RubyGems - paddle_rails - Versions diffs - 0.1.0 - Mend

paddle_rails 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

data/app/assets/tailwind/application.css ADDED Viewed

	@@ -0,0 +1 @@
1	+ @import "tailwindcss";

data/app/controllers/concerns/paddle_rails/paddle_checkout_error_handler.rb ADDED Viewed

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+module PaddleRails
+  module PaddleCheckoutErrorHandler
+    extend ActiveSupport::Concern
+    included do
+      rescue_from Paddle::Errors::BadRequestError, with: :handle_paddle_bad_request_error
+      rescue_from StandardError, with: :handle_paddle_checkout_error
+    end
+    private
+    # Handles Paddle::Errors::BadRequestError with special handling for domain approval errors in development.
+    #
+    # @param error [Paddle::Errors::BadRequestError] the error to handle
+    # @return [void]
+    def handle_paddle_bad_request_error(error)
+      # Only handle errors for checkout actions
+      unless action_name == "create_checkout"
+        raise error
+      end
+      if error.message.include?("transaction_checkout_url_domain_is_not_approved") &&
+         defined?(Rails) && Rails.env.development?
+        domain = extract_domain_from_url(paddle_checkout_fallback_url)
+        error_message = build_domain_approval_error_message(domain)
+        redirect_to paddle_checkout_fallback_path, alert: error_message.html_safe
+      else
+        Rails.logger.error("PaddleRails::PaddleCheckoutErrorHandler: Error creating checkout: #{error.message}")
+        redirect_to paddle_checkout_fallback_path, alert: "Failed to create checkout. Please try again."
+      end
+    end
+    # Handles general Paddle checkout errors.
+    #
+    # @param error [Exception] the error to handle
+    # @return [void]
+    def handle_paddle_checkout_error(error)
+      # Only handle errors for checkout actions
+      unless action_name == "create_checkout"
+        raise error
+      end
+      # Check if this is actually a BadRequestError that wasn't caught (shouldn't happen, but just in case)
+      if error.is_a?(Paddle::Errors::BadRequestError)
+        handle_paddle_bad_request_error(error)
+        return
+      end
+      Rails.logger.error("PaddleRails::PaddleCheckoutErrorHandler: StandardError - #{error.class}: #{error.message}")
+      redirect_to paddle_checkout_fallback_path, alert: "Failed to create checkout. Please try again."
+    end
+    # Returns the fallback path for checkout errors. Override in controller if needed.
+    #
+    # @return [String, Symbol]
+    def paddle_checkout_fallback_path
+      onboarding_path
+    end
+    # Returns the current URL for domain extraction. Override in controller if needed.
+    #
+    # @return [String, nil]
+    def paddle_checkout_fallback_url
+      onboarding_url
+    end
+    def extract_domain_from_url(url)
+      return "localhost" unless url
+      URI.parse(url).host
+    rescue StandardError
+      "localhost"
+    end
+    def build_domain_approval_error_message(domain)
+      <<~MSG.squish
+        Your checkout_url domain (#{domain}) is not approved by Paddle.
+        For development and local testing, you can either:
+        (1) run your app behind a reverse proxy like Ngrok or Cloudflare Tunnel and add the assigned HTTPS domain,
+        or (2) use a local hostname via /etc/hosts (e.g., application.local) and add it to your Paddle "Approved Domains" settings.
+        <a href="https://sandbox-vendors.paddle.com/request-domain-approval" target="_blank" rel="noopener noreferrer" class="underline font-medium hover:text-red-900">Request domain approval</a>.
+      MSG
+    end
+  end
+end

data/app/controllers/concerns/paddle_rails/subscription_owner.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module PaddleRails
+  module SubscriptionOwner
+    extend ActiveSupport::Concern
+    def subscription_owner
+      authenticator = PaddleRails.configuration.subscription_owner_authenticator
+      return nil unless authenticator
+      instance_eval(&authenticator)
+    rescue StandardError => e
+      Rails.logger.error("PaddleRails::SubscriptionOwner: Error authenticating subscription owner: #{e.message}")
+      nil
+    end
+  end
+end

data/app/controllers/paddle_rails/application_controller.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module PaddleRails
+  class ApplicationController < ::ApplicationController
+    include SubscriptionOwner
+    before_action :ensure_subscription_owner
+    private
+    def ensure_subscription_owner
+      unless subscription_owner
+        redirect_to main_app.root_path, alert: "You must be signed in to access this page."
+        return
+      end
+      unless subscription_owner.respond_to?(:subscription?)
+        render template: "paddle_rails/shared/configuration_error", status: :internal_server_error, layout: "paddle_rails/application"
+        return
+      end
+    end
+  end
+end

data/app/controllers/paddle_rails/checkout_controller.rb ADDED Viewed

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+module PaddleRails
+  class CheckoutController < ApplicationController
+    before_action :require_transaction_id, only: [:show]
+    def show
+      # Paddle.js will automatically open the checkout when the transaction ID
+      # is passed as a query parameter. No additional logic needed.
+    end
+    # Creates a transaction to update payment method and redirects to checkout.
+    #
+    # Uses the Paddle API endpoint:
+    # GET /subscriptions/{subscription_id}/update-payment-method-transaction
+    #
+    # @see https://developer.paddle.com/api-reference/subscriptions/update-payment-method
+    def update_payment_method
+      subscription = subscription_owner.subscription
+      unless subscription
+        redirect_to root_path, alert: "No active subscription found."
+        return
+      end
+      begin
+        # Call Paddle API to get a transaction for updating payment method
+        # This returns a transaction with a checkout URL
+        # https://developer.paddle.com/api-reference/subscriptions/update-payment-method
+        response = Paddle::Subscription.get_transaction(
+          id: subscription.paddle_subscription_id
+        )
+        checkout_url = response.checkout&.url
+        unless checkout_url.present?
+          redirect_to root_path, alert: "Unable to create payment update session. Please try again."
+          return
+        end
+        # Redirect to Paddle checkout to update payment method
+        redirect_to checkout_url, allow_other_host: true
+      rescue Paddle::Error => e
+        Rails.logger.error("PaddleRails::CheckoutController: Failed to get payment update transaction: #{e.message}")
+        redirect_to root_path, alert: "Failed to update payment method. Please try again."
+      end
+    end
+    def check_status
+      transaction_id = params[:transaction_id]
+      unless transaction_id.present?
+        render json: { status: "error", message: "Transaction ID is required" }, status: :bad_request
+        return
+      end
+      # Try to find subscription locally first by checking webhook events
+      # or by querying Paddle transaction
+      subscription = find_subscription_by_transaction(transaction_id)
+      # If not found locally, proactively sync from Paddle
+      unless subscription
+        begin
+          transaction = Paddle::Transaction.retrieve(id: transaction_id)
+          # Extract subscription_id from transaction
+          subscription_id = transaction.subscription_id
+          if subscription_id.present?
+            # Sync the subscription from Paddle
+            subscription = SubscriptionSync.sync_from_paddle(subscription_id)
+          end
+        rescue => e
+          Rails.logger.error("PaddleRails::CheckoutController: Error fetching transaction #{transaction_id}: #{e.message}")
+          render json: { status: "pending", message: "Transaction not yet processed" }, status: :ok
+          return
+        end
+      end
+      # Check if subscription is active
+      if subscription&.active?
+        render json: {
+          status: "active",
+          redirect_url: paddle_rails.root_path
+        }, status: :ok
+      else
+        render json: { status: "pending", message: "Subscription is being processed" }, status: :ok
+      end
+    end
+    private
+    def require_transaction_id
+      unless params[:_ptxn].present?
+        redirect_to onboarding_path, alert: "Invalid checkout session. Please try again."
+      end
+    end
+    # Try to find a subscription by transaction ID.
+    # This checks webhook events as a fallback since we don't store transaction_id on subscriptions.
+    #
+    # @param transaction_id [String] The Paddle transaction ID
+    # @return [PaddleRails::Subscription, nil]
+    def find_subscription_by_transaction(transaction_id)
+      # Check webhook events for this transaction
+      webhook_event = WebhookEvent.where("payload->>'transaction_id' = ?", transaction_id).first
+      if webhook_event
+        payload = webhook_event.payload
+        subscription_id = payload.dig("subscription_id") || payload.dig("data", "subscription_id")
+        if subscription_id
+          return Subscription.find_by(paddle_subscription_id: subscription_id)
+        end
+      end
+      nil
+    end
+  end
+end

data/app/controllers/paddle_rails/dashboard_controller.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module PaddleRails
+  class DashboardController < ApplicationController
+    before_action :redirect_to_onboarding_if_no_subscription
+    def show
+      @subscription = SubscriptionPresenter.new(subscription_owner.subscription)
+      # Load products for change plan widget
+      products = Product.active.includes(:prices)
+      sorted_products = products.sort_by do |product|
+        product.prices.active.minimum(:unit_price) || Float::INFINITY
+      end
+      @products = sorted_products.each_with_index.map do |product, index|
+        ProductPresenter.new(product, index: index)
+      end
+      # Load payments for payment history widget
+      @payments = if subscription_owner.subscription
+                    subscription_owner.subscription.payments.completed.recent.limit(10).map do |payment|
+                      PaymentPresenter.new(payment)
+                    end
+                  else
+                    []
+                  end
+    end
+    private
+    def redirect_to_onboarding_if_no_subscription
+      return unless subscription_owner
+      unless subscription_owner.subscription?
+        redirect_to onboarding_path
+      end
+    end
+  end
+end

data/app/controllers/paddle_rails/onboarding_controller.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module PaddleRails
+  class OnboardingController < ApplicationController
+    # include PaddleCheckoutErrorHandler
+    before_action :redirect_to_dashboard_if_subscribed
+    def show
+      products = Product.active.includes(:prices)
+      # Order products by their lowest active price (cheapest first)
+      sorted_products = products.sort_by do |product|
+        product.prices.active.minimum(:unit_price) || Float::INFINITY
+      end
+      @products = sorted_products.each_with_index.map do |product, index|
+        ProductPresenter.new(product, index: index)
+      end
+    end
+    def create_checkout
+      price = Price.find_by(paddle_price_id: params[:paddle_price_id])
+      unless price&.active?
+        redirect_to onboarding_path, alert: "Invalid price selected."
+        return
+      end
+      redirect_url = PaddleRails::Checkout.url_for(
+          owner: subscription_owner,
+          paddle_price_id: price.paddle_price_id,
+        checkout_url: checkout_url
+      )
+      if redirect_url.present?
+        redirect_to redirect_url, allow_other_host: true
+      else
+        redirect_to onboarding_path, alert: "Failed to create checkout. Please try again."
+      end
+    end
+    private
+    def redirect_to_dashboard_if_subscribed
+      return unless subscription_owner
+      # Redirect to dashboard if user already has a subscription
+      if subscription_owner.respond_to?(:subscription) && subscription_owner.subscription.present?
+        redirect_to root_path
+      elsif subscription_owner.respond_to?(:subscription?) && subscription_owner.subscription?
+        redirect_to root_path
+      end
+    end
+  end
+end

data/app/controllers/paddle_rails/payments_controller.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+module PaddleRails
+  class PaymentsController < ApplicationController
+    # View invoice in browser (disposition: inline)
+    # GET /payments/:id/invoice
+    def view_invoice
+      payment = find_payment
+      return unless payment
+      redirect_to_invoice(payment, disposition: "inline")
+    end
+    # Download invoice as PDF (disposition: attachment)
+    # GET /payments/:id/download
+    def download_invoice
+      payment = find_payment
+      return unless payment
+      redirect_to_invoice(payment, disposition: "attachment")
+    end
+    private
+    def find_payment
+      payment = Payment.find_by(id: params[:id])
+      unless payment
+        redirect_to root_path, alert: "Payment not found."
+        return nil
+      end
+      # Verify the payment belongs to the current subscription owner
+      unless payment.owner == subscription_owner
+        redirect_to root_path, alert: "Access denied."
+        return nil
+      end
+      payment
+    end
+    def redirect_to_invoice(payment, disposition:)
+      unless payment.paddle_transaction_id.present?
+        redirect_to root_path, alert: "No invoice available for this payment."
+        return
+      end
+      begin
+        invoice_url = Paddle::Transaction.invoice(
+          id: payment.paddle_transaction_id,
+          disposition: disposition
+        )
+        redirect_to invoice_url, allow_other_host: true
+      rescue Paddle::Error => e
+        Rails.logger.error("PaddleRails::PaymentsController: Failed to get invoice: #{e.message}")
+        redirect_to root_path, alert: "Failed to retrieve invoice. Please try again."
+      end
+    end
+  end
+end

data/app/controllers/paddle_rails/subscriptions_controller.rb ADDED Viewed

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+module PaddleRails
+  class SubscriptionsController < ApplicationController
+    def revoke_cancellation
+      subscription = subscription_owner.subscription
+      unless subscription
+        redirect_to root_path, alert: "No active subscription found."
+        return
+      end
+      unless subscription.scheduled_for_cancellation?
+        redirect_to root_path, notice: "Subscription is not scheduled for cancellation."
+        return
+      end
+      begin
+        # Use Paddle SDK to remove the scheduled change
+        Paddle::Subscription.update(
+          id: subscription.paddle_subscription_id,
+          scheduled_change: nil
+        )
+        # Update local record immediately
+        subscription.update!(scheduled_cancelation_at: nil)
+        redirect_to root_path, notice: "Cancellation has been revoked. Your subscription will continue."
+      rescue Paddle::Error => e
+        Rails.logger.error("PaddleRails::SubscriptionsController: Failed to revoke cancellation: #{e.message}")
+        redirect_to root_path, alert: "Failed to revoke cancellation. Please try again."
+      end
+    end
+    def cancel
+      subscription = subscription_owner.subscription
+      unless subscription&.active?
+        redirect_to root_path, alert: "No active subscription found."
+        return
+      end
+      begin
+        # Schedule cancellation at end of period
+        Paddle::Subscription.cancel(
+          id: subscription.paddle_subscription_id,
+          effective_from: "next_billing_period"
+        )
+        # Update local record immediately
+        # We assume it's scheduled for next_billing_period, so we use current_period_end_at
+        subscription.update!(scheduled_cancelation_at: subscription.current_period_end_at)
+        redirect_to root_path, notice: "Subscription scheduled for cancellation on #{subscription.current_period_end_at&.strftime('%B %d, %Y')}."
+      rescue Paddle::Error => e
+        Rails.logger.error("PaddleRails::SubscriptionsController: Failed to cancel subscription: #{e.message}")
+        redirect_to root_path, alert: "Failed to cancel subscription. Please try again."
+      end
+    end
+    def change_plan
+      subscription = subscription_owner.subscription
+      price = Price.find_by(paddle_price_id: params[:paddle_price_id])
+      unless subscription
+        redirect_to root_path, alert: "No active subscription found."
+        return
+      end
+      unless price&.active?
+        redirect_to root_path, alert: "Invalid price selected."
+        return
+      end
+      begin
+        Paddle::Subscription.update(
+          id: subscription.paddle_subscription_id,
+          items: [{ price_id: price.paddle_price_id, quantity: 1 }],
+          proration_billing_mode: "prorated_immediately"
+        )
+        # Sync subscription from Paddle immediately to reflect the change
+        SubscriptionSync.sync_from_paddle(subscription.paddle_subscription_id)
+        redirect_to root_path, notice: "Plan changed successfully."
+      rescue Paddle::Error => e
+        Rails.logger.error("PaddleRails::SubscriptionsController: Failed to change plan: #{e.message}")
+        redirect_to root_path, alert: "Failed to change plan. Please try again."
+      end
+    end
+  end
+end

data/app/controllers/paddle_rails/webhooks_controller.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+module PaddleRails
+  # Controller for receiving webhook events from Paddle.
+  #
+  # This controller:
+  # - Verifies webhook signatures
+  # - Stores raw events in the database
+  # - Enqueues background jobs for processing
+  #
+  # Webhooks are processed asynchronously to ensure fast response times
+  # and allow for retry logic.
+  class WebhooksController < ActionController::API
+    # Receive and process a webhook event from Paddle.
+    #
+    # POST /paddle_rails/webhooks
+    def create
+      # Get raw body (must not be transformed for signature verification)
+      raw_body = request.raw_post
+      signature_header = request.headers["Paddle-Signature"]
+      # Verify signature
+      unless verify_signature(raw_body, signature_header)
+        Rails.logger.error("PaddleRails::WebhooksController: Invalid webhook signature")
+        head :unauthorized
+        return
+      end
+      # Parse payload
+      payload = JSON.parse(raw_body)
+      external_id = payload["event_id"]
+      event_type = payload["event_type"]
+      # Check if we've already processed this event (idempotency)
+      existing_event = WebhookEvent.find_by(external_id: external_id)
+      if existing_event
+        Rails.logger.info("PaddleRails::WebhooksController: Webhook #{external_id} already processed, skipping")
+        head :ok
+        return
+      end
+      # Create webhook event record
+      webhook_event = WebhookEvent.create!(
+        external_id: external_id,
+        event_type: event_type,
+        payload: payload,
+        status: WebhookEvent::PENDING
+      )
+      # Enqueue background job for processing
+      ProcessWebhookJob.perform_later(webhook_event.id)
+      head :ok
+    rescue JSON::ParserError => e
+      Rails.logger.error("PaddleRails::WebhooksController: Invalid JSON payload: #{e.message}")
+      head :bad_request
+    rescue StandardError => e
+      Rails.logger.error("PaddleRails::WebhooksController: Error processing webhook: #{e.message}\n#{e.backtrace.join("\n")}")
+      head :internal_server_error
+    end
+    private
+    # Verify the webhook signature.
+    #
+    # @param raw_body [String] The raw request body
+    # @param signature_header [String] The Paddle-Signature header value
+    # @return [Boolean] true if signature is valid
+    def verify_signature(raw_body, signature_header)
+      secret_key = PaddleRails.configuration.webhook_secret
+      return false if secret_key.blank?
+      verifier = WebhookVerifier.new(secret_key)
+      verifier.verify(raw_body, signature_header)
+    end
+  end
+end