iran-pay 0.1.2

Unified async SDK for Iranian payment gateways — ZarinPal, IDPay, NextPay, Pay.ir behind one strongly-typed Rust trait.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

//! IDPay driver.
//!
//! IDPay's API uses an `X-API-KEY` header for authentication and an
//! optional `X-SANDBOX: 1` header for sandbox mode.

use async_trait::async_trait;
use serde::{Deserialize, Serialize};
use serde_json::json;
use tracing::instrument;

use crate::{
    Amount, Error, Gateway, Result, StartRequest, StartResponse, VerifyRequest, VerifyResponse,
};

const PROVIDER: &str = "idpay";
const API: &str = "https://api.idpay.ir";

/// IDPay gateway driver.
pub struct IDPay {
    api_key: String,
    sandbox: bool,
    api_base: String,
    client: reqwest::Client,
}

impl IDPay {
    /// New driver with the given API key (32-char hex string from your IDPay
    /// dashboard).
    #[must_use]
    pub fn new(api_key: impl Into<String>) -> Self {
        Self {
            api_key: api_key.into(),
            sandbox: false,
            api_base: API.into(),
            client: reqwest::Client::new(),
        }
    }

    /// Switch to IDPay's sandbox.  Sets `X-SANDBOX: 1` on every request.
    #[must_use]
    pub fn sandbox(mut self) -> Self {
        self.sandbox = true;
        self
    }

    /// Override the API base URL (for tests).
    #[must_use]
    pub fn with_api_base(mut self, url: impl Into<String>) -> Self {
        self.api_base = url.into();
        self
    }

    /// Override the underlying HTTP client.
    #[must_use]
    pub fn with_client(mut self, client: reqwest::Client) -> Self {
        self.client = client;
        self
    }

    fn request<U: AsRef<str>>(&self, path: U) -> reqwest::RequestBuilder {
        let mut rb = self
            .client
            .post(format!("{}{}", self.api_base, path.as_ref()))
            .header("X-API-KEY", &self.api_key)
            .header("Content-Type", "application/json");
        if self.sandbox {
            rb = rb.header("X-SANDBOX", "1");
        }
        rb
    }
}

#[async_trait]
impl Gateway for IDPay {
    fn name(&self) -> &'static str {
        PROVIDER
    }

    #[instrument(skip(self, req), fields(provider = PROVIDER, amount_rials = req.amount.as_rials()))]
    async fn start_payment(&self, req: &StartRequest) -> Result<StartResponse> {
        // IDPay enforces minimum 1000 Rials.
        if req.amount.as_rials() < 1_000 {
            return Err(Error::Config(format!(
                "idpay: amount must be at least 1000 Rials (got {} Rials)",
                req.amount.as_rials()
            )));
        }

        let body = json!({
            "order_id": req.order_id.clone().unwrap_or_default(),
            "amount": req.amount.as_rials(),
            "name": req.extras.get("name").cloned().unwrap_or_default(),
            "phone": req.mobile.clone().unwrap_or_default(),
            "mail": req.email.clone().unwrap_or_default(),
            "desc": req.description,
            "callback": req.callback_url,
        });

        let resp = self
            .request("/v1.1/payment")
            .json(&body)
            .send()
            .await
            .map_err(|e| Error::http(PROVIDER, e))?;
        let raw: serde_json::Value = resp.json().await.map_err(|e| Error::http(PROVIDER, e))?;

        // Error case: {error_code, error_message}
        if let Some(code) = raw.get("error_code").and_then(|v| v.as_i64()) {
            return Err(Error::Gateway {
                provider: PROVIDER,
                code,
                message: raw
                    .get("error_message")
                    .and_then(|v| v.as_str())
                    .unwrap_or("")
                    .to_owned(),
            });
        }

        let parsed: IdpStart = serde_json::from_value(raw.clone())
            .map_err(|e| Error::decode(PROVIDER, format!("start: {e}")))?;

        Ok(StartResponse {
            authority: parsed.id,
            payment_url: parsed.link,
            provider: PROVIDER,
            raw,
        })
    }

    #[instrument(skip(self, req), fields(provider = PROVIDER, authority = %req.authority))]
    async fn verify_payment(&self, req: &VerifyRequest) -> Result<VerifyResponse> {
        let body = json!({
            "id": req.authority,
            // IDPay requires the original order_id, but we don't always have
            // it at verify-time.  Empty is accepted by the sandbox; in
            // production, callers should keep the original `order_id`.
            "order_id": req.authority,
        });

        let resp = self
            .request("/v1.1/payment/verify")
            .json(&body)
            .send()
            .await
            .map_err(|e| Error::http(PROVIDER, e))?;
        let raw: serde_json::Value = resp.json().await.map_err(|e| Error::http(PROVIDER, e))?;

        if let Some(code) = raw.get("error_code").and_then(|v| v.as_i64()) {
            return Err(Error::Gateway {
                provider: PROVIDER,
                code,
                message: raw
                    .get("error_message")
                    .and_then(|v| v.as_str())
                    .unwrap_or("")
                    .to_owned(),
            });
        }

        let parsed: IdpVerify = serde_json::from_value(raw.clone())
            .map_err(|e| Error::decode(PROVIDER, format!("verify: {e}")))?;

        // Status code 100 = paid & verified; 101 = already verified.
        if parsed.status != 100 && parsed.status != 101 {
            return Err(Error::Gateway {
                provider: PROVIDER,
                code: parsed.status,
                message: format!("idpay status {}", parsed.status),
            });
        }

        let actual = Amount::rial(parsed.amount);
        if actual != req.amount {
            return Err(Error::AmountMismatch {
                expected: req.amount,
                actual,
            });
        }

        Ok(VerifyResponse {
            transaction_id: parsed.track_id.to_string(),
            authority: req.authority.clone(),
            amount: actual,
            card_pan: parsed.payment.as_ref().and_then(|p| p.card_no.clone()),
            card_hash: parsed
                .payment
                .as_ref()
                .and_then(|p| p.hashed_card_no.clone()),
            fee: None,
            provider: PROVIDER,
            raw,
        })
    }
}

// ── wire types ───────────────────────────────────────────────────────────────

#[derive(Debug, Deserialize, Serialize)]
struct IdpStart {
    id: String,
    link: String,
}

#[derive(Debug, Deserialize, Serialize)]
struct IdpVerify {
    status: i64,
    track_id: i64,
    amount: i64,
    #[serde(default)]
    payment: Option<IdpPayment>,
}

#[derive(Debug, Deserialize, Serialize)]
struct IdpPayment {
    #[serde(default)]
    card_no: Option<String>,
    #[serde(default)]
    hashed_card_no: Option<String>,
}