admin/tainagustului
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b9de2bcd30791ab1e387084e3e37b2fcc8a6157d
tainagustului/UI_V2/flask_server.py
Marius Robert Macamete b9de2bcd30 something
2025-12-20 18:22:53 +02:00

111 lines
3.7 KiB
Python
Raw Blame History

from __future__ import annotations
import jwt
import os
import logging
from logging.handlers import RotatingFileHandler
from flask import Flask, request, jsonify
from flask_cors import CORS
from flask import Response
from werkzeug.middleware.proxy_fix import ProxyFix
try:
from dotenv import load_dotenv
load_dotenv()
except Exception:
pass
from helpers.netopia import verify_ipn, get_status
app = Flask(__name__)
CORS(app, resources={r"/api/*": {"origins": "*"}})
# Tell Flask it is behind a proxy and should trust the X-Forwarded headers
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
# ---------- Logging ----------
app.logger.setLevel(logging.INFO)
_log_dir = os.getenv("LOG_DIR", "logs")
os.makedirs(_log_dir, exist_ok=True)
_handler = RotatingFileHandler(os.path.join(_log_dir, "netopia_api.log"), maxBytes=1_000_000, backupCount=3)
_handler.setLevel(logging.INFO)
_handler.setFormatter(logging.Formatter("%(asctime)s [%(levelname)s] %(message)s"))
app.logger.addHandler(_handler)
@app.get("/healthz")
def healthz():
return {"ok": True}, 200
# @app.post("/api/payments/ipn")
# def ipn():
# try:
# # Pass the whole request object, not just request.data
# data = verify_ipn(request)
# app.logger.info("IPN OK: %s", data)
# return jsonify({"errorCode": 0}), 200
# except Exception as e:
# app.logger.exception("IPN verification failed: %s", e)
# return jsonify({"errorCode": 0}), 200
@app.post("/api/payments/ipn")
def ipn():
token = request.headers.get('Verification-Token') or request.headers.get('X-Netopia-Signature')
try:
from helpers.netopia import NetopiaSettings
settings = NetopiaSettings.from_env()
public_key = settings.public_key_str.replace('\\n', '\n').strip()
# 1. Try to decode without Audience check first to isolate the Signature
# This tells us if the Public Key actually matches the Private Key used by Netopia
decoded_data = jwt.decode(
token,
public_key,
algorithms=["RS256", "RS512"],
options={"verify_aud": False}, # Temporarily disable audience check
leeway=60
)
app.logger.info(f"SUCCESS! Verified Data: {decoded_data}")
# 2. Check audience manually
token_aud = decoded_data.get('aud')
expected_aud = settings.pos_signature
# Netopia sends ['SIG'], we expect 'SIG'
if expected_aud not in token_aud and expected_aud != token_aud:
app.logger.error(f"Audience mismatch: Got {token_aud}, expected {expected_aud}")
return jsonify({"error": "Audience mismatch"}), 400
return jsonify({"errorCode": 0}), 200
except jwt.InvalidSignatureError:
app.logger.error("DANGER: The Public Key does not match the signature. Check if this is the SANDBOX key.")
return jsonify({"error": "Invalid Signature"}), 400
except Exception as e:
app.logger.error(f"Verification Failed: {type(e).__name__} - {e}")
return jsonify({"error": str(e)}), 400
@app.get("/api/payments/status")
def status():
ntp_id = request.args.get("ntpID")
order_id = request.args.get("orderID")
try:
resp = get_status(ntp_id=ntp_id, order_id=order_id)
return jsonify({"ok": True, "data": resp}), 200
except Exception as e:
app.logger.exception("Status query failed: %s", e)
return jsonify({"ok": False, "error": str(e)}), 400
if __name__ == "__main__":
host = os.getenv("API_HOST", "0.0.0.0")
port = int(os.getenv("API_PORT", "9000"))
app.logger.info("Starting NETOPIA Flask sidecar on %s:%s", host, port)
app.run(host=host, port=port)
Reference in New Issue View Git Blame Copy Permalink