panariga/hutko
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

update translation. added retirn controller

Browse Source
This commit is contained in:
O K
2025-06-02 14:13:42 +03:00
parent b1e1fffef0
commit 5d762c2081
6 changed files with 616 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
controllers/front/redirect.php
View File

@@ -10,7 +10,7 @@
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
*/
use Symfony\Component\Serializer\Encoder\JsonEncode;
if (!defined('_PS_VERSION_')) {
exit;

121
controllers/front/return.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
/**
* Hutko - Платіжний сервіс, який рухає бізнеси вперед.
*
* Запускайтесь, набирайте темп, масштабуйтесь ми підстрахуємо всюди.
*
* @author panariga
* @copyright 2025 Hutko
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
*/
if (!defined('_PS_VERSION_')) {
exit;
}
/**
* HutkoReturnModuleFrontController handles the return URL from an external service.
*
* This controller is responsible for receiving a specially encoded parameter
* (`hutkoPV`) from a payment gateway or external system after a transaction.
* It decodes this parameter, validates its content, and redirects the customer
* to the standard PrestaShop order confirmation page if the data is valid.
*
* The `hutkoPV` parameter is expected to be a URL-safe encoded JSON string
* containing critical order details like `id_cart`, `id_module`, `id_order`,
* and the customer's `secure_key`.
*
* If the `hutkoPV` parameter is missing, cannot be decoded/parsed, or fails
* validation (specifically the secure key check against the current customer),
* it throws a PrestaShopException.
*
* @property \Hutko $module The instance of the main module class (\Hutko).
* @property \Context $context The current PrestaShop context.
* @property \Smarty $context->smarty The Smarty instance for templating (though not used here).
* @property \Customer $context->customer The currently logged-in customer.
* @property \Link $context->link The PrestaShop Link class instance for URL generation.
* @extends ModuleFrontController
* @package Modules\Hutko
* @author Panariga
* @copyright Hutko
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0) // Adjust if using a different license
* @version 1.0.0 // Start with a version number
*/
class HutkoReturnModuleFrontController extends ModuleFrontController
{
/**
* Initializes the content for the controller.
*
* This method is the main entry point for this controller. It retrieves
* the `hutkoPV` parameter from the request, decodes and parses it,
* validates the required data, and redirects the customer to the
* order confirmation page if successful.
*
* @throws PrestaShopException If the `hutkoPV` parameter is missing,
* invalid, or the secure key validation fails.
* The exception message indicates the nature
* of the failure.
*/
public function initContent()
{
// Retrieve the 'hutkoPV' parameter from the GET or POST request.
// It is expected to be a URL-safe encoded string.
$hutkoPV = Tools::getValue('hutkoPV');
// Decode the URL-safe string using the module's custom function.
// If the decoding fails or the input is empty, $hutkoPV will be false or empty.
$decodedHutkoPV = $this->module->urlSafeDecode($hutkoPV);
// Check if decoding was successful and the result is not empty.
if ($decodedHutkoPV) {
// Attempt to decode the JSON string into a PHP array.
$decodedPV = json_decode($decodedHutkoPV, true);
// Validate the decoded JSON:
// 1. Check if json_decode returned an array.
// 2. Check if all expected keys ('id_cart', 'id_module', 'id_order', 'key') exist in the array.
// 3. Check if the 'key' from the decoded data matches the secure key of the currently logged-in customer.
// This is a critical security step to prevent unauthorized access to order details.
if (
is_array($decodedPV)
&& isset($decodedPV['id_cart'])
&& isset($decodedPV['id_module'])
&& isset($decodedPV['id_order'])
&& isset($decodedPV['key'])
&& $decodedPV['key'] == $this->context->customer->secure_key // Secure key validation
) {
// If validation passes, generate the URL for the standard order confirmation page.
// The URL includes the validated parameters necessary for the order-confirmation controller
// to load and display the correct order details.
$orderConfirmationUrl = $this->context->link->getPageLink(
'order-confirmation', // The controller to redirect to
true, // Use SSL
$this->context->language->id, // Current language ID
[ // Parameters for the order-confirmation page
'id_cart' => (int)$decodedPV['id_cart'], // Cast to int for safety
'id_module' => (int)$decodedPV['id_module'], // Cast to int
'id_order' => (int)$decodedPV['id_order'], // Cast to int
'key' => pSQL($decodedPV['key']), // Sanitize key before using in URL (though link generation does some)
]
);
// Redirect the customer to the order confirmation page.
Tools::redirect($orderConfirmationUrl);
// Stop script execution after redirection.
exit;
}
// If decoding was successful but validation failed:
else {
// Throw an exception indicating a validation failure (broken data).
throw new PrestaShopException('hutkoPV data validation failed or structure is incorrect.');
}
}
// If hutkoPV parameter was missing or decoding failed:
// Throw an exception indicating the parameter is missing or unusable.
throw new PrestaShopException('hutkoPV parameter is missing or broken.');
}
}