inital import

Author: WeRn

api.py

@@ -0,0 +1,72 @@
+from flask import Flask
+import locale
+from flask_sqlalchemy import SQLAlchemy
+from config import Config
+
+app = Flask(__name__)
+app.config.from_object(Config)
+locale.setlocale(locale.LC_ALL, '')
+db = SQLAlchemy(app)
+
+
+@app.route('/')
+def index():
+    return 'UnitPay API'
+
+
+from models import UnitpayPayments, AccountData
+from unitpay import UnitPay
+from flask import request
+from sqlalchemy import exc
+from datetime import datetime
+import decimal
+
+
+@app.route('/api/v1.0/unitpay/payment/', methods=['GET'])
+def unitpay_processor():
+    unitpay = UnitPay('SECRET_KEY')  # ВВести ключ от UnitPay
+    if unitpay.check_handler_request():
+        try:
+            sum_count = decimal.Decimal(request.args.get('params[profit]'))
+            account = db.session.query(AccountData).filter(AccountData.name == request.args.get('params[account]')).first()
+            if request.args.get('method') == 'pay':
+                if account:
+                    pay = UnitpayPayments(unitpay_id=request.args.get('params[unitpayId]'),
+                                          account=request.args.get('params[account]'),
+                                          sum=request.args.get('params[payerSum]'),
+                                          payment_type=request.args.get('params[paymentType]'),
+                                          payer_currency=request.args.get('params[payerCurrency]'),
+                                          signature=request.args.get('params[signature]'),
+                                          profit=request.args.get('params[profit]'))
+                    db.session.add(pay)
+                    db.session.commit()
+
+                    update_count = sum_count
+
+                    db.session.query(AccountData).filter(AccountData.name == request.args.get('params[account]')).update({
+                        'balance': account.balance + update_count
+                    })
+                    db.session.query(UnitpayPayments).filter(UnitpayPayments.unitpay_id == request.args.get('params[unitpayId]')).update({
+                        'date_complete': datetime.now(),
+                        'status': 1
+                    })
+                    db.session.commit()
+                    app.logger.info('The request was successfully processed by the system.')
+                    return unitpay.get_success_handler_response("The request was successfully processed by the system.")
+                else:
+                    app.logger.info('Account with this email does not exist.')
+                    return unitpay.get_error_handler_response("Account with this email does not exist.")
+            else:
+                app.logger.info('The request was successfully processed by the system without writing to the database because of.')
+                return unitpay.get_success_handler_response("The request was successfully processed by the system without writing to the database because of.")
+        except exc.SQLAlchemyError as e:
+            print(e)
+            app.logger.error(e)
+            db.session.rollback()
+            return unitpay.get_error_handler_response("The request has been processed by the system.")
+    else:
+        return unitpay.get_error_handler_response("The request has been processed by the system.")
+
+
+if __name__ == '__main__':
+    app.run(host='127.0.0.1', port=8080)

config.py

@@ -0,0 +1,15 @@
+import os
+
+basedir = os.path.abspath(os.path.dirname(__file__))
+
+
+class Config(object):
+
+    TEST = False
+    DEBUG = False
+
+    SQLALCHEMY_DATABASE_URI = 'mysql+pymysql://root:[email protected]:3306/aion?charset=utf8mb4'
+    SQLALCHEMY_TRACK_MODIFICATIONS = False
+    SQLALCHEMY_ECHO = False
+
+    SECRET_KEY = str(os.urandom(48))[2:-1].replace('\\x', '')

models.py

@@ -0,0 +1,56 @@
+from api import db
+from datetime import datetime
+
+
+class UnitpayPayments(db.Model):
+    __tablename__ = 'unitpay_payments'
+
+    id = db.Column(db.Integer(), primary_key=True, autoincrement=True, nullable=False)
+    unitpay_id = db.Column(db.VARCHAR(255), nullable=False)
+    account = db.Column(db.VARCHAR(255), nullable=False)
+    sum = db.Column(db.REAL(), nullable=False)
+    payment_type = db.Column(db.VARCHAR(255), nullable=False)
+    payer_currency = db.Column(db.VARCHAR(255), nullable=False)
+    signature = db.Column(db.VARCHAR(100), nullable=False)
+    date_create = db.Column(db.DateTime(), nullable=False, default=datetime.now())
+    date_complete = db.Column(db.DateTime(), nullable=True, default=None)
+    status = db.Column(db.Integer(), nullable=False, default=0)
+    profit = db.Column(db.VARCHAR(255), nullable=True)
+
+    def __init__(self, unitpay_id, account, sum, payment_type, payer_currency, signature, profit):
+        self.unitpay_id = unitpay_id
+        self.account = account
+        self.sum = sum
+        self.payment_type = payment_type
+        self.payer_currency = payer_currency
+        self.signature = signature
+        self.profit = profit
+
+
+class AccountData(db.Model):
+    __tablename__ = 'account_data'
+
+    id = db.Column(db.Integer(), primary_key=True, autoincrement=True, nullable=False)
+    name = db.Column(db.VARCHAR(30), nullable=False)
+    password = db.Column(db.VARCHAR(100), nullable=False)
+    activated = db.Column(db.Integer(), nullable=False, default=0)
+    access_level = db.Column(db.Integer(), nullable=False, default=0)
+    last_server = db.Column(db.Integer(), nullable=False, default=-1)
+    last_ip = db.Column(db.VARCHAR(20), nullable=False, default='xxx.xxx.xxx.xxx')
+    last_mac = db.Column(db.VARCHAR(20), nullable=False, default='xx-xx-xx-xx-xx-xx')
+    last_hdd = db.Column(db.VARCHAR(100), nullable=False, default='xxxxxxxxxxxxx')
+    allowed_ip = db.Column(db.VARCHAR(20), nullable=True)
+    allowed_mac = db.Column(db.VARCHAR(20), nullable=True)
+    allowed_hdd = db.Column(db.VARCHAR(100), nullable=True)
+    session_id = db.Column(db.VARCHAR(100), nullable=True)
+    create_date = db.Column(db.TIMESTAMP(), nullable=False, default=datetime.now())
+    edit_date = db.Column(db.TIMESTAMP(), nullable=False, default=datetime.now())
+    password_edit_date = db.Column(db.TIMESTAMP(), nullable=False, default=datetime.now())
+    security_ip = db.Column(db.VARCHAR(20), nullable=False, default='127.0.0.1')
+    balance = db.Column(db.Integer(), nullable=False, default=0)
+    is_banned = db.Column(db.Integer(), nullable=False, default=0)
+    two_factor = db.Column(db.Integer(), nullable=False, default=0)
+
+    def __init__(self, name, password):
+        self.name = name
+        self.password = password

unitpay.py

@@ -0,0 +1,157 @@
+#!/usr/bin/env python3
+
+import urllib.parse
+import hashlib
+from urllib.request import urlopen
+import json
+import re
+import copy
+from flask import request
+
+
+class UnitPay(object):
+    secretKey = ''
+    supportedUnitpayMethods = ['initPayment', 'getPayment']
+    requiredUnitpayMethodsParams = {'initPayment': ['desc', 'account', 'sum'], 'getPayment': ['paymentId']}
+    supportedPartnerMethods = ['check', 'pay', 'error']
+    supportedUnitpayIp = [
+        '31.186.100.49',
+        '178.132.203.105',
+        '52.29.152.23',
+        '52.19.56.234',
+        '127.0.0.1'  # for debug
+    ]
+
+    def __init__(self, secret_key):
+        self.formUrl = 'https://unitpay.ru/pay/'
+        self.apiUrl = 'https://unitpay.ru/api/'
+        self.secretKey = secret_key
+
+    def form(self, public_key, summ, account, desc, currency='RUB', locale='ru', customer_email=None):
+        params = {'account': account, 'currency': currency, 'desc': desc, 'sum': summ, 'customerEmail': customer_email}
+        params['signature'] = self.get_signature(params)
+        params['locale'] = locale
+        print(self.generate_signature(account, currency, desc, summ, self.secretKey))
+        return self.formUrl + public_key + '?' + urllib.parse.urlencode(params)
+
+    @staticmethod
+    def generate_signature(account: str, currency: str, desc: str, sum: str, secret_key: str):
+        signature = account + '{up}' + currency + '{up}' + desc + '{up}' + sum + '{up}' + secret_key
+        signature = signature.encode('utf-8')
+        return hashlib.sha256(signature).hexdigest()
+
+    @staticmethod
+    def generate_signature_output(account: str, currency: str, desc: str, sum: str, secret_key: str):
+        signature = account + '{up}' + currency + '{up}' + desc + '{up}' + sum + '{up}' + secret_key
+        signature = signature.encode('utf-8')
+        return hashlib.sha256(signature).hexdigest()
+
+    def get_signature(self, params):
+        paramss = copy.copy(params)
+
+        if 'params[signature]' in paramss:
+            paramss.pop('params[signature]')
+        if 'params[sign]' in paramss:
+            paramss.pop('params[sign]')
+
+        if 'customerEmail' in paramss:
+            paramss.pop('customerEmail')
+
+        paramss = ksort(paramss)
+        paramss.append([0, self.secretKey])
+
+        # list of dict to str
+        res_p = []
+        for p in paramss:
+            res_p.append(str(p[1]))
+        strr = '{up}'.join(res_p)
+        strr = strr.encode('utf-8')
+        h = hashlib.sha256(strr).hexdigest()
+        return h
+
+    def check_handler_request(self):
+        ip = self.get_ip()
+
+        params = {}
+        for v in request.args.lists():
+            params[str(v[0])] = request.args.get(v[0])
+
+        if not 'method' in params:
+            raise Exception('Method is null')
+
+        if not params:
+            raise Exception('Params is null')
+
+        if not params['method'] in self.supportedPartnerMethods:
+            raise Exception('Method is not supported')
+
+        if not 'params[signature]' in params:
+            raise Exception('signature params is null')
+
+        if params['params[signature]'] != self.get_signature(params):
+            raise Exception('Wrong signature')
+
+        if not ip in self.supportedUnitpayIp:
+            raise Exception('IP address error')
+
+        return True
+
+    @staticmethod
+    def get_ip():
+        if not request.headers.getlist("X-Forwarded-For"):
+            ip = request.remote_addr
+        else:
+            ips = request.headers.getlist("X-Forwarded-For")[0].split(",")
+            if ips[0] is not None:
+                ip = ips[0]
+            else:
+                ip = request.headers.getlist("X-Forwarded-For")[0]
+        return ip
+
+    @staticmethod
+    def get_error_handler_response(message):
+        return json.dumps({'error': {'message': message}})
+
+    @staticmethod
+    def get_success_handler_response(message):
+        return json.dumps({'result': {'message': message}})
+
+    def api(self, method, params=None):
+        if params is None:
+            params = {}
+        if not (method in self.supportedUnitpayMethods):
+            raise Exception('Method is not supported')
+        for rParam in self.requiredUnitpayMethodsParams[method]:
+            if not rParam in params:
+                raise Exception('Param ' + rParam + ' is null')
+        params['secretKey'] = self.secretKey
+        request_url = self.apiUrl + '?method=' + method + '&' + self.insert_url_encode('params', params)
+        response = urlopen(request_url)
+        data = response.read().decode('utf-8')
+        jsons = json.loads(data)
+        return jsons
+
+    @staticmethod
+    def insert_url_encode(inserted, params):
+        result = ''
+        first = True
+        for p in params:
+            if first:
+                first = False
+            else:
+                result += '&'
+            result += inserted + '[' + p + ']=' + str(params[p])
+        return result
+
+
+def parse_params(s):
+    params = {}
+    for v in s:
+        if re.search('params', v):
+            p = v[len('params['):-1]
+            params[p] = s[v][0]
+    return params
+
+
+def ksort(d):
+    return [[k, d[k]] for k in sorted(d.keys())]