@equilateral_ai/mindmeld 3.5.2 → 4.0.1

package/src/handlers/stripe/subscriptionUpdatePut.js

@@ -1,163 +0,0 @@
-/**
- * Subscription Update Handler
- * Upgrades or downgrades subscription tier
- *
- * PUT /api/stripe/subscription/update
- * Body: { newTier, billingPeriod }
- * Auth: Cognito JWT required
- */
-
-const { wrapHandler, executeQuery, createSuccessResponse, createErrorResponse, handleError, getTierConfig, getStripePriceId } = require('./helpers');
-
-// Stripe is optional
-let stripe = null;
-try {
-    if (process.env.STRIPE_SECRET_KEY) {
-        stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
-    }
-} catch (e) {
-    console.warn('Stripe not available:', e.message);
-}
-
-/**
- * Update subscription tier
- */
-async function updateSubscription({ body: requestBody = {}, requestContext }) {
-    try {
-        const Request_ID = requestContext.requestId;
-        // REST API: requestContext.authorizer.claims.email
-        // HTTP API: requestContext.authorizer.jwt.claims.email
-        const email = requestContext.authorizer?.claims?.email || requestContext.authorizer?.jwt?.claims?.email;
-
-        if (!email) {
-            return createErrorResponse(401, 'Authentication required');
-        }
-
-        const { newTier, billingPeriod = 'monthly' } = requestBody;
-
-        // Validate new tier
-        const newTierConfig = getTierConfig(newTier);
-        if (!newTierConfig || newTier === 'free') {
-            return createErrorResponse(400, 'Invalid tier. Use cancel endpoint for downgrade to free.', {
-                valid_tiers: ['team', 'professional', 'enterprise']
-            });
-        }
-
-        if (!stripe) {
-            return createErrorResponse(503, 'Payment system not configured');
-        }
-
-        // Get user's current subscription
-        const userQuery = `
-            SELECT
-                u.client_id,
-                c.stripe_customer_id,
-                c.subscription_tier,
-                c.subscription_status
-            FROM rapport.users u
-            JOIN rapport.clients c ON u.client_id = c.client_id
-            WHERE u.email_address = $1 AND u.active = true
-        `;
-        const userResult = await executeQuery(userQuery, [email]);
-
-        if (userResult.rowCount === 0) {
-            return createErrorResponse(404, 'User not found');
-        }
-
-        const user = userResult.rows[0];
-        const currentTierConfig = getTierConfig(user.subscription_tier);
-
-        if (!user.stripe_customer_id || user.subscription_status !== 'active') {
-            return createErrorResponse(400, 'No active subscription. Use create endpoint first.');
-        }
-
-        // Get active subscription from Stripe
-        const subscriptions = await stripe.subscriptions.list({
-            customer: user.stripe_customer_id,
-            status: 'active',
-            limit: 1
-        });
-
-        if (subscriptions.data.length === 0) {
-            return createErrorResponse(400, 'No active subscription found in Stripe');
-        }
-
-        const subscription = subscriptions.data[0];
-        const newPriceId = getStripePriceId(newTier, billingPeriod);
-
-        if (!newPriceId) {
-            return createErrorResponse(500, 'Price not configured for tier');
-        }
-
-        // Count users for per-seat pricing
-        const usageQuery = `
-            SELECT COUNT(*) as user_count
-            FROM rapport.user_entitlements
-            WHERE client_id = $1
-        `;
-        const usageResult = await executeQuery(usageQuery, [user.client_id]);
-        const userCount = parseInt(usageResult.rows[0].user_count) || 1;
-
-        // Determine if upgrade or downgrade
-        const isUpgrade = (newTierConfig.priceMonthly || 0) > (currentTierConfig?.priceMonthly || 0);
-
-        // Update subscription in Stripe
-        const updatedSubscription = await stripe.subscriptions.update(subscription.id, {
-            items: [{
-                id: subscription.items.data[0].id,
-                price: newPriceId,
-                quantity: newTierConfig.perUser ? userCount : 1
-            }],
-            proration_behavior: 'create_prorations',
-            metadata: {
-                client_id: user.client_id,
-                tier: newTier
-            }
-        });
-
-        // Update local database
-        await executeQuery(`
-            UPDATE rapport.clients
-            SET subscription_tier = $2,
-                last_updated = CURRENT_TIMESTAMP
-            WHERE client_id = $1
-        `, [user.client_id, newTier]);
-
-        // Calculate proration info
-        const currentPeriodEnd = new Date(subscription.current_period_end * 1000);
-        const daysRemaining = Math.ceil((currentPeriodEnd - new Date()) / (1000 * 60 * 60 * 24));
-
-        return createSuccessResponse(
-            {
-                Records: [{
-                    previous_tier: user.subscription_tier,
-                    new_tier: newTier,
-                    new_tier_name: newTierConfig.displayName,
-                    is_upgrade: isUpgrade,
-                    billing_period: billingPeriod,
-                    user_count: newTierConfig.perUser ? userCount : null,
-                    monthly_cost: newTierConfig.perUser
-                        ? newTierConfig.priceMonthly * userCount
-                        : newTierConfig.priceMonthly,
-                    proration: {
-                        applied: true,
-                        days_remaining: daysRemaining,
-                        current_period_end: currentPeriodEnd.toISOString()
-                    }
-                }]
-            },
-            isUpgrade ? 'Subscription upgraded' : 'Subscription changed',
-            {
-                Total_Records: 1,
-                Request_ID,
-                Timestamp: new Date().toISOString()
-            }
-        );
-
-    } catch (error) {
-        console.error('Handler Error:', error);
-        return handleError(error);
-    }
-}
-
-exports.handler = wrapHandler(updateSubscription);

package/src/handlers/stripe/webhookPost.js

@@ -1,482 +0,0 @@
-/**
- * Stripe Webhook Handler
- * Processes Stripe webhook events for subscription lifecycle
- *
- * POST /api/stripe/webhook
- * Auth: Stripe signature verification (no Cognito)
- *
- * Following HoneyDo webhookPost.js pattern
- */
-
-const { executeQuery } = require('./helpers');
-const crypto = require('crypto');
-
-// Stripe is optional
-let stripe = null;
-try {
-    if (process.env.STRIPE_SECRET_KEY) {
-        stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
-    }
-} catch (e) {
-    console.warn('Stripe not available:', e.message);
-}
-
-/**
- * Verify Stripe webhook signature
- * Uses timing-safe comparison to prevent timing attacks
- */
-function verifySignature(payload, signature, secret) {
-    const parts = signature.split(',').reduce((acc, part) => {
-        const [key, value] = part.split('=');
-        acc[key] = value;
-        return acc;
-    }, {});
-
-    const timestamp = parts.t;
-    const expectedSig = parts.v1;
-
-    if (!timestamp || !expectedSig) {
-        return false;
-    }
-
-    // Check timestamp is within 5 minutes
-    const now = Math.floor(Date.now() / 1000);
-    if (Math.abs(now - parseInt(timestamp)) > 300) {
-        console.warn('Webhook timestamp too old');
-        return false;
-    }
-
-    // Compute expected signature
-    const signedPayload = `${timestamp}.${payload}`;
-    const computedSig = crypto
-        .createHmac('sha256', secret)
-        .update(signedPayload)
-        .digest('hex');
-
-    // Timing-safe comparison
-    try {
-        return crypto.timingSafeEqual(
-            Buffer.from(expectedSig),
-            Buffer.from(computedSig)
-        );
-    } catch {
-        return false;
-    }
-}
-
-/**
- * Handle checkout.session.completed
- * New subscription created
- */
-async function handleCheckoutCompleted(session) {
-    const { client_id, tier, user_email, enterprise_package, seat_count, addons } = session.metadata || {};
-
-    if (!client_id) {
-        console.error('[webhookPost] CRITICAL: Missing client_id in checkout session metadata — subscription will not activate');
-        throw new Error('Missing client_id in checkout session metadata');
-    }
-
-    // Parse enterprise metadata
-    const isEnterprise = tier === 'enterprise';
-    const seatCountNum = seat_count ? parseInt(seat_count, 10) : 1;
-    let addonsList = [];
-    if (addons) {
-        try { addonsList = JSON.parse(addons); }
-        catch { console.warn('Failed to parse addons metadata:', addons); }
-    }
-
-    // Update client with subscription
-    if (isEnterprise) {
-        const updateResult = await executeQuery(`
-            UPDATE rapport.clients
-            SET stripe_customer_id = $2,
-                stripe_subscription_id = $3,
-                subscription_tier = 'enterprise',
-                subscription_status = 'active',
-                enterprise_package = $4,
-                seat_count = $5,
-                subscribed_addons = $6,
-                last_updated = CURRENT_TIMESTAMP
-            WHERE client_id = $1
-        `, [client_id, session.customer, session.subscription, enterprise_package, seatCountNum, JSON.stringify(addonsList)]);
-
-        if (updateResult.rowCount === 0) {
-            console.error(`[webhookPost] CRITICAL: Client ${client_id} not found in DB — subscription paid but not activated`);
-            throw new Error(`Client ${client_id} not found — subscription activation failed`);
-        }
-
-        // Create addon entitlements if any
-        if (addonsList.length > 0) {
-            for (const addonId of addonsList) {
-                await executeQuery(`
-                    INSERT INTO rapport.addon_entitlements (client_id, addon_id, seat_count, status)
-                    VALUES ($1, $2, $3, 'active')
-                    ON CONFLICT (client_id, addon_id) DO UPDATE SET
-                        seat_count = EXCLUDED.seat_count,
-                        status = 'active',
-                        updated_at = CURRENT_TIMESTAMP
-                `, [client_id, addonId, seatCountNum]);
-            }
-        }
-
-        console.log('Enterprise checkout completed:', { client_id, enterprise_package, seat_count: seatCountNum, addons: addonsList });
-    } else {
-        const updateResult = await executeQuery(`
-            UPDATE rapport.clients
-            SET stripe_customer_id = $2,
-                stripe_subscription_id = $3,
-                subscription_tier = $4,
-                subscription_status = 'active',
-                last_updated = CURRENT_TIMESTAMP
-            WHERE client_id = $1
-        `, [client_id, session.customer, session.subscription, tier || 'team']);
-
-        if (updateResult.rowCount === 0) {
-            console.error(`[webhookPost] CRITICAL: Client ${client_id} not found in DB — subscription paid but not activated`);
-            throw new Error(`Client ${client_id} not found — subscription activation failed`);
-        }
-
-        console.log('Checkout completed:', { client_id, tier, customer: session.customer });
-    }
-
-    // Update checkout session record
-    await executeQuery(`
-        UPDATE rapport.stripe_checkout_sessions
-        SET status = 'completed',
-            stripe_customer_id = $2,
-            stripe_subscription_id = $3,
-            completed_at = CURRENT_TIMESTAMP
-        WHERE session_id = $1
-    `, [session.id, session.customer, session.subscription]);
-}
-
-/**
- * Handle customer.subscription.updated
- * Subscription tier/status changed, seat count changed, addons changed
- */
-async function handleSubscriptionUpdated(subscription) {
-    const { client_id, tier, enterprise_package, seat_count, addons } = subscription.metadata || {};
-
-    // Find client by customer ID if not in metadata
-    let clientId = client_id;
-    if (!clientId) {
-        const result = await executeQuery(`
-            SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
-        `, [subscription.customer]);
-
-        if (result.rowCount === 0) {
-            console.warn('Client not found for subscription update');
-            return;
-        }
-        clientId = result.rows[0].client_id;
-    }
-
-    // Parse enterprise metadata
-    const isEnterprise = tier === 'enterprise';
-    const seatCountNum = seat_count ? parseInt(seat_count, 10) : null;
-    let addonsList = null;
-    if (addons) {
-        try { addonsList = JSON.parse(addons); }
-        catch { console.warn('Failed to parse addons metadata in subscription update:', addons); }
-    }
-
-    // Build update query based on what changed
-    if (isEnterprise) {
-        // Calculate seat count from subscription items quantity
-        let calculatedSeats = seatCountNum;
-        if (!calculatedSeats && subscription.items?.data?.length > 0) {
-            // Each item quantity represents seat packs (1 pack = 25 seats)
-            const seatPacks = subscription.items.data[0].quantity || 1;
-            calculatedSeats = seatPacks * 25;
-        }
-
-        await executeQuery(`
-            UPDATE rapport.clients
-            SET subscription_status = $2,
-                subscription_tier = 'enterprise',
-                enterprise_package = COALESCE($3, enterprise_package),
-                seat_count = COALESCE($4, seat_count),
-                subscribed_addons = COALESCE($5, subscribed_addons),
-                stripe_subscription_id = $6,
-                last_updated = CURRENT_TIMESTAMP
-            WHERE client_id = $1
-        `, [
-            clientId,
-            subscription.status,
-            enterprise_package,
-            calculatedSeats,
-            addonsList ? JSON.stringify(addonsList) : null,
-            subscription.id
-        ]);
-
-        console.log('Enterprise subscription updated:', {
-            client_id: clientId,
-            status: subscription.status,
-            seat_count: calculatedSeats
-        });
-    } else {
-        await executeQuery(`
-            UPDATE rapport.clients
-            SET subscription_tier = COALESCE($2, subscription_tier),
-                subscription_status = $3,
-                stripe_subscription_id = $4,
-                last_updated = CURRENT_TIMESTAMP
-            WHERE client_id = $1
-        `, [clientId, tier, subscription.status, subscription.id]);
-
-        console.log('Subscription updated:', { client_id: clientId, status: subscription.status });
-    }
-}
-
-/**
- * Handle customer.subscription.deleted
- * Subscription canceled
- */
-async function handleSubscriptionDeleted(subscription) {
-    // Find client by customer ID
-    const result = await executeQuery(`
-        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
-    `, [subscription.customer]);
-
-    if (result.rowCount === 0) {
-        console.warn('Client not found for subscription deletion');
-        return;
-    }
-
-    const clientId = result.rows[0].client_id;
-
-    await executeQuery(`
-        UPDATE rapport.clients
-        SET subscription_tier = 'free',
-            subscription_status = 'canceled',
-            subscription_ends_at = CURRENT_TIMESTAMP,
-            last_updated = CURRENT_TIMESTAMP
-        WHERE client_id = $1
-    `, [clientId]);
-
-    console.log('Subscription deleted, reverted to free:', { client_id: clientId });
-}
-
-/**
- * Handle invoice.payment_succeeded
- * Record successful payment
- */
-async function handlePaymentSucceeded(invoice) {
-    // Find client by customer
-    const result = await executeQuery(`
-        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
-    `, [invoice.customer]);
-
-    if (result.rowCount === 0) {
-        console.warn('Client not found for payment');
-        return;
-    }
-
-    const clientId = result.rows[0].client_id;
-
-    await executeQuery(`
-        INSERT INTO rapport.payment_history (
-            stripe_invoice_id,
-            stripe_subscription_id,
-            client_id,
-            amount_cents,
-            currency,
-            status,
-            paid_at
-        )
-        VALUES ($1, $2, $3, $4, $5, 'succeeded', $6)
-        ON CONFLICT (stripe_invoice_id) DO UPDATE SET
-            status = 'succeeded',
-            paid_at = EXCLUDED.paid_at
-    `, [
-        invoice.id,
-        invoice.subscription,
-        clientId,
-        invoice.amount_paid,
-        invoice.currency,
-        new Date(invoice.status_transitions?.paid_at * 1000 || Date.now())
-    ]);
-
-    console.log('Payment succeeded:', { invoice: invoice.id, amount: invoice.amount_paid });
-}
-
-/**
- * Handle invoice.payment_failed
- * Record failed payment
- */
-async function handlePaymentFailed(invoice) {
-    const result = await executeQuery(`
-        SELECT client_id FROM rapport.clients WHERE stripe_customer_id = $1
-    `, [invoice.customer]);
-
-    if (result.rowCount === 0) {
-        return;
-    }
-
-    const clientId = result.rows[0].client_id;
-
-    // Record failed payment
-    await executeQuery(`
-        INSERT INTO rapport.payment_history (
-            stripe_invoice_id,
-            stripe_subscription_id,
-            client_id,
-            amount_cents,
-            currency,
-            status,
-            failure_message
-        )
-        VALUES ($1, $2, $3, $4, $5, 'failed', $6)
-        ON CONFLICT (stripe_invoice_id) DO UPDATE SET
-            status = 'failed',
-            failure_message = EXCLUDED.failure_message
-    `, [
-        invoice.id,
-        invoice.subscription,
-        clientId,
-        invoice.amount_due,
-        invoice.currency,
-        invoice.last_finalization_error?.message || 'Payment failed'
-    ]);
-
-    // Update subscription status
-    await executeQuery(`
-        UPDATE rapport.clients
-        SET subscription_status = 'past_due',
-            last_updated = CURRENT_TIMESTAMP
-        WHERE client_id = $1
-    `, [clientId]);
-
-    console.log('Payment failed:', { invoice: invoice.id, client_id: clientId });
-}
-
-/**
- * Main webhook handler
- */
-async function handler(event, context) {
-    try {
-        const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
-
-        if (!webhookSecret) {
-            console.error('STRIPE_WEBHOOK_SECRET not configured');
-            return {
-                statusCode: 500,
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ error: 'Webhook not configured' })
-            };
-        }
-
-        const signature = event.headers['stripe-signature'] || event.headers['Stripe-Signature'];
-        const payload = event.body;
-
-        if (!signature || !payload) {
-            return {
-                statusCode: 400,
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ error: 'Missing signature or payload' })
-            };
-        }
-
-        // Verify signature
-        if (!verifySignature(payload, signature, webhookSecret)) {
-            console.warn('Invalid webhook signature');
-            return {
-                statusCode: 400,
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ error: 'Invalid signature' })
-            };
-        }
-
-        const stripeEvent = JSON.parse(payload);
-
-        // Check for duplicate (idempotency)
-        const dupCheck = await executeQuery(`
-            SELECT event_id FROM rapport.stripe_webhook_events WHERE event_id = $1
-        `, [stripeEvent.id]);
-
-        if (dupCheck.rowCount > 0) {
-            console.log('Duplicate event, skipping:', stripeEvent.id);
-            return {
-                statusCode: 200,
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ received: true, duplicate: true })
-            };
-        }
-
-        // Record event before processing
-        await executeQuery(`
-            INSERT INTO rapport.stripe_webhook_events (event_id, event_type, handled)
-            VALUES ($1, $2, false)
-        `, [stripeEvent.id, stripeEvent.type]);
-
-        // Process by event type
-        try {
-            switch (stripeEvent.type) {
-                case 'checkout.session.completed':
-                    await handleCheckoutCompleted(stripeEvent.data.object);
-                    break;
-                case 'customer.subscription.updated':
-                    await handleSubscriptionUpdated(stripeEvent.data.object);
-                    break;
-                case 'customer.subscription.deleted':
-                    await handleSubscriptionDeleted(stripeEvent.data.object);
-                    break;
-                case 'invoice.payment_succeeded':
-                    await handlePaymentSucceeded(stripeEvent.data.object);
-                    break;
-                case 'invoice.payment_failed':
-                    await handlePaymentFailed(stripeEvent.data.object);
-                    break;
-                default:
-                    console.log('Unhandled event type:', stripeEvent.type);
-            }
-
-            // Mark as handled
-            await executeQuery(`
-                UPDATE rapport.stripe_webhook_events
-                SET handled = true, processed_at = CURRENT_TIMESTAMP
-                WHERE event_id = $1
-            `, [stripeEvent.id]);
-
-        } catch (processError) {
-            console.error('Error processing webhook:', processError);
-
-            // Record error
-            try {
-                await executeQuery(`
-                    UPDATE rapport.stripe_webhook_events
-                    SET handled = false,
-                        error = $2,
-                        processed_at = CURRENT_TIMESTAMP
-                    WHERE event_id = $1
-                `, [stripeEvent.id, processError.message]);
-            } catch (recordErr) {
-                console.error('Failed to record webhook error:', recordErr.message);
-            }
-
-            // Return 500 for critical failures so Stripe retries
-            // (missing client, DB connection errors, subscription not activated)
-            return {
-                statusCode: 500,
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ error: processError.message })
-            };
-        }
-
-        return {
-            statusCode: 200,
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ received: true })
-        };
-
-    } catch (error) {
-        console.error('Webhook handler error:', error);
-        return {
-            statusCode: 500,
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ error: 'Internal error' })
-        };
-    }
-}
-
-module.exports = { handler };