init

2026-05-18 11:34:07 +03:30
commit 7a8ddeabed
279 changed files with 37390 additions and 0 deletions
--- a/backend/api/views/payments.py
+++ b/backend/api/views/payments.py
@@ -0,0 +1,240 @@
+from django.conf import settings
+from django.shortcuts import redirect, get_object_or_404
+from django.utils import timezone
+
+from ninja import Router
+from ninja.errors import HttpError
+import requests
+
+from payments.models import Payment, DiscountCode
+from events.models import Event, Registration
+from api.authentication import jwt_auth
+from api.schemas.payments import CouponVerifyIn, CouponVerifyOut, CreatePaymentIn, CreatePaymentOut, PaymentDetailOut
+
+payments_router = Router(tags=["Payments"])
+
+
+@payments_router.post("create", response=CreatePaymentOut, auth=jwt_auth)
+def create_payment(request, payload: CreatePaymentIn):
+    event = get_object_or_404(Event, pk=payload.event_id)
+
+    if Payment.objects.filter(status=Payment.OrderStatusChoices.PAID, user=request.auth, event=event).exists():
+        raise HttpError(400, "You have already registered in this event")
+
+    registration = (
+        Registration.objects.filter(event=event, user=request.auth, is_deleted=False)
+        .order_by("-registered_at")
+        .first()
+    )
+    if not registration or registration.status == Registration.StatusChoices.CANCELLED:
+        registration = Registration.objects.create(
+            event=event,
+            user=request.auth,
+            status=Registration.StatusChoices.PENDING,
+            final_price=event.price,
+        )
+    elif registration.final_price is None:
+        registration.final_price = event.price
+        registration.save(update_fields=["final_price"])
+
+    discount_code = None
+    discount_amount = 0
+    final_amount = event.price
+
+    if payload.discount_code:
+        discount_code = DiscountCode.objects.filter(code=payload.discount_code, applicable_events=event, is_active=True).first()
+
+        if discount_code:
+            final_amount, discount_amount = discount_code.calculate_discount(event, request.auth)
+
+    registration_updates = []
+    if discount_code and registration.discount_code_id != discount_code.id:
+        registration.discount_code = discount_code
+        registration_updates.append("discount_code")
+    if registration.discount_amount != discount_amount:
+        registration.discount_amount = discount_amount
+        registration_updates.append("discount_amount")
+    if registration.final_price != final_amount:
+        registration.final_price = final_amount
+        registration_updates.append("final_price")
+
+    if final_amount == 0:
+        if registration.status != Registration.StatusChoices.CONFIRMED:
+            registration.status = Registration.StatusChoices.CONFIRMED
+            registration_updates.append("status")
+        if registration_updates:
+            registration.save(update_fields=list(set(registration_updates)))
+        else:
+            registration.save(update_fields=["status"])
+
+        return {
+            "start_pay_url": None,
+            "authority": None,
+            "base_amount": event.price,
+            "discount_amount": discount_amount if discount_amount else 0,
+            "amount": 0,
+        }
+
+    if registration_updates:
+        registration.save(update_fields=list(set(registration_updates)))
+
+    pay = Payment.objects.create(
+        user=request.auth,
+        event=event,
+        base_amount=event.price,
+        discount_code=discount_code,
+        discount_amount=discount_amount,
+        amount=final_amount,
+        status=Payment.OrderStatusChoices.INIT,
+        registration=registration,
+    )
+
+    callback_url = getattr(settings, "ZARINPAL_CALLBACK_URL", "http://localhost:8000/api/payments/callback")
+    body = {
+        "merchant_id": settings.ZARINPAL_MERCHANT_ID,
+        "amount": final_amount,
+        "callback_url": callback_url,
+        "description": payload.description,
+        "metadata": {
+            k: v for k, v in {
+                "mobile": payload.mobile,
+                "email":  payload.email,
+                "event_id": event.id,
+                "user_id": request.auth.id,
+                "payment_id": pay.id,
+                "discount_code": discount_code.code if discount_code else None,
+            }.items() if v
+        }
+    }
+
+    try:
+        response = requests.post(
+            settings.ZARINPAL_REQUEST_URL,
+            json=body,
+            headers={"accept":"application/json","content-type":"application/json"},
+            timeout=15
+        )
+        jd = response.json()
+    except Exception as e:
+        pay.delete()
+        raise HttpError(502, f"Gateway request failed: {e}")
+
+    code = (jd.get("data") or {}).get("code")
+    if code != 100:
+        pay.delete()
+        raise HttpError(502, f"Zarinpal error: {jd.get('errors') or jd}")
+
+    authority = jd["data"]["authority"]
+    pay.authority = authority
+    pay.status = Payment.OrderStatusChoices.PENDING
+    pay.save(update_fields=["authority","status"])
+
+    return {
+        "start_pay_url": f"{settings.ZARINPAL_STARTPAY}{authority}",
+        "authority": authority,
+        "base_amount": event.price,
+        "discount_amount": discount_amount if discount_amount else 0,
+        "amount": final_amount,
+    }
+
+@payments_router.get("callback")
+def callback(request, Authority: str | None = None, Status: str | None = None):
+    if not Authority:
+        raise HttpError(400, "Missing Authority")
+
+    pay = Payment.objects.filter(authority=Authority).select_related("event","user","discount_code").first()
+    if not pay:
+        raise HttpError(404, "Payment not found")
+
+    if Status != "OK":
+        pay.status = Payment.OrderStatusChoices.CANCELED
+        pay.save(update_fields=["status"])
+        return redirect(f"{settings.FRONTEND_CALLBACK_URL}?status=failed&event_id={pay.event_id}")
+
+    verify_body = {
+        "merchant_id": settings.ZARINPAL_MERCHANT_ID,
+        "amount": pay.amount,
+        "authority": Authority,
+    }
+
+    try:
+        vresp = requests.post(
+            settings.ZARINPAL_VERIFY_URL,
+            json=verify_body,
+            headers={"accept":"application/json","content-type":"application/json"},
+            timeout=15
+        )
+        vjd = vresp.json()
+    except Exception:
+        pay.status = Payment.OrderStatusChoices.FAILED
+        pay.save(update_fields=["status"])
+        return redirect(f"{settings.FRONTEND_CALLBACK_URL}?status=failed&event_id={pay.event_id}")
+
+    vcode = (vjd.get("data") or {}).get("code")
+    if vcode in (100, 101):
+        data = vjd.get("data") or {}
+        pay.status = Payment.OrderStatusChoices.PAID
+        pay.ref_id = data.get("ref_id")
+        pay.card_pan = data.get("card_pan")
+        pay.card_hash = data.get("card_hash")
+        pay.verified_at = timezone.now()
+        pay.save(update_fields=["status", "ref_id", "card_pan", "card_hash", "verified_at"])
+
+        registration = pay.registration or Registration.objects.filter(
+            user=pay.user,
+            event=pay.event,
+            status=Registration.StatusChoices.PENDING,
+        ).first()
+        if registration:
+            registration.status = Registration.StatusChoices.CONFIRMED
+            updates = ["status"]
+            if registration.final_price is None:
+                registration.final_price = pay.amount
+                updates.append("final_price")
+            registration.save(update_fields=updates)
+
+        return redirect(f"{settings.FRONTEND_CALLBACK_URL}?status=success&event_id={pay.event_id}&ref_id={pay.ref_id}")
+
+    pay.status = Payment.OrderStatusChoices.FAILED
+    pay.save(update_fields=["status"])
+    return redirect(f"{settings.FRONTEND_CALLBACK_URL}?status=failed&event_id={pay.event_id}")
+
+@payments_router.get("by-ref/{ref_id}", response=PaymentDetailOut)
+def payment_by_ref(request, ref_id: str):
+    pay = get_object_or_404(Payment.objects.select_related("event"), ref_id=ref_id)
+    ev = pay.event
+    return {
+        "ref_id": pay.ref_id,
+        "authority": pay.authority,
+        "base_amount": pay.base_amount,
+        "discount_amount": pay.discount_amount or 0,
+        "amount": pay.amount,
+        "status": pay.get_status_display(),
+        "verified_at": pay.verified_at.isoformat() if pay.verified_at else None,
+        "event": {
+            "id": ev.id,
+            "title": ev.title,
+            "slug": ev.slug,
+            "image_url": request.build_absolute_uri(ev.featured_image.url) if ev.featured_image else None,
+            "success_markdown": ev.registration_success_markdown,
+        },
+    }
+
+@payments_router.post("/coupon/check", response=CouponVerifyOut, auth=jwt_auth)
+def check_coupon(request, payload: CouponVerifyIn):
+    event = get_object_or_404(Event, id=payload.event_id)
+    code = payload.code
+
+    if not code:
+        raise HttpError(404, "لطفا کد تخفیف را وارد کنید")
+
+    try:
+        c = DiscountCode.objects.get(code=code, applicable_events=event, is_active=True)
+        final_price, disc = c.calculate_discount(event, request.auth)
+        return {
+            "discount_amount": disc, 
+            "final_price": final_price,
+        }
+
+    except DiscountCode.DoesNotExist:
+        raise HttpError(404, "کد تخفیف معتبر نیست")