payflow 0.1.0

data/lib/payflow/providers/asaas/provider.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require_relative "customer"
+require_relative "subscription"
+require_relative "webhook"
+
+module Payflow
+  module Providers
+    module Asaas
+      class Provider < Base
+        def initialize
+          super(provider_name: :asaas)
+        end
+
+        def create_customer(attrs)
+          Customer.new(self).create(attrs)
+        end
+
+        def create_subscription(customer_id:, plan_id:, **options)
+          Subscription.new(self).create(customer_id: customer_id, plan_id: plan_id, **options)
+        end
+
+        def cancel_subscription(provider_subscription_id)
+          Subscription.new(self).cancel(provider_subscription_id)
+        end
+
+        def list_invoices(provider_subscription_id:)
+          []
+        end
+
+        def verify_webhook_signature(payload:, headers:)
+          Webhook.new(self).verify_signature(payload: payload, headers: headers)
+        end
+
+        def parse_webhook(payload:, headers: {})
+          Webhook.new(self).parse(payload: payload, headers: headers)
+        end
+      end
+    end
+  end
+end

data/lib/payflow/providers/asaas/subscription.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Providers
+    module Asaas
+      class Subscription
+        BASE_URL = "https://api.asaas.com/v3"
+
+        def initialize(client)
+          @client = client
+        end
+
+        def create(customer_id:, plan_id:, **)
+          response = http_client.post("/subscriptions") do |req|
+            req.body = {
+              customer: customer_id,
+              billingType: "CREDIT_CARD",
+              value: plan_value(plan_id),
+              cycle: "MONTHLY",
+              description: "Plan #{plan_id}"
+            }.to_json
+          end
+
+          data = JSON.parse(response.body)
+          { id: data["id"], provider: :asaas, status: "active" }
+        end
+
+        def cancel(provider_subscription_id)
+          http_client.delete("/subscriptions/#{provider_subscription_id}")
+          { id: provider_subscription_id, provider: :asaas, status: "cancelled" }
+        end
+
+        private
+
+        def http_client
+          @http_client ||= Faraday.new(url: BASE_URL) do |f|
+            f.request :json
+            f.response :raise_error
+            f.headers["access_token"] = @client.send(:credentials)[:api_key]
+            f.headers["Content-Type"] = "application/json"
+          end
+        end
+
+        def plan_value(plan)
+          { "basic" => 29.90, "premium" => 99.90 }[plan.to_s] || 49.90
+        end
+      end
+    end
+  end
+end

data/lib/payflow/providers/asaas/webhook.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Providers
+    module Asaas
+      class Webhook
+        ASAAS_TOKEN_HEADER = "asaas-access-token"
+
+        def initialize(client)
+          @client = client
+        end
+
+        def verify_signature(payload:, headers:)
+          token = headers[ASAAS_TOKEN_HEADER] || headers[ASAAS_TOKEN_HEADER.upcase]
+          expected = @client.send(:credentials)[:webhook_token]
+          return false if expected.blank? || token.blank?
+          ActiveSupport::SecurityUtils.secure_compare(expected.to_s, token.to_s)
+        end
+
+        def parse(payload:, headers: {})
+          body = payload.is_a?(String) ? JSON.parse(payload) : payload
+          {
+            idempotency_key: body["id"] || body.dig("payment", "id"),
+            event_type: map_event_type(body["event"]),
+            provider: :asaas,
+            data: body
+          }
+        end
+
+        private
+
+        def map_event_type(asaas_event)
+          case asaas_event
+          when "PAYMENT_RECEIVED" then Payflow::Events::INVOICE_PAID
+          when "SUBSCRIPTION_CREATED" then Payflow::Events::SUBSCRIPTION_CREATED
+          when "SUBSCRIPTION_DELETED" then Payflow::Events::SUBSCRIPTION_CANCELED
+          else asaas_event.to_s.downcase.tr("_", ".")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/payflow/providers/base.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Providers
+    class Base
+      attr_reader :provider_name
+
+      def initialize(provider_name:)
+        @provider_name = provider_name.to_sym
+      end
+
+      def create_customer(attrs)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def find_customer(provider_customer_id)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def create_subscription(customer_id:, plan_id:, **options)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def cancel_subscription(provider_subscription_id)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def find_subscription(provider_subscription_id)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def list_invoices(provider_subscription_id:)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def verify_webhook_signature(payload:, headers:)
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      def parse_webhook(payload:, headers: {})
+        raise NotImplementedError, "#{self.class}##{__method__}"
+      end
+
+      protected
+
+      def credentials
+        Payflow.config.provider_credentials(provider_name)
+      end
+    end
+  end
+end

data/lib/payflow/providers/stripe/provider.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require_relative "subscription"
+require_relative "webhook"
+
+module Payflow
+  module Providers
+    module Stripe
+      class Provider < Base
+        def initialize
+          super(provider_name: :stripe)
+        end
+
+        def create_customer(attrs)
+          { id: "cus_stripe_stub_#{SecureRandom.hex(4)}", provider: :stripe, email: attrs[:email], name: attrs[:name] }
+        end
+
+        def create_subscription(customer_id:, plan_id:, **options)
+          Subscription.new(self).create(customer_id: customer_id, plan_id: plan_id, **options)
+        end
+
+        def cancel_subscription(provider_subscription_id)
+          Subscription.new(self).cancel(provider_subscription_id)
+        end
+
+        def list_invoices(provider_subscription_id:)
+          []
+        end
+
+        def verify_webhook_signature(payload:, headers:)
+          Webhook.new(self).verify_signature(payload: payload, headers: headers)
+        end
+
+        def parse_webhook(payload:, headers: {})
+          Webhook.new(self).parse(payload: payload, headers: headers)
+        end
+      end
+    end
+  end
+end

data/lib/payflow/providers/stripe/subscription.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Providers
+    module Stripe
+      class Subscription
+        def initialize(client)
+          @client = client
+        end
+
+        def create(customer_id:, plan_id:, **options)
+          {
+            id: "sub_stripe_stub_#{SecureRandom.hex(4)}",
+            provider: :stripe,
+            customer_id: customer_id,
+            plan_id: plan_id,
+            status: "active",
+            current_period_end: options[:current_period_end]
+          }
+        end
+
+        def cancel(provider_subscription_id)
+          { id: provider_subscription_id, provider: :stripe, status: "canceled" }
+        end
+      end
+    end
+  end
+end

data/lib/payflow/providers/stripe/webhook.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Providers
+    module Stripe
+      class Webhook
+        def initialize(client)
+          @client = client
+        end
+
+        def verify_signature(payload:, headers:)
+          Payflow::Webhooks::SignatureVerifier.verify_stripe(
+            payload: payload,
+            signature_header: headers["HTTP_STRIPE_SIGNATURE"] || headers["Stripe-Signature"],
+            secret: @client.send(:credentials)[:webhook_secret]
+          )
+        end
+
+        def parse(payload:, headers: {})
+          body = payload.is_a?(String) ? JSON.parse(payload) : payload
+          {
+            idempotency_key: body["id"],
+            event_type: body["type"],
+            provider: :stripe,
+            data: body.dig("data", "object") || {}
+          }
+        end
+      end
+    end
+  end
+end

data/lib/payflow/subscription_service.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Payflow
+  class SubscriptionService
+    def initialize(billable:)
+      @billable = billable
+    end
+
+    def subscribe!(plan:, provider: Payflow.config.provider)
+      current = @billable.subscription
+      raise SubscriptionError, "Already subscribed" if current&.active?
+
+      client = Payflow.provider(provider)
+      remote = client.create_subscription(
+        customer_id: customer_id_for(@billable),
+        plan_id: plan
+      )
+
+      Subscription.create!(
+        billable: @billable,
+        plan: plan,
+        provider: provider.to_s,
+        external_id: remote[:id],
+        status: :active
+      )
+    end
+
+    def cancel!
+      subscription = @billable.subscription
+      raise SubscriptionError, "No active subscription" unless subscription
+
+      client = Payflow.provider(subscription.provider.to_sym)
+      client.cancel_subscription(subscription.external_id)
+      subscription.update!(status: :cancelled, cancelled_at: Time.current)
+      subscription
+    end
+
+    private
+
+    def customer_id_for(billable)
+      if billable.respond_to?(:payflow_provider_customer_id)
+        billable.payflow_provider_customer_id
+      else
+        "cus_#{billable.class.name.underscore}_#{billable.id}"
+      end
+    end
+  end
+end

data/lib/payflow/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Payflow
+  VERSION = "0.1.0"
+end

data/lib/payflow/webhooks/dispatcher.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Webhooks
+    class Dispatcher
+      PAYMENT_OVERDUE = "PAYMENT_OVERDUE"
+      PAYMENT_RECEIVED = "PAYMENT_RECEIVED"
+      SUBSCRIPTION_DELETED = "SUBSCRIPTION_DELETED"
+
+      def initialize(webhook_event:)
+        @webhook_event = webhook_event
+      end
+
+      def dispatch!
+        payload = @webhook_event.payload
+        event_type = payload["event"]
+
+        case event_type
+        when PAYMENT_OVERDUE
+          mark_subscription_overdue(payload)
+        when PAYMENT_RECEIVED
+          mark_subscription_active(payload)
+        when SUBSCRIPTION_DELETED
+          mark_subscription_cancelled(payload)
+        end
+      end
+
+      private
+
+      def find_subscription(payload)
+        external_id = payload.dig("payment", "subscription") || payload.dig("subscription", "id")
+        return unless external_id
+
+        Subscription.find_by(external_id: external_id)
+      end
+
+      def mark_subscription_overdue(payload)
+        find_subscription(payload)&.update!(status: :overdue)
+      end
+
+      def mark_subscription_active(payload)
+        find_subscription(payload)&.update!(status: :active)
+      end
+
+      def mark_subscription_cancelled(payload)
+        find_subscription(payload)&.update!(status: :cancelled, cancelled_at: Time.current)
+      end
+    end
+  end
+end

data/lib/payflow/webhooks/signature_verifier.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Payflow
+  module Webhooks
+    class SignatureVerifier
+      def initialize(provider:, request:)
+        @provider = provider.to_sym
+        @request = request
+      end
+
+      def valid?
+        case @provider
+        when :asaas
+          verify_asaas
+        when :stripe
+          verify_stripe
+        else
+          false
+        end
+      end
+
+      def self.verify_stripe(payload:, signature_header:, secret:)
+        return false if secret.blank? || signature_header.blank?
+
+        timestamp, signature = extract_stripe_parts(signature_header)
+        return false unless timestamp && signature
+
+        signed_payload = "#{timestamp}.#{payload}"
+        expected = OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)
+        ActiveSupport::SecurityUtils.secure_compare(expected, signature)
+      end
+
+      def self.extract_stripe_parts(header)
+        parts = header.split(",").to_h { |part| part.split("=", 2) }
+        [parts["t"], parts["v1"]]
+      end
+
+      private
+
+      def verify_asaas
+        token = @request.headers["asaas-access-token"]
+        expected = Payflow.config.asaas_webhook_token
+        return false if token.blank? || expected.blank?
+
+        ActiveSupport::SecurityUtils.secure_compare(token, expected)
+      end
+
+      def verify_stripe
+        self.class.verify_stripe(
+          payload: @request.raw_post,
+          signature_header: @request.headers["HTTP_STRIPE_SIGNATURE"] || @request.headers["Stripe-Signature"],
+          secret: Payflow.config.stripe_webhook_secret
+        )
+      end
+    end
+  end
+end

data/lib/payflow.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "rails"
+require "active_job/railtie"
+require "active_record/railtie"
+require "action_controller/railtie"
+require "faraday"
+require "sidekiq"
+
+require "payflow/version"
+require "payflow/errors"
+require "payflow/events"
+require "payflow/configuration"
+require "payflow/providers/base"
+require "payflow/providers/asaas/provider"
+require "payflow/providers/stripe/provider"
+require "payflow/provider_resolver"
+require "payflow/subscription_service"
+require "payflow/billable"
+require "payflow/webhooks/signature_verifier"
+require "payflow/webhooks/dispatcher"
+require "payflow/engine"
+
+module Payflow
+  class << self
+    def config
+      @config ||= Configuration.new
+    end
+
+    def configure
+      yield config if block_given?
+      config
+    end
+
+    def provider(name = nil)
+      ProviderResolver.for(name || config.provider)
+    end
+  end
+end

data/lib/tasks/payflow_tasks.rake

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require "payflow/version"
+
+module Payflow
+  module Tasks
+    extend Rake::DSL
+
+    namespace :payflow do
+      namespace :install do
+        desc "Copy migrations from Payflow to host application"
+        task migrations: :environment do
+          engine = Payflow::Engine
+          source = engine.root.join("db/migrate")
+          destination = Rails.root.join("db/migrate")
+
+          Dir.glob(source.join("*.rb")).each do |migration|
+            target = destination.join(File.basename(migration))
+            next if target.exist?
+
+            FileUtils.cp(migration, target)
+            puts "Copied #{File.basename(migration)}"
+          end
+        end
+      end
+    end
+  end
+end