@easypayment/medusa-paypal 0.6.2 → 0.6.4

package/src/modules/paypal/service.ts

@@ -4,7 +4,6 @@ import PayPalMetric from "./models/paypal_metric"
 import PayPalSettings from "./models/paypal_settings"
 import PayPalWebhookEvent from "./models/paypal_webhook_event"
 import { getPayPalConfig } from "./types/config"
-import { decryptSecret, encryptSecret, isEncryptedSecret } from "./utils/crypto"
 import { normalizeCurrencyCode } from "./utils/currencies"
 
 type Environment = "sandbox" | "live"
@@ -99,59 +98,6 @@ class PayPalModuleService extends MedusaService({
     return (this.cfg.alertWebhookUrls || []).map((url) => url.trim()).filter(Boolean)
   }
 
-  private getEncryptionKey() {
-    return (this.cfg.credentialsEncryptionKey || "").trim()
-  }
-
-  private getDecryptionKeys() {
-    const current = this.getEncryptionKey()
-    const previous = this.cfg.credentialsEncryptionKeyPrevious || []
-    const keys = [current, ...previous].map((key) => (key || "").trim()).filter(Boolean)
-    return Array.from(new Set(keys))
-  }
-
-  private decryptSecretWithKeys(secret: string, keys: string[]) {
-    let lastError: unknown
-    for (const key of keys) {
-      try {
-        return decryptSecret(secret, key)
-      } catch (err) {
-        lastError = err
-      }
-    }
-    if (lastError) {
-      throw lastError
-    }
-    return secret
-  }
-
-  private maybeEncryptSecret(secret: string) {
-    const key = this.getEncryptionKey()
-    if (!key) {
-      return secret
-    }
-    return encryptSecret(secret, key)
-  }
-
-  private maybeDecryptSecret(secret?: string | null) {
-    if (!secret) {
-      return ""
-    }
-    const keys = this.getDecryptionKeys()
-    if (keys.length === 0) {
-      if (isEncryptedSecret(secret)) {
-        throw new Error(
-          "PayPal client secret is encrypted. Set PAYPAL_CREDENTIALS_ENCRYPTION_KEY to decrypt."
-        )
-      }
-      return secret
-    }
-    if (!isEncryptedSecret(secret)) {
-      return secret
-    }
-    return this.decryptSecretWithKeys(secret, keys)
-  }
-
   private async getPartnerMerchantId(env: Environment) {
     const { onboarding } = await this.ensureSettingsDefaults()
     return env === "live" ? onboarding.partner_merchant_id_live : onboarding.partner_merchant_id_sandbox
@@ -619,7 +565,6 @@ class PayPalModuleService extends MedusaService({
       }
     }
 
-    // ✅ If PayPal returned an error object, surface it clearly.
     // Typical error shape: { name, message, debug_id, details: [...], links: [...] }
     if (json?.name && json?.message && (json?.debug_id || json?.details || json?.links)) {
       const debug = json.debug_id ? ` debug_id=${json.debug_id}` : ""
@@ -871,7 +816,6 @@ class PayPalModuleService extends MedusaService({
     const currentEnv = await this.getCurrentEnvironment()
     const env = (input.environment || currentEnv) as Environment
 
-    const encryptedSecret = this.maybeEncryptSecret(input.clientSecret)
     const existingCreds = row ? this.getEnvCreds(row, env) : {}
     const nextSellerMerchantId =
       (input.sellerMerchantId || "").trim() || existingCreds.sellerMerchantId || row?.seller_merchant_id || null
@@ -881,8 +825,8 @@ class PayPalModuleService extends MedusaService({
     const nextCreds = {
       client_id: input.clientId,
       clientId: input.clientId,
-      client_secret: encryptedSecret,
-      clientSecret: encryptedSecret,
+      client_secret: input.clientSecret,
+      clientSecret: input.clientSecret,
       merchantId: nextSellerMerchantId,
       merchant_id: nextSellerMerchantId,
       payer_id: nextSellerMerchantId,
@@ -897,7 +841,7 @@ class PayPalModuleService extends MedusaService({
         environment: env,
         status: "connected",
         seller_client_id: input.clientId,
-        seller_client_secret: encryptedSecret,
+        seller_client_secret: input.clientSecret,
         seller_merchant_id: nextSellerMerchantId,
         seller_email: nextSellerEmail,
         app_access_token: null,
@@ -928,7 +872,7 @@ class PayPalModuleService extends MedusaService({
       id: row.id,
       status: "connected",
       seller_client_id: input.clientId,
-      seller_client_secret: encryptedSecret,
+      seller_client_secret: input.clientSecret,
       seller_merchant_id: nextSellerMerchantId,
       seller_email: nextSellerEmail,
       app_access_token: null,
@@ -1111,62 +1055,6 @@ class PayPalModuleService extends MedusaService({
     )}`
   }
 
-  async rotateCredentialEncryptionKey() {
-    const currentKey = this.getEncryptionKey()
-    if (!currentKey) {
-      throw new Error("PAYPAL_CREDENTIALS_ENCRYPTION_KEY must be set to rotate credentials.")
-    }
-
-    const row = await this.getCurrentRow()
-    if (!row) {
-      return { rotated: 0 }
-    }
-
-    const meta = (row.metadata || {}) as any
-    const credentials = { ...(meta.credentials || {}) }
-    let rotated = 0
-
-    for (const [env, envCreds] of Object.entries(credentials)) {
-      if (!envCreds || typeof envCreds !== "object") continue
-      const clientSecret = (envCreds as any).client_secret
-      if (!clientSecret) continue
-
-      const decrypted = this.maybeDecryptSecret(clientSecret)
-      const reEncrypted = this.maybeEncryptSecret(decrypted)
-      if (reEncrypted !== clientSecret) {
-        credentials[env] = {
-          ...(envCreds as any),
-          client_secret: reEncrypted,
-        }
-        rotated += 1
-      }
-    }
-
-    if (rotated === 0) {
-      return { rotated: 0 }
-    }
-
-    await this.updatePayPalConnections({
-      id: row.id,
-      metadata: {
-        ...(row.metadata || {}),
-        credentials,
-      },
-      seller_client_secret: credentials?.[row.environment as Environment]?.client_secret || null,
-    })
-
-    const updated = await this.getCurrentRow()
-    if (updated) {
-      await this.syncRowFieldsFromMetadata(updated, (updated.environment as Environment) || "live")
-    }
-
-    await this.recordAuditEvent("credentials_rotated", {
-      environments: Object.keys(credentials),
-    })
-
-    return { rotated }
-  }
-
   async getStatus(envOverride?: Environment) {
     const row = await this.getCurrentRow()
     const env = envOverride ?? (await this.getCurrentEnvironment())
@@ -1179,14 +1067,6 @@ class PayPalModuleService extends MedusaService({
     const hasCreds = !!(c.clientId && c.clientSecret)
     let sellerEmail: string | null = c.sellerEmail || row.seller_email || null
     let sellerMerchantId: string | null = c.sellerMerchantId || row.seller_merchant_id || null
-    let decryptedSecret: string | null = null
-    if (c.clientSecret) {
-      try {
-        decryptedSecret = this.maybeDecryptSecret(c.clientSecret)
-      } catch (e: any) {
-        console.warn("[PayPal] Unable to decrypt seller client secret for status sync:", e?.message || e)
-      }
-    }
 
     if (!sellerEmail && hasCreds) {
       try {
@@ -1194,7 +1074,7 @@ class PayPalModuleService extends MedusaService({
         if (hydrated.sellerEmail || hydrated.sellerMerchantId) {
           await this.saveSellerCredentials({
             clientId: c.clientId!,
-            clientSecret: decryptedSecret || c.clientSecret!,
+            clientSecret: c.clientSecret!,
             sellerMerchantId: hydrated.sellerMerchantId || sellerMerchantId,
             sellerEmail: hydrated.sellerEmail || sellerEmail,
             environment: env,
@@ -1410,7 +1290,7 @@ class PayPalModuleService extends MedusaService({
     }
 
     const c = this.getEnvCreds(row, env)
-    const clientSecret = this.maybeDecryptSecret(c.clientSecret)
+    const clientSecret = c.clientSecret || ""
 
     if (!c.clientId || !clientSecret) {
       throw new Error(
@@ -1563,7 +1443,6 @@ class PayPalModuleService extends MedusaService({
       metadata: metadata ?? {},
       created_at: new Date().toISOString(),
     }
-    console.info("[PayPal] payment_event", payload)
     return await this.recordAuditEvent(`payment_${eventType}`, metadata)
   }
 

package/src/modules/paypal/types/config.ts

@@ -1,47 +1,33 @@
-export type PayPalModuleConfig = {
-  partnerServiceUrl: string
-  partnerJsUrl: string
-  backendUrl: string
-  sellerNonce: string
-  bnCode?: string
-  partnerMerchantIdSandbox: string
-  partnerMerchantIdLive: string
-  credentialsEncryptionKey?: string
-  credentialsEncryptionKeyPrevious?: string[]
-  alertWebhookUrls?: string[]
-}
-
-const STATIC_CFG: PayPalModuleConfig = {
-  partnerServiceUrl: "https://mbjtechnolabs.com/ppcp-seller-onboarding/seller-onboarding.php",
-  partnerJsUrl: "https://www.paypal.com/webapps/merchantboarding/js/lib/lightbox/partner.js",
-  backendUrl: "http://localhost:9000",
-  sellerNonce: "a1233wtergfsdt4365tzrshgfbaewa36AGa1233wtergfsdt4365tzrshgfbaewa36AG",
-  bnCode: "",
-  partnerMerchantIdSandbox: "K6QLN2LPGQRHL",
-  partnerMerchantIdLive: "GT5R877JNBPLL",
-  credentialsEncryptionKey: "",
-  credentialsEncryptionKeyPrevious: [],
-  alertWebhookUrls: [],
-}
-
-export function getPayPalConfig(): PayPalModuleConfig {
-  const previousKeys = (process.env.PAYPAL_CREDENTIALS_ENCRYPTION_KEY_PREVIOUS || "")
-    .split(",")
-    .map((key) => key.trim())
-    .filter(Boolean)
-
-  return {
-    ...STATIC_CFG,
-    backendUrl: process.env.MEDUSA_BACKEND_URL || STATIC_CFG.backendUrl,
-    credentialsEncryptionKey:
-      process.env.PAYPAL_CREDENTIALS_ENCRYPTION_KEY ||
-      STATIC_CFG.credentialsEncryptionKey,
-    credentialsEncryptionKeyPrevious:
-      previousKeys.length > 0 ? previousKeys : STATIC_CFG.credentialsEncryptionKeyPrevious,
-    alertWebhookUrls:
-      (process.env.PAYPAL_ALERT_WEBHOOK_URLS || "")
-        .split(",")
-        .map((url) => url.trim())
-        .filter(Boolean) || STATIC_CFG.alertWebhookUrls,
-  }
-}
+export type PayPalModuleConfig = {
+  partnerServiceUrl: string
+  partnerJsUrl: string
+  backendUrl: string
+  sellerNonce: string
+  bnCode?: string
+  partnerMerchantIdSandbox: string
+  partnerMerchantIdLive: string
+  alertWebhookUrls?: string[]
+}
+
+const STATIC_CFG: PayPalModuleConfig = {
+  partnerServiceUrl: "https://mbjtechnolabs.com/ppcp-seller-onboarding/seller-onboarding.php",
+  partnerJsUrl: "https://www.paypal.com/webapps/merchantboarding/js/lib/lightbox/partner.js",
+  backendUrl: "http://localhost:9000",
+  sellerNonce: "a1233wtergfsdt4365tzrshgfbaewa36AGa1233wtergfsdt4365tzrshgfbaewa36AG",
+  bnCode: "",
+  partnerMerchantIdSandbox: "K6QLN2LPGQRHL",
+  partnerMerchantIdLive: "GT5R877JNBPLL",
+  alertWebhookUrls: [],
+}
+
+export function getPayPalConfig(): PayPalModuleConfig {
+  return {
+    ...STATIC_CFG,
+    backendUrl: process.env.MEDUSA_BACKEND_URL || STATIC_CFG.backendUrl,
+    alertWebhookUrls:
+      (process.env.PAYPAL_ALERT_WEBHOOK_URLS || "")
+        .split(",")
+        .map((url) => url.trim())
+        .filter(Boolean) || STATIC_CFG.alertWebhookUrls,
+  }
+}