Feat/slip verify (#68)

This pull request introduces significant improvements to the payment
evidence upload and verification flow, with updates to the database
schema, backend logic, and configuration for payment processing. The
most important changes are grouped below by theme:

**Database schema and validation improvements:**

* Changed the primary key of the `ApplicationPaymentEvidence` table to
`pe_transaction_ref`, removed the `pe_id` column, and added a required,
unique `pe_transaction_payload` column to ensure evidence uniqueness and
integrity.
[[1]](diffhunk://#diff-6c815c00188c259e2527ddaeefcda7eac129dec344d5992fe276596f3bca06fdR1-R17)
[[2]](diffhunk://#diff-5b443964f4f3a611682db8f7e02177b0a8c632b2039e2bd5e4dd7347815c565cL26-R27)

**Payment evidence upload and verification logic:**

* Refactored the payment evidence upload logic in
`ApplicationPaymentEvidenceService` to use the EasySlip API for slip
verification, validate receiver/account details, check for duplicate
evidence, and create related records in S3 and the database. Additional
validation ensures the payment matches the expected amount and updates
application status accordingly.
[[1]](diffhunk://#diff-345a1edb7b7bf627f21d29b08856bc426eba54457b1eefa5f4461e4aae37889fL2-L21)
[[2]](diffhunk://#diff-345a1edb7b7bf627f21d29b08856bc426eba54457b1eefa5f4461e4aae37889fL38-R184)
[[3]](diffhunk://#diff-345a1edb7b7bf627f21d29b08856bc426eba54457b1eefa5f4461e4aae37889fL87-R228)
* Enabled guards (`AnnounceAndConfirmPeriodGuard`,
`ApplicationPassGuard`) on the payment evidence upload endpoint to
enforce application stage restrictions.
* Improved error messaging in `ApplicationPassGuard` for clearer
feedback when an application is not in the "pass" stage.

**Configuration and dependency updates:**

* Added a `payment` section to the application config, specifying bypass
mode, receiver details, account numbers, and expected amount for payment
validation.
* Exported `ApplicationConfirmationService` from its module and injected
it into `ApplicationPaymentEvidenceService` for confirmation updates
after successful payment evidence upload.
[[1]](diffhunk://#diff-9a9d69e42c0affd01f65d59b7a30e4ceba4798d7fe93e90a31d60ebf6f69b217R8)
[[2]](diffhunk://#diff-a35fd0ab81ffbac22de2874e1f05d690305f47f7c8629195016e005e8fe0233fR3-R8)

**Other improvements:**

* Updated `ApplicationStatusService` to include related application data
in status queries.
* Added a test script `test/getTravelplan.ts` for querying top-scoring
student applications with specific filters and relationships.

Author: ImJustNon

prisma/migrations/20260318193621_make_ref_as_id/migration.sql

@@ -0,0 +1,17 @@
+/*
+  Warnings:
+
+  - The primary key for the `ApplicationPaymentEvidence` table will be changed. If it partially fails, the table could be left without primary key constraint.
+  - You are about to drop the column `pe_id` on the `ApplicationPaymentEvidence` table. All the data in the column will be lost.
+  - A unique constraint covering the columns `[pe_transaction_payload]` on the table `ApplicationPaymentEvidence` will be added. If there are existing duplicate values, this will fail.
+  - Added the required column `pe_transaction_payload` to the `ApplicationPaymentEvidence` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "ApplicationPaymentEvidence" DROP CONSTRAINT "ApplicationPaymentEvidence_pkey",
+DROP COLUMN "pe_id",
+ADD COLUMN     "pe_transaction_payload" TEXT NOT NULL,
+ADD CONSTRAINT "ApplicationPaymentEvidence_pkey" PRIMARY KEY ("pe_transaction_ref");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ApplicationPaymentEvidence_pe_transaction_payload_key" ON "ApplicationPaymentEvidence"("pe_transaction_payload");

prisma/schema.prisma

@@ -23,8 +23,8 @@ model ApplicationTotalScore {
 }
 
 model ApplicationPaymentEvidence {
-  pe_id                                   String                @id @default(uuid())
-  pe_transaction_ref                      String
+  pe_transaction_ref                      String                @id
+  pe_transaction_payload                  String                @unique
   pe_transaction_date                     DateTime
 
   pe_transaction_expect_amount                        Float                 @default(500.00)

src/common/guards/application-pass.guard.ts

@@ -29,7 +29,7 @@ export class ApplicationPassGuard implements CanActivate {
 			const filterPassApplication = studentApplication.filter((app) => app.std_application_result === "pass");
 
 			if (filterPassApplication.length <= 0) {
-				throw `Your Application in : ${studentApplication.map((app) => app.std_application_result).join(", ")} stage`;
+				throw `Your Application not pass`;
 			}
 
 			const filterAllowConfirm = filterPassApplication.filter((app) => app.stf_application_allow_confirm === true);

src/config/app.config.ts

@@ -55,4 +55,18 @@ export const config = {
 	apis: {
 		slipKey: process.env.API_EASYSLIP_KEY,
 	},
+	payment: {
+		bypass: process.env.PAYMENT_BYPASS === "true",
+		reciever: {
+			name: {
+				en: "MR. SIWACH G",
+				th: "นาย ศิวัช ก",
+			},
+			account: {
+				proxy: "004999224412568",
+				real: "2178877804",
+			},
+			amount: 500,
+		},
+	},
 } as const;

src/modules/application-confirmation/application-confirmation.module.ts

@@ -5,5 +5,6 @@ import { ApplicationConfirmationService } from "./application-confirmation.servi
 @Module({
 	controllers: [ApplicationConfirmationController],
 	providers: [ApplicationConfirmationService],
+	exports: [ApplicationConfirmationService],
 })
 export class ApplicationConfirmationModule {}

src/modules/application-payment-evidence/application-payment-evidence.controller.ts

@@ -11,8 +11,8 @@ export class ApplicationPaymentEvidenceController {
 	constructor(private readonly applicationPaymentEvidenceService: ApplicationPaymentEvidenceService) {}
 
 	@Post("/upload")
-	// @UseGuards(AnnounceAndConfirmPeriodGuard)
-	// @UseGuards(ApplicationPassGuard)
+	@UseGuards(AnnounceAndConfirmPeriodGuard)
+	@UseGuards(ApplicationPassGuard)
 	@UseInterceptors(FileInterceptor("file"))
 	uploadEvidence(
 		@Session() session: UserSession,

src/modules/application-payment-evidence/application-payment-evidence.module.ts

@@ -1,10 +1,11 @@
 import { Module } from "@nestjs/common";
 import { S3Module } from "src/core/s3/s3.module";
+import { ApplicationConfirmationModule } from "../application-confirmation/application-confirmation.module";
 import { ApplicationPaymentEvidenceController } from "./application-payment-evidence.controller";
 import { ApplicationPaymentEvidenceService } from "./application-payment-evidence.service";
 
 @Module({
-	imports: [S3Module],
+	imports: [S3Module, ApplicationConfirmationModule],
 	controllers: [ApplicationPaymentEvidenceController],
 	providers: [ApplicationPaymentEvidenceService],
 })

src/modules/application-payment-evidence/application-payment-evidence.service.ts

@@ -1,24 +1,23 @@
 import { PutObjectCommand } from "@aws-sdk/client-s3";
-import { HttpException, Injectable, InternalServerErrorException } from "@nestjs/common";
+import { HttpException, Injectable, InternalServerErrorException, NotAcceptableException } from "@nestjs/common";
 import axios, { AxiosResponse } from "axios";
 import { config } from "src/config/app.config";
 import { LoggerService } from "src/core/logger/logger.service";
 import { PrismaService } from "src/core/prisma/prisma.service";
 import { S3Service } from "src/core/s3/s3.service";
 import uuid from "uuid";
+import { ApplicationConfirmationService } from "../application-confirmation/application-confirmation.service";
 import { MatchedAccount, RawSlip } from "./@types/VerifyBank.type";
 import { ApplicationPaymentEvidenceDto } from "./dto/application-payment-evidence.dto";
 
-// Request
 interface VerifyByBase64Request {
-	base64: string; // Base64 encoded image
-	remark?: string; // 1-255 chars
+	base64: string;
+	remark?: string;
 	matchAccount?: boolean;
 	matchAmount?: number;
 	checkDuplicate?: boolean;
 }
 
-// Response
 interface VerifyBankResponse {
 	success: true;
 	data: VerifyBankData;
@@ -35,44 +34,154 @@ interface VerifyBankData {
 	rawSlip: RawSlip;
 }
 
-// See POST /verify/bank for full type definitions
-
 @Injectable()
 export class ApplicationPaymentEvidenceService {
 	constructor(
 		private readonly prisma: PrismaService,
 		private readonly logger: LoggerService,
 		private readonly s3: S3Service,
+		private readonly applicationConfirmationService: ApplicationConfirmationService,
 	) {}
 
 	async uploadEvidence(userId: string, applicationPaymentEvidenceDto: ApplicationPaymentEvidenceDto, file: Express.Multer.File) {
 		try {
-			// const verifyBankResponse: AxiosResponse<VerifyBankResponse> = await axios.post<VerifyBankResponse, AxiosResponse<VerifyBankResponse>, VerifyByBase64Request>("https://api.easyslip.com/v2/verify/bank", {
-			// 	base64: "file.buffer.toString('base64')"
-			// }, {
-			// 	headers: {
-			// 		"Authorization": `Bearer ${config.apis.slipKey}`,
-			// 		"Content-Type": "application/json"
-			// 	}
-			// });
-
-			// const response = await fetch('https://api.easyslip.com/v2/info', {
-			// 	method: 'GET',
-			// 	headers: {
-			// 		'Authorization': `Bearer ${config.apis.slipKey}`,
-			// 		'Content-Type': 'application/json'
-			// 	},
-			// 	body: JSON.stringify({ base64: file.buffer.toString("base64") })
-			// });
-
-			const response = await fetch("https://api.easyslip.com/v2/info", {
-				headers: {
-					Authorization: `Bearer ${config.apis.slipKey}`,
+			const base64WithMime = `data:${file.mimetype};base64,${file.buffer.toString("base64")}`;
+			const verifyBankResponse: AxiosResponse<VerifyBankResponse> = await axios.post<VerifyBankResponse, AxiosResponse<VerifyBankResponse>, VerifyByBase64Request>(
+				"https://api.easyslip.com/v2/verify/bank",
+				{
+					base64: base64WithMime,
+				},
+				{
+					headers: {
+						Authorization: `Bearer ${config.apis.slipKey}`,
+						"Content-Type": "application/json",
+					},
+				},
+			);
+
+			if (!verifyBankResponse.data.success) throw new InternalServerErrorException(verifyBankResponse.data.message);
+
+			if (!verifyBankResponse.data.data.rawSlip.receiver.account.name.en && !verifyBankResponse.data.data.rawSlip.receiver.account.name.th) {
+				throw new NotAcceptableException(`Cannot find reciever name`);
+			}
+
+			if (verifyBankResponse.data.data.rawSlip.receiver.account.name.en) {
+				if (verifyBankResponse.data.data.rawSlip.receiver.account.name.en !== config.payment.reciever.name.en) {
+					throw new NotAcceptableException(`Wrong reciever name en: ${verifyBankResponse.data.data.rawSlip.receiver.account.name.en}`);
+				}
+			}
+
+			if (verifyBankResponse.data.data.rawSlip.receiver.account.name.th) {
+				if (verifyBankResponse.data.data.rawSlip.receiver.account.name.th !== config.payment.reciever.name.th && verifyBankResponse.data.data.rawSlip.receiver.account.name.th !== config.payment.reciever.name.en) {
+					throw new NotAcceptableException(`Wrong reciever name th: ${verifyBankResponse.data.data.rawSlip.receiver.account.name.th}`);
+				}
+			}
+
+			if (!verifyBankResponse.data.data.rawSlip.receiver.account.bank?.account && !verifyBankResponse.data.data.rawSlip.receiver.account.proxy?.account) {
+				throw new NotAcceptableException(`Cannot find account`);
+			}
+
+			if (verifyBankResponse.data.data.rawSlip.receiver.account.bank?.account) {
+				const regex = new RegExp(`^${verifyBankResponse.data.data.rawSlip.receiver.account.bank.account.toLowerCase().replace(/-/g, "").replace(/x/g, "\\d")}$`);
+				if (!regex.test(config.payment.reciever.account.real)) {
+					throw new NotAcceptableException(`Wrong Account: ${verifyBankResponse.data.data.rawSlip.receiver.account.bank?.account}`);
+				}
+				// if (verifyBankResponse.data.data.rawSlip.receiver.account.bank?.account !== config.payment.reciever.account_real) {}
+			}
+
+			if (verifyBankResponse.data.data.rawSlip.receiver.account.proxy?.account) {
+				const regex = new RegExp(`^${verifyBankResponse.data.data.rawSlip.receiver.account.proxy.account.toLowerCase().replace(/-/g, "").replace(/x/g, "\\d")}$`);
+				if (!regex.test(config.payment.reciever.account.proxy)) {
+					throw new NotAcceptableException(`Wrong Account: ${verifyBankResponse.data.data.rawSlip.receiver.account.proxy?.account}`);
+				}
+				// if (verifyBankResponse.data.data.rawSlip.receiver.account.proxy.account !== config.payment.reciever.account_proxy) {}
+			}
+
+			// check isDuplicate
+			const evidence = await this.prisma.applicationPaymentEvidence.count({
+				where: {
+					pe_transaction_ref: verifyBankResponse.data.data.rawSlip.transRef,
+				},
+			});
+
+			if (evidence !== 0) {
+				throw new NotAcceptableException("This evidence has been used");
+			}
+
+			const key = uuid.v4();
+
+			const createS3File = await this.s3
+				.send(
+					new PutObjectCommand({
+						Bucket: config.s3.bucket,
+						Key: key,
+						Body: file.buffer,
+						ContentType: file.mimetype,
+					}),
+				)
+				.catch((e) => {
+					throw e;
+				});
+
+			const createFile = await this.prisma.applicationFile.create({
+				data: {
+					std_application_id: applicationPaymentEvidenceDto.application_id,
+					std_file_key: key,
+					std_file_type: "file_slip",
+					std_file_originalname: file.originalname,
+					std_file_mimetype: file.mimetype,
+					std_file_encoding: file.encoding,
+					std_file_size: file.size,
 				},
 			});
 
-			const result = await response.json();
-			console.log(result.data);
+			const createEvidence = await this.prisma.applicationPaymentEvidence.create({
+				data: {
+					pe_transaction_ref: verifyBankResponse.data.data.rawSlip.transRef,
+					pe_transaction_payload: verifyBankResponse.data.data.rawSlip.payload,
+					pe_transaction_date: new Date(verifyBankResponse.data.data.rawSlip.date),
+
+					pe_transaction_expect_amount: config.payment.reciever.amount,
+					pe_transaction_actual_amount: verifyBankResponse.data.data.rawSlip.amount.amount,
+
+					pe_json: JSON.stringify(verifyBankResponse.data),
+
+					pe_sender_account_name: verifyBankResponse.data.data.rawSlip.sender.account.name.en || verifyBankResponse.data.data.rawSlip.sender.account.name.th || "",
+					pe_sender_account_number: verifyBankResponse.data.data.rawSlip.sender.account.proxy?.account || "",
+
+					pe_sender_bank_id: verifyBankResponse.data.data.rawSlip.sender.bank?.id,
+					pe_sender_bank_name: verifyBankResponse.data.data.rawSlip.sender.bank?.name,
+
+					pe_reciever_account_name: verifyBankResponse.data.data.rawSlip.receiver.account.name.en || verifyBankResponse.data.data.rawSlip.receiver.account.name.th || "",
+					pe_reciever_account_number: verifyBankResponse.data.data.rawSlip.receiver.account.proxy?.account || "",
+
+					pe_reciever_bank_id: verifyBankResponse.data.data.rawSlip.receiver.bank?.id || "",
+					pe_reciever_bank_name: verifyBankResponse.data.data.rawSlip.receiver.bank?.name || "",
+
+					std_file_key: createFile.std_file_key,
+					std_application_id: createFile.std_application_id,
+				},
+			});
+
+			if ((await this.paymentStatusUpdater(userId, applicationPaymentEvidenceDto.application_id)) === false) {
+				throw new NotAcceptableException(`Wrong amount: ${verifyBankResponse.data.data.rawSlip.amount.amount}`);
+			}
+
+			await this.confirmUpdater(userId, applicationPaymentEvidenceDto.application_id);
+
+			const updatedEvidence = await this.prisma.applicationPaymentEvidence.findMany({
+				where: {
+					std_application_id: applicationPaymentEvidenceDto.application_id,
+					std_application: {
+						std_user_id: userId,
+					},
+				},
+				include: {
+					std_file: true,
+				},
+			});
+
+			return updatedEvidence;
 		} catch (e) {
 			console.log(e);
 			this.logger.error(e);
@@ -84,54 +193,37 @@ export class ApplicationPaymentEvidenceService {
 		}
 	}
 
-	// async uploadEvidence(userId: string, applicationPaymentEvidenceDto: ApplicationPaymentEvidenceDto, file: Express.Multer.File) {
-	// 	try {
-	// 		// upload slip allow to access by url
-	// 		const key = uuid.v4();
-	// 		await this.s3.send(
-	// 			new PutObjectCommand({
-	// 				Bucket: config.s3.bucket,
-	// 				Key: key,
-	// 				Body: file.buffer,
-	// 				ContentType: file.mimetype,
-	// 			}),
-	// 		);
-
-	// 		const slipVerificationResponse: AxiosResponse<SlipVerificationResponse> = await axios.post(
-	// 			"https://connect.slip2go.com/api/verify-slip/qr-image-link/info",
-	// 			{
-	// 				payload: {
-	// 					imageUrl: await this.s3.signedUrl(key),
-	// 				},
-	// 			},
-	// 			{
-	// 				headers: {
-	// 					Authorization: `Bearer ${config.apis.slip2goKey}`,
-	// 				},
-	// 			},
-	// 		);
-
-	// 		console.dir(slipVerificationResponse.data.data);
-
-	// 		// const newApplicationEvidenceFile = await this.prisma.applicationFile.create({
-	// 		// 	data: {
-	// 		// 		std_application_id: applicationPaymentEvidenceDto.application_id,
-	// 		// 		std_file_key: key,
-	// 		// 		std_file_type: "file_slip",
-	// 		// 		std_file_originalname: file.originalname,
-	// 		// 		std_file_mimetype: file.mimetype,
-	// 		// 		std_file_encoding: file.encoding,
-	// 		// 		std_file_size: file.size,
-	// 		// 	},
-	// 		// });
-	// 	} catch (e) {
-	// 		console.log(e);
-	// 		this.logger.error(e);
-	// 		if (e instanceof HttpException) {
-	// 			throw e;
-	// 		}
-
-	// 		throw new InternalServerErrorException(e);
-	// 	}
-	// }
+	private async paymentStatusUpdater(userId: string, application_id: string) {
+		const findEvidence = await this.prisma.applicationPaymentEvidence.findMany({
+			where: {
+				std_application_id: application_id,
+				std_application: {
+					std_user_id: userId,
+				},
+			},
+		});
+
+		if (findEvidence.length === 0) return false;
+
+		const totalAmount = findEvidence.map((evd) => evd.pe_transaction_actual_amount).reduce((a: number, b: number) => a + b) ?? 0;
+		console.log(totalAmount);
+		if (totalAmount < config.payment.reciever.amount) return false;
+
+		await this.prisma.applicationStatus.update({
+			where: {
+				std_application_id: application_id,
+				std_application: {
+					std_user_id: userId,
+				},
+			},
+			data: {
+				std_status_payment_done: true,
+			},
+		});
+		return true;
+	}
+
+	private async confirmUpdater(userId: string, application_id: string) {
+		await this.applicationConfirmationService.isConfirmApplication(userId, { application_id: application_id, confirm: true, reason: "" });
+	}
 }

src/modules/application-status/application-status.service.ts

@@ -18,6 +18,9 @@ export class ApplicationStatusService {
 						std_user_id: userId,
 					},
 				},
+				include: {
+					std_application: true,
+				},
 			});
 
 			return applicationStatus ? applicationStatus : new NotFoundException();