npm - @easypayment/medusa-paypal - Versions diffs - 0.2.4 → 0.2.6 - Mend

@easypayment/medusa-paypal 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/src/api/store/paypal/capture-order/route.ts CHANGED Viewed

@@ -1,270 +1,284 @@
-import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
-import { randomUUID } from "crypto"
-import type PayPalModuleService from "../../../../modules/paypal/service"
-import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
-type Body = {
-  cart_id: string
-  order_id: string
-}
-async function getPayPalApiBase(environment: string) {
-  return environment === "live"
-    ? "https://api-m.paypal.com"
-    : "https://api-m.sandbox.paypal.com"
-}
-async function getPayPalAccessToken(opts: {
-  environment: string
-  client_id: string
-  client_secret: string
-}) {
-  const base = await getPayPalApiBase(opts.environment)
-  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
-  const resp = await fetch(`${base}/v1/oauth2/token`, {
-    method: "POST",
-    headers: {
-      Authorization: `Basic ${auth}`,
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body: "grant_type=client_credentials",
-  })
-  const text = await resp.text()
-  if (!resp.ok) {
-    throw new Error(`PayPal token error (${resp.status}): ${text}`)
-  }
-  const json = JSON.parse(text)
-  return { accessToken: String(json.access_token), base }
-}
-function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
-  const header =
-    req.headers["idempotency-key"] ||
-    req.headers["Idempotency-Key"] ||
-    req.headers["x-idempotency-key"] ||
-    req.headers["X-Idempotency-Key"]
-  const key = Array.isArray(header) ? header[0] : header
-  if (key && String(key).trim()) {
-    return `${String(key).trim()}-${suffix}`
-  }
-  return fallback || `pp-${suffix}-${randomUUID()}`
-}
-async function attachPayPalCaptureToSession(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string,
-  capture: any
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return
-    }
-    await paymentSessionService.update(paypalSession.id, {
-      status: "captured",
-      data: {
-        ...(paypalSession.data || {}),
-        paypal: {
-          ...((paypalSession.data || {}).paypal || {}),
-          order_id: orderId,
-          capture_id: capture?.id || capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id,
-          capture,
-        },
-      },
-    })
-  } catch {
-    // ignore
-  }
-}
-async function attachPayPalAuthorizationToSession(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string,
-  authorization: any
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return
-    }
-    await paymentSessionService.update(paypalSession.id, {
-      status: "authorized",
-      data: {
-        ...(paypalSession.data || {}),
-        paypal: {
-          ...((paypalSession.data || {}).paypal || {}),
-          order_id: orderId,
-          authorization_id:
-            authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id,
-          authorization,
-        },
-      },
-    })
-  } catch {
-    // ignore
-  }
-}
-async function getExistingCapture(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return null
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return null
-    }
-    const paypalData = (paypalSession.data || {}).paypal || {}
-    const existingOrderId = String(paypalData.order_id || "")
-    if (existingOrderId && existingOrderId !== orderId) {
-      return null
-    }
-    if (paypalData.capture) {
-      return paypalData.capture
-    }
-    if (paypalData.capture_id) {
-      return { id: paypalData.capture_id }
-    }
-    return null
-  } catch {
-    return null
-  }
-}
-export async function POST(req: MedusaRequest, res: MedusaResponse) {
-  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-  let debugId: string | null = null
-  try {
-    const body = (req.body || {}) as Body
-    const cartId = body.cart_id
-    const orderId = body.order_id
-    if (!cartId || !orderId) {
-      return res.status(400).json({ message: "cart_id and order_id are required" })
-    }
-    const existingCapture = await getExistingCapture(req, cartId, orderId)
-    if (existingCapture) {
-      return res.json({ capture: existingCapture })
-    }
-    const creds = await paypal.getActiveCredentials()
-    const { accessToken, base } = await getPayPalAccessToken(creds)
-    const settings = await paypal.getSettings().catch(() => ({}))
-    const data =
-      settings && typeof settings === "object" && "data" in settings
-        ? ((settings as { data?: Record<string, any> }).data ?? {})
-        : {}
-    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
-    const paymentAction =
-      typeof additionalSettings.paymentAction === "string"
-        ? additionalSettings.paymentAction
-        : "capture"
-    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
-    const endpoint =
-      paymentAction === "authorize"
-        ? `${base}/v2/checkout/orders/${orderId}/authorize`
-        : `${base}/v2/checkout/orders/${orderId}/capture`
-    const ppResp = await fetch(endpoint, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        "Content-Type": "application/json",
-        "PayPal-Request-Id": requestId,
-      },
-    })
-    const ppText = await ppResp.text()
-    debugId = ppResp.headers.get("paypal-debug-id")
-    if (!ppResp.ok) {
-      throw new Error(
-        `PayPal capture error (${ppResp.status}): ${ppText}${
-          debugId ? ` debug_id=${debugId}` : ""
-        }`
-      )
-    }
-    const payload = JSON.parse(ppText)
-    if (paymentAction === "authorize") {
-      await attachPayPalAuthorizationToSession(req, cartId, orderId, payload)
-    } else {
-      await attachPayPalCaptureToSession(req, cartId, orderId, payload)
-    }
-    console.info("[PayPal] capture-order", {
-      cart_id: cartId,
-      order_id: orderId,
-      request_id: requestId,
-      debug_id: ppResp.headers.get("paypal-debug-id"),
-      capture_id: payload?.id,
-    })
-    try {
-      await paypal.recordMetric(
-        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
-      )
-    } catch {
-      // ignore metrics failures
-    }
-    // Clear storefront cart cookie (httpOnly) so user gets a fresh cart after successful payment
-    // Note: works when storefront and backend share the same cookie domain (e.g. localhost)
-    res.setHeader("Set-Cookie", "_medusa_cart_id=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Strict")
-    return paymentAction === "authorize"
-      ? res.json({ authorization: payload })
-      : res.json({ capture: payload })
-  } catch (e: any) {
-    try {
-      const body = (req.body || {}) as Body
-      await paypal.recordAuditEvent("capture_order_failed", {
-        cart_id: body.cart_id,
-        order_id: body.order_id,
-        debug_id: debugId,
-        message: e?.message || String(e),
-      })
-      await paypal.recordMetric("capture_order_failed")
-    } catch {
-      // ignore audit logging failures
-    }
-    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
-  }
-}
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
+import { randomUUID } from "crypto"
+import { Pool } from "pg"
+import type PayPalModuleService from "../../../../modules/paypal/service"
+import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
+type Body = {
+  cart_id: string
+  order_id: string
+}
+async function getPayPalApiBase(environment: string) {
+  return environment === "live"
+    ? "https://api-m.paypal.com"
+    : "https://api-m.sandbox.paypal.com"
+}
+async function getPayPalAccessToken(opts: {
+  environment: string
+  client_id: string
+  client_secret: string
+}) {
+  const base = await getPayPalApiBase(opts.environment)
+  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
+  const resp = await fetch(`${base}/v1/oauth2/token`, {
+    method: "POST",
+    headers: {
+      Authorization: `Basic ${auth}`,
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: "grant_type=client_credentials",
+  })
+  const text = await resp.text()
+  if (!resp.ok) {
+    throw new Error(`PayPal token error (${resp.status}): ${text}`)
+  }
+  const json = JSON.parse(text)
+  return { accessToken: String(json.access_token), base }
+}
+function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
+  const header =
+    req.headers["idempotency-key"] ||
+    req.headers["Idempotency-Key"] ||
+    req.headers["x-idempotency-key"] ||
+    req.headers["X-Idempotency-Key"]
+  const key = Array.isArray(header) ? header[0] : header
+  if (key && String(key).trim()) {
+    return `${String(key).trim()}-${suffix}`
+  }
+  return fallback || `pp-${suffix}-${randomUUID()}`
+}
+/**
+ * Find the PayPal payment session for a cart using direct DB query.
+ * Replaces the broken paymentCollectionService.retrieveByCartId() call.
+ */
+async function findPayPalSessionForCart(cartId: string): Promise<{
+  session_id: string
+  session_data: Record<string, any>
+  session_status: string
+} | null> {
+  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
+  try {
+    const { rows } = await pool.query(
+      `SELECT ps.id as session_id, ps.data as session_data, ps.status as session_status
+       FROM payment_session ps
+       JOIN payment_collection pc ON ps.payment_collection_id = pc.id
+       JOIN cart_payment_collection cpc ON cpc.payment_collection_id = pc.id
+       WHERE cpc.cart_id = $1
+         AND ps.provider_id LIKE '%paypal%'
+       ORDER BY ps.created_at DESC
+       LIMIT 1`,
+      [cartId]
+    )
+    return rows[0] ?? null
+  } catch {
+    return null
+  } finally {
+    await pool.end()
+  }
+}
+/**
+ * Update the PayPal payment session status and data directly via DB.
+ */
+async function updatePayPalSession(
+  sessionId: string,
+  status: string,
+  extraData: Record<string, any>
+): Promise<void> {
+  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
+  try {
+    await pool.query(
+      `UPDATE payment_session
+       SET status = $1,
+           data   = data || $2::jsonb
+       WHERE id = $3`,
+      [status, JSON.stringify(extraData), sessionId]
+    )
+  } catch {
+    // ignore
+  } finally {
+    await pool.end()
+  }
+}
+async function attachPayPalCaptureToSession(
+  cartId: string,
+  orderId: string,
+  capture: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalCaptureToSession: no session found for cart", cartId)
+      return
+    }
+    const captureId =
+      capture?.id ||
+      capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id
+    await updatePayPalSession(session.session_id, "authorized", {
+      paypal: {
+        ...((session.session_data || {}).paypal || {}),
+        order_id: orderId,
+        capture_id: captureId,
+        capture,
+      },
+    })
+    console.info("[PayPal] session authorized via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function attachPayPalAuthorizationToSession(
+  cartId: string,
+  orderId: string,
+  authorization: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalAuthorizationToSession: no session found for cart", cartId)
+      return
+    }
+    const authorizationId =
+      authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id
+    await updatePayPalSession(session.session_id, "authorized", {
+      paypal: {
+        ...((session.session_data || {}).paypal || {}),
+        order_id: orderId,
+        authorization_id: authorizationId,
+        authorization,
+      },
+    })
+    console.info("[PayPal] session authorized via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function getExistingCapture(cartId: string, orderId: string) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) return null
+    const paypalData = (session.session_data || {}).paypal || {}
+    const existingOrderId = String(paypalData.order_id || "")
+    if (existingOrderId && existingOrderId !== orderId) return null
+    if (paypalData.capture) return paypalData.capture
+    if (paypalData.capture_id) return { id: paypalData.capture_id }
+    return null
+  } catch {
+    return null
+  }
+}
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+  let debugId: string | null = null
+  try {
+    const body = (req.body || {}) as Body
+    const cartId = body.cart_id
+    const orderId = body.order_id
+    if (!cartId || !orderId) {
+      return res.status(400).json({ message: "cart_id and order_id are required" })
+    }
+    const existingCapture = await getExistingCapture(cartId, orderId)
+    if (existingCapture) {
+      return res.json({ capture: existingCapture })
+    }
+    const creds = await paypal.getActiveCredentials()
+    const { accessToken, base } = await getPayPalAccessToken(creds)
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const data =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as { data?: Record<string, any> }).data ?? {})
+        : {}
+    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
+    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
+    const endpoint =
+      paymentAction === "authorize"
+        ? `${base}/v2/checkout/orders/${orderId}/authorize`
+        : `${base}/v2/checkout/orders/${orderId}/capture`
+    const ppResp = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "Content-Type": "application/json",
+        "PayPal-Request-Id": requestId,
+      },
+    })
+    const ppText = await ppResp.text()
+    debugId = ppResp.headers.get("paypal-debug-id")
+    if (!ppResp.ok) {
+      throw new Error(
+        `PayPal capture error (${ppResp.status}): ${ppText}${debugId ? ` debug_id=${debugId}` : ""}`
+      )
+    }
+    const payload = JSON.parse(ppText)
+    if (paymentAction === "authorize") {
+      await attachPayPalAuthorizationToSession(cartId, orderId, payload)
+    } else {
+      await attachPayPalCaptureToSession(cartId, orderId, payload)
+    }
+    console.info("[PayPal] capture-order", {
+      cart_id: cartId,
+      order_id: orderId,
+      request_id: requestId,
+      debug_id: ppResp.headers.get("paypal-debug-id"),
+      capture_id: payload?.id,
+    })
+    try {
+      await paypal.recordMetric(
+        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
+      )
+    } catch {
+      // ignore metrics failures
+    }
+    return paymentAction === "authorize"
+      ? res.json({ authorization: payload })
+      : res.json({ capture: payload })
+  } catch (e: any) {
+    try {
+      const body = (req.body || {}) as Body
+      await paypal.recordAuditEvent("capture_order_failed", {
+        cart_id: body.cart_id,
+        order_id: body.order_id,
+        debug_id: debugId,
+        message: e?.message || String(e),
+      })
+      await paypal.recordMetric("capture_order_failed")
+    } catch {
+      // ignore audit logging failures
+    }
+    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
+  }
+}

package/src/api/store/paypal-complete/route.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework"
+import { Pool } from "pg"
+/**
+ * POST /store/paypal-complete
+ * Body: { cart_id, order_id, capture_id }
+ *
+ * Directly sets the PayPal payment session to "authorized" in the DB.
+ * The frontend then calls placeOrder() which handles cart completion + redirect.
+ */
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const { cart_id, order_id, capture_id } = req.body as {
+    cart_id?: string
+    order_id?: string
+    capture_id?: string
+  }
+  if (!cart_id) {
+    return res.status(400).json({ error: "cart_id is required" })
+  }
+  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
+  try {
+    const { rows } = await pool.query(
+      `UPDATE payment_session
+       SET status = 'authorized',
+           data   = data || $1::jsonb
+       WHERE id = (
+         SELECT ps.id
+         FROM payment_session ps
+         JOIN payment_collection pc ON ps.payment_collection_id = pc.id
+         JOIN cart_payment_collection cpc ON cpc.payment_collection_id = pc.id
+         WHERE cpc.cart_id = $2
+           AND ps.provider_id LIKE '%paypal%'
+         ORDER BY ps.created_at DESC
+         LIMIT 1
+       )
+       RETURNING id, status`,
+      [
+        JSON.stringify({
+          paypal: {
+            order_id: order_id ?? null,
+            capture_id: capture_id ?? null,
+          },
+          authorized_at: new Date().toISOString(),
+        }),
+        cart_id,
+      ]
+    )
+    console.log("[paypal-complete] session authorized:", rows)
+    if (!rows.length) {
+      return res.status(400).json({ error: "No PayPal payment session found for cart" })
+    }
+    return res.json({ success: true, session_id: rows[0].id })
+  } catch (e: any) {
+    console.error("[paypal-complete] error:", e?.message || e)
+    return res.status(500).json({ error: e?.message || "Internal error" })
+  } finally {
+    await pool.end()
+  }
+}