dockerized payments and tested

Author: DEVMANISHOFFL

docker-compose.yml

@@ -60,6 +60,22 @@ services:
       "
     restart: "no"
 
+  payments-migrate:
+    image: postgres:15
+    depends_on:
+      postgres:
+        condition: service_healthy
+    volumes:
+      - ./services/payments/migration:/migrations
+    entrypoint: >
+      sh -c "
+      until pg_isready -h postgres -p 5432 -U postgres; do sleep 1; done &&
+      psql postgres://postgres:postgres@postgres:5432/sabhyatam?sslmode=disable
+      -f /migrations/001_create_payments.sql
+      "
+    restart: "no"
+
+
   product:
     build: ./services/product
     container_name: product
@@ -98,6 +114,25 @@ services:
         condition: service_started
     ports:
       - "8082:8082"
+    environment:
+      - INTERNAL_SERVICE_KEY=sabhyatam-internal-2025
+
+  payments:
+    build: ./services/payments
+    container_name: payments
+    depends_on:
+      payments-migrate:
+        condition: service_completed_successfully
+      orders:
+        condition: service_started
+    environment:
+      DATABASE_URL: postgres://postgres:postgres@postgres:5432/sabhyatam?sslmode=disable
+      INTERNAL_SERVICE_KEY: sabhyatam-internal-2025
+      ORDERS_SVC_BASE: http://orders:8082
+    ports:
+      - "8083:8083"
+
+
 
 volumes:
   pgdata:

services/orders/go.mod

@@ -6,6 +6,7 @@ toolchain go1.24.11
 
 require (
 	github.com/go-chi/chi/v5 v5.2.3 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/pgx/v5 v5.7.6 // indirect

services/orders/go.sum

@@ -1,6 +1,8 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
 github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=

services/orders/internal/api/handlers.go

@@ -9,6 +9,7 @@ import (
 	"github.com/devmanishoffl/sabhyatam-orders/internal/model"
 	"github.com/devmanishoffl/sabhyatam-orders/internal/store"
 	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
 )
 
 type Handler struct {
@@ -17,6 +18,11 @@ type Handler struct {
 	cartClient *client.CartClient
 }
 
+func isValidUUID(id string) bool {
+	_, err := uuid.Parse(id)
+	return err == nil
+}
+
 func NewHandler(s *store.PGStore, pc *client.ProductClient, cc *client.CartClient) *Handler {
 	return &Handler{store: s, pclient: pc, cartClient: cc}
 }
@@ -108,6 +114,13 @@ func (h *Handler) PrepareOrder(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, it := range orderItems {
+		if err := h.pclient.ReserveStock(ctx, it.VariantID, it.Quantity); err != nil {
+			http.Error(w, "stock reservation failed", http.StatusConflict)
+			return
+		}
+	}
+
 	w.Header().Set("Content-Type", "application/json")
 	json.NewEncoder(w).Encode(map[string]any{
 		"order_id":     orderID,
@@ -163,6 +176,12 @@ func (h *Handler) ConfirmOrder(w http.ResponseWriter, r *http.Request) {
 // called ONLY by payments service
 func (h *Handler) MarkOrderPaid(w http.ResponseWriter, r *http.Request) {
 	orderID := chi.URLParam(r, "orderID")
+
+	if !isValidUUID(orderID) {
+		http.Error(w, "invalid order id", http.StatusBadRequest)
+		return
+	}
+
 	if orderID == "" {
 		http.Error(w, "order id required", http.StatusBadRequest)
 		return
@@ -189,7 +208,7 @@ func (h *Handler) MarkOrderPaid(w http.ResponseWriter, r *http.Request) {
 
 	// deduct stock
 	for _, it := range order.Items {
-		if err := h.pclient.DeductStock(ctx, it.VariantID, it.Quantity); err != nil {
+		if err := h.pclient.DeductReservedStock(ctx, it.VariantID, it.Quantity); err != nil {
 			http.Error(w, "stock deduction failed", http.StatusBadGateway)
 			return
 		}
@@ -202,3 +221,29 @@ func (h *Handler) MarkOrderPaid(w http.ResponseWriter, r *http.Request) {
 
 	w.WriteHeader(http.StatusOK)
 }
+
+func (h *Handler) GetOrderInternal(w http.ResponseWriter, r *http.Request) {
+	orderID := chi.URLParam(r, "orderID")
+	if orderID == "" {
+		http.Error(w, "order id required", http.StatusBadRequest)
+		return
+	}
+
+	if r.Header.Get("X-INTERNAL-KEY") != os.Getenv("INTERNAL_SERVICE_KEY") {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	order, err := h.store.GetOrder(r.Context(), orderID)
+	if err != nil {
+		http.Error(w, "order not found", http.StatusNotFound)
+		return
+	}
+
+	_ = json.NewEncoder(w).Encode(map[string]any{
+		"order_id":     order.ID,
+		"status":       order.Status,
+		"amount_cents": order.TotalAmountCents,
+		"currency":     order.Currency,
+	})
+}

services/orders/internal/api/routes.go

@@ -10,6 +10,8 @@ func RegisterRoutes(r *chi.Mux, h *Handler) {
 	r.Route("/v1/orders", func(r chi.Router) {
 		r.Post("/prepare", h.PrepareOrder)
 		r.Post("/confirm", h.ConfirmOrder)
+		r.Get("/internal/orders/{orderID}", h.GetOrderInternal)
+
 		r.Post("/{orderID}/paid", h.MarkOrderPaid)
 
 	})

services/orders/internal/client/product_client.go

@@ -100,3 +100,35 @@ func (p *ProductClient) ReserveStock(ctx context.Context, variantID string, quan
 	}
 	return nil
 }
+
+func (p *ProductClient) DeductReservedStock(
+	ctx context.Context,
+	variantID string,
+	quantity int,
+) error {
+
+	url := fmt.Sprintf("%s/v1/admin/variants/%s/deduct", p.base, variantID)
+
+	body := map[string]any{
+		"quantity": quantity,
+	}
+	b, _ := json.Marshal(body)
+
+	req, _ := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(b))
+	req.Header.Set("Content-Type", "application/json")
+
+	// INTERNAL AUTH
+	req.Header.Set("X-ADMIN-KEY", p.adminKey)
+
+	resp, err := p.c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("deduct reserved stock failed: %d", resp.StatusCode)
+	}
+
+	return nil
+}

services/orders/internal/store/pg.go

@@ -58,7 +58,7 @@ func (s *PGStore) CreateDraftOrder(
 		RETURNING id
 	`,
 		userID,
-		model.StatusDraft,
+		model.StatusPending,
 		"INR",
 		totalCents,
 	).Scan(&orderID)

services/payments/Dockerfile

@@ -0,0 +1,25 @@
+FROM golang:1.23-alpine AS builder
+
+WORKDIR /app
+
+RUN apk add --no-cache git
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+  go build -o paymentsvc ./cmd/paymentsvc
+
+FROM gcr.io/distroless/base-debian11
+
+WORKDIR /app
+
+COPY --from=builder /app/paymentsvc /app/paymentsvc
+
+EXPOSE 8083
+
+USER nonroot:nonroot
+
+ENTRYPOINT ["/app/paymentsvc"]

services/payments/cmd/paymentsvc/main.go

@@ -3,21 +3,34 @@ package main
 import (
 	"log"
 	"net/http"
+	"os"
 
 	"github.com/devmanishoffl/sabhyatam-payments/internal/api"
+	"github.com/devmanishoffl/sabhyatam-payments/internal/client"
 	"github.com/devmanishoffl/sabhyatam-payments/internal/gateway"
 	"github.com/devmanishoffl/sabhyatam-payments/internal/store"
 	"github.com/go-chi/chi/v5"
 )
 
 func main() {
-	store, err := store.NewPG("")
+	dbURL := os.Getenv("DATABASE_URL")
+	if dbURL == "" {
+		log.Fatal("DATABASE_URL not set for payments service")
+	}
+
+	// DB
+	pgStore, err := store.NewPG(dbURL)
 	if err != nil {
 		log.Fatal(err)
 	}
 
+	// Gateway
 	gw := gateway.NewRazorpay()
-	handler := api.NewHandler(store, gw)
+
+	// Orders client
+	ordersClient := client.NewOrdersClient()
+
+	handler := api.NewHandler(pgStore, gw, ordersClient)
 
 	r := chi.NewRouter()
 	api.RegisterRoutes(r, handler)