@stamhoofd/backend 1.0.0

package/src/helpers/AuthenticatedStructures.ts

@@ -0,0 +1,158 @@
+import { SimpleError } from "@simonbackx/simple-errors";
+import { Group, MemberResponsibilityRecord, MemberWithRegistrations, Organization, OrganizationRegistrationPeriod, Payment, RegistrationPeriod, User, Webshop } from "@stamhoofd/models";
+import { OrganizationRegistrationPeriod as OrganizationRegistrationPeriodStruct, MemberResponsibilityRecord as MemberResponsibilityRecordStruct, User as UserStruct, Group as GroupStruct, MembersBlob, Organization as OrganizationStruct, PaymentGeneral, PermissionLevel, PrivateWebshop, Webshop as WebshopStruct,WebshopPreview, MemberWithRegistrationsBlob } from '@stamhoofd/structures';
+
+import { Context } from "./Context";
+
+/**
+ * Builds authenticated structures for the current user
+ */
+export class AuthenticatedStructures {
+    static async paymentGeneral(payment: Payment, checkPermissions = true): Promise<PaymentGeneral> {
+        return (await this.paymentsGeneral([payment], checkPermissions))[0]
+    }
+
+    /**
+     * 
+     * @param payments 
+     * @param checkPermissions Only set to undefined when not returned in the API + not for public use
+     * @returns 
+     */
+    static async paymentsGeneral(payments: Payment[], checkPermissions = true): Promise<PaymentGeneral[]> {
+        if (payments.length === 0) {
+            return []
+        }
+
+        const {balanceItemPayments, balanceItems} = await Payment.loadBalanceItems(payments)
+        const {registrations, orders, members, groups} = await Payment.loadBalanceItemRelations(balanceItems);
+
+        if (checkPermissions) {
+            // Note: permission checking is moved here for performacne to avoid loading the data multiple times
+            if (!(await Context.auth.canAccessBalanceItems(balanceItems, PermissionLevel.Read, {registrations, orders, members}))) {
+                throw new SimpleError({
+                    code: "not_found",
+                    message: "Payment not found",
+                    human: "Je hebt geen toegang tot deze betaling"
+                })
+            }
+        }
+
+        const includeSettlements = checkPermissions && !!Context.user && !!Context.user.permissions
+
+        return Payment.getGeneralStructureFromRelations({
+            payments,
+            balanceItemPayments,
+            balanceItems,
+            registrations,
+            orders,
+            members,
+            groups
+        }, includeSettlements)
+    }
+
+    static async group(group: Group) {
+        if (!await Context.optionalAuth?.canAccessGroup(group)) {
+            return group.getStructure()
+        }
+        return group.getPrivateStructure()
+    }
+
+    static async webshop(webshop: Webshop) {
+        if (await Context.optionalAuth?.canAccessWebshop(webshop)) {
+            return PrivateWebshop.create(webshop)
+        }
+        return WebshopStruct.create(webshop)
+    }
+
+    static async organization(organization: Organization): Promise<OrganizationStruct> {
+        if (await Context.optionalAuth?.canAccessPrivateOrganizationData(organization)) {
+            const groups = await Group.getAll(organization.id, organization.periodId)
+            const webshops = await Webshop.where({ organizationId: organization.id }, { select: Webshop.selectColumnsWithout(undefined, "products", "categories")})
+            const webshopStructures: WebshopPreview[] = [] 
+
+            for (const w of webshops) {
+                if (!await Context.auth.canAccessWebshop(w)) {
+                    continue
+                }
+                webshopStructures.push(WebshopPreview.create(w))
+            }
+
+            const oPeriods = await OrganizationRegistrationPeriod.where({ periodId: organization.periodId }, {limit: 1})
+            let oPeriod = oPeriods[0];
+            const period = (await RegistrationPeriod.getByID(organization.periodId))!
+
+            if (!oPeriod) {
+                const organizationPeriod = new OrganizationRegistrationPeriod();
+                organizationPeriod.organizationId = organization.id;
+                organizationPeriod.periodId = period.id
+                organizationPeriod.settings.categories = organization.meta.categories
+                organizationPeriod.settings.rootCategoryId = organization.meta.rootCategoryId
+                await organizationPeriod.save();
+
+                oPeriod = organizationPeriod
+            }
+
+            return OrganizationStruct.create({
+                id: organization.id,
+                name: organization.name,
+                meta: organization.meta,
+                address: organization.address,
+                registerDomain: organization.registerDomain,
+                uri: organization.uri,
+                website: organization.website,
+                privateMeta: organization.privateMeta,
+                webshops: webshopStructures,
+                createdAt: organization.createdAt,
+                period: oPeriod.getStructure(period, groups)
+            })
+        }
+        
+        return await organization.getStructure()
+    }
+
+    static async adminOrganizations(organizations: Organization[]): Promise<OrganizationStruct[]> {
+        const structs: OrganizationStruct[] = [];
+        const admins = await User.getAdmins(organizations.map(o => o.id))
+
+        for (const organization of organizations) {
+            const base = await organization.getStructure({emptyGroups: true})
+            base.admins = admins.filter(a => a.permissions?.organizationPermissions.has(organization.id)).map(a => UserStruct.create({...a, hasAccount: a.hasAccount()}))
+            structs.push(base)
+        }
+        
+        return structs
+    }
+
+    static async membersBlob(members: MemberWithRegistrations[], includeContextOrganization = false): Promise<MembersBlob> {
+        const organizations = new Map<string, Organization>()
+        const memberBlobs: MemberWithRegistrationsBlob[] = []
+        for (const member of members) {
+            for (const registration of member.registrations) {
+                if (includeContextOrganization || registration.organizationId !== Context.auth.organization?.id) {
+                    const found = organizations.get(registration.id);
+                    if (!found) {
+                        const organization = await Context.auth.getOrganization(registration.organizationId)
+                        organizations.set(organization.id, organization)
+                    }
+                }
+            }
+
+            const blob = member.getStructureWithRegistrations()
+            memberBlobs.push(
+                await Context.auth.filterMemberData(member, blob)
+            )
+        }
+
+        // Load responsibilities
+        const responsibilities = await MemberResponsibilityRecord.where({ memberId: { sign: 'IN', value: members.map(m => m.id) } })
+
+        for (const blob of memberBlobs) {
+            blob.responsibilities = responsibilities.filter(r => r.memberId == blob.id).map(r => MemberResponsibilityRecordStruct.create(r))
+        }
+
+        return MembersBlob.create({
+            members: memberBlobs,
+            organizations: await Promise.all([...organizations.values()].map(o => this.organization(o)))
+        })
+    }
+}

package/src/helpers/BuckarooHelper.ts

@@ -0,0 +1,279 @@
+import { SimpleError } from '@simonbackx/simple-errors';
+import { BuckarooPayment, Payment } from '@stamhoofd/models';
+import { PaymentMethod, PaymentStatus } from '@stamhoofd/structures';
+import axios from 'axios';
+import crypto from 'crypto';
+
+export class BuckarooHelper {
+    key: string;
+    secret: string;
+    testMode: boolean;
+
+    constructor(key: string, secret: string, testMode: boolean) {
+        this.key = key;
+        this.secret = secret;
+        this.testMode = testMode;
+    }
+
+    getEncodedContent(content: string) {
+        if (content) {
+            return crypto.createHash('md5').update(content).digest("base64")
+        }
+ 
+        return content;
+    }
+
+    calculateHMAC(method: string, url: string, content: string): string {
+        method = method.toUpperCase()
+
+        // Remove protocol from url
+        url = url.replace(/^https?:\/\//, '')
+
+        // Uri encode
+        url = encodeURIComponent(url)
+
+        // To lowercase (should be last)
+        url = url.toLowerCase()
+
+        const timestamp = Math.floor(Date.now() / 1000)
+
+        // Nonce: A random sequence of characters, this should differ from for each request.
+        const nonce = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15)
+
+        const encodedContent = this.getEncodedContent(content)
+        const rawData = this.key + method + url + timestamp + nonce + encodedContent;
+
+        // The HMAC SHA256 of rawData using secret
+        const hash = crypto.createHmac('sha256', this.secret).update(rawData).digest('base64');
+
+        return "hmac " + this.key + ":" + hash + ":" + nonce + ":" + timestamp;
+    }
+
+    async request(method: "GET" | "POST", uri: string, content: any) {
+
+        const json = content ? JSON.stringify(content) : "";
+        // Finally, if you want to perform live transactions, sent the API requests to https://checkout.buckaroo.nl/json/Transaction
+        const url = (!this.testMode ? "https://checkout.buckaroo.nl" : "https://testcheckout.buckaroo.nl")+uri;
+
+        console.log("[BUCKAROO REQUEST]", method, url, content ? "\n [BUCKAROO REQUEST] " : undefined, json)
+
+        const response = await axios.request({
+            method,
+            url,
+            headers: {
+                'Content-Type': json.length > 0 ? 'application/json' : "text/plain",
+                'Authorization': this.calculateHMAC(method, url, json)
+            },
+            data: json
+            
+        })
+        console.log("[BUCKAROO RESPONSE]", method, url, "\n[BUCKAROO RESPONSE]", JSON.stringify(response.data))
+        return response.data
+    }
+
+    async createTest(): Promise<boolean> {
+        const service = {
+                "Name": "bancontactmrcash",
+                "Action": "Pay",
+                "Parameters": [
+                    {
+                        "Name": "savetoken",
+                        "Value": "false"
+                    }
+                ]
+            };
+        const data = {
+            "Currency": "EUR",
+            "AmountDebit": "0.01",
+            "Invoice": "TESTPAYMENT-"+(new Date().getTime())+"-"+Math.round(Math.random()*100000),
+            "ClientIP": {
+                "Type": 0, // 0 = ipv4, 1 = ipv6
+                "Address": "0.0.0.0"
+            },
+            "Services": {
+                "ServiceList": [
+                    service
+                ]
+            },
+            "ContinueOnIncomplete": "1", // iDEAL
+            "Description": "Test payment",
+            "PushURL": "",
+            "PushURLFailure": "",
+            "ReturnURL": "https://stamhoofd.be",
+            "ReturnURLCancel": "https://stamhoofd.be",
+            "ReturnURLError": "https://stamhoofd.be",
+            "ReturnURLReject": "https://stamhoofd.be",
+        }
+
+        try {
+            const response = await this.request("POST", "/json/Transaction", data)
+            const key = response["Key"]
+
+            if (!key) {
+                return false
+            }
+            const status = this.getStatusFromResponse(response)
+
+            return status === PaymentStatus.Pending || status === PaymentStatus.Created || status === PaymentStatus.Succeeded
+        } catch (e) {
+            console.error(e)
+        }
+        return false
+    }
+
+    async createPayment(payment: Payment, ip: string, description: string, returnUrl: string, exchangeUrl: string): Promise<string | null> {
+        let service: any;
+
+        switch (payment.method) {
+            case PaymentMethod.iDEAL: {
+                service = {
+                    "Name": "ideal",
+                    "Action": "Pay",
+                    "Parameters": []
+                };
+                break;
+            }
+            case PaymentMethod.CreditCard: {
+                service ={
+                    "Name": "mastercard",
+                    "Action": "Pay"
+                };
+                break;
+            }
+
+            case PaymentMethod.Bancontact: {
+                service = {
+                    "Name": "bancontactmrcash",
+                    "Action": "Pay",
+                    "Parameters": [
+                        {
+                            "Name": "savetoken",
+                            "Value": "false"
+                        }
+                    ]
+                };
+                break;
+            }
+
+            case PaymentMethod.Payconiq: {
+                service = {
+                    "Name": "payconiq",
+                    "Action": "Pay"
+                };
+                break;
+            }
+        }
+        
+        const data = {
+            "Currency": "EUR",
+            "AmountDebit": (payment.price / 100).toFixed(2),
+            "Invoice": "ID " + payment.id,
+            "ClientIP": {
+                "Type": 0, // 0 = ipv4, 1 = ipv6
+                "Address": ip
+            },
+            "Services": {
+                "ServiceList": [
+                    service
+                ]
+            },
+            "ContinueOnIncomplete": "1", // iDEAL
+            "Description": description,
+            "PushURL": exchangeUrl,
+            "PushURLFailure": exchangeUrl,
+            "ReturnURL": returnUrl,
+            "ReturnURLCancel": returnUrl,
+            "ReturnURLError": returnUrl,
+            "ReturnURLReject": returnUrl,
+        }
+
+        try {
+            const response = await this.request("POST", "/json/Transaction", data)
+            const key = response["Key"]
+
+            if (!key) {
+                throw new Error("Failed to create payment, missing key")
+            }
+
+            payment.status = this.getStatusFromResponse(response)
+
+            // Save payment
+            const dbPayment = new BuckarooPayment()
+            dbPayment.paymentId = payment.id
+            dbPayment.transactionKey = key
+            await dbPayment.save();
+
+            return response["RequiredAction"]?.["RedirectURL"] ?? null;
+        } catch (e) {
+            console.error(e)
+            throw new SimpleError({
+                code: "buckaroo_error",
+                message: "Failed to create payment",
+                human: "Er ging iets mis bij het starten van de betaling. Herlaad de pagina en probeer het opnieuw."
+            })
+        }
+        
+    }
+
+    private getStatusFromResponse(data: any) {
+        const status: string = data["Status"]?.["Code"]?.["Code"]?.toString() ?? ""
+        if (status === "190") {
+            return PaymentStatus.Succeeded
+        }
+
+        if (["490", "491", "492", "890", "891", "690"].includes(status)) {
+            return PaymentStatus.Failed
+        }
+
+        if (["790"].includes(status)) {
+            // Pending input
+            return PaymentStatus.Created
+        }
+
+        if (["791", "792"].includes(status)) {
+            // Pending input
+            return PaymentStatus.Pending
+        }
+
+        console.warn("Unknown buckaroo status: " + status+" for ", data)
+        return PaymentStatus.Pending
+    }
+
+    /**
+     * Get the status of a payment
+     */
+    async getStatus(payment: Payment) {
+        const buckarooPayments = await BuckarooPayment.where({ paymentId: payment.id}, { limit: 1 })
+        if (buckarooPayments.length != 1) {
+            throw new Error("Failed to find Buckaroo payment for payment " + payment.id)
+        }
+        const buckarooPayment = buckarooPayments[0]
+        
+        // Send request
+        const response = await this.request("GET", "/json/transaction/status/" + buckarooPayment.transactionKey, undefined)
+        const parameters = response["Services"]?.[0]?.["Parameters"]
+
+        if (parameters && Array.isArray(parameters)) {
+            const iban = parameters.find(p => p.Name.toLowerCase() === "customeriban")?.Value
+
+            if (iban) {
+                payment.iban = iban
+            }
+
+            const name = parameters.find(p => p.Name.toLowerCase() === "customeraccountname")?.Value
+
+            if (name) {
+                payment.ibanName = name
+            }
+        }
+
+        const name = response["CustomerName"]
+
+        if (name) {
+            payment.ibanName = name
+        }
+
+        // Read status
+        return this.getStatusFromResponse(response)
+    }
+}

package/src/helpers/CheckSettlements.ts

@@ -0,0 +1,215 @@
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+import { MolliePayment, MollieToken, Order, Organization, PayconiqPayment, Payment, StripeAccount } from '@stamhoofd/models';
+import { Settlement } from '@stamhoofd/structures'
+import axios from 'axios';
+
+import { StripePayoutChecker } from './StripePayoutChecker';
+
+type MollieSettlement = {
+    id: string;
+    reference: string;
+    createdAt: string;
+    settledAt: string;
+    status: "open" | "pending" | "paidout" | "failed";
+    amount: {
+        currenty: string;
+        value: string;
+    }
+}
+
+type MolliePaymentJSON = {
+    id: string;
+}
+
+let lastSettlementCheck: Date | null = null
+
+export async function checkAllStripePayouts(checkAll = false) {
+    if (STAMHOOFD.environment !== "production") {
+        console.log("Skip settlement check")
+        return
+    }
+    
+    // Stripe payouts
+    const stripeAccounts = await StripeAccount.where({ status: 'active' })
+    for (const account of stripeAccounts) {
+        try {
+            console.log("Checking settlements for ", account.accountId)
+
+            const checker = new StripePayoutChecker({
+                secretKey: STAMHOOFD.STRIPE_SECRET_KEY,
+                stripeAccount: account.accountId
+            })
+            await checker.checkSettlements(checkAll)
+        } catch (e) {
+            console.error(e)
+        }
+    }
+}
+
+export async function checkSettlements(checkAll = false) {
+    if (STAMHOOFD.environment !== "production") {
+        return
+    }
+
+    if (!checkAll && lastSettlementCheck && (lastSettlementCheck > new Date(new Date().getTime() - 24 * 60 * 60 * 1000))) {
+        console.log("Skip settlement check")
+        return
+    }
+
+    console.log("Checking settlements...")
+    lastSettlementCheck = new Date()
+
+    // Mollie payment is required
+    const token = STAMHOOFD.MOLLIE_ORGANIZATION_TOKEN
+    if (!token) {
+        console.error("Missing mollie organization token")
+    } else {
+        await checkMollieSettlementsFor(token, checkAll)
+    }
+
+    // Loop all mollie tokens created after given date (when settlement permission was added)
+    try {
+        // Stripe payouts
+        await checkAllStripePayouts(checkAll)
+
+        const mollieTokens = await MollieToken.all()
+        for (const token of mollieTokens) {
+            if (token.createdAt < new Date(2021, 8 /* september! */, 8)) {
+                console.log("Skipped mollie token that is too old")
+            } else {
+                try {
+                    await token.refreshIfNeeded()
+                    await checkMollieSettlementsFor(token.accessToken, checkAll)
+                } catch (e) {
+                    console.error(e)
+                }
+            }
+        }
+    } catch (e) {
+        console.error(e)
+    }
+}
+
+// Check settlements once a week on tuesday morning/night
+export async function checkMollieSettlementsFor(token: string, checkAll = false) {
+    // Check last 2 weeks + 3 day margin, unless we check them all
+    const d = new Date()
+    d.setDate(d.getDate() - 17)
+
+    console.log("Checking settlements for given token...")
+
+    // Loop all organizations with online paymetns the last week
+    try {
+        const request = await axios.get("https://api.mollie.com/v2/settlements?limit="+(checkAll ? 250 : 14), {
+            headers: {
+                "Authorization": "Bearer "+token
+            }
+        })
+        if (request.status === 200) {
+            // get data
+            try {
+                // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+                const data = request.data
+                // Read the data
+                // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+                if (data._embedded?.settlements) {
+                    const settlements = data._embedded.settlements as MollieSettlement[];
+
+                    for (const settlement of settlements) {
+                        if (settlement.settledAt === null) {
+                            // Skip: this is the open settlement
+                            continue;
+                        }
+
+                        const settledAt = new Date(settlement.settledAt)
+                        
+                        if (isNaN(settledAt.getTime())) {
+                            console.error('Received an invalid settledAt from Mollie', settlement, 'for token', token);
+                            continue;
+                        }
+
+                        if (checkAll || settledAt > d) {
+                            await updateSettlement(token, settlement)
+                        }
+                    }
+                } else {
+                    console.error("Unreadable settlements")
+                }
+            } catch (e) {
+                console.error(request.data)
+                throw e;
+            }
+            
+        } else {
+            console.error("Failed to fetch settlements")
+            console.error(request.data)
+        }
+        
+    } catch (e) {
+        console.error(e)
+    }
+}
+
+async function updateSettlement(token: string, settlement: MollieSettlement, fromPaymentId?: string) {
+    const limit = 250
+
+    // Loop all payments of this settlement
+    const request = await axios.get("https://api.mollie.com/v2/settlements/"+settlement.id+"/payments?limit="+limit+(fromPaymentId ? ("&from="+encodeURIComponent(fromPaymentId)) : ""), {
+        headers: {
+            "Authorization": "Bearer "+token
+        }
+    })
+
+    if (request.status === 200) {
+        const molliePayments = request.data._embedded.payments as MolliePaymentJSON[]
+
+        for (const mollie of molliePayments) {
+            // Search payment
+            const mps = await MolliePayment.where({ mollieId: mollie.id })
+            if (mps.length == 1) {
+                const mp = mps[0]
+                const payment = await Payment.getByID(mp.paymentId)
+                if (payment) {
+                    payment.settlement = Settlement.create({
+                        id: settlement.id,
+                        reference: settlement.reference,
+                        settledAt: new Date(settlement.settledAt),
+                        amount: Math.round(parseFloat(settlement.amount.value)*100)
+                    })
+                    const saved = await payment.save()
+
+                    if (saved) {
+                        // Mark order as 'updated', or the frontend won't pull in the updates
+                        const order = await Order.getForPayment(null, payment.id)
+                        if (order) {
+                            order.updatedAt = new Date();
+                            order.forceSaveProperty('updatedAt');
+                            await order.save();
+                        }
+
+                        // TODO: Mark registrations as 'saved'
+                    }
+                    
+
+                    if (STAMHOOFD.environment === "development") {
+                        console.log("Updated settlement of payment "+payment.id)
+                        console.log(payment.settlement)
+                    }
+                } else {
+                    console.log("Missing payment "+mp.paymentId)
+                }
+            } else {
+                // Probably a payment in a different system/platform
+                //console.log("No mollie payment found for id "+mollie.id)
+            }
+        }
+
+        // Check next page
+        if (request.data._links.next) {
+            await updateSettlement(token, settlement, molliePayments[molliePayments.length - 1].id)
+        }
+    } else {
+        console.error(request.data)
+    }
+}