@stamhoofd/backend 1.0.0

package/src/endpoints/global/payments/ExchangeSTPaymentEndpoint.ts

@@ -0,0 +1,153 @@
+import { createMollieClient } from '@mollie/api-client';
+import { AutoEncoder, BooleanDecoder,Decoder,field } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { MolliePayment, Organization } from "@stamhoofd/models";
+import { Payment } from "@stamhoofd/models";
+import { STInvoice } from "@stamhoofd/models";
+import { QueueHandler } from '@stamhoofd/queues';
+import { PaymentMethod,PaymentProvider,PaymentStatus, STInvoice as STInvoiceStruct } from "@stamhoofd/structures";
+type Params = {id: string};
+class Query extends AutoEncoder {
+    @field({ decoder: BooleanDecoder, optional: true })
+    exchange = false
+}
+type Body = undefined
+type ResponseBody = STInvoiceStruct | undefined;
+
+/**
+ * One endpoint to create, patch and delete groups. Usefull because on organization setup, we need to create multiple groups at once. Also, sometimes we need to link values and update multiple groups at once
+ */
+
+export class ExchangeSTPaymentEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    queryDecoder = Query as Decoder<Query>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/billing/payments/@id", {id: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {        
+        const payment = await Payment.getByID(request.params.id)
+        if (!payment) {
+            throw new SimpleError({
+                code: "",
+                message: "Deze link is ongeldig"
+            })
+        }
+
+        const invoices = await STInvoice.where({ paymentId: payment.id })
+        if (invoices.length > 1) {
+            console.error("Received more than 1 invoices for the same payment. Danger zone!")
+            throw new Error("Unexpected error")
+        }
+
+        if (invoices.length == 0) {
+            console.error("Didn't found and invoice for a given payment!")
+            throw new Error("Unexpected error")
+        }
+
+        // Not method on payment because circular references (not supprted in ts)
+        const invoice = invoices[0]
+
+        if (request.query.exchange) {
+            // Don't wait for exchanges
+            ExchangeSTPaymentEndpoint.pollStatus(payment, invoice).catch(e => {
+                console.error(e)
+            })
+            return new Response(undefined);
+        }
+        
+        const updatedInvoice = await ExchangeSTPaymentEndpoint.pollStatus(payment, invoice)
+
+        if (!updatedInvoice) {
+            return new Response(undefined);
+        }
+        
+        return new Response( 
+            await updatedInvoice.getStructure()
+        );
+    }
+
+    static async pollStatus(payment: Payment, _invoice: STInvoice): Promise<STInvoice | undefined> {
+        // All invoice related logic needs to happen after each ather, not concurrently
+        return await QueueHandler.schedule("billing/invoices-"+_invoice.organizationId, async () => {
+
+            // Get a new copy of the invoice (is required to prevent concurrenty bugs)
+            const invoice = await STInvoice.getByID(_invoice.id)
+            if (!invoice || invoice.paidAt !== null) {
+                return invoice
+            }
+
+            if ((payment.provider === PaymentProvider.Mollie || (payment.provider === null && payment.method == PaymentMethod.DirectDebit)) && (payment.status == PaymentStatus.Pending || payment.status == PaymentStatus.Created || payment.status == PaymentStatus.Failed)) {    
+                if (payment.method == PaymentMethod.Bancontact || payment.method == PaymentMethod.iDEAL || payment.method == PaymentMethod.CreditCard || payment.method == PaymentMethod.DirectDebit || payment.method == PaymentMethod.Transfer) {
+                    // check status via mollie
+                    const molliePayments = await MolliePayment.where({ paymentId: payment.id}, { limit: 1 })
+                    if (molliePayments.length == 1) {
+                        const molliePayment = molliePayments[0]
+                        // check status
+                        const apiKey = STAMHOOFD.MOLLIE_API_KEY
+                        if (apiKey) {
+                            const mollieClient = createMollieClient({ apiKey });
+                            const mollieData = await mollieClient.payments.get(molliePayment.mollieId)
+
+                            console.log(mollieData) // log to log files to check issues
+
+                            const details = (mollieData.details as any) 
+                            if (details?.cardNumber) {
+                                payment.iban = "xxxx xxxx xxxx "+details.cardNumber
+                            }
+                            if (details?.cardHolder) {
+                                payment.ibanName = details.cardHolder
+                            }
+                            if (details?.consumerAccount) {
+                                payment.iban = details.consumerAccount
+                            }
+                            if (details?.consumerName) {
+                                payment.ibanName = details.consumerName
+                            }
+
+                            if (mollieData.status == "paid") {
+                                payment.status = PaymentStatus.Succeeded
+                                payment.paidAt = new Date()
+                                await payment.save();
+
+                                await invoice.markPaid()
+
+                                // Save customer id
+                                if (mollieData.customerId && _invoice.organizationId) {
+                                    const organization = await Organization.getByID(_invoice.organizationId)
+                                    if (organization) {
+                                        organization.serverMeta.mollieCustomerId = mollieData.customerId
+                                        console.log("Saving mollie customer", mollieData.customerId, "for organization", organization.id)
+                                        await organization.save()
+                                    }
+                                }
+                            } else if (mollieData.status == "failed" || mollieData.status == "expired" || mollieData.status == "canceled") {
+                                payment.status = PaymentStatus.Failed
+                                await payment.save();
+                                await invoice.markFailed(payment)
+                            }
+                        } else {
+                            console.error("Mollie api key is missing for Stamhoofd payments! "+payment.id)
+                        }
+                    } else {
+                        console.error("Couldn't find mollie payment for payment "+payment.id)
+                    }
+                } else {
+                    console.error("Payment method not supported for invoice "+invoice.id+" and payment "+payment.id)
+                    throw new Error("Unsupported payment method for invoices")
+                }
+            }
+            return invoice
+        });
+    }
+}

package/src/endpoints/global/payments/StripeWebhookEndpoint.ts

@@ -0,0 +1,134 @@
+
+import { AnyDecoder, AutoEncoder, Decoder, field, StringDecoder } from '@simonbackx/simple-encoding';
+import { DecodedRequest, Endpoint, Request, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization, StripeAccount, StripeCheckoutSession, StripePaymentIntent } from '@stamhoofd/models';
+
+import { StripeHelper } from '../../../helpers/StripeHelper';
+import { ExchangePaymentEndpoint } from '../../organization/shared/ExchangePaymentEndpoint';
+
+type Params = Record<string, never>;
+class Body extends AutoEncoder {
+    /**
+     * The account id (internal id, not the stripe id)
+     */
+    @field({ decoder: StringDecoder })
+    type: string
+
+    @field({ decoder: StringDecoder })
+    id: string
+
+    @field({ decoder: AnyDecoder })
+    data: any
+}
+
+type Query = undefined
+type ResponseBody = undefined
+
+export class StripeWebookEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = Body as Decoder<Body>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== "POST") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/stripe/webhooks", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        console.log("Received Stripe Webhook", request.body.type);
+
+        // Verify webhook signature and extract the event.
+        // See https://stripe.com/docs/webhooks/signatures for more information.
+        let event;
+        try {
+            const stripe = StripeHelper.getInstance()
+            const sig = request.headers['stripe-signature'];
+            if (!sig) {
+                throw new SimpleError({
+                    code: "invalid_signature",
+                    message: "Invalid signature",
+                    statusCode: 400
+                })
+            }
+            event = await stripe.webhooks.constructEventAsync(await request.request.bodyPromise!, sig, STAMHOOFD.STRIPE_ENDPOINT_SECRET);
+        } catch (err) {
+            throw new SimpleError({
+                code: "invalid_signature",
+                message: "Invalid signature",
+                statusCode: 400
+            })
+        }
+
+        // Check type
+        switch (request.body.type) {
+            case "account.updated": {
+                console.log(event);
+                const account = request.body.data.object;
+                if (account && account.id) {
+                    const id = account.id as string;
+                    const [model] = await StripeAccount.where({accountId: id}, {limit: 1});
+                    if (model) {
+                        model.setMetaFromStripeAccount(account)
+                        await model.save()
+                    } else {
+                        console.warn("Could not find stripe account with id", id)
+                    }
+                }
+                break;
+            }
+            case "payment_intent.amount_capturable_updated":
+            case "payment_intent.canceled":
+            case "payment_intent.created":
+            case "payment_intent.partially_funded":
+            case "payment_intent.payment_failed":
+            case "payment_intent.processing":
+            case "payment_intent.requires_action":
+            case "payment_intent.succeeded": {
+                const intentId = request.body.data.object.id;
+                const [model] = await StripePaymentIntent.where({stripeIntentId: intentId}, {limit: 1})
+                if (model && model.organizationId) {
+                    const organization = await Organization.getByID(model.organizationId)
+                    if (organization) {
+                        await ExchangePaymentEndpoint.pollStatus(model.paymentId, organization)
+                    } else {
+                        console.warn("Could not find organization with id", model.organizationId)
+                    }
+                } else {
+                    console.warn("Could not find stripe payment intent with id", intentId)
+                }
+                break;
+            }
+            case "checkout.session.async_payment_failed":
+            case "checkout.session.async_payment_succeeded":
+            case "checkout.session.completed":
+            case "checkout.session.expired": {
+                const checkoutId = request.body.data.object.id;
+                const [model] = await StripeCheckoutSession.where({stripeSessionId: checkoutId}, {limit: 1})
+                if (model && model.organizationId) {
+                    const organization = await Organization.getByID(model.organizationId)
+                    if (organization) {
+                        await ExchangePaymentEndpoint.pollStatus(model.paymentId, organization)
+                    } else {
+                        console.warn("Could not find organization with id", model.organizationId)
+                    }
+                } else {
+                    console.warn("Could not find stripe checkout session with id", checkoutId)
+                }
+                break;
+            }
+            default: {
+                console.log("Unhandled stripe webhook type", request.body.type);
+                break;
+            }
+        }
+        return new Response(undefined);
+    }
+}

package/src/endpoints/global/platform/GetPlatformAdminsEndpoint.ts

@@ -0,0 +1,44 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { User } from '@stamhoofd/models';
+import { User as UserStruct } from "@stamhoofd/structures";
+
+import { Context } from "../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = UserStruct[]
+
+export class GetPlatformAdminsEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/platform/admins", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!Context.auth.canManagePlatformAdmins()) {
+            throw Context.auth.error()
+        }
+
+        // Get all admins
+        let admins = await User.where({ organizationId: null, permissions: { sign: "!=", value: null }})
+
+        // Hide api accounts
+        admins = admins.filter(a => !a.isApiUser)
+        admins = admins.filter(a => !!a.permissions?.globalPermissions)
+
+        return new Response(
+            admins.map(a => UserStruct.create({...a, hasAccount: a.hasAccount()}))
+        );
+    }
+}

package/src/endpoints/global/platform/GetPlatformEnpoint.ts

@@ -0,0 +1,39 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Platform } from "@stamhoofd/models";
+import { Platform as PlatformStruct } from "@stamhoofd/structures";
+
+import { Context } from "../../../helpers/Context";
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = PlatformStruct;
+
+export class GetPlatformEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/platform", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        await Context.optionalAuthenticate({allowWithoutAccount: false})
+
+        if (Context.optionalAuth?.hasSomePlatformAccess()) {
+            const platform = await Platform.getSharedPrivateStruct()
+            if (!platform.privateConfig) {
+                throw new Error("Private config not found")
+            }
+            return new Response(platform);
+        }
+        const platform = await Platform.getSharedStruct()
+        return new Response(platform);
+    }
+}

package/src/endpoints/global/platform/PatchPlatformEnpoint.ts

@@ -0,0 +1,63 @@
+import { AutoEncoderPatchType, Decoder, patchObject } from "@simonbackx/simple-encoding";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Platform } from "@stamhoofd/models";
+import { Platform as PlatformStruct } from "@stamhoofd/structures";
+
+import { Context } from "../../../helpers/Context";
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = AutoEncoderPatchType<PlatformStruct>;
+type ResponseBody = PlatformStruct;
+
+export class PatchPlatformEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = PlatformStruct.patchType() as Decoder<AutoEncoderPatchType<PlatformStruct>>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "PATCH") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/platform", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.authenticate()
+
+        // Fast throw first (more in depth checking for patches later)
+        if (!Context.auth.hasPlatformFullAccess()) {
+            throw Context.auth.error()
+        }
+
+        const platform = await Platform.getShared()
+
+        if (request.body.privateConfig) {
+            // Did we patch roles?
+            if (request.body.privateConfig.roles) {
+                if (!Context.auth.canManagePlatformAdmins()) {
+                    throw Context.auth.error()
+                }
+
+                // Update roles
+                platform.privateConfig.roles = patchObject(platform.privateConfig.roles, request.body.privateConfig.roles)
+            }
+        }
+
+        if (request.body.config) {
+            if (!Context.auth.hasPlatformFullAccess()) {
+                throw Context.auth.error()
+            }
+
+            // Update config
+            platform.config = patchObject(platform.config, request.body.config)
+        }
+
+        await platform.save()
+        return new Response(await Platform.getSharedPrivateStruct());
+    }
+}

package/src/endpoints/global/registration/GetPaymentRegistrations.ts

@@ -0,0 +1,68 @@
+import { ManyToOneRelation } from "@simonbackx/simple-database";
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Group, Member, Payment, Registration } from '@stamhoofd/models';
+import { PaymentWithRegistrations } from "@stamhoofd/structures";
+import { Formatter } from "@stamhoofd/utility";
+
+import { Context } from "../../../helpers/Context";
+type Params = {id: string};
+type Query = undefined
+type Body = undefined
+type ResponseBody = PaymentWithRegistrations | undefined;
+
+export class GetPaymentRegistrations extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/payments/@id/registrations", {id: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        await Context.setUserOrganizationScope();
+        const {user} = await Context.authenticate()
+        
+        const payment = await Payment.getByID(request.params.id)
+        if (!payment) {
+            throw new SimpleError({
+                code: "",
+                message: "Deze link is ongeldig"
+            })
+        }
+        const registrations = await Member.getRegistrationWithMembersForPayment(payment.id)
+        const authorizedMembers = (await Member.getMembersWithRegistrationForUser(user)).map(m => m.id)
+        const groups = await Group.getByIDs(...Formatter.uniqueArray(registrations.map(r => r.groupId)))
+
+        // Check permissions
+        for (const registration of registrations) {
+            if (!authorizedMembers.includes(registration.member.id)) {
+                throw new SimpleError({
+                    code: "",
+                    message: "Deze link is ongeldig"
+                })
+            }
+        }
+               
+        return new Response( 
+            PaymentWithRegistrations.create({
+                id: payment.id,
+                method: payment.method,
+                status: payment.status,
+                price: payment.price,
+                freeContribution: payment.freeContribution,
+                transferDescription: payment.transferDescription,
+                paidAt: payment.paidAt,
+                createdAt: payment.createdAt,
+                updatedAt: payment.updatedAt,
+                registrations: registrations.map(r => Member.getRegistrationWithMemberStructure(r.setRelation(Registration.group, groups.find(g => g.id === r.groupId)!)))
+            })
+        );
+    }
+}

package/src/endpoints/global/registration/GetUserBalanceEndpoint.ts

@@ -0,0 +1,39 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { BalanceItem, Member } from "@stamhoofd/models";
+import { MemberBalanceItem } from "@stamhoofd/structures";
+
+import { Context } from "../../../helpers/Context";
+
+type Params = Record<string, never>;
+type Query = undefined
+type Body = undefined
+type ResponseBody = MemberBalanceItem[]
+
+export class GetUserBalanceEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/balance", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setUserOrganizationScope();
+        const {user} = await Context.authenticate()
+
+        const members = await Member.getMembersWithRegistrationForUser(user)
+
+        // Get all balance items for this member or users
+        const balanceItems = await BalanceItem.balanceItemsForUsersAndMembers(organization?.id ?? null, [user.id], members.map(m => m.id))
+
+        return new Response(
+            await BalanceItem.getMemberStructure(balanceItems)
+        );
+    }
+}

package/src/endpoints/global/registration/GetUserDocumentsEndpoint.ts

@@ -0,0 +1,80 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Document, DocumentTemplate, Member } from '@stamhoofd/models';
+import { Document as DocumentStruct,DocumentStatus } from "@stamhoofd/structures";
+import { Sorter } from "@stamhoofd/utility";
+
+import { Context } from "../../../helpers/Context";
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = DocumentStruct[];
+
+/**
+ * Get the members of the user
+ */
+export class GetUserMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/documents", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setUserOrganizationScope();
+        const {user} = await Context.authenticate()
+
+        const members = await Member.getMembersWithRegistrationForUser(user)
+        let templates = organization ? await DocumentTemplate.where({ status: 'Published', organizationId: organization.id }) : null
+        const memberIds = members.map(m => m.id)
+        const templateIds = templates ? templates.map(t => t.id) : null
+
+        if (memberIds.length == 0 || (templateIds !== null && templateIds.length == 0)) {
+            return new Response([]);
+        }
+
+        const w: any = { 
+            memberId: {
+                sign: 'IN',
+                value: memberIds
+            },
+            status: {
+                sign: 'IN',
+                value: [DocumentStatus.MissingData, DocumentStatus.Published]
+            },
+        }
+
+        if (templateIds !== null) {
+            w.templateId = {
+                sign: 'IN',
+                value: templateIds
+            }
+        }
+
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+        const documents = await Document.where(w);
+
+        if (!templates) {
+            templates = documents.length > 0 ? await DocumentTemplate.getByIDs(...documents.map(d => d.templateId)) : []
+        }
+        
+        const filteredDocuments = documents.filter(document => {
+            const template = templates.find(t => t.id == document.templateId)
+            if (!template || (!template.updatesEnabled && document.status === DocumentStatus.MissingData)) {
+                return false
+            }
+            return true;
+        })
+
+        filteredDocuments.sort((a, b) => Sorter.byDateValue(a.createdAt, b.createdAt))
+        
+        return new Response(filteredDocuments.map(d => d.getStructure()));
+    }
+}

package/src/endpoints/global/registration/GetUserMembersEndpoint.ts

@@ -0,0 +1,41 @@
+import { DecodedRequest, Endpoint, Request, Response } from "@simonbackx/simple-endpoints";
+import { Member } from '@stamhoofd/models';
+import { MembersBlob } from "@stamhoofd/structures";
+
+import { AuthenticatedStructures } from "../../../helpers/AuthenticatedStructures";
+import { Context } from "../../../helpers/Context";
+
+type Params = Record<string, never>;
+type Query = undefined;
+type Body = undefined
+type ResponseBody = MembersBlob
+
+/**
+ * Get the members of the user
+ */
+export class GetUserMembersEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method != "GET") {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, "/user/members", {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+
+        return [false];
+    }
+
+    async handle(_: DecodedRequest<Params, Query, Body>) {
+        await Context.setUserOrganizationScope();
+        const {user} = await Context.authenticate()
+
+        const members = await Member.getMembersWithRegistrationForUser(user)
+        
+        return new Response(
+            await AuthenticatedStructures.membersBlob(members)
+        );
+    }
+}