Integrate Cryptomus payment gateway

Author: snoups

README.md

@@ -28,7 +28,7 @@
 
 **3X-UI-SHOP** is a comprehensive solution designed to automate the sale of VPN subscriptions through Telegram.
 The bot uses the **3X-UI** panel API for client management and supports multiple payment methods, including
-**~~Cryptomus~~**, **YooKassa**, **YooMoney**, and **Telegram Stars**.
+**Cryptomus**, **YooKassa**, **YooMoney**, and **Telegram Stars**.
 
 The bot enables efficient subscription sales with advanced features:
 
@@ -74,7 +74,7 @@ The bot includes a user-friendly admin panel with tools for efficient management
 Administrators do not have access to server management.
 
 - **`Server Manager`**: Add, remove, disable, and check servers in the pool
-- **`Bot Statistics`**: View usage analytics and performance data
+- **`Statistics`**: View usage analytics and performance data
 - **`User Editor`**: Manage user accounts and subscriptions
 - **`Promocode Editor`**: Create, edit, and delete promocodes
 - **`Notification Sender`**: Send custom notifications to users
@@ -83,7 +83,6 @@ Administrators do not have access to server management.
 
 
 ### 🚧 Current Tasks
-- [ ] Cryptomus payment
 - [ ] Trial period
 - [ ] Referral system
 - [ ] Statistics
@@ -144,7 +143,7 @@ Before starting the installation, make sure you have the installed [**Docker**](
 | ~~SHOP_TRIAL_ENABLED~~ | ⭕ | ~~True~~ | ~~Enable trial subscription~~ |
 | ~~SHOP_TRIAL_PERIOD~~ | ⭕ | ~~3~~ | ~~Period of the trial subscription in days~~ |
 | SHOP_PAYMENT_STARS_ENABLED | ⭕ | True | Enable Telegram stars payment |
-| ~~SHOP_PAYMENT_CRYPTOMUS_ENABLED~~ | ⭕ | ~~False~~ | ~~Enable Cryptomus payment~~ |
+| SHOP_PAYMENT_CRYPTOMUS_ENABLED | ⭕ | False | Enable Cryptomus payment |
 | SHOP_PAYMENT_YOOKASSA_ENABLED | ⭕ | False | Enable Yookassa payment |
 | SHOP_PAYMENT_YOOMONEY_ENABLED | ⭕ | False | Enable Yoomoney payment |
 | | | |
@@ -154,6 +153,9 @@ Before starting the installation, make sure you have the installed [**Docker**](
 | XUI_SUBSCRIPTION_PORT | ⭕ | 2096 | Port for subscription |
 | XUI_SUBSCRIPTION_PATH | ⭕ | /user/ | Path for subscription |
 | | | |
+| CRYPTOMUS_API_KEY | ⭕ | - | API key for Cryptomus payment |
+| CRYPTOMUS_MERCHANT_ID | ⭕ | - | Merchant ID for Cryptomus payment |
+| | | |
 | YOOKASSA_TOKEN | ⭕ | - | Token for YooKassa payment |
 | YOOKASSA_SHOP_ID | ⭕ | - | Shop ID for YooKassa payment |
 | | | |

app/bot/payment_gateways/cryptomus.py

@@ -1,17 +1,25 @@
+import base64
+import hashlib
+import json
 import logging
+import uuid
+from hmac import compare_digest
 
+import aiohttp
 from aiogram import Bot
 from aiogram.fsm.storage.redis import RedisStorage
 from aiogram.utils.i18n import I18n
+from aiogram.utils.i18n import gettext as _
 from aiogram.utils.i18n import lazy_gettext as __
 from aiohttp.web import Application, Request, Response
 from sqlalchemy.ext.asyncio import async_sessionmaker
 
 from app.bot.models import ServicesContainer, SubscriptionData
 from app.bot.payment_gateways import PaymentGateway
-from app.bot.utils.constants import CRYPTOMUS_WEBHOOK, Currency
+from app.bot.utils.constants import CRYPTOMUS_WEBHOOK, Currency, TransactionStatus
 from app.bot.utils.navigation import NavSubscription
 from app.config import Config
+from app.db.models import Transaction
 
 logger = logging.getLogger(__name__)
 
@@ -30,7 +38,7 @@ def __init__(
         bot: Bot,
         i18n: I18n,
         services: ServicesContainer,
-    ):
+    ) -> None:
         self.name = __("payment:gateway:cryptomus")
         self.app = app
         self.config = config
@@ -40,12 +48,51 @@ def __init__(
         self.i18n = i18n
         self.services = services
 
-        self.app.router.add_post(CRYPTOMUS_WEBHOOK, lambda request: self.webhook_handler(request))
+        self.app.router.add_post(CRYPTOMUS_WEBHOOK, self.webhook_handler)
         logger.info("Cryptomus payment gateway initialized.")
 
     async def create_payment(self, data: SubscriptionData) -> str:
+        bot_username = (await self.bot.get_me()).username
+        redirect_url = f"https://t.me/{bot_username}"
+        order_id = str(uuid.uuid4())
+        price = str(data.price)
+
+        payload = {
+            "amount": price,
+            "currency": self.currency.code,
+            "order_id": order_id,
+            "url_return": redirect_url,
+            "url_success": redirect_url,
+            "url_callback": self.config.bot.DOMAIN + CRYPTOMUS_WEBHOOK,
+            "lifetime": 1800,
+            "is_payment_multiple": False,
+        }
+        headers = {
+            "merchant": self.config.cryptomus.MERCHANT_ID,
+            "sign": self.generate_signature(json.dumps(payload)),
+            "Content-Type": "application/json",
+        }
+
+        async with aiohttp.ClientSession() as session:
+            url = "https://api.cryptomus.com/v1/payment"
+            async with session.post(url, json=payload, headers=headers) as response:
+                result = await response.json()
+                if response.status == 200 and result.get("result", {}).get("url"):
+                    pay_url = result["result"]["url"]
+                else:
+                    raise Exception(f"Error: {response.status}; Result: {result}; Data: {data}")
+
+        async with self.session() as session:
+            await Transaction.create(
+                session=session,
+                tg_id=data.user_id,
+                subscription=data.pack(),
+                payment_id=result["result"]["order_id"],
+                status=TransactionStatus.PENDING,
+            )
+
         logger.info(f"Payment link created for user {data.user_id}: {pay_url}")
-        pass
+        return pay_url
 
     async def handle_payment_succeeded(self, payment_id: str) -> None:
         await self._on_payment_succeeded(payment_id)
@@ -54,4 +101,57 @@ async def handle_payment_canceled(self, payment_id: str) -> None:
         await self._on_payment_canceled(payment_id)
 
     async def webhook_handler(self, request: Request) -> Response:
-        pass
+        logger.debug(f"Received Cryptomus webhook request")
+        try:
+            event_json = await request.json()
+
+            if not self.verify_webhook(request, event_json):
+                return Response(status=403)
+
+            match event_json.get("status"):
+                case "paid" | "paid_over":
+                    order_id = event_json.get("order_id")
+                    await self.handle_payment_succeeded(order_id)
+                    return Response(status=200)
+
+                case "cancel":
+                    order_id = event_json.get("order_id")
+                    await self.handle_payment_canceled(order_id)
+                    return Response(status=200)
+
+                case _:
+                    return Response(status=400)
+
+        except Exception as exception:
+            logger.exception(f"Error processing Cryptomus webhook: {exception}")
+            return Response(status=400)
+
+    def verify_webhook(self, request: Request, data: dict) -> bool:
+        client_ip = (
+            request.headers.get("CF-Connecting-IP")
+            or request.headers.get("X-Real-IP")
+            or request.headers.get("X-Forwarded-For")
+            or request.remote
+        )
+        if client_ip not in ["91.227.144.54"]:
+            logger.warning(f"Unauthorized IP: {client_ip}")
+            return False
+
+        sign = data.pop("sign", None)
+        if not sign:
+            logger.warning("Missing signature.")
+            return False
+
+        json_data = json.dumps(data, separators=(",", ":"))
+        hash_value = self.generate_signature(json_data)
+
+        if not compare_digest(hash_value, sign):
+            logger.warning(f"Invalid signature.")
+            return False
+
+        return True
+
+    def generate_signature(self, data: str) -> str:
+        base64_encoded = base64.b64encode(data.encode()).decode()
+        raw_string = f"{base64_encoded}{self.config.cryptomus.API_KEY}"
+        return hashlib.md5(raw_string.encode()).hexdigest()

app/bot/payment_gateways/gateway_factory.py

@@ -44,9 +44,9 @@ def register_gateways(
 
         gateways = [
             (config.shop.PAYMENT_STARS_ENABLED, TelegramStars),
+            (config.shop.PAYMENT_CRYPTOMUS_ENABLED, Cryptomus),
             (config.shop.PAYMENT_YOOKASSA_ENABLED, Yookassa),
             (config.shop.PAYMENT_YOOMONEY_ENABLED, Yoomoney),
-            (config.shop.PAYMENT_CRYPTOMUS_ENABLED, Cryptomus),
         ]
 
         for enabled, gateway_cls in gateways:

app/bot/payment_gateways/yookassa.py

@@ -53,7 +53,7 @@ def __init__(
         self.services = services
 
         Configuration.configure(self.config.yookassa.SHOP_ID, self.config.yookassa.TOKEN)
-        self.app.router.add_post(YOOKASSA_WEBHOOK, lambda request: self.webhook_handler(request))
+        self.app.router.add_post(YOOKASSA_WEBHOOK, self.webhook_handler)
         logger.info("YooKassa payment gateway initialized.")
 
     async def create_payment(self, data: SubscriptionData) -> str:

app/bot/payment_gateways/yoomoney.py

@@ -46,7 +46,7 @@ def __init__(
         self.i18n = i18n
         self.services = services
 
-        self.app.router.add_post(YOOMONEY_WEBHOOK, lambda request: self.webhook_handler(request))
+        self.app.router.add_post(YOOMONEY_WEBHOOK, self.webhook_handler)
         logger.info("YooMoney payment gateway initialized.")
 
     async def create_payment(self, data: SubscriptionData) -> str:

app/bot/routers/main_menu/handler.py

@@ -70,12 +70,9 @@ async def redirect_to_main_menu(
     main_message_id = await state.get_value(MAIN_MESSAGE_ID_KEY)
     is_admin = await IsAdmin()(user_id=user.tg_id)
 
-    try:
-        await bot.edit_message_text(
-            text=_("main_menu:message:main").format(name=user.first_name),
-            chat_id=user.tg_id,
-            message_id=main_message_id,
-            reply_markup=main_menu_keyboard(is_admin),
-        )
-    except Exception as exception:
-        logger.error(f"Failed to edit main message: {exception}")
+    await bot.edit_message_text(
+        text=_("main_menu:message:main").format(name=user.first_name),
+        chat_id=user.tg_id,
+        message_id=main_message_id,
+        reply_markup=main_menu_keyboard(is_admin),
+    )

app/bot/routers/subscription/payment_handler.py

@@ -72,7 +72,7 @@ async def callback_payment_method_selected(
         )
     except Exception as exception:
         logger.error(f"Error processing payment: {exception}")
-        await callback.answer(_("payment:message:error"), show_alert=True)
+        await services.notification.show_popup(callback=callback, text=_("payment:popup:error"))
     finally:
         await state.set_state(None)
 

app/bot/utils/constants.py

@@ -30,10 +30,10 @@
 
 # region: Webhook paths
 TELEGRAM_WEBHOOK = "/webhook"  # Webhook path for Telegram bot updates
+CONNECTION_WEBHOOK = "/connection"  # Webhook path for receiving connection requests
+CRYPTOMUS_WEBHOOK = "/cryptomus"  # Webhook path for receiving Cryptomus payment notifications
 YOOKASSA_WEBHOOK = "/yookassa"  # Webhook path for receiving Yookassa payment notifications
 YOOMONEY_WEBHOOK = "/yoomoney"  # Webhook path for receiving Yoomoney payment notifications
-CRYPTOMUS_WEBHOOK = "/cryptomus"  # Webhook path for receiving Cryptomus payment notifications
-CONNECTION_WEBHOOK = "/connection"  # Webhook path for receiving connection requests
 # endregion
 
 # region: Notification tags

app/config.py

@@ -80,6 +80,12 @@ class XUIConfig:
     SUBSCRIPTION_PATH: str
 
 
+@dataclass
+class CryptomusConfig:
+    API_KEY: str | None
+    MERCHANT_ID: str | None
+
+
 @dataclass
 class YooKassaConfig:
     TOKEN: str | None
@@ -132,6 +138,7 @@ class Config:
     bot: BotConfig
     shop: ShopConfig
     xui: XUIConfig
+    cryptomus: CryptomusConfig
     yookassa: YooKassaConfig
     yoomoney: YooMoneyConfig
     database: DatabaseConfig
@@ -156,6 +163,19 @@ def load_config() -> Config:
         default=DEFAULT_SHOP_PAYMENT_STARS_ENABLED,
     )
 
+    payment_cryptomus_enabled = env.bool(
+        "SHOP_PAYMENT_CRYPTOMUS_ENABLED",
+        default=DEFAULT_SHOP_PAYMENT_CRYPTOMUS_ENABLED,
+    )
+    if payment_cryptomus_enabled:
+        cryptomus_api_key = env.str("CRYPTOMUS_API_KEY", default=None)
+        cryptomus_merchant_id = env.str("CRYPTOMUS_MERCHANT_ID", default=None)
+        if not cryptomus_api_key or not cryptomus_merchant_id:
+            logger.error(
+                "CRYPTOMUS_API_KEY or CRYPTOMUS_MERCHANT_ID is not set. Payment Cryptomus is disabled."
+            )
+            payment_cryptomus_enabled = False
+
     payment_yookassa_enabled = env.bool(
         "SHOP_PAYMENT_YOOKASSA_ENABLED",
         default=DEFAULT_SHOP_PAYMENT_YOOKASSA_ENABLED,
@@ -182,17 +202,10 @@ def load_config() -> Config:
             )
             payment_yoomoney_enabled = False
 
-    payment_cryptomus_enabled = env.bool(
-        "SHOP_PAYMENT_CRYPTOMUS_ENABLED",
-        default=DEFAULT_SHOP_PAYMENT_CRYPTOMUS_ENABLED,
-    )
-    if payment_cryptomus_enabled:
-        pass
-
     if (
-        not payment_yookassa_enabled
+        not payment_stars_enabled
         and not payment_cryptomus_enabled
-        and not payment_stars_enabled
+        and not payment_yookassa_enabled
         and not payment_yoomoney_enabled
     ):
         logger.warning("No payment methods are enabled. Enabling Stars payment method.")
@@ -235,6 +248,10 @@ def load_config() -> Config:
                 default=DEFAULT_SUBSCRIPTION_PATH,
             ),
         ),
+        cryptomus=CryptomusConfig(
+            API_KEY=env.str("CRYPTOMUS_API_KEY", default=None),
+            MERCHANT_ID=env.str("CRYPTOMUS_MERCHANT_ID", default=None),
+        ),
         yookassa=YooKassaConfig(
             TOKEN=env.str("YOOKASSA_TOKEN", default=None),
             SHOP_ID=env.int("YOOKASSA_SHOP_ID", default=None),

app/locales/en/LC_MESSAGES/bot.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: bot 0.1\n"
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
-"POT-Creation-Date: 2025-02-23 22:16+0500\n"
+"POT-Creation-Date: 2025-02-24 11:41+0500\n"
 "PO-Revision-Date: 2024-12-05 10:24+0500\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language: en\n"
@@ -40,7 +40,7 @@ msgstr ""
 "User ID: {user_id}\n"
 "<code>{devices}</code> | <code>{duration}</code>"
 
-#: app/bot/payment_gateways/cryptomus.py:34
+#: app/bot/payment_gateways/cryptomus.py:41
 msgid "payment:gateway:cryptomus"
 msgstr "Cryptomus"
 
@@ -738,7 +738,7 @@ msgstr "◀️ Change duration"
 msgid "subscription:button:download_app"
 msgstr "🔌 Connect"
 
-#: app/bot/routers/subscription/payment_handler.py:46
+#: app/bot/routers/subscription/payment_handler.py:58
 msgid "payment:message:order_extend"
 msgstr ""
 "🛒 <b>Confirmation of extension:</b>\n"
@@ -750,7 +750,7 @@ msgstr ""
 "<i>The number of devices will remain the same, and the new subscription "
 "duration will be added to the remaining time!</i>"
 
-#: app/bot/routers/subscription/payment_handler.py:48
+#: app/bot/routers/subscription/payment_handler.py:60
 msgid "payment:message:order_change"
 msgstr ""
 "🛒 <b>Confirmation of change:</b>\n"
@@ -762,7 +762,7 @@ msgstr ""
 "<i>The number of devices and subscription duration will be changed "
 "without recalculating the previous data!</i>"
 
-#: app/bot/routers/subscription/payment_handler.py:50
+#: app/bot/routers/subscription/payment_handler.py:62
 msgid "payment:message:order"
 msgstr ""
 "🛒 <b>Confirmation of purchase:</b>\n"
@@ -774,6 +774,10 @@ msgstr ""
 "<i>After the payment, a unique key for connecting to the VPN will be "
 "generated for you. The key will be available on your profile page.</i>"
 
+#: app/bot/routers/subscription/payment_handler.py:75
+msgid "payment:popup:error"
+msgstr "❌ An error occurred during creating payment."
+
 #: app/bot/routers/subscription/promocode_handler.py:30
 msgid "promocode:message:main"
 msgstr ""
@@ -978,5 +982,4 @@ msgstr[1] ""
 msgid "1 month"
 msgid_plural "{} months"
 msgstr[0] ""
-msgstr[1] ""
-
+msgstr[1] ""