soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(payment): standalone ZarinPal broker on pay.flatrender.ir

Browse Source 
A generic multi-client payment gateway so FlatRender, meezi.ir and
bargevasat.ir can all pay through ZarinPal's single verified callback
domain (pay.flatrender.ir).

New Go service services/payment (clones the notification skeleton +
vendored deps):
- migration 31_payment_broker.sql — `payment` schema: client_apps,
  transactions, webhook_deliveries.
- ZarinPal v4 client ported from the proven identity PaymentService
  (request.json -> StartPay -> verify.json; codes 100/101).
- client API: POST /v1/pay/request + /v1/pay/inquiry, authed by
  X-Api-Key + HMAC body signature; GET /callback/zarinpal (the single
  verified endpoint) verifies, then 302s the user back to the site's
  return_url (signed) and fires a signed, retried webhook.
- per-client ZarinPal merchant override (default = shared merchant);
  amount stored canonically in Rial, unit to ZarinPal env-configurable.
- admin API /v1/admin/* (FlatRender admin JWT): client-app CRUD +
  key issue/rotate + transactions list.

Deploy wiring: payment-svc in docker-compose.v2.yml (host port 1607),
pay.flatrender.ir server block in mirror-nginx conf, ENV_FILE +
README updates (cert SAN + manual migration note).

Admin UI: src/components/admin/PaymentsAdmin.tsx (client apps with
one-time key reveal + rotate, transactions table) + /admin/payments
page + nav link + fa/en strings; pay-admin proxy route to payment-svc.

Docs/SDK: deploy/PAYMENTS.md (integration contract) + deploy/sdk/flatpay.js
(zero-dep Node client + webhook verifier) for meezi/any site.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-15 23:59:54 +03:30
parent 896ce3dfa9
commit ec51e87d2d
1830 changed files with 899129 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/payment/vendor/github.com/twitchyliquid64/golang-asm/sys/arch.go
Generated Vendored
+187
View File
@@ -0,0 +1,187 @@
// Copyright 2016 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package sys
import "encoding/binary"
// ArchFamily represents a family of one or more related architectures.
// For example, ppc64 and ppc64le are both members of the PPC64 family.
type ArchFamily byte
const (
NoArch ArchFamily = iota
AMD64
ARM
ARM64
I386
MIPS
MIPS64
PPC64
RISCV64
S390X
Wasm
)
// Arch represents an individual architecture.
type Arch struct {
Name string
Family ArchFamily
ByteOrder binary.ByteOrder
// PtrSize is the size in bytes of pointers and the
// predeclared "int", "uint", and "uintptr" types.
PtrSize int
// RegSize is the size in bytes of general purpose registers.
RegSize int
// MinLC is the minimum length of an instruction code.
MinLC int
}
// InFamily reports whether a is a member of any of the specified
// architecture families.
func (a *Arch) InFamily(xs ...ArchFamily) bool {
for _, x := range xs {
if a.Family == x {
return true
}
}
return false
}
var Arch386 = &Arch{
Name: "386",
Family: I386,
ByteOrder: binary.LittleEndian,
PtrSize: 4,
RegSize: 4,
MinLC: 1,
}
var ArchAMD64 = &Arch{
Name: "amd64",
Family: AMD64,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 1,
}
var ArchARM = &Arch{
Name: "arm",
Family: ARM,
ByteOrder: binary.LittleEndian,
PtrSize: 4,
RegSize: 4,
MinLC: 4,
}
var ArchARM64 = &Arch{
Name: "arm64",
Family: ARM64,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchMIPS = &Arch{
Name: "mips",
Family: MIPS,
ByteOrder: binary.BigEndian,
PtrSize: 4,
RegSize: 4,
MinLC: 4,
}
var ArchMIPSLE = &Arch{
Name: "mipsle",
Family: MIPS,
ByteOrder: binary.LittleEndian,
PtrSize: 4,
RegSize: 4,
MinLC: 4,
}
var ArchMIPS64 = &Arch{
Name: "mips64",
Family: MIPS64,
ByteOrder: binary.BigEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchMIPS64LE = &Arch{
Name: "mips64le",
Family: MIPS64,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchPPC64 = &Arch{
Name: "ppc64",
Family: PPC64,
ByteOrder: binary.BigEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchPPC64LE = &Arch{
Name: "ppc64le",
Family: PPC64,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchRISCV64 = &Arch{
Name: "riscv64",
Family: RISCV64,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 4,
}
var ArchS390X = &Arch{
Name: "s390x",
Family: S390X,
ByteOrder: binary.BigEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 2,
}
var ArchWasm = &Arch{
Name: "wasm",
Family: Wasm,
ByteOrder: binary.LittleEndian,
PtrSize: 8,
RegSize: 8,
MinLC: 1,
}
var Archs = [...]*Arch{
Arch386,
ArchAMD64,
ArchARM,
ArchARM64,
ArchMIPS,
ArchMIPSLE,
ArchMIPS64,
ArchMIPS64LE,
ArchPPC64,
ArchPPC64LE,
ArchRISCV64,
ArchS390X,
ArchWasm,
}
services/payment/vendor/github.com/twitchyliquid64/golang-asm/sys/supported.go
Generated Vendored
+116
View File
@@ -0,0 +1,116 @@
// Copyright 2018 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package sys
// RaceDetectorSupported reports whether goos/goarch supports the race
// detector. There is a copy of this function in cmd/dist/test.go.
// Race detector only supports 48-bit VMA on arm64. But it will always
// return true for arm64, because we don't have VMA size information during
// the compile time.
func RaceDetectorSupported(goos, goarch string) bool {
switch goos {
case "linux":
return goarch == "amd64" || goarch == "ppc64le" || goarch == "arm64"
case "darwin", "freebsd", "netbsd", "windows":
return goarch == "amd64"
default:
return false
}
}
// MSanSupported reports whether goos/goarch supports the memory
// sanitizer option. There is a copy of this function in cmd/dist/test.go.
func MSanSupported(goos, goarch string) bool {
switch goos {
case "linux":
return goarch == "amd64" || goarch == "arm64"
default:
return false
}
}
// MustLinkExternal reports whether goos/goarch requires external linking.
func MustLinkExternal(goos, goarch string) bool {
switch goos {
case "android":
if goarch != "arm64" {
return true
}
case "darwin":
if goarch == "arm64" {
return true
}
}
return false
}
// BuildModeSupported reports whether goos/goarch supports the given build mode
// using the given compiler.
func BuildModeSupported(compiler, buildmode, goos, goarch string) bool {
if compiler == "gccgo" {
return true
}
platform := goos + "/" + goarch
switch buildmode {
case "archive":
return true
case "c-archive":
// TODO(bcmills): This seems dubious.
// Do we really support c-archive mode on js/wasm‽
return platform != "linux/ppc64"
case "c-shared":
switch platform {
case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/ppc64le", "linux/s390x",
"android/amd64", "android/arm", "android/arm64", "android/386",
"freebsd/amd64",
"darwin/amd64",
"windows/amd64", "windows/386":
return true
}
return false
case "default":
return true
case "exe":
return true
case "pie":
switch platform {
case "linux/386", "linux/amd64", "linux/arm", "linux/arm64", "linux/ppc64le", "linux/s390x",
"android/amd64", "android/arm", "android/arm64", "android/386",
"freebsd/amd64",
"darwin/amd64",
"aix/ppc64",
"windows/386", "windows/amd64", "windows/arm":
return true
}
return false
case "shared":
switch platform {
case "linux/386", "linux/amd64", "linux/arm", "linux/arm64", "linux/ppc64le", "linux/s390x":
return true
}
return false
case "plugin":
switch platform {
case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/s390x", "linux/ppc64le",
"android/amd64", "android/arm", "android/arm64", "android/386",
"darwin/amd64",
"freebsd/amd64":
return true
}
return false
default:
return false
}
}