35 lines
1.1 KiB
Ruby
35 lines
1.1 KiB
Ruby
class PaypalController < ApplicationController
|
|
protect_from_forgery :except => [:create] #Otherwise the request from PayPal wouldn't make it to the controller
|
|
def create
|
|
puts request.raw_post
|
|
response = validate_IPN_notification(request.raw_post)
|
|
case response
|
|
when "VERIFIED"
|
|
# check that paymentStatus=Completed
|
|
# check that txnId has not been previously processed
|
|
# check that receiverEmail is your Primary PayPal email
|
|
# check that paymentAmount/paymentCurrency are correct
|
|
# process payment
|
|
when "INVALID"
|
|
# log for investigation
|
|
else
|
|
# error
|
|
end
|
|
render :nothing => true
|
|
end
|
|
|
|
|
|
protected
|
|
def validate_IPN_notification(raw)
|
|
uri = URI.parse('https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate')
|
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
http.open_timeout = 60
|
|
http.read_timeout = 60
|
|
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
http.use_ssl = true
|
|
response = http.post(uri.request_uri, raw,
|
|
'Content-Length' => "#{raw.size}",
|
|
'User-Agent' => "RedstonerServer, redstoner.com"
|
|
).body
|
|
end
|
|
end |