npm - @easypayment/medusa-paypal - Versions diffs - 0.6.4 → 0.6.6 - Mend

@easypayment/medusa-paypal 0.6.4 → 0.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/src/api/store/paypal-complete/route.ts CHANGED Viewed

@@ -11,21 +11,6 @@ export async function POST(req: MedusaRequest, res: MedusaResponse) {
   }
   try {
-    const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
-    const settings = await paypal.getSettings().catch(() => ({}))
-    const settingsData =
-      settings && typeof settings === "object" && "data" in settings
-        ? ((settings as { data?: Record<string, any> }).data ?? {})
-        : {}
-    const additionalSettings = (settingsData.additional_settings || {}) as Record<string, any>
-    const paymentAction =
-      typeof additionalSettings.paymentAction === "string"
-        ? additionalSettings.paymentAction
-        : "capture"
-    const sessionStatus = paymentAction === "authorize" ? "authorized" : "captured"
-    const timestampKey = paymentAction === "authorize" ? "authorized_at" : "captured_at"
     const query = req.scope.resolve("query")
     const { data: carts } = await query.graph({
       entity: "cart",
@@ -33,6 +18,7 @@ export async function POST(req: MedusaRequest, res: MedusaResponse) {
         "id",
         "payment_collection.payment_sessions.id",
         "payment_collection.payment_sessions.data",
+        "payment_collection.payment_sessions.status",
         "payment_collection.payment_sessions.provider_id",
         "payment_collection.payment_sessions.created_at",
         "payment_collection.payment_sessions.amount",
@@ -53,18 +39,67 @@ export async function POST(req: MedusaRequest, res: MedusaResponse) {
       return res.status(400).json({ error: "No PayPal payment session found for cart" })
     }
+    // If already authorized or captured, nothing to do
+    const currentStatus = String(session.status || "")
+    if (currentStatus === "authorized" || currentStatus === "captured") {
+      console.info("[paypal-complete] session already in terminal status:", currentStatus)
+      return res.json({ success: true, session_id: session.id, status: currentStatus })
+    }
     const paymentModule = req.scope.resolve(Modules.PAYMENT) as IPaymentModuleService
-    await (paymentModule as any).updatePaymentSession({
-      id: session.id,
-      data: { ...(session.data || {}), [timestampKey]: new Date().toISOString() },
-      status: sessionStatus as any,
-      amount: session.amount,
-      currency_code: session.currency_code,
-    })
+    // Read LIVE session data from DB — gets the latest state written by capture-order
+    // (avoids overwriting authorization_id / capture_id that capture-order just saved)
+    const [liveSession] = await paymentModule.listPaymentSessions(
+      { id: [session.id] },
+      { take: 1 }
+    )
+    const liveData = (liveSession?.data || {}) as Record<string, any>
+    // Determine payment action from settings
+    const paypal = req.scope.resolve<PayPalModuleService>("paypal_onboarding")
+    const settings = await paypal.getSettings().catch(() => ({}))
+    const settingsData =
+      settings && typeof settings === "object" && "data" in settings
+        ? ((settings as { data?: Record<string, any> }).data ?? {})
+        : {}
+    const additionalSettings = (settingsData.additional_settings || {}) as Record<string, any>
+    const paymentAction =
+      typeof additionalSettings.paymentAction === "string"
+        ? additionalSettings.paymentAction
+        : "capture"
+    const timestampKey = paymentAction === "authorize" ? "authorized_at" : "captured_at"
+    // Only write timestamp if not already present — avoids overwriting capture-order's data
+    if (!liveData[timestampKey]) {
+      await (paymentModule as any).updatePaymentSession({
+        id: session.id,
+        data: {
+          ...liveData,
+          [timestampKey]: new Date().toISOString(),
+        },
+        amount: liveSession?.amount ?? session.amount,
+        currency_code: liveSession?.currency_code ?? session.currency_code,
+      })
+    }
+    // Trigger Medusa's payment state machine — the only correct way to move
+    // a session from "pending" → "authorized".
+    // Calls the provider's authorizePayment() which checks for
+    // authorization_id / authorized_at in data and returns status: "authorized".
+    try {
+      await (paymentModule as any).authorizePaymentSession(session.id, {})
+      console.info("[paypal-complete] authorizePaymentSession succeeded for session", session.id)
+    } catch (e: any) {
+      // Throws if session is already authorized/captured — that's expected and fine
+      console.warn("[paypal-complete] authorizePaymentSession non-fatal:", e?.message)
+    }
     return res.json({ success: true, session_id: session.id })
   } catch (e: any) {
     console.error("[paypal-complete] error:", e?.message || e)
     return res.status(500).json({ error: e?.message || "Internal error" })
   }
-}
+}