bornhack-website/shop/epayintegration.py

### epay callback function
@require_safe
def api_epay_callback(request):
    ### save GET payload
    callback = EpayCallback.objects.create(
        json_payload=json.dumps(request.GET),
        callback_time=timezone.now(),
    )

    ### find order
    if 'orderid' in request.GET:
        ### find order type
        if request.GET['orderid'][0] == "M":
            ### find epay order
            try:
                order = EpayOrder.objects.get(id=request.GET['orderid'][1:])
            except EpayOrder.DoesNotExist:
                print "epay callback - epayorder %s not found" % request.GET['orderid']
                return HttpResponse("Not OK")

            ### check hash here
            if 'hash' not in request.GET:
                print "epay callback - missing epay hash"
                return HttpResponse("Not OK")

            ### this does not work sometimes, ordering is off maybe?
            hashstring = ''
            qs = request.META['QUERY_STRING']
            print "querystring is %s" % qs
            for kv in qs.split("&"):
                print "hashstring is now %s" % hashstring
                if kv.split("=")[0] != "hash":
                    hashstring += kv.split("=")[1]
            print "hashstring is now %s" % hashstring
            hashstring += settings.EPAY_MD5_SECRET
            epayhash = hashlib.md5(hashstring).hexdigest()
            if epayhash != request.GET['hash']:
                print "epay callback - wrong epay hash"
                return HttpResponse("Not OK")

            ### save callback in epayorder
            order.epay_callback = callback
            if 'txnid' in request.GET:
                order.epay_txnid=request.GET['txnid']
            if 'amount' in request.GET:
                order.epay_amount=int(request.GET['amount'])/100
            if 'fraud' in request.GET:
                if request.GET['fraud'] == '1':
                    order.epay_fraud=True
                else:
                    order.epay_fraud=False

            ### delay epayorder depending on user level
            if settings.ACCOUNT_LEVEL_SETTINGS[str(order.user.profile.account_level)]['MOBILEPAY_DELAY_DAYS'] > 0:
                order.btc_processing_delayed = True

            ### all ok?
            if order.epay_amount == order.xxx_amount and not order.epay_fraud:
                order.epay_payment_ok=True

            ### save
            order.save()
        else:
            print "epay callback - order %s not recognized" % request.GET['orderid']
            return HttpResponse("Not OK")
    return HttpResponse("OK")


### epay order function
@login_required
def epay_order(request):
    if 'HTTP_X_FORWARDED_FOR' in request.META:
        ip = request.META['HTTP_X_FORWARDED_FOR']
    else:
        ip = request.META['REMOTE_ADDR']

    country = GeoIP().country(ip)["country_code"]
    if country not in settings.PERMITTED_EPAY_COUNTRIES:
        return render(request, 'epay_sepa_only.html')

    ### get provision percent
    provision = get_provision_percent(request.user, "epayorder")

    ### convert BTC price to DKK
    btc_usd_price = CurrencyPrice.objects.get(item='BTCUSD').price
    btc_dkk_price = ConvertCurrency(btc_usd_price, 'USD', 'DKK')

    ### add provision
    btc_dkk_price_with_provision = btc_dkk_price * provision

    ### instantiate form
    form = EpayOrderForm(request.POST or None, request=request, initial={
        'currency': request.user.profile.preferred_currency,
        'btc_address': request.user.profile.btc_address,
    })

    if form.is_valid():
        ### Check exhange rates
        check_if_exchange_rates_are_too_old()

        ### save order
        try:
            ### save epay order with commit=False
            epayorder = form.save(commit=False)
        except Exception as E:
            print "unable to save epay order with commit=false"
            return render(request, 'epay_order_fail.html', {
                'message': _('Unable to save epay order. Please try again, and please contact us if the problem persists.')
            })

        ### set useragent and IP
        epayorder.useragent = request.META['HTTP_USER_AGENT']
        epayorder.ip = ip

        ### create time
        epayorder.create_time = timezone.now()

        ### set order user
        epayorder.user = request.user

        ### save DKK amount
        epayorder.dkk_amount = ConvertCurrency(epayorder.xxx_amount, epayorder.currency, 'DKK')

        ### set fee
        epayorder.fee = settings.ACCOUNT_LEVEL_SETTINGS[str(epayorder.user.profile.account_level)]['MOBILEPAY_PROVISION']

        ### save epayorder
        epayorder.save()

        ### save btc_address to profile if needed
        if not request.user.profile.btc_address:
            request.user.profile.btc_address = epayorder.btc_address
            request.user.profile.save()

        send_amqp_message("epayorder M%s created by user %s" % (epayorder.id, request.user), "epayorder.create")
        return HttpResponseRedirect(reverse('epay_epay_form', kwargs={'epayorderid': epayorder.id}))

    ### calculate BTC price for the users native currency
    btc_xxx_price = ConvertCurrency(amount=btc_usd_price, fromcurrency="USD", tocurrency=request.user.profile.preferred_currency or "EUR")

    ### add provision
    btc_xxx_price = btc_xxx_price * provision

    ### find out if new orders by this user should be delayed
    if settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level)]['MOBILEPAY_DELAY_DAYS'] == 0:
        skipdelay = True
    else:
        skipdelay = False

    ### delay relevant?
    if settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level)]['MOBILEPAY_DELAY_DAYS'] > 0:
        nextlevel_history_delay = settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level+1)]['BUY_HISTORY_DELAY_DAYS']
        nextlevel_history_amount = settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level+1)]['BUY_HISTORY_MINIMUM']
    else:
        nextlevel_history_delay = None
        nextlevel_history_amount = None

    ### render the response
    return render(request, 'epay_order.html', {
        'form': form,
        'btc_xxx_price': round(btc_xxx_price, 2),
        'currency': request.user.profile.preferred_currency or "EUR",
        'provision': round((provision-1)*100, 1),
        'skipdelay': skipdelay,
        'delaydays': settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level)]['MOBILEPAY_DELAY_DAYS'],
        'daily_limit': settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level)]['MOBILEPAY_LIMIT_DAY'],
        'nextlevel_history_delay': nextlevel_history_delay,
        'nextlevel_history_amount': nextlevel_history_amount,
        'btc_address': request.user.profile.btc_address,
    })


### the page which shows the epay epay form
@login_required
def epay_epay_form(request, epayorderid):
    epayorder = get_object_or_404(EpayOrder, id=epayorderid, user=request.user, user_cancelled=False, epay_callback__isnull=True)
    accepturl = request.build_absolute_uri(reverse('epay_thanks', kwargs={'epayorderid': epayorder.id})).replace('http://', 'https://')
    description = str(request.user.id)
    hashstring = settings.EPAY_MERCHANT_NUMBER+description+'11'+str(epayorder.xxx_amount*100)+str(epayorder.currency)+'M'+str(epayorder.id)+accepturl+settings.EPAY_MD5_SECRET
    epayhash = hashlib.md5(hashstring).hexdigest()
    return render(request, 'epay_form.html', {
        'orderid': 'M%s' % epayorder.id,
        'description': description,
        'merchantnumber': settings.EPAY_MERCHANT_NUMBER,
        'amount': epayorder.xxx_amount*100,
        'currency': epayorder.currency,
        'epayhash': epayhash,
        'accepturl': accepturl,
    })


### after epay payment thanks page
@login_required
def epay_thanks(request, epayorderid):
    ### get order - if it is owned by this user and uncancelled
    epayorder = get_object_or_404(EpayOrder, id=epayorderid, user=request.user, user_cancelled=False)

    ### check for querystring
    if request.GET:
        ### update order to register thanks page view
        epayorder.thanks_page_view_time=timezone.now()
        epayorder.save()

        ### redirect to get rid of GET querystring
        return HttpResponseRedirect(reverse('epay_thanks', kwargs={'epayorderid': epayorder.id}))

    if epayorder.btc_processing_delayed:
        minamount = ConvertLimit(settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level+1)]['BUY_HISTORY_MINIMUM'], epayorder.currency)
        delaydays = settings.ACCOUNT_LEVEL_SETTINGS[str(request.user.profile.account_level)]['MOBILEPAY_DELAY_DAYS']
    else:
        minamount = None
        delaydays = None

    return render(request, 'epay_thanks.html', {
        'order': epayorder,
        'delaydays': delaydays,
        'minamount': minamount,
    })