From d06c9b1bfbb24646630960995e14ab93fb219217 Mon Sep 17 00:00:00 2001 From: Marius Robert Macamete Date: Sat, 20 Dec 2025 18:36:52 +0200 Subject: [PATCH] something --- UI_V2/flask_server.py | 90 +++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/UI_V2/flask_server.py b/UI_V2/flask_server.py index c1d4750..4855c4e 100644 --- a/UI_V2/flask_server.py +++ b/UI_V2/flask_server.py @@ -37,58 +37,58 @@ app.logger.addHandler(_handler) def healthz(): return {"ok": True}, 200 -# @app.post("/api/payments/ipn") -# def ipn(): -# try: - -# # Pass the whole request object, not just request.data -# data = verify_ipn(request) - -# app.logger.info("IPN OK: %s", data) -# return jsonify({"errorCode": 0}), 200 -# except Exception as e: -# app.logger.exception("IPN verification failed: %s", e) -# return jsonify({"errorCode": 0}), 200 - - @app.post("/api/payments/ipn") def ipn(): - token = request.headers.get('Verification-Token') or request.headers.get('X-Netopia-Signature') - try: - from helpers.netopia import NetopiaSettings - settings = NetopiaSettings.from_env() - public_key = settings.public_key_str.replace('\\n', '\n').strip() - # 1. Try to decode without Audience check first to isolate the Signature - # This tells us if the Public Key actually matches the Private Key used by Netopia - decoded_data = jwt.decode( - token, - public_key, - algorithms=["RS256", "RS512"], - options={"verify_aud": False}, # Temporarily disable audience check - leeway=60 - ) - - app.logger.info(f"SUCCESS! Verified Data: {decoded_data}") - - # 2. Check audience manually - token_aud = decoded_data.get('aud') - expected_aud = settings.pos_signature - - # Netopia sends ['SIG'], we expect 'SIG' - if expected_aud not in token_aud and expected_aud != token_aud: - app.logger.error(f"Audience mismatch: Got {token_aud}, expected {expected_aud}") - return jsonify({"error": "Audience mismatch"}), 400 + # Pass the whole request object, not just request.data + data = verify_ipn(request.data) + app.logger.info("IPN OK: %s", data) return jsonify({"errorCode": 0}), 200 - - except jwt.InvalidSignatureError: - app.logger.error("DANGER: The Public Key does not match the signature. Check if this is the SANDBOX key.") - return jsonify({"error": "Invalid Signature"}), 400 except Exception as e: - app.logger.error(f"Verification Failed: {type(e).__name__} - {e}") - return jsonify({"error": str(e)}), 400 + app.logger.exception("IPN verification failed: %s", e) + return jsonify({"errorCode": 0}), 200 + + +# @app.post("/api/payments/ipn") +# def ipn(): +# token = request.headers.get('Verification-Token') or request.headers.get('X-Netopia-Signature') + +# try: +# from helpers.netopia import NetopiaSettings +# settings = NetopiaSettings.from_env() +# public_key = settings.public_key_str.replace('\\n', '\n').strip() + +# # 1. Try to decode without Audience check first to isolate the Signature +# # This tells us if the Public Key actually matches the Private Key used by Netopia +# decoded_data = jwt.decode( +# token, +# public_key, +# algorithms=["RS256", "RS512"], +# options={"verify_aud": False}, # Temporarily disable audience check +# leeway=60 +# ) + +# app.logger.info(f"SUCCESS! Verified Data: {decoded_data}") + +# # 2. Check audience manually +# token_aud = decoded_data.get('aud') +# expected_aud = settings.pos_signature + +# # Netopia sends ['SIG'], we expect 'SIG' +# if expected_aud not in token_aud and expected_aud != token_aud: +# app.logger.error(f"Audience mismatch: Got {token_aud}, expected {expected_aud}") +# return jsonify({"error": "Audience mismatch"}), 400 + +# return jsonify({"errorCode": 0}), 200 + +# except jwt.InvalidSignatureError: +# app.logger.error("DANGER: The Public Key does not match the signature. Check if this is the SANDBOX key.") +# return jsonify({"error": "Invalid Signature"}), 400 +# except Exception as e: +# app.logger.error(f"Verification Failed: {type(e).__name__} - {e}") +# return jsonify({"error": str(e)}), 400 @app.get("/api/payments/status")