npm - omgkit - Versions diffs - 2.0.7 → 2.1.0 - Mend

omgkit 2.0.7 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/plugin/skills/integrations/payment-integration/SKILL.md ADDED Viewed

@@ -0,0 +1,735 @@
+---
+name: payment-integration
+description: Enterprise payment processing with Stripe, PayPal, and LemonSqueezy including subscriptions, webhooks, and PCI compliance
+category: integrations
+triggers:
+  - payment integration
+  - stripe
+  - paypal
+  - lemonsqueezy
+  - checkout
+  - subscription billing
+  - payment processing
+---
+# Payment Integration
+Enterprise-grade **payment processing** with Stripe, PayPal, and LemonSqueezy. This skill covers checkout flows, subscription management, webhook handling, and PCI compliance patterns.
+## Purpose
+Implement secure, reliable payment systems:
+- Process one-time and recurring payments
+- Handle subscription lifecycle management
+- Implement secure webhook processing
+- Manage refunds and disputes
+- Ensure PCI DSS compliance
+- Support multiple payment methods
+## Features
+### 1. Stripe Integration
+```typescript
+import Stripe from 'stripe';
+const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, {
+  apiVersion: '2023-10-16',
+  typescript: true,
+});
+// Create checkout session
+async function createCheckoutSession(
+  items: CartItem[],
+  customerId?: string,
+  metadata?: Record<string, string>
+): Promise<Stripe.Checkout.Session> {
+  const lineItems: Stripe.Checkout.SessionCreateParams.LineItem[] = items.map(item => ({
+    price_data: {
+      currency: 'usd',
+      product_data: {
+        name: item.name,
+        description: item.description,
+        images: item.images,
+        metadata: { productId: item.id },
+      },
+      unit_amount: Math.round(item.price * 100), // Convert to cents
+    },
+    quantity: item.quantity,
+  }));
+  return stripe.checkout.sessions.create({
+    mode: 'payment',
+    line_items: lineItems,
+    customer: customerId,
+    success_url: `${process.env.APP_URL}/checkout/success?session_id={CHECKOUT_SESSION_ID}`,
+    cancel_url: `${process.env.APP_URL}/checkout/cancel`,
+    metadata,
+    payment_intent_data: {
+      metadata,
+    },
+    shipping_address_collection: {
+      allowed_countries: ['US', 'CA', 'GB'],
+    },
+    automatic_tax: { enabled: true },
+  });
+}
+// Create subscription
+async function createSubscription(
+  customerId: string,
+  priceId: string,
+  options?: {
+    trialDays?: number;
+    couponId?: string;
+    metadata?: Record<string, string>;
+  }
+): Promise<Stripe.Subscription> {
+  const params: Stripe.SubscriptionCreateParams = {
+    customer: customerId,
+    items: [{ price: priceId }],
+    payment_behavior: 'default_incomplete',
+    payment_settings: {
+      save_default_payment_method: 'on_subscription',
+    },
+    expand: ['latest_invoice.payment_intent'],
+    metadata: options?.metadata,
+  };
+  if (options?.trialDays) {
+    params.trial_period_days = options.trialDays;
+  }
+  if (options?.couponId) {
+    params.coupon = options.couponId;
+  }
+  return stripe.subscriptions.create(params);
+}
+// Handle subscription changes
+async function updateSubscription(
+  subscriptionId: string,
+  newPriceId: string,
+  prorationBehavior: 'create_prorations' | 'none' | 'always_invoice' = 'create_prorations'
+): Promise<Stripe.Subscription> {
+  const subscription = await stripe.subscriptions.retrieve(subscriptionId);
+  return stripe.subscriptions.update(subscriptionId, {
+    items: [{
+      id: subscription.items.data[0].id,
+      price: newPriceId,
+    }],
+    proration_behavior: prorationBehavior,
+  });
+}
+// Cancel subscription
+async function cancelSubscription(
+  subscriptionId: string,
+  cancelImmediately: boolean = false
+): Promise<Stripe.Subscription> {
+  if (cancelImmediately) {
+    return stripe.subscriptions.cancel(subscriptionId);
+  }
+  return stripe.subscriptions.update(subscriptionId, {
+    cancel_at_period_end: true,
+  });
+}
+// Process refund
+async function processRefund(
+  paymentIntentId: string,
+  amount?: number, // Partial refund in cents
+  reason?: 'duplicate' | 'fraudulent' | 'requested_by_customer'
+): Promise<Stripe.Refund> {
+  return stripe.refunds.create({
+    payment_intent: paymentIntentId,
+    amount, // Omit for full refund
+    reason,
+  });
+}
+```
+### 2. Webhook Handling
+```typescript
+import { buffer } from 'micro';
+import type { NextApiRequest, NextApiResponse } from 'next';
+// Webhook handler with signature verification
+async function handleStripeWebhook(
+  req: NextApiRequest,
+  res: NextApiResponse
+): Promise<void> {
+  if (req.method !== 'POST') {
+    res.setHeader('Allow', 'POST');
+    res.status(405).end('Method Not Allowed');
+    return;
+  }
+  const buf = await buffer(req);
+  const sig = req.headers['stripe-signature'] as string;
+  let event: Stripe.Event;
+  try {
+    event = stripe.webhooks.constructEvent(
+      buf,
+      sig,
+      process.env.STRIPE_WEBHOOK_SECRET!
+    );
+  } catch (err) {
+    console.error('Webhook signature verification failed:', err);
+    res.status(400).send(`Webhook Error: ${err.message}`);
+    return;
+  }
+  // Handle events with idempotency
+  const idempotencyKey = event.id;
+  const processed = await isEventProcessed(idempotencyKey);
+  if (processed) {
+    res.status(200).json({ received: true, duplicate: true });
+    return;
+  }
+  try {
+    await processWebhookEvent(event);
+    await markEventProcessed(idempotencyKey);
+    res.status(200).json({ received: true });
+  } catch (err) {
+    console.error('Webhook processing error:', err);
+    // Return 200 to prevent retries for business logic errors
+    // Return 500 for transient errors that should be retried
+    res.status(err.retryable ? 500 : 200).json({ error: err.message });
+  }
+}
+// Event processor
+async function processWebhookEvent(event: Stripe.Event): Promise<void> {
+  switch (event.type) {
+    case 'checkout.session.completed': {
+      const session = event.data.object as Stripe.Checkout.Session;
+      await handleCheckoutComplete(session);
+      break;
+    }
+    case 'customer.subscription.created':
+    case 'customer.subscription.updated': {
+      const subscription = event.data.object as Stripe.Subscription;
+      await syncSubscriptionStatus(subscription);
+      break;
+    }
+    case 'customer.subscription.deleted': {
+      const subscription = event.data.object as Stripe.Subscription;
+      await handleSubscriptionCanceled(subscription);
+      break;
+    }
+    case 'invoice.payment_succeeded': {
+      const invoice = event.data.object as Stripe.Invoice;
+      await handlePaymentSuccess(invoice);
+      break;
+    }
+    case 'invoice.payment_failed': {
+      const invoice = event.data.object as Stripe.Invoice;
+      await handlePaymentFailure(invoice);
+      break;
+    }
+    case 'charge.dispute.created': {
+      const dispute = event.data.object as Stripe.Dispute;
+      await handleDispute(dispute);
+      break;
+    }
+    default:
+      console.log(`Unhandled event type: ${event.type}`);
+  }
+}
+// Subscription sync
+async function syncSubscriptionStatus(subscription: Stripe.Subscription): Promise<void> {
+  await db.subscription.upsert({
+    where: { stripeSubscriptionId: subscription.id },
+    update: {
+      status: subscription.status,
+      currentPeriodStart: new Date(subscription.current_period_start * 1000),
+      currentPeriodEnd: new Date(subscription.current_period_end * 1000),
+      cancelAtPeriodEnd: subscription.cancel_at_period_end,
+      priceId: subscription.items.data[0].price.id,
+    },
+    create: {
+      stripeSubscriptionId: subscription.id,
+      stripeCustomerId: subscription.customer as string,
+      status: subscription.status,
+      currentPeriodStart: new Date(subscription.current_period_start * 1000),
+      currentPeriodEnd: new Date(subscription.current_period_end * 1000),
+      priceId: subscription.items.data[0].price.id,
+    },
+  });
+}
+```
+### 3. PayPal Integration
+```typescript
+import { PayPalHttpClient, OrdersCreateRequest, OrdersCaptureRequest } from '@paypal/checkout-server-sdk';
+// PayPal client setup
+function getPayPalClient(): PayPalHttpClient {
+  const environment = process.env.NODE_ENV === 'production'
+    ? new paypal.core.LiveEnvironment(
+        process.env.PAYPAL_CLIENT_ID!,
+        process.env.PAYPAL_CLIENT_SECRET!
+      )
+    : new paypal.core.SandboxEnvironment(
+        process.env.PAYPAL_CLIENT_ID!,
+        process.env.PAYPAL_CLIENT_SECRET!
+      );
+  return new PayPalHttpClient(environment);
+}
+// Create PayPal order
+async function createPayPalOrder(
+  items: CartItem[],
+  shippingCost: number = 0
+): Promise<PayPalOrder> {
+  const client = getPayPalClient();
+  const itemTotal = items.reduce((sum, item) => sum + item.price * item.quantity, 0);
+  const total = itemTotal + shippingCost;
+  const request = new OrdersCreateRequest();
+  request.prefer('return=representation');
+  request.requestBody({
+    intent: 'CAPTURE',
+    purchase_units: [{
+      amount: {
+        currency_code: 'USD',
+        value: total.toFixed(2),
+        breakdown: {
+          item_total: { currency_code: 'USD', value: itemTotal.toFixed(2) },
+          shipping: { currency_code: 'USD', value: shippingCost.toFixed(2) },
+        },
+      },
+      items: items.map(item => ({
+        name: item.name,
+        unit_amount: { currency_code: 'USD', value: item.price.toFixed(2) },
+        quantity: item.quantity.toString(),
+        category: 'PHYSICAL_GOODS',
+      })),
+    }],
+    application_context: {
+      brand_name: process.env.APP_NAME,
+      landing_page: 'BILLING',
+      user_action: 'PAY_NOW',
+      return_url: `${process.env.APP_URL}/checkout/paypal/success`,
+      cancel_url: `${process.env.APP_URL}/checkout/paypal/cancel`,
+    },
+  });
+  const response = await client.execute(request);
+  return response.result;
+}
+// Capture PayPal payment
+async function capturePayPalOrder(orderId: string): Promise<PayPalCapture> {
+  const client = getPayPalClient();
+  const request = new OrdersCaptureRequest(orderId);
+  request.prefer('return=representation');
+  const response = await client.execute(request);
+  if (response.result.status === 'COMPLETED') {
+    await handlePayPalPaymentComplete(response.result);
+  }
+  return response.result;
+}
+```
+### 4. Subscription Management UI
+```typescript
+// Subscription management component
+interface SubscriptionManagerProps {
+  subscription: UserSubscription;
+  availablePlans: Plan[];
+}
+export function SubscriptionManager({ subscription, availablePlans }: SubscriptionManagerProps) {
+  const [isLoading, setIsLoading] = useState(false);
+  async function handleUpgrade(newPriceId: string) {
+    setIsLoading(true);
+    try {
+      await updateSubscription(subscription.id, newPriceId);
+      toast.success('Subscription updated successfully');
+    } catch (error) {
+      toast.error('Failed to update subscription');
+    } finally {
+      setIsLoading(false);
+    }
+  }
+  async function handleCancel() {
+    if (!confirm('Are you sure you want to cancel your subscription?')) return;
+    setIsLoading(true);
+    try {
+      await cancelSubscription(subscription.id);
+      toast.success('Subscription will be canceled at the end of the billing period');
+    } catch (error) {
+      toast.error('Failed to cancel subscription');
+    } finally {
+      setIsLoading(false);
+    }
+  }
+  async function handleReactivate() {
+    setIsLoading(true);
+    try {
+      await reactivateSubscription(subscription.id);
+      toast.success('Subscription reactivated');
+    } catch (error) {
+      toast.error('Failed to reactivate subscription');
+    } finally {
+      setIsLoading(false);
+    }
+  }
+  return (
+    <div className="subscription-manager">
+      <div className="current-plan">
+        <h3>Current Plan: {subscription.plan.name}</h3>
+        <p>Status: {subscription.status}</p>
+        <p>Renews: {format(subscription.currentPeriodEnd, 'MMM d, yyyy')}</p>
+      </div>
+      {subscription.cancelAtPeriodEnd && (
+        <Alert variant="warning">
+          Your subscription will end on {format(subscription.currentPeriodEnd, 'MMM d, yyyy')}
+          <Button onClick={handleReactivate} disabled={isLoading}>
+            Reactivate
+          </Button>
+        </Alert>
+      )}
+      <div className="available-plans">
+        <h4>Available Plans</h4>
+        {availablePlans.map(plan => (
+          <PlanCard
+            key={plan.id}
+            plan={plan}
+            isCurrent={plan.priceId === subscription.priceId}
+            onSelect={() => handleUpgrade(plan.priceId)}
+            disabled={isLoading}
+          />
+        ))}
+      </div>
+      {!subscription.cancelAtPeriodEnd && (
+        <Button variant="destructive" onClick={handleCancel} disabled={isLoading}>
+          Cancel Subscription
+        </Button>
+      )}
+    </div>
+  );
+}
+```
+### 5. LemonSqueezy Integration
+```typescript
+import { lemonSqueezySetup, createCheckout, getSubscription } from '@lemonsqueezy/lemonsqueezy.js';
+// Initialize LemonSqueezy
+lemonSqueezySetup({ apiKey: process.env.LEMONSQUEEZY_API_KEY! });
+// Create LemonSqueezy checkout
+async function createLemonSqueezyCheckout(
+  variantId: string,
+  customerEmail: string,
+  metadata?: Record<string, string>
+): Promise<string> {
+  const checkout = await createCheckout(
+    process.env.LEMONSQUEEZY_STORE_ID!,
+    variantId,
+    {
+      checkoutData: {
+        email: customerEmail,
+        custom: metadata,
+      },
+      checkoutOptions: {
+        embed: false,
+        logo: true,
+        dark: false,
+      },
+      productOptions: {
+        enabledVariants: [parseInt(variantId)],
+        redirectUrl: `${process.env.APP_URL}/checkout/success`,
+      },
+    }
+  );
+  return checkout.data.attributes.url;
+}
+// LemonSqueezy webhook handler
+async function handleLemonSqueezyWebhook(req: NextApiRequest): Promise<void> {
+  const signature = req.headers['x-signature'] as string;
+  const payload = JSON.stringify(req.body);
+  // Verify signature
+  const hmac = crypto.createHmac('sha256', process.env.LEMONSQUEEZY_WEBHOOK_SECRET!);
+  hmac.update(payload);
+  const expectedSignature = hmac.digest('hex');
+  if (signature !== expectedSignature) {
+    throw new Error('Invalid webhook signature');
+  }
+  const { event_name, data } = req.body;
+  switch (event_name) {
+    case 'subscription_created':
+      await handleLSSubscriptionCreated(data);
+      break;
+    case 'subscription_updated':
+      await handleLSSubscriptionUpdated(data);
+      break;
+    case 'subscription_cancelled':
+      await handleLSSubscriptionCancelled(data);
+      break;
+    case 'order_created':
+      await handleLSOrderCreated(data);
+      break;
+  }
+}
+```
+### 6. Payment Security
+```typescript
+// PCI-compliant payment handling patterns
+// Never log sensitive payment data
+const SENSITIVE_FIELDS = ['card_number', 'cvv', 'cvc', 'exp_month', 'exp_year'];
+function sanitizeForLogging(data: Record<string, any>): Record<string, any> {
+  const sanitized = { ...data };
+  for (const field of SENSITIVE_FIELDS) {
+    if (field in sanitized) {
+      sanitized[field] = '[REDACTED]';
+    }
+  }
+  return sanitized;
+}
+// Secure API endpoint
+async function createPaymentIntent(req: NextApiRequest, res: NextApiResponse) {
+  // Validate request
+  const { amount, currency, customerId } = req.body;
+  if (!amount || amount < 50) { // Minimum $0.50
+    return res.status(400).json({ error: 'Invalid amount' });
+  }
+  // Use idempotency key
+  const idempotencyKey = req.headers['idempotency-key'] as string;
+  if (!idempotencyKey) {
+    return res.status(400).json({ error: 'Idempotency key required' });
+  }
+  try {
+    const paymentIntent = await stripe.paymentIntents.create(
+      {
+        amount,
+        currency: currency || 'usd',
+        customer: customerId,
+        automatic_payment_methods: { enabled: true },
+        metadata: {
+          userId: req.user.id,
+        },
+      },
+      { idempotencyKey }
+    );
+    // Only return necessary data
+    res.json({
+      clientSecret: paymentIntent.client_secret,
+      paymentIntentId: paymentIntent.id,
+    });
+  } catch (error) {
+    console.error('Payment error:', sanitizeForLogging(error));
+    if (error.type === 'StripeCardError') {
+      return res.status(400).json({ error: error.message });
+    }
+    res.status(500).json({ error: 'Payment processing failed' });
+  }
+}
+// Webhook security middleware
+function verifyWebhookSignature(
+  payload: Buffer,
+  signature: string,
+  secret: string
+): boolean {
+  try {
+    stripe.webhooks.constructEvent(payload, signature, secret);
+    return true;
+  } catch {
+    return false;
+  }
+}
+```
+## Use Cases
+### 1. E-commerce Checkout
+```typescript
+// Complete e-commerce checkout flow
+async function processCheckout(cart: Cart, user: User): Promise<CheckoutResult> {
+  // Calculate totals
+  const subtotal = calculateSubtotal(cart.items);
+  const tax = await calculateTax(subtotal, user.address);
+  const shipping = await calculateShipping(cart.items, user.address);
+  const total = subtotal + tax + shipping;
+  // Create Stripe checkout
+  const session = await createCheckoutSession(cart.items, user.stripeCustomerId, {
+    orderId: generateOrderId(),
+    userId: user.id,
+  });
+  // Create pending order
+  await db.order.create({
+    data: {
+      userId: user.id,
+      status: 'pending',
+      subtotal,
+      tax,
+      shipping,
+      total,
+      stripeSessionId: session.id,
+      items: {
+        create: cart.items.map(item => ({
+          productId: item.productId,
+          quantity: item.quantity,
+          price: item.price,
+        })),
+      },
+    },
+  });
+  return {
+    checkoutUrl: session.url,
+    sessionId: session.id,
+  };
+}
+```
+### 2. SaaS Subscription
+```typescript
+// SaaS subscription management
+async function handlePlanChange(
+  userId: string,
+  newPlanId: string
+): Promise<PlanChangeResult> {
+  const user = await db.user.findUnique({
+    where: { id: userId },
+    include: { subscription: true },
+  });
+  if (!user.subscription) {
+    // New subscription
+    const session = await createSubscriptionCheckout(user, newPlanId);
+    return { action: 'redirect', url: session.url };
+  }
+  const currentPlan = await getPlan(user.subscription.priceId);
+  const newPlan = await getPlan(newPlanId);
+  if (newPlan.price > currentPlan.price) {
+    // Upgrade - charge prorated amount
+    await updateSubscription(user.subscription.stripeSubscriptionId, newPlanId, 'create_prorations');
+    return { action: 'upgraded', newPlan };
+  } else {
+    // Downgrade - apply at period end
+    await updateSubscription(user.subscription.stripeSubscriptionId, newPlanId, 'none');
+    return { action: 'scheduled', effectiveDate: user.subscription.currentPeriodEnd };
+  }
+}
+```
+## Best Practices
+### Do's
+- **Use idempotency keys** - Prevent duplicate charges
+- **Verify webhook signatures** - Always validate webhook authenticity
+- **Handle all payment states** - Success, failure, pending, disputed
+- **Store payment references** - Keep Stripe IDs for reconciliation
+- **Test with sandbox** - Use test mode during development
+- **Monitor for fraud** - Implement Stripe Radar or equivalent
+### Don'ts
+- Never log full card numbers
+- Never store CVV/CVC codes
+- Never handle raw card data (use Stripe.js/Elements)
+- Never skip signature verification
+- Never trust client-side amounts
+- Never expose secret keys in frontend
+### Security Checklist
+```markdown
+## Payment Security Checklist
+### PCI Compliance
+- [ ] No raw card data on server
+- [ ] Using Stripe.js/Elements for card collection
+- [ ] Webhook signature verification enabled
+- [ ] HTTPS only for all payment endpoints
+### Data Handling
+- [ ] Sensitive fields excluded from logs
+- [ ] Customer IDs used instead of card details
+- [ ] Idempotency keys for all mutations
+- [ ] Payment references stored securely
+### Fraud Prevention
+- [ ] Stripe Radar enabled
+- [ ] Address verification (AVS)
+- [ ] 3D Secure enabled
+- [ ] Velocity checks implemented
+```
+## Related Skills
+- **backend-development** - Server-side payment handling
+- **security** - PCI compliance and secure handling
+- **oauth** - Customer authentication
+- **api-architecture** - Payment API design
+## Reference Resources
+- [Stripe Documentation](https://stripe.com/docs)
+- [PayPal Developer](https://developer.paypal.com/)
+- [LemonSqueezy Docs](https://docs.lemonsqueezy.com/)
+- [PCI DSS Standards](https://www.pcisecuritystandards.org/)