socket.io": "~1.3.2",
    "socket.io-redis": "^0.1.4",
-    "tweetnacl-util": "^0.15.0",
    "winston": "~1.0.0"
  },
  "scripts": {