Splits (#10)

.github/workflows/codeql-analysis.yml

@@ -1,4 +1,4 @@
-# For most projects, this workflow file will not need changing; you simply need
+  # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
 # You may wish to alter this file to override the set of languages analyzed,
@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/go-linter.yml

@@ -6,7 +6,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v2
         with:

.github/workflows/go.yml

@@ -1,21 +1,24 @@
-name: Go
+name: Go Test
+
 on: [push]
 jobs:
-
-  build:
-    name: Build
+  test:
+    name: Test
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ '1.14', '1.20' ]
+
     steps:
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v3
 
-    - name: Set up Go 1.14
-      uses: actions/setup-go@v1
+    - name: Set up Go ${{ matrix.go-version }}
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.14
+        go-version: ${{ matrix.go-version }}
       id: go
 
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v1
-
     - name: Get dependencies
       run: |
         go get -v -t -d ./...
@@ -28,7 +31,7 @@ jobs:
       run: go test -race -coverprofile=coverage.txt -covermode=atomic
 
     - name: Codecov
-      uses: codecov/codecov-action@v1
+      uses: codecov/codecov-action@v3
       with:
         file: ./coverage.txt
         token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/govulncheck.yml

@@ -0,0 +1,33 @@
+name: "Govuln"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '42 12 * * 2'
+
+jobs:
+  analyze:
+    name: Vuln check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 'stable'
+        id: go
+
+      - name: Scan for Vulnerabilities in Code
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version: ${{ matrix.go-version }}
+          vulncheck-version: latest
+          package: ./...
+          fail-on-vuln: true

README.md

@@ -29,7 +29,7 @@ To obtain a payment session on QIWI website you need to create a new qiwi object
 package main
 
 import (
-    "fmt"
+    "log"
     "context"
 
     "github.com/sendtips/qiwi"
@@ -40,10 +40,10 @@ func main() {
 
     err := pay.CardRequest(context.TODO(), 300) // Request session for 3.00RUB
     if err != nil {
-        fmt.Printf("Error occurred: %s", err)
+        log.Fatalf("Error occurred: %s", err)
     }
 
-    fmt.Printf("Pay via link: %s", pay.PayURL) // Payment session URL on QIWI website
+    log.Printf("Pay via link: %s", pay.PayURL) // Payment session URL on QIWI website
 }
 ```
 

doc.go

@@ -10,34 +10,34 @@ For payment sessions are CardRequest, ApplePay and GooglePay methods of Payments
 
 Example to process ApplePay payment
 
-    pay := qiwi.New("OrderID", "SiteID", "TOKEN", "http://example.com/qiwi-api")
+	pay := qiwi.New("OrderID", "SiteID", "TOKEN", "http://example.com/qiwi-api")
 
-    err := pay.ApplePay(context.TODO(), 300, "ApplePayTokenString") // Request a session for 3.00RUB
-    if err != nil {
-        fmt.Printf("Error occurred: %s", err)
-    }
+	err := pay.ApplePay(context.TODO(), 300, "ApplePayTokenString") // Request a session for 3.00RUB
+	if err != nil {
+	    fmt.Printf("Error occurred: %s", err)
+	}
 
 You may pass hook payload to NewNotify function,
 or use NotifyParseHTTPRequest which works directly for http.Request
 the Notify object will be returned with the payment status.
 
 Example of receiving Notify from incoming http.Request
 
-    //..
-    notify, err := qiwi.NotifyParseHTTPRequest("YOUTOKEN", w.ResponseWriter, r.Request)
-    if err != nil {
-        fmt.Println("[QIWI] Error while loading incoming notification:", err)
-    }
+	//..
+	notify, err := qiwi.NotifyParseHTTPRequest("YOUTOKEN", w.ResponseWriter, r.Request)
+	if err != nil {
+	    fmt.Println("[QIWI] Error while loading incoming notification:", err)
+	}
 
 Or you may process received data by yourself and pass the payload to NewNotify
 
-    //..
-    notify, err := qiwi.NewNotify("YOUTOKEN", "SIGNATURE", payload)
-    if err != nil {
-        fmt.Println("[QIWI] Error while parsing notification:", err)
-    }
-
+	//..
+	notify, err := qiwi.NewNotify("YOUTOKEN", "SIGNATURE", payload)
+	if err != nil {
+	    fmt.Println("[QIWI] Error while parsing notification:", err)
+	}
 
 QIWI uses ISO8601 (2021-07-29T16:30:00+03:00) time format,
-so use a build-in Time custom time type */
+so use a build-in Time custom time type
+*/
 package qiwi

notify_test.go

@@ -84,6 +84,84 @@ func TestHook(t *testing.T) {
         }
         `)
 
+	payloadSplits := []byte(`{
+		"refund": {
+			"refundId": "42f5ca91-965e-4cd0-bb30-3b64d9284048",
+			"type": "REFUND",
+			"createdDateTime": "2021-02-05T11:31:40+03:00",
+			"status": {
+				"value": "SUCCESS",
+				"changedDateTime": "2021-02-05T11:31:40+03:00"
+			},
+			"amount": {
+				"value": 3,
+				"currency": "RUB"
+			},
+			"paymentMethod": {
+				"type": "TOKEN",
+				"paymentToken": "1620161e-d498-431b-b006-c52bb78c6bf2",
+				"maskedPan": null,
+				"cardHolder": null,
+				"cardExpireDate": null
+			},
+			"customer": {
+				"email": "glmgmmxr@qiwi123.com",
+				"account": "sbderxuftsrt",
+				"phone": "13387571067",
+				"country": "yccsnnfjgthu",
+				"city": "sqdvseezbpzo",
+				"region": "shbvyjgspjvu"
+			},
+			"gatewayData": {
+				"type": "ACQUIRING",
+				"authCode": "181218",
+				"rrn": "123"
+			},
+			"billId": "autogenerated-19cf2596-62a8-47f2-8721-b8791e9598d0",
+			"flags": [
+				"REVERSAL"
+			],
+			"refundSplits": [
+				{
+					"type": "MERCHANT_DETAILS",
+					"siteUid": "Obuc-00",
+					"splitAmount": {
+						"value": 2,
+						"currency": "RUB"
+					},
+					"splitCommissions": {
+						"merchantCms": {
+							"value": 0,
+							"currency": "RUB"
+						},
+						"userCms": null
+					},
+					"orderId": "dressesforwhite",
+					"comment": "Покупка 1"
+				},
+				{
+					"type": "MERCHANT_DETAILS",
+					"siteUid": "Obuc-01",
+					"splitAmount": {
+						"value": 1,
+						"currency": "RUB"
+					},
+					"splitCommissions": {
+						"merchantCms": {
+							"value": 0.02,
+							"currency": "RUB"
+						},
+						"userCms": null
+					},
+					"orderId": "shoesforvalya",
+					"comment": "Покупка 2"
+				}
+			]
+		},
+		"type": "REFUND",
+		"version": "1"
+	}`)
+
 	tests := []struct {
 		payload []byte
 		want    Notify
@@ -107,22 +185,28 @@ func TestHook(t *testing.T) {
 			Notify{Type: PaymentNotify, Payment: Payment{Amount: NewAmountInRubles(221124)}},
 			ErrBadSignature, "BADSIGN",
 		},
+
+		{
+			payloadSplits,
+			Notify{Type: RefundNotify, Refund: Payment{Amount: NewAmountInRubles(300)}},
+			nil, "681d7b40abafb5dcf958f653887303bd081839fa963bad6149055e90a2b02b16",
+		},
 	}
 
 	for _, test := range tests {
 
 		notify, err := NewNotify(key, test.sig, test.payload)
 
 		if !errors.Is(err, test.err) {
-			t.Error("Error occurred: ", err, test.err)
+			t.Error("Error occurred: ", err, test.err, notify)
 		}
 
 		if notify.Type != test.want.Type {
 			t.Error("Incorrect type")
 		}
 
 		if notify.Payment.Amount.Value != test.want.Payment.Amount.Value {
-			t.Error("Amount is wrong")
+			t.Error("Amount is wrong", notify.Payment.Amount.Value, test.want.Payment.Amount.Value)
 		}
 
 	}

payment.go

@@ -49,6 +49,7 @@ type Payment struct {
 	CustomField   *CustomField   `json:"customFields,omitempty"`
 	Flags         []string       `json:"flags,omitempty"`
 	Status        *Status        `json:"status,omitempty"`
+	Splits        []*Split       `json:"splits,omitempty"` // https://developer.qiwi.com/en/payments/#payments_split
 
 	Error
 }

sbp_test.go

@@ -29,7 +29,7 @@ func TestSBP(t *testing.T) {
 		var buf bytes.Buffer
 		var p Payment
 
-		_, err = io.Copy(&buf, r.Body) // nolint
+		_, err = io.Copy(&buf, r.Body) //nolint
 		if err != nil {
 			fmt.Fprintf(w, errResp, err)
 		}

signature_test.go

@@ -238,7 +238,7 @@ func TestSignature(t *testing.T) {
 		}
 
 		if !sig.Verify(&notify) {
-			t.Errorf("Wrong signature")
+			t.Errorf("Wrong signature for key %s sig is not %s", test.key, test.hash)
 		}
 	}
 }

split.go

@@ -0,0 +1,40 @@
+package qiwi
+
+type SplitDataType string
+
+const MerchantDetails SplitDataType = "MERCHANT_DETAILS"
+
+type Split struct {
+	Type    SplitDataType `json:"type"`              // String	Data type. Always MERCHANT_DETAILS (merchant details)
+	SiteUID string        `json:"siteUid"`           // String	Merchant ID
+	Amount  Amount        `json:"splitAmount"`       // Object	Merchant reimbursement data
+	OrderID string        `json:"orderId,omitempty"` // String	Order number (optional)
+	Comment string        `json:"comment,omitempty"` // string comment	String	Comment for the order (optional)
+}
+
+// AddSplit without optional fields, see SplitExtra.
+func (p *Payment) Split(a Amount, merchid string) *Payment {
+	return p.SplitExtra(a, merchid, "", "")
+}
+
+// SplitExtra extends to optional fields.
+func (p *Payment) SplitExtra(a Amount, merchid, orderid, c string) *Payment {
+	s := &Split{Type: MerchantDetails, SiteUID: merchid, Amount: a}
+
+	if orderid != "" {
+		s.OrderID = orderid
+	}
+
+	if c != "" {
+		s.Comment = c
+	}
+
+	p.addSplit(s)
+
+	return p
+}
+
+// addSplit adds split data to payment information.
+func (p *Payment) addSplit(s *Split) {
+	p.Splits = append(p.Splits, s)
+}