@siglume/direct-request-payment 0.4.19 → 0.4.22

package/templates/fastapi/siglume_sdrp_routes.py

@@ -1,11 +1,11 @@
 from __future__ import annotations
 
 import os
-import time
-from typing import Any, Protocol
+from typing import Any, Awaitable, Callable, Literal, Protocol
 
 from fastapi import APIRouter, Request
 from fastapi.responses import JSONResponse, Response
+from starlette.concurrency import run_in_threadpool
 from siglume_direct_request_payment import (
     DirectRequestPaymentMerchantClient,
     HostedCheckoutNotAvailableError,
@@ -15,16 +15,33 @@ from siglume_direct_request_payment import (
 
 
 class SiglumeSdrpOrderStore(Protocol):
-    async def get_order_for_checkout(self, order_id: str, request: Request) -> dict[str, Any] | None: ...
-    async def mark_checkout_pending(self, *, order_id: str, challenge_hash: str, checkout_session_id: str) -> None: ...
-    async def record_webhook_event_once(self, event_id: str) -> bool: ...
+    async def begin_checkout_attempt(self, order_id: str, request: Request) -> dict[str, Any] | None: ...
+    async def mark_checkout_pending(
+        self,
+        *,
+        order_id: str,
+        attempt_id: str,
+        stable_nonce: str,
+        challenge_hash: str,
+        checkout_session_id: str,
+        checkout_url: str,
+    ) -> None: ...
+    async def process_webhook_event_once(
+        self,
+        event_id: str,
+        handler: Callable[[], Awaitable[None]],
+    ) -> Literal["processed", "duplicate"]: ...
     async def find_order_by_challenge_hash(self, challenge_hash: str) -> dict[str, Any] | None: ...
     async def mark_order_paid_once(self, *, order_id: str, requirement_id: str, chain_receipt_id: str) -> None: ...
     async def mark_order_fulfilled_unsettled_once(self, *, order_id: str, requirement_id: str, pricing_band: str) -> None: ...
     async def flag_payment_review(self, data: dict[str, Any]) -> None: ...
 
 
-def create_siglume_sdrp_router(order_store: SiglumeSdrpOrderStore) -> APIRouter:
+def create_siglume_sdrp_router(
+    order_store: SiglumeSdrpOrderStore,
+    *,
+    allow_metered_payments: bool = False,
+) -> APIRouter:
     router = APIRouter()
     merchant_key = os.environ["SIGLUME_DIRECT_PAYMENT_MERCHANT"]
     shop_origin = os.environ["SHOP_PUBLIC_ORIGIN"]
@@ -36,27 +53,41 @@ def create_siglume_sdrp_router(order_store: SiglumeSdrpOrderStore) -> APIRouter:
     async def start_checkout(request: Request) -> JSONResponse:
         body = await request.json()
         order_id = str(body.get("order_id") or "")
-        order = await order_store.get_order_for_checkout(order_id, request)
-        if not order:
+        attempt = await order_store.begin_checkout_attempt(order_id, request)
+        if not attempt:
             return JSONResponse({"error": "order_not_found"}, status_code=404)
 
+        if not allow_metered_payments and not _is_standard_checkout_amount(str(attempt["currency"]), int(attempt["amount_minor"])):
+            return JSONResponse({"error": "METERED_INTEGRATION_REQUIRED"}, status_code=409)
+
+        if attempt.get("checkout_url") and attempt.get("checkout_session_id"):
+            return JSONResponse({
+                "checkout_url": attempt["checkout_url"],
+                "session_id": attempt["checkout_session_id"],
+            })
+
         try:
-            session = merchant.create_checkout_session(
-                merchant=merchant_key,
-                amount_minor=int(order["amount_minor"]),
-                currency=str(order["currency"]),
-                nonce=f"{order['id']}-attempt_{int(time.time() * 1000)}",
-                success_url=f"{shop_origin}/checkout/siglume/success",
-                cancel_url=f"{shop_origin}/checkout/siglume/cancel",
-                metadata={"order_id": order["id"]},
+            session = await run_in_threadpool(
+                lambda: merchant.create_checkout_session(
+                    merchant=merchant_key,
+                    amount_minor=int(attempt["amount_minor"]),
+                    currency=str(attempt["currency"]),
+                    nonce=str(attempt["stable_nonce"]),
+                    success_url=f"{shop_origin}/checkout/siglume/success",
+                    cancel_url=f"{shop_origin}/checkout/siglume/cancel",
+                    metadata={"order_id": attempt["order_id"], "attempt_id": attempt["attempt_id"]},
+                )
             )
         except HostedCheckoutNotAvailableError:
             return JSONResponse({"error": "hosted_checkout_not_enabled"}, status_code=409)
 
         await order_store.mark_checkout_pending(
-            order_id=str(order["id"]),
+            order_id=str(attempt["order_id"]),
+            attempt_id=str(attempt["attempt_id"]),
+            stable_nonce=str(attempt["stable_nonce"]),
             challenge_hash=session["challenge_hash"],
             checkout_session_id=session["session_id"],
+            checkout_url=session["checkout_url"],
         )
         return JSONResponse({"checkout_url": session["checkout_url"], "session_id": session["session_id"]})
 
@@ -68,40 +99,72 @@ def create_siglume_sdrp_router(order_store: SiglumeSdrpOrderStore) -> APIRouter:
             request.headers.get("Siglume-Signature", ""),
         )["event"]
 
-        if not await order_store.record_webhook_event_once(str(event["id"])):
-            return Response(status_code=204)
+        async def handler() -> None:
+            await _process_siglume_webhook_event(
+                order_store,
+                event,
+                allow_metered_payments=allow_metered_payments,
+            )
 
-        if event["type"] == "direct_payment.confirmed":
-            confirmation = classify_direct_payment_confirmation(event)
-            if confirmation["kind"] == "standard_settled":
-                order = await order_store.find_order_by_challenge_hash(confirmation["challenge_hash"])
-                if order:
-                    await order_store.mark_order_paid_once(
-                        order_id=str(order["id"]),
-                        requirement_id=confirmation["requirement_id"],
-                        chain_receipt_id=confirmation["chain_receipt_id"],
-                    )
-                else:
-                    await order_store.flag_payment_review({
-                        "reason": "unknown_challenge_hash",
-                        "requirement_id": confirmation["requirement_id"],
-                    })
-            elif confirmation["kind"] == "metered_usage_accepted":
-                order = await order_store.find_order_by_challenge_hash(confirmation["challenge_hash"])
-                if order:
-                    await order_store.mark_order_fulfilled_unsettled_once(
-                        order_id=str(order["id"]),
-                        requirement_id=confirmation["requirement_id"],
-                        pricing_band=confirmation["pricing_band"],
-                    )
-                else:
-                    await order_store.flag_payment_review({
-                        "reason": "unknown_metered_challenge_hash",
-                        "requirement_id": confirmation["requirement_id"],
-                    })
-            else:
-                await order_store.flag_payment_review(dict(confirmation))
+        if await order_store.process_webhook_event_once(str(event["id"]), handler) == "duplicate":
+            return Response(status_code=204)
 
         return Response(status_code=204)
 
     return router
+
+
+async def _process_siglume_webhook_event(
+    order_store: SiglumeSdrpOrderStore,
+    event: dict[str, Any],
+    *,
+    allow_metered_payments: bool,
+) -> None:
+    if event["type"] != "direct_payment.confirmed":
+        return
+
+    confirmation = classify_direct_payment_confirmation(event)
+    if confirmation["kind"] == "standard_settled":
+        order = await order_store.find_order_by_challenge_hash(confirmation["challenge_hash"])
+        if order:
+            await order_store.mark_order_paid_once(
+                order_id=str(order["id"]),
+                requirement_id=confirmation["requirement_id"],
+                chain_receipt_id=confirmation["chain_receipt_id"],
+            )
+        else:
+            await order_store.flag_payment_review({
+                "reason": "unknown_challenge_hash",
+                "requirement_id": confirmation["requirement_id"],
+            })
+    elif confirmation["kind"] == "metered_usage_accepted":
+        if not allow_metered_payments:
+            await order_store.flag_payment_review({
+                "reason": "metered_integration_required",
+                "requirement_id": confirmation["requirement_id"],
+                "pricing_band": confirmation["pricing_band"],
+            })
+            return
+        order = await order_store.find_order_by_challenge_hash(confirmation["challenge_hash"])
+        if order:
+            await order_store.mark_order_fulfilled_unsettled_once(
+                order_id=str(order["id"]),
+                requirement_id=confirmation["requirement_id"],
+                pricing_band=confirmation["pricing_band"],
+            )
+        else:
+            await order_store.flag_payment_review({
+                "reason": "unknown_metered_challenge_hash",
+                "requirement_id": confirmation["requirement_id"],
+            })
+    else:
+        await order_store.flag_payment_review(dict(confirmation))
+
+
+def _is_standard_checkout_amount(currency: str, amount_minor: int) -> bool:
+    normalized_currency = currency.upper()
+    if normalized_currency == "JPY":
+        return amount_minor >= 501
+    if normalized_currency == "USD":
+        return amount_minor >= 301
+    return False