@goscribe/server 1.2.0 → 1.3.1

package/dist/routers/payment.js

@@ -0,0 +1,403 @@
+import { z } from 'zod';
+import { router, verifiedProcedure } from '../trpc.js';
+import { TRPCError } from '@trpc/server';
+import { stripe } from '../lib/stripe.js';
+import { env } from '../lib/env.js';
+import { getUserUsage, getUserPlanLimits } from '../lib/usage_service.js';
+import { notifyPaymentSucceeded, notifySubscriptionActivated, notifySubscriptionPaymentSucceeded, } from '../lib/notification-service.js';
+import { upsertSubscriptionFromStripe } from '../lib/subscription_service.js';
+import { ArtifactType } from '../lib/prisma.js';
+const ArtifactTypeUnion = z.enum(['STUDY_GUIDE', 'FLASHCARD_SET', 'WORKSHEET', 'MEETING_SUMMARY', 'PODCAST_EPISODE', 'STORAGE']);
+/** Stripe Checkout URLs contain the session id (cs_…); we only store the URL in DB. */
+const CHECKOUT_SESSION_ID_IN_URL = /cs_[a-zA-Z0-9]+/;
+/**
+ * On idempotency conflict, we may have a stored checkout URL. Only reuse it if the
+ * Stripe session is still `open`. Otherwise release the row so a new session can be created
+ * (avoids redirecting users to a completed/expired checkout = "already completed").
+ */
+async function reuseCheckoutUrlIfSessionStillOpen(stripeClient, db, existing, lockKey) {
+    const url = existing.stripeSessionId;
+    if (!url)
+        return null;
+    const idMatch = url.match(CHECKOUT_SESSION_ID_IN_URL);
+    if (!idMatch) {
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: { activeLockKey: null, status: 'expired' },
+        });
+        return null;
+    }
+    try {
+        const session = await stripeClient.checkout.sessions.retrieve(idMatch[0]);
+        if (session.status === 'open') {
+            return url;
+        }
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: {
+                activeLockKey: null,
+                status: session.status === 'complete' ? 'completed' : 'expired',
+            },
+        });
+        return null;
+    }
+    catch {
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: { activeLockKey: null, status: 'expired' },
+        });
+        return null;
+    }
+}
+export const paymentRouter = router({
+    getPlans: verifiedProcedure
+        .query(async (opts) => {
+        const ctx = opts.ctx;
+        const userId = ctx.userId;
+        const plans = await ctx.db.plan.findMany({
+            where: { active: true },
+            include: { limit: true },
+            orderBy: { price: 'asc' }
+        });
+        const activeSubscriptions = await ctx.db.subscription.findMany({
+            where: {
+                userId: userId,
+                status: 'active'
+            }
+        });
+        return plans.map((plan) => {
+            return {
+                ...plan,
+                isActive: activeSubscriptions.some((sub) => sub.planId === plan.id)
+            };
+        });
+    }),
+    createCheckoutSession: verifiedProcedure
+        .input(z.object({
+        planId: z.string()
+    }))
+        .mutation(async (opts) => {
+        const ctx = opts.ctx;
+        const input = opts.input;
+        const userId = ctx.userId;
+        if (!stripe) {
+            throw new TRPCError({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: 'Stripe not configured'
+            });
+        }
+        const user = await ctx.db.user.findUnique({ where: { id: userId } });
+        if (!user)
+            throw new TRPCError({ code: 'NOT_FOUND', message: 'User not found' });
+        const lockKey = `pending_${userId}_${input.planId}`;
+        let attempt = null;
+        let retryCount = 0;
+        while (retryCount < 3) {
+            try {
+                attempt = await ctx.db.idempotencyRecord.create({
+                    data: {
+                        userId: userId,
+                        planId: input.planId,
+                        activeLockKey: lockKey,
+                        status: 'pending'
+                    }
+                });
+                break;
+            }
+            catch (err) {
+                if (err.code === 'P2002') {
+                    const existing = await ctx.db.idempotencyRecord.findUnique({
+                        where: { activeLockKey: lockKey }
+                    });
+                    if (!existing) {
+                        retryCount++;
+                        continue;
+                    }
+                    const isStale = (Date.now() - existing.updatedAt.getTime()) > (24 * 60 * 60 * 1000);
+                    if (isStale) {
+                        const result = await ctx.db.idempotencyRecord.updateMany({
+                            where: { id: existing.id, activeLockKey: lockKey },
+                            data: { activeLockKey: null, status: 'expired' }
+                        });
+                        if (result.count > 0) {
+                            retryCount++;
+                            continue;
+                        }
+                    }
+                    if (existing.stripeSessionId && stripe) {
+                        const reusable = await reuseCheckoutUrlIfSessionStillOpen(stripe, ctx.db, existing, lockKey);
+                        if (reusable)
+                            return { url: reusable };
+                        retryCount++;
+                        continue;
+                    }
+                    await new Promise(resolve => setTimeout(resolve, 800));
+                    retryCount++;
+                    continue;
+                }
+                throw err;
+            }
+        }
+        if (!attempt)
+            throw new TRPCError({ code: 'CONFLICT', message: "Concurrent request" });
+        const plan = await ctx.db.plan.findUnique({ where: { id: input.planId } });
+        if (!plan)
+            throw new TRPCError({ code: 'NOT_FOUND', message: "Plan not found" });
+        try {
+            const successUrl = env.STRIPE_SUCCESS_URL.includes('session_id=')
+                ? env.STRIPE_SUCCESS_URL
+                : `${env.STRIPE_SUCCESS_URL}${env.STRIPE_SUCCESS_URL.includes('?') ? '&' : '?'}session_id={CHECKOUT_SESSION_ID}`;
+            const session = await stripe.checkout.sessions.create({
+                customer: user.stripe_customer_id || undefined,
+                customer_email: user.stripe_customer_id ? undefined : (user.email || undefined),
+                line_items: [{ price: plan.stripePriceId, quantity: 1 }],
+                mode: plan.interval ? 'subscription' : 'payment',
+                subscription_data: plan.interval ? {
+                    metadata: {
+                        userId: userId,
+                        planId: plan.id,
+                        attemptId: attempt.id
+                    }
+                } : undefined,
+                success_url: successUrl,
+                cancel_url: env.STRIPE_CANCEL_URL,
+                metadata: {
+                    userId: userId,
+                    planId: plan.id,
+                    attemptId: attempt.id
+                }
+            }, {
+                idempotencyKey: attempt.id
+            });
+            await ctx.db.idempotencyRecord.update({
+                where: { id: attempt.id },
+                data: { stripeSessionId: session.url }
+            });
+            return { url: session.url };
+        }
+        catch (error) {
+            await ctx.db.idempotencyRecord.update({
+                where: { id: attempt.id },
+                data: { status: 'failed', activeLockKey: null }
+            });
+            throw new TRPCError({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: error.message
+            });
+        }
+    }),
+    confirmCheckoutSuccess: verifiedProcedure
+        .input(z.object({
+        sessionId: z.string().min(1),
+    }))
+        .mutation(async (opts) => {
+        const ctx = opts.ctx;
+        const input = opts.input;
+        if (!stripe) {
+            throw new TRPCError({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: 'Stripe not configured'
+            });
+        }
+        const session = await stripe.checkout.sessions.retrieve(input.sessionId, {
+            expand: ['line_items', 'subscription'],
+        });
+        const metadata = session.metadata || {};
+        if (metadata.userId !== ctx.userId) {
+            throw new TRPCError({
+                code: 'FORBIDDEN',
+                message: 'This checkout session does not belong to the current user',
+            });
+        }
+        if (session.status !== 'complete') {
+            return { confirmed: false, reason: 'checkout_not_complete' };
+        }
+        const plan = metadata.planId
+            ? await ctx.db.plan.findUnique({ where: { id: metadata.planId } })
+            : null;
+        if (session.mode === 'payment' && session.payment_status === 'paid') {
+            await notifyPaymentSucceeded(ctx.db, {
+                userId: ctx.userId,
+                planId: metadata.planId,
+                planName: plan?.name || metadata.planType,
+                stripeSessionId: session.id,
+                amountPaid: session.amount_total ?? undefined,
+            });
+            return { confirmed: true, kind: 'payment' };
+        }
+        if (session.mode === 'subscription') {
+            const stripeSubscriptionId = typeof session.subscription === 'string'
+                ? session.subscription
+                : session.subscription?.id;
+            if (stripeSubscriptionId) {
+                await upsertSubscriptionFromStripe(stripeSubscriptionId);
+                await notifySubscriptionActivated(ctx.db, {
+                    userId: ctx.userId,
+                    planId: metadata.planId,
+                    planName: plan?.name || metadata.planType,
+                    stripeSubscriptionId,
+                });
+                if (session.payment_status === 'paid') {
+                    await notifySubscriptionPaymentSucceeded(ctx.db, {
+                        userId: ctx.userId,
+                        planId: metadata.planId,
+                        planName: plan?.name || metadata.planType,
+                        stripeInvoiceId: `checkout_${session.id}`,
+                        amountPaid: session.amount_total ?? undefined,
+                    });
+                }
+            }
+            return { confirmed: true, kind: 'subscription' };
+        }
+        return { confirmed: false, reason: 'unsupported_mode' };
+    }),
+    createResourcePurchaseSession: verifiedProcedure
+        .input(z.object({
+        resourceType: z.nativeEnum(ArtifactType),
+        quantity: z.number().min(1).default(1),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        if (!stripe) {
+            throw new TRPCError({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: 'Stripe is not configured on the server',
+            });
+        }
+        const userId = ctx.userId;
+        const user = await ctx.db.user.findUnique({
+            where: { id: userId },
+        });
+        if (!user) {
+            throw new TRPCError({
+                code: 'NOT_FOUND',
+                message: 'User not found',
+            });
+        }
+        const resourcePrice = await ctx.db.resourcePrice.findUnique({
+            where: { resourceType: input.resourceType },
+        });
+        if (!resourcePrice) {
+            throw new TRPCError({
+                code: 'PRECONDITION_FAILED',
+                message: 'Price not set',
+            });
+        }
+        const lockKey = `topup_${userId}_${input.resourceType}`;
+        let attempt = null;
+        let retryCount = 0;
+        while (retryCount < 3) {
+            try {
+                attempt = await ctx.db.idempotencyRecord.create({
+                    data: {
+                        userId: userId,
+                        resourceType: input.resourceType,
+                        activeLockKey: lockKey,
+                        status: 'pending'
+                    }
+                });
+                break;
+            }
+            catch (err) {
+                if (err.code === 'P2002') {
+                    const existing = await ctx.db.idempotencyRecord.findUnique({
+                        where: { activeLockKey: lockKey }
+                    });
+                    if (!existing) {
+                        retryCount++;
+                        continue;
+                    }
+                    const isStale = (Date.now() - existing.updatedAt.getTime()) > (24 * 60 * 60 * 1000);
+                    if (isStale) {
+                        const result = await ctx.db.idempotencyRecord.updateMany({
+                            where: { id: existing.id, activeLockKey: lockKey },
+                            data: { activeLockKey: null, status: 'expired' }
+                        });
+                        if (result.count > 0) {
+                            retryCount++;
+                            continue;
+                        }
+                    }
+                    if (existing.stripeSessionId && stripe) {
+                        const reusable = await reuseCheckoutUrlIfSessionStillOpen(stripe, ctx.db, existing, lockKey);
+                        if (reusable)
+                            return { url: reusable };
+                        retryCount++;
+                        continue;
+                    }
+                    await new Promise(resolve => setTimeout(resolve, 800));
+                    retryCount++;
+                    continue;
+                }
+                throw err;
+            }
+        }
+        if (!attempt)
+            throw new TRPCError({ code: 'CONFLICT', message: "Concurrent request" });
+        try {
+            const resourceName = input.resourceType
+                .split('_')
+                .map((w) => w.charAt(0).toUpperCase() + w.slice(1).toLowerCase())
+                .join(' ');
+            const session = await stripe.checkout.sessions.create({
+                customer: user.stripe_customer_id || undefined,
+                line_items: [
+                    {
+                        price_data: {
+                            currency: 'usd',
+                            product_data: {
+                                name: `Add-on: extra ${resourceName}s`,
+                                description: `Purchase of ${input.quantity} additional ${resourceName}(s)`
+                            },
+                            unit_amount: resourcePrice.priceCents
+                        },
+                        quantity: input.quantity
+                    }
+                ],
+                mode: 'payment',
+                success_url: `${env.STRIPE_SUCCESS_URL}?success=true`,
+                cancel_url: env.STRIPE_CANCEL_URL,
+                metadata: {
+                    userId: userId,
+                    resourceType: input.resourceType,
+                    quantity: input.quantity.toString(),
+                    isPurchase: 'true',
+                    attemptId: attempt.id,
+                },
+                invoice_creation: {
+                    enabled: true,
+                },
+            }, {
+                idempotencyKey: attempt.id
+            });
+            await ctx.db.idempotencyRecord.update({
+                where: { id: attempt.id },
+                data: { stripeSessionId: session.url }
+            });
+            return { url: session.url };
+        }
+        catch (error) {
+            await ctx.db.idempotencyRecord.update({
+                where: { id: attempt.id },
+                data: { status: 'failed', activeLockKey: null }
+            });
+            throw new TRPCError({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: error.message
+            });
+        }
+    }),
+    getUsageOverview: verifiedProcedure
+        .query(async (opts) => {
+        const ctx = opts.ctx;
+        const userId = ctx.userId;
+        const [usage, limits] = await Promise.all([
+            getUserUsage(userId),
+            getUserPlanLimits(userId)
+        ]);
+        return { usage: usage, limits: limits, hasActivePlan: (!!limits) };
+    }),
+    getResourcePrices: verifiedProcedure
+        .query(async (opts) => {
+        return opts.ctx.db.resourcePrice.findMany();
+    })
+});

package/dist/routers/podcast.d.ts

@@ -1,11 +1,5 @@
 export declare const podcast: import("@trpc/server").TRPCBuiltRouter<{
-    ctx: {
-        db: import("@prisma/client").PrismaClient<import("@prisma/client").Prisma.PrismaClientOptions, never, import("@prisma/client/runtime/library").DefaultArgs>;
-        session: any;
-        req: import("express").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
-        res: import("express").Response<any, Record<string, any>>;
-        cookies: Record<string, string | undefined>;
-    };
+    ctx: import("../context.js").Context;
     meta: object;
     errorShape: {
         data: {
@@ -181,11 +175,11 @@ export declare const podcast: import("@trpc/server").TRPCBuiltRouter<{
             createdAt: Date;
             updatedAt: Date;
             title: string;
-            objectKey: string | null;
             generating: boolean;
             generatingMetadata: import("@prisma/client/runtime/library").JsonValue | null;
             artifactId: string;
             content: string;
+            objectKey: string | null;
             duration: number;
             order: number;
             startTime: number;
@@ -239,17 +233,18 @@ export declare const podcast: import("@trpc/server").TRPCBuiltRouter<{
             id: string;
             createdAt: Date;
             updatedAt: Date;
-            title: string;
-            description: string | null;
             workspaceId: string;
             type: import("@prisma/client").$Enums.ArtifactType;
+            title: string;
             isArchived: boolean;
-            generating: boolean;
-            generatingMetadata: import("@prisma/client/runtime/library").JsonValue | null;
             difficulty: import("@prisma/client").$Enums.Difficulty | null;
             estimatedTime: string | null;
-            imageObjectKey: string | null;
             createdById: string | null;
+            description: string | null;
+            generating: boolean;
+            generatingMetadata: import("@prisma/client/runtime/library").JsonValue | null;
+            worksheetConfig: import("@prisma/client/runtime/library").JsonValue | null;
+            imageObjectKey: string | null;
         };
         meta: object;
     }>;