@stamhoofd/backend 2.120.5 → 2.121.0

package/src/endpoints/organization/dashboard/billing/OrganizationCheckoutEndpoint.ts

@@ -0,0 +1,308 @@
+import type { Decoder } from '@simonbackx/simple-encoding';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { BalanceItem, Organization, Platform, STPackage } from '@stamhoofd/models';
+import { BalanceItemStatus, BalanceItemType, CheckoutResponse, OrganizationPackagesStatus, OrganizationCheckout, STPackageStruct } from '@stamhoofd/structures';
+import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures.js';
+import { Context } from '../../../../helpers/Context.js';
+import { PaymentService } from '../../../../services/PaymentService.js';
+import { STPackageService } from '../../../../services/STPackageService.js';
+import { CreateMandateSettings } from '@stamhoofd/structures/checkout/CreateMandateSettings.js';
+import { BalanceItemService } from '../../../../services/BalanceItemService.js';
+
+type Params = { sellingOrganizationId: string };
+type Query = undefined;
+type Body = OrganizationCheckout;
+type ResponseBody = CheckoutResponse;
+
+/**
+ * B2B billing (outstanding amount) and activating packages
+ */
+export class OrganizationCheckoutEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = OrganizationCheckout as Decoder<Body>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'POST') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/billing/@sellingOrganizationId/checkout', {sellingOrganizationId: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        const { user } = await Context.authenticate();
+
+        // If the user has permission, we'll also search if he has access to the organization's key
+        if (!await Context.auth.canActivatePackages(organization.id)) {
+            throw Context.auth.error();
+        }
+        const checkout = request.body;
+
+        // Validate company
+        if (checkout.customer && checkout.customer.company) {
+            // Search company id
+            // this avoids needing to check the VAT number every time
+            const id = checkout.customer.company.id;
+            const foundCompany = organization.meta.companies.find(c => c.id === id);
+
+            if (!foundCompany) {
+                throw new SimpleError({
+                    code: 'invalid_data',
+                    message: $t(`%w1`),
+                });
+            }
+        }
+
+        const id = request.params.sellingOrganizationId;
+        if (!id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'This is temporarily unavailable',
+                human: $t('%1Rz')
+            })
+        }
+        
+        const sellingOrganization = await Organization.getByID(id);
+        if (!sellingOrganization || !sellingOrganization.active) {
+            throw new SimpleError({
+                statusCode: 404,
+                code: 'not_found',
+                message: 'Selling organization not found',
+                human: $t('%1R5'),
+                field: 'sellingOrganization'
+            })
+        }
+
+        if (sellingOrganization.id === organization.id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'Cannot purchase from yourself',
+            });
+        }
+
+        const packages: STPackageStruct[] = [];
+        const balanceItems: Map<BalanceItem, number> = new Map();
+        const models: STPackage[] = [];
+
+        const membershipOrganizationId = (await Platform.getShared()).membershipOrganizationId;
+
+        if (STAMHOOFD.userMode === 'organization' && sellingOrganization.id === membershipOrganizationId) {
+            const currentPackages = await STPackageService.getActivePackages(organization.id);
+            const packageStatus = OrganizationPackagesStatus.create({
+                packages: currentPackages.map(p => STPackageStruct.create(p)),
+            });
+
+            packages.push(...checkout.purchases.getPackages(packageStatus));
+        }
+
+        // Create the real models for each package
+        // calculate the price for these packages and create a hidden balance item
+        for (const pack of packages) {
+            const model = new STPackage();
+            model.id = pack.id;
+            model.meta = pack.meta;
+            model.validUntil = pack.validUntil;
+            model.removeAt = pack.removeAt;
+
+            // Not yet valid / active (ignored until valid)
+            model.validAt = null;
+            model.organizationId = organization.id;
+
+            if (request.body.proForma) {
+                // Security addition
+                model.disableSave();
+            }
+
+            const balanceItem = await STPackageService.chargePackage(model, undefined, checkout.customer ?? undefined);
+            if (balanceItem) {
+                balanceItem.VATExcempt = PaymentService.getVATExcempt({
+                    customer: checkout.customer,
+                    sellingOrganization
+                });
+                balanceItems.set(balanceItem, balanceItem.priceWithVAT);
+            }
+
+            if (!request.body.proForma) {
+                await model.save();
+                await balanceItem?.save();
+            } else {
+                // Security addition
+                if (balanceItem && balanceItem.id) {
+                    throw new Error('Unexpected balance item save')
+                }
+                balanceItem?.disableSave()
+            }
+
+            models.push(model);
+
+            if (model.meta.requiresMandate) {
+                if (checkout.proForma) {
+                    if (!checkout.createMandate) {
+                        checkout.createMandate = CreateMandateSettings.create({saveAsDefault: true})
+                    }
+                } else {
+                    // setting checkout.mandate is not enough - we also need to set it as default.
+
+                    if (!checkout.createMandate) {
+                        throw new SimpleError({
+                            code: '',
+                            message: $t('%1Rh')
+                        })
+                    }
+
+                    if (!checkout.createMandate.saveAsDefault) {
+                        throw new SimpleError({
+                            code: '',
+                            message: $t('%1Qp')
+                        })
+                    }
+                }
+            }
+        }
+
+        // Add pending items (balance items in request)
+        // Update balances before we start
+        await BalanceItemService.flushCaches(organization.id);
+
+        // Validate balance items (can only happen serverside)
+        const balanceItemIds = [...request.body.balances.keys()]
+        let balanceItemsModels: BalanceItem[] = [];
+        if (balanceItemIds.length > 0) {
+            balanceItemsModels = await BalanceItem.select().where('id', balanceItemIds).andWhere('organizationId', sellingOrganization.id).limit(balanceItemIds.length).fetch();
+
+            if (balanceItemsModels.length !== balanceItemIds.length) {
+                throw new SimpleError({
+                    code: 'balance_changed',
+                    message: $t(`%vg`),
+                });
+            }
+
+            for (const [id, amount] of request.body.balances) {
+                if (amount === 0) {
+                    continue;
+                }
+
+                const item = balanceItemsModels.find(b => b.id === id);
+                if (!item) {
+                    throw new SimpleError({
+                        code: 'balance_changed',
+                        message: $t(`%vg`),
+                    });
+                }
+
+                if (item.priceOpen === 0) {
+                    throw new SimpleError({
+                        code: 'balance_changed',
+                        message: $t(`%vg`),
+                    });
+                }
+
+                if (item.priceOpen > 0 && amount < 0 || amount > item.priceOpen) {
+                    throw new SimpleError({
+                        code: 'balance_changed',
+                        message: $t(`%vg`),
+                    });
+                }
+
+                if (item.priceOpen < 0 && amount > 0 || amount < item.priceOpen) {
+                    throw new SimpleError({
+                        code: 'balance_changed',
+                        message: $t(`%vg`),
+                    });
+                }
+                balanceItems.set(item, amount)
+            }
+        }
+
+        // If still zero payment
+        const { price: totalPrice, roundingAmount } = PaymentService.calculateTotalPrice({ 
+            balanceItems, 
+            organization: sellingOrganization
+        })
+        const minimumAmount = 2_00;
+        
+        if (totalPrice < minimumAmount && checkout.createMandate && !checkout.mandate) {
+            const item = new BalanceItem();
+            item.type = BalanceItemType.AdministrationFee;
+            item.description = $t('%1Q4')
+            item.payingOrganizationId = organization.id;
+            item.organizationId = sellingOrganization.id;
+            item.VATPercentage = 21;
+            item.VATExcempt = PaymentService.getVATExcempt({
+                customer: checkout.customer,
+                sellingOrganization
+            });
+            item.VATIncluded = !item.VATExcempt; // Makes sure price with VAT always matches unitPrice
+            item.quantity = 1;
+            item.unitPrice = minimumAmount - (totalPrice - roundingAmount); 
+            item.createdAt = new Date();
+            item.status = BalanceItemStatus.Hidden;
+
+            if (!request.body.proForma) {
+                await item.save();
+            } else {
+                item.disableSave()
+            }
+
+            balanceItems.set(item, item.priceWithVAT);
+        }
+
+        if (checkout.proForma) {
+            const result = await PaymentService.createProForma({
+                balanceItems,
+                checkout,
+                user,
+                organization: sellingOrganization,
+                payingOrganization: organization,
+            });
+
+            return new Response(CheckoutResponse.create({
+                payment: result.payment,
+                invoice: result.invoice
+            }));
+        } 
+
+        const result = await PaymentService.createPayment({
+            balanceItems,
+            checkout,
+            user,
+            organization: sellingOrganization,
+            payingOrganization: organization,
+            serviceFeeType: 'system',
+            createMandate: checkout.createMandate,
+            useMandate: checkout.mandate,
+            paymentConfiguration: sellingOrganization.meta.registrationPaymentConfiguration,
+            privatePaymentConfiguration: sellingOrganization.privateMeta.registrationPaymentConfiguration
+        });
+
+        if (!result) {
+            // No payment needed
+            throw new SimpleError({
+                code: 'missing_data',
+                message: 'Checkout was empty',
+                human: $t('%1L2'),
+            });
+        }
+
+        for (const pack of models) {
+            await pack.save();
+        }
+
+        const { payment, paymentUrl, paymentQRCode } = result;
+
+        return new Response(CheckoutResponse.create({
+            payment: payment ? await AuthenticatedStructures.paymentGeneral(payment) : null,
+            paymentUrl,
+            paymentQRCode,
+        }));
+    }
+
+    setPayment
+}

package/src/endpoints/organization/dashboard/billing/PatchOrganizationMandatesEndpoint.ts

@@ -0,0 +1,94 @@
+import type { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder } from '@simonbackx/simple-encoding';
+import { PatchableArrayDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { Organization } from '@stamhoofd/models';
+import { PaymentMandate } from '@stamhoofd/structures/PaymentMandate.js';
+import { Context } from '../../../../helpers/Context.js';
+import { PaymentMandateService } from '../../../../services/PaymentMandateService.js';
+
+type Params = { sellingOrganizationId: string };
+type Query = undefined;
+type Body = PatchableArrayAutoEncoder<PaymentMandate>;
+type ResponseBody = PaymentMandate[]
+
+export class DeleteOrganizationMandateEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = new PatchableArrayDecoder(
+        PaymentMandate as Decoder<PaymentMandate>, 
+        PaymentMandate.patchType() as Decoder<AutoEncoderPatchType<PaymentMandate>>, 
+        StringDecoder
+    ) as Decoder<PatchableArrayAutoEncoder<PaymentMandate>>;
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'PATCH') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/billing/@sellingOrganizationId/mandates', {sellingOrganizationId: String});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const payingOrganization = await Context.setOrganizationScope();
+        const { user } = await Context.authenticate();
+
+       const id = request.params.sellingOrganizationId;
+        if (!id) {
+            throw new SimpleError({
+                code: 'unavailable',
+                message: 'This is temporarily unavailable',
+                human: $t('%1Rz')
+            })
+        }
+        
+        const sellingOrganization = await Organization.getByID(id);
+        if (!sellingOrganization || !sellingOrganization.active) {
+            throw new SimpleError({
+                statusCode: 404,
+                code: 'not_found',
+                message: 'Selling organization not found',
+                human: $t('%1R5'),
+                field: 'sellingOrganization'
+            })
+        }
+
+        const mandates = await PaymentMandateService.getMandates({
+            sellingOrganization,
+            user,
+            payingOrganization
+        });
+
+        for (const patch of request.body.getPatches()) {
+            const mandate = mandates.find(m => m.id === patch.id);
+            if (!mandate) {
+                throw new SimpleError({
+                    code: 'not_found',
+                    message: 'This payment mandate is not found',
+                    human: $t('%1R8')
+                })
+            }
+
+            if (patch.isDefault === true) {
+                await PaymentMandateService.setDefaultMandate({
+                    mandateId: mandate.id,
+                    sellingOrganization,
+                    payingOrganizationId: payingOrganization,
+                    payingUserId: null
+                })
+            }
+        }
+
+        const updatedMandates = await PaymentMandateService.getMandates({
+            sellingOrganization,
+            user,
+            payingOrganization
+        })
+
+       return new Response(PaymentMandateService.groupByMandate(updatedMandates).mandates);
+    }
+}

package/src/endpoints/organization/dashboard/invoices/GetInvoicesEndpoint.ts

@@ -11,6 +11,7 @@ import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStruct
 import { Context } from '../../../../helpers/Context.js';
 import { invoiceFilterCompilers } from '../../../../sql-filters/invoices.js';
 import { invoiceSorters } from '../../../../sql-sorters/invoices.js';
+import { InvoiceService } from '../../../../services/InvoiceService.js';
 
 type Params = Record<string, never>;
 type Query = LimitedFilteredRequest;
@@ -186,6 +187,12 @@ export class GetInvoicesEndpoint extends Endpoint<Params, Query, Body, ResponseB
             }
         }
 
+        for (const invoice of invoices) {
+            if (invoice.number && STAMHOOFD.environment === 'development') {
+                await InvoiceService.generatePdf(invoice)
+            }
+        }
+
         return new PaginatedResponse<InvoiceStruct[], LimitedFilteredRequest>({
             results: await AuthenticatedStructures.invoices(invoices),
             next,

package/src/endpoints/organization/dashboard/mollie/CheckMollieEndpoint.ts

@@ -6,6 +6,7 @@ import { CheckMollieResponse, PermissionLevel } from '@stamhoofd/structures';
 
 import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures.js';
 import { Context } from '../../../../helpers/Context.js';
+import { MollieService } from '../../../../services/MollieService.js';
 
 type Params = Record<string, never>;
 type Body = undefined;
@@ -36,9 +37,9 @@ export class CheckMollieEndpoint extends Endpoint<Params, Query, Body, ResponseB
             throw Context.auth.error();
         }
 
-        const mollie = await MollieToken.getTokenFor(organization.id);
+        const service = await MollieService.create({sellingOrganization: organization })
 
-        if (!mollie) {
+        if (!service) {
             organization.privateMeta.mollieOnboarding = null;
             organization.privateMeta.mollieProfile = null;
             await organization.save();
@@ -52,9 +53,9 @@ export class CheckMollieEndpoint extends Endpoint<Params, Query, Body, ResponseB
                 profiles: [],
             }));
         }
-        const profiles = await mollie.getProfiles();
+        const profiles = await service.getProfiles();
 
-        const status = await mollie.getOnboardingStatus();
+        const status = await service.getOnboardingStatus();
         organization.privateMeta.mollieOnboarding = status;
 
         // Check profile is still valid

package/src/endpoints/organization/dashboard/mollie/ConnectMollieEndpoint.ts

@@ -9,6 +9,7 @@ import { PermissionLevel } from '@stamhoofd/structures';
 import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStructures.js';
 import { checkMollieSettlementsFor } from '../../../../helpers/CheckSettlements.js';
 import { Context } from '../../../../helpers/Context.js';
+import { MollieService } from '../../../../services/MollieService.js';
 
 type Params = Record<string, never>;
 
@@ -47,9 +48,13 @@ export class ConnectMollieEndpoint extends Endpoint<Params, Query, Body, Respons
         }
 
         const mollieToken = await MollieToken.create(organization, request.body.code);
+        const service = await MollieService.create({sellingOrganization: organization})
+        if (service) {
+            await service.setupOnboarding()
 
-        // Check settlements after linking (shouldn't block)
-        checkMollieSettlementsFor(mollieToken.accessToken, true).catch(console.error);
+            // Check settlements after linking (shouldn't block)
+            checkMollieSettlementsFor(mollieToken.accessToken, true).catch(console.error);
+        }
 
         return new Response(await AuthenticatedStructures.organization(organization));
     }

package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts

@@ -1,10 +1,10 @@
-import type { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder} from '@simonbackx/simple-encoding';
+import type { AutoEncoderPatchType, Decoder, PatchableArrayAutoEncoder } from '@simonbackx/simple-encoding';
 import { cloneObject, isPatchableArray, isPatchMap, ObjectData, PatchableArray, PatchMap, patchObject } from '@simonbackx/simple-encoding';
-import type { DecodedRequest, Request} from '@simonbackx/simple-endpoints';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
 import { Endpoint, Response } from '@simonbackx/simple-endpoints';
 import { SimpleError, SimpleErrors } from '@simonbackx/simple-errors';
 import { Organization, OrganizationRegistrationPeriod, PayconiqPayment, Platform, RegistrationPeriod, StripeAccount, Webshop } from '@stamhoofd/models';
-import type { Company, PermissionsResourceType, ResourcePermissions} from '@stamhoofd/structures';
+import type { Company, PermissionsResourceType, ResourcePermissions } from '@stamhoofd/structures';
 import { BuckarooSettings, MemberResponsibility, OrganizationMetaData, Organization as OrganizationStruct, PayconiqAccount, PaymentMethod, PaymentMethodHelper, PermissionLevel, PermissionRoleDetailed, PermissionRoleForResponsibility, UitpasClientCredentialsStatus } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
@@ -12,6 +12,7 @@ import { AuthenticatedStructures } from '../../../../helpers/AuthenticatedStruct
 import { BuckarooHelper } from '../../../../helpers/BuckarooHelper.js';
 import { Context } from '../../../../helpers/Context.js';
 import { MemberUserSyncer } from '../../../../helpers/MemberUserSyncer.js';
+import { RecordAnswerHelper } from '../../../../helpers/RecordAnswerHelper.js';
 import { SetupStepUpdater } from '../../../../helpers/SetupStepUpdater.js';
 import { TagHelper } from '../../../../helpers/TagHelper.js';
 import { ViesHelper } from '../../../../helpers/ViesHelper.js';
@@ -158,6 +159,7 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                 organization.privateMeta.privateKey = request.body.privateMeta.privateKey ?? organization.privateMeta.privateKey;
                 organization.privateMeta.featureFlags = patchObject(organization.privateMeta.featureFlags, request.body.privateMeta.featureFlags);
                 organization.privateMeta.balanceNotificationSettings = patchObject(organization.privateMeta.balanceNotificationSettings, request.body.privateMeta.balanceNotificationSettings);
+                organization.privateMeta.invoiceSettings = patchObject(organization.privateMeta.invoiceSettings, request.body.privateMeta.invoiceSettings);
                 organization.privateMeta.recordAnswers = request.body.privateMeta.recordAnswers.applyTo(organization.privateMeta.recordAnswers);
 
                 if (request.body.privateMeta.responsibilities || request.body.privateMeta.roles) {
@@ -251,16 +253,23 @@ export class PatchOrganizationEndpoint extends Endpoint<Params, Query, Body, Res
                 }
             }
 
-            // Allow admin patches (permissions only atm). No put atm
-            if (request.body.admins) {
-                throw new Error('Temporary removed to keep code cleaner. Please use different endpoints.');
-            }
-
             if (request.body.meta) {
                 if (request.body.meta.companies) {
                     await this.validateCompanies(organization, request.body.meta.companies);
                     shouldUpdateSetupSteps = true;
                 }
+
+                if (request.body.meta.recordsConfiguration?.recordCategories) {
+                    RecordAnswerHelper.throwIfPatchOrPutIsInvalid(organization.meta.recordsConfiguration.recordCategories, request.body.meta.recordsConfiguration.recordCategories);
+                }
+
+                if (request.body.meta.financialSupport) {
+                    if (STAMHOOFD.userMode === 'platform') {
+                        // can only set financial support settings on platform if userMode platform
+                        request.body.meta.financialSupport = null;
+                    }
+                }
+
                 const savedPackages = organization.meta.packages;
                 organization.meta.patchOrPut(request.body.meta);
                 organization.meta.packages = savedPackages;

package/src/endpoints/organization/dashboard/payments/PatchPaymentsEndpoint.ts

@@ -166,7 +166,7 @@ export class PatchPaymentsEndpoint extends Endpoint<Params, Query, Body, Respons
             // Check total price
             const totalPrice = balanceItemPayments.reduce((total, item) => total + item.price, 0);
             payment.price = totalPrice;
-            PaymentService.round(payment);
+            PaymentService.roundPayment(payment);
 
             switch (payment.type) {
                 case PaymentType.Payment: {
@@ -301,8 +301,8 @@ export class PatchPaymentsEndpoint extends Endpoint<Params, Query, Body, Respons
                     payment.paidAt = patch.paidAt;
                 }
 
-                if (patch.customer) {
-                    // payment.customer = patchObject(payment.customer, patch.customer, { getDefaultValue: () => PaymentCustomer.create({}) });
+                if (patch.customer !== undefined) {
+                    payment.customer = patchObject(payment.customer, patch.customer, { getDefaultValue: () => PaymentCustomer.create({}) });
                 }
 
                 const payingOrganizationId = patch.payingOrganizationId ?? patch.payingOrganization?.id ?? null;