# Phase 2 — ReqPay / RespPay Implementation: Change Summary Brief summary of the updates currently present in your working tree (branch: feature/phase2-reqpay-resppay-implementation). This document summarizes the intent, key code changes, migration artifacts, tests added, and recommended next steps for review and merge. ## Overview These changes implement/enhance the international ReqPay / RespPay and ReqChkTxn flows, improve XML handling (parsing, generation, signing), introduce storage and schema changes for ReqPay events, and add dual event logging and monitoring enhancements. Several LiveView pages and API endpoints were updated to surface the new flows. --- ## High-level impact by area - Configuration - `config/config.exs`, `config/dev.exs` - New/updated configuration keys for PSP org prefix, XML signing keys, timestamp handling (Timex toggle), and other defaults used by XML generation/parsing. - Core XML handling - `lib/da_product_app_web/upi_xml_schema.ex` - Major work: robust parsing & generation across ReqPay, RespPay, ReqChkTxn, RespChkTxn, ReqValQR and heartbeat flows. - RespPay: Now mirrors original ReqPay QR attributes (expireTs, ts, verToken) and logs critical mismatches. Uses sanitize_msg_id/txn id normalization to meet NPCI constraints. - RespChkTxn: Enforces txn id format (3-char prefix + 32 hex chars), msgId normalization (35 chars), defaults for subType/initiationMode/purpose, strong normalization/generation of txn id when missing. - Signature generation: canonicalization and RSA signing (loads private key), encodes modulus/exponent for KeyInfo. - Parsing improvements: fallback element extraction, namespace tolerant xpath extraction, Floki-based ReqHbt parsing, defensive cleaning of malformed XML (unescaped & and missing attribute spacing). - Utility helpers: generate_fixed_length_msg_id, sanitize_msg_id, generate_msg_id_like_sample, generate_deterministic_stan, extract_qr_ts_from_payload, many sanitizers & validators. - Notes: there are duplicated helper definitions (e.g., `extract_vpa_from_qr_string` appears twice) — consider deduplication in a follow-up cleanup. - Transactions & services - `lib/da_product_app/transactions/req_chk_txn.ex` - `lib/da_product_app/transactions/req_chk_txn_service.ex` - `lib/da_product_app/transactions/req_pay_event.ex` - `lib/da_product_app/transactions/req_pay_service.ex` (untracked/new) - Adds/adjusts services to create and manage ReqPay / ReqChkTxn events, improved validation paths for international flows, and ties with the updated XML generation/parsing logic. - New service file (`req_pay_service.ex`) is present in working dir (untracked) — implement and wire into transaction workflows. - Adapters / integrations - `lib/da_product_app/adapters/npci_adapter.ex` - Changes likely adjust NPCI request/response handling to accommodate new RespPay/RespChkTxn formats and signature handling. - QR validation & UI - `lib/da_product_app/qr_validation/qr_validation.ex` - `lib/da_product_app/qr_validation/services/qr_validation_service.ex` - LiveView pages (multiple `lib/da_product_app_web/live/*`) - Dual event logging support for QR validation, improvements to extraction and UI display, and updated flows for international QR and expiry handling. - Monitoring & auditing - `lib/da_product_app/monitoring.ex` - `lib/da_product_app/transaction_event_chain_service.ex` - `docs/implementation/DUAL_EVENT_LOGGING_IMPLEMENTATION.md` (modified) - Better audit trails for ReqPay/RespPay events, dual logging implementation documented and instrumented. - Migrations and DB - `priv/repo/migrations/20250927123000_make_req_pay_events_transaction_id_nullable.exs` (untracked) - `priv/repo/migrations/20250929000000_add_payload_to_req_chk_txns.exs` (untracked) - Schema changes: make req_pay_event transaction_id nullable and add payload column to req_chk_txns (to store original request payload for Resp matching & debugging). - Tests - New/modified tests present in working directory (untracked and test files listed). - `test/da_product_app/qr_validation_dual_logging_test.exs` (untracked) - Several debugging/unit scripts (e.g., `demo_req_pay_service.exs`, `simple_stan_test.exs`) for validating deterministic STAN, txn id generation and XML signing. --- ## Key implementation details (important for reviewers) - Txn ID rules (NPCI): - Enforced 35-char length: 3-char prefix + 32 hex lowercase chars. - If incoming txn id is too short, existing hex chars are reused and padded with secure random hex. - Prefix is taken from config `:psp_org_prefix` (default "MER") and sanitized. - If missing, fully generated id is produced using secure RNG (crypto.strong_rand_bytes) encoded to lowercase hex. - Message ID (msgId) - Fixed-length generation (35 chars) with deterministic behavior when input contains hex chars; fallback generator produces org prefix + random hex. - QR timestamp / expireTs - RespPay now attempts to match QR attributes from original ReqPay; missing expireTs triggers detailed error logging and a fallback generator (but logs are emitted as errors to make debugging easier). - Signature / XMLDSIG - RespPay/RespValXML flows compute SHA256 digest over a canonicalized XML string and sign with RSA private key (PEM loaded from config). - KeyInfo includes modulus/exponent Base64 encoded. - Canonicalization steps are conservative (remove inter-tag whitespace, normalize spaces). Review with Ops to ensure compatibility with NPCI signer expectations. - Parsing robustness - XPaths try attributes first, fallback to element text. - Clean-up fixes for common malformed inputs (missing spaces between attributes, unescaped ampersands). - Floki used in some parsers (ReqHbt/ack) for resilience. - Logging & security - Added many informative logs for debugging QR ts, orgTxnId mapping, msgId/msg_ts mapping, expiry calculation. - Ensure no sensitive fields (full PAN, API keys, private key material) are logged. The code reads private key from file — verify no key contents are logged anywhere. --- ## Outstanding items / recommended follow-ups - Deduplicate duplicate helper functions (e.g., `extract_vpa_from_qr_string`), remove dead code and consolidate helper responsibilities. - Add unit tests around: - txn id normalization/generation (edge lengths, invalid chars). - msgId generation with different prefix lengths. - RespPay generation ensuring QR attributes mirror request. - Signature block validity (optionally verify signature with public key in tests). - Review RSA signing: confirm private key path is correct in config and access permissions are secure. CI should avoid using production private keys. - Verify migrations in a staging DB before applying to prod. - Remove any debug prints and ensure logs don't contain PII / sensitive payloads. - Validate NPCI acceptance test suite with sample ReqPay/RespPay messages. --- ## Suggested git commit & PR description - Commit title: - feat(reqpay/resppay): implement international ReqPay/RespPay flows, robust XML parsing & signing - Commit body (short): - Add robust ReqPay/RespPay/ReqChkTxn parsing and generation - Enforce NPCI constraints for txn id and msgId; deterministic STAN generation - Add XML signing (RSA/SHA256) and improved canonicalization - DB migrations for req_pay_events and req_chk_txns payload - Dual event logging and monitoring updates - LiveView and API controller updates for new flows - Add tests and demo scripts for deterministic STAN and signing - PR description (short checklist): - [ ] All new behavior covered by unit tests - [ ] Migrations reviewed and tested on staging DB - [ ] Ops validated private key handling and config - [ ] Security review for logging and PII exposure --- ## How to run tests & quick sanity checks - Format & compile - mix format - mix deps.get - mix compile - Run tests - mix test - For focused tests: - mix test test/da_product_app/qr_validation_dual_logging_test.exs - mix test test/da_product_app/transactions/req_pay_* (if present) - Manual quick checks - Run demo script to generate RespPay/RespChkTxn and inspect XML: - elixir demo_req_pay_service.exs --- If you want, I can: - Produce a concise PR description and checklist ready to paste into GitHub. - Create the changelog file in repo and stage/commit it for you.