Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@luchalupa/csobcz_payment_gateway
Advanced tools
Source | Gateway documentation
Module for ČSOB CZ payment gateway, supports gateway version 1.9 (although not all features are yet implemented)
npm install @luchalupa/csobcz_payment_gateway
All keys are strings, for multiline env strings (certificates) check dotenv#rules.
variable name | description |
---|---|
GATEWAY_URL | payment gateway address |
MERCHANT_PRIVATE_KEY | merchant private key |
MERCHANT_PUBLIC_KEY | merchant public key |
BANK_PUBLIC_KEY | bank public key |
CALLBACK_URL | url called by gateway after payment |
MERCHANT_ID | merchant id from gateway provider |
Alternatively using config:
const { CSOBPaymentModule } = require('csobcz_payment_gateway');
const gateway = new CSOBPaymentModule({
logging: ...,
gateUrl: ...,
privateKey: ...,
merchantPublicKey: ...,
bankPublicKey: ...,
calbackUrl: ...,
merchantId: ...,
payloadTemplate: {}
})
Attribute logging
should be boolean
or function
used for debug info. By setting payloadTemplate
can by overwrited more init
method payload (see gateway config):
{
"merchantId": "...",
"payOperation": "payment",
"payMethod": "card",
"currency": "CZK",
"language": "CZ",
"returnUrl": "...",
"returnMethod": "POST"
}
status(string payId)
- returns payment statusinit(json payload)
- payment initgooglePayInit(json payload)
- GooglePay payment init (not fully implemented)applePayInit(json payload)
- ApplePay payment init (not fully implemented)reverse(string payId)
- reverse payment with given payIdclose(string payId)
- close payment with given payIdrefund(string payId, int amount)
- refund payment with given payId, if
amount specified given amount is refundedecho(string method)
- echo test, method is either GET
or POST
(default)verifyResult(json payload)
- if success returns payload
else returns error,
payload is json returned from gateway callback.payOrder(json order, boolean close, json options)
- wrapper for init and getRedirectUrl, close
params is closePayment
value, options
are merged into request payload
order example{
"id": "order1",
"description": "Moje order",
"items": [
{
"name": "Nákup: vasobchod.cz",
"quantity": 1,
"amount": 200,
"description": "Produkt 1"
}
]
}
allowed is 1-2 items.
getRedirectUrl(string payId)
- returns gateway url for redirectionAll methods returns Promise
when resolved is JSON
payload specified in
Gateway documentation only Extra methods returns custom payload. Reject is JS Error
.
payOrder
, getRedirectUrl
- returned JSON
{
"url": "https://api.platebnibrana.csob.cz/api/v1.7/payment/process/MERCHANDID/PAYID/20180504105513/KZr8D0z%2FVYFlX2fy0bs2NTafv...."
}
const gateway = require("csobcz_payment_gateway");
gateway
.echo("GET")
.then((result) => {
logger.log(result);
})
.catch((e) => {
logger.error(e);
});
FAQs
CSOB CZ payment gateway module
The npm package @luchalupa/csobcz_payment_gateway receives a total of 5 weekly downloads. As such, @luchalupa/csobcz_payment_gateway popularity was classified as not popular.
We found that @luchalupa/csobcz_payment_gateway demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.