@m5kdev/backend 0.1.0

package/src/modules/billing/billing.service.ts

@@ -0,0 +1,177 @@
+import { err, ok } from "neverthrow";
+import type Stripe from "stripe";
+import type { User } from "#modules/auth/auth.lib";
+import type { ServerResult, ServerResultAsync } from "#modules/base/base.dto";
+import { BaseService } from "#modules/base/base.service";
+import type { BillingRepository } from "#modules/billing/billing.repository";
+
+import { posthogCapture } from "#utils/posthog";
+
+const allowedEvents: Stripe.Event.Type[] = [
+  "checkout.session.completed",
+  "customer.subscription.created",
+  "customer.subscription.updated",
+  "customer.subscription.deleted",
+  "customer.subscription.paused",
+  "customer.subscription.resumed",
+  "customer.subscription.pending_update_applied",
+  "customer.subscription.pending_update_expired",
+  "customer.subscription.trial_will_end",
+  "invoice.paid",
+  "invoice.payment_failed",
+  "invoice.payment_action_required",
+  "invoice.upcoming",
+  "invoice.marked_uncollectible",
+  "invoice.payment_succeeded",
+  "payment_intent.succeeded",
+  "payment_intent.payment_failed",
+  "payment_intent.canceled",
+];
+
+export class BillingService extends BaseService<{ billing: BillingRepository }, never> {
+  async createUserCustomer({
+    user,
+  }: {
+    user: { id: string; email: string; name?: string };
+  }): ServerResultAsync<Stripe.Customer> {
+    let stripeCustomer: Stripe.Customer | null = null;
+    const existingCustomer = await this.repository.billing.getCustomerByEmail(user.email);
+    if (existingCustomer.isErr()) return err(existingCustomer.error);
+    stripeCustomer = existingCustomer.value;
+    if (!stripeCustomer) {
+      const newCustomer = await this.repository.billing.createCustomer({
+        email: user.email,
+        name: user.name,
+        userId: user.id,
+      });
+      if (newCustomer.isErr()) return err(newCustomer.error);
+      stripeCustomer = newCustomer.value;
+    }
+
+    if (!stripeCustomer)
+      return this.error("INTERNAL_SERVER_ERROR", "Failed to create or get stripe customer");
+    const updatedUser = await this.repository.billing.updateUserCustomerId({
+      userId: user.id,
+      customerId: stripeCustomer.id,
+    });
+    if (updatedUser.isErr()) return err(updatedUser.error);
+    return ok(stripeCustomer);
+  }
+
+  async createUserHook({
+    user,
+  }: {
+    user: { id: string; email: string; name?: string };
+  }): ServerResultAsync<boolean> {
+    const stripeCustomer = await this.createUserCustomer({ user });
+    if (stripeCustomer.isErr()) return err(stripeCustomer.error);
+
+    if (this.repository.billing.hasTrial()) {
+      const existingSubscription = await this.repository.billing.getLatestSubscription(user.id);
+      if (existingSubscription.isErr()) return err(existingSubscription.error);
+      if (!existingSubscription.value) {
+        const subscription = await this.repository.billing.createTrialSubscription(
+          stripeCustomer.value.id
+        );
+        if (subscription.isErr()) return err(subscription.error);
+      }
+      const syncResult = await this.syncStripeData(stripeCustomer.value.id);
+      if (syncResult.isErr()) return err(syncResult.error);
+      if (syncResult.value === false)
+        return this.error("INTERNAL_SERVER_ERROR", "Sync did not create new subscription");
+    }
+
+    return ok(true);
+  }
+
+  async getActiveSubscription({ user }: { user: User }) {
+    return this.repository.billing.getActiveSubscription(user.id);
+  }
+
+  async listInvoices({ user }: { user: User }): ServerResultAsync<Stripe.Invoice[]> {
+    if (!user.stripeCustomerId) return this.error("NOT_FOUND", "User has no stripe customer id");
+    return this.repository.billing.listInvoices(user.stripeCustomerId);
+  }
+
+  async createCheckoutSession(
+    { priceId }: { priceId: string },
+    { user }: { user: User }
+  ): ServerResultAsync<Stripe.Checkout.Session> {
+    let stripeCustomerId = user.stripeCustomerId;
+    if (!stripeCustomerId) {
+      const stripeCustomer = await this.createUserCustomer({ user });
+      if (stripeCustomer.isErr()) return err(stripeCustomer.error);
+      stripeCustomerId = stripeCustomer.value.id;
+    }
+    return this.repository.billing.createCheckoutSession({
+      customerId: stripeCustomerId,
+      priceId,
+      userId: user.id,
+    });
+  }
+
+  async createBillingPortalSession({
+    user,
+  }: {
+    user: User;
+  }): ServerResultAsync<Stripe.BillingPortal.Session> {
+    let stripeCustomerId = user.stripeCustomerId;
+    if (!stripeCustomerId) {
+      const stripeCustomer = await this.createUserCustomer({ user });
+      if (stripeCustomer.isErr()) return err(stripeCustomer.error);
+      stripeCustomerId = stripeCustomer.value.id;
+    }
+    return this.repository.billing.createBillingPortalSession(stripeCustomerId);
+  }
+
+  constructEvent(body: Buffer | string, signature: string): ServerResult<Stripe.Event> {
+    if (!process.env.STRIPE_WEBHOOK_SECRET)
+      return this.error("INTERNAL_SERVER_ERROR", "Stripe webhook secret is not set");
+    return this.repository.billing.constructEvent(
+      body,
+      signature,
+      process.env.STRIPE_WEBHOOK_SECRET!
+    );
+  }
+
+  async syncStripeData(customerId: string, eventType?: string): ServerResultAsync<boolean> {
+    const user = await this.repository.billing.getUserByCustomerId(customerId);
+    if (user.isErr()) return err(user.error);
+    if (!user.value) return this.error("NOT_FOUND", "User not found");
+
+    if (eventType) {
+      posthogCapture({
+        distinctId: user.value.id,
+        event: `stripe.${eventType}`,
+        properties: {
+          customerId,
+        },
+      });
+    }
+    return this.repository.billing.syncStripeData({ customerId, userId: user.value.id });
+  }
+
+  async processEvent(event: Stripe.Event): ServerResultAsync<boolean> {
+    return this.throwableAsync(async () => {
+      // Skip processing if the event isn't one I'm tracking (list of all events below)
+      if (!allowedEvents.includes(event.type)) return ok(false);
+
+      // All the events I track have a customerId
+      const { customer: customerId } = event?.data?.object as {
+        customer: string; // Sadly TypeScript does not know this
+      };
+
+      // This helps make it typesafe and also lets me know if my assumption is wrong
+      if (typeof customerId !== "string") {
+        return this.error(
+          "INTERNAL_SERVER_ERROR",
+          `[STRIPE HOOK] Unexpected event structure: customer ID is not a string. Event type: ${event.type}`
+        );
+      }
+
+      const result = await this.syncStripeData(customerId, event.type);
+      if (result.isErr()) return err(result.error);
+      return ok(true);
+    });
+  }
+}

package/src/modules/billing/billing.trpc.ts

@@ -0,0 +1,17 @@
+import { billingSchema } from "@m5kdev/commons/modules/billing/billing.schema";
+import type { BillingService } from "#modules/billing/billing.service";
+import { handleTRPCResult, procedure, router } from "#trpc";
+
+export function createBillingTRPC(billingService: BillingService) {
+  return router({
+    getActiveSubscription: procedure
+      .output(billingSchema.nullable())
+      .query(async ({ ctx: { user } }) => {
+        return handleTRPCResult(await billingService.getActiveSubscription({ user }));
+      }),
+
+    listInvoices: procedure.query(async ({ ctx: { user } }) => {
+      return handleTRPCResult(await billingService.listInvoices({ user }));
+    }),
+  });
+}

package/src/modules/clay/clay.repository.ts

@@ -0,0 +1,29 @@
+import { ok } from "neverthrow";
+import type { ServerResultAsync } from "#modules/base/base.dto";
+import { BaseExternaRepository } from "#modules/base/base.repository";
+
+const { CLAY_WEBHOOK_AUTH_TOKEN } = process.env;
+
+export class ClayRepository extends BaseExternaRepository {
+  async sendToWebhook(
+    webhookUrl: string,
+    row: Record<string, unknown>,
+    callbackUrl: string
+  ): ServerResultAsync<void> {
+    return this.throwableAsync(async () => {
+      const response = await fetch(webhookUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...(CLAY_WEBHOOK_AUTH_TOKEN ? { "x-clay-webhook-auth": CLAY_WEBHOOK_AUTH_TOKEN } : {}),
+        },
+        body: JSON.stringify({ ...row, callback: callbackUrl }),
+      });
+      if (!response.ok)
+        return this.error("BAD_REQUEST", `HTTP error! status: ${response.status}`, {
+          cause: response,
+        });
+      return ok();
+    });
+  }
+}

package/src/modules/clay/clay.service.ts

@@ -0,0 +1,61 @@
+import type { z } from "zod";
+import type { ServerResultAsync } from "#modules/base/base.dto";
+import { BaseService } from "#modules/base/base.service";
+import type { WebhookService } from "#modules/webhook/webhook.service";
+import type { ClayRepository } from "./clay.repository";
+
+type ClayTable = {
+  name?: string;
+  tableId?: string;
+  viewId?: string;
+  webhookUrl: string;
+  schema?: z.ZodAny;
+  timeoutInSeconds?: number;
+};
+
+export class ClayService<K extends string> extends BaseService<
+  { clay: ClayRepository },
+  { webhook: WebhookService }
+> {
+  private tables: Record<K, ClayTable>;
+  constructor(
+    repositories: { clay: ClayRepository },
+    services: { webhook: WebhookService },
+    tables: Record<K, ClayTable>
+  ) {
+    super(repositories, services);
+    this.tables = tables;
+  }
+
+  async waitForResponse<T>(
+    webhookUrl: string,
+    row: Record<string, unknown>,
+    timeoutInSeconds?: number
+  ): ServerResultAsync<T> {
+    return await this.service.webhook.waitForRequest<T>((url) => {
+      return this.repository.clay.sendToWebhook(webhookUrl, row, url);
+    }, timeoutInSeconds);
+  }
+
+  async sendToTable(
+    table: K,
+    row: Record<string, unknown>,
+    timeoutInSeconds?: number
+  ): ServerResultAsync<
+    z.infer<
+      (typeof this.tables)[K]["schema"] extends z.ZodAny
+        ? z.infer<(typeof this.tables)[K]["schema"]>
+        : unknown
+    >
+  > {
+    const tableData = this.tables[table];
+    if (!tableData) return this.error("NOT_FOUND", `Table ${table} not found`);
+    const response = await this.waitForResponse<z.infer<typeof tableData.schema>>(
+      tableData.webhookUrl,
+      row,
+      tableData.timeoutInSeconds || timeoutInSeconds
+    );
+
+    return response;
+  }
+}

package/src/modules/connect/connect.db.ts

@@ -0,0 +1,32 @@
+import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+import { v4 as uuidv4 } from "uuid";
+
+export const connect = sqliteTable("connect", {
+  id: text("id").primaryKey().$default(uuidv4),
+  userId: text("user_id").notNull(), // FK -> users.id
+
+  provider: text("provider").notNull(), // e.g. "linkedin"
+  accountType: text("account_type").notNull(), // "user" | "page" | "org" | "channel"
+  providerAccountId: text("provider_account_id").notNull(), // e.g. LinkedIn URN, FB Page ID, IG business acct ID, X user ID
+  handle: text("handle"), // @name or page slug
+  displayName: text("display_name"),
+  avatarUrl: text("avatar_url"),
+
+  // OAuth credentials (ENCRYPTED)
+  accessToken: text("access_token").notNull(),
+  refreshToken: text("refresh_token"), // may be null if provider doesn’t issue refresh tokens
+  tokenType: text("token_type"), // e.g. "bearer"
+  scope: text("scope"), // space- or comma-separated list, for auditing
+  expiresAt: integer("expires_at", { mode: "timestamp" }), // epoch seconds
+
+  // Provider-specific glue
+  parentId: text("parent_id"), // e.g. FB Page’s connected IG business account, or org URN
+  metadataJson: text("metadata_json", { mode: "json" }), // JSON string for extras (region, perms, etc.)
+
+  revokedAt: integer("revoked_at", { mode: "timestamp" }),
+  lastRefreshedAt: integer("last_refreshed_at", { mode: "timestamp" }),
+  createdAt: integer("created_at", { mode: "timestamp" })
+    .notNull()
+    .$default(() => new Date()),
+  updatedAt: integer("updated_at", { mode: "timestamp" }),
+});

package/src/modules/connect/connect.dto.ts

@@ -0,0 +1,44 @@
+import { z } from "zod";
+
+export const connectSelectSchema = z.object({
+  id: z.string(),
+  userId: z.string(),
+  provider: z.string(),
+  accountType: z.string(),
+  providerAccountId: z.string(),
+  handle: z.string().nullish(),
+  displayName: z.string().nullish(),
+  avatarUrl: z.string().nullish(),
+  accessToken: z.string(),
+  refreshToken: z.string().nullish(),
+  tokenType: z.string().nullish(),
+  scope: z.string().nullish(),
+  expiresAt: z.date().nullish(),
+  parentId: z.string().nullish(),
+  metadataJson: z.unknown().nullish(),
+  revokedAt: z.date().nullish(),
+  lastRefreshedAt: z.date().nullish(),
+  createdAt: z.date(),
+  updatedAt: z.date().nullish(),
+});
+
+export type ConnectSelectSchema = z.infer<typeof connectSelectSchema>;
+
+export const connectSelectOutputSchema = connectSelectSchema.omit({
+  accessToken: true,
+  refreshToken: true,
+});
+
+export const connectListInputSchema = z.object({
+  providers: z.array(z.string()).optional(),
+  inactive: z.boolean().optional(),
+});
+
+export type ConnectListInputSchema = z.infer<typeof connectListInputSchema>;
+
+export const connectListOutputSchema = z.array(connectSelectOutputSchema);
+
+export const connectDeleteInputSchema = z.object({ id: z.string() });
+export const connectDeleteOutputSchema = z.object({ id: z.string() });
+export type ConnectDeleteInputSchema = z.infer<typeof connectDeleteInputSchema>;
+export type ConnectDeleteOutputSchema = z.infer<typeof connectDeleteOutputSchema>;

package/src/modules/connect/connect.linkedin.ts

@@ -0,0 +1,70 @@
+import type { ConnectProfile, ConnectProvider } from "./connect.types";
+
+interface LinkedInUserInfoResponse {
+  sub: string; // Subject identifier (user ID)
+  name?: string; // Full name
+  given_name?: string; // First name
+  family_name?: string; // Last name
+  picture?: string; // Profile picture URL
+  locale?: string;
+  email?: string;
+  email_verified?: boolean;
+}
+
+export function createLinkedInProvider(): ConnectProvider {
+  const clientId = process.env.LINKEDIN_CLIENT_ID;
+  const clientSecret = process.env.LINKEDIN_CLIENT_SECRET;
+  const baseUrl = process.env.VITE_SERVER_URL;
+
+  if (!clientId || !clientSecret || !baseUrl) {
+    throw new Error(
+      "Missing required LinkedIn OAuth environment variables: LINKEDIN_CLIENT_ID, LINKEDIN_CLIENT_SECRET, VITE_SERVER_URL"
+    );
+  }
+
+  return {
+    id: "linkedin",
+    clientId,
+    clientSecret,
+    redirectUri: `${baseUrl}/connect/linkedin/callback`,
+    // LinkedIn OpenID Connect scopes
+    scopes: ["openid", "profile", "w_member_social"],
+    // LinkedIn doesn't support PKCE - disable it
+    supportsPKCE: false,
+    // LinkedIn OpenID Connect endpoints
+    issuerConfig: {
+      issuer: "https://www.linkedin.com",
+      authorization_endpoint: "https://www.linkedin.com/oauth/v2/authorization",
+      token_endpoint: "https://www.linkedin.com/oauth/v2/accessToken",
+      userinfo_endpoint: "https://api.linkedin.com/v2/userinfo",
+    },
+    async mapProfile(accessToken: string): Promise<ConnectProfile> {
+      // Use OpenID Connect userinfo endpoint
+      const response = await fetch("https://api.linkedin.com/v2/userinfo", {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      });
+
+      if (!response.ok) {
+        throw new Error(`LinkedIn API error: ${response.status} ${response.statusText}`);
+      }
+
+      const data = (await response.json()) as LinkedInUserInfoResponse;
+
+      return {
+        providerAccountId: data.sub,
+        displayName: data.name,
+        avatarUrl: data.picture,
+        accountType: "user",
+        metadata: {
+          givenName: data.given_name,
+          familyName: data.family_name,
+          locale: data.locale,
+          email: data.email,
+          emailVerified: data.email_verified,
+        },
+      };
+    },
+  };
+}