From d98f634f027e124fec769a6858638a2e617667c7 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Sun, 1 Feb 2026 16:59:59 +0530
Subject: [PATCH] Require paymentId for Razorpay refunds

---
 .../controller/RazorpayRefundsController.kt   | 34 ++++++++-----------
 .../controller/dto/RazorpayDtos.kt            |  1 -
 2 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayRefundsController.kt b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayRefundsController.kt
index 5d55acf..e1a0266 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayRefundsController.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/RazorpayRefundsController.kt
@@ -53,27 +53,23 @@ class RazorpayRefundsController(
         }
 
         val paymentId = request.paymentId
-        val razorpayPaymentId = request.razorpayPaymentId?.trim()?.ifBlank { null }
-        if ((paymentId == null && razorpayPaymentId == null) || (paymentId != null && razorpayPaymentId != null)) {
-            throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Provide exactly one of paymentId or razorpayPaymentId")
-        }
+            ?: throw ResponseStatusException(HttpStatus.BAD_REQUEST, "paymentId is required")
 
-        val gatewayPaymentId = if (razorpayPaymentId != null) {
-            razorpayPaymentId
-        } else {
-            val payment = paymentRepo.findById(paymentId!!).orElseThrow {
-                ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found")
+        val payment = paymentRepo.findById(paymentId).orElseThrow {
+            ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found")
+        }
+        if (payment.booking.id != bookingId || payment.property.id != propertyId) {
+            throw ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found for booking")
+        }
+        request.amount?.let {
+            if (it > payment.amount) {
+                throw ResponseStatusException(HttpStatus.BAD_REQUEST, "amount must be <= payment amount")
             }
-            if (payment.booking.id != bookingId || payment.property.id != propertyId) {
-                throw ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found for booking")
-            }
-            request.amount?.let {
-                if (it > payment.amount) {
-                    throw ResponseStatusException(HttpStatus.BAD_REQUEST, "amount must be <= payment amount")
-                }
-            }
-            payment.gatewayPaymentId
-                ?: throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Payment is missing gateway id")
+        }
+        val gatewayPaymentId = payment.gatewayPaymentId
+            ?: throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Payment is missing gateway id")
+        if (!gatewayPaymentId.startsWith("pay_")) {
+            throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Payment is not a Razorpay payment")
         }
 
         val settings = settingsRepo.findByPropertyId(propertyId)
diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/dto/RazorpayDtos.kt b/src/main/kotlin/com/android/trisolarisserver/controller/dto/RazorpayDtos.kt
index 8583916..e63c3d3 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/dto/RazorpayDtos.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/dto/RazorpayDtos.kt
@@ -109,7 +109,6 @@ data class RazorpayPaymentRequestCloseResponse(
 
 data class RazorpayRefundRequest(
     val paymentId: UUID? = null,
-    val razorpayPaymentId: String? = null,
     val amount: Long? = null,
     val notes: String? = null
 )