npm - @easypayment/medusa-paypal - Versions diffs - 0.2.7 → 0.2.9 - Mend

@easypayment/medusa-paypal 0.2.7 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/src/api/store/paypal/capture-order/route.ts CHANGED Viewed

@@ -1,284 +1,276 @@
-import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
-import { randomUUID } from "crypto"
-import { Pool } from "pg"
-import type PayPalModuleService from "../../../../modules/paypal/service"
-import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
-type Body = {
-  cart_id: string
-  order_id: string
-}
-async function getPayPalApiBase(environment: string) {
-  return environment === "live"
-    ? "https://api-m.paypal.com"
-    : "https://api-m.sandbox.paypal.com"
-}
-async function getPayPalAccessToken(opts: {
-  environment: string
-  client_id: string
-  client_secret: string
-}) {
-  const base = await getPayPalApiBase(opts.environment)
-  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
-  const resp = await fetch(`${base}/v1/oauth2/token`, {
-    method: "POST",
-    headers: {
-      Authorization: `Basic ${auth}`,
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body: "grant_type=client_credentials",
-  })
-  const text = await resp.text()
-  if (!resp.ok) {
-    throw new Error(`PayPal token error (${resp.status}): ${text}`)
-  }
-  const json = JSON.parse(text)
-  return { accessToken: String(json.access_token), base }
-}
-function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
-  const header =
-    req.headers["idempotency-key"] ||
-    req.headers["Idempotency-Key"] ||
-    req.headers["x-idempotency-key"] ||
-    req.headers["X-Idempotency-Key"]
-  const key = Array.isArray(header) ? header[0] : header
-  if (key && String(key).trim()) {
-    return `${String(key).trim()}-${suffix}`
-  }
-  return fallback || `pp-${suffix}-${randomUUID()}`
-}
-/**
- * Find the PayPal payment session for a cart using direct DB query.
- * Replaces the broken paymentCollectionService.retrieveByCartId() call.
- */
-async function findPayPalSessionForCart(cartId: string): Promise<{
-  session_id: string
-  session_data: Record<string, any>
-  session_status: string
-} | null> {
-  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
-  try {
-    const { rows } = await pool.query(
-      `SELECT ps.id as session_id, ps.data as session_data, ps.status as session_status
-       FROM payment_session ps
-       JOIN payment_collection pc ON ps.payment_collection_id = pc.id
-       JOIN cart_payment_collection cpc ON cpc.payment_collection_id = pc.id
-       WHERE cpc.cart_id = $1
-         AND ps.provider_id LIKE '%paypal%'
-       ORDER BY ps.created_at DESC
-       LIMIT 1`,
-      [cartId]
-    )
-    return rows[0] ?? null
-  } catch {
-    return null
-  } finally {
-    await pool.end()
-  }
-}
-/**
- * Update the PayPal payment session status and data directly via DB.
- */
-async function updatePayPalSession(
-  sessionId: string,
-  status: string,
-  extraData: Record<string, any>
-): Promise<void> {
-  const pool = new Pool({ connectionString: process.env.DATABASE_URL })
-  try {
-    await pool.query(
-      `UPDATE payment_session
-       SET status = $1,
-           data   = data || $2::jsonb
-       WHERE id = $3`,
-      [status, JSON.stringify(extraData), sessionId]
-    )
-  } catch {
-    // ignore
-  } finally {
-    await pool.end()
-  }
-}
-async function attachPayPalCaptureToSession(
-  cartId: string,
-  orderId: string,
-  capture: any
-) {
-  try {
-    const session = await findPayPalSessionForCart(cartId)
-    if (!session) {
-      console.warn("[PayPal] attachPayPalCaptureToSession: no session found for cart", cartId)
-      return
-    }
-    const captureId =
-      capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id ||
-      capture?.id
-    await updatePayPalSession(session.session_id, "authorized", {
-      paypal: {
-        ...((session.session_data || {}).paypal || {}),
-        order_id: orderId,
-        capture_id: captureId,
-        capture,
-      },
-    })
-    console.info("[PayPal] session authorized via DB:", session.session_id)
-  } catch {
-    // ignore
-  }
-}
-async function attachPayPalAuthorizationToSession(
-  cartId: string,
-  orderId: string,
-  authorization: any
-) {
-  try {
-    const session = await findPayPalSessionForCart(cartId)
-    if (!session) {
-      console.warn("[PayPal] attachPayPalAuthorizationToSession: no session found for cart", cartId)
-      return
-    }
-    const authorizationId =
-      authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id
-    await updatePayPalSession(session.session_id, "authorized", {
-      paypal: {
-        ...((session.session_data || {}).paypal || {}),
-        order_id: orderId,
-        authorization_id: authorizationId,
-        authorization,
-      },
-    })
-    console.info("[PayPal] session authorized via DB:", session.session_id)
-  } catch {
-    // ignore
-  }
-}
-async function getExistingCapture(cartId: string, orderId: string) {
-  try {
-    const session = await findPayPalSessionForCart(cartId)
-    if (!session) return null
-    const paypalData = (session.session_data || {}).paypal || {}
-    const existingOrderId = String(paypalData.order_id || "")
-    if (existingOrderId && existingOrderId !== orderId) return null
-    if (paypalData.capture) return paypalData.capture
-    if (paypalData.capture_id) return { id: paypalData.capture_id }
-    return null
-  } catch {
-    return null
-  }
-}
-export async function POST(req: MedusaRequest, res: MedusaResponse) {
-  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-  let debugId: string | null = null
-  try {
-    const body = (req.body || {}) as Body
-    const cartId = body.cart_id
-    const orderId = body.order_id
-    if (!cartId || !orderId) {
-      return res.status(400).json({ message: "cart_id and order_id are required" })
-    }
-    const existingCapture = await getExistingCapture(cartId, orderId)
-    if (existingCapture) {
-      return res.json({ capture: existingCapture })
-    }
-    const creds = await paypal.getActiveCredentials()
-    const { accessToken, base } = await getPayPalAccessToken(creds)
-    const settings = await paypal.getSettings().catch(() => ({}))
-    const data =
-      settings && typeof settings === "object" && "data" in settings
-        ? ((settings as { data?: Record<string, any> }).data ?? {})
-        : {}
-    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
-    const paymentAction =
-      typeof additionalSettings.paymentAction === "string"
-        ? additionalSettings.paymentAction
-        : "capture"
-    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
-    const endpoint =
-      paymentAction === "authorize"
-        ? `${base}/v2/checkout/orders/${orderId}/authorize`
-        : `${base}/v2/checkout/orders/${orderId}/capture`
-    const ppResp = await fetch(endpoint, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${accessToken}`,
-        "Content-Type": "application/json",
-        "PayPal-Request-Id": requestId,
-      },
-    })
-    const ppText = await ppResp.text()
-    debugId = ppResp.headers.get("paypal-debug-id")
-    if (!ppResp.ok) {
-      throw new Error(
-        `PayPal capture error (${ppResp.status}): ${ppText}${debugId ? ` debug_id=${debugId}` : ""}`
-      )
-    }
-    const payload = JSON.parse(ppText)
-    console.info("[PayPal] capture-order raw payload:", JSON.stringify(payload, null, 2))
-    if (paymentAction === "authorize") {
-      await attachPayPalAuthorizationToSession(cartId, orderId, payload)
-    } else {
-      await attachPayPalCaptureToSession(cartId, orderId, payload)
-    }
-    console.info("[PayPal] capture-order", {
-      cart_id: cartId,
-      order_id: orderId,
-      request_id: requestId,
-      debug_id: ppResp.headers.get("paypal-debug-id"),
-      capture_id: payload?.id,
-    })
-    try {
-      await paypal.recordMetric(
-        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
-      )
-    } catch {
-      // ignore metrics failures
-    }
-    return paymentAction === "authorize"
-      ? res.json({ authorization: payload })
-      : res.json({ capture: payload })
-  } catch (e: any) {
-    try {
-      const body = (req.body || {}) as Body
-      await paypal.recordAuditEvent("capture_order_failed", {
-        cart_id: body.cart_id,
-        order_id: body.order_id,
-        debug_id: debugId,
-        message: e?.message || String(e),
-      })
-      await paypal.recordMetric("capture_order_failed")
-    } catch {
-      // ignore audit logging failures
-    }
-    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
-  }
-}
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
+import type { IPaymentModuleService } from "@medusajs/framework/types"
+import { Modules } from "@medusajs/framework/utils"
+import { randomUUID } from "crypto"
+import type PayPalModuleService from "../../../../modules/paypal/service"
+import { getPayPalAccessToken } from "../../../../modules/paypal/utils/paypal-auth"
+import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
+type Body = {
+  cart_id: string
+  order_id: string
+}
+function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
+  const header =
+    req.headers["idempotency-key"] ||
+    req.headers["Idempotency-Key"] ||
+    req.headers["x-idempotency-key"] ||
+    req.headers["X-Idempotency-Key"]
+  const key = Array.isArray(header) ? header[0] : header
+  if (key && String(key).trim()) {
+    return `${String(key).trim()}-${suffix}`
+  }
+  return fallback || `pp-${suffix}-${randomUUID()}`
+}
+async function findPayPalSessionForCart(
+  cartId: string,
+  scope: any
+): Promise<{
+  session_id: string
+  session_data: Record<string, any>
+  session_status: string
+} | null> {
+  try {
+    const query = scope.resolve("query")
+    const { data: carts } = await query.graph({
+      entity: "cart",
+      fields: [
+        "id",
+        "payment_collection.payment_sessions.id",
+        "payment_collection.payment_sessions.data",
+        "payment_collection.payment_sessions.status",
+        "payment_collection.payment_sessions.provider_id",
+        "payment_collection.payment_sessions.created_at",
+      ],
+      filters: { id: cartId },
+    })
+    const cart = carts?.[0]
+    const sessions = cart?.payment_collection?.payment_sessions || []
+    const session = sessions
+      .filter((s: any) => isPayPalProviderId(s.provider_id))
+      .sort(
+        (a: any, b: any) =>
+          new Date(b.created_at || 0).getTime() - new Date(a.created_at || 0).getTime()
+      )[0]
+    if (!session) return null
+    return {
+      session_id: session.id,
+      session_data: (session.data || {}) as Record<string, any>,
+      session_status: session.status,
+    }
+  } catch (e: any) {
+    console.warn("[PayPal] findPayPalSessionForCart failed:", e?.message)
+    return null
+  }
+}
+async function updatePayPalSession(
+  sessionId: string,
+  status: string,
+  extraData: Record<string, any>,
+  scope: any
+): Promise<void> {
+  try {
+    const paymentModule = scope.resolve(Modules.PAYMENT) as IPaymentModuleService
+    const [existing] = await paymentModule.listPaymentSessions({ id: [sessionId] }, { take: 1 })
+    const mergedData = { ...(existing?.data || {}), ...extraData }
+    await (paymentModule as any).updatePaymentSession({
+      id: sessionId,
+      data: mergedData,
+      status: status as any,
+      amount: existing?.amount,
+      currency_code: existing?.currency_code,  // ✅ add this
+    })
+  } catch (e: any) {
+    console.error("[PayPal] updatePayPalSession failed:", e?.message)
+  }
+}
+async function attachPayPalCaptureToSession(
+  cartId: string,
+  orderId: string,
+  capture: any,
+  scope: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId, scope)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalCaptureToSession: no session found for cart", cartId)
+      return
+    }
+    const captureId = capture?.purchase_units?.[0]?.payments?.captures?.[0]?.id || capture?.id
+    await updatePayPalSession(
+      session.session_id,
+      "captured",
+      {
+        paypal: {
+          ...((session.session_data || {}).paypal || {}),
+          order_id: orderId,
+          capture_id: captureId,
+          capture,
+        },
+      },
+      scope
+    )
+    console.info("[PayPal] session captured via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function attachPayPalAuthorizationToSession(
+  cartId: string,
+  orderId: string,
+  authorization: any,
+  scope: any
+) {
+  try {
+    const session = await findPayPalSessionForCart(cartId, scope)
+    if (!session) {
+      console.warn("[PayPal] attachPayPalAuthorizationToSession: no session found for cart", cartId)
+      return
+    }
+    const authorizationId = authorization?.purchase_units?.[0]?.payments?.authorizations?.[0]?.id
+    await updatePayPalSession(
+      session.session_id,
+      "authorized",
+      {
+        paypal: {
+          ...((session.session_data || {}).paypal || {}),
+          order_id: orderId,
+          authorization_id: authorizationId,
+          authorization,
+        },
+      },
+      scope
+    )
+    console.info("[PayPal] session authorized via DB:", session.session_id)
+  } catch {
+    // ignore
+  }
+}
+async function getExistingCapture(cartId: string, orderId: string, scope: any) {
+  try {
+    const session = await findPayPalSessionForCart(cartId, scope)
+    if (!session) return null
+    const paypalData = (session.session_data || {}).paypal || {}
+    const existingOrderId = String(paypalData.order_id || "")
+    if (existingOrderId && existingOrderId !== orderId) return null
+    if (paypalData.capture) return paypalData.capture
+    if (paypalData.capture_id) return { id: paypalData.capture_id }
+    return null
+  } catch {
+    return null
+  }
+}
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+  const { scope } = req
+  let debugId: string | null = null
+  try {
+    const body = (req.body || {}) as Body
+    const cartId = body.cart_id
+    const orderId = body.order_id
+    if (!cartId || !orderId) {
+      return res.status(400).json({ message: "cart_id and order_id are required" })
+    }
+    const existingCapture = await getExistingCapture(cartId, orderId, scope)
+    if (existingCapture) {
+      return res.json({ capture: existingCapture })
+    }
+    const creds = await paypal.getActiveCredentials()
+    const { accessToken, base } = await getPayPalAccessToken(creds)
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const data =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as { data?: Record<string, any> }).data ?? {})
+        : {}
+    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
+    const requestId = resolveIdempotencyKey(req, "capture-order", `pp-capture-${orderId}`)
+    const endpoint =
+      paymentAction === "authorize"
+        ? `${base}/v2/checkout/orders/${orderId}/authorize`
+        : `${base}/v2/checkout/orders/${orderId}/capture`
+    const ppResp = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        "Content-Type": "application/json",
+        "PayPal-Request-Id": requestId,
+      },
+    })
+    const ppText = await ppResp.text()
+    debugId = ppResp.headers.get("paypal-debug-id")
+    if (!ppResp.ok) {
+      throw new Error(
+        `PayPal capture error (${ppResp.status}): ${ppText}${debugId ? ` debug_id=${debugId}` : ""}`
+      )
+    }
+    const payload = JSON.parse(ppText)
+    console.info("[PayPal] capture-order raw payload:", JSON.stringify(payload, null, 2))
+    if (paymentAction === "authorize") {
+      await attachPayPalAuthorizationToSession(cartId, orderId, payload, req.scope)
+    } else {
+      await attachPayPalCaptureToSession(cartId, orderId, payload, req.scope)
+    }
+    console.info("[PayPal] capture-order", {
+      cart_id: cartId,
+      order_id: orderId,
+      request_id: requestId,
+      debug_id: ppResp.headers.get("paypal-debug-id"),
+      capture_id: payload?.id,
+    })
+    try {
+      await paypal.recordMetric(
+        paymentAction === "authorize" ? "authorize_order_success" : "capture_order_success"
+      )
+    } catch {
+      // metrics failure must never affect payment outcome
+    }
+    return paymentAction === "authorize"
+      ? res.json({ authorization: payload })
+      : res.json({ capture: payload })
+  } catch (e: any) {
+    try {
+      const body = (req.body || {}) as Body
+      await paypal.recordAuditEvent("capture_order_failed", {
+        cart_id: body.cart_id,
+        order_id: body.order_id,
+        debug_id: debugId,
+        message: e?.message || String(e),
+      })
+      await paypal.recordMetric("capture_order_failed")
+    } catch {
+      // ignore audit logging failures
+    }
+    return res.status(500).json({ message: e?.message || "Failed to capture PayPal order" })
+  }
+}

package/src/api/store/paypal/create-order/route.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import {
   assertPayPalCurrencySupported,
   normalizeCurrencyCode,
 } from "../../../../modules/paypal/utils/currencies"
+import { getPayPalAccessToken } from "../../../../modules/paypal/utils/paypal-auth"
 import type PayPalModuleService from "../../../../modules/paypal/service"
 import { isPayPalProviderId } from "../../../../modules/paypal/utils/provider-ids"
@@ -12,38 +13,6 @@ type Body = {
   cart_id: string
 }
-async function getPayPalApiBase(environment: string) {
-  return environment === "live"
-    ? "https://api-m.paypal.com"
-    : "https://api-m.sandbox.paypal.com"
-}
-async function getPayPalAccessToken(opts: {
-  environment: string
-  client_id: string
-  client_secret: string
-}) {
-  const base = await getPayPalApiBase(opts.environment)
-  const auth = Buffer.from(`${opts.client_id}:${opts.client_secret}`).toString("base64")
-  const resp = await fetch(`${base}/v1/oauth2/token`, {
-    method: "POST",
-    headers: {
-      Authorization: `Basic ${auth}`,
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body: "grant_type=client_credentials",
-  })
-  const text = await resp.text()
-  if (!resp.ok) {
-    throw new Error(`PayPal token error (${resp.status}): ${text}`)
-  }
-  const json = JSON.parse(text)
-  return { accessToken: String(json.access_token), base }
-}
 function resolveIdempotencyKey(req: MedusaRequest, suffix: string, fallback: string) {
   const header =
     req.headers["idempotency-key"] ||
@@ -78,6 +47,7 @@ async function attachPayPalOrderToSession(
     }
     await paymentSessionService.update(paypalSession.id, {
+      amount: paypalSession.amount,
       data: {
         ...(paypalSession.data || {}),
         paypal: {

package/src/api/store/paypal/settings/route.ts CHANGED Viewed

@@ -5,7 +5,14 @@ export async function GET(req: MedusaRequest, res: MedusaResponse) {
   const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
   try {
     const settings = await paypal.getSettings()
-    return res.json(settings)
+    const data = (settings?.data || {}) as Record<string, any>
+    const additionalSettings = (data.additional_settings || {}) as Record<string, any>
+    const advancedCard = (data.advanced_card_payments || {}) as Record<string, any>
+    return res.json({
+      paymentAction: additionalSettings.paymentAction === "authorize" ? "authorize" : "capture",
+      advancedCardEnabled: advancedCard.enabled === true,
+    })
   } catch (e: any) {
     return res.status(500).json({ message: e?.message || "Failed to load PayPal settings" })
   }

package/src/api/store/paypal/webhook/route.ts CHANGED Viewed

@@ -192,8 +192,7 @@ export async function POST(req: MedusaRequest, res: MedusaResponse) {
         id: recordResult.event.id,
         status: "processed",
         processed_at: new Date(),
-        resource_id:
-          processed.disputeId || processed.refundId || processed.captureId || processed.orderId || null,
+        resource_id: processed.refundId || processed.captureId || processed.orderId || null,
       })
     }