kybernus 2.2.1 → 2.3.0

package/templates/nestjs/hexagonal/src/payment.module.ts.hbs

@@ -0,0 +1,23 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { PaymentController } from './adapters/inbound/payment.controller';
+import { PaymentService } from './core/payment.service';
+import { StripeAdapter } from './adapters/outbound/stripe.adapter';
+import { UserPort } from './core/ports/user.port';
+import { PrismaUserAdapter } from './adapters/outbound/persistence/prisma.user.adapter';
+import { PrismaService } from './adapters/outbound/persistence/prisma.service';
+
+@Module({
+    imports: [ConfigModule],
+    controllers: [PaymentController],
+    providers: [
+        PaymentService,
+        StripeAdapter,
+        PrismaService,
+        {
+            provide: UserPort,
+            useClass: PrismaUserAdapter,
+        },
+    ],
+})
+export class PaymentModule {}

package/templates/nestjs/mvc/src/main.ts.hbs

@@ -3,7 +3,10 @@ import { AppModule } from './app.module';
 import { ValidationPipe } from '@nestjs/common';
 
 async function bootstrap() {
-    const app = await NestFactory.create(AppModule);
+    const app = await NestFactory.create(AppModule, {
+        // rawBody is required so that the Stripe webhook can verify the signature
+        rawBody: true,
+    });
 
     app.enableCors();
     app.setGlobalPrefix('api');
@@ -12,6 +15,6 @@ async function bootstrap() {
     const port = process.env.PORT || 3000;
     await app.listen(port);
 
-    console.log(`🚀 {{pascalCase projectName}} running on port ${port}`);
+    console.log(`{{pascalCase projectName}} running on port ${port}`);
 }
-bootstrap();
+bootstrap();

package/templates/nestjs/mvc/src/payments/payments.controller.ts.hbs

@@ -1,26 +1,51 @@
-import { Controller, Post, Body, Headers, UseGuards, RawBodyRequest, Req } from '@nestjs/common';
+import { Controller, Post, Body, Headers, UseGuards, Req, Request, BadRequestException } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
+import { IsString } from 'class-validator';
 import { PaymentsService } from './payments.service';
-import { Request } from 'express';
 
 class CreateCheckoutDto {
+    @IsString()
     priceId: string;
-    customerId?: string;
 }
 
 @Controller('payments')
 export class PaymentsController {
     constructor(private paymentsService: PaymentsService) {}
 
+    /**
+     * POST /api/payments/checkout
+     * Requires JWT authentication.
+     */
     @Post('checkout')
     @UseGuards(AuthGuard('jwt'))
-    async createCheckout(@Body() dto: CreateCheckoutDto) {
-        const session = await this.paymentsService.createCheckoutSession(dto.priceId, dto.customerId);
+    async createCheckout(@Req() req: Request, @Body() dto: CreateCheckoutDto) {
+        const userId = (req as any).user?.id;
+        const session = await this.paymentsService.createCheckoutSession(userId, dto.priceId);
         return { url: session.url };
     }
 
+    /**
+     * POST /api/payments/portal
+     * Requires JWT authentication.
+     */
+    @Post('portal')
+    @UseGuards(AuthGuard('jwt'))
+    async createPortal(@Req() req: Request) {
+        const userId = (req as any).user?.id;
+        const session = await this.paymentsService.createPortalSession(userId);
+        return { url: session.url };
+    }
+
+    /**
+     * POST /api/payments/webhook
+     * No authentication. Stripe sends a raw body – NestFactory must have rawBody: true.
+     */
     @Post('webhook')
-    async webhook(@Req() req: RawBodyRequest<Request>, @Headers('stripe-signature') signature: string) {
-        return this.paymentsService.handleWebhook(req.rawBody!, signature);
+    async webhook(
+        @Req() req: any,
+        @Headers('stripe-signature') signature: string,
+    ) {
+        if (!signature) throw new BadRequestException('Missing stripe-signature header');
+        return this.paymentsService.handleWebhook(req.rawBody, signature);
     }
-}
+}

package/templates/nestjs/mvc/src/payments/payments.service.ts.hbs

@@ -12,50 +12,94 @@ export class PaymentsService {
         private prisma: PrismaService,
     ) {
         this.stripe = new Stripe(configService.get('STRIPE_SECRET_KEY', ''), {
-            apiVersion: '2024-12-18.acacia',
+            apiVersion: '2026-02-25.clover',
         });
     }
 
-    async createCheckoutSession(priceId: string, customerId?: string) {
+    async createCheckoutSession(userId: string, priceId: string) {
+        const user = await this.prisma.user.findUnique({ where: { id: userId } });
+        if (!user) throw new Error('User not found');
+
+        let customerId = user.stripeCustomerId;
+
+        if (!customerId) {
+            const customer = await this.stripe.customers.create({
+                email: user.email,
+                metadata: { userId },
+            });
+            customerId = customer.id;
+            await this.prisma.user.update({
+                where: { id: userId },
+                data: { stripeCustomerId: customerId },
+            });
+        }
+
         const session = await this.stripe.checkout.sessions.create({
             mode: 'subscription',
             payment_method_types: ['card'],
             line_items: [{ price: priceId, quantity: 1 }],
-            customer: customerId || undefined,
+            customer: customerId,
             success_url: `${this.configService.get('FRONTEND_URL')}/success?session_id={CHECKOUT_SESSION_ID}`,
             cancel_url: `${this.configService.get('FRONTEND_URL')}/cancel`,
+            client_reference_id: userId,
         });
 
         return session;
     }
 
+    async createPortalSession(userId: string) {
+        const user = await this.prisma.user.findUnique({ where: { id: userId } });
+        if (!user?.stripeCustomerId) throw new Error('No Stripe customer found for this user');
+
+        return this.stripe.billingPortal.sessions.create({
+            customer: user.stripeCustomerId,
+            return_url: `${this.configService.get('FRONTEND_URL')}/dashboard`,
+        });
+    }
+
     async handleWebhook(payload: Buffer, signature: string) {
         const webhookSecret = this.configService.get('STRIPE_WEBHOOK_SECRET', '');
-        const event = this.stripe.webhooks.constructEvent(payload, signature, webhookSecret);
+
+        let event: Stripe.Event;
+        try {
+            event = this.stripe.webhooks.constructEvent(payload, signature, webhookSecret);
+        } catch (err: any) {
+            throw new Error(`Webhook signature verification failed: ${err.message}`);
+        }
 
         switch (event.type) {
-            case 'checkout.session.completed':
-                {
-                    const session = event.data.object as Stripe.Checkout.Session;
-                    console.log('Checkout completed:', session.id);
-                    // Match the session back to the user via client_reference_id or customer email
-                    // await this.prisma.user.update({...});
+            case 'checkout.session.completed': {
+                const session = event.data.object as Stripe.Checkout.Session;
+                const userId = session.client_reference_id;
+                if (userId && session.customer) {
+                    await this.prisma.user.update({
+                        where: { id: userId },
+                        data: { stripeCustomerId: session.customer as string },
+                    });
                 }
+                console.log('Checkout completed for user:', userId);
                 break;
-            case 'customer.subscription.updated':
-                {
-                    const subscription = event.data.object as Stripe.Subscription;
-                    console.log('Subscription updated:', subscription.id);
-                    // Update user's subscription status in DB
-                }
+            }
+            case 'customer.subscription.updated': {
+                const sub = event.data.object as Stripe.Subscription;
+                console.log('Subscription updated:', sub.id, '| Status:', sub.status);
+                // TODO: Update subscriptionStatus in DB
                 break;
-            case 'customer.subscription.deleted':
-                {
-                    const subscription = event.data.object as Stripe.Subscription;
-                    console.log('Subscription deleted:', subscription.id);
-                    // Cancel user's subscription in DB
-                }
+            }
+            case 'customer.subscription.deleted': {
+                const sub = event.data.object as Stripe.Subscription;
+                console.log('Subscription deleted:', sub.id);
+                // TODO: Mark user as unsubscribed in DB
+                break;
+            }
+            case 'invoice.payment_failed': {
+                const invoice = event.data.object as Stripe.Invoice;
+                console.log('Payment failed for invoice:', invoice.id);
+                // TODO: Notify user via email
                 break;
+            }
+            default:
+                console.log('Unhandled Stripe event:', event.type);
         }
 
         return { received: true };

package/templates/nextjs/mvc/src/app/api/checkout/route.ts.hbs

@@ -1,30 +1,59 @@
 import { NextRequest, NextResponse } from "next/server";
 import Stripe from "stripe";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { prisma } from "@/lib/prisma";
 
 const stripe = new Stripe(process.env.STRIPE_SECRET_KEY || "", {
-    apiVersion: "2025-12-15.clover",
+    apiVersion: "2026-02-25.clover",
 });
 
 export async function POST(request: NextRequest) {
     try {
-        const { priceId, customerId } = await request.json();
+        const session = await getServerSession(authOptions);
+        if (!session?.user?.email) {
+            return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+        }
 
-        const session = await stripe.checkout.sessions.create({
+        const { priceId } = await request.json();
+        if (!priceId) {
+            return NextResponse.json({ error: "priceId is required" }, { status: 400 });
+        }
+
+        // Get or create Stripe customer
+        const user = await prisma.user.findUnique({ where: { email: session.user.email } });
+        if (!user) {
+            return NextResponse.json({ error: "User not found" }, { status: 404 });
+        }
+
+        let customerId = user.stripeCustomerId;
+
+        if (!customerId) {
+            const customer = await stripe.customers.create({
+                email: user.email,
+                name: user.name ?? undefined,
+                metadata: { userId: user.id },
+            });
+            customerId = customer.id;
+            await prisma.user.update({
+                where: { id: user.id },
+                data: { stripeCustomerId: customerId },
+            });
+        }
+
+        const checkoutSession = await stripe.checkout.sessions.create({
             mode: "subscription",
             payment_method_types: ["card"],
-            line_items: [
-                {
-                    price: priceId || process.env.STRIPE_PRICE_ID,
-                    quantity: 1,
-                },
-            ],
-            customer: customerId || undefined,
-            success_url: ,
-            cancel_url: ,
+            line_items: [{ price: priceId, quantity: 1 }],
+            customer: customerId,
+            success_url: `${process.env.NEXTAUTH_URL}/success?session_id={CHECKOUT_SESSION_ID}`,
+            cancel_url: `${process.env.NEXTAUTH_URL}/dashboard`,
+            client_reference_id: user.id,
         });
 
-        return NextResponse.json({ url: session.url });
+        return NextResponse.json({ url: checkoutSession.url });
     } catch (error: any) {
+        console.error("Checkout error:", error.message);
         return NextResponse.json({ error: error.message }, { status: 500 });
     }
 }

package/templates/nextjs/mvc/src/app/api/portal/route.ts.hbs

@@ -0,0 +1,36 @@
+import { NextRequest, NextResponse } from "next/server";
+import Stripe from "stripe";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/app/api/auth/[...nextauth]/route";
+import { prisma } from "@/lib/prisma";
+
+const stripe = new Stripe(process.env.STRIPE_SECRET_KEY || "", {
+    apiVersion: "2026-02-25.clover",
+});
+
+export async function POST(request: NextRequest) {
+    try {
+        const session = await getServerSession(authOptions);
+        if (!session?.user?.email) {
+            return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+        }
+
+        const user = await prisma.user.findUnique({ where: { email: session.user.email } });
+        if (!user?.stripeCustomerId) {
+            return NextResponse.json(
+                { error: "No Stripe customer found for this user" },
+                { status: 400 }
+            );
+        }
+
+        const portalSession = await stripe.billingPortal.sessions.create({
+            customer: user.stripeCustomerId,
+            return_url: `${process.env.NEXTAUTH_URL}/dashboard`,
+        });
+
+        return NextResponse.json({ url: portalSession.url });
+    } catch (error: any) {
+        console.error("Portal error:", error.message);
+        return NextResponse.json({ error: error.message }, { status: 500 });
+    }
+}

package/templates/nextjs/mvc/src/app/api/webhook/route.ts.hbs

@@ -3,7 +3,7 @@ import Stripe from "stripe";
 import { prisma } from "@/lib/prisma";
 
 const stripe = new Stripe(process.env.STRIPE_SECRET_KEY || "", {
-    apiVersion: "2025-12-15.clover",
+    apiVersion: "2026-02-25.clover",
 });
 
 const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET || "";
@@ -12,44 +12,56 @@ export async function POST(request: NextRequest) {
     const body = await request.text();
     const signature = request.headers.get("stripe-signature") || "";
 
+    if (!signature) {
+        return NextResponse.json({ error: "Missing stripe-signature header" }, { status: 400 });
+    }
+
     let event: Stripe.Event;
 
     try {
         event = stripe.webhooks.constructEvent(body, signature, webhookSecret);
     } catch (err: any) {
-        console.error("Webhook signature verification failed.", err.message);
+        console.error("Webhook signature verification failed:", err.message);
         return NextResponse.json({ error: "Invalid signature" }, { status: 400 });
     }
 
     switch (event.type) {
-        case "checkout.session.completed":
+        case "checkout.session.completed": {
             const session = event.data.object as Stripe.Checkout.Session;
-            console.log("Checkout completed:", session.id);
-            // Example: Update user's stripeCustomerId
-            // if (session.client_reference_id) {
-            //     await prisma.user.update({
-            //         where: { id: session.client_reference_id },
-            //         data: { stripeCustomerId: session.customer as string }
-            //     });
-            // }
+            const userId = session.client_reference_id;
+            if (userId && session.customer) {
+                await prisma.user.update({
+                    where: { id: userId },
+                    data: { stripeCustomerId: session.customer as string },
+                });
+            }
+            console.log("Checkout completed for user:", userId);
             break;
+        }
 
-        case "customer.subscription.updated":
+        case "customer.subscription.updated": {
             const subscription = event.data.object as Stripe.Subscription;
-            console.log("Subscription updated:", subscription.id);
-            // TODO: Update user subscription status in database
+            console.log("Subscription updated:", subscription.id, "| Status:", subscription.status);
+            // TODO: update subscriptionStatus field on user
             break;
+        }
 
-        case "customer.subscription.deleted":
-            const deletedSubscription = event.data.object as Stripe.Subscription;
-            console.log("Subscription deleted:", deletedSubscription.id);
-            // TODO: Handle subscription cancellation in database
+        case "customer.subscription.deleted": {
+            const subscription = event.data.object as Stripe.Subscription;
+            console.log("Subscription deleted:", subscription.id);
+            // TODO: mark user as unsubscribed
             break;
+        }
 
-        case "invoice.payment_failed":
+        case "invoice.payment_failed": {
             const invoice = event.data.object as Stripe.Invoice;
-            console.log("Payment failed:", invoice.id);
+            console.log("Payment failed for invoice:", invoice.id);
+            // TODO: notify user via email
             break;
+        }
+
+        default:
+            console.log("Unhandled Stripe event:", event.type);
     }
 
     return NextResponse.json({ received: true });

package/templates/nodejs-express/clean/src/application/services/PaymentService.ts.hbs

@@ -0,0 +1,98 @@
+import { IUserRepository } from '../../domain/repositories/IUserRepository';
+import { StripeProvider } from '../../infrastructure/providers/StripeProvider';
+
+export class PaymentService {
+    constructor(
+        private readonly userRepository: IUserRepository,
+        private readonly stripeProvider: StripeProvider,
+    ) {}
+
+    async createCheckoutSession(userId: string, priceId: string) {
+        const user = await this.userRepository.findById(userId);
+        if (!user) throw new Error('User not found');
+
+        let customerId = user.stripeCustomerId;
+
+        if (!customerId) {
+            const customer = await this.stripeProvider.createCustomer(
+                user.email,
+                user.name,
+                user.id,
+            );
+            customerId = customer.id;
+            user.stripeCustomerId = customerId;
+            await this.userRepository.save(user);
+        }
+
+        const session = await this.stripeProvider.createCheckoutSession(
+            customerId,
+            priceId,
+            `${process.env.FRONTEND_URL}/success?session_id={CHECKOUT_SESSION_ID}`,
+            `${process.env.FRONTEND_URL}/cancel`,
+            userId,
+        );
+
+        return session;
+    }
+
+    async createPortalSession(userId: string) {
+        const user = await this.userRepository.findById(userId);
+        if (!user?.stripeCustomerId) throw new Error('No Stripe customer found for this user');
+
+        return this.stripeProvider.createPortalSession(
+            user.stripeCustomerId,
+            `${process.env.FRONTEND_URL}/dashboard`,
+        );
+    }
+
+    async handleWebhook(rawBody: Buffer, signature: string) {
+        let event: ReturnType<typeof this.stripeProvider.constructEvent>;
+        try {
+            event = this.stripeProvider.constructEvent(rawBody, signature);
+        } catch (err: any) {
+            throw new Error(`Webhook signature verification failed: ${err.message}`);
+        }
+
+        switch (event.type) {
+            case 'checkout.session.completed': {
+                const session = event.data.object as any;
+                const userId = session.client_reference_id as string;
+                if (userId && session.customer) {
+                    const user = await this.userRepository.findById(userId);
+                    if (user) {
+                        user.stripeCustomerId = session.customer as string;
+                        await this.userRepository.save(user);
+                    }
+                }
+                console.log('Checkout completed for user:', userId);
+                break;
+            }
+
+            case 'customer.subscription.updated': {
+                const subscription = event.data.object as any;
+                console.log('Subscription updated:', subscription.id, '| Status:', subscription.status);
+                // TODO: Update subscriptionStatus field in user model
+                break;
+            }
+
+            case 'customer.subscription.deleted': {
+                const subscription = event.data.object as any;
+                console.log('Subscription deleted:', subscription.id);
+                // TODO: Mark user as unsubscribed in DB
+                break;
+            }
+
+            case 'invoice.payment_failed': {
+                const invoice = event.data.object as any;
+                console.log('Payment failed for invoice:', invoice.id);
+                // TODO: Notify user via email
+                break;
+            }
+
+            default:
+                console.log('Unhandled Stripe event:', event.type);
+        }
+
+        return { received: true };
+    }
+}

package/templates/nodejs-express/clean/src/index.ts.hbs

@@ -5,32 +5,53 @@ import helmet from 'helmet';
 import morgan from 'morgan';
 import { config } from './config';
 import { PrismaUserRepository } from './infrastructure/database/PrismaUserRepository';
+import { jwtTokenGenerator } from './infrastructure/providers/TokenGenerator';
+import { PasswordHasher } from './infrastructure/providers/PasswordHasher';
+import { StripeProvider } from './infrastructure/providers/StripeProvider';
 import { AuthController } from './infrastructure/http/controllers/AuthController';
+import { PaymentController } from './infrastructure/http/controllers/PaymentController';
+import { authMiddleware } from './infrastructure/http/middlewares/authMiddleware';
+import { PaymentService } from './application/services/PaymentService';
 import { errorHandler } from './infrastructure/http/middlewares/errorHandler';
 
 const app = express();
 
-// Middlewares
-app.use(express.json());
-app.use(cors());
+// Security middleware
 app.use(helmet());
+app.use(cors());
 app.use(morgan('dev'));
 
-// Dependency Injection
+// === IMPORTANT: raw body for Stripe webhook must come BEFORE express.json() ===
+app.use('/api/payments/webhook', express.raw({ type: 'application/json' }));
+
+// JSON parsing for all other routes
+app.use(express.json());
+
+// --- Dependency Injection ---
 const userRepository = new PrismaUserRepository();
-const authController = new AuthController(userRepository);
+const stripeProvider = new StripeProvider();
 
-// Routes
+const authController = new AuthController(userRepository, jwtTokenGenerator, new PasswordHasher());
+const paymentService = new PaymentService(userRepository, stripeProvider);
+const paymentController = new PaymentController(paymentService);
+
+// --- Auth Routes ---
 app.post('/api/auth/register', authController.register);
 app.post('/api/auth/login', authController.login);
 
+// --- Payment Routes ---
+app.post('/api/payments/checkout', authMiddleware, paymentController.createCheckout);
+app.post('/api/payments/portal', authMiddleware, paymentController.createPortal);
+app.post('/api/payments/webhook', paymentController.handleWebhook);
+
+// --- Health Check ---
 app.get('/health', (req, res) => {
   res.json({ status: 'ok', architecture: 'clean' });
 });
 
-// Error Handler
+// --- Error Handler (must be last) ---
 app.use(errorHandler);
 
 app.listen(config.port, () => {
-  console.log(`🚀 Server running on port ${config.port}`);
+  console.log(`Server running on port ${config.port}`);
 });

package/templates/nodejs-express/clean/src/infrastructure/http/controllers/PaymentController.ts.hbs

@@ -0,0 +1,57 @@
+import { Request, Response, NextFunction } from 'express';
+import { PaymentService } from '../../../application/services/PaymentService';
+
+export class PaymentController {
+    constructor(private readonly paymentService: PaymentService) {}
+
+    /**
+     * POST /api/payments/checkout
+     * Requires authentication (attach authMiddleware in index.ts)
+     */
+    createCheckout = async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const userId = (req as any).userId as string;
+            const { priceId } = req.body;
+
+            if (!priceId) {
+                return res.status(400).json({ error: 'priceId is required' });
+            }
+
+            const session = await this.paymentService.createCheckoutSession(userId, priceId);
+            res.json({ url: session.url });
+        } catch (err) {
+            next(err);
+        }
+    };
+
+    /**
+     * POST /api/payments/portal
+     * Requires authentication (attach authMiddleware in index.ts)
+     */
+    createPortal = async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const userId = (req as any).userId as string;
+            const session = await this.paymentService.createPortalSession(userId);
+            res.json({ url: session.url });
+        } catch (err) {
+            next(err);
+        }
+    };
+
+    /**
+     * POST /api/payments/webhook
+     * No authentication – Stripe sends the raw body here.
+     */
+    handleWebhook = async (req: Request, res: Response, next: NextFunction) => {
+        try {
+            const signature = req.headers['stripe-signature'] as string;
+            if (!signature) {
+                return res.status(400).json({ error: 'Missing stripe-signature header' });
+            }
+            const result = await this.paymentService.handleWebhook(req.body, signature);
+            res.json(result);
+        } catch (err) {
+            next(err);
+        }
+    };
+}