npm - @easypayment/medusa-paypal - Versions diffs - 0.6.3 → 0.6.5 - Mend

@easypayment/medusa-paypal 0.6.3 → 0.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/src/api/store/paypal-complete/route.ts CHANGED Viewed

@@ -1,76 +1,105 @@
-import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
-import type { IPaymentModuleService } from "@medusajs/framework/types"
-import { Modules } from "@medusajs/framework/utils"
-import type PayPalModuleService from "../../../modules/paypal/service"
-export async function POST(req: MedusaRequest, res: MedusaResponse) {
-  const { cart_id } = req.body as { cart_id: string }
-  if (!cart_id) {
-    return res.status(400).json({ error: "cart_id is required" })
-  }
-  try {
-    // Step 1 — read paymentAction from DB settings (same pattern as capture-order)
-    const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-    const settings = await paypal.getSettings().catch(() => ({}))
-    const settingsData =
-      settings && typeof settings === "object" && "data" in settings
-        ? ((settings as { data?: Record<string, any> }).data ?? {})
-        : {}
-    const additionalSettings = (settingsData.additional_settings || {}) as Record<string, any>
-    const paymentAction =
-      typeof additionalSettings.paymentAction === "string"
-        ? additionalSettings.paymentAction
-        : "capture"
-    // "authorize" mode → session status = "authorized"
-    // "capture" mode  → session status = "captured"
-    const sessionStatus = paymentAction === "authorize" ? "authorized" : "captured"
-    const timestampKey = paymentAction === "authorize" ? "authorized_at" : "captured_at"
-    // Step 2 — find the PayPal session for this cart
-    const query = req.scope.resolve("query")
-    const { data: carts } = await query.graph({
-      entity: "cart",
-      fields: [
-        "id",
-        "payment_collection.payment_sessions.id",
-        "payment_collection.payment_sessions.data",
-        "payment_collection.payment_sessions.provider_id",
-        "payment_collection.payment_sessions.created_at",
-        "payment_collection.payment_sessions.amount",
-        "payment_collection.payment_sessions.currency_code",
-      ],
-      filters: { id: cart_id },
-    })
-    const sessions = carts?.[0]?.payment_collection?.payment_sessions || []
-    const session = sessions
-      .filter((s: any) => String(s.provider_id || "").includes("paypal"))
-      .sort(
-        (a: any, b: any) =>
-          new Date(b.created_at || 0).getTime() - new Date(a.created_at || 0).getTime()
-      )[0]
-    if (!session) {
-      return res.status(400).json({ error: "No PayPal payment session found for cart" })
-    }
-    // Step 3 — update session with correct status + amount
-    const paymentModule = req.scope.resolve(Modules.PAYMENT) as IPaymentModuleService
-    await (paymentModule as any).updatePaymentSession({
-      id: session.id,
-      data: { ...(session.data || {}), [timestampKey]: new Date().toISOString() },
-      status: sessionStatus as any,
-      amount: session.amount,
-      currency_code: session.currency_code,
-    })
-    console.log(`[paypal-complete] session ${sessionStatus}:`, session.id)
-    return res.json({ success: true, session_id: session.id })
-  } catch (e: any) {
-    console.error("[paypal-complete] error:", e?.message || e)
-    return res.status(500).json({ error: e?.message || "Internal error" })
-  }
-}
+import type { MedusaRequest, MedusaResponse } from "@medusajs/framework/http"
+import type { IPaymentModuleService } from "@medusajs/framework/types"
+import { Modules } from "@medusajs/framework/utils"
+import type PayPalModuleService from "../../../modules/paypal/service"
+export async function POST(req: MedusaRequest, res: MedusaResponse) {
+  const { cart_id } = req.body as { cart_id: string }
+  if (!cart_id) {
+    return res.status(400).json({ error: "cart_id is required" })
+  }
+  try {
+    const query = req.scope.resolve("query")
+    const { data: carts } = await query.graph({
+      entity: "cart",
+      fields: [
+        "id",
+        "payment_collection.payment_sessions.id",
+        "payment_collection.payment_sessions.data",
+        "payment_collection.payment_sessions.status",
+        "payment_collection.payment_sessions.provider_id",
+        "payment_collection.payment_sessions.created_at",
+        "payment_collection.payment_sessions.amount",
+        "payment_collection.payment_sessions.currency_code",
+      ],
+      filters: { id: cart_id },
+    })
+    const sessions = carts?.[0]?.payment_collection?.payment_sessions || []
+    const session = sessions
+      .filter((s: any) => String(s.provider_id || "").includes("paypal"))
+      .sort(
+        (a: any, b: any) =>
+          new Date(b.created_at || 0).getTime() - new Date(a.created_at || 0).getTime()
+      )[0]
+    if (!session) {
+      return res.status(400).json({ error: "No PayPal payment session found for cart" })
+    }
+    // If already authorized or captured, nothing to do
+    const currentStatus = String(session.status || "")
+    if (currentStatus === "authorized" || currentStatus === "captured") {
+      console.info("[paypal-complete] session already in terminal status:", currentStatus)
+      return res.json({ success: true, session_id: session.id, status: currentStatus })
+    }
+    const paymentModule = req.scope.resolve(Modules.PAYMENT) as IPaymentModuleService
+    // Read LIVE session data from DB — gets the latest state written by capture-order
+    // (avoids overwriting authorization_id / capture_id that capture-order just saved)
+    const [liveSession] = await paymentModule.listPaymentSessions(
+      { id: [session.id] },
+      { take: 1 }
+    )
+    const liveData = (liveSession?.data || {}) as Record<string, any>
+    // Determine payment action from settings
+    const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const settingsData =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as { data?: Record<string, any> }).data ?? {})
+        : {}
+    const additionalSettings = (settingsData.additional_settings || {}) as Record<string, any>
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
+    const timestampKey = paymentAction === "authorize" ? "authorized_at" : "captured_at"
+    // Only write timestamp if not already present — avoids overwriting capture-order's data
+    if (!liveData[timestampKey]) {
+      await (paymentModule as any).updatePaymentSession({
+        id: session.id,
+        data: {
+          ...liveData,
+          [timestampKey]: new Date().toISOString(),
+        },
+        amount: liveSession?.amount ?? session.amount,
+        currency_code: liveSession?.currency_code ?? session.currency_code,
+      })
+    }
+    // Trigger Medusa's payment state machine — the only correct way to move
+    // a session from "pending" → "authorized".
+    // Calls the provider's authorizePayment() which checks for
+    // authorization_id / authorized_at in data and returns status: "authorized".
+    try {
+      await (paymentModule as any).authorizePaymentSession(session.id, {})
+      console.info("[paypal-complete] authorizePaymentSession succeeded for session", session.id)
+    } catch (e: any) {
+      // Throws if session is already authorized/captured — that's expected and fine
+      console.warn("[paypal-complete] authorizePaymentSession non-fatal:", e?.message)
+    }
+    return res.json({ success: true, session_id: session.id })
+  } catch (e: any) {
+    console.error("[paypal-complete] error:", e?.message || e)
+    return res.status(500).json({ error: e?.message || "Internal error" })
+  }
+}

package/src/jobs/paypal-webhook-retry.ts CHANGED Viewed

@@ -1,85 +1,149 @@
-import type { MedusaContainer } from "@medusajs/framework/types"
-import type PayPalModuleService from "../modules/paypal/service"
-import {
-  computeNextRetryAt,
-  isAllowedEventType,
-  processPayPalWebhookEvent,
-} from "../modules/paypal/webhook-processor"
-const MAX_WEBHOOK_ATTEMPTS = 5
-export default async function paypalWebhookRetry(container: MedusaContainer) {
-  const paypal = container.resolve<PayPalModuleService>("paypal_onboarding")
-  const now = Date.now()
-  const candidates = await paypal.listPayPalWebhookEvents({ status: "failed" })
-  for (const event of candidates || []) {
-    const nextRetryAt = event?.next_retry_at ? new Date(event.next_retry_at).getTime() : null
-    if (!nextRetryAt || nextRetryAt > now) {
-      continue
-    }
-    const attemptCount = Number(event.attempt_count || 0) + 1
-    if (attemptCount > MAX_WEBHOOK_ATTEMPTS) {
-      continue
-    }
-    await paypal.updateWebhookEventRecord({
-      id: event.id,
-      status: "processing",
-      attempt_count: attemptCount,
-      next_retry_at: null,
-      last_error: null,
-    })
-    try {
-      const eventType = String(event.event_type || "")
-      if (!isAllowedEventType(eventType)) {
-        await paypal.updateWebhookEventRecord({
-          id: event.id,
-          status: "ignored",
-          processed_at: new Date(),
-        })
-        continue
-      }
-      const payload = (event.payload || {}) as Record<string, any>
-      const processed = await processPayPalWebhookEvent(container, {
-        eventType,
-        payload,
-      })
-      await paypal.updateWebhookEventRecord({
-        id: event.id,
-        status: "processed",
-        processed_at: new Date(),
-        resource_id: processed.refundId || processed.captureId || processed.orderId || null,
-      })
-      try {
-        await paypal.recordMetric("webhook_retry_success")
-      } catch {
-        // ignore metrics failures
-      }
-    } catch (error: any) {
-      const nextRetry = attemptCount >= MAX_WEBHOOK_ATTEMPTS ? null : computeNextRetryAt(attemptCount)
-      await paypal.updateWebhookEventRecord({
-        id: event.id,
-        status: "failed",
-        attempt_count: attemptCount,
-        next_retry_at: nextRetry,
-        last_error: error?.message || String(error),
-      })
-      try {
-        await paypal.recordMetric("webhook_retry_failed")
-      } catch {
-        // ignore metrics failures
-      }
-      console.error("[PayPal] webhook retry error", error)
-    }
-  }
-}
-export const config = {
-  name: "paypal-webhook-retry",
-  schedule: "*/10 * * * *",
-}
+import type { MedusaContainer } from "@medusajs/framework/types"
+import type PayPalModuleService from "../modules/paypal/service"
+import {
+  computeNextRetryAt,
+  isAllowedEventType,
+  isRetryableError,
+  MAX_WEBHOOK_ATTEMPTS,
+  processPayPalWebhookEvent,
+} from "../modules/paypal/webhook-processor"
+export default async function paypalWebhookRetry(container: MedusaContainer) {
+  const paypal = container.resolve<PayPalModuleService>("paypal_onboarding")
+  const now = Date.now()
+  const candidates = await paypal.listPayPalWebhookEvents({ status: "failed" })
+  if (!candidates?.length) return
+  console.info(
+    `[PayPal] webhook-retry: evaluating ${candidates.length} failed event(s)`
+  )
+  for (const event of candidates) {
+    const nextRetryAt = event?.next_retry_at
+      ? new Date(event.next_retry_at).getTime()
+      : null
+    if (!nextRetryAt || nextRetryAt > now) continue
+    const attemptCount = Number(event.attempt_count || 0)
+    if (attemptCount >= MAX_WEBHOOK_ATTEMPTS) {
+      await paypal
+        .updateWebhookEventRecord({
+          id: event.id,
+          status: "dead_letter",
+          next_retry_at: null,
+          last_error: `Exceeded max attempts (${MAX_WEBHOOK_ATTEMPTS})`,
+        })
+        .catch(() => {})
+      console.warn("[PayPal] webhook-retry: dead-lettered (max attempts)", {
+        id: event.id,
+        event_type: event.event_type,
+        attempts: attemptCount,
+      })
+      await paypal.recordMetric("webhook_dead_letter").catch(() => {})
+      continue
+    }
+    await paypal
+      .updateWebhookEventRecord({
+        id: event.id,
+        status: "processing",
+        attempt_count: attemptCount + 1,
+        next_retry_at: null,
+        last_error: null,
+      })
+      .catch(() => {})
+    const eventType = String(event.event_type || "")
+    if (!isAllowedEventType(eventType)) {
+      await paypal
+        .updateWebhookEventRecord({
+          id: event.id,
+          status: "ignored",
+          processed_at: new Date(),
+        })
+        .catch(() => {})
+      console.info("[PayPal] webhook-retry: ignored unsupported event type", {
+        id: event.id,
+        event_type: eventType,
+      })
+      continue
+    }
+    try {
+      const payload = (event.payload || {}) as Record<string, any>
+      const processed = await processPayPalWebhookEvent(container, { eventType, payload })
+      await paypal
+        .updateWebhookEventRecord({
+          id: event.id,
+          status: "processed",
+          processed_at: new Date(),
+          resource_id:
+            processed.refundId || processed.captureId || processed.orderId || null,
+        })
+        .catch(() => {})
+      console.info("[PayPal] webhook-retry: processed successfully", {
+        id: event.id,
+        event_type: eventType,
+        attempt: attemptCount + 1,
+        order_id: processed.orderId,
+        capture_id: processed.captureId,
+        cart_id: processed.cartId,
+        session_updated: processed.sessionUpdated,
+      })
+      await paypal.recordMetric("webhook_retry_success").catch(() => {})
+    } catch (error: any) {
+      const retryable = isRetryableError(error)
+      const nextAttempt = attemptCount + 1
+      if (!retryable || nextAttempt >= MAX_WEBHOOK_ATTEMPTS) {
+        await paypal
+          .updateWebhookEventRecord({
+            id: event.id,
+            status: "dead_letter",
+            attempt_count: nextAttempt,
+            next_retry_at: null,
+            last_error: error?.message || String(error),
+          })
+          .catch(() => {})
+        console.error("[PayPal] webhook-retry: dead-lettered after error", {
+          id: event.id,
+          event_type: eventType,
+          attempt: nextAttempt,
+          retryable,
+          error: error?.message,
+        })
+        await paypal.recordMetric("webhook_dead_letter").catch(() => {})
+      } else {
+        const nextRetry = computeNextRetryAt(nextAttempt)
+        await paypal
+          .updateWebhookEventRecord({
+            id: event.id,
+            status: "failed",
+            attempt_count: nextAttempt,
+            next_retry_at: nextRetry,
+            last_error: error?.message || String(error),
+          })
+          .catch(() => {})
+        console.warn("[PayPal] webhook-retry: scheduled retry", {
+          id: event.id,
+          event_type: eventType,
+          attempt: nextAttempt,
+          next_retry_at: nextRetry?.toISOString(),
+          error: error?.message,
+        })
+        await paypal.recordMetric("webhook_retry_failed").catch(() => {})
+      }
+    }
+  }
+}
+export const config = {
+  name: "paypal-webhook-retry",
+  schedule: "*/10 * * * *",
+}

package/src/modules/paypal/migrations/20270201000000_add_webhook_dead_letter.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { Migration } from "@medusajs/framework/mikro-orm/migrations"
+export class Migration20270201000000 extends Migration {
+  async up(): Promise<void> {
+    this.addSql(`
+      CREATE INDEX IF NOT EXISTS "idx_paypal_webhook_event_status_retry"
+        ON "paypal_webhook_event" ("status", "next_retry_at")
+        WHERE "status" = 'failed';
+    `)
+  }
+  async down(): Promise<void> {
+    this.addSql(`
+      DROP INDEX IF EXISTS "idx_paypal_webhook_event_status_retry";
+    `)
+  }
+}