@equilateral_ai/mindmeld 3.0.0

package/src/handlers/stripe/subscriptionUpdatePut.js

@@ -0,0 +1,163 @@
+/**
+ * Subscription Update Handler
+ * Upgrades or downgrades subscription tier
+ *
+ * PUT /api/stripe/subscription/update
+ * Body: { newTier, billingPeriod }
+ * Auth: Cognito JWT required
+ */
+
+const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, getTierConfig, getStripePriceId } = require('./helpers');
+
+// Stripe is optional
+let stripe = null;
+try {
+    if (process.env.STRIPE_SECRET_KEY) {
+        stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
+    }
+} catch (e) {
+    console.warn('Stripe not available:', e.message);
+}
+
+/**
+ * Update subscription tier
+ */
+async function updateSubscription({ body: requestBody = {}, requestContext }) {
+    try {
+        const Request_ID = requestContext.requestId;
+        // REST API: requestContext.authorizer.claims.email
+        // HTTP API: requestContext.authorizer.jwt.claims.email
+        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
+
+        if (!email) {
+            return createErrorResponse(401, 'Authentication required');
+        }
+
+        const { newTier, billingPeriod = 'monthly' } = requestBody;
+
+        // Validate new tier
+        const newTierConfig = getTierConfig(newTier);
+        if (!newTierConfig || newTier === 'free') {
+            return createErrorResponse(400, 'Invalid tier. Use cancel endpoint for downgrade to free.', {
+                valid_tiers: ['team', 'professional', 'enterprise']
+            });
+        }
+
+        if (!stripe) {
+            return createErrorResponse(503, 'Payment system not configured');
+        }
+
+        // Get user's current subscription
+        const userQuery = `
+            SELECT
+                u.client_id,
+                c.stripe_customer_id,
+                c.subscription_tier,
+                c.subscription_status
+            FROM rapport.users u
+            JOIN rapport.clients c ON u.client_id = c.client_id
+            WHERE u.email_address = $1 AND u.active = true
+        `;
+        const userResult = await executeQuery(userQuery, [email]);
+
+        if (userResult.rowCount === 0) {
+            return createErrorResponse(404, 'User not found');
+        }
+
+        const user = userResult.rows[0];
+        const currentTierConfig = getTierConfig(user.subscription_tier);
+
+        if (!user.stripe_customer_id || user.subscription_status !== 'active') {
+            return createErrorResponse(400, 'No active subscription. Use create endpoint first.');
+        }
+
+        // Get active subscription from Stripe
+        const subscriptions = await stripe.subscriptions.list({
+            customer: user.stripe_customer_id,
+            status: 'active',
+            limit: 1
+        });
+
+        if (subscriptions.data.length === 0) {
+            return createErrorResponse(400, 'No active subscription found in Stripe');
+        }
+
+        const subscription = subscriptions.data[0];
+        const newPriceId = getStripePriceId(newTier, billingPeriod);
+
+        if (!newPriceId) {
+            return createErrorResponse(500, 'Price not configured for tier');
+        }
+
+        // Count users for per-seat pricing
+        const usageQuery = `
+            SELECT COUNT(*) as user_count
+            FROM rapport.user_entitlements
+            WHERE client_id = $1
+        `;
+        const usageResult = await executeQuery(usageQuery, [user.client_id]);
+        const userCount = parseInt(usageResult.rows[0].user_count) || 1;
+
+        // Determine if upgrade or downgrade
+        const isUpgrade = (newTierConfig.priceMonthly || 0) > (currentTierConfig?.priceMonthly || 0);
+
+        // Update subscription in Stripe
+        const updatedSubscription = await stripe.subscriptions.update(subscription.id, {
+            items: [{
+                id: subscription.items.data[0].id,
+                price: newPriceId,
+                quantity: newTierConfig.perUser ? userCount : 1
+            }],
+            proration_behavior: 'create_prorations',
+            metadata: {
+                client_id: user.client_id,
+                tier: newTier
+            }
+        });
+
+        // Update local database
+        await executeQuery(`
+            UPDATE rapport.clients
+            SET subscription_tier = $2,
+                last_updated = CURRENT_TIMESTAMP
+            WHERE client_id = $1
+        `, [user.client_id, newTier]);
+
+        // Calculate proration info
+        const currentPeriodEnd = new Date(subscription.current_period_end * 1000);
+        const daysRemaining = Math.ceil((currentPeriodEnd - new Date()) / (1000 * 60 * 60 * 24));
+
+        return createSuccessResponse(
+            {
+                Records: [{
+                    previous_tier: user.subscription_tier,
+                    new_tier: newTier,
+                    new_tier_name: newTierConfig.displayName,
+                    is_upgrade: isUpgrade,
+                    billing_period: billingPeriod,
+                    user_count: newTierConfig.perUser ? userCount : null,
+                    monthly_cost: newTierConfig.perUser
+                        ? newTierConfig.priceMonthly * userCount
+                        : newTierConfig.priceMonthly,
+                    proration: {
+                        applied: true,
+                        days_remaining: daysRemaining,
+                        current_period_end: currentPeriodEnd.toISOString()
+                    }
+                }]
+            },
+            isUpgrade ? 'Subscription upgraded' : 'Subscription changed',
+            {
+                Total_Records: 1,
+                Request_ID,
+                Timestamp: new Date().toISOString()
+            }
+        );
+
+    } catch (error) {
+        console.error('Handler Error:', error);
+        return handleError(error);
+    }
+}
+
+exports.handler = wrapHandler(updateSubscription);

package/src/handlers/stripe/webhookPost.js

@@ -0,0 +1,454 @@
+/**
+ * Stripe Webhook Handler
+ * Processes Stripe webhook events for subscription lifecycle
+ *
+ * POST /api/stripe/webhook
+ * Auth: Stripe signature verification (no Cognito)
+ *
+ * Following HoneyDo webhookPost.js pattern
+ */
+
+const { executeQuery } = require('./helpers');
+const crypto = require('crypto');
+
+// Stripe is optional
+let stripe = null;
+try {
+    if (process.env.STRIPE_SECRET_KEY) {
+        stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
+    }
+} catch (e) {
+    console.warn('Stripe not available:', e.message);
+}
+
+/**
+ * Verify Stripe webhook signature
+ * Uses timing-safe comparison to prevent timing attacks
+ */
+function verifySignature(payload, signature, secret) {
+    const parts = signature.split(',').reduce((acc, part) => {
+        const [key, value] = part.split('=');
+        acc[key] = value;
+        return acc;
+    }, {});
+
+    const timestamp = parts.t;
+    const expectedSig = parts.v1;
+
+    if (!timestamp || !expectedSig) {
+        return false;
+    }
+
+    // Check timestamp is within 5 minutes
+    const now = Math.floor(Date.now() / 1000);
+    if (Math.abs(now - parseInt(timestamp)) > 300) {
+        console.warn('Webhook timestamp too old');
+        return false;
+    }
+
+    // Compute expected signature
+    const signedPayload = `${timestamp}.${payload}`;
+    const computedSig = crypto
+        .createHmac('sha256', secret)
+        .update(signedPayload)
+        .digest('hex');
+
+    // Timing-safe comparison
+    try {
+        return crypto.timingSafeEqual(
+            Buffer.from(expectedSig),
+            Buffer.from(computedSig)
+        );
+    } catch {
+        return false;
+    }
+}
+
+/**
+ * Handle checkout.session.completed
+ * New subscription created
+ */
+async function handleCheckoutCompleted(session) {
+    const { client_id, tier, user_email, enterprise_package, seat_count, addons } = session.metadata || {};
+
+    if (!client_id) {
+        console.warn('Missing client_id in session metadata');
+        return;
+    }
+
+    // Parse enterprise metadata
+    const isEnterprise = tier === 'enterprise';
+    const seatCountNum = seat_count ? parseInt(seat_count, 10) : 1;
+    const addonsList = addons ? JSON.parse(addons) : [];
+
+    // Update client with subscription
+    if (isEnterprise) {
+        await executeQuery(`
+            UPDATE rapport.clients
+            SET stripe_customer_id = $2,
+                stripe_subscription_id = $3,
+                subscription_tier = 'enterprise',
+                subscription_status = 'active',
+                enterprise_package = $4,
+                seat_count = $5,
+                subscribed_addons = $6,
+                last_updated = CURRENT_TIMESTAMP
+            WHERE client_id = $1
+        `, [client_id, session.customer, session.subscription, enterprise_package, seatCountNum, JSON.stringify(addonsList)]);
+
+        // Create addon entitlements if any
+        if (addonsList.length > 0) {
+            for (const addonId of addonsList) {
+                await executeQuery(`
+                    INSERT INTO rapport.addon_entitlements (client_id, addon_id, seat_count, status)
+                    VALUES ($1, $2, $3, 'active')
+                    ON CONFLICT (client_id, addon_id) DO UPDATE SET
+                        seat_count = EXCLUDED.seat_count,
+                        status = 'active',
+                        updated_at = CURRENT_TIMESTAMP
+                `, [client_id, addonId, seatCountNum]);
+            }
+        }
+
+        console.log('Enterprise checkout completed:', { client_id, enterprise_package, seat_count: seatCountNum, addons: addonsList });
+    } else {
+        await executeQuery(`
+            UPDATE rapport.clients
+            SET stripe_customer_id = $2,
+                stripe_subscription_id = $3,
+                subscription_tier = $4,
+                subscription_status = 'active',
+                last_updated = CURRENT_TIMESTAMP
+            WHERE client_id = $1
+        `, [client_id, session.customer, session.subscription, tier || 'team']);
+
+        console.log('Checkout completed:', { client_id, tier, customer: session.customer });
+    }
+
+    // Update checkout session record
+    await executeQuery(`
+        UPDATE rapport.stripe_checkout_sessions
+        SET status = 'completed',
+            stripe_customer_id = $2,
+            stripe_subscription_id = $3,
+            completed_at = CURRENT_TIMESTAMP
+        WHERE session_id = $1
+    `, [session.id, session.customer, session.subscription]);
+}
+
+/**
+ * Handle customer.subscription.updated
+ * Subscription tier/status changed, seat count changed, addons changed
+ */
+async function handleSubscriptionUpdated(subscription) {
+    const { client_id, tier, enterprise_package, seat_count, addons } = subscription.metadata || {};
+
+    // Find client by customer ID if not in metadata
+    let clientId = client_id;
+    if (!clientId) {
+        const result = await executeQuery(`
+            SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
+        `, [subscription.customer]);
+
+        if (result.rowCount === 0) {
+            console.warn('Client not found for subscription update');
+            return;
+        }
+        clientId = result.rows[0].client_id;
+    }
+
+    // Parse enterprise metadata
+    const isEnterprise = tier === 'enterprise';
+    const seatCountNum = seat_count ? parseInt(seat_count, 10) : null;
+    const addonsList = addons ? JSON.parse(addons) : null;
+
+    // Build update query based on what changed
+    if (isEnterprise) {
+        // Calculate seat count from subscription items quantity
+        let calculatedSeats = seatCountNum;
+        if (!calculatedSeats && subscription.items?.data?.length > 0) {
+            // Each item quantity represents seat packs (1 pack = 25 seats)
+            const seatPacks = subscription.items.data[0].quantity || 1;
+            calculatedSeats = seatPacks * 25;
+        }
+
+        await executeQuery(`
+            UPDATE rapport.clients
+            SET subscription_status = $2,
+                subscription_tier = 'enterprise',
+                enterprise_package = COALESCE($3, enterprise_package),
+                seat_count = COALESCE($4, seat_count),
+                subscribed_addons = COALESCE($5, subscribed_addons),
+                stripe_subscription_id = $6,
+                last_updated = CURRENT_TIMESTAMP
+            WHERE client_id = $1
+        `, [
+            clientId,
+            subscription.status,
+            enterprise_package,
+            calculatedSeats,
+            addonsList ? JSON.stringify(addonsList) : null,
+            subscription.id
+        ]);
+
+        console.log('Enterprise subscription updated:', {
+            client_id: clientId,
+            status: subscription.status,
+            seat_count: calculatedSeats
+        });
+    } else {
+        await executeQuery(`
+            UPDATE rapport.clients
+            SET subscription_tier = COALESCE($2, subscription_tier),
+                subscription_status = $3,
+                stripe_subscription_id = $4,
+                last_updated = CURRENT_TIMESTAMP
+            WHERE client_id = $1
+        `, [clientId, tier, subscription.status, subscription.id]);
+
+        console.log('Subscription updated:', { client_id: clientId, status: subscription.status });
+    }
+}
+
+/**
+ * Handle customer.subscription.deleted
+ * Subscription canceled
+ */
+async function handleSubscriptionDeleted(subscription) {
+    // Find client by customer ID
+    const result = await executeQuery(`
+        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
+    `, [subscription.customer]);
+
+    if (result.rowCount === 0) {
+        console.warn('Client not found for subscription deletion');
+        return;
+    }
+
+    const clientId = result.rows[0].client_id;
+
+    await executeQuery(`
+        UPDATE rapport.clients
+        SET subscription_tier = 'free',
+            subscription_status = 'canceled',
+            subscription_ends_at = CURRENT_TIMESTAMP,
+            last_updated = CURRENT_TIMESTAMP
+        WHERE client_id = $1
+    `, [clientId]);
+
+    console.log('Subscription deleted, reverted to free:', { client_id: clientId });
+}
+
+/**
+ * Handle invoice.payment_succeeded
+ * Record successful payment
+ */
+async function handlePaymentSucceeded(invoice) {
+    // Find client by customer
+    const result = await executeQuery(`
+        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
+    `, [invoice.customer]);
+
+    if (result.rowCount === 0) {
+        console.warn('Client not found for payment');
+        return;
+    }
+
+    const clientId = result.rows[0].client_id;
+
+    await executeQuery(`
+        INSERT INTO rapport.payment_history (
+            stripe_invoice_id,
+            stripe_subscription_id,
+            client_id,
+            amount_cents,
+            currency,
+            status,
+            paid_at
+        )
+        VALUES ($1, $2, $3, $4, $5, 'succeeded', $6)
+        ON CONFLICT (stripe_invoice_id) DO UPDATE SET
+            status = 'succeeded',
+            paid_at = EXCLUDED.paid_at
+    `, [
+        invoice.id,
+        invoice.subscription,
+        clientId,
+        invoice.amount_paid,
+        invoice.currency,
+        new Date(invoice.status_transitions?.paid_at * 1000 || Date.now())
+    ]);
+
+    console.log('Payment succeeded:', { invoice: invoice.id, amount: invoice.amount_paid });
+}
+
+/**
+ * Handle invoice.payment_failed
+ * Record failed payment
+ */
+async function handlePaymentFailed(invoice) {
+    const result = await executeQuery(`
+        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
+    `, [invoice.customer]);
+
+    if (result.rowCount === 0) {
+        return;
+    }
+
+    const clientId = result.rows[0].client_id;
+
+    // Record failed payment
+    await executeQuery(`
+        INSERT INTO rapport.payment_history (
+            stripe_invoice_id,
+            stripe_subscription_id,
+            client_id,
+            amount_cents,
+            currency,
+            status,
+            failure_message
+        )
+        VALUES ($1, $2, $3, $4, $5, 'failed', $6)
+        ON CONFLICT (stripe_invoice_id) DO UPDATE SET
+            status = 'failed',
+            failure_message = EXCLUDED.failure_message
+    `, [
+        invoice.id,
+        invoice.subscription,
+        clientId,
+        invoice.amount_due,
+        invoice.currency,
+        invoice.last_finalization_error?.message || 'Payment failed'
+    ]);
+
+    // Update subscription status
+    await executeQuery(`
+        UPDATE rapport.clients
+        SET subscription_status = 'past_due',
+            last_updated = CURRENT_TIMESTAMP
+        WHERE client_id = $1
+    `, [clientId]);
+
+    console.log('Payment failed:', { invoice: invoice.id, client_id: clientId });
+}
+
+/**
+ * Main webhook handler
+ */
+async function handler(event, context) {
+    try {
+        const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+
+        if (!webhookSecret) {
+            console.error('STRIPE_WEBHOOK_SECRET not configured');
+            return {
+                statusCode: 500,
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ error: 'Webhook not configured' })
+            };
+        }
+
+        const signature = event.headers['stripe-signature'] || event.headers['Stripe-Signature'];
+        const payload = event.body;
+
+        if (!signature || !payload) {
+            return {
+                statusCode: 400,
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ error: 'Missing signature or payload' })
+            };
+        }
+
+        // Verify signature
+        if (!verifySignature(payload, signature, webhookSecret)) {
+            console.warn('Invalid webhook signature');
+            return {
+                statusCode: 400,
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ error: 'Invalid signature' })
+            };
+        }
+
+        const stripeEvent = JSON.parse(payload);
+
+        // Check for duplicate (idempotency)
+        const dupCheck = await executeQuery(`
+            SELECT event_id FROM rapport.stripe_webhook_events WHERE event_id = $1
+        `, [stripeEvent.id]);
+
+        if (dupCheck.rowCount > 0) {
+            console.log('Duplicate event, skipping:', stripeEvent.id);
+            return {
+                statusCode: 200,
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ received: true, duplicate: true })
+            };
+        }
+
+        // Record event before processing
+        await executeQuery(`
+            INSERT INTO rapport.stripe_webhook_events (event_id, event_type, handled)
+            VALUES ($1, $2, false)
+        `, [stripeEvent.id, stripeEvent.type]);
+
+        // Process by event type
+        try {
+            switch (stripeEvent.type) {
+                case 'checkout.session.completed':
+                    await handleCheckoutCompleted(stripeEvent.data.object);
+                    break;
+                case 'customer.subscription.updated':
+                    await handleSubscriptionUpdated(stripeEvent.data.object);
+                    break;
+                case 'customer.subscription.deleted':
+                    await handleSubscriptionDeleted(stripeEvent.data.object);
+                    break;
+                case 'invoice.payment_succeeded':
+                    await handlePaymentSucceeded(stripeEvent.data.object);
+                    break;
+                case 'invoice.payment_failed':
+                    await handlePaymentFailed(stripeEvent.data.object);
+                    break;
+                default:
+                    console.log('Unhandled event type:', stripeEvent.type);
+            }
+
+            // Mark as handled
+            await executeQuery(`
+                UPDATE rapport.stripe_webhook_events
+                SET handled = true, processed_at = CURRENT_TIMESTAMP
+                WHERE event_id = $1
+            `, [stripeEvent.id]);
+
+        } catch (processError) {
+            console.error('Error processing webhook:', processError);
+
+            // Record error
+            await executeQuery(`
+                UPDATE rapport.stripe_webhook_events
+                SET handled = false,
+                    error = $2,
+                    processed_at = CURRENT_TIMESTAMP
+                WHERE event_id = $1
+            `, [stripeEvent.id, processError.message]);
+
+            // Still return 200 to prevent Stripe retries for business logic errors
+        }
+
+        return {
+            statusCode: 200,
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ received: true })
+        };
+
+    } catch (error) {
+        console.error('Webhook handler error:', error);
+        return {
+            statusCode: 500,
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ error: 'Internal error' })
+        };
+    }
+}
+
+module.exports = { handler };