@easypayment/medusa-paypal 0.5.7 → 0.5.9

package/src/api/admin/paypal/save-credentials/route.ts

@@ -1,14 +1,22 @@
-import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
-import type PayPalModuleService from "../../../../modules/paypal/service"
-
-export async function POST(req: MedusaRequest, res: MedusaResponse) {
-  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-  const body = req.body as { clientId?: string; clientSecret?: string }
-
-  if (!body?.clientId || !body?.clientSecret) {
-    return res.status(400).json({ message: "Missing clientId/clientSecret" })
-  }
-
-  await paypal.saveSellerCredentials({ clientId: body.clientId, clientSecret: body.clientSecret })
-  return res.json({ ok: true })
-}
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
+import type PayPalModuleService from "../../../../modules/paypal/service"
+
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+  const body = req.body as {
+    clientId?: string
+    clientSecret?: string
+    environment?: "sandbox" | "live"
+  }
+
+  if (!body?.clientId || !body?.clientSecret) {
+    return res.status(400).json({ message: "Missing clientId/clientSecret" })
+  }
+
+  await paypal.saveAndHydrateSellerCredentials({
+    clientId: body.clientId,
+    clientSecret: body.clientSecret,
+    environment: body.environment,
+  })
+  return res.json({ ok: true })
+}

package/src/modules/paypal/service.ts

@@ -185,7 +185,13 @@ class PayPalModuleService extends MedusaService({
     return {
       clientId: creds.client_id || creds.clientId || undefined,
       clientSecret: creds.client_secret || creds.clientSecret || undefined,
-      sellerMerchantId: creds.seller_merchant_id || creds.sellerMerchantId || undefined,
+      sellerMerchantId:
+        creds.seller_merchant_id ||
+        creds.sellerMerchantId ||
+        creds.payer_id ||
+        creds.merchant_id ||
+        creds.merchantId ||
+        undefined,
       sellerEmail: creds.seller_email || creds.sellerEmail || undefined,
     }
   }
@@ -221,15 +227,23 @@ class PayPalModuleService extends MedusaService({
           obj.email_address,
           obj.account_email,
           obj.contact_email,
+          obj.value,
+          obj.address,
         ]
         queue.push(...prioritized)
 
         for (const [k, v] of Object.entries(obj)) {
           const key = String(k).toLowerCase()
-          if (key.includes("email")) {
+          if (key.includes("email") || key.includes("address")) {
             queue.push(v)
           }
         }
+
+        // Fallback: traverse nested values so shapes like
+        // { email_address: { value: "seller@example.com" } }
+        // or { email: { address: "seller@example.com" } }
+        // are still detected.
+        queue.push(...Object.values(obj))
       }
     }
 
@@ -281,6 +295,155 @@ class PayPalModuleService extends MedusaService({
     return json
   }
 
+  private async getAppAccessTokenForCredentials(
+    env: Environment,
+    credentials: { clientId: string; clientSecret: string }
+  ) {
+    const baseUrl = env === "live" ? "https://api-m.paypal.com" : "https://api-m.sandbox.paypal.com"
+    const basic = Buffer.from(`${credentials.clientId}:${credentials.clientSecret}`).toString("base64")
+
+    const body = new URLSearchParams()
+    body.set("grant_type", "client_credentials")
+
+    const res = await fetch(`${baseUrl}/v1/oauth2/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Authorization: `Basic ${basic}`,
+      },
+      body,
+    })
+
+    const text = await res.text().catch(() => "")
+    let json: any = {}
+    try {
+      json = text ? JSON.parse(text) : {}
+    } catch (e: any) {
+      console.warn("[PayPal] Failed to parse app token response JSON:", e?.message)
+    }
+
+    if (!res.ok) {
+      throw new Error(`PayPal client_credentials failed (${res.status}): ${text || JSON.stringify(json)}`)
+    }
+
+    const accessToken = String(json.access_token || "")
+    if (!accessToken) {
+      throw new Error("PayPal client_credentials succeeded but access_token is missing.")
+    }
+
+    return { accessToken, tokenPayload: json }
+  }
+
+  private async fetchSellerProfileFromDirectCredentials(
+    env: Environment,
+    credentials?: { clientId: string; clientSecret: string }
+  ): Promise<{ sellerMerchantId: string | null; sellerEmail: string | null }> {
+    const baseUrl = env === "live" ? "https://api-m.paypal.com" : "https://api-m.sandbox.paypal.com"
+    const partnerMerchantId = await this.getPartnerMerchantId(env)
+    let tokenPayload: Record<string, any> | null = null
+
+    let accessToken = ""
+    if (credentials) {
+      const tokenResp = await this.getAppAccessTokenForCredentials(env, {
+        clientId: credentials.clientId,
+        clientSecret: credentials.clientSecret,
+      })
+      accessToken = tokenResp.accessToken
+      tokenPayload = tokenResp.tokenPayload
+    } else {
+      accessToken = await this.getAppAccessToken()
+    }
+
+    let sellerEmail = this.extractSellerEmail(tokenPayload || undefined)
+    let sellerMerchantId = String(
+      tokenPayload?.merchant_id || tokenPayload?.payer_id || tokenPayload?.account_id || ""
+    ).trim() || null
+
+    try {
+      const userInfoResp = await fetch(`${baseUrl}/v1/identity/oauth2/userinfo?schema=paypalv1`, {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "Content-Type": "application/json",
+          Accept: "application/json",
+        },
+      })
+      if (userInfoResp.ok) {
+        const userInfo = await userInfoResp.json().catch(() => ({}))
+        sellerEmail = sellerEmail || this.extractSellerEmail(userInfo)
+        sellerMerchantId =
+          sellerMerchantId ||
+          String(userInfo?.merchant_id || userInfo?.payer_id || userInfo?.user_id || userInfo?.sub || "").trim() ||
+          null
+      }
+    } catch (e: any) {
+      console.warn("[PayPal] userinfo lookup failed:", e?.message || e)
+    }
+
+    if (partnerMerchantId) {
+      try {
+        const credsResp = await fetch(
+          `${baseUrl}/v1/customer/partners/${encodeURIComponent(
+            partnerMerchantId
+          )}/merchant-integrations/credentials/`,
+          {
+            method: "GET",
+            headers: {
+              Authorization: `Bearer ${accessToken}`,
+              "Content-Type": "application/json",
+            },
+          }
+        )
+        if (credsResp.ok) {
+          const credsJson = await credsResp.json().catch(() => ({}))
+          sellerEmail = sellerEmail || this.extractSellerEmail(credsJson)
+          sellerMerchantId = sellerMerchantId || String(credsJson?.merchant_id || "").trim() || null
+        }
+      } catch (e: any) {
+        console.warn("[PayPal] direct credential profile lookup failed:", e?.message || e)
+      }
+    }
+
+    const hydrated = await this.hydrateSellerMetadataFromCredentials(env, {
+      accessToken,
+      sellerMerchantId,
+      sellerEmail,
+    })
+
+    return {
+      sellerMerchantId: hydrated.sellerMerchantId,
+      sellerEmail: hydrated.sellerEmail,
+    }
+  }
+
+  private async hydrateSellerMetadataFromCredentials(
+    env: Environment,
+    input: {
+      accessToken?: string
+      sellerMerchantId?: string | null
+      sellerEmail?: string | null
+      metadataCandidates?: any[]
+    }
+  ): Promise<{ sellerMerchantId: string | null; sellerEmail: string | null }> {
+    let sellerMerchantId = (input.sellerMerchantId || "").trim() || null
+    let sellerEmail = (input.sellerEmail || "").trim() || null
+
+    if (!sellerEmail && input.metadataCandidates?.length) {
+      sellerEmail = this.extractSellerEmail(...input.metadataCandidates)
+    }
+
+    if (sellerMerchantId && !sellerEmail) {
+      try {
+        const details = await this.fetchMerchantIntegrationDetails(env, sellerMerchantId, input.accessToken)
+        sellerEmail = this.extractSellerEmail(details)
+      } catch (e: any) {
+        console.warn("[PayPal] merchant integration lookup failed:", e?.message || e)
+      }
+    }
+
+    return { sellerMerchantId, sellerEmail }
+  }
+
   private async syncRowFieldsFromMetadata(row: any, env: Environment) {
     const c = this.getEnvCreds(row, env)
     await this.updatePayPalConnections({
@@ -633,8 +796,8 @@ class PayPalModuleService extends MedusaService({
       )
     }
 
-    const clientId = String(credJson.client_id || "")
-    const clientSecret = String(credJson.client_secret || "")
+    const clientId = String(credJson.client_id || credJson.clientId || "")
+    const clientSecret = String(credJson.client_secret || credJson.clientSecret || "")
     if (!clientId || !clientSecret) {
       throw new Error(
         `PayPal credentials response missing client_id/client_secret. Keys: ${Object.keys(credJson || {}).join(", ")}`
@@ -642,14 +805,17 @@ class PayPalModuleService extends MedusaService({
     }
 
     let sellerEmail = this.extractSellerEmail(credJson, tokenJson)
-    let sellerMerchantId = String(credJson.merchant_id || tokenJson.merchant_id || tokenJson.payer_id || "").trim() || null
+    let sellerMerchantId =
+      String(credJson.payer_id || credJson.merchant_id || tokenJson.payer_id || tokenJson.merchant_id || "").trim() ||
+      null
 
     if (!sellerEmail) {
       // Use all available merchant/payer ID candidates from the token and credential responses
       const merchantCandidates = [
+        String(credJson.payer_id || "").trim(),
         String(credJson.merchant_id || "").trim(),
-        String(tokenJson.merchant_id || "").trim(),
         String(tokenJson.payer_id || "").trim(),
+        String(tokenJson.merchant_id || "").trim(),
       ].filter(Boolean).filter((v, i, arr) => arr.indexOf(v) === i)
 
       for (const merchantId of merchantCandidates) {
@@ -675,44 +841,19 @@ class PayPalModuleService extends MedusaService({
       sellerEmail,
     })
 
-    // 5) Post-save email lookup via tracking_id (sharedId).
-    //    PayPal's partner list endpoint accepts tracking_id and returns the full
-    //    merchant record including primary_email — works even when merchant_id
-    //    and payer_id are absent from token/credential responses (common in sandbox).
-    if (!sellerEmail && input.sharedId) {
+    // 5) Post-save email lookup via merchant_id.
+    //    Some partner accounts do not have permission to query by tracking_id,
+    //    so we only rely on merchant integration detail lookup.
+    if (!sellerEmail && sellerMerchantId) {
       try {
         const appAccessToken = await this.getAppAccessToken()
-        const { onboarding: onboardingCfg } = await this.ensureSettingsDefaults()
-        const trackingRes = await fetch(
-          `${baseUrl}/v1/customer/partners/${encodeURIComponent(partnerMerchantId)}/merchant-integrations?tracking_id=${encodeURIComponent(input.sharedId)}`,
-          {
-            method: "GET",
-            headers: {
-              "Content-Type": "application/json",
-              Authorization: `Bearer ${appAccessToken}`,
-              ...(onboardingCfg.bn_code ? { "PayPal-Partner-Attribution-Id": onboardingCfg.bn_code } : {}),
-            },
-          }
-        )
-        if (trackingRes.ok) {
-          const trackingJson = await trackingRes.json().catch(() => ({}))
-          sellerEmail = this.extractSellerEmail(trackingJson)
-          const foundMerchantId = String(trackingJson.merchant_id || "").trim()
-          if (foundMerchantId) {
-            sellerMerchantId = sellerMerchantId || foundMerchantId
-          }
-          if (!sellerEmail && foundMerchantId) {
-            const details = await this.fetchMerchantIntegrationDetails(env, foundMerchantId, appAccessToken)
-            sellerEmail = this.extractSellerEmail(details)
-          }
-          if (sellerEmail || sellerMerchantId) {
-            await this.saveSellerCredentials({ clientId, clientSecret, sellerMerchantId, sellerEmail })
-          }
-        } else {
-          console.warn(`[PayPal] tracking_id lookup failed (${trackingRes.status})`)
+        const details = await this.fetchMerchantIntegrationDetails(env, sellerMerchantId, appAccessToken)
+        sellerEmail = this.extractSellerEmail(details)
+        if (sellerEmail) {
+          await this.saveSellerCredentials({ clientId, clientSecret, sellerMerchantId, sellerEmail })
         }
       } catch (e: any) {
-        console.warn("[PayPal] Post-save tracking_id email lookup failed:", e?.message || e)
+        console.warn("[PayPal] Post-save merchant_id email lookup failed:", e?.message || e)
       }
     }
 
@@ -724,16 +865,31 @@ class PayPalModuleService extends MedusaService({
     clientSecret: string
     sellerMerchantId?: string | null
     sellerEmail?: string | null
+    environment?: Environment
   }) {
     const row = await this.getCurrentRow()
-    const env = await this.getCurrentEnvironment()
+    const currentEnv = await this.getCurrentEnvironment()
+    const env = (input.environment || currentEnv) as Environment
 
     const encryptedSecret = this.maybeEncryptSecret(input.clientSecret)
+    const existingCreds = row ? this.getEnvCreds(row, env) : {}
+    const nextSellerMerchantId =
+      (input.sellerMerchantId || "").trim() || existingCreds.sellerMerchantId || row?.seller_merchant_id || null
+    const nextSellerEmail =
+      (input.sellerEmail || "").trim() || existingCreds.sellerEmail || row?.seller_email || null
+
     const nextCreds = {
       client_id: input.clientId,
+      clientId: input.clientId,
       client_secret: encryptedSecret,
-      seller_merchant_id: (input.sellerMerchantId || "").trim() || null,
-      seller_email: (input.sellerEmail || "").trim() || null,
+      clientSecret: encryptedSecret,
+      merchantId: nextSellerMerchantId,
+      merchant_id: nextSellerMerchantId,
+      payer_id: nextSellerMerchantId,
+      seller_merchant_id: nextSellerMerchantId,
+      sellerMerchantId: nextSellerMerchantId,
+      seller_email: nextSellerEmail,
+      sellerEmail: nextSellerEmail,
     }
 
     if (!row) {
@@ -742,8 +898,8 @@ class PayPalModuleService extends MedusaService({
         status: "connected",
         seller_client_id: input.clientId,
         seller_client_secret: encryptedSecret,
-        seller_merchant_id: nextCreds.seller_merchant_id,
-        seller_email: nextCreds.seller_email,
+        seller_merchant_id: nextSellerMerchantId,
+        seller_email: nextSellerEmail,
         app_access_token: null,
         app_access_token_expires_at: null,
         metadata: {
@@ -773,8 +929,8 @@ class PayPalModuleService extends MedusaService({
       status: "connected",
       seller_client_id: input.clientId,
       seller_client_secret: encryptedSecret,
-      seller_merchant_id: nextCreds.seller_merchant_id,
-      seller_email: nextCreds.seller_email,
+      seller_merchant_id: nextSellerMerchantId,
+      seller_email: nextSellerEmail,
       app_access_token: null,
       app_access_token_expires_at: null,
       metadata: {
@@ -791,6 +947,46 @@ class PayPalModuleService extends MedusaService({
     return updated
   }
 
+  async saveAndHydrateSellerCredentials(input: {
+    clientId: string
+    clientSecret: string
+    environment?: Environment
+  }) {
+    const env = (input.environment || (await this.getCurrentEnvironment())) as Environment
+
+    await this.saveSellerCredentials({
+      clientId: input.clientId,
+      clientSecret: input.clientSecret,
+      environment: env,
+    })
+
+    try {
+      const hydrated = await this.fetchSellerProfileFromDirectCredentials(env, {
+        clientId: input.clientId,
+        clientSecret: input.clientSecret,
+      })
+
+      if (hydrated.sellerEmail || hydrated.sellerMerchantId) {
+        await this.saveSellerCredentials({
+          clientId: input.clientId,
+          clientSecret: input.clientSecret,
+          sellerMerchantId: hydrated.sellerMerchantId,
+          sellerEmail: hydrated.sellerEmail,
+          environment: env,
+        })
+      }
+
+      const refreshedRow = await this.getCurrentRow()
+      if (refreshedRow) {
+        await this.syncRowFieldsFromMetadata(refreshedRow, env)
+      }
+    } catch (e: any) {
+      console.warn("[PayPal] saveAndHydrateSellerCredentials lookup failed:", e?.message || e)
+    }
+
+    return await this.getStatus(env)
+  }
+
   private async resolveWebhookUrl() {
     const { onboarding } = await this.ensureSettingsDefaults()
     const base = String(onboarding.backend_url || "").replace(/\/$/, "")
@@ -981,7 +1177,41 @@ class PayPalModuleService extends MedusaService({
 
     const c = this.getEnvCreds(row, env)
     const hasCreds = !!(c.clientId && c.clientSecret)
-    const sellerEmail: string | null = c.sellerEmail || row.seller_email || null
+    let sellerEmail: string | null = c.sellerEmail || row.seller_email || null
+    let sellerMerchantId: string | null = c.sellerMerchantId || row.seller_merchant_id || null
+    let decryptedSecret: string | null = null
+    if (c.clientSecret) {
+      try {
+        decryptedSecret = this.maybeDecryptSecret(c.clientSecret)
+      } catch (e: any) {
+        console.warn("[PayPal] Unable to decrypt seller client secret for status sync:", e?.message || e)
+      }
+    }
+
+    if (!sellerEmail && hasCreds) {
+      try {
+        const hydrated = await this.fetchSellerProfileFromDirectCredentials(env)
+        if (hydrated.sellerEmail || hydrated.sellerMerchantId) {
+          await this.saveSellerCredentials({
+            clientId: c.clientId!,
+            clientSecret: decryptedSecret || c.clientSecret!,
+            sellerMerchantId: hydrated.sellerMerchantId || sellerMerchantId,
+            sellerEmail: hydrated.sellerEmail || sellerEmail,
+            environment: env,
+          })
+
+          const refreshedRow = await this.getCurrentRow()
+          if (refreshedRow) {
+            const refreshedCreds = this.getEnvCreds(refreshedRow, env)
+            sellerEmail = refreshedCreds.sellerEmail || refreshedRow.seller_email || sellerEmail
+            sellerMerchantId =
+              refreshedCreds.sellerMerchantId || refreshedRow.seller_merchant_id || sellerMerchantId
+          }
+        }
+      } catch (e: any) {
+        console.warn("[PayPal] status direct credential lookup failed:", e?.message || e)
+      }
+    }
 
     return {
       environment: env,
@@ -991,6 +1221,7 @@ class PayPalModuleService extends MedusaService({
       seller_client_id_present: hasCreds,
       seller_client_id_masked: this.maskValue(c.clientId),
       seller_client_secret_masked: c.clientSecret ? "••••••••" : null,
+      seller_merchant_id: sellerMerchantId,
       seller_email: sellerEmail,
       updated_at: (row.updated_at as any)?.toISOString?.() ?? null,
     }