@deiondz/better-auth-razorpay 1.0.0

package/api/subscribe.ts

@@ -0,0 +1,188 @@
+import { createAuthEndpoint, sessionMiddleware } from 'better-auth/api'
+import type Razorpay from 'razorpay'
+import {
+  handleRazorpayError,
+  subscribeSchema,
+  type RazorpaySubscription,
+  type RazorpayUserRecord,
+} from '../lib'
+
+/**
+ * Creates a new subscription for the authenticated user.
+ *
+ * @param razorpay - The Razorpay instance initialized with API credentials
+ * @param plans - Array of valid plan IDs from Razorpay dashboard configuration
+ * @returns A Better Auth endpoint handler
+ *
+ * @remarks
+ * This endpoint:
+ * - Requires user authentication via session
+ * - Validates the plan ID against configured plans
+ * - Prevents duplicate active subscriptions
+ * - Creates subscription via Razorpay API
+ * - Stores subscription record in database
+ * - Updates user record with subscription information
+ *
+ * @example
+ * Request body:
+ * ```json
+ * {
+ *   "plan_id": "plan_1234567890",
+ *   "total_count": 12,
+ *   "quantity": 1,
+ *   "customer_notify": true
+ * }
+ * ```
+ */
+export const subscribe = (razorpay: Razorpay, plans: string[]) =>
+  createAuthEndpoint(
+    '/razorpay/subscribe',
+    { method: 'POST', use: [sessionMiddleware] },
+    async (_ctx) => {
+      try {
+        // Validate input using Zod schema
+        const validatedInput = subscribeSchema.parse(_ctx.body)
+
+        // Check if plan ID exists in configured plans array
+        if (!plans.includes(validatedInput.plan_id)) {
+          return {
+            success: false,
+            error: {
+              code: 'PLAN_NOT_FOUND',
+              description: 'Plan not found in configured plans',
+            },
+          }
+        }
+
+        // Get user ID from session
+        const userId = _ctx.context.session?.user?.id
+
+        if (!userId) {
+          return {
+            success: false,
+            error: {
+              code: 'UNAUTHORIZED',
+              description: 'User not authenticated',
+            },
+          }
+        }
+
+        // Check if user already has an active subscription
+        const user = (await _ctx.context.adapter.findOne({
+          model: 'user',
+          where: [{ field: 'id', value: userId }],
+        })) as RazorpayUserRecord | null
+
+        if (!user) {
+          return {
+            success: false,
+            error: {
+              code: 'USER_NOT_FOUND',
+              description: 'User not found',
+            },
+          }
+        }
+
+        const existingSubscriptionId = user.subscriptionId
+        const existingSubscriptionStatus = user.subscriptionStatus
+
+        // Prevent creating new subscription if user already has an active subscription
+        if (existingSubscriptionId) {
+          // Check if the existing subscription is still active (not cancelled)
+          const activeStatuses = ['active', 'authenticated', 'paused', 'created']
+          if (existingSubscriptionStatus && activeStatuses.includes(existingSubscriptionStatus)) {
+            return {
+              success: false,
+              error: {
+                code: 'SUBSCRIPTION_ALREADY_EXISTS',
+                description:
+                  'You already have an active subscription. Please cancel or pause your current subscription before creating a new one.',
+              },
+            }
+          }
+        }
+
+        // Create subscription via Razorpay API
+        const subscriptionData = {
+          plan_id: validatedInput.plan_id,
+          total_count: validatedInput.total_count,
+          quantity: validatedInput.quantity,
+          customer_notify: validatedInput.customer_notify,
+          ...(validatedInput.start_at && { start_at: validatedInput.start_at }),
+          ...(validatedInput.expire_by && { expire_by: validatedInput.expire_by }),
+          ...(validatedInput.addons &&
+            validatedInput.addons.length > 0 && { addons: validatedInput.addons }),
+          ...(validatedInput.offer_id && { offer_id: validatedInput.offer_id }),
+          ...(validatedInput.notes && { notes: validatedInput.notes }),
+        }
+
+        const subscription = (await razorpay.subscriptions.create(
+          subscriptionData
+        )) as RazorpaySubscription
+
+        // Store subscription in database
+        await _ctx.context.adapter.create({
+          model: 'razorpaySubscription',
+          data: {
+            userId,
+            subscriptionId: subscription.id,
+            planId: validatedInput.plan_id,
+            status: subscription.status,
+          },
+        })
+
+        // Update user table with subscription info
+        await _ctx.context.adapter.update({
+          model: 'user',
+          where: [{ field: 'id', value: userId }],
+          update: {
+            data: {
+              subscriptionStatus: subscription.status,
+              subscriptionId: subscription.id,
+              subscriptionPlanId: validatedInput.plan_id,
+              subscriptionCurrentPeriodEnd: subscription.current_end
+                ? new Date(subscription.current_end * 1000)
+                : null,
+              cancelAtPeriodEnd: false, // Initialize as not cancelling
+              lastPaymentDate: new Date(), // Set initial payment date
+              nextBillingDate: subscription.current_end
+                ? new Date(subscription.current_end * 1000)
+                : null,
+            },
+          },
+        })
+
+        return {
+          success: true,
+          data: {
+            id: subscription.id,
+            entity: subscription.entity,
+            plan_id: subscription.plan_id,
+            status: subscription.status,
+            current_start: subscription.current_start,
+            current_end: subscription.current_end,
+            ended_at: subscription.ended_at,
+            quantity: subscription.quantity,
+            notes: subscription.notes,
+            charge_at: subscription.charge_at,
+            start_at: subscription.start_at,
+            end_at: subscription.end_at,
+            auth_attempts: subscription.auth_attempts,
+            total_count: subscription.total_count,
+            paid_count: subscription.paid_count,
+            customer_notify: subscription.customer_notify,
+            created_at: subscription.created_at,
+            expire_by: subscription.expire_by,
+            short_url: subscription.short_url,
+            has_scheduled_changes: subscription.has_scheduled_changes,
+            change_scheduled_at: subscription.change_scheduled_at,
+            source: subscription.source,
+            offer_id: subscription.offer_id,
+            remaining_count: subscription.remaining_count,
+          },
+        }
+      } catch (error) {
+        return handleRazorpayError(error)
+      }
+    }
+  )

package/api/verify-payment.ts

@@ -0,0 +1,129 @@
+import { createHmac } from 'node:crypto'
+import { createAuthEndpoint, sessionMiddleware } from 'better-auth/api'
+import { handleRazorpayError, type RazorpaySubscriptionRecord, verifyPaymentSchema } from '../lib'
+
+/**
+ * Verifies a payment signature after Razorpay checkout completion.
+ *
+ * @param keySecret - The Razorpay key secret used for signature verification
+ * @returns A Better Auth endpoint handler
+ *
+ * @remarks
+ * This endpoint:
+ * - Requires user authentication via session
+ * - Verifies payment signature using HMAC SHA256
+ * - Validates subscription ownership
+ * - Updates subscription status to 'authenticated'
+ * - Updates user record with payment date
+ * - Should be called after successful Razorpay checkout
+ *
+ * @example
+ * Request body:
+ * ```json
+ * {
+ *   "razorpay_payment_id": "pay_1234567890",
+ *   "razorpay_subscription_id": "sub_1234567890",
+ *   "razorpay_signature": "abc123..."
+ * }
+ * ```
+ */
+export const verifyPayment = (keySecret: string) =>
+  createAuthEndpoint(
+    '/razorpay/verify-payment',
+    { method: 'POST', use: [sessionMiddleware] },
+    async (_ctx) => {
+      try {
+        // Validate input using Zod schema
+        const validatedInput = verifyPaymentSchema.parse(_ctx.body)
+
+        const { razorpay_payment_id, razorpay_subscription_id, razorpay_signature } = validatedInput
+
+        // Generate expected signature
+        const generated_signature = createHmac('sha256', keySecret)
+          .update(`${razorpay_payment_id}|${razorpay_subscription_id}`)
+          .digest('hex')
+
+        // Verify signature
+        if (generated_signature !== razorpay_signature) {
+          return {
+            success: false,
+            error: {
+              code: 'SIGNATURE_VERIFICATION_FAILED',
+              description: 'Payment signature verification failed',
+            },
+          }
+        }
+
+        // Get user ID from session
+        const userId = _ctx.context.session?.user?.id
+
+        if (!userId) {
+          return {
+            success: false,
+            error: {
+              code: 'UNAUTHORIZED',
+              description: 'User not authenticated',
+            },
+          }
+        }
+
+        // Get subscription record to verify it belongs to the user
+        const subscriptionRecord = (await _ctx.context.adapter.findOne({
+          model: 'razorpaySubscription',
+          where: [{ field: 'subscriptionId', value: razorpay_subscription_id }],
+        })) as RazorpaySubscriptionRecord | null
+
+        if (!subscriptionRecord) {
+          return {
+            success: false,
+            error: {
+              code: 'SUBSCRIPTION_NOT_FOUND',
+              description: 'Subscription not found',
+            },
+          }
+        }
+
+        // Verify that the subscription belongs to the authenticated user
+        if (subscriptionRecord.userId !== userId) {
+          return {
+            success: false,
+            error: {
+              code: 'UNAUTHORIZED',
+              description: 'Subscription does not belong to authenticated user',
+            },
+          }
+        }
+
+        // Update subscription status to authenticated/active
+        await _ctx.context.adapter.update({
+          model: 'razorpaySubscription',
+          where: [{ field: 'subscriptionId', value: razorpay_subscription_id }],
+          update: { status: 'authenticated' },
+        })
+
+        // Update user table with subscription status and payment date
+        await _ctx.context.adapter.update({
+          model: 'user',
+          where: [{ field: 'id', value: userId }],
+          update: {
+            data: {
+              subscriptionStatus: 'authenticated',
+              subscriptionId: razorpay_subscription_id,
+              lastPaymentDate: new Date(),
+            },
+          },
+        })
+
+        return {
+          success: true,
+          data: {
+            message: 'Payment verified successfully',
+            payment_id: razorpay_payment_id,
+            subscription_id: razorpay_subscription_id,
+          },
+        }
+      } catch (error) {
+        return handleRazorpayError(error)
+      }
+    }
+  )

package/api/webhook.ts

@@ -0,0 +1,273 @@
+import { createHmac } from 'node:crypto'
+import { createAuthEndpoint } from 'better-auth/api'
+import type { OnWebhookEventCallback } from '../lib/types'
+
+export interface WebhookResult {
+  success: boolean
+  message?: string
+}
+
+interface SubscriptionEntity {
+  id: string
+  plan_id: string
+  status: string
+  current_start?: number
+  current_end?: number
+}
+
+interface WebhookContext {
+  adapter: {
+    findOne: (params: {
+      model: string
+      where: { field: string; value: string }[]
+    }) => Promise<unknown>
+    update: (params: {
+      model: string
+      where: { field: string; value: string }[]
+      update: Record<string, unknown>
+    }) => Promise<unknown>
+  }
+}
+
+type EventHandler = (
+  adapter: WebhookContext['adapter'],
+  subscriptionId: string,
+  userId: string,
+  subscription: SubscriptionEntity
+) => Promise<void>
+
+const updateSubscriptionAndUser = async (
+  adapter: WebhookContext['adapter'],
+  subscriptionId: string,
+  userId: string,
+  status: string,
+  extraUserFields?: Record<string, unknown>
+): Promise<void> => {
+  await adapter.update({
+    model: 'razorpaySubscription',
+    where: [{ field: 'subscriptionId', value: subscriptionId }],
+    update: { status },
+  })
+
+  await adapter.update({
+    model: 'user',
+    where: [{ field: 'id', value: userId }],
+    update: { subscriptionStatus: status, ...extraUserFields },
+  })
+}
+
+const createStatusHandler =
+  (
+    status: string,
+    extraUserFields?: (sub: SubscriptionEntity) => Record<string, unknown>
+  ): EventHandler =>
+  async (adapter, subscriptionId, userId, subscription) => {
+    const extra = extraUserFields ? extraUserFields(subscription) : {}
+    await updateSubscriptionAndUser(adapter, subscriptionId, userId, status, extra)
+  }
+
+const eventHandlers: Record<string, EventHandler> = {
+  'subscription.authenticated': createStatusHandler('authenticated', (sub) => ({
+    subscriptionId: sub.id,
+    subscriptionPlanId: sub.plan_id,
+  })),
+  'subscription.activated': createStatusHandler('active', (sub) => ({
+    subscriptionId: sub.id,
+    subscriptionPlanId: sub.plan_id,
+  })),
+  'subscription.charged': createStatusHandler('active', (sub) => ({
+    lastPaymentDate: new Date(),
+    nextBillingDate: sub.current_end ? new Date(sub.current_end * 1000) : null,
+    subscriptionCurrentPeriodEnd: sub.current_end ? new Date(sub.current_end * 1000) : null,
+  })),
+  'subscription.cancelled': createStatusHandler('cancelled', () => ({ cancelAtPeriodEnd: false })),
+  'subscription.paused': createStatusHandler('paused'),
+  'subscription.resumed': createStatusHandler('active'),
+  'subscription.pending': createStatusHandler('pending'),
+  'subscription.halted': createStatusHandler('halted'),
+}
+
+const getRawBody = async (request: Request | undefined, fallbackBody: unknown): Promise<string> => {
+  if (!request) {
+    return JSON.stringify(fallbackBody)
+  }
+
+  try {
+    const clonedRequest = request.clone()
+    const text = await clonedRequest.text()
+    return text || JSON.stringify(fallbackBody)
+  } catch {
+    return JSON.stringify(fallbackBody)
+  }
+}
+
+const verifySignature = (rawBody: string, signature: string, secret: string): boolean => {
+  const expectedSignature = createHmac('sha256', secret).update(rawBody).digest('hex')
+  return signature === expectedSignature
+}
+
+const invokeCallback = async (
+  onWebhookEvent: OnWebhookEventCallback,
+  adapter: WebhookContext['adapter'],
+  event: string,
+  subscription: SubscriptionEntity,
+  payload: { payment?: { entity?: { id: string; amount: number; currency?: string } } },
+  userId: string
+): Promise<void> => {
+  const user = (await adapter.findOne({
+    model: 'user',
+    where: [{ field: 'id', value: userId }],
+  })) as { id: string; email: string; name: string } | null
+
+  if (!user) return
+
+  await onWebhookEvent(
+    {
+      event: event as Parameters<OnWebhookEventCallback>[0]['event'],
+      subscription: {
+        id: subscription.id,
+        plan_id: subscription.plan_id,
+        status: subscription.status,
+        current_start: subscription.current_start,
+        current_end: subscription.current_end,
+      },
+      payment: payload.payment?.entity
+        ? {
+            id: payload.payment.entity.id,
+            amount: payload.payment.entity.amount,
+            currency: payload.payment.entity.currency || 'INR',
+          }
+        : undefined,
+    },
+    { userId, user: { id: user.id, email: user.email, name: user.name } }
+  )
+}
+
+/**
+ * Handles Razorpay webhook events for subscription lifecycle management.
+ *
+ * @param webhookSecret - Optional webhook secret for signature verification
+ * @param onWebhookEvent - Optional callback function invoked after webhook processing
+ * @returns A Better Auth endpoint handler
+ *
+ * @remarks
+ * This endpoint:
+ * - Verifies webhook signature using HMAC SHA256
+ * - Processes subscription events (authenticated, activated, charged, cancelled, paused, resumed, etc.)
+ * - Updates subscription and user records based on event type
+ * - Invokes optional callback for custom business logic
+ * - Does not require authentication (webhook endpoint)
+ *
+ * @example
+ * Supported events:
+ * - subscription.authenticated
+ * - subscription.activated
+ * - subscription.charged
+ * - subscription.cancelled
+ * - subscription.paused
+ * - subscription.resumed
+ * - subscription.pending
+ * - subscription.halted
+ */
+export const webhook = (webhookSecret?: string, onWebhookEvent?: OnWebhookEventCallback) =>
+  createAuthEndpoint('/razorpay/webhook', { method: 'POST' }, async (_ctx) => {
+    if (!webhookSecret) {
+      return { success: false, message: 'Webhook secret not configured' }
+    }
+
+    const signature = _ctx.request?.headers.get('x-razorpay-signature')
+    if (!signature) {
+      return { success: false, message: 'Missing webhook signature' }
+    }
+
+    const rawBody = await getRawBody(_ctx.request, _ctx.body)
+
+    if (!verifySignature(rawBody, signature, webhookSecret)) {
+      return { success: false, message: 'Invalid webhook signature' }
+    }
+
+    return processWebhookEvent(_ctx.context.adapter, rawBody, _ctx.body, onWebhookEvent)
+  })
+
+const processWebhookEvent = async (
+  adapter: WebhookContext['adapter'],
+  rawBody: string,
+  fallbackBody: unknown,
+  onWebhookEvent?: OnWebhookEventCallback
+): Promise<WebhookResult> => {
+  const isDev = process.env.NODE_ENV === 'development'
+
+  try {
+    const webhookData = rawBody ? JSON.parse(rawBody) : fallbackBody
+    const { event, payload } = webhookData
+
+    if (!event || !payload) {
+      return {
+        success: false,
+        message: isDev
+          ? 'Invalid webhook payload: missing event or payload'
+          : 'Invalid webhook payload',
+      }
+    }
+
+    const subscription = payload.subscription?.entity as SubscriptionEntity | undefined
+    if (!subscription) {
+      return {
+        success: false,
+        message: isDev
+          ? 'Invalid webhook payload: missing subscription data'
+          : 'Invalid webhook payload',
+      }
+    }
+
+    const subscriptionRecord = (await adapter.findOne({
+      model: 'razorpaySubscription',
+      where: [{ field: 'subscriptionId', value: subscription.id }],
+    })) as { userId?: string } | null
+
+    if (!subscriptionRecord) {
+      return {
+        success: false,
+        message: isDev
+          ? `Subscription record not found for subscription ${subscription.id}`
+          : 'Subscription record not found',
+      }
+    }
+
+    const userId = subscriptionRecord.userId
+    if (!userId) {
+      return {
+        success: false,
+        message: isDev
+          ? `User ID not found in subscription record for subscription ${subscription.id}`
+          : 'User ID not found in subscription record',
+      }
+    }
+
+    const handler = eventHandlers[event]
+    if (!handler) {
+      return {
+        success: false,
+        message: isDev ? `Unhandled event: ${event}` : 'Unhandled webhook event',
+      }
+    }
+
+    await handler(adapter, subscription.id, userId, subscription)
+
+    if (onWebhookEvent) {
+      try {
+        await invokeCallback(onWebhookEvent, adapter, event, subscription, payload, userId)
+      } catch {
+        // Silently handle callback errors - they shouldn't break webhook processing
+        // The callback is for custom logic and failures there shouldn't affect core functionality
+      }
+    }
+
+    return { success: true }
+  } catch (error) {
+    return {
+      success: false,
+      message: error instanceof Error ? error.message : 'Webhook processing failed',
+    }
+  }
+}

package/client.ts

@@ -0,0 +1,8 @@
+import type { BetterAuthClientPlugin } from 'better-auth/client'
+import type { razorpayPlugin } from './index'
+
+export const razorpayClientPlugin = () =>
+  ({
+    id: 'razorpay-plugin',
+    $InferServerPlugin: {} as ReturnType<typeof razorpayPlugin>,
+  }) satisfies BetterAuthClientPlugin