payment-kit 1.13.15

package/api/src/routes/prices.ts

@@ -0,0 +1,134 @@
+import { fromTokenToUnit } from '@ocap/util';
+import { Router } from 'express';
+import pick from 'lodash/pick';
+
+import { authenticate } from '../libs/security';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { Price } from '../store/models/price';
+import { Product } from '../store/models/product';
+
+const router = Router();
+
+const auth = authenticate<Price>({ component: true, roles: ['owner', 'admin'] });
+
+// FIXME: @wangshijun use schema validation, validate product exist
+// create price
+// eslint-disable-next-line consistent-return
+router.post('/', auth, async (req, res) => {
+  const raw: Price & { model: 'string' } = req.body;
+  raw.active = true;
+  raw.locked = false;
+  raw.livemode = !!req.livemode;
+  raw.currency_id = raw.currency_id || req.currency.id;
+  raw.created_via = req.user?.via as string;
+
+  if (!raw.unit_amount) {
+    return res.status(400).json({ error: 'unit_amount is required' });
+  }
+
+  const currency = await PaymentCurrency.findByPk(raw.currency_id);
+  if (!currency) {
+    return res.status(400).json({ error: 'currency not found' });
+  }
+
+  raw.unit_amount = fromTokenToUnit(raw.unit_amount, currency.decimal).toString();
+
+  const price = await Price.insert(raw);
+
+  res.json(price);
+});
+
+// get price detail
+router.get('/:id', auth, async (req, res) => {
+  const price = await Price.findByPkOrLookupKey(req.params.id as string, {
+    include: [
+      { model: Product, as: 'product' },
+      { model: PaymentCurrency, as: 'currency' },
+    ],
+  });
+
+  res.json(price);
+});
+
+// update price
+router.put('/:id', auth, async (req, res) => {
+  const price = await Price.findByPkOrLookupKey(req.params.id as string);
+
+  if (!price) {
+    return res.status(404).json({ error: 'price not found' });
+  }
+
+  if (price.active === false) {
+    return res.status(403).json({ error: 'price archived' });
+  }
+
+  const raw: Partial<Price> = Price.format(
+    pick(
+      req.body,
+      price.locked
+        ? ['nickname', 'description', 'metadata']
+        : ['type', 'model', 'active', 'livemode', 'nickname', 'recurring', 'description', 'tiers', 'unit_amount', 'transform_quantity', 'metadata', 'lookup_key'] // prettier-ignore
+    )
+  );
+
+  if (raw.lookup_key) {
+    const exist = await Price.findOne({ where: { lookup_key: raw.lookup_key } });
+    if (exist && exist.id !== price.id) {
+      return res.status(400).json({ error: `lookup_key ${raw.lookup_key} already used by ${exist.id}` });
+    }
+  }
+
+  if (raw.unit_amount) {
+    const currency = await PaymentCurrency.findByPk(price.currency_id);
+    raw.unit_amount = fromTokenToUnit(raw.unit_amount, (currency as PaymentCurrency).decimal).toString();
+  }
+
+  await price.update(Price.format(raw));
+
+  return res.json(price);
+});
+
+// archive
+router.put('/:id/archive', auth, async (req, res) => {
+  const price = await Price.findByPkOrLookupKey(req.params.id as string);
+
+  if (!price) {
+    return res.status(404).json({ error: 'price not found' });
+  }
+
+  if (price.active === false) {
+    return res.status(403).json({ error: 'price already archived' });
+  }
+
+  if (price.locked) {
+    return res.status(403).json({ error: 'price locked' });
+  }
+
+  await price.update({ active: false });
+  return res.json(price);
+});
+
+// delete price
+router.delete('/:id', auth, async (req, res) => {
+  const price = await Price.findByPkOrLookupKey(req.params.id as string);
+
+  if (!price) {
+    return res.status(404).json({ error: 'Can not delete none existing price' });
+  }
+
+  if (price.locked) {
+    return res.status(403).json({ error: 'Can not delete locked price' });
+  }
+
+  const product = await Product.findOne({ where: { default_price_id: price.id } });
+  if (product) {
+    return res
+      .status(403)
+      .json({ error: `Can not delete price that is used as default price by product: ${product.id}` });
+  }
+
+  await price.destroy();
+  return res.json(price);
+});
+
+export default router;

package/api/src/routes/products.ts

@@ -0,0 +1,191 @@
+import { fromTokenToUnit } from '@ocap/util';
+import { Router } from 'express';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { formatMetadata } from '../libs/util';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { Price } from '../store/models/price';
+import { Product } from '../store/models/product';
+
+const router = Router();
+
+const auth = authenticate<Product>({ component: true, roles: ['owner', 'admin'] });
+
+// FIXME: @wangshijun use schema validation
+// create product and price
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<Product> = pick(req.body, [
+    'name',
+    'type',
+    'description',
+    'images',
+    'metadata',
+    'statement_descriptor',
+    'unit_label',
+    'features',
+    'metadata',
+  ]);
+  raw.active = true;
+  raw.type = raw.type || 'service';
+  raw.livemode = !!req.livemode;
+  raw.created_via = req.user?.via;
+  raw.metadata = formatMetadata(raw.metadata);
+
+  const product = await Product.create(raw as Product);
+
+  if (req.body.prices?.length) {
+    if (req.body.prices.some((x: any) => !x.unit_amount)) {
+      return res.status(400).json({ error: 'unit_amount is required for price' });
+    }
+
+    const currency = await PaymentCurrency.findByPk(req.body.prices[0].currency_id);
+    if (!currency) {
+      return res.status(400).json({ error: 'currency_id not set for price' });
+    }
+
+    const pricesRaw = req.body.prices.map((price: Price & { model: 'string' }) => {
+      price.product_id = product.id;
+      price.active = product.active;
+      price.livemode = product.livemode;
+      price.unit_amount = fromTokenToUnit(price.unit_amount, currency.decimal).toString();
+      return price;
+    });
+
+    const prices = await Promise.all(pricesRaw.map((x: Price & { model: 'string' }) => Price.insert(x)));
+
+    // update default price id
+    product.default_price_id = prices[0].id;
+    await product.save();
+    return res.json({ ...product.toJSON(), prices: prices.map((x) => x.toJSON()) });
+  }
+
+  return res.json({ ...product.toJSON(), prices: [] });
+});
+
+// list products and prices
+const paginationSchema = Joi.object<{
+  page: number;
+  size: number;
+  active?: boolean;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  active: Joi.boolean().empty(''),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<Product> = {};
+
+  if (typeof query.active === 'boolean') {
+    where.active = query.active;
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  const { rows: list, count } = await Product.findAndCountAll({
+    where,
+    order: [['created_at', 'DESC']],
+    offset: (page - 1) * size,
+    limit: size,
+    include: [{ model: Price, as: 'prices' }],
+  });
+
+  res.json({ count, list });
+});
+
+// get product detail
+router.get('/:id', auth, async (req, res) => {
+  const product = await Product.findOne({
+    where: { id: req.params.id },
+    include: [{ model: Price, as: 'prices', include: [{ model: PaymentCurrency, as: 'currency' }] }],
+  });
+
+  res.json(product);
+});
+
+// update product
+router.put('/:id', auth, async (req, res) => {
+  const product = await Product.findByPk(req.params.id);
+
+  if (!product) {
+    return res.status(404).json({ error: 'product not found' });
+  }
+  if (product.active === false) {
+    return res.status(403).json({ error: 'product archived' });
+  }
+  if (product.locked) {
+    return res.status(403).json({ error: 'product locked' });
+  }
+
+  const updates: Partial<Product> = pick(req.body, [
+    'name',
+    'description',
+    'images',
+    'metadata',
+    'statement_descriptor',
+    'default_price_id',
+    'unit_label',
+    'features',
+    'metadata',
+  ]);
+  if (updates.metadata) {
+    updates.metadata = formatMetadata(updates.metadata);
+  }
+  await product.update(updates);
+
+  return res.json(product);
+});
+
+// archive
+router.put('/:id/archive', auth, async (req, res) => {
+  const product = await Product.findByPk(req.params.id);
+
+  if (!product) {
+    return res.status(404).json({ error: 'product not found' });
+  }
+
+  if (product.locked) {
+    return res.status(403).json({ error: 'product locked' });
+  }
+
+  await product.update({ active: !product.active });
+
+  // FIXME: deactivate payment-links, pricing-tables
+
+  return res.json(product);
+});
+
+// delete product
+router.delete('/:id', auth, async (req, res) => {
+  const product = await Product.findByPk(req.params.id);
+
+  if (!product) {
+    return res.status(404).json({ error: 'product not found' });
+  }
+
+  if (product.active === false) {
+    return res.status(403).json({ error: 'product archived' });
+  }
+
+  if (product.locked) {
+    return res.status(403).json({ error: 'product locked' });
+  }
+
+  const prices = await Price.findAll({ where: { product_id: product.id } });
+  if (prices.some((x) => x.locked)) {
+    return res.status(403).json({ error: 'product have prices that is locked' });
+  }
+
+  await product.destroy();
+  await Price.destroy({ where: { product_id: product.id } });
+
+  return res.json(product);
+});
+
+export default router;

package/api/src/routes/settings.ts

@@ -0,0 +1,33 @@
+import { Router } from 'express';
+import pick from 'lodash/pick';
+import type { WhereOptions } from 'sequelize';
+
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentMethod } from '../store/models/payment-method';
+
+const router = Router();
+
+router.get('/', async (req, res) => {
+  const where: WhereOptions<PaymentMethod> = {};
+
+  where.livemode = req.livemode;
+
+  const methods = await PaymentMethod.findAll({
+    where,
+    order: [['created_at', 'DESC']],
+    include: [{ model: PaymentCurrency, as: 'payment_currencies' }],
+  });
+
+  methods.forEach((method) => {
+    // @ts-ignore
+    method.currencies = method.payment_currencies?.map((x) => pick(x, ['id', 'name', 'symbol', 'decimal', 'logo']));
+  });
+
+  res.json({
+    paymentMethods: methods.map((x) => pick(x, ['id', 'name', 'type', 'logo', 'currencies'])),
+    // @ts-ignore
+    baseCurrency: methods[0].currencies[0],
+  });
+});
+
+export default router;

package/api/src/routes/subscription-items.ts

@@ -0,0 +1,148 @@
+import { Router } from 'express';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { expandLineItems } from '../libs/session';
+import { formatMetadata } from '../libs/util';
+import { Price, Product, SubscriptionItem, UsageRecord } from '../store/models';
+
+const router = Router();
+const auth = authenticate<SubscriptionItem>({ component: true, roles: ['owner', 'admin'] });
+
+// FIXME: handle payment_behavior, proration_behavior
+// @link https://stripe.com/docs/api/subscription_items/create
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<SubscriptionItem> = pick(req.body, [
+    'subscription_id',
+    'price_id',
+    'quantity',
+    'billing_thresholds',
+    'metadata',
+  ]);
+  const exist = await SubscriptionItem.findOne({
+    where: { price_id: raw.price_id, subscription_id: raw.subscription_id },
+  });
+  if (exist) {
+    return res.status(400).json({ error: `SubscriptionItem already exist: ${exist.id}` });
+  }
+
+  raw.livemode = req.livemode;
+  if (raw.metadata) {
+    raw.metadata = formatMetadata(raw.metadata);
+  }
+
+  const doc = await SubscriptionItem.create(raw as SubscriptionItem);
+  return res.json(doc);
+});
+
+// @link https://stripe.com/docs/api/subscription_items/list
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  subscription_id: string;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  subscription_id: Joi.string().required(),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<SubscriptionItem> = { subscription_id: query.subscription_id };
+
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows, count } = await SubscriptionItem.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [],
+    });
+
+    const list = rows.map((x) => x.toJSON());
+    const products = (await Product.findAll()).map((x) => x.toJSON());
+    const prices = (await Price.findAll()).map((x) => x.toJSON());
+
+    // @ts-ignore
+    expandLineItems(list, products, prices);
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+// @link https://stripe.com/docs/api/subscription_items/retrieve
+router.get('/:id', auth, async (req, res) => {
+  try {
+    const doc = await SubscriptionItem.findOne({
+      where: { id: req.params.id },
+      include: [{ model: Price, as: 'price' }],
+    });
+    res.json(doc);
+  } catch (err) {
+    console.error(err);
+    res.json(null);
+  }
+});
+
+router.put('/:id', auth, async (req, res) => {
+  const doc = await SubscriptionItem.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: `SubscriptionItem not found: ${req.params.id}` });
+  }
+
+  const updates: Partial<SubscriptionItem> = pick(req.body, ['price_id', 'quantity', 'billing_thresholds', 'metadata']);
+  if (updates.price_id) {
+    const exist = await SubscriptionItem.findOne({
+      where: { price_id: updates.price_id, subscription_id: doc.subscription_id },
+    });
+    if (exist) {
+      return res.status(400).json({ error: `SubscriptionItem already exist: ${exist.id}` });
+    }
+
+    if (!updates.quantity) {
+      updates.quantity = 1;
+    }
+  }
+
+  if (updates.metadata) {
+    updates.metadata = formatMetadata(updates.metadata);
+  }
+
+  await doc.update(updates);
+
+  return res.json(doc);
+});
+
+// TODO: handle proration_behavior
+// @link https://stripe.com/docs/api/subscription_items/delete
+router.delete('/:id', auth, async (req, res) => {
+  const doc = await SubscriptionItem.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'webhook endpoint not found' });
+  }
+
+  if (req.body.clear_usage) {
+    const price = await Price.findByPk(doc.price_id);
+    if (price?.recurring?.usage_type === 'metered') {
+      await UsageRecord.destroy({ where: { subscription_item_id: doc.id } });
+    }
+  }
+
+  await doc.destroy();
+
+  return res.json(doc);
+});
+
+export default router;