@easypayment/medusa-paypal 0.6.4 → 0.6.6

package/src/modules/paypal/service.ts

@@ -103,10 +103,6 @@ class PayPalModuleService extends MedusaService({
     return env === "live" ? onboarding.partner_merchant_id_live : onboarding.partner_merchant_id_sandbox
   }
 
-  /**
-   * We keep a single row in DB and store the currently selected environment there.
-   * If no row exists yet, default to live (production).
-   */
   private async getCurrentRow(): Promise<any | null> {
     const rows = await this.listPayPalConnections({})
     return rows?.[0] ?? null
@@ -185,10 +181,6 @@ class PayPalModuleService extends MedusaService({
           }
         }
 
-        // Fallback: traverse nested values so shapes like
-        // { email_address: { value: "seller@example.com" } }
-        // or { email: { address: "seller@example.com" } }
-        // are still detected.
         queue.push(...Object.values(obj))
       }
     }
@@ -406,18 +398,12 @@ class PayPalModuleService extends MedusaService({
     })
   }
 
-  /**
-   * Set environment based on admin UI selection (WooCommerce-style).
-   * Switching environment clears stored credentials and requires re-onboarding.
-   */
-
   async setEnvironment(env: Environment) {
     const nextEnv: Environment = env === "sandbox" ? "sandbox" : "live"
     const row = await this.getCurrentRow()
     const previousEnv = (row?.environment as Environment) || "live"
 
     if (!row) {
-      // Create a row with no credentials yet for either environment
       const created = await this.createPayPalConnections({
         environment: nextEnv,
         status: "disconnected",
@@ -438,7 +424,6 @@ class PayPalModuleService extends MedusaService({
       return created
     }
 
-    // Just switch the active environment (do NOT wipe other env credentials)
     await this.updatePayPalConnections({
       id: row.id,
       environment: nextEnv,
@@ -450,7 +435,6 @@ class PayPalModuleService extends MedusaService({
       },
     })
 
-    // Sync top-level fields/status for the active env so existing code keeps working
     const updated = await this.getCurrentRow()
     if (updated) {
       await this.syncRowFieldsFromMetadata(updated, nextEnv)
@@ -463,36 +447,18 @@ class PayPalModuleService extends MedusaService({
     return await this.getCurrentRow()
   }
 
-  /**
-   * ✅ WooCommerce-style signup link generation (your service returns PayPal partner-referrals JSON)
-   *
-   * - POST to your PHP service (WPG_ONBOARDING_URL)
-   * - Content-Type: application/x-www-form-urlencoded
-   * - fields: email, sandbox, return_url, return_url_description, products[], partner_merchant_id
-   *
-   * Response formats supported:
-   * 1) PayPal partner-referrals JSON: { links: [ { rel: "action_url", href: "..." }, ... ] }
-   * 2) Custom JSON: { onboarding_url: "..." }
-   * 3) Plain URL string
-   */
   async createOnboardingLink(input?: { email?: string; products?: string[] }) {
     const { onboarding } = await this.ensureSettingsDefaults()
     const return_url = `${String(onboarding.backend_url || "").replace(/\/$/, "")}/admin/paypal/onboard-complete`
     const env = await this.getCurrentEnvironment()
     const partner_merchant_id = await this.getPartnerMerchantId(env)
 
-    // Match WooCommerce behavior: prefer the current admin user email when available.
-    // If it's missing, continue without it (some services can infer or ignore the field).
     const email = (input?.email || "").trim()
 
     if (!partner_merchant_id) {
       throw new Error("Missing PAYPAL_PARTNER_MERCHANT_ID_* env for current environment")
     }
 
-    // NOTE:
-    // We intentionally avoid DB access here because Medusa v2 has a known issue where
-    // MedusaService-generated DB methods can throw 'fork' errors when called outside a transaction context.
-    // We store onboarding state later when the JS callback returns authCode/sharedId.
     const form = new URLSearchParams()
     if (email) {
       form.set("email", email)
@@ -504,10 +470,6 @@ class PayPalModuleService extends MedusaService({
 
     const products = input?.products?.length ? input.products : ["PPCP"]
 
-    // WooCommerce/wp_remote_request encodes PHP arrays like products[0]=PPCP.
-    // To maximize compatibility with your existing PHP bridge, we send BOTH:
-    // - products[0], products[1], ...
-    // - products[] (common PHP convention)
     products.forEach((p, i) => {
       form.append(`products[${i}]`, p)
       form.append("products[]", p)
@@ -526,7 +488,6 @@ class PayPalModuleService extends MedusaService({
 
     const trimmed = text.trim()
 
-    // plain URL
     if (trimmed.startsWith("http")) {
       return { onboarding_url: trimmed, return_url }
     }
@@ -538,22 +499,13 @@ class PayPalModuleService extends MedusaService({
       throw new Error(`Invalid onboarding link response (not JSON / URL): ${trimmed.slice(0, 200)}`)
     }
 
-    /**
-     * ✅ WooCommerce-style wrapper support
-     *
-     * Your PHP service (same as WooCommerce) often returns a wrapper like:
-     * { result, http_code, headers, body }
-     * where `body` is the actual PayPal partner-referrals JSON string.
-     */
     if (json?.body) {
       const inner = typeof json.body === "string" ? json.body.trim() : json.body
 
-      // body is a plain URL
       if (typeof inner === "string" && inner.startsWith("http")) {
         return { onboarding_url: inner, return_url }
       }
 
-      // body is JSON string/object
       try {
         json = typeof inner === "string" ? JSON.parse(inner) : inner
       } catch {
@@ -565,7 +517,6 @@ class PayPalModuleService extends MedusaService({
       }
     }
 
-    // Typical error shape: { name, message, debug_id, details: [...], links: [...] }
     if (json?.name && json?.message && (json?.debug_id || json?.details || json?.links)) {
       const debug = json.debug_id ? ` debug_id=${json.debug_id}` : ""
       const details = Array.isArray(json.details)
@@ -584,12 +535,10 @@ class PayPalModuleService extends MedusaService({
       throw new Error(`PayPal onboarding error: ${json.name}: ${json.message}.${debug}${details ? ` Details: ${details}` : ""}`)
     }
 
-    // custom json
     if (json?.onboarding_url && String(json.onboarding_url).startsWith("http")) {
       return { onboarding_url: String(json.onboarding_url), return_url }
     }
 
-    // PayPal partner-referrals format: links[] rel=action_url
     const links = Array.isArray(json?.links) ? json.links : null
     if (links) {
       const action = links.find(
@@ -611,7 +560,6 @@ class PayPalModuleService extends MedusaService({
     const env = await this.getCurrentEnvironment()
 
     if (row) {
-      // MedusaService-generated update methods expect an object that includes the entity id
       await this.updatePayPalConnections({ id: row.id, status: "pending" })
       return
     }
@@ -645,29 +593,16 @@ class PayPalModuleService extends MedusaService({
     })
   }
 
-  /**
-   * Exchange authCode/sharedId for seller API credentials (server-side) and save in DB.
-   *
-   * This calls an optional exchange service you control:
-   *   PAYPAL_EXCHANGE_SERVICE_URL or PAYPAL_PARTNER_EXCHANGE_URL
-   *
-   * Expected JSON response:
-   *   { clientId: string, clientSecret: string, merchantId?: string }
-   */
   async exchangeAndSaveSellerCredentials(input: {
     authCode: string
     sharedId: string
     env?: "sandbox" | "live"
   }) {
-    // 1) Persist callback (sharedId/authCode) first
     await this.saveOnboardCallback({ authCode: input.authCode, sharedId: input.sharedId })
 
-    // 2) Exchange authCode + sharedId (+ seller nonce) to get SELLER access token
     const env = (input.env || (await this.getCurrentEnvironment())) as Environment
     const baseUrl = env === "live" ? "https://api-m.paypal.com" : "https://api-m.sandbox.paypal.com"
 
-    // IMPORTANT: code_verifier MUST match the seller_nonce used when creating the onboarding link.
-    // In WooCommerce you use a fixed nonce() and it works, so we do the same here (no DB storage).
     const { onboarding } = await this.ensureSettingsDefaults()
     const sellerNonce = (onboarding.seller_nonce || "").trim()
     if (!sellerNonce) {
@@ -709,7 +644,6 @@ class PayPalModuleService extends MedusaService({
       throw new Error("PayPal token exchange succeeded but access_token is missing.")
     }
 
-    // 3) Use SELLER access token to fetch seller REST API credentials
     const partnerMerchantId = await this.getPartnerMerchantId(env)
     if (!partnerMerchantId) {
       throw new Error("Missing PayPal partner merchant id configuration.")
@@ -755,7 +689,6 @@ class PayPalModuleService extends MedusaService({
       null
 
     if (!sellerEmail) {
-      // Use all available merchant/payer ID candidates from the token and credential responses
       const merchantCandidates = [
         String(credJson.payer_id || "").trim(),
         String(credJson.merchant_id || "").trim(),
@@ -777,8 +710,6 @@ class PayPalModuleService extends MedusaService({
       }
     }
 
-    // 4) Save seller credentials (marks status = connected)
-    // We save FIRST so that getAppAccessToken() works for the post-save email lookup below
     await this.saveSellerCredentials({
       clientId,
       clientSecret,
@@ -786,9 +717,6 @@ class PayPalModuleService extends MedusaService({
       sellerEmail,
     })
 
-    // 5) Post-save email lookup via merchant_id.
-    //    Some partner accounts do not have permission to query by tracking_id,
-    //    so we only rely on merchant integration detail lookup.
     if (!sellerEmail && sellerMerchantId) {
       try {
         const appAccessToken = await this.getAppAccessToken()
@@ -801,10 +729,8 @@ class PayPalModuleService extends MedusaService({
         console.warn("[PayPal] Post-save merchant_id email lookup failed:", e?.message || e)
       }
     }
-
   }
 
-
   async saveSellerCredentials(input: {
     clientId: string
     clientSecret: string
@@ -1114,7 +1040,6 @@ class PayPalModuleService extends MedusaService({
 
     const meta = (row.metadata || {}) as any
     const creds = { ...(meta.credentials || {}) }
-    // Remove only the active environment credentials
     delete creds[env]
 
     const hasAnyCreds = Object.values(creds).some((v: any) => {
@@ -1188,12 +1113,6 @@ class PayPalModuleService extends MedusaService({
     return accessToken
   }
 
-  /**
-   * Generate a client token for PayPal JS SDK (required for CardFields/PaymentFields).
-   * This token is short-lived and safe to send to the browser.
-   *
-   * PayPal endpoint: POST /v1/identity/generate-token
-   */
   async generateClientToken(opts?: { locale?: string }): Promise<string> {
     const env = await this.getCurrentEnvironment()
     const baseUrl = env === "live" ? "https://api-m.paypal.com" : "https://api-m.sandbox.paypal.com"
@@ -1224,20 +1143,12 @@ class PayPalModuleService extends MedusaService({
     return token
   }
 
-  /**
-   * GLOBAL PayPal settings (single row)
-   */
   async getSettings() {
     const rows = await this.listPayPalSettings({})
     const row = rows?.[0]
     return { data: (row?.data || {}) as Record<string, any> }
   }
 
-  /**
-   * Deep-merge patch into current settings.
-   * Nested objects (additional_settings, api_details, etc.) are merged,
-   * not replaced.
-   */
   private deepMerge(
     target: Record<string, any>,
     source: Record<string, any>
@@ -1278,9 +1189,6 @@ class PayPalModuleService extends MedusaService({
     return { data: next }
   }
 
-  /**
-   * Active credentials based on selected environment in the single connection row.
-   */
   async getActiveCredentials() {
     const row = await this.getCurrentRow()
     const env = await this.getCurrentEnvironment()
@@ -1411,7 +1319,6 @@ class PayPalModuleService extends MedusaService({
     return null
   }
 
-
   async recordMetric(name: string, metadata?: Record<string, unknown>) {
     const existing = await this.listPayPalMetrics({ name })
     const row = existing?.[0]
@@ -1438,11 +1345,6 @@ class PayPalModuleService extends MedusaService({
   }
 
   async recordPaymentLog(eventType: string, metadata?: Record<string, unknown>) {
-    const payload = {
-      event_type: eventType,
-      metadata: metadata ?? {},
-      created_at: new Date().toISOString(),
-    }
     return await this.recordAuditEvent(`payment_${eventType}`, metadata)
   }