نمونه کد بک‌اند

npm install axios uuid dotenv express
npm install -D typescript @types/uuid @types/express

pip install requests python-dotenv flask psycopg2-binary

composer require guzzlehttp/guzzle ramsey/uuid vlucas/phpdotenv

go get github.com/google/uuid
go get github.com/joho/godotenv
go get github.com/lib/pq

dotnet add package Microsoft.EntityFrameworkCore
dotnet add package Npgsql.EntityFrameworkCore.PostgreSQL
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer

// services/payment.config.ts
export interface PaymentConfig {
  apiUrl: string
  secret: string
  callbackUrl: string
}
 
export const paymentConfig: PaymentConfig = {
  apiUrl: process.env.PAYMENT_GATEWAY_API!,
  secret: process.env.PAYMENT_GATEWAY_SECRET!,
  callbackUrl: process.env.PAYMENT_CALLBACK_URL!,
}

# services/payment_config.py
import os
from dataclasses import dataclass
 
@dataclass
class PaymentConfig:
    api_url: str
    secret: str
    callback_url: str
 
payment_config = PaymentConfig(
    api_url=os.environ['PAYMENT_GATEWAY_API'],
    secret=os.environ['PAYMENT_GATEWAY_SECRET'],
    callback_url=os.environ['PAYMENT_CALLBACK_URL'],
)

// config/payment.php
return [
  'api_url'      => env('PAYMENT_GATEWAY_API', 'https://openapi.basalam.com/v1/pay'),
  'secret'       => env('PAYMENT_GATEWAY_SECRET'),
  'callback_url' => env('PAYMENT_CALLBACK_URL'),
];

// payment/config.go
package payment
 
import "os"
 
type Config struct {
  APIUrl      string
  Secret      string
  CallbackURL string
}
 
func LoadConfig() Config {
  return Config{
    APIUrl:      os.Getenv("PAYMENT_GATEWAY_API"),
    Secret:      os.Getenv("PAYMENT_GATEWAY_SECRET"),
    CallbackURL: os.Getenv("PAYMENT_CALLBACK_URL"),
  }
}

// Services/PaymentConfig.cs
public class PaymentConfig
{
    public string ApiUrl { get; set; }
    public string Secret { get; set; }
    public string CallbackUrl { get; set; }
}

// appsettings.json
{
  "Payment": {
    "ApiUrl": "https://openapi.basalam.com/v1/pay",
    "Secret": "your_secret_key",
    "CallbackUrl": "https://yourdomain.com/api/payment/callback"
  }
}

// services/payment.service.ts
import { v4 as uuidv4 } from 'uuid'
import axios from 'axios'
import { PaymentConfig } from './payment.config'
 
export class PaymentService {
  constructor(private config: PaymentConfig, private db: any) {}
 
  static tomanToRial(toman: number) { return toman * 10 }
  static rialToToman(rial: number) { return Math.round(rial / 10) }
 
  private generateReferenceId(userId: number, plan: string) {
    const random = uuidv4().replace(/-/g, '').substring(0, 12)
    return `${plan.toUpperCase()}-${userId}-${Date.now()}-${random}`
  }
 
  async initiatePayment(userId: number, plan: string, amountRial: number) {
    const referenceId = this.generateReferenceId(userId, plan)
 
    await this.db.query(
      `INSERT INTO payment_transactions (user_id, reference_id, plan, amount, status)
       VALUES ($1, $2, $3, $4, 'pending')`,
      [userId, referenceId, plan, amountRial]
    )
 
    try {
      const { data } = await axios.post(
        `${this.config.apiUrl}/pay/transactions`,
        {
          reference_id: referenceId,
          amount: amountRial,
          description: this.describePlan(plan),
          callback_url: this.config.callbackUrl,
        },
        { headers: { 'X-Gateway-Secret': this.config.secret }, timeout: 30_000 }
      )
 
      await this.db.query(
        `UPDATE payment_transactions
         SET meta_data = $1, fee = $2, updated_at = NOW()
         WHERE reference_id = $3`,
        [JSON.stringify({ hash_id: data.hash_id }), data.order?.fee ?? null, referenceId]
      )
 
      return { url: data.pay_url, hashId: data.hash_id, referenceId }
    } catch (err: any) {
      await this.markFailed(referenceId)
      throw new Error(err.response?.data?.message || 'خطا در اتصال به درگاه پرداخت')
    }
  }
 
  async handleCallback(params: {
    hashId: string
    referenceId: string
    status: string
    refId?: string
  }) {
    const { rows } = await this.db.query(
      `SELECT * FROM payment_transactions WHERE reference_id = $1`,
      [params.referenceId]
    )
    if (rows.length === 0) throw new Error('TRANSACTION_NOT_FOUND')
    const tx = rows[0]
 
    if (params.refId) {
      await this.db.query(
        `UPDATE payment_transactions SET ref_id = $1, updated_at = NOW() WHERE reference_id = $2`,
        [params.refId, params.referenceId]
      )
    }
 
    if (params.status === 'failed') {
      await this.markFailed(params.referenceId)
      return { userId: tx.user_id, plan: tx.plan, success: false }
    }
 
    // در صورت ابهام، با inquiry وضعیت را روشن کن
    let status = params.status
    if (!['success', 'unverified'].includes(status)) {
      const inquiry = await this.inquiry(params.hashId)
      if (inquiry.status?.id === 3) status = 'success'
      else if (inquiry.status?.id === 5) status = 'unverified'
    }
 
    if (status === 'success' || status === 'unverified') {
      const result = await this.verifyTransaction(params.hashId, params.referenceId, tx.user_id)
      return { userId: tx.user_id, plan: tx.plan, success: result.success }
    }
 
    return { userId: tx.user_id, plan: tx.plan, success: false }
  }
 
  async verifyTransaction(hashId: string, referenceId: string, userId: number) {
    const { rows } = await this.db.query(
      `SELECT * FROM payment_transactions WHERE reference_id = $1`,
      [referenceId]
    )
    const tx = rows[0]
 
    // Idempotency: اگر قبلاً Verify شده، دوباره نزن
    if (tx.verified_at) return { success: true, plan: tx.plan }
 
    try {
      const { data } = await axios.post(
        `${this.config.apiUrl}/pay/transactions/${hashId}/verify`,
        {},
        { headers: { 'X-Gateway-Secret': this.config.secret }, timeout: 30_000 }
      )
 
      if (data.status?.id !== 3) throw new Error('PAYMENT_NOT_CONFIRMED')
 
      await this.db.query(
        `UPDATE payment_transactions
         SET status = 'verified', verified_at = NOW(),
             transaction_id = $1, ref_id = COALESCE($2, ref_id), updated_at = NOW()
         WHERE reference_id = $3`,
        [hashId, data.ref_id, referenceId]
      )
 
      await this.activateSubscription(userId, tx.plan, hashId)
      return { success: true, plan: tx.plan }
    } catch (err: any) {
      // اگر در سمت درگاه قبلاً Verify شده بود، آن را موفق در نظر بگیر
      const status = err.response?.status
      const msg = err.response?.data?.message ?? ''
      if (status === 410 || (status === 422 && msg.includes('قبلاً'))) {
        await this.db.query(
          `UPDATE payment_transactions
           SET status = 'verified', verified_at = NOW(), updated_at = NOW()
           WHERE reference_id = $1`,
          [referenceId]
        )
        await this.activateSubscription(userId, tx.plan, hashId)
        return { success: true, plan: tx.plan }
      }
      await this.markFailed(referenceId)
      throw err
    }
  }
 
  private async inquiry(hashId: string) {
    const { data } = await axios.get(
      `${this.config.apiUrl}/pay/transactions/${hashId}/inquiry`,
      { headers: { 'X-Gateway-Secret': this.config.secret }, timeout: 30_000 }
    )
    return data
  }
 
  private async activateSubscription(userId: number, plan: string, paymentRef: string) {
    const days = plan === 'premium_monthly' ? 30 : 365
    const startsAt = new Date()
    const endsAt = new Date(Date.now() + days * 86400 * 1000)
 
    await this.db.query(
      `INSERT INTO subscriptions (user_id, plan, status, starts_at, ends_at, payment_ref)
       VALUES ($1, $2, 'active', $3, $4, $5)`,
      [userId, plan, startsAt, endsAt, paymentRef]
    )
    await this.db.query(`UPDATE users SET plan = $1 WHERE id = $2`, [plan, userId])
  }
 
  private async markFailed(referenceId: string) {
    await this.db.query(
      `UPDATE payment_transactions SET status = 'failed', updated_at = NOW() WHERE reference_id = $1`,
      [referenceId]
    )
  }
 
  private describePlan(plan: string) {
    return plan === 'premium_monthly' ? 'اشتراک پریمیوم ماهانه' : 'اشتراک پریمیوم سالانه'
  }
}

# services/payment_service.py
import time, uuid, requests
from datetime import datetime, timedelta
from .payment_config import PaymentConfig
 
class PaymentService:
    def __init__(self, config: PaymentConfig, db):
        self.config = config
        self.db = db
 
    @staticmethod
    def toman_to_rial(toman: int) -> int:
        return toman * 10
 
    @staticmethod
    def rial_to_toman(rial: int) -> int:
        return round(rial / 10)
 
    def _generate_reference_id(self, user_id: int, plan: str) -> str:
        ts = int(time.time() * 1000)
        random = uuid.uuid4().hex[:12]
        return f"{plan.upper()}-{user_id}-{ts}-{random}"
 
    def initiate_payment(self, user_id: int, plan: str, amount_rial: int) -> dict:
        reference_id = self._generate_reference_id(user_id, plan)
 
        cur = self.db.cursor()
        cur.execute(
            """INSERT INTO payment_transactions (user_id, reference_id, plan, amount, status)
               VALUES (%s, %s, %s, %s, 'pending')""",
            (user_id, reference_id, plan, amount_rial),
        )
        self.db.commit()
 
        try:
            response = requests.post(
                f"{self.config.api_url}/pay/transactions",
                json={
                    'reference_id': reference_id,
                    'amount': amount_rial,
                    'description': self._describe_plan(plan),
                    'callback_url': self.config.callback_url,
                },
                headers={'X-Gateway-Secret': self.config.secret},
                timeout=30,
            )
            response.raise_for_status()
            data = response.json()
 
            cur.execute(
                """UPDATE payment_transactions
                   SET meta_data = %s, fee = %s, updated_at = NOW()
                   WHERE reference_id = %s""",
                (f'{{"hash_id": "{data["hash_id"]}"}}', data.get('order', {}).get('fee'), reference_id),
            )
            self.db.commit()
 
            return {'url': data['pay_url'], 'hash_id': data['hash_id'], 'reference_id': reference_id}
        except requests.RequestException as err:
            self._mark_failed(reference_id)
            msg = 'خطا در اتصال به درگاه پرداخت'
            if err.response is not None:
                try: msg = err.response.json().get('message', msg)
                except Exception: pass
            raise Exception(msg)
 
    def handle_callback(self, hash_id: str, reference_id: str, status: str, ref_id: str = None) -> dict:
        cur = self.db.cursor()
        cur.execute("SELECT * FROM payment_transactions WHERE reference_id = %s", (reference_id,))
        tx = cur.fetchone()
        if not tx:
            raise Exception('TRANSACTION_NOT_FOUND')
 
        if ref_id:
            cur.execute(
                "UPDATE payment_transactions SET ref_id = %s, updated_at = NOW() WHERE reference_id = %s",
                (ref_id, reference_id),
            )
            self.db.commit()
 
        if status == 'failed':
            self._mark_failed(reference_id)
            return {'user_id': tx['user_id'], 'plan': tx['plan'], 'success': False}
 
        if status not in ('success', 'unverified'):
            inquiry = self._inquiry(hash_id)
            if inquiry.get('status', {}).get('id') == 3: status = 'success'
            elif inquiry.get('status', {}).get('id') == 5: status = 'unverified'
 
        if status in ('success', 'unverified'):
            result = self.verify_transaction(hash_id, reference_id, tx['user_id'])
            return {'user_id': tx['user_id'], 'plan': tx['plan'], 'success': result['success']}
 
        return {'user_id': tx['user_id'], 'plan': tx['plan'], 'success': False}
 
    def verify_transaction(self, hash_id: str, reference_id: str, user_id: int) -> dict:
        cur = self.db.cursor()
        cur.execute("SELECT * FROM payment_transactions WHERE reference_id = %s", (reference_id,))
        tx = cur.fetchone()
 
        if tx['verified_at']:
            return {'success': True, 'plan': tx['plan']}
 
        response = requests.post(
            f"{self.config.api_url}/pay/transactions/{hash_id}/verify",
            headers={'X-Gateway-Secret': self.config.secret},
            timeout=30,
        )
 
        if response.status_code in (410, 422):
            try: msg = response.json().get('message', '')
            except Exception: msg = ''
            if 'قبلاً' in msg:
                cur.execute(
                    """UPDATE payment_transactions
                       SET status='verified', verified_at=NOW(), updated_at=NOW()
                       WHERE reference_id = %s""",
                    (reference_id,),
                )
                self.db.commit()
                self._activate_subscription(user_id, tx['plan'], hash_id)
                return {'success': True, 'plan': tx['plan']}
 
        try:
            response.raise_for_status()
        except requests.RequestException:
            self._mark_failed(reference_id)
            raise
 
        data = response.json()
        if data['status']['id'] != 3:
            self._mark_failed(reference_id)
            raise Exception('PAYMENT_NOT_CONFIRMED')
 
        cur.execute(
            """UPDATE payment_transactions
               SET status='verified', verified_at=NOW(), transaction_id=%s,
                   ref_id=COALESCE(%s, ref_id), updated_at=NOW()
               WHERE reference_id = %s""",
            (hash_id, data.get('ref_id'), reference_id),
        )
        self.db.commit()
        self._activate_subscription(user_id, tx['plan'], hash_id)
        return {'success': True, 'plan': tx['plan']}
 
    def _inquiry(self, hash_id: str) -> dict:
        response = requests.get(
            f"{self.config.api_url}/pay/transactions/{hash_id}/inquiry",
            headers={'X-Gateway-Secret': self.config.secret},
            timeout=30,
        )
        response.raise_for_status()
        return response.json()
 
    def _activate_subscription(self, user_id: int, plan: str, payment_ref: str):
        days = 30 if plan == 'premium_monthly' else 365
        starts_at = datetime.now()
        ends_at = starts_at + timedelta(days=days)
        cur = self.db.cursor()
        cur.execute(
            """INSERT INTO subscriptions (user_id, plan, status, starts_at, ends_at, payment_ref)
               VALUES (%s, %s, 'active', %s, %s, %s)""",
            (user_id, plan, starts_at, ends_at, payment_ref),
        )
        cur.execute("UPDATE users SET plan = %s WHERE id = %s", (plan, user_id))
        self.db.commit()
 
    def _mark_failed(self, reference_id: str):
        cur = self.db.cursor()
        cur.execute(
            "UPDATE payment_transactions SET status='failed', updated_at=NOW() WHERE reference_id = %s",
            (reference_id,),
        )
        self.db.commit()
 
    def _describe_plan(self, plan: str) -> str:
        return 'اشتراک پریمیوم ماهانه' if plan == 'premium_monthly' else 'اشتراک پریمیوم سالانه'

// app/Services/PaymentService.php
namespace App\Services;
 
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Str;
 
class PaymentService
{
    private string $apiUrl;
    private string $secret;
    private string $callbackUrl;
 
    public function __construct()
    {
        $this->apiUrl      = config('payment.api_url');
        $this->secret      = config('payment.secret');
        $this->callbackUrl = config('payment.callback_url');
    }
 
    public static function tomanToRial(int $toman): int { return $toman * 10; }
    public static function rialToToman(int $rial): int { return (int) round($rial / 10); }
 
    private function generateReferenceId(int $userId, string $plan): string
    {
        $ts = now()->timestamp * 1000;
        return strtoupper($plan) . "-{$userId}-{$ts}-" . Str::random(12);
    }
 
    public function initiatePayment(int $userId, string $plan, int $amountRial): array
    {
        $referenceId = $this->generateReferenceId($userId, $plan);
 
        DB::table('payment_transactions')->insert([
            'user_id' => $userId, 'reference_id' => $referenceId,
            'plan' => $plan, 'amount' => $amountRial, 'status' => 'pending',
            'created_at' => now(), 'updated_at' => now(),
        ]);
 
        try {
            $response = Http::withHeaders([
                'X-Gateway-Secret' => $this->secret,
            ])->timeout(30)->post("{$this->apiUrl}/pay/transactions", [
                'reference_id' => $referenceId,
                'amount' => $amountRial,
                'description' => $this->describePlan($plan),
                'callback_url' => $this->callbackUrl,
            ]);
 
            if (!$response->successful()) {
                throw new \Exception($response->json()['message'] ?? 'خطا در اتصال به درگاه');
            }
 
            $data = $response->json();
 
            DB::table('payment_transactions')->where('reference_id', $referenceId)->update([
                'meta_data' => json_encode(['hash_id' => $data['hash_id']]),
                'fee' => $data['order']['fee'] ?? null,
                'updated_at' => now(),
            ]);
 
            return ['url' => $data['pay_url'], 'hash_id' => $data['hash_id'], 'reference_id' => $referenceId];
        } catch (\Throwable $e) {
            $this->markFailed($referenceId);
            throw $e;
        }
    }
 
    public function handleCallback(string $hashId, string $referenceId, string $status, ?string $refId = null): array
    {
        $tx = DB::table('payment_transactions')->where('reference_id', $referenceId)->first();
        if (!$tx) throw new \Exception('TRANSACTION_NOT_FOUND');
 
        if ($refId) {
            DB::table('payment_transactions')->where('reference_id', $referenceId)
              ->update(['ref_id' => $refId, 'updated_at' => now()]);
        }
 
        if ($status === 'failed') {
            $this->markFailed($referenceId);
            return ['user_id' => $tx->user_id, 'plan' => $tx->plan, 'success' => false];
        }
 
        if (!in_array($status, ['success', 'unverified'], true)) {
            $inquiry = $this->inquiry($hashId);
            $statusId = $inquiry['status']['id'] ?? 0;
            if ($statusId === 3) $status = 'success';
            elseif ($statusId === 5) $status = 'unverified';
        }
 
        if (in_array($status, ['success', 'unverified'], true)) {
            $result = $this->verifyTransaction($hashId, $referenceId, $tx->user_id);
            return ['user_id' => $tx->user_id, 'plan' => $tx->plan, 'success' => $result['success']];
        }
 
        return ['user_id' => $tx->user_id, 'plan' => $tx->plan, 'success' => false];
    }
 
    public function verifyTransaction(string $hashId, string $referenceId, int $userId): array
    {
        $tx = DB::table('payment_transactions')->where('reference_id', $referenceId)->first();
 
        if ($tx->verified_at) return ['success' => true, 'plan' => $tx->plan];
 
        $response = Http::withHeaders([
            'X-Gateway-Secret' => $this->secret,
        ])->timeout(30)->post("{$this->apiUrl}/pay/transactions/{$hashId}/verify");
 
        if (in_array($response->status(), [410, 422], true)) {
            $msg = $response->json()['message'] ?? '';
            if (str_contains($msg, 'قبلاً')) {
                DB::table('payment_transactions')->where('reference_id', $referenceId)->update([
                    'status' => 'verified', 'verified_at' => now(), 'updated_at' => now(),
                ]);
                $this->activateSubscription($userId, $tx->plan, $hashId);
                return ['success' => true, 'plan' => $tx->plan];
            }
        }
 
        if (!$response->successful()) {
            $this->markFailed($referenceId);
            throw new \Exception('VERIFY_FAILED');
        }
 
        $data = $response->json();
        if (($data['status']['id'] ?? 0) !== 3) {
            $this->markFailed($referenceId);
            throw new \Exception('PAYMENT_NOT_CONFIRMED');
        }
 
        DB::table('payment_transactions')->where('reference_id', $referenceId)->update([
            'status' => 'verified',
            'verified_at' => now(),
            'transaction_id' => $hashId,
            'ref_id' => $data['ref_id'] ?? $tx->ref_id,
            'updated_at' => now(),
        ]);
 
        $this->activateSubscription($userId, $tx->plan, $hashId);
        return ['success' => true, 'plan' => $tx->plan];
    }
 
    private function inquiry(string $hashId): array
    {
        return Http::withHeaders(['X-Gateway-Secret' => $this->secret])
            ->timeout(30)
            ->get("{$this->apiUrl}/pay/transactions/{$hashId}/inquiry")
            ->json();
    }
 
    private function activateSubscription(int $userId, string $plan, string $paymentRef): void
    {
        $days = $plan === 'premium_monthly' ? 30 : 365;
        DB::table('subscriptions')->insert([
            'user_id' => $userId, 'plan' => $plan, 'status' => 'active',
            'starts_at' => now(), 'ends_at' => now()->addDays($days),
            'payment_ref' => $paymentRef, 'created_at' => now(),
        ]);
        DB::table('users')->where('id', $userId)->update(['plan' => $plan]);
    }
 
    private function markFailed(string $referenceId): void
    {
        DB::table('payment_transactions')->where('reference_id', $referenceId)
          ->update(['status' => 'failed', 'updated_at' => now()]);
    }
 
    private function describePlan(string $plan): string
    {
        return $plan === 'premium_monthly' ? 'اشتراک پریمیوم ماهانه' : 'اشتراک پریمیوم سالانه';
    }
}

// payment/service.go
package payment
 
import (
  "bytes"
  "database/sql"
  "encoding/json"
  "fmt"
  "io"
  "net/http"
  "strings"
  "time"
 
  "github.com/google/uuid"
)
 
type Service struct {
  config Config
  db     *sql.DB
  client *http.Client
}
 
func NewService(config Config, db *sql.DB) *Service {
  return &Service{config: config, db: db, client: &http.Client{Timeout: 30 * time.Second}}
}
 
func TomanToRial(toman int64) int64 { return toman * 10 }
func RialToToman(rial int64) int64  { return rial / 10 }
 
func (s *Service) generateReferenceID(userID int64, plan string) string {
  return fmt.Sprintf("%s-%d-%d-%s",
    strings.ToUpper(plan), userID, time.Now().UnixMilli(), uuid.New().String()[:12])
}
 
func (s *Service) InitiatePayment(userID int64, plan string, amountRial int64) (map[string]string, error) {
  referenceID := s.generateReferenceID(userID, plan)
 
  _, err := s.db.Exec(
    `INSERT INTO payment_transactions (user_id, reference_id, plan, amount, status, created_at, updated_at)
     VALUES ($1, $2, $3, $4, 'pending', NOW(), NOW())`,
    userID, referenceID, plan, amountRial,
  )
  if err != nil {
    return nil, fmt.Errorf("create transaction: %w", err)
  }
 
  body, _ := json.Marshal(map[string]interface{}{
    "reference_id": referenceID,
    "amount":       amountRial,
    "description":  describePlan(plan),
    "callback_url": s.config.CallbackURL,
  })
 
  req, _ := http.NewRequest("POST", s.config.APIUrl+"/pay/transactions", bytes.NewBuffer(body))
  req.Header.Set("X-Gateway-Secret", s.config.Secret)
  req.Header.Set("Content-Type", "application/json")
 
  resp, err := s.client.Do(req)
  if err != nil {
    s.markFailed(referenceID)
    return nil, fmt.Errorf("gateway: %w", err)
  }
  defer resp.Body.Close()
 
  if resp.StatusCode >= 300 {
    s.markFailed(referenceID)
    return nil, fmt.Errorf("gateway status %d", resp.StatusCode)
  }
 
  var data struct {
    HashID string `json:"hash_id"`
    PayURL string `json:"pay_url"`
    Order  struct{ Fee int64 `json:"fee"` } `json:"order"`
  }
  if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
    return nil, err
  }
 
  meta, _ := json.Marshal(map[string]string{"hash_id": data.HashID})
  s.db.Exec(
    `UPDATE payment_transactions SET meta_data = $1, fee = $2, updated_at = NOW() WHERE reference_id = $3`,
    meta, data.Order.Fee, referenceID,
  )
 
  return map[string]string{
    "url":          data.PayURL,
    "hash_id":      data.HashID,
    "reference_id": referenceID,
  }, nil
}
 
func (s *Service) HandleCallback(hashID, referenceID, status string, refID *string) (map[string]interface{}, error) {
  var tx struct {
    UserID int64
    Plan   string
    VerifiedAt *time.Time
  }
  err := s.db.QueryRow(
    `SELECT user_id, plan, verified_at FROM payment_transactions WHERE reference_id = $1`,
    referenceID,
  ).Scan(&tx.UserID, &tx.Plan, &tx.VerifiedAt)
  if err != nil {
    return nil, fmt.Errorf("transaction not found: %w", err)
  }
 
  if refID != nil {
    s.db.Exec(
      `UPDATE payment_transactions SET ref_id = $1, updated_at = NOW() WHERE reference_id = $2`,
      *refID, referenceID,
    )
  }
 
  if status == "failed" {
    s.markFailed(referenceID)
    return map[string]interface{}{"user_id": tx.UserID, "plan": tx.Plan, "success": false}, nil
  }
 
  if status == "success" || status == "unverified" {
    result, err := s.VerifyTransaction(hashID, referenceID, tx.UserID)
    if err != nil {
      return nil, err
    }
    return map[string]interface{}{"user_id": tx.UserID, "plan": tx.Plan, "success": result["success"]}, nil
  }
 
  return map[string]interface{}{"user_id": tx.UserID, "plan": tx.Plan, "success": false}, nil
}
 
func (s *Service) VerifyTransaction(hashID, referenceID string, userID int64) (map[string]interface{}, error) {
  var verifiedAt *time.Time
  var plan string
  err := s.db.QueryRow(
    `SELECT verified_at, plan FROM payment_transactions WHERE reference_id = $1`,
    referenceID,
  ).Scan(&verifiedAt, &plan)
  if err != nil {
    return nil, err
  }
  if verifiedAt != nil {
    return map[string]interface{}{"success": true, "plan": plan}, nil
  }
 
  req, _ := http.NewRequest("POST", s.config.APIUrl+"/pay/transactions/"+hashID+"/verify", nil)
  req.Header.Set("X-Gateway-Secret", s.config.Secret)
 
  resp, err := s.client.Do(req)
  if err != nil {
    s.markFailed(referenceID)
    return nil, err
  }
  defer resp.Body.Close()
 
  bodyBytes, _ := io.ReadAll(resp.Body)
  if resp.StatusCode == 410 || resp.StatusCode == 422 {
    if strings.Contains(string(bodyBytes), "قبلاً") {
      s.db.Exec(
        `UPDATE payment_transactions
         SET status='verified', verified_at=NOW(), updated_at=NOW() WHERE reference_id = $1`,
        referenceID,
      )
      if err := s.activateSubscription(userID, plan, hashID); err != nil {
        return nil, err
      }
      return map[string]interface{}{"success": true, "plan": plan}, nil
    }
  }
 
  if resp.StatusCode >= 300 {
    s.markFailed(referenceID)
    return nil, fmt.Errorf("verify failed: status %d", resp.StatusCode)
  }
 
  var data struct {
    Status struct{ ID int `json:"id"` } `json:"status"`
    RefID  string `json:"ref_id"`
  }
  json.Unmarshal(bodyBytes, &data)
 
  if data.Status.ID != 3 {
    s.markFailed(referenceID)
    return nil, fmt.Errorf("payment not confirmed")
  }
 
  s.db.Exec(
    `UPDATE payment_transactions
     SET status='verified', verified_at=NOW(), transaction_id=$1, ref_id=$2, updated_at=NOW()
     WHERE reference_id = $3`,
    hashID, data.RefID, referenceID,
  )
  if err := s.activateSubscription(userID, plan, hashID); err != nil {
    return nil, err
  }
  return map[string]interface{}{"success": true, "plan": plan}, nil
}
 
func (s *Service) activateSubscription(userID int64, plan, paymentRef string) error {
  days := 30
  if plan == "premium_yearly" {
    days = 365
  }
  _, err := s.db.Exec(
    `INSERT INTO subscriptions (user_id, plan, status, starts_at, ends_at, payment_ref, created_at)
     VALUES ($1, $2, 'active', $3, $4, $5, NOW())`,
    userID, plan, time.Now(), time.Now().AddDate(0, 0, days), paymentRef,
  )
  if err != nil {
    return err
  }
  _, err = s.db.Exec(`UPDATE users SET plan = $1 WHERE id = $2`, plan, userID)
  return err
}
 
func (s *Service) markFailed(referenceID string) {
  s.db.Exec(
    `UPDATE payment_transactions SET status='failed', updated_at=NOW() WHERE reference_id = $1`,
    referenceID,
  )
}
 
func describePlan(plan string) string {
  if plan == "premium_monthly" {
    return "اشتراک پریمیوم ماهانه"
  }
  return "اشتراک پریمیوم سالانه"
}

// Services/PaymentService.cs
using System.Net;
using System.Text;
using System.Text.Json;
using Microsoft.EntityFrameworkCore;
 
public class PaymentService
{
    private readonly PaymentConfig _config;
    private readonly ApplicationDbContext _db;
    private readonly HttpClient _http;
 
    public PaymentService(PaymentConfig config, ApplicationDbContext db, HttpClient http)
    {
        _config = config; _db = db; _http = http;
        _http.DefaultRequestHeaders.Add("X-Gateway-Secret", _config.Secret);
        _http.Timeout = TimeSpan.FromSeconds(30);
    }
 
    public static long TomanToRial(long toman) => toman * 10;
    public static long RialToToman(long rial) => rial / 10;
 
    private string GenerateReferenceId(long userId, string plan)
    {
        var ts = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
        var random = Guid.NewGuid().ToString("N").Substring(0, 12);
        return $"{plan.ToUpper()}-{userId}-{ts}-{random}";
    }
 
    public async Task<Dictionary<string, string>> InitiatePayment(long userId, string plan, long amountRial)
    {
        var referenceId = GenerateReferenceId(userId, plan);
 
        var tx = new PaymentTransaction
        {
            UserId = userId, ReferenceId = referenceId,
            Plan = plan, Amount = amountRial, Status = "pending",
            CreatedAt = DateTime.UtcNow, UpdatedAt = DateTime.UtcNow,
        };
        _db.PaymentTransactions.Add(tx);
        await _db.SaveChangesAsync();
 
        try
        {
            var body = JsonSerializer.Serialize(new
            {
                reference_id = referenceId,
                amount = amountRial,
                description = DescribePlan(plan),
                callback_url = _config.CallbackUrl,
            });
 
            var resp = await _http.PostAsync(
                $"{_config.ApiUrl}/pay/transactions",
                new StringContent(body, Encoding.UTF8, "application/json"));
 
            resp.EnsureSuccessStatusCode();
            var data = JsonSerializer.Deserialize<GatewayResponse>(
                await resp.Content.ReadAsStringAsync(),
                new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
 
            tx.MetaData = JsonSerializer.Serialize(new { hash_id = data!.HashId });
            tx.Fee = data.Order?.Fee;
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
 
            return new Dictionary<string, string>
            {
                ["url"] = data.PayUrl,
                ["hash_id"] = data.HashId,
                ["reference_id"] = referenceId,
            };
        }
        catch
        {
            tx.Status = "failed";
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
            throw;
        }
    }
 
    public async Task<Dictionary<string, object>> HandleCallback(
        string hashId, string referenceId, string status, string? refId = null)
    {
        var tx = await _db.PaymentTransactions.FirstOrDefaultAsync(t => t.ReferenceId == referenceId)
            ?? throw new Exception("TRANSACTION_NOT_FOUND");
 
        if (!string.IsNullOrEmpty(refId))
        {
            tx.RefId = refId;
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
        }
 
        if (status == "failed")
        {
            tx.Status = "failed";
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
            return new() { ["user_id"] = tx.UserId, ["plan"] = tx.Plan, ["success"] = false };
        }
 
        if (status == "success" || status == "unverified")
        {
            var result = await VerifyTransaction(hashId, referenceId, tx.UserId);
            return new() { ["user_id"] = tx.UserId, ["plan"] = tx.Plan, ["success"] = result["success"] };
        }
 
        return new() { ["user_id"] = tx.UserId, ["plan"] = tx.Plan, ["success"] = false };
    }
 
    public async Task<Dictionary<string, object>> VerifyTransaction(string hashId, string referenceId, long userId)
    {
        var tx = await _db.PaymentTransactions.FirstAsync(t => t.ReferenceId == referenceId);
        if (tx.VerifiedAt.HasValue)
            return new() { ["success"] = true, ["plan"] = tx.Plan };
 
        var resp = await _http.PostAsync(
            $"{_config.ApiUrl}/pay/transactions/{hashId}/verify", null);
 
        var content = await resp.Content.ReadAsStringAsync();
 
        if ((resp.StatusCode == HttpStatusCode.Gone ||
             resp.StatusCode == HttpStatusCode.UnprocessableEntity) &&
            content.Contains("قبلاً"))
        {
            tx.Status = "verified";
            tx.VerifiedAt = DateTime.UtcNow;
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
            await ActivateSubscription(userId, tx.Plan, hashId);
            return new() { ["success"] = true, ["plan"] = tx.Plan };
        }
 
        if (!resp.IsSuccessStatusCode)
        {
            tx.Status = "failed";
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
            throw new Exception("VERIFY_FAILED");
        }
 
        var data = JsonSerializer.Deserialize<VerifyResponse>(content,
            new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
 
        if (data!.Status.Id != 3)
        {
            tx.Status = "failed";
            tx.UpdatedAt = DateTime.UtcNow;
            await _db.SaveChangesAsync();
            throw new Exception("PAYMENT_NOT_CONFIRMED");
        }
 
        tx.Status = "verified";
        tx.VerifiedAt = DateTime.UtcNow;
        tx.TransactionId = hashId;
        tx.RefId = data.RefId ?? tx.RefId;
        tx.UpdatedAt = DateTime.UtcNow;
        await _db.SaveChangesAsync();
 
        await ActivateSubscription(userId, tx.Plan, hashId);
        return new() { ["success"] = true, ["plan"] = tx.Plan };
    }
 
    private async Task ActivateSubscription(long userId, string plan, string paymentRef)
    {
        var days = plan == "premium_monthly" ? 30 : 365;
        _db.Subscriptions.Add(new Subscription
        {
            UserId = userId, Plan = plan, Status = "active",
            StartsAt = DateTime.UtcNow,
            EndsAt = DateTime.UtcNow.AddDays(days),
            PaymentRef = paymentRef,
            CreatedAt = DateTime.UtcNow,
        });
        var user = await _db.Users.FindAsync(userId);
        if (user != null) user.Plan = plan;
        await _db.SaveChangesAsync();
    }
 
    private static string DescribePlan(string plan) =>
        plan == "premium_monthly" ? "اشتراک پریمیوم ماهانه" : "اشتراک پریمیوم سالانه";
}

// routes/payment.routes.ts
import express from 'express'
import { PaymentService } from '../services/payment.service'
import { paymentConfig } from '../services/payment.config'
import { authMiddleware } from '../middleware/auth'
import { db } from '../db'
 
const router = express.Router()
const paymentService = new PaymentService(paymentConfig, db)
 
const PRICES_TOMAN: Record<string, number> = {
  premium_monthly: 50_000,
  premium_yearly: 500_000,
}
 
router.post('/initiate', authMiddleware, async (req, res) => {
  const { plan } = req.body
  if (!PRICES_TOMAN[plan]) {
    return res.status(400).json({ error: 'INVALID_PLAN' })
  }
 
  try {
    const amountRial = PaymentService.tomanToRial(PRICES_TOMAN[plan])
    const result = await paymentService.initiatePayment(req.user.id, plan, amountRial)
    res.status(201).json(result)
  } catch (err: any) {
    res.status(500).json({ error: err.message })
  }
})
 
router.get('/callback', async (req, res) => {
  try {
    const result = await paymentService.handleCallback({
      hashId: String(req.query.hash_id),
      referenceId: String(req.query.reference_id),
      status: String(req.query.status),
      refId: req.query.ref_id ? String(req.query.ref_id) : undefined,
    })
    res.redirect(
      result.success
        ? `/payment/result?status=success&plan=${result.plan}`
        : `/payment/result?status=failed`
    )
  } catch {
    res.redirect('/payment/result?status=failed')
  }
})
 
router.post('/verify', authMiddleware, async (req, res) => {
  try {
    const { hash_id, reference_id } = req.body
    const result = await paymentService.verifyTransaction(hash_id, reference_id, req.user.id)
    res.json(result)
  } catch (err: any) {
    res.status(422).json({ error: err.message })
  }
})
 
export default router

# routes/payment_routes.py
from flask import Blueprint, request, jsonify, redirect
from .auth import auth_required
from ..services.payment_service import PaymentService
from ..services.payment_config import payment_config
from ..db import db
 
bp = Blueprint('payment', __name__, url_prefix='/api/payment')
payment_service = PaymentService(payment_config, db)
 
PRICES_TOMAN = {'premium_monthly': 50_000, 'premium_yearly': 500_000}
 
@bp.post('/initiate')
@auth_required
def initiate():
    plan = request.get_json().get('plan')
    if plan not in PRICES_TOMAN:
        return jsonify({'error': 'INVALID_PLAN'}), 400
    try:
        amount_rial = PaymentService.toman_to_rial(PRICES_TOMAN[plan])
        result = payment_service.initiate_payment(request.user['id'], plan, amount_rial)
        return jsonify(result), 201
    except Exception as e:
        return jsonify({'error': str(e)}), 500
 
@bp.get('/callback')
def callback():
    try:
        result = payment_service.handle_callback(
            request.args.get('hash_id'),
            request.args.get('reference_id'),
            request.args.get('status'),
            request.args.get('ref_id'),
        )
        url = (f"/payment/result?status=success&plan={result['plan']}"
               if result['success'] else '/payment/result?status=failed')
        return redirect(url)
    except Exception:
        return redirect('/payment/result?status=failed')
 
@bp.post('/verify')
@auth_required
def verify():
    try:
        data = request.get_json()
        result = payment_service.verify_transaction(
            data['hash_id'], data['reference_id'], request.user['id']
        )
        return jsonify(result)
    except Exception as e:
        return jsonify({'error': str(e)}), 422

// app/Http/Controllers/PaymentController.php
namespace App\Http\Controllers;
 
use App\Services\PaymentService;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
 
class PaymentController extends Controller
{
    private const PRICES_TOMAN = [
        'premium_monthly' => 50_000,
        'premium_yearly'  => 500_000,
    ];
 
    public function __construct(private PaymentService $paymentService) {}
 
    public function initiate(Request $request): JsonResponse
    {
        $request->validate(['plan' => 'required|in:premium_monthly,premium_yearly']);
        try {
            $plan = $request->input('plan');
            $amountRial = PaymentService::tomanToRial(self::PRICES_TOMAN[$plan]);
            $result = $this->paymentService->initiatePayment(auth()->id(), $plan, $amountRial);
            return response()->json($result, 201);
        } catch (\Throwable $e) {
            return response()->json(['error' => $e->getMessage()], 500);
        }
    }
 
    public function callback(Request $request): RedirectResponse
    {
        try {
            $result = $this->paymentService->handleCallback(
                $request->query('hash_id'),
                $request->query('reference_id'),
                $request->query('status'),
                $request->query('ref_id'),
            );
            $url = $result['success']
                ? "/payment/result?status=success&plan={$result['plan']}"
                : '/payment/result?status=failed';
            return redirect($url);
        } catch (\Throwable) {
            return redirect('/payment/result?status=failed');
        }
    }
 
    public function verify(Request $request): JsonResponse
    {
        $request->validate([
            'hash_id'      => 'required|string',
            'reference_id' => 'required|string',
        ]);
        try {
            $result = $this->paymentService->verifyTransaction(
                $request->input('hash_id'),
                $request->input('reference_id'),
                auth()->id(),
            );
            return response()->json($result);
        } catch (\Throwable $e) {
            return response()->json(['error' => $e->getMessage()], 422);
        }
    }
}

// routes/api.php
use App\Http\Controllers\PaymentController;
 
Route::middleware('auth:sanctum')->group(function () {
    Route::post('/payment/initiate', [PaymentController::class, 'initiate']);
    Route::post('/payment/verify',   [PaymentController::class, 'verify']);
});
 
Route::get('/payment/callback', [PaymentController::class, 'callback']);

// handlers/payment.go
package handlers
 
import (
  "encoding/json"
  "fmt"
  "net/http"
 
  "yourapp/payment"
)
 
type Handler struct{ Service *payment.Service }
 
var pricesToman = map[string]int64{
  "premium_monthly": 50_000,
  "premium_yearly":  500_000,
}
 
func (h *Handler) Initiate(w http.ResponseWriter, r *http.Request) {
  userID := r.Context().Value("user_id").(int64)
 
  var req struct{ Plan string `json:"plan"` }
  if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
    http.Error(w, "Invalid request", http.StatusBadRequest)
    return
  }
  price, ok := pricesToman[req.Plan]
  if !ok {
    http.Error(w, "INVALID_PLAN", http.StatusBadRequest)
    return
  }
 
  result, err := h.Service.InitiatePayment(userID, req.Plan, payment.TomanToRial(price))
  if err != nil {
    http.Error(w, err.Error(), http.StatusInternalServerError)
    return
  }
  w.Header().Set("Content-Type", "application/json")
  w.WriteHeader(http.StatusCreated)
  json.NewEncoder(w).Encode(result)
}
 
func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
  q := r.URL.Query()
  var refIDPtr *string
  if v := q.Get("ref_id"); v != "" { refIDPtr = &v }
 
  result, err := h.Service.HandleCallback(q.Get("hash_id"), q.Get("reference_id"), q.Get("status"), refIDPtr)
  if err != nil {
    http.Redirect(w, r, "/payment/result?status=failed", http.StatusFound)
    return
  }
 
  url := "/payment/result?status=failed"
  if result["success"].(bool) {
    url = fmt.Sprintf("/payment/result?status=success&plan=%s", result["plan"].(string))
  }
  http.Redirect(w, r, url, http.StatusFound)
}
 
func (h *Handler) Verify(w http.ResponseWriter, r *http.Request) {
  userID := r.Context().Value("user_id").(int64)
 
  var req struct {
    HashID      string `json:"hash_id"`
    ReferenceID string `json:"reference_id"`
  }
  if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
    http.Error(w, "Invalid request", http.StatusBadRequest)
    return
  }
 
  result, err := h.Service.VerifyTransaction(req.HashID, req.ReferenceID, userID)
  if err != nil {
    http.Error(w, err.Error(), http.StatusUnprocessableEntity)
    return
  }
  w.Header().Set("Content-Type", "application/json")
  json.NewEncoder(w).Encode(result)
}

// Controllers/PaymentController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
 
[ApiController]
[Route("api/[controller]")]
public class PaymentController : ControllerBase
{
    private static readonly Dictionary<string, long> PricesToman = new()
    {
        ["premium_monthly"] = 50_000,
        ["premium_yearly"]  = 500_000,
    };
 
    private readonly PaymentService _paymentService;
    public PaymentController(PaymentService s) => _paymentService = s;
 
    [HttpPost("initiate")]
    [Authorize]
    public async Task<IActionResult> Initiate([FromBody] InitiateRequest req)
    {
        if (!PricesToman.ContainsKey(req.Plan))
            return BadRequest(new { error = "INVALID_PLAN" });
 
        try
        {
            var userId = long.Parse(User.FindFirst("sub")!.Value);
            var amountRial = PaymentService.TomanToRial(PricesToman[req.Plan]);
            var result = await _paymentService.InitiatePayment(userId, req.Plan, amountRial);
            return StatusCode(201, result);
        }
        catch (Exception ex)
        {
            return StatusCode(500, new { error = ex.Message });
        }
    }
 
    [HttpGet("callback")]
    public async Task<IActionResult> Callback(
        [FromQuery] string hash_id, [FromQuery] string reference_id,
        [FromQuery] string status, [FromQuery] string? ref_id = null)
    {
        try
        {
            var result = await _paymentService.HandleCallback(hash_id, reference_id, status, ref_id);
            var url = (bool)result["success"]
                ? $"/payment/result?status=success&plan={result["plan"]}"
                : "/payment/result?status=failed";
            return Redirect(url);
        }
        catch
        {
            return Redirect("/payment/result?status=failed");
        }
    }
 
    [HttpPost("verify")]
    [Authorize]
    public async Task<IActionResult> Verify([FromBody] VerifyRequest req)
    {
        try
        {
            var userId = long.Parse(User.FindFirst("sub")!.Value);
            var result = await _paymentService.VerifyTransaction(req.HashId, req.ReferenceId, userId);
            return Ok(result);
        }
        catch (Exception ex)
        {
            return StatusCode(422, new { error = ex.Message });
        }
    }
}
 
public record InitiateRequest(string Plan);
public record VerifyRequest(string HashId, string ReferenceId);

// app.ts
import express from 'express'
import paymentRoutes from './routes/payment.routes'
 
const app = express()
app.use(express.json())
app.use('/api/payment', paymentRoutes)
 
app.listen(3000, () => console.log('Server on :3000'))

# app.py
from flask import Flask
from routes.payment_routes import bp as payment_bp
 
app = Flask(__name__)
app.register_blueprint(payment_bp)
 
if __name__ == '__main__':
    app.run(port=3000)

// در پروژه‌ی Laravel، routes/api.php و config/payment.php اضافه شدند.
// اپلیکیشن را با artisan اجرا کنید:
php artisan serve

// main.go
package main
 
import (
  "database/sql"
  "log"
  "net/http"
  "os"
 
  _ "github.com/lib/pq"
  "yourapp/handlers"
  "yourapp/payment"
)
 
func main() {
  db, err := sql.Open("postgres", os.Getenv("DATABASE_URL"))
  if err != nil { log.Fatal(err) }
  defer db.Close()
 
  service := payment.NewService(payment.LoadConfig(), db)
  h := &handlers.Handler{Service: service}
 
  http.HandleFunc("/api/payment/initiate", authMiddleware(h.Initiate))
  http.HandleFunc("/api/payment/callback", h.Callback)
  http.HandleFunc("/api/payment/verify",   authMiddleware(h.Verify))
 
  log.Fatal(http.ListenAndServe(":3000", nil))
}

// Program.cs
var builder = WebApplication.CreateBuilder(args);
 
builder.Services.AddSingleton(sp =>
{
    var c = builder.Configuration.GetSection("Payment");
    return new PaymentConfig
    {
        ApiUrl = c["ApiUrl"]!,
        Secret = c["Secret"]!,
        CallbackUrl = c["CallbackUrl"]!,
    };
});
 
builder.Services.AddDbContext<ApplicationDbContext>(o =>
    o.UseNpgsql(builder.Configuration.GetConnectionString("DefaultConnection")));
 
builder.Services.AddHttpClient<PaymentService>();
builder.Services.AddScoped<PaymentService>();
builder.Services.AddControllers();
builder.Services.AddAuthentication("Bearer").AddJwtBearer();
 
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();