docs(payment-service): updated readme

BREAKING CHANGE:
Added mandatory authentication and authorization checks to API endpoints.

GH-2138

Author: Surbhi-sharma1

services/payment-service/README.md

@@ -213,6 +213,14 @@ copy the credentials to the sandbox account and use them to develop payment-serv
 
 Order creation , capture and refund is supported right now.
 
+The **`place-order-and-pay`** API endpoint allows creating a new order and initiate payment through PayPal. When a request is made, it first creates an order with the given details and saves it to the database.
+
+The create method in it handles the payment process by checking if a payment transaction already exists for the order. If not, it creates a new PayPal order and retrieves a payment link, which is then returned along with the order ID.
+
+The redirect url redirect users to the PayPal checkout page where they can review and complete their payment for a transaction associated with the provided orderId and receive a token or approval link in the response redirecting users to either the `SUCCESS_CALLBACK_URL` for successful payments with token and payerID or the `FAILURE_CALLBACK_URL` for canceled or failed transactions provided in env file.
+
+The **`transactionscharge`** API endpoint processes a payment charge and redirects the user based on the result.Upon receiving a successful response, it updates the order and transaction records to reflect the payment status.
+
 #### API Details
 
 ##### POST /payment-gateways

services/payment-service/openapi.json

@@ -34,7 +34,7 @@
           "content": {
             "application/json": {
               "schema": {
-                "type": "object"
+                "$ref": "#/components/schemas/NewSubscriptions"
               }
             }
           }
@@ -749,7 +749,7 @@
           "content": {
             "application/json": {
               "schema": {
-                "$ref": "#/components/schemas/NewMessage"
+                "$ref": "#/components/schemas/NewOrder"
               }
             }
           }
@@ -1585,6 +1585,7 @@
             }
           }
         },
+        "description": "\n\n| Permissions |\n| ------- |\n| CreateRefund   |\n| CreateRefundNum   |\n",
         "parameters": [
           {
             "name": "id",
@@ -1618,6 +1619,7 @@
             }
           }
         },
+        "description": "\n\n| Permissions |\n| ------- |\n| CreateRefund   |\n| CreateRefundNum   |\n",
         "parameters": [
           {
             "name": "id",
@@ -2278,10 +2280,10 @@
         "additionalProperties": false,
         "x-typescript-type": "Partial<Transactions>"
       },
-      "NewMessage": {
-        "title": "NewMessage",
+      "NewOrder": {
+        "title": "NewOrder",
         "type": "object",
-        "description": "(tsType: Omit<Orders, 'id'>, schemaOptions: { title: 'NewMessage', exclude: [ 'id' ] })",
+        "description": "(tsType: Omit<Orders, 'id'>, schemaOptions: { title: 'NewOrder', exclude: [ 'id' ] })",
         "properties": {
           "totalAmount": {
             "type": "number"
@@ -2576,11 +2578,8 @@
       "NewSubscriptions": {
         "title": "NewSubscriptions",
         "type": "object",
-        "description": "(tsType: Subscriptions, schemaOptions: { title: 'NewSubscriptions' })",
+        "description": "(tsType: Omit<Subscriptions, 'id'>, schemaOptions: { title: 'NewSubscriptions', exclude: [ 'id' ] })",
         "properties": {
-          "id": {
-            "type": "string"
-          },
           "totalAmount": {
             "type": "number"
           },
@@ -2615,12 +2614,11 @@
           }
         },
         "required": [
-          "id",
           "totalAmount",
           "status"
         ],
         "additionalProperties": false,
-        "x-typescript-type": "Subscriptions"
+        "x-typescript-type": "Omit<Subscriptions, 'id'>"
       },
       "SubscriptionsWithRelations": {
         "title": "SubscriptionsWithRelations",

services/payment-service/openapi.md

@@ -35,7 +35,18 @@ Base URLs:
 > Code samples
 
 ```javascript
-const inputBody = '{}';
+const inputBody = '{
+  "totalAmount": 0,
+  "currency": "string",
+  "status": "string",
+  "paymentGatewayId": "string",
+  "paymentMethod": "string",
+  "metaData": {},
+  "startDate": "2019-08-24T14:15:22Z",
+  "endDate": "2019-08-24T14:15:22Z",
+  "gatewaySubscriptionId": "string",
+  "planId": "string"
+}';
 const headers = {
   'Content-Type':'application/json',
   'Accept':'text/html'
@@ -57,7 +68,18 @@ fetch('/create-subscription-and-pay',
 
 ```javascript--nodejs
 const fetch = require('node-fetch');
-const inputBody = {};
+const inputBody = {
+  "totalAmount": 0,
+  "currency": "string",
+  "status": "string",
+  "paymentGatewayId": "string",
+  "paymentMethod": "string",
+  "metaData": {},
+  "startDate": "2019-08-24T14:15:22Z",
+  "endDate": "2019-08-24T14:15:22Z",
+  "gatewaySubscriptionId": "string",
+  "planId": "string"
+};
 const headers = {
   'Content-Type':'application/json',
   'Accept':'text/html'
@@ -87,14 +109,25 @@ fetch('/create-subscription-and-pay',
 > Body parameter
 
 ```json
-{}
+{
+  "totalAmount": 0,
+  "currency": "string",
+  "status": "string",
+  "paymentGatewayId": "string",
+  "paymentMethod": "string",
+  "metaData": {},
+  "startDate": "2019-08-24T14:15:22Z",
+  "endDate": "2019-08-24T14:15:22Z",
+  "gatewaySubscriptionId": "string",
+  "planId": "string"
+}
 ```
 
 <h3 id="subscriptiontransactionscontroller.subscriptionandtransactionscreate-parameters">Parameters</h3>
 
 |Name|In|Type|Required|Description|
 |---|---|---|---|---|
-|body|body|object|false|none|
+|body|body|[NewSubscriptions](#schemanewsubscriptions)|false|none|
 
 > Example responses
 
@@ -1860,7 +1893,7 @@ fetch('/place-order-and-pay',
 
 |Name|In|Type|Required|Description|
 |---|---|---|---|---|
-|body|body|[NewMessage](#schemanewmessage)|false|none|
+|body|body|[NewOrder](#schemaneworder)|false|none|
 
 > Example responses
 
@@ -2172,6 +2205,11 @@ fetch('/transactions/refund/parse/{id}',
 
 `GET /transactions/refund/parse/{id}`
 
+| Permissions |
+| ------- |
+| CreateRefund   |
+| CreateRefundNum   |
+
 <h3 id="transactionscontroller.transactionsrefundparse-parameters">Parameters</h3>
 
 |Name|In|Type|Required|Description|
@@ -2242,6 +2280,11 @@ fetch('/transactions/refund/{id}',
 
 `POST /transactions/refund/{id}`
 
+| Permissions |
+| ------- |
+| CreateRefund   |
+| CreateRefundNum   |
+
 <h3 id="transactionscontroller.transactionsrefund-parameters">Parameters</h3>
 
 |Name|In|Type|Required|Description|
@@ -3519,7 +3562,6 @@ None
 
 ```javascript
 const inputBody = '{
-  "id": "string",
   "totalAmount": 0,
   "currency": "string",
   "status": "string",
@@ -3553,7 +3595,6 @@ fetch('/subscriptions',
 ```javascript--nodejs
 const fetch = require('node-fetch');
 const inputBody = {
-  "id": "string",
   "totalAmount": 0,
   "currency": "string",
   "status": "string",
@@ -3595,7 +3636,6 @@ fetch('/subscriptions',
 
 ```json
 {
-  "id": "string",
   "totalAmount": 0,
   "currency": "string",
   "status": "string",
@@ -4992,12 +5032,12 @@ TransactionsPartial
 |orderId|string|false|none|none|
 |res|object|false|none|none|
 
-<h2 id="tocS_NewMessage">NewMessage</h2>
+<h2 id="tocS_NewOrder">NewOrder</h2>
 <!-- backwards compatibility -->
-<a id="schemanewmessage"></a>
-<a id="schema_NewMessage"></a>
-<a id="tocSnewmessage"></a>
-<a id="tocsnewmessage"></a>
+<a id="schemaneworder"></a>
+<a id="schema_NewOrder"></a>
+<a id="tocSneworder"></a>
+<a id="tocsneworder"></a>
 
 ```json
 {
@@ -5011,7 +5051,7 @@ TransactionsPartial
 
 ```
 
-NewMessage
+NewOrder
 
 ### Properties
 
@@ -5307,7 +5347,6 @@ Subscriptions
 
 ```json
 {
-  "id": "string",
   "totalAmount": 0,
   "currency": "string",
   "status": "string",
@@ -5328,7 +5367,6 @@ NewSubscriptions
 
 |Name|Type|Required|Restrictions|Description|
 |---|---|---|---|---|
-|id|string|true|none|none|
 |totalAmount|number|true|none|none|
 |currency|string|false|none|none|
 |status|string|true|none|none|

services/payment-service/src/controllers/subscriptions-transactions.controller.ts

@@ -8,6 +8,7 @@ import {
   Request,
   Response,
   RestBindings,
+  getModelSchemaRef,
   post,
   requestBody,
 } from '@loopback/rest';
@@ -59,9 +60,10 @@ export class SubscriptionTransactionsController {
     @requestBody({
       content: {
         [CONTENT_TYPE.JSON]: {
-          schema: {
-            type: 'object',
-          },
+          schema: getModelSchemaRef(Subscriptions, {
+            title: 'NewSubscriptions',
+            exclude: ['id'],
+          }),
         },
       },
     })

services/payment-service/src/controllers/transactions.controller.ts

@@ -369,7 +369,7 @@ export class TransactionsController {
       content: {
         [CONTENT_TYPE.JSON]: {
           schema: getModelSchemaRef(Orders, {
-            title: 'NewMessage',
+            title: 'NewOrder',
             exclude: ['id'],
           }),
         },
@@ -491,7 +491,10 @@ export class TransactionsController {
       );
     }
   }
-
+  @authenticate(STRATEGY.BEARER)
+  @authorize({
+    permissions: [PermissionKey.CreateRefund, PermissionKey.CreateRefundNum],
+  })
   @post(`/transactions/refund/{id}`, {
     security: OPERATION_SECURITY_SPEC,
     responses: {
@@ -537,7 +540,10 @@ export class TransactionsController {
       return 'Transaction does not exist';
     }
   }
-
+  @authenticate(STRATEGY.BEARER)
+  @authorize({
+    permissions: [PermissionKey.CreateRefund, PermissionKey.CreateRefundNum],
+  })
   @get(`/transactions/refund/parse/{id}`, {
     security: OPERATION_SECURITY_SPEC,
     responses: {

services/payment-service/src/enums/permission-key.enum.ts

@@ -24,7 +24,7 @@ export const enum PermissionKey {
   ViewTransaction = 'ViewTransaction',
   UpdateTransaction = 'UpdateTransaction',
   DeleteTransaction = 'DeleteTransaction',
-
+  CreateRefund = 'CreateRefund',
   GetSubscriptionCountNum = '1',
   CreateSubscriptionNum = '2',
   GetSubscriptionsNum = '3',
@@ -46,4 +46,5 @@ export const enum PermissionKey {
   ViewTransactionNum = '19',
   UpdateTransactionNum = '20',
   DeleteTransactionNum = '21',
+  CreateRefundNum = 'CreateRefundNum',
 }