├── .gitignore
├── images
    ├── demo.png
    ├── duitnow-logo.png
    ├── duitnow-values.png
    └── massage-chair.jpeg
├── .env.example
├── package.json
├── readme.md
├── index.html
└── app.js


/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules/
2 | .env
3 | .DS_Store
4 | package-lock.json


--------------------------------------------------------------------------------
/images/demo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natsu90/duitnowqr-razer/HEAD/images/demo.png


--------------------------------------------------------------------------------
/images/duitnow-logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natsu90/duitnowqr-razer/HEAD/images/duitnow-logo.png


--------------------------------------------------------------------------------
/images/duitnow-values.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natsu90/duitnowqr-razer/HEAD/images/duitnow-values.png


--------------------------------------------------------------------------------
/images/massage-chair.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/natsu90/duitnowqr-razer/HEAD/images/massage-chair.jpeg


--------------------------------------------------------------------------------
/.env.example:
--------------------------------------------------------------------------------
1 | 
2 | DUITNOW_VENDOR=890087
3 | DUITNOW_ACCOUNT=
4 | DUITNOW_MERCHANT_CATEGORY=7372
5 | DUITNOW_MERCHANT_NAME="DUITNOW.SS.MY" # to display in bank statement
6 | DUITNOW_REF82=
7 | 
8 | RAZER_SECRET_KEY=


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "duitnowqr-razer",
 3 |   "version": "1.0.0",
 4 |   "description": "DuitNow QR Realtime Notification Demo",
 5 |   "main": "app.js",
 6 |   "scripts": {
 7 |     "start": "node app.js"
 8 |   },
 9 |   "author": "Sulaiman Sudirman",
10 |   "license": "MIT",
11 |   "dependencies": {
12 |     "dotenv": "^16.3.1",
13 |     "duitnow-js": "gist:f45dc88b38a037325ad9095163b82b42",
14 |     "easyqrcodejs-nodejs": "^4.4.5",
15 |     "ejs": "^3.1.9",
16 |     "express": "^4.18.2",
17 |     "express-formidable": "^1.2.0"
18 |   }
19 | }
20 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | 
 2 | ## DuitNow QR Realtime Notification Demo
 3 | 
 4 | Proof of concept of Gintell Rest N Go massage chair transaction using DuitNow QR
 5 | 
 6 | ![Massage Chair](/images/massage-chair.jpeg "Massage Chair")
 7 | 
 8 | ### Demo
 9 | 
10 | [http://duitnow.ss.my](http://duitnow.ss.my)
11 | 
12 | ![Demo](/images/demo.png "Demo")
13 | 
14 | 1. A unique order ID is assigned to the webpage each time it is loaded.
15 | 
16 | 2. A DuitNow QR code is dynamically generated with the order ID imprinted.
17 | 
18 | 3. The IPN webhook will try to catch any DuitNow payment that matched the order ID.
19 | 
20 | 4. If there is any payment with the matched order ID, the webhook will pass a necesary message and trigger a popup to the opened webpage earlier.
21 | 
22 | ### Prerequisites
23 | 
24 | 1. SSM Company Registration Number
25 | 2. [Razer Merchant Account](https://booster.merchant.razer.com)
26 | 
27 | ### Installation
28 | 
29 | 1. `npm install`
30 | 
31 | 2. `cp .env.example .env`
32 | 
33 | 3. Fill up `.env`
34 | 
35 | ```
36 | DUITNOW_ACCOUNT=
37 | DUITNOW_REF82=
38 | RAZER_SECRET_KEY=
39 | ```
40 | 
41 | 4. `npm run start`
42 | 
43 | 5. Set Notification URL to `http://your-app-url/ipn`, and tick Enable Instant Payment Notification (IPN) checkbox in [Razer Merchant Portal](https://portal.merchant.razer.com) in Transactions > Settings
44 | 
45 | ### Getting DUITNOW_ACCOUNT & DUITNOW_REF82 value
46 | 
47 | 1. Login to [Razer Merchant Portal](https://portal.merchant.razer.com)
48 | 
49 | 2. Go to Payment Link > Generate Static QR-Code
50 | 
51 | 3. Fill up Channel (DuitNow QR Offline), Currency (MYR), & Order ID / Item ID (any value does not matter but keep it in mind), then click Generate Preview
52 | 
53 | 4. Scan the generated QR code with a QR reader app
54 | 
55 | 5. Paste the QR string into a notepad
56 | 
57 | 6. Grab `DUITNOW_ACCOUNT` value between `0014A000000615000101068900870228` and `5204737253034585802MY` (in my case it is `0000000000000000000000091507`)
58 | 
59 | 7. Grab `DUITNOW_REF82` value between your Order ID / Item ID value earlier + `8232` and last 8 characters (in my case it is `47FCECA2796DDB8C0D63753C1131BD85`)
60 | 
61 | ![DuitNow Values](/images/duitnow-values.png "DuitNow Values")
62 | 
63 | ### Limitations
64 | 
65 | 1. Money is not credited directly to bank account
66 | 
67 | 2. Minimum RM100 settlement
68 | 
69 | 3. Transaction fee 0.85%
70 | 
71 | 4. Annual fee RM99/year, waived 1st year
72 | 
73 | ### License
74 | 
75 | Licensed under the [MIT license](http://opensource.org/licenses/MIT)
76 | 
77 | 
78 | 


--------------------------------------------------------------------------------
/index.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 |     <head>
 3 |         <title>DuitNow QR Realtime Notification Demo</title>
 4 |         <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/awesome-notifications/3.1.0/style.min.css" integrity="sha512-OFAsS5R1Fx+HUK9/h/ChqnFDrJGI0Y7nO05gg9E+Mv1UAzvAMvQdtOuPLhgPgDPHOgKWBvbovxT3eQSCr5hlLw==" crossorigin="anonymous" referrerpolicy="no-referrer" />
 5 |         <style>
 6 |             .center-screen {
 7 |                 display: flex;
 8 |                 justify-content: center;
 9 |                 align-items: center;
10 |                 text-align: center;
11 |                 min-height: 90vh;
12 |             }
13 |         </style>
14 |     </head>
15 |     <body>
16 |         <a href="https://github.com/natsu90/duitnowqr-razer" class="github-corner" aria-label="View source on GitHub"><svg width="80" height="80" viewBox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
17 |         
18 |         <div class="center-screen">
19 |             <div>
20 |                 <p><img src="/qr/<%= refid %>" /></p>
21 |                 <p>Order ID: <%= refid %></p>
22 |             </div>
23 |         </div>
24 |         <script src="https://cdnjs.cloudflare.com/ajax/libs/awesome-notifications/3.1.0/index.var.min.js" integrity="sha512-gS8jKzzlhaUACXtBbUmj9/ITyZEAMM5TNwcL2Y226Xh6J/xH8mYzm6C/tHFkRVbi+tV1uyW7pIMSTehhBt6sBg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
25 |         <script type="text/javascript">
26 | 
27 |             // Somehow does not work on cloud
28 |             // const events = new EventSource("/sse/<%= refid %>");
29 | 
30 |             // events.onmessage = (event) => {
31 |             //     const message = event.data;
32 |             //     new AWN().modal(message)
33 |             // };
34 | 
35 |             // Short Polling, alternative to SSE
36 |             const interval = 1000
37 |             const polling = () => {
38 | 
39 |                 fetch('/poll/<%= refid %>').then(async (res) => {
40 |                     message = await res.text()
41 |                     if (message) new AWN().modal(message)
42 |                     setTimeout(polling(), interval)
43 |                 })
44 |             }
45 |             setTimeout(polling(), interval)
46 | 
47 |           </script>
48 |     </body>
49 | </html>


--------------------------------------------------------------------------------
/app.js:
--------------------------------------------------------------------------------
  1 | 
  2 | require('dotenv').config()
  3 | 
  4 | const express = require('express')
  5 | const formidable = require('express-formidable')
  6 | const { generateDuitNowStr } = require('duitnow-js')
  7 | const { randomUUID, createHash } = require('crypto')
  8 | const QRCode = require('easyqrcodejs-nodejs')
  9 | 
 10 | const app = express()
 11 | const port = 3001
 12 | let clients = [];
 13 | 
 14 | app.use(formidable())
 15 | app.engine('html', require('ejs').renderFile)
 16 | app.disable('view cache')
 17 | 
 18 | // Home page
 19 | app.get('/', (req, res) => {
 20 | 
 21 |     const refid = randomUUID()
 22 | 
 23 |     newClient = {
 24 |       id: refid
 25 |     }
 26 |     clients.push(newClient)
 27 | 
 28 |     res.render(__dirname + '/index.html', {refid: refid})
 29 | })
 30 | 
 31 | // DuitNow QR Image
 32 | app.get('/qr/:refid', async (req, res) => {
 33 | 
 34 |   const refid = req.params.refid
 35 |   const qrString = generateDuitNowStr({
 36 |     app: process.env.DUITNOW_VENDOR,
 37 |     account: process.env.DUITNOW_ACCOUNT,
 38 |     category: process.env.DUITNOW_MERCHANT_CATEGORY,
 39 |     ref5: refid,
 40 |     ref6: process.env.DUITNOW_MERCHANT_NAME, // display in Razer report in Bill Name column
 41 |     ref82: process.env.DUITNOW_REF82,
 42 |     name: process.env.DUITNOW_MERCHANT_NAME // display in Bank statement
 43 |   })
 44 |   
 45 |   const qrCode = new QRCode({
 46 |     text: qrString,
 47 |     width: 512,
 48 |     height: 512,
 49 |     colorDark : '#FF076Aff',
 50 |     colorLight : '#FFFFFF',
 51 |     correctLevel : QRCode.CorrectLevel.H,
 52 |     quietZone: 12,
 53 |     quietZoneColor: '#FFFFFF',
 54 |     logo: './images/duitnow-logo.png',
 55 |     logoWidth: 69,
 56 |     logoHeight: 75,
 57 |     logoBackgroundColor: '#FFFFFF'
 58 |   })
 59 | 
 60 |   qrCode.toDataURL().then((base64data) => {
 61 |     base64data = base64data.replace(/^data:image\/png;base64,/, '')
 62 |     img = Buffer.from(base64data, 'base64')
 63 |     res.writeHead(200, {
 64 |       'Content-Type': 'image/png',
 65 |       'Content-Length': img.length
 66 |     });
 67 |     res.end(img)
 68 |   })
 69 | })
 70 | 
 71 | // Server-Sent Events
 72 | app.get('/sse/:refid', (req, res) => {
 73 |   const refid = req.params.refid
 74 | 
 75 |   console.log(`${refid} Connection opened`)
 76 | 
 77 |   const headers = {
 78 |     'Content-Type': 'text/event-stream',
 79 |     'Connection': 'keep-alive',
 80 |     'Cache-Control': 'no-cache',
 81 |     'X-Accel-Buffering': 'no'
 82 |   }
 83 |   res.writeHead(200, headers)
 84 | 
 85 |   const data = `id: ${refid}\n\n`;
 86 |   res.write(data);
 87 | 
 88 |   // save Response object to use later
 89 |   const clientIndex = clients.findIndex(client => client.id == refid)
 90 |   if (clientIndex >= 0)
 91 |     clients[clientIndex].response = res
 92 | 
 93 |   req.on('close', () => {
 94 |     console.log(`${refid} Connection closed`)
 95 |     
 96 |     clients = clients.filter(client => client.id !== refid)
 97 |   })
 98 | })
 99 | 
100 | // Short Polling // because SSE does not work on cloud
101 | app.get('/poll/:refid', (req, res) => {
102 | 
103 |   let message = ''
104 |   const refid = req.params.refid
105 |   const clientIndex = clients.findIndex(client => client.id == refid)
106 | 
107 |   if (clientIndex >= 0 && clients[clientIndex].hasOwnProperty('message')) {
108 |     message = clients[clientIndex].message
109 |     clients[clientIndex].message = ''
110 |   }
111 | 
112 |   res.send(message)
113 | })
114 | 
115 | // Razer Callback URL
116 | app.post('/ipn', (req, res) => {
117 | 
118 |   console.log(req.fields)
119 | 
120 |   // validate signature
121 |   const preSkey = createHash('md5').update(req.fields.tranID + req.fields.orderid + req.fields.status + req.fields.domain + req.fields.amount + req.fields.currency).digest('hex')
122 |   const sKey = createHash('md5').update(req.fields.paydate + req.fields.domain + preSkey + req.fields.appcode + process.env.RAZER_SECRET_KEY).digest('hex')
123 | 
124 |   if (sKey !== req.fields.skey)
125 |     return res.status(400).send('Bad Request')
126 | 
127 |   const refid = req.fields.orderid
128 |   const clientIndex = clients.findIndex(client => client.id == refid)
129 |   if (clientIndex < 0) return res.send('OK')
130 | 
131 |   // build notification message
132 |   let message;
133 |   if (req.fields.error_desc) {
134 |     message = req.fields.error_desc
135 |   } else {
136 |     extraFields = JSON.parse(req.fields.extraP)
137 |     message = 'Received '+ req.fields.currency + req.fields.amount + ' via ' + extraFields.bank_issuer
138 |   }
139 | 
140 |   // push message to SSE client
141 |   if (clients[clientIndex].hasOwnProperty('response'))
142 |     clients[clientIndex].response.write(`data: ${message}\n\n`)
143 |   // push message to Short Polling
144 |   clients[clientIndex].message = message
145 |   
146 |   res.send('OK')
147 | })
148 | 
149 | // Start server
150 | app.listen(port, () => {
151 |   console.log(`App listening on port ${port}`)
152 | })


--------------------------------------------------------------------------------