payment-kit 1.13.15

package/api/src/routes/index.ts

@@ -0,0 +1,59 @@
+import { Router } from 'express';
+
+import { PaymentCurrency } from '../store/models/payment-currency';
+import checkoutSessions from './checkout-sessions';
+import customers from './customers';
+import events from './events';
+import invoices from './invoices';
+import paymentCurrencies from './payment-currencies';
+import paymentIntents from './payment-intents';
+import paymentLinks from './payment-links';
+import paymentMethods from './payment-methods';
+import prices from './prices';
+import products from './products';
+import settings from './settings';
+import subscriptionItems from './subscription-items';
+import subscriptions from './subscriptions';
+import usageRecords from './usage-records';
+import webhookAttempts from './webhook-attempts';
+import webhookEndpoints from './webhook-endpoints';
+
+const router = Router();
+
+router.use((req, _, next) => {
+  if (req.query.livemode) {
+    try {
+      req.livemode = !!JSON.parse(String(req.query.livemode));
+    } catch {
+      req.livemode = true;
+    }
+  } else {
+    req.livemode = true;
+  }
+
+  next();
+});
+
+router.use(async (req, _, next) => {
+  req.currency = await PaymentCurrency.findOne({ where: { is_base_currency: true, livemode: req.livemode } });
+  next();
+});
+
+router.use('/checkout-sessions', checkoutSessions);
+router.use('/customers', customers);
+router.use('/events', events);
+router.use('/invoices', invoices);
+router.use('/payment-intents', paymentIntents);
+router.use('/payment-links', paymentLinks);
+router.use('/payment-methods', paymentMethods);
+router.use('/payment-currencies', paymentCurrencies);
+router.use('/prices', prices);
+router.use('/products', products);
+router.use('/settings', settings);
+router.use('/subscription-items', subscriptionItems);
+router.use('/subscriptions', subscriptions);
+router.use('/usage-records', usageRecords);
+router.use('/webhook-attempts', webhookAttempts);
+router.use('/webhook-endpoints', webhookEndpoints);
+
+export default router;

package/api/src/routes/invoices.ts

@@ -0,0 +1,126 @@
+import { isValid } from '@arcblock/did';
+import { Router } from 'express';
+import Joi from 'joi';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { expandLineItems } from '../libs/session';
+import { Customer } from '../store/models/customer';
+import { Invoice } from '../store/models/invoice';
+import { InvoiceItem } from '../store/models/invoice-item';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentIntent } from '../store/models/payment-intent';
+import { PaymentMethod } from '../store/models/payment-method';
+import { Price } from '../store/models/price';
+import { Product } from '../store/models/product';
+import { Subscription } from '../store/models/subscription';
+
+const router = Router();
+const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true });
+const authPortal = authenticate<Invoice>({
+  component: true,
+  roles: ['owner', 'admin'],
+  record: {
+    // @ts-ignore
+    model: Invoice,
+    field: 'customer_id',
+  },
+});
+
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  livemode?: boolean;
+  status?: string;
+  customer_id?: string;
+  customer_did?: string;
+  subscription_id?: string;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  livemode: Joi.boolean().empty(''),
+  status: Joi.string().empty(''),
+  customer_id: Joi.string().empty(''),
+  customer_did: Joi.string().empty(''),
+  subscription_id: Joi.string().empty(''),
+});
+router.get('/', authMine, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<Invoice> = {};
+
+  if (query.status) {
+    where.status = query.status
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
+  }
+  if (query.customer_id) {
+    where.customer_id = query.customer_id;
+  }
+  if (query.customer_did && isValid(query.customer_did)) {
+    const customer = await Customer.findOne({ where: { did: query.customer_did } });
+    if (customer) {
+      where.customer_id = customer.id;
+    }
+  }
+  if (query.subscription_id) {
+    where.subscription_id = query.subscription_id;
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await Invoice.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        // { model: PaymentMethod, as: 'paymentMethod' },
+        // { model: PaymentIntent, as: 'paymentIntent' },
+        // { model: Subscription, as: 'subscription' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+// FIXME: exclude some sensitive fields from PaymentMethod
+router.get('/:id', authPortal, async (req, res) => {
+  try {
+    const doc = await Invoice.findOne({
+      where: { id: req.params.id },
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+        { model: PaymentIntent, as: 'paymentIntent' },
+        { model: Subscription, as: 'subscription' },
+        { model: InvoiceItem, as: 'lines' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    if (doc) {
+      const json = doc.toJSON();
+      const products = (await Product.findAll()).map((x) => x.toJSON());
+      const prices = (await Price.findAll()).map((x) => x.toJSON());
+      // @ts-ignore
+      expandLineItems(json.lines, products, prices);
+      res.json(json);
+    } else {
+      res.json(null);
+    }
+  } catch (err) {
+    console.error(err);
+    res.json(null);
+  }
+});
+
+export default router;

package/api/src/routes/payment-currencies.ts

@@ -0,0 +1,38 @@
+import { Router } from 'express';
+import { InferAttributes, Op, WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { PaymentCurrency } from '../store/models/payment-currency';
+
+const router = Router();
+
+const auth = authenticate<PaymentCurrency>({ component: true, roles: ['owner', 'admin'] });
+
+router.get('/', auth, async (req, res) => {
+  const { query } = req;
+  const where: WhereOptions<InferAttributes<PaymentCurrency>> = {};
+
+  if (typeof query.active === 'string') {
+    where.active = JSON.parse(query.active);
+  }
+  if (typeof query.livemode === 'string') {
+    where.livemode = JSON.parse(query.livemode);
+  }
+  const list = await PaymentCurrency.findAll({
+    where,
+    order: [['created_at', 'DESC']],
+    include: [],
+  });
+
+  res.json(list);
+});
+
+router.get('/:id', auth, async (req, res) => {
+  const doc = await PaymentCurrency.findOne({
+    where: { [Op.or]: [{ id: req.params.id }, { symbol: req.params.id }] },
+  });
+
+  res.json(doc);
+});
+
+export default router;

package/api/src/routes/payment-intents.ts

@@ -0,0 +1,122 @@
+import { isValid } from '@arcblock/did';
+import { Router } from 'express';
+import Joi from 'joi';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { CheckoutSession } from '../store/models/checkout-session';
+import { Customer } from '../store/models/customer';
+import { Invoice } from '../store/models/invoice';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentIntent } from '../store/models/payment-intent';
+import { PaymentMethod } from '../store/models/payment-method';
+import { Subscription } from '../store/models/subscription';
+
+const router = Router();
+const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true });
+const authPortal = authenticate<PaymentIntent>({
+  component: true,
+  roles: ['owner', 'admin'],
+  record: {
+    // @ts-ignore
+    model: PaymentIntent,
+    field: 'customer_id',
+  },
+});
+
+// list payment links
+const paginationSchema = Joi.object<{
+  page: number;
+  size: number;
+  status?: string;
+  livemode?: boolean;
+  invoice_id?: string;
+  customer_id?: string;
+  customer_did?: string;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  status: Joi.string().empty(''),
+  livemode: Joi.boolean().empty(''),
+  invoice_id: Joi.string().empty(''),
+  customer_id: Joi.string().empty(''),
+  customer_did: Joi.string().empty(''),
+});
+router.get('/', authMine, async (req, res) => {
+  const { page, size, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<PaymentIntent> = {};
+
+  if (query.status) {
+    where.status = query.status
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
+  }
+  if (query.customer_id) {
+    where.customer_id = query.customer_id;
+  }
+  if (query.customer_did && isValid(query.customer_did)) {
+    const customer = await Customer.findOne({ where: { did: query.customer_did } });
+    if (customer) {
+      where.customer_id = customer.id;
+    }
+  }
+  if (query.invoice_id) {
+    where.invoice_id = query.invoice_id;
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await PaymentIntent.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+// FIXME: exclude some sensitive fields from PaymentMethod
+router.get('/:id', authPortal, async (req, res) => {
+  try {
+    const doc = await PaymentIntent.findOne({
+      where: { id: req.params.id },
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    let checkoutSession;
+    let invoice;
+    let subscription;
+
+    if (doc) {
+      checkoutSession = await CheckoutSession.findOne({ where: { payment_intent_id: doc.id } });
+      invoice = await Invoice.findByPk(doc.invoice_id);
+      if (invoice && invoice.subscription_id) {
+        subscription = await Subscription.findByPk(invoice.subscription_id);
+      }
+    }
+
+    res.json({ ...doc?.toJSON(), checkoutSession, invoice, subscription });
+  } catch (err) {
+    console.error(err);
+    res.json(null);
+  }
+});
+
+export default router;

package/api/src/routes/payment-links.ts

@@ -0,0 +1,221 @@
+import { Router } from 'express';
+import Joi from 'joi';
+// import isEmpty from 'lodash/isEmpty';
+import pick from 'lodash/pick';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { formatMetadata } from '../libs/util';
+import { PaymentLink } from '../store/models/payment-link';
+import { Price } from '../store/models/price';
+import { Product } from '../store/models/product';
+
+const router = Router();
+const auth = authenticate<PaymentLink>({ component: true, roles: ['owner', 'admin'] });
+
+const formatBeforeSave = (payload: any) => {
+  const raw: Partial<PaymentLink> = Object.assign(
+    {
+      after_completion: {
+        type: 'hosted_confirmation',
+        hosted_confirmation: {
+          custom_message: '',
+        },
+      },
+      allow_promotion_codes: false,
+      customer_creation: 'always',
+      consent_collection: {
+        promotions: 'none',
+        terms_of_service: 'none',
+      },
+      invoice_creation: {
+        // FIXME: force to true if we are subscription
+        enabled: false,
+      },
+      phone_number_collection: {
+        enabled: false,
+      },
+      billing_address_collection: 'auto',
+      subscription_data: {
+        description: '',
+        trial_period_days: 0,
+      },
+      submit_type: 'pay',
+    },
+    pick(payload, [
+      'name',
+      'line_items',
+      'currency_id',
+      'after_completion',
+      'allow_promotion_codes',
+      'consent_collection',
+      'custom_fields',
+      'customer_creation',
+      'invoice_creation',
+      'phone_number_collection',
+      'billing_address_collection',
+      'submit_type',
+      'subscription_data',
+      'metadata',
+    ])
+  );
+  if (raw.after_completion?.type === 'hosted_confirmation') {
+    delete raw.after_completion?.redirect;
+  }
+  if (raw.after_completion?.type === 'redirect') {
+    delete raw.after_completion?.hosted_confirmation;
+  }
+  if (!payload.include_free_trial) {
+    delete raw.subscription_data;
+  }
+
+  raw.line_items?.forEach((x) => {
+    if (x.adjustable_quantity?.enabled) {
+      x.adjustable_quantity.minimum = Number(x.adjustable_quantity?.minimum);
+      x.adjustable_quantity.maximum = Number(x.adjustable_quantity?.maximum);
+    }
+  });
+
+  raw.metadata = formatMetadata(raw.metadata);
+
+  return raw;
+};
+
+// create payment link
+// FIXME: @wangshijun use schema validation
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<PaymentLink> = formatBeforeSave(req.body);
+  raw.active = true;
+  raw.livemode = !!req.livemode;
+  raw.created_via = req.user?.via;
+  raw.currency_id = raw.currency_id || req.currency.id;
+
+  const link = await PaymentLink.create(raw as PaymentLink);
+
+  // lock prices
+  await Promise.all(link.line_items.map((x) => Price.update({ locked: true }, { where: { id: x.price_id } })));
+
+  res.json(link);
+});
+
+// list payment links
+const paginationSchema = Joi.object<{
+  page: number;
+  size: number;
+  active?: boolean;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  active: Joi.boolean().empty(''),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<PaymentLink> = {};
+
+  if (typeof query.active === 'boolean') {
+    where.active = query.active;
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await PaymentLink.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [],
+    });
+
+    const priceIds: string[] = list.reduce((acc: string[], x) => acc.concat(x.line_items.map((i) => i.price_id)), []);
+    const prices = await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] });
+
+    list.forEach((x) => {
+      x.line_items.forEach((i) => {
+        // @ts-ignore
+        i.price = prices.find((p) => p.id === i.price_id);
+      });
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+router.get('/:id', auth, async (req, res) => {
+  const doc = await PaymentLink.findByPk(req.params.id);
+
+  if (doc) {
+    // @ts-ignore
+    doc.line_items = await Price.expand(doc.line_items);
+  }
+
+  res.json(doc);
+});
+
+// update
+// eslint-disable-next-line consistent-return
+router.put('/:id', auth, async (req, res) => {
+  const doc = await PaymentLink.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'payment link not found' });
+  }
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'payment link archived' });
+  }
+  // if (doc.locked) {
+  //   return res.status(403).json({ error: 'payment link locked' });
+  // }
+
+  await doc.update(formatBeforeSave(req.body));
+
+  res.json(doc);
+});
+
+// archive
+router.put('/:id/archive', auth, async (req, res) => {
+  const doc = await PaymentLink.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'payment link not found' });
+  }
+
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'payment link already archived' });
+  }
+
+  // if (doc.locked) {
+  //   return res.status(403).json({ error: 'payment link locked' });
+  // }
+
+  await doc.update({ active: false });
+  return res.json(doc);
+});
+
+// delete
+router.delete('/:id', auth, async (req, res) => {
+  const doc = await PaymentLink.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'payment link not found' });
+  }
+
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'payment link archived' });
+  }
+
+  // if (doc.locked) {
+  //   return res.status(403).json({ error: 'payment link locked' });
+  // }
+
+  await doc.destroy();
+  return res.json(doc);
+});
+
+export default router;

package/api/src/routes/payment-methods.ts

@@ -0,0 +1,39 @@
+import { Router } from 'express';
+import { InferAttributes, Op, WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentMethod } from '../store/models/payment-method';
+
+const router = Router();
+
+const auth = authenticate<PaymentMethod>({ component: true, roles: ['owner', 'admin'] });
+
+router.get('/', auth, async (req, res) => {
+  const { query } = req;
+  const where: WhereOptions<InferAttributes<PaymentMethod>> = {};
+
+  if (typeof query.active === 'string') {
+    where.active = JSON.parse(query.active);
+  }
+  if (typeof query.livemode === 'string') {
+    where.livemode = JSON.parse(query.livemode);
+  }
+  const list = await PaymentMethod.findAll({
+    where,
+    order: [['created_at', 'DESC']],
+    include: [{ model: PaymentCurrency, as: 'payment_currencies' }],
+  });
+
+  res.json(list);
+});
+
+router.get('/:id', auth, async (req, res) => {
+  const doc = await PaymentMethod.findOne({
+    where: { [Op.or]: [{ id: req.params.id }, { name: req.params.id }] },
+  });
+
+  res.json(doc);
+});
+
+export default router;