Add claude-generated README

2026-04-02 19:31:09 +03:00
parent 6d67e969e0
commit 2402d0e01f
1 changed files with 381 additions and 160 deletions
--- a/README.md
+++ b/README.md
@@ -1,177 +1,398 @@
 # Payouts Service
-## API Endpoints
+A Go service for processing payouts via YooKassa, supporting SBP, YooMoney, bank card, and widget-based payout flows.
-### User Management
+---
-#### Register User
+## API Reference
- **Path**: `/api/v1/user/register`
+
- **Method**: POST
+### `GET /health`
- **Request Parameters**:
+
-  ```json
+Health check endpoint. Verifies database connectivity.
-  {
+
-    "tin": "string",
+**Request parameters:** None
-    "phone": "string",
+
-    "password": "string",
+**Response:**
-    "password_cfm": "string"
+
-  }
+| Status | Body |
-  ```
+|--------|------|
- **Response Parameters**:
+| `200 OK` | `{"OK": true}` |
-  ```json
+| `503 Service Unavailable` | `{"OK": false, "Error": "error details"}` |
-  {
+
-    "status": "string"
+**Example:**
  }
  ```
 - **Curl Example**:
 ```bash
-  curl -X POST http://localhost:8080/api/v1/user/register \
+curl -s http://localhost:8080/health
    -H "Content-Type: application/json" \
    -d '{"tin":"1234567890","phone":"+79991234567","password":"password123","password_cfm":"password123"}'
 ```
-#### User Login
+---
- **Path**: `/api/v1/user/login`
+
- **Method**: POST
+### `GET /version`
- **Request Parameters**:
+
-  ```json
+Returns the application version.
-  {
+
-    "phone": "string",
+**Request parameters:** None
-    "password": "string"
+
-  }
+**Response:** Plain text version string (e.g. `v1.0.0`). If version is `unknown`, the git commit hash from build info is appended.
-  ```
+
- **Response Parameters**:
+**Example:**
  ```json
  {
    "token": "string",
    "token_ttl": "integer"
  }
  ```
 - **Curl Example**:
 ```bash
-  curl -X POST http://localhost:8080/api/v1/user/login \
+curl -s http://localhost:8080/version
    -H "Content-Type: application/json" \
    -d '{"phone":"+79991234567","password":"password123"}'
 ```
-### Payout Operations
+---
-#### Get SBP Banks
+### `POST /api/v1/user/register`
- **Path**: `/api/v1/payout/sbp/banks`
+
- **Method**: GET
+Register a new user.
- **Request Parameters**: None
+
- **Response Parameters**:
+**Request body (JSON):**
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `tin` | string | yes | Tax identification number |
 | `phone` | string | yes | Phone number (must be unique) |
 | `password` | string | yes | Password |
 | `password_cfm` | string | yes | Password confirmation (must match `password`) |
 **Response:**
 | Status | Description |
 |--------|-------------|
 | `201 Created` | User registered successfully (no body) |
 | `400 Bad Request` | Validation error or phone already registered |
 | `500 Internal Server Error` | Password hashing failure |
 **Example:**
 ```bash
 curl -s -X POST http://localhost:8080/api/v1/user/register \
  -H "Content-Type: application/json" \
  -d '{"tin":"123456789","phone":"+79001234567","password":"secret","password_cfm":"secret"}'
 ```
 ---
 ### `POST /api/v1/user/login`
 Authenticate a user and obtain a session token.
 **Request body (JSON):**
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `phone` | string | yes | Registered phone number |
 | `password` | string | yes | Password |
 **Response (200 OK):**
 ```json
  [
 {
-        "bank_id": "string",
+  "token": "550e8400-e29b-41d4-a716-446655440000",
-        "name": "string",
+  "token_ttl": 1712000000
-        "bic": "string"
+}
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `token` | string | UUID session token to use in subsequent requests |
 | `token_ttl` | integer | Unix timestamp when the token expires |
 **Error response:**
 ```json
 {
  "status": 401,
  "message": "Unauthorized"
 }
 ```
 **Example:**
 ```bash
 curl -s -X POST http://localhost:8080/api/v1/user/login \
  -H "Content-Type: application/json" \
  -d '{"phone":"+79001234567","password":"secret"}'
 ```
 ---
 ### `GET /api/v1/payout/sbp/banks`
 Retrieve the list of banks available for SBP payouts.
 **Request parameters:** None
 **Authentication:** Not required
 **Response (200 OK):**
 ```json
 {
  "type": "sbp_banks",
  "items": [
    {
      "bank_id": "100000000111",
      "name": "Тинькофф Банк",
      "bic": "044525974"
    }
  ]
-  ```
+}
 - **Curl Example**:
  ```bash
  curl -X GET http://localhost:8080/api/v1/payout/sbp/banks
 ```
-#### Create Payout
+**Example:**
 - **Path**: `/api/v1/payout/create`
 - **Method**: POST
 - **Request Parameters: SBP**:
  ```json
  {
    "payout_type": "spb",
    "bank_id": "string",
    "amount": "float"
  }
  ```
 > **_NOTE:_**
 > Phone number for SBP payout comes from user's profile
 - **Request Parameters: YooMoney**:
  ```json
  {
    "payout_type": "yoo_money",
    "account_number": "string",
    "amount": "float"
  }
  ```
 - **Response Parameters**:
  ```json
  {
    "payout_id": "string",
    "payout_status": "string"
  }
  ```
 - **Curl Example**:
 ```bash
-  curl -X POST http://localhost:8080/api/v1/payout/create \
+curl -s http://localhost:8080/api/v1/payout/sbp/banks
 ```
 ---
 ### `POST /api/v1/payout/create`
 Create a payout. The `payout_type` determines which additional fields are required.
 **Request headers:**
 | Header | Required | Description |
 |--------|----------|-------------|
 | `Authorization` | yes | `Bearer {token}` — session token from login |
 | `Content-Type` | yes | `application/json` |
 **Request body (JSON):**
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `payout_type` | string | yes | One of: `spb`, `yoo_money`, `bank_card`, `widget` |
 | `amount` | float | yes | Payout amount in rubles |
 | `payout_token` | string | for `widget` | Token received from the YooKassa widget `success_callback` |
 | `account_number` | string | for `yoo_money` | YooMoney wallet number or phone |
 | `bank_id` | string | for `spb` | Bank identifier from `/api/v1/payout/sbp/banks` |
 | `card_number` | string | for `bank_card` | Card number |
 > **Note:** For `spb`, the phone number is taken from the authenticated user's profile.
 **Response (200 OK):**
 ```json
 {
  "payout_id": "po-285e5ee7-0022-5000-8000-01516a44b37d",
  "payout_status": "succeeded"
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `payout_id` | string | YooKassa payout identifier |
 | `payout_status` | string | One of: `created`, `pending`, `succeeded`, `canceled`, `failed` |
 **Error response:**
 ```json
 {
  "status": 401,
  "message": "Unauthorized"
 }
 ```
 **Example (SBP payout):**
 ```bash
 curl -s -X POST http://localhost:8080/api/v1/payout/create \
  -H "Authorization: Bearer 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
-    -H "Authorization: Bearer <session_token>" \
+  -d '{"payout_type":"spb","amount":500.00,"bank_id":"100000000111"}'
    -d '{"payout_type":"spb","bank_id":"123456","amount":10.00}'
 ```
-#### Payout Callback
+**Example (widget payout):**
 - **Path**: `/api/v1/payout/callback`
 - **Method**: POST
 - **Request Parameters**: YooKassa webhook data (JSON)
 - **Response Parameters**: None
 - **Curl Example**:
 ```bash
-  curl -X POST http://localhost:8080/api/v1/payout/callback \
+curl -s -X POST http://localhost:8080/api/v1/payout/create \
  -H "Authorization: Bearer 550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
-    -d '{"id":"payout_123456","status":"succeeded","amount":{"value":"10.00","currency":"RUB"}}'
+  -d '{"payout_type":"widget","amount":500.00,"payout_token":"pt-285e5ee7-0022-5000-8000-01516a44b37d"}'
 ```
-## Service Configuration
+---
-### Server Configuration
+### `POST /api/v1/payout/callback`
 | Property | Description | Default Value |
 |----------|-------------|---------------|
 | Server.Tls.Enabled | Enable TLS for the server | false |
 | Server.Tls.CertFile | Path to TLS certificate file | (empty) |
 | Server.Tls.KeyFile | Path to TLS key file | (empty) |
 | Server.Port | Server port | :8080 |
 | Server.WriteTimeout | Write timeout for requests | 35s |
 | Server.ReadTimeout | Read timeout for requests | 35s |
 | Server.EnablePProfEndpoints | Enable pprof debug endpoints | false |
-### Database Configuration
+Webhook endpoint for YooKassa payout status notifications. Called by YooKassa when a payout status changes.
 | Property | Description | Default Value |
 |----------|-------------|---------------|
 | Database.Type | Database type (sqlite, postgres) |  (empty) |
 | Database.Connection | Database connection string |  (empty)  |
 | Database.LogLevel | Database logging level | Info |
 | Database.TraceRequests | Enable request tracing | false |
-### YooKassa Configuration
+> **Note:** When `YooKassa.CheckAllowedCallbackAddress = true`, requests are validated against a CIDR whitelist of YooKassa IP ranges.
 | Property | Description | Default Value |
 |----------|-------------|---------------|
 | YooKassa.Test | Enable test mode | false |
 | YooKassa.ApiBaseKey | YooKassa base API key | (empty) |
 | YooKassa.ApiBaseSecret | YooKassa base API secret | (empty) |
 | YooKassa.ApiPayoutKey | YooKassa payout API key | (empty) |
 | YooKassa.ApiPayoutSecret | YooKassa payout API secret | (empty) |
 | YooKassa.BaseUrl | YooKassa API base URL | https://api.yookassa.ru/v3 |
 | YooKassa.Timeout | Request timeout | 2s |
 | YooKassa.CheckAllowedCallbackAddress | Check callback IP addresses | true |
 | YooKassa.AllowedCallbackSubnets | Allowed callback IP subnets | (list of allowed subnets) |
 | YooKassa.CallbackProcessTimeout | Delay to process YooKassa allback | 1s |
 | YooKassa.Retry.Enabled | Enable request retries | false |
 | YooKassa.Retry.Count | Number of retry attempts | 3 |
 | YooKassa.Retry.WaitTime | Initial wait time between retries | 200ms |
 | YooKassa.Retry.MaxWaitTime | Maximum wait time between retries | 5s |
-### Cache Configuration
+**Request body (JSON, sent by YooKassa):**
 | Property | Description | Default Value |
 |----------|-------------|---------------|
 | Cache.TTL | Session TTL | 24h |
-### Logging Configuration
+```json
-| Property | Description | Default Value |
+{
-|----------|-------------|---------------|
+  "id": "po-285e5ee7-0022-5000-8000-01516a44b37d",
-| Log.Level | Log level | DEBUG |
+  "status": "succeeded",
-| Log.FilePath | | ./logs/payouts.log
+  "amount": {
-| Log.TextOutput | | false
+    "value": "500.00",
-| Log.StdoutEnabled | | true
+    "currency": "RUB"
-| Log.FileEnabled | | false
+  },
  "payout_destination": {
    "type": "bank_card",
    "card": {
      "number": "220000******0001",
      "first6": "220000",
      "last4": "0001",
      "card_type": "MIR",
      "issuer_country": "RU",
      "issuer_name": "Sberbank"
    }
  },
  "description": "Payout description",
  "created_at": "2024-01-01T12:00:00.000Z",
  "succeeded_at": "2024-01-01T12:00:05.000Z",
  "test": false
 }
 ```
 **Response:** `200 OK` (processing is asynchronous)
 **Example:**
 ```bash
 curl -s -X POST http://localhost:8080/api/v1/payout/callback \
  -H "Content-Type: application/json" \
  -d '{"id":"po-285e5ee7-0022-5000-8000-01516a44b37d","status":"succeeded","amount":{"value":"500.00","currency":"RUB"}}'
 ```
 ---
 ## Payout Widget: `/payout/widget`
 `GET /payout/widget` serves an HTML page that embeds the [YooKassa Payout Widget](https://yookassa.ru/developers/payouts/making-payouts/bank-card/using-payout-widget/implementing-widget). The widget collects card details from the user and returns a one-time `payout_token` that must be passed to `/api/v1/payout/create`.
 ### Mobile App Integration
 The widget page is designed to be loaded inside a **WebView** on Android or iOS. The widget communicates back to the native app via JavaScript bridge callbacks.
 #### Widget Callbacks
 The widget fires two callbacks:
 **`success_callback(data)`** — called when the user successfully submits card details. The `data` object contains the `payout_token` and card metadata. See [YooKassa widget output parameters](https://yookassa.ru/developers/payouts/making-payouts/bank-card/using-payout-widget/implementing-widget#reference-output-parameters).
 **`error_callback(error)`** — called when an error occurs in the widget. See [error output parameters](https://yookassa.ru/developers/payouts/making-payouts/bank-card/using-payout-widget/implementing-widget#reference-output-parameters-error).
 #### Android
 Expose a JavaScript interface named `AndroidCallback` on the WebView:
 ```kotlin
 class AndroidBridge {
    @JavascriptInterface
    fun onWidgetData(dataJson: String) {
        val data = JSONObject(dataJson)
        val payoutToken = data.getString("payout_token")
        // Call /api/v1/payout/create with payout_type "widget"
        createPayout(payoutToken = payoutToken, amount = 500.0)
    }
    @JavascriptInterface
    fun onWidgetError(errorJson: String) {
        // Handle widget error
    }
 }
 webView.addJavascriptInterface(AndroidBridge(), "AndroidCallback")
 ```
 #### iOS (WKWebView)
 Add a `WKScriptMessageHandler` named `iosCallback`:
 ```swift
 class WidgetMessageHandler: NSObject, WKScriptMessageHandler {
    func userContentController(
        _ userContentController: WKUserContentController,
        didReceive message: WKScriptMessage
    ) {
        guard let body = message.body as? String,
              let data = body.data(using: .utf8),
              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any]
        else { return }
        if message.name == "onWidgetData" {
            let payoutToken = json["payout_token"] as? String ?? ""
            // Call /api/v1/payout/create with payout_type "widget"
            createPayout(payoutToken: payoutToken, amount: 500.0)
        } else if message.name == "onWidgetError" {
            // Handle widget error
        }
    }
 }
 let contentController = WKUserContentController()
 let handler = WidgetMessageHandler()
 contentController.add(handler, name: "onWidgetData")
 contentController.add(handler, name: "onWidgetError")
 ```
 #### Payout Flow After Widget Callback
 When `onWidgetData` fires, call `/api/v1/payout/create` with `payout_type = "widget"` and the received `payout_token`:
 ```bash
 curl -s -X POST https://your-service/api/v1/payout/create \
  -H "Authorization: Bearer {session_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "payout_type": "widget",
    "amount": 500.00,
    "payout_token": "{payout_token_from_widget}"
  }'
 ```
 ---
 ## Configuration
 Configuration is loaded from a `.properties` file (default: `config/payouts.properties`).
 ### YooKassa
 | Property | Default | Description |
 |----------|---------|-------------|
 | `YooKassa.BaseUrl` | `https://api.yookassa.ru/v3` | YooKassa API base URL |
 | `YooKassa.Timeout` | `2s` | HTTP request timeout |
 | `YooKassa.Test` | `false` | Enable test mode |
 | `YooKassa.ApiBaseKey` | — | Base API key (used for SBP bank list) |
 | `YooKassa.ApiBaseSecret` | — | Base API secret |
 | `YooKassa.ApiPayoutKey` | — | Payouts API key (gateway account ID; also used as `account_id` in the widget) |
 | `YooKassa.ApiPayoutSecret` | — | Payouts API secret |
 | `YooKassa.Retry.Enabled` | `false` | Enable automatic request retries |
 | `YooKassa.Retry.Count` | `3` | Total attempt count (including the initial request) |
 | `YooKassa.Retry.WaitTime` | `200ms` | Initial delay between retries |
 | `YooKassa.Retry.MaxWaitTime` | `5s` | Maximum delay (exponential backoff cap) |
 | `YooKassa.CheckAllowedCallbackAddress` | `true` | Validate callback source IP against whitelist |
 | `YooKassa.AllowedCallbackSubnets` | YooKassa IP ranges | Comma-separated CIDR subnets allowed to send callbacks |
 | `YooKassa.CallbackProcessTimeout` | `1s` | Timeout for async callback processing |
 | `YooKassa.WidgetVersion` | `3.1.0` | YooKassa widget JS version loaded on `/payout/widget` |
 ### Database
 | Property | Default | Description |
 |----------|---------|-------------|
 | `Database.Type` | — | Database driver: `sqlite` or `postgres` |
 | `Database.Connection` | — | Connection string. SQLite: `payouts.db`. PostgreSQL: `host=127.0.0.1 user=gorm password=gorm dbname=gorm port=5432 sslmode=disable` |
 | `Database.LogLevel` | `Info` | GORM log level: `Debug`, `Info`, `Warn`, `Error` |
 | `Database.TraceRequests` | `false` | Log all SQL queries |
 ### Session Cache
 | Property | Default | Description |
 |----------|---------|-------------|
 | `Cache.TTL` | `24h` | Session token time-to-live (Go duration string) |
 ### Server
 | Property | Default | Description |
 |----------|---------|-------------|
 | `Server.Port` | `:8080` | Listening address and port |
 | `Server.WriteTimeout` | `35s` | Response write timeout |
 | `Server.ReadTimeout` | `35s` | Request read timeout |
 | `Server.EnablePProfEndpoints` | `false` | Expose `/debug/pprof` endpoints |
 | `Server.Tls.Enabled` | `false` | Enable TLS |
 | `Server.Tls.CertFile` | — | Path to TLS certificate file |
 | `Server.Tls.KeyFile` | — | Path to TLS private key file |
 ### Logging
 | Property | Default | Description |
 |----------|---------|-------------|
 | `Log.Level` | `DEBUG` | Log level: `DEBUG`, `INFO`, `WARN`, `ERROR` |
 | `Log.FilePath` | `./logs/payouts.log` | Log file path |
 | `Log.TextOutput` | `false` | Use plain text output instead of JSON |
 | `Log.StdoutEnabled` | `true` | Write logs to stdout |
 | `Log.FileEnabled` | `false` | Write logs to file |