payment-kit 1.13.15

package/api/src/libs/util.ts

@@ -0,0 +1,93 @@
+import crypto from 'crypto';
+
+import { customAlphabet } from 'nanoid';
+
+import dayjs from './dayjs';
+
+export const MAX_RETRY_COUNT = 18; // 2^18 seconds ~~ 3 days, total retry time: 6 days
+
+export function md5(input: string) {
+  return crypto.createHash('md5').update(input).digest('hex');
+}
+
+export function createIdGenerator(prefix: string, size: number = 24) {
+  const generator = customAlphabet('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', size);
+  return prefix ? () => `${prefix}_${generator()}` : generator;
+}
+
+export function createCodeGenerator(prefix: string, size: number = 24) {
+  const generator = customAlphabet('0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ', size);
+  return prefix ? () => `${prefix}_${generator()}` : generator;
+}
+
+export function formatMetadata(metadata?: Record<string, any>): Record<string, any> {
+  if (!metadata) {
+    return {};
+  }
+
+  if (Array.isArray(metadata)) {
+    return metadata.reduce((acc: Record<string, any>, x: { key: string; value: any }) => {
+      if (x.value) {
+        acc[x.key] = x.value;
+      }
+      return acc;
+    }, {});
+  }
+
+  // remove empty values
+  return Object.keys(metadata).reduce((acc: Record<string, any>, key: string) => {
+    if (metadata[key]) {
+      acc[key] = metadata[key];
+    }
+    return acc;
+  }, []);
+}
+
+export function sleep(timeout = 0) {
+  return new Promise((resolve) => {
+    setTimeout(() => resolve(timeout), timeout);
+  });
+}
+
+export function tryWithTimeout(asyncFn: Function, timeout = 5000) {
+  if (typeof asyncFn !== 'function') {
+    throw new Error('Must provide a valid asyncFn function');
+  }
+
+  /* eslint-disable no-async-promise-executor */
+  return new Promise(async (resolve, reject) => {
+    const timer = setTimeout(() => {
+      reject(new Error(`Operation timed out after ${timeout} ms`));
+    }, timeout);
+
+    try {
+      const result = await asyncFn();
+      resolve(result);
+    } catch (err) {
+      reject(err);
+    } finally {
+      clearTimeout(timer);
+    }
+  });
+}
+
+export class CustomError extends Error {
+  code: string;
+
+  constructor(code = 'GENERIC', ...params: any) {
+    super(...params);
+
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, CustomError);
+    }
+
+    this.code = code;
+  }
+}
+
+// simple exponential delay: 2^retryCount
+export const getNextRetry = (retryCount: number) => {
+  const delay = 2 ** retryCount;
+  const now = dayjs().unix();
+  return now + delay;
+};

package/api/src/locales/en.ts

@@ -0,0 +1,3 @@
+import flat from 'flat';
+
+export default flat({});

package/api/src/locales/index.ts

@@ -0,0 +1,37 @@
+/* eslint-disable no-prototype-builtins */
+import en from './en';
+import zh from './zh';
+
+export const replace = (template: string, data: Record<string, any> = {}) =>
+  template.replace(/{(\w*)}/g, (_, key) => (data.hasOwnProperty(key) ? data[key] : ''));
+
+export const createTranslator = ({
+  translations,
+  fallbackLocale = 'en',
+}: {
+  translations: { [key: string]: Record<string, string> };
+  fallbackLocale?: string;
+}) => {
+  return (key: string, locale = fallbackLocale, data: Record<string, any> = {}) => {
+    // @ts-ignore
+    if (!translations[locale] || !translations[locale][key]) {
+      if (fallbackLocale && translations[fallbackLocale]?.[key]) {
+        // @ts-ignore
+        return replace(translations[fallbackLocale]?.[key], data);
+      }
+
+      return key;
+    }
+
+    // @ts-ignore
+    return replace(translations[locale][key], data);
+  };
+};
+
+// eslint-disable-next-line import/prefer-default-export
+export const translations = {
+  zh,
+  en,
+};
+
+export const translate = createTranslator({ translations });

package/api/src/locales/zh.ts

@@ -0,0 +1,3 @@
+import flat from 'flat';
+
+export default flat({});

package/api/src/routes/checkout-sessions.ts

@@ -0,0 +1,536 @@
+/* eslint-disable consistent-return */
+import { getUrl } from '@blocklet/sdk/lib/component';
+import userMiddleware from '@blocklet/sdk/lib/middlewares/user';
+import { Router } from 'express';
+import omit from 'lodash/omit';
+import pick from 'lodash/pick';
+
+import { invoiceQueue } from '../jobs/invoice';
+import { paymentQueue } from '../jobs/payment';
+import { subscriptionQueue } from '../jobs/subscription';
+import dayjs from '../libs/dayjs';
+import logger from '../libs/logger';
+import { isDelegationSufficientForPayment } from '../libs/payment';
+import { authenticate } from '../libs/security';
+import {
+  getCheckoutAmount,
+  getCheckoutMode,
+  getStatementDescriptor,
+  getSubscriptionCreateSetup,
+} from '../libs/session';
+import { createCodeGenerator, formatMetadata } from '../libs/util';
+import type { LineItem } from '../store/models';
+import { CheckoutSession } from '../store/models/checkout-session';
+import { Customer } from '../store/models/customer';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentIntent } from '../store/models/payment-intent';
+import { PaymentLink } from '../store/models/payment-link';
+import { PaymentMethod } from '../store/models/payment-method';
+import { Price } from '../store/models/price';
+import { SetupIntent } from '../store/models/setup-intent';
+import { Subscription } from '../store/models/subscription';
+import { SubscriptionItem } from '../store/models/subscription-item';
+import { ensureInvoiceForCheckout } from './connect/shared';
+
+const getInvoicePrefix = createCodeGenerator('', 8);
+
+const router = Router();
+
+const user = userMiddleware();
+const auth = authenticate<CheckoutSession>({ component: true, roles: ['owner', 'admin'] });
+
+const formatBeforeSave = async (payload: any) => {
+  const raw: Partial<CheckoutSession> = Object.assign(
+    {
+      allow_promotion_codes: false,
+      customer_creation: 'always',
+      consent_collection: {
+        promotions: 'none',
+        terms_of_service: 'none',
+      },
+      invoice_creation: {
+        enabled: false,
+      },
+      phone_number_collection: {
+        enabled: false,
+      },
+      billing_address_collection: 'auto',
+      subscription_data: {
+        description: '',
+        trial_period_days: 0,
+      },
+      submit_type: 'pay',
+    },
+    pick(payload, [
+      'expires_at',
+      'line_items',
+      'allow_promotion_codes',
+      'consent_collection',
+      'custom_fields',
+      'customer_creation',
+      'invoice_creation',
+      'phone_number_collection',
+      'billing_address_collection',
+      'submit_type',
+      'subscription_data',
+      'metadata',
+      'cancel_url',
+      'success_url',
+      'client_reference_id',
+      'after_expiration',
+    ])
+  );
+  if (payload.include_free_trial && raw.subscription_data) {
+    raw.subscription_data.trial_period_days = Number(raw.subscription_data.trial_period_days);
+  }
+
+  if (!raw.expires_at) {
+    raw.expires_at = dayjs().unix() + 60 * 60 * 24; // 24 hours after creation
+  }
+
+  raw.line_items?.forEach((x) => {
+    if (x.adjustable_quantity?.enabled) {
+      x.adjustable_quantity.minimum = Number(x.adjustable_quantity?.minimum);
+      x.adjustable_quantity.maximum = Number(x.adjustable_quantity?.maximum);
+    }
+  });
+
+  raw.metadata = formatMetadata(raw.metadata);
+
+  const items = await Price.expand(raw.line_items as LineItem[]);
+  if (items.some((x) => !x.price)) {
+    throw new Error('Invalid line items for checkout session, some price may have been deleted');
+  }
+  if (items.some((x) => !x.price.active)) {
+    throw new Error('Invalid line items for checkout session, some price may have been archived');
+  }
+
+  const amount = getCheckoutAmount(items, !!raw.subscription_data?.trial_period_days);
+  const mode = getCheckoutMode(items);
+
+  return Object.assign(raw, {
+    mode,
+    status: 'open',
+    payment_status: 'unpaid',
+
+    amount_subtotal: amount.subtotal,
+    amount_total: amount.total,
+    total_details: {
+      amount_discount: amount.discount,
+      amount_shipping: amount.shipping,
+      amount_tax: amount.tax,
+    },
+
+    // always create invoice for subscriptions
+    invoice_creation: mode === 'subscription' ? { enabled: true } : raw.invoice_creation,
+  });
+};
+
+// create checkout session
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<CheckoutSession> = await formatBeforeSave(req.body);
+  raw.livemode = !!req.livemode;
+  raw.created_via = req.user?.via as string;
+  raw.currency_id = raw.currency_id || req.currency.id;
+
+  const doc = await CheckoutSession.create(raw as any);
+
+  // FIXME: lock price and product
+
+  res.json({ ...doc.toJSON(), url: getUrl(`/checkout/${doc.submit_type}/${doc.id}`) });
+});
+
+// start checkout session from payment link
+router.post('/start/:id', user, async (req, res) => {
+  const link = await PaymentLink.findByPk(req.params.id);
+  if (!link) {
+    res.status(400).json({ error: 'Payment link not found, please contact the source of the payment link.' });
+    return;
+  }
+  if (!link.active) {
+    res.status(400).json({ error: 'Payment link archived, we can not create new checkout session.' });
+    return;
+  }
+
+  const items = await Price.expand(link.line_items);
+
+  const raw: Partial<CheckoutSession> = await formatBeforeSave(link);
+  raw.livemode = link.livemode;
+  raw.created_via = 'portal';
+  raw.currency_id = link.currency_id || req.currency.id;
+  raw.payment_link_id = link.id;
+
+  try {
+    let doc;
+    if (req.query.preview === '1') {
+      doc = await CheckoutSession.findOne({ where: { payment_link_id: link.id, metadata: { preview: '1' } } });
+      if (doc) {
+        await doc.update(omit(raw, ['metadata']));
+      } else {
+        raw.metadata = { preview: '1' };
+      }
+    }
+
+    if (!doc) {
+      doc = await CheckoutSession.create(raw as CheckoutSession);
+    }
+
+    doc.line_items = items;
+    res.json({
+      checkoutSession: { ...doc.toJSON(), currency: await PaymentCurrency.findByPk(doc.currency_id) },
+      paymentMethods: await PaymentMethod.expand(req.livemode),
+      paymentLink: link,
+      paymentIntent: null,
+    });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.get('/:id', auth, async (req, res) => {
+  const doc = await CheckoutSession.findByPk(req.params.id);
+
+  if (doc) {
+    // @ts-ignore
+    doc.line_items = await Price.expand(doc.line_items);
+  }
+
+  res.json(doc?.toJSON());
+});
+
+router.get('/retrieve/:id', user, async (req, res) => {
+  const doc = await CheckoutSession.findByPk(req.params.id);
+
+  if (!doc) {
+    res.status(404).json({ error: 'Checkout session not found, you may have incorrectly copied the link.' });
+    return;
+  }
+
+  // @ts-ignore
+  doc.line_items = await Price.expand(doc.line_items);
+
+  // FIXME: possible sensitive data leak
+  res.json({
+    checkoutSession: { ...doc.toJSON(), currency: await PaymentCurrency.findByPk(doc.currency_id) },
+    paymentMethods: await PaymentMethod.expand(req.livemode),
+    paymentLink: doc.payment_link_id ? await PaymentLink.findByPk(doc.payment_link_id) : null,
+    paymentIntent: doc.payment_intent_id ? await PaymentIntent.findByPk(doc.payment_intent_id) : null,
+    customer: req.user ? await Customer.findOne({ where: { did: req.user.did } }) : null,
+  });
+});
+
+// submit order
+router.put('/:id/submit', user, async (req, res) => {
+  try {
+    if (!req.user) {
+      return res.status(403).json({ error: 'Please login to continue' });
+    }
+
+    // validate session
+    const checkoutSession = await CheckoutSession.findByPk(req.params.id);
+    if (!checkoutSession) {
+      return res.status(404).json({ error: 'Checkout session not found' });
+    }
+    if (checkoutSession.status === 'complete') {
+      return res.status(403).json({ error: 'Checkout session completed' });
+    }
+    if (checkoutSession.status === 'expired') {
+      return res.status(403).json({ error: 'Checkout session expired' });
+    }
+
+    // validate payment settings
+    const paymentMethod = await PaymentMethod.findByPk(req.body.payment_method);
+    const paymentCurrency = await PaymentCurrency.findByPk(req.body.payment_currency);
+    if (!paymentMethod) {
+      return res.status(400).json({ error: 'Payment method not found' });
+    }
+    if (!paymentCurrency) {
+      return res.status(400).json({ error: 'Payment currency not found' });
+    }
+    if (paymentCurrency.payment_method_id !== paymentMethod.id) {
+      return res.status(400).json({ error: 'Payment currency not match with payment method' });
+    }
+    await checkoutSession.update({ currency_id: paymentCurrency.id });
+
+    // ensure customer created or updated
+    let customer = await Customer.findOne({ where: { did: req.user.did } });
+    if (!customer) {
+      customer = await Customer.create({
+        livemode: !!checkoutSession.livemode,
+        did: req.user.did,
+        name: req.body.customer_name,
+        email: req.body.customer_email,
+        phone: req.body.customer_phone,
+        address: req.body.billing_address,
+        description: '',
+        metadata: {},
+        balance: '0',
+        next_invoice_sequence: 1,
+        delinquent: false,
+        invoice_prefix: getInvoicePrefix(),
+      });
+    } else {
+      const updates: Record<string, string> = {};
+      if (checkoutSession.customer_update?.name) {
+        updates.name = req.body.customer_name;
+        updates.email = req.body.customer_email;
+        updates.phone = req.body.customer_phone;
+      }
+      if (checkoutSession.customer_update?.address) {
+        updates.address = req.body.billing_address;
+      }
+      if (!customer.invoice_prefix) {
+        updates.invoice_prefix = getInvoicePrefix();
+      }
+
+      await customer.update(updates);
+    }
+
+    const lineItems = await Price.expand(checkoutSession.line_items, true);
+
+    // payment intent is only created when checkout session is in payment mode
+    let paymentIntent: PaymentIntent | null = null;
+    if (checkoutSession.mode === 'payment') {
+      if (checkoutSession.payment_intent_id) {
+        paymentIntent = await PaymentIntent.findByPk(checkoutSession.payment_intent_id);
+      }
+
+      // check existing payment intent
+      if (paymentIntent) {
+        // Check payment intent, if we have a payment intent, we should not create a new one
+        if (paymentIntent.status === 'succeeded') {
+          return res.status(403).json({ error: 'Checkout session payment completed' });
+        }
+        if (paymentIntent.status === 'canceled') {
+          return res.status(403).json({ error: 'Checkout session payment canceled' });
+        }
+        if (paymentIntent.status === 'processing') {
+          return res.status(403).json({ error: 'Checkout session payment processing' });
+        }
+        paymentIntent = await paymentIntent.update({
+          amount: checkoutSession.amount_total,
+          customer_id: customer.id,
+          currency_id: paymentCurrency.id,
+          payment_method_id: paymentMethod.id,
+          receipt_email: customer.email,
+        });
+      } else {
+        // ensure payment intent
+        // FIXME: support and validate currency converting here
+        paymentIntent = await PaymentIntent.create({
+          livemode: !!checkoutSession.livemode,
+          amount: checkoutSession.amount_total,
+          amount_received: '0',
+          amount_capturable: checkoutSession.amount_total,
+          customer_id: customer.id,
+          description: '',
+          currency_id: paymentCurrency.id,
+          payment_method_id: paymentMethod.id,
+          status: 'requires_payment_method',
+          capture_method: 'automatic',
+          confirmation_method: 'automatic',
+          payment_method_types: [],
+          receipt_email: customer.email,
+          statement_descriptor: getStatementDescriptor(lineItems),
+          statement_descriptor_suffix: '',
+          setup_future_usage: 'on_session',
+          metadata: {},
+        });
+
+        // persist payment intent id
+        await checkoutSession.update({ payment_intent_id: paymentIntent.id });
+      }
+    }
+
+    // payment intent is only created when checkout session is in payment mode
+    let setupIntent: SetupIntent | null = null;
+    if (checkoutSession.mode === 'setup') {
+      if (checkoutSession.setup_intent_id) {
+        setupIntent = await SetupIntent.findByPk(checkoutSession.setup_intent_id);
+      }
+
+      // check existing payment intent
+      if (setupIntent) {
+        // Check payment intent, if we have a payment intent, we should not create a new one
+        if (setupIntent.status === 'succeeded') {
+          return res.status(403).json({ error: 'Checkout session setup completed' });
+        }
+        if (setupIntent.status === 'canceled') {
+          return res.status(403).json({ error: 'Checkout session setup canceled' });
+        }
+        if (setupIntent.status === 'processing') {
+          return res.status(403).json({ error: 'Checkout session setup processing' });
+        }
+        await setupIntent.update({
+          customer_id: customer.id,
+          currency_id: paymentCurrency.id,
+          payment_method_id: paymentMethod.id,
+        });
+      } else {
+        // ensure payment intent
+        setupIntent = await SetupIntent.create({
+          livemode: !!checkoutSession.livemode,
+          customer_id: customer.id,
+          description: '',
+          currency_id: paymentCurrency.id,
+          payment_method_id: paymentMethod.id,
+          status: 'requires_payment_method',
+          payment_method_types: [],
+          flow_directions: ['inbound', 'outbound'],
+          usage: 'off_session',
+          metadata: {},
+        });
+
+        // persist setup intent id
+        await checkoutSession.update({ setup_intent_id: setupIntent.id });
+      }
+    }
+
+    let subscription: Subscription | null = null;
+    if (checkoutSession.mode === 'subscription' || checkoutSession.mode === 'setup') {
+      if (checkoutSession.subscription_id) {
+        subscription = await Subscription.findByPk(checkoutSession.subscription_id);
+      }
+      if (subscription) {
+        if (subscription.status !== 'incomplete') {
+          return res.status(403).json({ error: 'Checkout session subscription status unexpected' });
+        }
+        subscription = await subscription.update({
+          currency_id: req.body.payment_currency,
+          customer_id: customer.id,
+          default_payment_method_id: req.body.payment_method,
+          pending_setup_intent: setupIntent?.id,
+        });
+      } else {
+        const setup = getSubscriptionCreateSetup(lineItems, checkoutSession.subscription_data?.trial_period_days);
+        subscription = await Subscription.create({
+          livemode: !!checkoutSession.livemode,
+          currency_id: req.body.payment_currency,
+          customer_id: customer.id,
+          status: 'incomplete',
+          current_period_start: setup.period.start,
+          current_period_end: setup.period.end,
+          billing_cycle_anchor: setup.cycle.anchor,
+          start_date: dayjs().unix(),
+          trail_end: setup.trail.end,
+          trail_start: setup.trail.start,
+          trail_settings: {
+            end_behavior: {
+              missing_payment_method: 'create_invoice',
+            },
+          },
+          pending_invoice_item_interval: setup.recurring,
+          pending_setup_intent: setupIntent?.id,
+          default_payment_method_id: req.body.payment_method,
+          cancel_at_period_end: false,
+          collection_method: 'charge_automatically',
+          // FIXME: support discount
+          metadata: {},
+        });
+
+        // create subscription items
+        await Promise.all(
+          lineItems
+            .filter((x) => x.price.type === 'recurring')
+            .map((x) =>
+              SubscriptionItem.create({
+                livemode: !!checkoutSession.livemode,
+                // @ts-ignore
+                subscription_id: subscription.id,
+                price_id: x.price_id,
+                quantity: x.quantity,
+                metadata: {},
+              })
+            )
+        );
+
+        // persist subscription id
+        await checkoutSession.update({ subscription_id: subscription.id });
+      }
+    }
+
+    // if we can complete purchase without any wallet interaction
+    const delegation = await isDelegationSufficientForPayment({
+      paymentMethod,
+      paymentCurrency,
+      userDid: customer.did,
+      amount: checkoutSession.amount_total,
+    });
+    if (delegation.sufficient) {
+      const paymentSettings = {
+        payment_method_types: ['arcblock'],
+        payment_method_options: {
+          arcblock: { payer: delegation.delegator as string },
+        },
+      };
+
+      // all subscription payments are done after delegation
+      if (checkoutSession.mode === 'subscription' && subscription) {
+        await subscription.update({ payment_settings: paymentSettings });
+
+        const { invoice } = await ensureInvoiceForCheckout({ checkoutSession, customer, subscription });
+        if (invoice) {
+          invoiceQueue.push({ id: invoice.id, job: { invoiceId: invoice.id, retryOnError: false } });
+        }
+        subscriptionQueue.push({
+          id: subscription.id,
+          job: { subscriptionId: subscription.id, action: 'cycle' },
+          runAt: subscription.trail_end || subscription.current_period_end,
+        });
+      }
+      if (checkoutSession.mode === 'payment' && paymentIntent) {
+        await paymentIntent.update({ status: 'requires_capture' });
+        const { invoice } = await ensureInvoiceForCheckout({ checkoutSession, customer, paymentIntent });
+        if (invoice) {
+          await invoice.update({ auto_advance: true, payment_settings: paymentSettings });
+          invoiceQueue.push({ id: invoice.id, job: { invoiceId: invoice.id, retryOnError: false } });
+        } else {
+          const job = paymentQueue.push({
+            id: paymentIntent.id,
+            job: { paymentIntentId: paymentIntent.id, paymentSettings, retryOnError: false },
+          });
+          job.on('finished', async () => {
+            await checkoutSession.update({ status: 'complete', payment_status: 'paid' });
+            logger.info(`CheckoutSession ${checkoutSession.id} updated on payment done ${paymentIntent?.id}`);
+          });
+        }
+      }
+      if (checkoutSession.mode === 'setup' && setupIntent && subscription) {
+        await setupIntent.update({ status: 'succeeded', ...paymentSettings });
+        await subscription.update({
+          status: subscription.trail_end ? 'trialing' : 'active',
+          payment_settings: paymentSettings,
+        });
+        await checkoutSession.update({ status: 'complete', payment_status: 'no_payment_required' });
+        logger.info(`CheckoutSession ${checkoutSession.id} updated on payment done ${paymentIntent?.id}`);
+      }
+    }
+
+    return res.json({ paymentIntent, setupIntent, subscription, checkoutSession, delegation });
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// eslint-disable-next-line consistent-return
+router.put('/:id/expire', auth, async (req, res) => {
+  const doc = await CheckoutSession.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'Checkout session not found' });
+  }
+  if (doc.status === 'complete') {
+    return res.status(403).json({ error: 'Checkout session completed' });
+  }
+  if (doc.status === 'expired') {
+    return res.status(403).json({ error: 'Checkout session already expired' });
+  }
+
+  await doc.update({ status: 'expired', expires_at: dayjs().unix() });
+
+  res.json(doc);
+});
+
+export default router;