dynamic environment loading

type fixes
cert/key from file
2026-03-05 23:34:57 -03:00 · 2026-01-23 14:08:06 -03:00 · 2026-01-23 13:18:35 -03:00
5 changed files with 2236 additions and 23 deletions
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,7 @@ PRIVATE_KEY=0xYOUR_PRIVATE_KEY
 CLIENT_ID=
 CLIENT_SECRET=
 DEV_APP_KEY=
+CONVENIO=701

 ITP_OAUTH_URL=https://oauth.hm.bb.com.br/oauth/token
 ITP_API_URL=https://checkout.mtls.api.bb.com.br
--- a/bbpay.ts
+++ b/bbpay.ts
@@ -1,4 +1,5 @@
-import dotenv from 'dotenv';
+import PrimusNetwork from '@primuslabs/network-core-sdk';
+import dotenv from 'dotenv-flow';
 import express, { Request, Response } from 'express';
 import cors from 'cors';
 import axios, { AxiosInstance } from 'axios';
@@ -11,6 +12,7 @@ import https from 'https';
 import http from 'http';
 import debug from 'debug';
 import axiosDebugLog from 'axios-debug-log';
+import fs from 'fs';

 // Load environment variables from .env file
 dotenv.config();
@@ -43,6 +45,7 @@ app.use(express.json());
 class BBPay {
    protected oauth: AxiosInstance;
    protected cert: string;
+    protected key: string;
    protected verifySsl: string;
    protected baseUrl: string;
    protected params: any;
@@ -56,17 +59,17 @@ class BBPay {
                secret: process.env.CLIENT_SECRET,
            },
            auth: {
-                tokenHost: process.env.ITP_OAUTH_URL, // Ensure this is set to the correct token endpoint URL
+                tokenHost: process.env.ITP_OAUTH_URL,
            },
        });

-        this.cert = 'cert.pem';
-        this.key = 'key.pem'
-        this.verifySsl = 'bb.pem';
-        this.baseUrl = process.env.ITP_API_URL;
+        this.cert = fs.readFileSync('cert.pem').toString();
+        this.key = fs.readFileSync('key.pem').toString();
+        this.verifySsl = fs.readFileSync('bb.pem').toString();
+        this.baseUrl = process.env.ITP_API_URL as string;

        this.params = {
-            numeroConvenio: 701,
+            numeroConvenio: process.env.CONVENIO,
            'gw-dev-app-key': process.env.DEV_APP_KEY,
        };

@@ -103,12 +106,12 @@ class BBPay {
    }
 }

-class Register extends BBPay {
+class BBRegister extends BBPay {
    public async post(req: Request, res: Response): Promise<void> {
        log('Registering participant...');
        const data = req.body;
        const body = {
-            numeroConvenio: 701,
+            numeroConvenio: process.env.CONVENIO,
            nomeParticipante: data.chainID,
            tipoDocumento: data.tipoDocumento,
            numeroDocumento: data.numeroDocumento,
@@ -139,13 +142,13 @@ class Register extends BBPay {
    }
 }

-class Request extends BBPay {
+class BBRequest extends BBPay {
    public async post(req: Request, res: Response): Promise<void> {
        log('Creating request...');
        const data = req.body;
        const body = {
            geral: {
-                numeroConvenio: 701,
+                numeroConvenio: process.env.CONVENIO,
                pagamentoUnico: true,
                descricaoSolicitacao: 'P2Pix',
                valorSolicitacao: data.amount,
@@ -183,7 +186,7 @@ class Request extends BBPay {
    }
 }

-class Release extends BBPay {
+class BBRelease extends BBPay {
    public async get(req: Request, res: Response): Promise<void> {
        const numeroSolicitacao = req.params.numeroSolicitacao;
        log(`Releasing request ${numeroSolicitacao}...`);
@@ -230,15 +233,15 @@ class Release extends BBPay {
                ethers.utils.hexZeroPad(pixTimestamp,32),
            ]);
            const signable = ethers.utils.keccak256(packed);
-            const wallet = new Wallet(process.env.PRIVATE_KEY);
+            const wallet = new Wallet(process.env.PRIVATE_KEY as string);
            const signature = await wallet.signMessage(signable);

            log('Request released successfully.');
            res.json({
                pixTarget: `${chainID}-${numeroParticipante}`,
                amount: valorSolicitacao.toString(),
-                pixTimestamp: `0x${pixTimestamp.toString('hex')}`,
-                signature: `0x${signature}`,
+                pixTimestamp: pixTimestamp,
+                signature: signature,
            });
        } catch (error) {
            log('Internal server error:', error);
@@ -249,7 +252,7 @@ class Release extends BBPay {

 // (CPF, nome, conta) -> participantID
 // should be called before deposit
-const register = new Register();
+const register = new BBRegister();
 app.post('/register', async (req: Request, res: Response) => {
    await register.init();
    await register.post(req, res);
@@ -257,7 +260,7 @@ app.post('/register', async (req: Request, res: Response) => {

 // (amount,pixtarget) -> requestID, QRcodeText
 // should be called after lock
-const request = new Request();
+const request = new BBRequest();
 app.post('/request', async (req: Request, res: Response) => {
    await request.init();
    await request.post(req, res);
@@ -265,7 +268,7 @@ app.post('/request', async (req: Request, res: Response) => {

 // (requestID) -> sig(pixTarget, amount, pixTimestamp)
 // should be called before release
-const release = new Release();
+const release = new BBRelease();
 app.get('/release/:numeroSolicitacao', async (req: Request, res: Response) => {
    await release.init();
    await release.get(req, res);
@@ -280,4 +283,4 @@ if (process.env.DEBUG) {
    server.listen(process.env.PORT || 5000, () => {
        log(`Server running on port ${process.env.PORT || 5000}`);
    });
-}
+}
--- a/package-lock.json
+++ b/package-lock.json
@@ -20,6 +20,9 @@
        "simple-oauth2": "^5.1.0",
        "typescript": "^5.9.3",
        "web3-utils": "^4.3.3"
+      },
+      "devDependencies": {
+        "@types/express": "^5.0.6"
      }
    },
    "node_modules/@babel/runtime": {
@@ -1051,6 +1054,17 @@
        "tslib": "^2.8.0"
      }
    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.6",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz",
+      "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
    "node_modules/@types/connect": {
      "version": "3.4.38",
      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
@@ -1069,6 +1083,38 @@
        "@types/ms": "*"
      }
    },
+    "node_modules/@types/express": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.6.tgz",
+      "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^5.0.0",
+        "@types/serve-static": "^2"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.1.1.tgz",
+      "integrity": "sha512-v4zIMr/cX7/d2BpAEX3KNKL/JrT1s43s96lLvvdTmza1oEvDudCqK9aF/djc/SWgy8Yh0h30TZx5VpzqFCxk5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*",
+        "@types/send": "*"
+      }
+    },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz",
+      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==",
+      "dev": true,
+      "license": "MIT"
+    },
    "node_modules/@types/ms": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz",
@@ -1076,11 +1122,49 @@
      "license": "MIT"
    },
    "node_modules/@types/node": {
-      "version": "12.20.55",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz",
-      "integrity": "sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==",
+      "version": "25.0.10",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.10.tgz",
+      "integrity": "sha512-zWW5KPngR/yvakJgGOmZ5vTBemDoSqF3AcV/LrO5u5wTWyEAVVh+IT39G4gtyAkh3CtTZs8aX/yRM82OfzHJRg==",
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.16.0"
+      }
+    },
+    "node_modules/@types/qs": {
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz",
+      "integrity": "sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==",
+      "dev": true,
      "license": "MIT"
    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
+      "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/send": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.1.tgz",
+      "integrity": "sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-2.2.0.tgz",
+      "integrity": "sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/http-errors": "*",
+        "@types/node": "*"
+      }
+    },
    "node_modules/@types/uuid": {
      "version": "8.3.4",
      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-8.3.4.tgz",
@@ -2255,6 +2339,12 @@
        "node": ">=8"
      }
    },
+    "node_modules/jayson/node_modules/@types/node": {
+      "version": "12.20.55",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.20.55.tgz",
+      "integrity": "sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ==",
+      "license": "MIT"
+    },
    "node_modules/jayson/node_modules/commander": {
      "version": "2.20.3",
      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
@@ -2916,6 +3006,12 @@
        "node": ">=14.17"
      }
    },
+    "node_modules/undici-types": {
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
+      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+      "license": "MIT"
+    },
    "node_modules/unpipe": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
--- a/package.json
+++ b/package.json
@@ -15,11 +15,14 @@
    "axios-debug-log": "^1.0.0",
    "bs58": "^6.0.0",
    "cors": "^2.8.5",
-    "dotenv": "^17.2.3",
+    "dotenv-flow": "^4.1.0",
    "ethers": "^5.8.0",
    "express": "^5.2.1",
    "simple-oauth2": "^5.1.0",
    "typescript": "^5.9.3",
    "web3-utils": "^4.3.3"
+  },
+  "devDependencies": {
+    "@types/express": "^5.0.6"
  }
 }
--- a/yarn.lock
+++ b/yarn.lock
Author	SHA1	Message	Date
hueso	f1759f366c	dynamic environment loading	2026-03-05 23:34:57 -03:00
hueso	fcc34a83d5	type fixes	2026-01-23 14:08:06 -03:00
hueso	0432329d41	cert/key from file	2026-01-23 13:18:35 -03:00