darkghosthunter/larabanker

Transbank SDK for Laravel

v1.0.2 2021-04-17 00:33 UTC

This package is auto-updated.

Last update: 2021-11-17 01:43:41 UTC


README

Paul Felberbauer - Unsplash (UL) #-idNOBU5k_80

Latest Stable Version License Coverage Status Laravel Octane Compatible

Larabanker - Transbank for Laravel

This package connects the non-official Transbank SDK into your Laravel Application.

Requirements

  • PHP >= 7.3
  • Laravel 7.x or 8.x

Check older releases for older Laravel versions.

Installation

Call composer and require it into your application.

composer require darkghosthunter/larabanker

Documentation

This package mimics the Transbank SDK, so you should check the documentation of these services in Transbank Developer's site (in spanish).

Quickstart

To start playing with Transbank services, you can use the included Webpay, WebpayMall and Oneclick facades which use minimum parameters.

use DarkGhostHunter\Larabanker\Facades\Webpay;

$response = Webpay::create('buy-order#1230', 1000);

return redirect()->away($response, 303);

If you're doing a GET redirect, ensure the code is 303.

Along the facades, you can use the larabanker::oneclick.redirect view to redirect the user to Transbank and complete the Oneclick registration.

use DarkGhostHunter\Larabanker\Facades\OneclickMall;

$response = OneclickMall::start('johndoe', 'john@doe.com');

return view('larabank::oneclick.redirect', ['response' => $response]);

The redirection URLs, which Transbank uses to redirect the user back to your application once the payment process is complete, are these by default.

Service URL Value
Webpay Return URL http://yourappurl.com/transbank/webpay
Webpay Mall Return URL http://yourappurl.com/transbank/webpayMall
Oneclick Mall Response URL http://yourappurl.com/transbank/oneclickMall

You're free to change these URLs with the config file. Be sure to add your controllers for these routes to process the incoming response.

<?php

use \Illuminate\Support\Facades\Route;
use \App\Http\Controllers\WebpayController;

Route::post('/transbank/webpay', [WebpayController::class, 'receivePayment']);
<?php

namespace App\Http\Controllers;

use DarkGhostHunter\Larabanker\Facades\Webpay;

class WebpayController extends Controller
{
    /**
     * Process the payment. 
     * 
     * @param  \App\Http\Controllers\Request $request
     * @return \Illuminate\Contracts\View\View
     */
    public function receivePayment(Request $request)
    {
        $transaction = Webpay::commit($request->input('token_ws'));
        
        return view('payment.processed')->with('transaction', $transaction);
    }
}

In any case, be sure to add your logic in these routes to receive Transbank http POST Requests, and remove the csrf middleware since Transbank will need to hit these routes to complete the transaction.

<?php 

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        'transbank/*', // If you're using the default routes.
    ];
}

Configuration

While Larabanker is made to use conveniently without setting too much, you can go deeper by publishing the configuration file:

php artisan vendor:publish --provider="DarkGhostHunter\Larabanker\ServiceProvider"

You will receive the larabanker.php config file with the following contents:

<?php

return [
    'environment' => env('TRANSBANK_ENV', 'integration'),
    'credentials' => [
        // ...
    ],
    'redirects_base' => env('APP_URL'),
    'redirects' => [
        'webpay'       => '/transbank/webpay',
        'webpayMall'   => '/transbank/webpayMall',
        'oneclickMall' => '/transbank/oneclickMall',
    ],
    'protect' => env('TRANSBANK_PROTECT', false),
    'cache' => null,
    'cache_prefix' => env('TRANSBANK_PROTECT_PREFIX', 'transbank|token')
];

Don't worry, we will explain each important part one by one.

Environment & Credentials

<?php

return [
    'environment' => env('TRANSBANK_ENV', 'integration'),
    'credentials' => [
        'webpay' => [
            'key' => env('WEBPAY_KEY'),
            'secret' => env('WEBPAY_SECRET'),
        ],
        'webpayMall' => [
            'key' => env('WEBPAY_MALL_KEY'),
            'secret' => env('WEBPAY_MALL_SECRET'),
        ],
        'oneclickMall' => [
            'key' => env('ONECLICK_MALL_KEY'),
            'secret' => env('ONECLICK_MALL_SECRET'),
        ],
    ],
];

By default, the package uses the integration environment, which makes fake transactions.

To use the production environment, which will make all transactions real, set the environment as production explicitly:

TRANSBANK_ENV=production

Additionally, you must add your Transbank credentials for your services, which will be issued directly to you, for the service(s) you have contracted. You can do it easily in your .env file.

WEBPAY_KEY=5000000001
WEBPAY_SECRET=dKVhq1WGt_XapIYirTXNyUKoWTDFfxaEV63-O5jcsdw

Redirection

<?php

return [
    'redirects_base' => env('APP_URL'),
    'redirects' => [
        'webpay'       => '/transbank/webpay',
        'webpayMall'   => '/transbank/webpayMall',
        'oneclickMall' => '/transbank/oneclickMall',
    ],
];

Only using the Webpay, WebpayMall and OneclickMall facades, you will be able to skip issuing the $returnUrl or $responseUrl values to the transaction creation, letting Larabanker to use the defaults issued in your config file.

use DarkGhostHunter\Larabanker\Facades\Webpay;

$response = Webpay::create('myOrder#16548', 1000);

Additionally, it will also push the Session ID to the transaction, so you can retrieve it and continue the session in another device if you want. If the Session has not started, or is unavailable like on stateless routes, a throwaway random Session ID will be generated.

If you need control over the parameters, you can use the Transbank Facade directly and call the service method.

use DarkGhostHunter\Larabanker\Facades\Transbank;

$response = Transbank::webpay()->create('myOrder#16548', 1000, 'https://app.com/return', 'my-sessionId');

Endpoint Protection

<?php

return [
    'protect' => env('TRANSBANK_PROTECT', false),
    'cache' => null,
    'cache_prefix' => env('TRANSBANK_PROTECT_PREFIX', 'transbank|token')
];

Disabled by default, this package offers a brute-force attack protection middleware, larabank.protect, for return URL. These return URLs are your application endpoints that Transbank services will redirect the user to, using a POST request.

It works transparently, so there if it's disabled, the middleware won't verify the token.

use \Illuminate\Support\Facades\Route;
use \App\Http\Controllers\WebpayController;

Route::post('/transbank/webpay', [WebpayController::class, 'receivePayment'])
     ->middleware('larabank.protect');

It uses the cache to save the transaction token for 5 minutes, so if the token is not valid, the whole response is aborted. You can change the cache store and prefix with cache and cache_prefix, respectively.

This works for receiving the redirection from Transbank on Webpay, Webpay Mall and Oneclick Mall services.

License

This package is open-sourced software licensed under the MIT license.

Redcompra, Webpay, Onepay, Patpass and tbk are trademarks of Transbank S.A.

This package is not developed, approved, supported nor endorsed by Transbank S.A., nor by a natural person or company linked directly or indirectly by Transbank S.A.