Conversation
- fix cors issue - fix wallet tx issue - fix field missing issue
- Add SSLCommerz client with session API and validation API support - Add payment service for creating SSLCommerz payment links - Add webhook handler for IPN callbacks - Add SSLCommerz configuration in config.go and config.yaml - Add SSLCommerz connection metadata types - Add SSLCommerz case in connection repository for metadata conversion - Add SSLCommerz payment gateway type and secret provider - Integrate SSLCommerz in payment processor service
|
@greptileai review |
|
@greptileai review |
|
@greptileai review all the files of this PR only, stop the previous work of yours |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Additional Comments (3)
-
internal/domain/subscription/model.go, line 147-220 (link)logic: Missing InvoiceCadence field in conversion function. This will cause data loss when converting from database entities.
-
internal/domain/wallet/transaction.go, line 57-84 (link)logic: Missing BalanceBefore and BalanceAfter fields in ToEnt() conversion. These should be mapped to maintain data consistency between domain and entity layers.
-
internal/domain/wallet/transaction.go, line 88-122 (link)logic: Missing BalanceBefore and BalanceAfter fields in FromEnt() conversion. Add mappings for these fields to prevent data loss during entity-to-domain conversion.
39 files reviewed, 16 comments
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
SSLCommerz improvements: - Use PaymentID as TranID for unique transaction identification - Update webhook handler to lookup payments by PaymentID - Remove redundant GatewayPageURL field from response DTO - Fix BaseFair -> BaseFare spelling in validation response Security enhancements: - Add CORS origin whitelisting with configurable allowed_origins - Remove store credentials from config (use Connection API instead) - Remove seed script in favor of POST /connections endpoint Code cleanup: - Separate error handling for service errors vs empty results - Remove unused SSLCommerz flags from scripts/main.go
- Add InvoiceCadence field mapping in GetSubscriptionFromEnt()
- Add balance_before and balance_after fields to wallet transaction:
- Update ent schema with new decimal fields
- Update ToEnt() and FromEnt() conversion functions
- Add V5 migration files (up/down) for new columns
|
@greptileai review last 3 commits |
| if ipnData.RiskLevel == "1" && ipnData.Status == "VALID" { | ||
| h.logger.Warnw("SSLCommerz payment is VALID but risk_level=1, holding for manual verification", | ||
| "tran_id", ipnData.TranID, | ||
| "val_id", ipnData.ValID, | ||
| "risk_level", ipnData.RiskLevel) | ||
|
|
||
| err = h.updatePaymentStatus(ctx, ipnData, "PENDING_VERIFICATION", | ||
| lo.ToPtr("Payment is valid but risk level is high; manual verification required."), | ||
| services) | ||
| if err != nil { | ||
| h.logger.Errorw("failed to update payment status for high-risk transaction", | ||
| "error", err, | ||
| "tran_id", ipnData.TranID) | ||
| } | ||
| return nil |
There was a problem hiding this comment.
style: Risk_level=1 with VALID status means "high risk but payment cleared." SSLCommerz docs say you CAN accept these after manual review. Current logic blocks ALL risk_level=1 automatically.
For tight deadlines, consider: if business accepts the fraud risk, remove this block and log warning only. If manual review required, ensure someone monitors these PENDING_VERIFICATION payments.
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Prompt To Fix With AI
This is a comment left during a code review.
Path: internal/integration/sslcommerz/webhook/handler.go
Line: 85:99
Comment:
**style:** Risk_level=1 with VALID status means "high risk but payment cleared." SSLCommerz docs say you CAN accept these after manual review. Current logic blocks ALL risk_level=1 automatically.
For tight deadlines, consider: if business accepts the fraud risk, remove this block and log warning only. If manual review required, ensure someone monitors these PENDING_VERIFICATION payments.
<sub>Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!</sub>
How can I resolve this? If you propose a fix, please make it concise.
| # Redirect URLs after payment | ||
| success_url: "https://seedless-garishly-ahmed.ngrok-free.dev/payment/success" | ||
| fail_url: "https://seedless-garishly-ahmed.ngrok-free.dev/payment/fail" | ||
| cancel_url: "https://seedless-garishly-ahmed.ngrok-free.dev/payment/cancel" No newline at end of file |
3 participants
Disclaimer: This comment was generated by Greptile AI CTO
Greptile Summary
Adds SSLCommerz payment gateway for Bangladesh market with session-based payment links, IPN webhook validation, and encrypted credential storage. Implementation follows existing payment gateway patterns (Stripe, Razorpay) with proper separation of concerns.
Key Changes:
Critical Issues:
Architecture Decisions:
Confidence Score: 3/5
internal/integration/sslcommerz/webhook/handler.goandinternal/api/v1/webhook.gofor race conditions and timeout handlingImportant Files Changed