npm - @easypayment/medusa-paypal - Versions diffs - 0.2.5 → 0.2.7 - Mend

@easypayment/medusa-paypal 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/src/api/store/paypal/capture-order/route.ts CHANGED Viewed

@@ -1,270 +1,284 @@
-import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
-import { randomUUID } from "crypto"
-import type PayPalModuleService from "../../../../modules/paypal/service"
-import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
-type Body = {
-  cart_id: string
-  order_id: string
-}
-async function getPayPalApiBase(environment: string) {
-  return environment === "live"
-    ? "https://api-m.paypal.com"
-    : "https://api-m.sandbox.paypal.com"
-}
-async function getPayPalAccessToken(opts: {
-  environment: string
-  client_id: string
-  client_secret: string
-}) {
-  const base = await getPayPalApiBase(opts.environment)
-  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
-  const resp = await fetch(`${base}/v1/oauth2/token`, {
-    method: "POST",
-    headers: {
-      Authorization: `Basic ${auth}`,
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body: "grant_type=client_credentials",
-  })
-  const text = await resp.text()
-  if (!resp.ok) {
-    throw new Error(`PayPal token error (${resp.status}): ${text}`)
-  }
-  const json = JSON.parse(text)
-  return { accessToken: String(json.access_token), base }
-}
-function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
-  const header =
-    req.headers["idempotency-key"] ||
-    req.headers["Idempotency-Key"] ||
-    req.headers["x-idempotency-key"] ||
-    req.headers["X-Idempotency-Key"]
-  const key = Array.isArray(header) ? header[0] : header
-  if (key && String(key).trim()) {
-    return `${String(key).trim()}-${suffix}`
-  }
-  return fallback || `pp-${suffix}-${randomUUID()}`
-}
-async function attachPayPalCaptureToSession(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string,
-  capture: any
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return
-    }
-    await paymentSessionService.update(paypalSession.id, {
-      status: "authorized",
-      data: {
-        ...(paypalSession.data || {}),
-        paypal: {
-          ...((paypalSession.data || {}).paypal || {}),
-          order_id: orderId,
-          capture_id: capture?.id || capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id,
-          capture,
-        },
-      },
-    })
-  } catch {
-    // ignore
-  }
-}
-async function attachPayPalAuthorizationToSession(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string,
-  authorization: any
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return
-    }
-    await paymentSessionService.update(paypalSession.id, {
-      status: "authorized",
-      data: {
-        ...(paypalSession.data || {}),
-        paypal: {
-          ...((paypalSession.data || {}).paypal || {}),
-          order_id: orderId,
-          authorization_id:
-            authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id,
-          authorization,
-        },
-      },
-    })
-  } catch {
-    // ignore
-  }
-}
-async function getExistingCapture(
-  req: MedusaRequest,
-  cartId: string,
-  orderId: string
-) {
-  try {
-    const paymentCollectionService = req.scope.resolve("payment_collection") as any
-    const paymentSessionService = req.scope.resolve("payment_session") as any
-    const pc = await paymentCollectionService.retrieveByCartId(cartId).catch(() => null)
-    if (!pc?.id) {
-      return null
-    }
-    const sessions = await paymentSessionService.list({ payment_collection_id: pc.id })
-    const paypalSession = sessions?.find((s: any) => isPayPalProviderId(s.provider_id))
-    if (!paypalSession) {
-      return null
-    }
-    const paypalData = (paypalSession.data || {}).paypal || {}
-    const existingOrderId = String(paypalData.order_id || "")
-    if (existingOrderId && existingOrderId !== orderId) {
-      return null
-    }
-    if (paypalData.capture) {
-      return paypalData.capture
-    }
-    if (paypalData.capture_id) {
-      return { id: paypalData.capture_id }
-    }
-    return null
-  } catch {
-    return null
-  }
-}
-export async function POST(req: MedusaRequest, res: MedusaResponse) {
-  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-  let debugId: string | null = null
-  try {
-    const body = (req.body || {}) as Body
-    const cartId = body.cart_id
-    const orderId = body.order_id
-    if (!cartId || !orderId) {
-      return res.status(400).json({ message: "cart_id and order_id are required" })
-    }
-    const existingCapture = await getExistingCapture(req, cartId, orderId)
-    if (existingCapture) {
-      return res.json({ capture: existingCapture })
-    }
-    const creds = await paypal.getActiveCredentials()
-    const { accessToken, base } = await getPayPalAccessToken(creds)
-    const settings = await paypal.getSettings().catch(() => ({}))
-    const data =
-      settings && typeof settings === "object" && "data" in settings
-        ? ((settings as { data?: Record<string, any> }).data ?? {})
-        : {}
-    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
-    const paymentAction =
-      typeof additionalSettings.paymentAction === "string"
-        ? additionalSettings.paymentAction
-        : "capture"
-    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
-    const endpoint =
-      paymentAction === "authorize"
-        ? `${base}/v2/checkout/orders/${orderId}/authorize`
-        : `${base}/v2/checkout/orders/${orderId}/capture`
-    const ppResp = await fetch(endpoint, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        "Content-Type": "application/json",
-        "PayPal-Request-Id": requestId,
-      },
-    })
-    const ppText = await ppResp.text()
-    debugId = ppResp.headers.get("paypal-debug-id")
-    if (!ppResp.ok) {
-      throw new Error(
-        `PayPal capture error (${ppResp.status}): ${ppText}${
-          debugId ? ` debug_id=${debugId}` : ""
-        }`
-      )
-    }
-    const payload = JSON.parse(ppText)
-    if (paymentAction === "authorize") {
-      await attachPayPalAuthorizationToSession(req, cartId, orderId, payload)
-    } else {
-      await attachPayPalCaptureToSession(req, cartId, orderId, payload)
-    }
-    console.info("[PayPal] capture-order", {
-      cart_id: cartId,
-      order_id: orderId,
-      request_id: requestId,
-      debug_id: ppResp.headers.get("paypal-debug-id"),
-      capture_id: payload?.id,
-    })
-    try {
-      await paypal.recordMetric(
-        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
-      )
-    } catch {
-      // ignore metrics failures
-    }
-    // Clear storefront cart cookie (httpOnly) so user gets a fresh cart after successful payment
-    // Note: works when storefront and backend share the same cookie domain (e.g. localhost)
-    res.setHeader("Set-Cookie", "_medusa_cart_id=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Strict")
-    return paymentAction === "authorize"
-      ? res.json({ authorization: payload })
-      : res.json({ capture: payload })
-  } catch (e: any) {
-    try {
-      const body = (req.body || {}) as Body
-      await paypal.recordAuditEvent("capture_order_failed", {
-        cart_id: body.cart_id,
-        order_id: body.order_id,
-        debug_id: debugId,
-        message: e?.message || String(e),
-      })
-      await paypal.recordMetric("capture_order_failed")
-    } catch {
-      // ignore audit logging failures
-    }
-    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
-  }
-}
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
+import { randomUUID } from "crypto"
+import { Pool } from "pg"
+import type PayPalModuleService from "../../../../modules/paypal/service"
+import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
+type Body = {
+  cart_id: string
+  order_id: string
+}
+async function getPayPalApiBase(environment: string) {
+  return environment === "live"
+    ? "https://api-m.paypal.com"
+    : "https://api-m.sandbox.paypal.com"
+}
+async function getPayPalAccessToken(opts: {
+  environment: string
+  client_id: string
+  client_secret: string
+}) {
+  const base = await getPayPalApiBase(opts.environment)
+  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
+  const resp = await fetch(`${base}/v1/oauth2/token`, {
+    method: "POST",
+    headers: {
+      Authorization: `Basic ${auth}`,
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: "grant_type=client_credentials",
+  })
+  const text = await resp.text()
+  if (!resp.ok) {
+    throw new Error(`PayPal token error (${resp.status}): ${text}`)
+  }
+  const json = JSON.parse(text)
+  return { accessToken: String(json.access_token), base }
+}
+function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
+  const header =
+    req.headers["idempotency-key"] ||
+    req.headers["Idempotency-Key"] ||
+    req.headers["x-idempotency-key"] ||
+    req.headers["X-Idempotency-Key"]
+  const key = Array.isArray(header) ? header[0] : header
+  if (key && String(key).trim()) {
+    return `${String(key).trim()}-${suffix}`
+  }
+  return fallback || `pp-${suffix}-${randomUUID()}`
+}
+/**
+ * Find the PayPal payment session for a cart using direct DB query.
+ * Replaces the broken paymentCollectionService.retrieveByCartId() call.
+ */
+async function findPayPalSessionForCart(cartId: string): Promise<{
+  session_id: string
+  session_data: Record<string, any>
+  session_status: string
+} | null> {
+  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
+  try {
+    const { rows } = await pool.query(
+      `SELECT ps.id as session_id, ps.data as session_data, ps.status as session_status
+       FROM payment_session ps
+       JOIN payment_collection pc ON ps.payment_collection_id = pc.id
+       JOIN cart_payment_collection cpc ON cpc.payment_collection_id = pc.id
+       WHERE cpc.cart_id = $1
+         AND ps.provider_id LIKE '%paypal%'
+       ORDER BY ps.created_at DESC
+       LIMIT 1`,
+      [cartId]
+    )
+    return rows[0] ?? null
+  } catch {
+    return null
+  } finally {
+    await pool.end()
+  }
+}
+/**
+ * Update the PayPal payment session status and data directly via DB.
+ */
+async function updatePayPalSession(
+  sessionId: string,
+  status: string,
+  extraData: Record<string, any>
+): Promise<void> {
+  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
+  try {
+    await pool.query(
+      `UPDATE payment_session
+       SET status = $1,
+           data   = data || $2::jsonb
+       WHERE id = $3`,
+      [status, JSON.stringify(extraData), sessionId]
+    )
+  } catch {
+    // ignore
+  } finally {
+    await pool.end()
+  }
+}
+async function attachPayPalCaptureToSession(
+  cartId: string,
+  orderId: string,
+  capture: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalCaptureToSession: no session found for cart", cartId)
+      return
+    }
+    const captureId =
+      capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id ||
+      capture?.id
+    await updatePayPalSession(session.session_id, "authorized", {
+      paypal: {
+        ...((session.session_data || {}).paypal || {}),
+        order_id: orderId,
+        capture_id: captureId,
+        capture,
+      },
+    })
+    console.info("[PayPal] session authorized via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function attachPayPalAuthorizationToSession(
+  cartId: string,
+  orderId: string,
+  authorization: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalAuthorizationToSession: no session found for cart", cartId)
+      return
+    }
+    const authorizationId =
+      authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id
+    await updatePayPalSession(session.session_id, "authorized", {
+      paypal: {
+        ...((session.session_data || {}).paypal || {}),
+        order_id: orderId,
+        authorization_id: authorizationId,
+        authorization,
+      },
+    })
+    console.info("[PayPal] session authorized via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function getExistingCapture(cartId: string, orderId: string) {
+  try {
+    const session = await findPayPalSessionForCart(cartId)
+    if (!session) return null
+    const paypalData = (session.session_data || {}).paypal || {}
+    const existingOrderId = String(paypalData.order_id || "")
+    if (existingOrderId && existingOrderId !== orderId) return null
+    if (paypalData.capture) return paypalData.capture
+    if (paypalData.capture_id) return { id: paypalData.capture_id }
+    return null
+  } catch {
+    return null
+  }
+}
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+  let debugId: string | null = null
+  try {
+    const body = (req.body || {}) as Body
+    const cartId = body.cart_id
+    const orderId = body.order_id
+    if (!cartId || !orderId) {
+      return res.status(400).json({ message: "cart_id and order_id are required" })
+    }
+    const existingCapture = await getExistingCapture(cartId, orderId)
+    if (existingCapture) {
+      return res.json({ capture: existingCapture })
+    }
+    const creds = await paypal.getActiveCredentials()
+    const { accessToken, base } = await getPayPalAccessToken(creds)
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const data =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as { data?: Record<string, any> }).data ?? {})
+        : {}
+    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
+    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
+    const endpoint =
+      paymentAction === "authorize"
+        ? `${base}/v2/checkout/orders/${orderId}/authorize`
+        : `${base}/v2/checkout/orders/${orderId}/capture`
+    const ppResp = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "Content-Type": "application/json",
+        "PayPal-Request-Id": requestId,
+      },
+    })
+    const ppText = await ppResp.text()
+    debugId = ppResp.headers.get("paypal-debug-id")
+    if (!ppResp.ok) {
+      throw new Error(
+        `PayPal capture error (${ppResp.status}): ${ppText}${debugId ? ` debug_id=${debugId}` : ""}`
+      )
+    }
+    const payload = JSON.parse(ppText)
+    console.info("[PayPal] capture-order raw payload:", JSON.stringify(payload, null, 2))
+    if (paymentAction === "authorize") {
+      await attachPayPalAuthorizationToSession(cartId, orderId, payload)
+    } else {
+      await attachPayPalCaptureToSession(cartId, orderId, payload)
+    }
+    console.info("[PayPal] capture-order", {
+      cart_id: cartId,
+      order_id: orderId,
+      request_id: requestId,
+      debug_id: ppResp.headers.get("paypal-debug-id"),
+      capture_id: payload?.id,
+    })
+    try {
+      await paypal.recordMetric(
+        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
+      )
+    } catch {
+      // ignore metrics failures
+    }
+    return paymentAction === "authorize"
+      ? res.json({ authorization: payload })
+      : res.json({ capture: payload })
+  } catch (e: any) {
+    try {
+      const body = (req.body || {}) as Body
+      await paypal.recordAuditEvent("capture_order_failed", {
+        cart_id: body.cart_id,
+        order_id: body.order_id,
+        debug_id: debugId,
+        message: e?.message || String(e),
+      })
+      await paypal.recordMetric("capture_order_failed")
+    } catch {
+      // ignore audit logging failures
+    }
+    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
+  }
+}

package/src/api/store/paypal/config/route.ts CHANGED Viewed

@@ -8,18 +8,12 @@ import {
 export async function GET(req: MedusaRequest, res: MedusaResponse) {
   const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
   try {
     const creds = await paypal.getActiveCredentials()
     const apiDetails = await paypal.getApiDetails().catch(() => null)
-    // CardFields/PaymentFields require a client token on the script tag.
-    // Generate it server-side and return it with config.
     const client_token = await paypal.generateClientToken({ locale: "en_US" }).catch(() => "")
     const cartId = (req.query?.cart_id as string) || ""
     const query = req.scope.resolve("query")
     let currency = normalizeCurrencyCode(
       apiDetails?.apiDetails?.currency_code || process.env.PAYPAL_CURRENCY || "EUR"
     )
@@ -29,7 +23,6 @@ export async function GET(req: MedusaRequest, res: MedusaResponse) {
         fields: ["id", "currency_code", "region.currency_code"],
         filters: { id: cartId },
       })
       const cart = carts?.[0]
       if (cart) {
         currency = normalizeCurrencyCode(
@@ -37,13 +30,23 @@ export async function GET(req: MedusaRequest, res: MedusaResponse) {
         )
       }
     }
     const compatibility = getPayPalCurrencyCompatibility({
       currencyCode: currency,
       paypalCurrencyOverride:
         apiDetails?.apiDetails?.currency_code || process.env.PAYPAL_CURRENCY,
     })
+    // Read payment action from settings so frontend SDK uses correct intent
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const additionalSettings =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as any).data?.additional_settings || {})
+        : {}
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
     return res.json({
       environment: creds.environment,
       client_id: creds.client_id,
@@ -52,6 +55,7 @@ export async function GET(req: MedusaRequest, res: MedusaResponse) {
       currency_errors: compatibility.errors,
       supported_currencies: getPayPalSupportedCurrencies(),
       client_token,
+      intent: paymentAction, // "capture" or "authorize"
     })
   } catch (e: any) {
     return res.status(500).json({ message: e?.message || "Failed to load PayPal config" })