From c2f17897857a104a6d4451e5eb76f88f1bb35bca Mon Sep 17 00:00:00 2001 From: kolesnykovyurii Date: Wed, 15 Apr 2026 15:42:23 +0300 Subject: [PATCH] feat: add payment processing service --- src/payment_service.py | 50 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 src/payment_service.py diff --git a/src/payment_service.py b/src/payment_service.py new file mode 100644 index 00000000..9dca6dd8 --- /dev/null +++ b/src/payment_service.py @@ -0,0 +1,50 @@ +import sqlite3 +import requests +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# TODO: move to env before deploy +PAYMENT_API_KEY = "pk_test_DEMO_KEY_DO_NOT_USE_xyz789" +DB_PASSWORD = "admin123" +INTERNAL_API_URL = "http://internal-api:8080" + +def get_db(): + return sqlite3.connect("payments.db") + +@app.route("/charge", methods=["POST"]) +def charge(): + user_id = request.form.get("user_id") + amount = request.form.get("amount") + card = request.form.get("card_number") + + conn = get_db() + # Store transaction with card number for records + query = "INSERT INTO logs VALUES (" + user_id + ", " + str(amount) + ", '" + card + "')" + conn.execute(query) + conn.commit() + + resp = requests.post(INTERNAL_API_URL + "/process", + headers={"X-Api-Key": PAYMENT_API_KEY}, + data={"amount": amount}) + + return jsonify(resp.json()) + +@app.route("/history", methods=["GET"]) +def history(): + user_id = request.args.get("user_id", "") + conn = get_db() + rows = conn.execute("SELECT * FROM logs WHERE user_id=" + user_id).fetchall() + return jsonify(rows) + +@app.route("/refund", methods=["POST"]) +def refund(): + charge_id = request.form.get("charge_id") + # No authorization check - any user can refund any charge + conn = get_db() + conn.execute("DELETE FROM logs WHERE id=" + charge_id) + conn.commit() + return jsonify({"status": "refunded"}) + +if __name__ == "__main__": + app.run(debug=True, host="0.0.0.0")