import { createHash } from "crypto"; const XORPAY_AID = process.env.XORPAY_AID || "8220"; const XORPAY_SECRET = process.env.XORPAY_SECRET || "afcacd99570945f88de62624aaa3578e"; const XORPAY_QUERY_URL = process.env.XORPAY_QUERY_URL || "https://xorpay.com/api/query2"; export async function queryXorPayOrderStatus( orderId: string, timeoutMs = 5000 ): Promise<{ paid: boolean; status?: string; error?: string; url: string } | null> { const normalizedOrderId = orderId.trim(); if (!normalizedOrderId || !XORPAY_AID || !XORPAY_SECRET) { return null; } const sign = createHash("md5") .update(`${normalizedOrderId}${XORPAY_SECRET}`, "utf8") .digest("hex") .toLowerCase(); const url = new URL( `${XORPAY_QUERY_URL.replace(/\/$/, "")}/${encodeURIComponent(XORPAY_AID)}` ); url.searchParams.set("order_id", normalizedOrderId); url.searchParams.set("sign", sign); try { const res = await fetch(url.toString(), { cache: "no-store", signal: AbortSignal.timeout(timeoutMs), }); const data = await res.json().catch(() => ({})); const status = String(data?.status || "").trim().toLowerCase(); return { paid: res.ok && (status === "payed" || status === "success"), status, url: url.toString(), error: res.ok ? undefined : `status=${res.status}`, }; } catch (error) { return { paid: false, url: url.toString(), error: error instanceof Error ? error.message : String(error), }; } }