@goscribe/server 1.2.0 → 1.3.1

package/src/routers/notifications.ts

@@ -0,0 +1,142 @@
+import { z } from 'zod';
+import { authedProcedure, router } from '../trpc.js';
+import PusherService from '../lib/pusher.js';
+
+const listInputSchema = z.object({
+  cursor: z.string().optional(),
+  limit: z.number().min(1).max(50).default(20),
+  unreadOnly: z.boolean().optional(),
+  types: z.array(z.string()).optional(),
+});
+
+export const notifications = router({
+  list: authedProcedure
+    .input(listInputSchema)
+    .query(async ({ ctx, input }) => {
+      const { cursor, limit, unreadOnly, types } = input;
+      const userId = ctx.userId;
+
+      const items = await ctx.db.notification.findMany({
+        where: {
+          userId,
+          ...(unreadOnly ? { read: false } : {}),
+          ...(types?.length ? { type: { in: types } } : {}),
+        },
+        include: {
+          actor: {
+            select: {
+              id: true,
+              name: true,
+              email: true,
+            },
+          },
+          workspace: {
+            select: {
+              id: true,
+              title: true,
+            },
+          },
+        },
+        orderBy: [{ createdAt: 'desc' }, { id: 'desc' }],
+        take: limit + 1,
+        ...(cursor ? { cursor: { id: cursor }, skip: 1 } : {}),
+      });
+
+      let nextCursor: string | undefined;
+      if (items.length > limit) {
+        const next = items.pop();
+        nextCursor = next?.id;
+      }
+
+      return {
+        items,
+        nextCursor,
+      };
+    }),
+
+  unreadCount: authedProcedure.query(async ({ ctx }) => {
+    const count = await ctx.db.notification.count({
+      where: {
+        userId: ctx.userId,
+        read: false,
+      },
+    });
+    return { count };
+  }),
+
+  markRead: authedProcedure
+    .input(z.object({ id: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      const now = new Date();
+      await ctx.db.notification.updateMany({
+        where: {
+          id: input.id,
+          userId: ctx.userId,
+        },
+        data: {
+          read: true,
+          readAt: now,
+        },
+      });
+
+      const unreadCount = await ctx.db.notification.count({
+        where: { userId: ctx.userId, read: false },
+      });
+      await PusherService.emitNotificationReadState(ctx.userId, { unreadCount });
+
+      return { success: true };
+    }),
+
+  markManyRead: authedProcedure
+    .input(z.object({ ids: z.array(z.string()).min(1) }))
+    .mutation(async ({ ctx, input }) => {
+      const now = new Date();
+      await ctx.db.notification.updateMany({
+        where: {
+          id: { in: input.ids },
+          userId: ctx.userId,
+        },
+        data: {
+          read: true,
+          readAt: now,
+        },
+      });
+
+      const unreadCount = await ctx.db.notification.count({
+        where: { userId: ctx.userId, read: false },
+      });
+      await PusherService.emitNotificationReadState(ctx.userId, { unreadCount });
+
+      return { success: true };
+    }),
+
+  markAllRead: authedProcedure
+    .mutation(async ({ ctx }) => {
+      const now = new Date();
+      await ctx.db.notification.updateMany({
+        where: {
+          userId: ctx.userId,
+          read: false,
+        },
+        data: {
+          read: true,
+          readAt: now,
+        },
+      });
+
+      await PusherService.emitNotificationReadState(ctx.userId, { unreadCount: 0 });
+      return { success: true };
+    }),
+
+  delete: authedProcedure
+    .input(z.object({ id: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.db.notification.deleteMany({
+        where: {
+          id: input.id,
+          userId: ctx.userId,
+        },
+      });
+      return { success: true };
+    }),
+});

package/src/routers/payment.ts

@@ -0,0 +1,448 @@
+import { z } from 'zod';
+import { router, verifiedProcedure } from '../trpc.js';
+import { TRPCError } from '@trpc/server';
+import { stripe } from '../lib/stripe.js';
+import { env } from '../lib/env.js';
+import { getUserUsage, getUserPlanLimits } from '../lib/usage_service.js';
+import {
+    notifyPaymentSucceeded,
+    notifySubscriptionActivated,
+    notifySubscriptionPaymentSucceeded,
+} from '../lib/notification-service.js';
+import { upsertSubscriptionFromStripe } from '../lib/subscription_service.js';
+import { ArtifactType } from '../lib/prisma.js';
+
+const ArtifactTypeUnion = z.enum(['STUDY_GUIDE', 'FLASHCARD_SET', 'WORKSHEET', 'MEETING_SUMMARY', 'PODCAST_EPISODE', 'STORAGE']);
+
+/** Stripe Checkout URLs contain the session id (cs_…); we only store the URL in DB. */
+const CHECKOUT_SESSION_ID_IN_URL = /cs_[a-zA-Z0-9]+/;
+
+/**
+ * On idempotency conflict, we may have a stored checkout URL. Only reuse it if the
+ * Stripe session is still `open`. Otherwise release the row so a new session can be created
+ * (avoids redirecting users to a completed/expired checkout = "already completed").
+ */
+async function reuseCheckoutUrlIfSessionStillOpen(
+    stripeClient: Stripe,
+    db: PrismaClient,
+    existing: { id: string; stripeSessionId: string | null },
+    lockKey: string,
+): Promise<string | null> {
+    const url = existing.stripeSessionId;
+    if (!url) return null;
+
+    const idMatch = url.match(CHECKOUT_SESSION_ID_IN_URL);
+    if (!idMatch) {
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: { activeLockKey: null, status: 'expired' },
+        });
+        return null;
+    }
+
+    try {
+        const session = await stripeClient.checkout.sessions.retrieve(idMatch[0]);
+        if (session.status === 'open') {
+            return url;
+        }
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: {
+                activeLockKey: null,
+                status: session.status === 'complete' ? 'completed' : 'expired',
+            },
+        });
+        return null;
+    } catch {
+        await db.idempotencyRecord.updateMany({
+            where: { id: existing.id, activeLockKey: lockKey },
+            data: { activeLockKey: null, status: 'expired' },
+        });
+        return null;
+    }
+}
+
+export const paymentRouter = router({
+    getPlans: verifiedProcedure
+        .query(async (opts) => {
+            const ctx = opts.ctx;
+            const userId = ctx.userId;
+
+            const plans = await ctx.db.plan.findMany({
+                where: { active: true },
+                include: { limit: true },
+                orderBy: { price: 'asc' }
+            });
+
+            const activeSubscriptions = await ctx.db.subscription.findMany({
+                where: {
+                    userId: userId,
+                    status: 'active'
+                }
+            });
+
+            return plans.map((plan: any) => {
+                return {
+                    ...plan,
+                    isActive: activeSubscriptions.some((sub: any) => sub.planId === plan.id)
+                };
+            });
+        }),
+
+    createCheckoutSession: verifiedProcedure
+        .input(z.object({
+            planId: z.string()
+        }))
+        .mutation(async (opts) => {
+            const ctx = opts.ctx;
+            const input = opts.input;
+            const userId = ctx.userId;
+
+            if (!stripe) {
+                throw new TRPCError({
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: 'Stripe not configured'
+                });
+            }
+
+            const user = await ctx.db.user.findUnique({ where: { id: userId } });
+            if (!user) throw new TRPCError({ code: 'NOT_FOUND', message: 'User not found' });
+
+            const lockKey = `pending_${userId}_${input.planId}`;
+            let attempt = null;
+            let retryCount = 0;
+
+            while (retryCount < 3) {
+                try {
+                    attempt = await ctx.db.idempotencyRecord.create({
+                        data: {
+                            userId: userId,
+                            planId: input.planId,
+                            activeLockKey: lockKey,
+                            status: 'pending'
+                        }
+                    });
+                    break;
+                } catch (err: any) {
+                    if (err.code === 'P2002') {
+                        const existing = await ctx.db.idempotencyRecord.findUnique({
+                            where: { activeLockKey: lockKey }
+                        });
+                        if (!existing) { retryCount++; continue; }
+
+                        const isStale = (Date.now() - existing.updatedAt.getTime()) > (24 * 60 * 60 * 1000);
+                        if (isStale) {
+                            const result = await ctx.db.idempotencyRecord.updateMany({
+                                where: { id: existing.id, activeLockKey: lockKey },
+                                data: { activeLockKey: null, status: 'expired' }
+                            });
+                            if (result.count > 0) { retryCount++; continue; }
+                        }
+
+                        if (existing.stripeSessionId && stripe) {
+                            const reusable = await reuseCheckoutUrlIfSessionStillOpen(
+                                stripe,
+                                ctx.db,
+                                existing,
+                                lockKey,
+                            );
+                            if (reusable) return { url: reusable };
+                            retryCount++;
+                            continue;
+                        }
+                        await new Promise(resolve => setTimeout(resolve, 800));
+                        retryCount++;
+                        continue;
+                    }
+                    throw err;
+                }
+            }
+
+            if (!attempt) throw new TRPCError({ code: 'CONFLICT', message: "Concurrent request" });
+
+            const plan = await ctx.db.plan.findUnique({ where: { id: input.planId } });
+            if (!plan) throw new TRPCError({ code: 'NOT_FOUND', message: "Plan not found" });
+
+            try {
+                const successUrl = env.STRIPE_SUCCESS_URL.includes('session_id=')
+                    ? env.STRIPE_SUCCESS_URL
+                    : `${env.STRIPE_SUCCESS_URL}${env.STRIPE_SUCCESS_URL.includes('?') ? '&' : '?'}session_id={CHECKOUT_SESSION_ID}`;
+
+                const session = await stripe.checkout.sessions.create({
+                    customer: user.stripe_customer_id || undefined,
+                    customer_email: user.stripe_customer_id ? undefined : (user.email || undefined),
+                    line_items: [{ price: plan.stripePriceId, quantity: 1 }],
+                    mode: plan.interval ? 'subscription' : 'payment',
+                    subscription_data: plan.interval ? {
+                        metadata: {
+                            userId: userId,
+                            planId: plan.id,
+                            attemptId: attempt.id
+                        }
+                    } : undefined,
+                    success_url: successUrl,
+                    cancel_url: env.STRIPE_CANCEL_URL,
+                    metadata: {
+                        userId: userId,
+                        planId: plan.id,
+                        attemptId: attempt.id
+                    }
+                }, {
+                    idempotencyKey: attempt.id
+                });
+
+                await ctx.db.idempotencyRecord.update({
+                    where: { id: attempt.id },
+                    data: { stripeSessionId: session.url }
+                });
+
+                return { url: session.url };
+            } catch (error: any) {
+                await ctx.db.idempotencyRecord.update({
+                    where: { id: attempt.id },
+                    data: { status: 'failed', activeLockKey: null }
+                });
+                throw new TRPCError({
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: error.message
+                });
+            }
+        }),
+
+    confirmCheckoutSuccess: verifiedProcedure
+        .input(z.object({
+            sessionId: z.string().min(1),
+        }))
+        .mutation(async (opts) => {
+            const ctx = opts.ctx;
+            const input = opts.input;
+
+            if (!stripe) {
+                throw new TRPCError({
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: 'Stripe not configured'
+                });
+            }
+
+            const session = await stripe.checkout.sessions.retrieve(input.sessionId, {
+                expand: ['line_items', 'subscription'],
+            });
+
+            const metadata = session.metadata || {};
+            if (metadata.userId !== ctx.userId) {
+                throw new TRPCError({
+                    code: 'FORBIDDEN',
+                    message: 'This checkout session does not belong to the current user',
+                });
+            }
+
+            if (session.status !== 'complete') {
+                return { confirmed: false, reason: 'checkout_not_complete' };
+            }
+
+            const plan = metadata.planId
+                ? await ctx.db.plan.findUnique({ where: { id: metadata.planId } })
+                : null;
+
+            if (session.mode === 'payment' && session.payment_status === 'paid') {
+                await notifyPaymentSucceeded(ctx.db, {
+                    userId: ctx.userId,
+                    planId: metadata.planId,
+                    planName: plan?.name || metadata.planType,
+                    stripeSessionId: session.id,
+                    amountPaid: session.amount_total ?? undefined,
+                });
+                return { confirmed: true, kind: 'payment' as const };
+            }
+
+            if (session.mode === 'subscription') {
+                const stripeSubscriptionId =
+                    typeof session.subscription === 'string'
+                        ? session.subscription
+                        : session.subscription?.id;
+
+                if (stripeSubscriptionId) {
+                    await upsertSubscriptionFromStripe(stripeSubscriptionId);
+                    await notifySubscriptionActivated(ctx.db, {
+                        userId: ctx.userId,
+                        planId: metadata.planId,
+                        planName: plan?.name || metadata.planType,
+                        stripeSubscriptionId,
+                    });
+
+                    if (session.payment_status === 'paid') {
+                        await notifySubscriptionPaymentSucceeded(ctx.db, {
+                            userId: ctx.userId,
+                            planId: metadata.planId,
+                            planName: plan?.name || metadata.planType,
+                            stripeInvoiceId: `checkout_${session.id}`,
+                            amountPaid: session.amount_total ?? undefined,
+                        });
+                    }
+                }
+                return { confirmed: true, kind: 'subscription' as const };
+            }
+
+            return { confirmed: false, reason: 'unsupported_mode' };
+        }),
+
+    createResourcePurchaseSession: verifiedProcedure
+        .input(z.object({
+            resourceType: z.nativeEnum(ArtifactType),
+            quantity: z.number().min(1).default(1),
+        }))
+        .mutation(async ({ ctx, input }) => {
+            if (!stripe) {
+                throw new TRPCError({
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: 'Stripe is not configured on the server',
+                });
+            }
+
+            const userId = ctx.userId;
+            const user = await ctx.db.user.findUnique({
+                where: { id: userId },
+            });
+
+            if (!user) {
+                throw new TRPCError({
+                    code: 'NOT_FOUND',
+                    message: 'User not found',
+                });
+            }
+
+            const resourcePrice = await ctx.db.resourcePrice.findUnique({
+                where: { resourceType: input.resourceType },
+            });
+
+            if (!resourcePrice) {
+                throw new TRPCError({
+                    code: 'PRECONDITION_FAILED',
+                    message: 'Price not set',
+                });
+            }
+
+            const lockKey = `topup_${userId}_${input.resourceType}`;
+            let attempt = null;
+            let retryCount = 0;
+
+            while (retryCount < 3) {
+                try {
+                    attempt = await ctx.db.idempotencyRecord.create({
+                        data: {
+                            userId: userId,
+                            resourceType: input.resourceType as ArtifactType,
+                            activeLockKey: lockKey,
+                            status: 'pending'
+                        }
+                    });
+                    break;
+                } catch (err: any) {
+                    if (err.code === 'P2002') {
+                        const existing = await ctx.db.idempotencyRecord.findUnique({
+                            where: { activeLockKey: lockKey }
+                        });
+                        if (!existing) { retryCount++; continue; }
+
+                        const isStale = (Date.now() - existing.updatedAt.getTime()) > (24 * 60 * 60 * 1000);
+                        if (isStale) {
+                            const result = await ctx.db.idempotencyRecord.updateMany({
+                                where: { id: existing.id, activeLockKey: lockKey },
+                                data: { activeLockKey: null, status: 'expired' }
+                            });
+                            if (result.count > 0) { retryCount++; continue; }
+                        }
+
+                        if (existing.stripeSessionId && stripe) {
+                            const reusable = await reuseCheckoutUrlIfSessionStillOpen(
+                                stripe,
+                                ctx.db,
+                                existing,
+                                lockKey,
+                            );
+                            if (reusable) return { url: reusable };
+                            retryCount++;
+                            continue;
+                        }
+                        await new Promise(resolve => setTimeout(resolve, 800));
+                        retryCount++;
+                        continue;
+                    }
+                    throw err;
+                }
+            }
+
+            if (!attempt) throw new TRPCError({ code: 'CONFLICT', message: "Concurrent request" });
+
+            try {
+                const resourceName = input.resourceType
+                    .split('_')
+                    .map((w) => w.charAt(0).toUpperCase() + w.slice(1).toLowerCase())
+                    .join(' ');
+
+                const session = await stripe.checkout.sessions.create({
+                    customer: user.stripe_customer_id || undefined,
+                    line_items: [
+                        {
+                            price_data: {
+                                currency: 'usd',
+                                product_data: {
+                                    name: `Add-on: extra ${resourceName}s`,
+                                    description: `Purchase of ${input.quantity} additional ${resourceName}(s)`
+                                },
+                                unit_amount: resourcePrice.priceCents
+                            },
+                            quantity: input.quantity
+                        }
+                    ],
+                    mode: 'payment',
+                    success_url: `${env.STRIPE_SUCCESS_URL}?success=true`,
+                    cancel_url: env.STRIPE_CANCEL_URL,
+                    metadata: {
+                        userId: userId,
+                        resourceType: input.resourceType,
+                        quantity: input.quantity.toString(),
+                        isPurchase: 'true',
+                        attemptId: attempt.id,
+                    },
+                    invoice_creation: {
+                        enabled: true,
+                    },
+                }, {
+                    idempotencyKey: attempt.id
+                });
+
+                await ctx.db.idempotencyRecord.update({
+                    where: { id: attempt.id },
+                    data: { stripeSessionId: session.url }
+                });
+
+                return { url: session.url };
+            } catch (error: any) {
+                await ctx.db.idempotencyRecord.update({
+                    where: { id: attempt.id },
+                    data: { status: 'failed', activeLockKey: null }
+                });
+                throw new TRPCError({
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: error.message
+                });
+            }
+        }),
+
+    getUsageOverview: verifiedProcedure
+        .query(async (opts) => {
+            const ctx = opts.ctx;
+            const userId = ctx.userId;
+            const [usage, limits] = await Promise.all([
+                getUserUsage(userId),
+                getUserPlanLimits(userId)
+            ]);
+            return { usage: usage, limits: limits, hasActivePlan: (!!limits) };
+        }),
+
+    getResourcePrices: verifiedProcedure
+        .query(async (opts) => {
+            return opts.ctx.db.resourcePrice.findMany();
+        })
+});