backend-manager 5.0.122 → 5.0.124

package/test/routes/payments/dispute-alert.js

@@ -0,0 +1,271 @@
+/**
+ * Test: POST /payments/dispute-alert
+ * Tests the dispute alert endpoint validates requests and saves to Firestore
+ */
+module.exports = {
+  description: 'Dispute alert endpoint',
+  type: 'group',
+  timeout: 30000,
+
+  tests: [
+    {
+      name: 'rejects-missing-key',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post('payments/dispute-alert', {});
+
+        assert.isError(response, 401, 'Should reject missing key');
+      },
+    },
+
+    {
+      name: 'rejects-invalid-key',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post('payments/dispute-alert?key=wrong-key', {});
+
+        assert.isError(response, 401, 'Should reject invalid key');
+      },
+    },
+
+    {
+      name: 'rejects-unknown-provider',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/dispute-alert?alerts=unknown&key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: '_test-dispute-unknown-provider',
+          card: '4242',
+          amount: 9.99,
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isError(response, 400, 'Should reject unknown alert provider');
+      },
+    },
+
+    {
+      name: 'rejects-missing-id',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          card: '4242',
+          amount: 9.99,
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isError(response, 400, 'Should reject missing id');
+      },
+    },
+
+    {
+      name: 'rejects-missing-card',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: '_test-dispute-no-card',
+          amount: 9.99,
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isError(response, 400, 'Should reject missing card');
+      },
+    },
+
+    {
+      name: 'rejects-missing-amount',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: '_test-dispute-no-amount',
+          card: '4242',
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isError(response, 400, 'Should reject missing amount');
+      },
+    },
+
+    {
+      name: 'rejects-missing-transaction-date',
+      auth: 'none',
+      async run({ http, assert }) {
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: '_test-dispute-no-date',
+          card: '4242',
+          amount: 9.99,
+        });
+
+        assert.isError(response, 400, 'Should reject missing transactionDate');
+      },
+    },
+
+    {
+      name: 'accepts-valid-chargeblast-alert',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const alertId = '_test-dispute-valid';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-disputes/${alertId}`);
+
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '4242424242424242',
+          cardBrand: 'Visa',
+          amount: 29.99,
+          transactionDate: '2026-03-07 14:30:00',
+          processor: 'stripe',
+        });
+
+        assert.isSuccess(response, 'Should accept valid Chargeblast alert');
+        assert.equal(response.data.received, true, 'Should confirm receipt');
+
+        // Verify doc was saved to Firestore
+        const doc = await firestore.get(`payments-disputes/${alertId}`);
+        assert.ok(doc, 'Dispute doc should exist in Firestore');
+        assert.equal(doc.provider, 'chargeblast', 'Provider should be chargeblast');
+        assert.ok(
+          doc.status === 'pending' || doc.status === 'processing',
+          'Status should be pending or processing',
+        );
+
+        // Verify normalized alert data
+        assert.equal(doc.alert.card.last4, '4242', 'Should extract last4 from full card number');
+        assert.equal(doc.alert.card.brand, 'visa', 'Should lowercase card brand');
+        assert.equal(doc.alert.amount, 29.99, 'Amount should be preserved');
+        assert.equal(doc.alert.transactionDate, '2026-03-07', 'Should extract date without time');
+        assert.equal(doc.alert.processor, 'stripe', 'Processor should be stripe');
+
+        // Verify raw payload is preserved
+        assert.ok(doc.raw, 'Raw payload should be preserved');
+        assert.equal(doc.raw.id, alertId, 'Raw id should match');
+
+        // Clean up
+        await firestore.delete(`payments-disputes/${alertId}`);
+      },
+    },
+
+    {
+      name: 'accepts-alert-with-last4-only',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const alertId = '_test-dispute-last4';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-disputes/${alertId}`);
+
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '1234',
+          amount: 9.99,
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isSuccess(response, 'Should accept alert with card last4 only');
+
+        const doc = await firestore.get(`payments-disputes/${alertId}`);
+        assert.equal(doc.alert.card.last4, '1234', 'Should use card value as last4 when already 4 digits');
+        assert.equal(doc.alert.processor, 'stripe', 'Processor should default to stripe');
+
+        // Clean up
+        await firestore.delete(`payments-disputes/${alertId}`);
+      },
+    },
+
+    {
+      name: 'deduplicates-dispute-alerts',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const alertId = '_test-dispute-duplicate';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-disputes/${alertId}`);
+
+        // Send first alert
+        await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '4242',
+          amount: 29.99,
+          transactionDate: '2026-03-07',
+        });
+
+        // Send duplicate
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '4242',
+          amount: 29.99,
+          transactionDate: '2026-03-07',
+        });
+
+        assert.isSuccess(response, 'Duplicate should still return 200');
+        assert.equal(response.data.duplicate, true, 'Should indicate duplicate');
+
+        // Clean up
+        await firestore.delete(`payments-disputes/${alertId}`);
+      },
+    },
+
+    {
+      name: 'retries-failed-alerts',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const alertId = '_test-dispute-retry';
+
+        // Pre-seed a failed dispute
+        await firestore.set(`payments-disputes/${alertId}`, {
+          id: alertId,
+          status: 'failed',
+          error: 'Previous error',
+        });
+
+        // Send alert with same ID — should retry since previous status was 'failed'
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '4242',
+          amount: 29.99,
+          transactionDate: '2026-03-07',
+        });
+
+        assert.isSuccess(response, 'Should accept retry of failed alert');
+        assert.ok(!response.data.duplicate, 'Should not indicate duplicate for failed retry');
+
+        // Verify doc was updated
+        const doc = await firestore.get(`payments-disputes/${alertId}`);
+        assert.ok(
+          doc.status === 'pending' || doc.status === 'processing',
+          'Status should be pending or processing after retry',
+        );
+
+        // Clean up
+        await firestore.delete(`payments-disputes/${alertId}`);
+      },
+    },
+
+    {
+      name: 'defaults-alerts-to-chargeblast',
+      auth: 'none',
+      async run({ http, assert, firestore }) {
+        const alertId = '_test-dispute-default-provider';
+
+        // Clean up any existing doc
+        await firestore.delete(`payments-disputes/${alertId}`);
+
+        // Send without alerts query param
+        const response = await http.as('none').post(`payments/dispute-alert?key=${process.env.BACKEND_MANAGER_KEY}`, {
+          id: alertId,
+          card: '4242',
+          amount: 9.99,
+          transactionDate: '2026-01-15',
+        });
+
+        assert.isSuccess(response, 'Should accept without explicit alerts param');
+
+        const doc = await firestore.get(`payments-disputes/${alertId}`);
+        assert.equal(doc.provider, 'chargeblast', 'Provider should default to chargeblast');
+
+        // Clean up
+        await firestore.delete(`payments-disputes/${alertId}`);
+      },
+    },
+  ],
+};

package/test/routes/payments/intent.js

@@ -113,6 +113,66 @@ module.exports = {
       },
     },
 
+    {
+      name: 'rejects-invalid-discount-code',
+      async run({ http, assert, config }) {
+        const paidProduct = config.payment.products.find(p => p.id !== 'basic' && p.prices);
+
+        const response = await http.as('basic').post('payments/intent', {
+          processor: 'stripe',
+          productId: paidProduct.id,
+          frequency: 'monthly',
+          discount: 'FAKECODE',
+        });
+
+        assert.isError(response, 400, 'Should reject invalid discount code');
+      },
+    },
+
+    {
+      name: 'saves-discount-to-intent-doc',
+      async run({ http, assert, config, firestore }) {
+        const paidProduct = config.payment.products.find(p => p.id !== 'basic' && p.prices);
+
+        const response = await http.as('journey-payments-intent-discount').post('payments/intent', {
+          processor: 'test',
+          productId: paidProduct.id,
+          frequency: 'monthly',
+          discount: 'FLASH20',
+        });
+
+        assert.isSuccess(response, 'Should succeed with valid discount');
+
+        // Verify discount was resolved and saved to intent doc
+        const intentDoc = await firestore.get(`payments-intents/${response.data.orderId}`);
+        assert.ok(intentDoc.discount, 'Discount should be saved on intent');
+        assert.equal(intentDoc.discount.code, 'FLASH20', 'Discount code should match');
+        assert.equal(intentDoc.discount.percent, 20, 'Discount percent should be 20');
+        assert.equal(intentDoc.discount.duration, 'once', 'Discount duration should be once');
+      },
+    },
+
+    {
+      name: 'saves-attribution-and-supplemental-to-intent-doc',
+      async run({ http, assert, config, firestore }) {
+        const paidProduct = config.payment.products.find(p => p.id !== 'basic' && p.prices);
+
+        const response = await http.as('journey-payments-intent-attribution').post('payments/intent', {
+          processor: 'test',
+          productId: paidProduct.id,
+          frequency: 'monthly',
+          attribution: { utm_source: 'test', utm_medium: 'unit-test' },
+          supplemental: { referral: 'friend' },
+        });
+
+        assert.isSuccess(response, 'Should succeed with attribution and supplemental');
+
+        const intentDoc = await firestore.get(`payments-intents/${response.data.orderId}`);
+        assert.equal(intentDoc.attribution.utm_source, 'test', 'Attribution utm_source should be saved');
+        assert.equal(intentDoc.supplemental.referral, 'friend', 'Supplemental should be saved');
+      },
+    },
+
     {
       name: 'succeeds-with-test-processor',
       async run({ http, assert, config, firestore, accounts, waitFor }) {

package/test/routes/test/usage.js

@@ -19,7 +19,8 @@ module.exports = {
         state.initialUsage = userDoc?.usage || {};
 
         // Store initial values for requests metric (may not exist yet)
-        state.initialPeriod = state.initialUsage?.requests?.period || 0;
+        state.initialMonthly = state.initialUsage?.requests?.monthly || 0;
+        state.initialDaily = state.initialUsage?.requests?.daily || 0;
         state.initialTotal = state.initialUsage?.requests?.total || 0;
 
         assert.ok(true, 'Initial usage state captured');
@@ -42,12 +43,21 @@ module.exports = {
         assert.equal(response.data.metric, 'requests', 'Metric should be requests');
         assert.equal(response.data.amount, 1, 'Default amount should be 1');
 
-        // Verify increment happened
+        // Verify monthly incremented
         assert.equal(
-          response.data.after.period,
-          response.data.before.period + 1,
-          'Period should be incremented by 1'
+          response.data.after.monthly,
+          response.data.before.monthly + 1,
+          'Monthly should be incremented by 1'
         );
+
+        // Verify daily incremented
+        assert.equal(
+          response.data.after.daily,
+          response.data.before.daily + 1,
+          'Daily should be incremented by 1'
+        );
+
+        // Verify total incremented
         assert.equal(
           response.data.after.total,
           response.data.before.total + 1,
@@ -69,15 +79,25 @@ module.exports = {
         assert.ok(userDoc?.usage?.requests, 'User should have requests usage');
 
         assert.equal(
-          userDoc.usage.requests.period,
-          state.afterFirstIncrement.period,
-          'Persisted period should match API response'
+          userDoc.usage.requests.monthly,
+          state.afterFirstIncrement.monthly,
+          'Persisted monthly should match API response'
+        );
+        assert.equal(
+          userDoc.usage.requests.daily,
+          state.afterFirstIncrement.daily,
+          'Persisted daily should match API response'
         );
         assert.equal(
           userDoc.usage.requests.total,
           state.afterFirstIncrement.total,
           'Persisted total should match API response'
         );
+
+        // Verify last timestamp exists
+        assert.ok(userDoc.usage.requests.last, 'Should have last object');
+        assert.ok(userDoc.usage.requests.last.timestamp, 'Should have last.timestamp');
+        assert.ok(userDoc.usage.requests.last.timestampUNIX, 'Should have last.timestampUNIX');
       },
     },
 
@@ -92,11 +112,16 @@ module.exports = {
         assert.isSuccess(response, 'Custom amount increment should succeed');
         assert.equal(response.data.amount, 5, 'Amount should be 5');
 
-        // Verify increment happened with custom amount
+        // Verify all counters incremented by 5
+        assert.equal(
+          response.data.after.monthly,
+          response.data.before.monthly + 5,
+          'Monthly should be incremented by 5'
+        );
         assert.equal(
-          response.data.after.period,
-          response.data.before.period + 5,
-          'Period should be incremented by 5'
+          response.data.after.daily,
+          response.data.before.daily + 5,
+          'Daily should be incremented by 5'
         );
         assert.equal(
           response.data.after.total,
@@ -117,9 +142,14 @@ module.exports = {
         assert.ok(userDoc?.usage?.requests, 'User should have requests usage');
 
         assert.equal(
-          userDoc.usage.requests.period,
-          state.afterCustomAmount.period,
-          'Requests period should be persisted'
+          userDoc.usage.requests.monthly,
+          state.afterCustomAmount.monthly,
+          'Requests monthly should be persisted'
+        );
+        assert.equal(
+          userDoc.usage.requests.daily,
+          state.afterCustomAmount.daily,
+          'Requests daily should be persisted'
         );
         assert.equal(
           userDoc.usage.requests.total,
@@ -151,13 +181,19 @@ module.exports = {
         assert.isSuccess(response3, 'Third increment should succeed');
 
         // Verify accumulation: should be initial + 1 (test 2) + 5 (test 4) + 1 + 1 + 3 = initial + 11
-        const expectedPeriod = state.initialPeriod + 11;
+        const expectedMonthly = state.initialMonthly + 11;
+        const expectedDaily = state.initialDaily + 11;
         const expectedTotal = state.initialTotal + 11;
 
         assert.equal(
-          response3.data.after.period,
-          expectedPeriod,
-          `Period should accumulate to ${expectedPeriod}`
+          response3.data.after.monthly,
+          expectedMonthly,
+          `Monthly should accumulate to ${expectedMonthly}`
+        );
+        assert.equal(
+          response3.data.after.daily,
+          expectedDaily,
+          `Daily should accumulate to ${expectedDaily}`
         );
         assert.equal(
           response3.data.after.total,
@@ -180,9 +216,11 @@ module.exports = {
         assert.equal(response.data.authenticated, false, 'Should report as unauthenticated');
         assert.equal(response.data.key, state.unauthKey, 'Key should be unknown');
 
-        // Verify increment happened (relative check — prior tests may have incremented too)
-        state.unauthPeriod = response.data.after.period;
-        assert.equal(response.data.after.period, response.data.before.period + 1, 'Period should increment by 1');
+        // Verify all counters incremented
+        assert.equal(response.data.after.monthly, response.data.before.monthly + 1, 'Monthly should increment by 1');
+        assert.equal(response.data.after.daily, response.data.before.daily + 1, 'Daily should increment by 1');
+
+        state.unauthMonthly = response.data.after.monthly;
       },
     },
 
@@ -194,22 +232,66 @@ module.exports = {
 
         assert.ok(usageDoc, 'Usage doc should exist in usage collection');
         assert.ok(usageDoc?.requests, 'Usage doc should have the requests metric');
-        assert.equal(usageDoc.requests.period, state.unauthPeriod, 'Persisted period should match');
+        assert.equal(usageDoc.requests.monthly, state.unauthMonthly, 'Persisted monthly should match');
       },
     },
 
-    // Test 9: Cleanup - trigger daily cron via PubSub to delete usage collection
+    // Test 9: Cron resets daily counters for authenticated users
     {
-      name: 'cleanup-reset-usage',
-      async run({ assert, firestore, state, waitFor, pubsub }) {
-        // Verify unauthenticated usage doc exists before cron
-        const beforeUsageDoc = await firestore.get(`usage/${state.unauthKey}`);
-        assert.ok(beforeUsageDoc, 'Usage doc should exist before cron');
+      name: 'cron-resets-daily-counters',
+      async run({ assert, firestore, state, accounts, waitFor, pubsub }) {
+        // Verify daily counter is > 0 before cron
+        const beforeDoc = await firestore.get(`users/${accounts.basic.uid}`);
+        assert.ok(beforeDoc?.usage?.requests?.daily > 0, 'Daily counter should be > 0 before cron');
+
+        // Store monthly and total before cron (should NOT be reset by daily cron)
+        state.monthlyBeforeCron = beforeDoc.usage.requests.monthly;
+        state.totalBeforeCron = beforeDoc.usage.requests.total;
 
         // Trigger cron via PubSub
         await pubsub.trigger('bm_cronDaily');
 
-        // Wait for cron to delete the usage collection doc (max 10 seconds)
+        // Wait for cron to reset daily counter
+        try {
+          await waitFor(
+            async () => {
+              const doc = await firestore.get(`users/${accounts.basic.uid}`);
+              return doc?.usage?.requests?.daily === 0;
+            },
+            10000,
+            500
+          );
+          assert.ok(true, 'Daily counter was reset to 0 by cron');
+        } catch (error) {
+          assert.fail('Daily counter should be reset to 0 within 10s');
+        }
+      },
+    },
+
+    // Test 10: Cron preserves monthly and total counters (non-1st of month)
+    {
+      name: 'cron-preserves-monthly-and-total',
+      async run({ assert, firestore, state, accounts }) {
+        const afterDoc = await firestore.get(`users/${accounts.basic.uid}`);
+
+        assert.equal(
+          afterDoc.usage.requests.monthly,
+          state.monthlyBeforeCron,
+          'Monthly counter should be preserved after daily cron'
+        );
+        assert.equal(
+          afterDoc.usage.requests.total,
+          state.totalBeforeCron,
+          'Total counter should be preserved after daily cron'
+        );
+      },
+    },
+
+    // Test 11: Cron deletes unauthenticated usage collection
+    {
+      name: 'cron-deletes-unauthenticated-usage',
+      async run({ assert, firestore, state, waitFor }) {
+        // The cron was already triggered in test 9, so the usage collection should be deleted
         try {
           await waitFor(
             async () => {
@@ -225,5 +307,27 @@ module.exports = {
         }
       },
     },
+
+    // Test 12: Daily counter accumulates after cron reset
+    {
+      name: 'daily-counter-accumulates-after-reset',
+      async run({ http, assert }) {
+        // After cron reset daily to 0, new increments should start from 0
+        const response = await http.as('basic').post('test/usage', {
+          amount: 3,
+        });
+
+        assert.isSuccess(response, 'Increment after cron reset should succeed');
+        assert.equal(response.data.before.daily, 0, 'Daily should be 0 after cron reset');
+        assert.equal(response.data.after.daily, 3, 'Daily should be 3 after increment');
+
+        // Monthly should have continued accumulating (not reset)
+        assert.equal(
+          response.data.after.monthly,
+          response.data.before.monthly + 3,
+          'Monthly should continue accumulating'
+        );
+      },
+    },
   ],
 };