payment-kit 1.13.15

package/api/src/routes/subscriptions.ts

@@ -0,0 +1,254 @@
+import { isValid } from '@arcblock/did';
+import { Router } from 'express';
+import Joi from 'joi';
+import type { WhereOptions } from 'sequelize';
+
+import { subscriptionQueue } from '../jobs/subscription';
+import dayjs from '../libs/dayjs';
+import logger from '../libs/logger';
+import { authenticate } from '../libs/security';
+import { expandLineItems } from '../libs/session';
+import { Customer } from '../store/models/customer';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { PaymentMethod } from '../store/models/payment-method';
+import { Price } from '../store/models/price';
+import { Product } from '../store/models/product';
+import { Subscription } from '../store/models/subscription';
+import { SubscriptionItem } from '../store/models/subscription-item';
+
+const router = Router();
+const auth = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'] });
+const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true });
+const authPortal = authenticate<Subscription>({
+  component: true,
+  roles: ['owner', 'admin'],
+  record: {
+    // @ts-ignore
+    model: Subscription,
+    field: 'customer_id',
+  },
+});
+
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  status?: string;
+  customer_id?: string;
+  customer_did?: string;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  status: Joi.string().empty(''),
+  customer_id: Joi.string().empty(''),
+  customer_did: Joi.string().empty(''),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', authMine, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<Subscription> = {};
+
+  if (query.status) {
+    where.status = query.status
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
+  }
+  if (query.customer_id) {
+    where.customer_id = query.customer_id;
+  }
+  if (query.customer_did && isValid(query.customer_did)) {
+    const customer = await Customer.findOne({ where: { did: query.customer_did } });
+    if (customer) {
+      where.customer_id = customer.id;
+    }
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await Subscription.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+        { model: SubscriptionItem, as: 'items' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    const products = (await Product.findAll()).map((x) => x.toJSON());
+    const prices = (await Price.findAll()).map((x) => x.toJSON());
+    const docs = list.map((x) => x.toJSON());
+    // @ts-ignore
+    docs.forEach((x) => expandLineItems(x.items, products, prices));
+
+    res.json({ count, list: docs });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+// FIXME: exclude some sensitive fields from PaymentMethod
+router.get('/:id', authPortal, async (req, res) => {
+  try {
+    const doc = await Subscription.findOne({
+      where: { id: req.params.id },
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+        { model: SubscriptionItem, as: 'items' },
+        { model: Customer, as: 'customer' },
+      ],
+    });
+
+    if (doc) {
+      const json = doc.toJSON();
+      const products = (await Product.findAll()).map((x) => x.toJSON());
+      const prices = (await Price.findAll()).map((x) => x.toJSON());
+      // @ts-ignore
+      expandLineItems(json.items, products, prices);
+      res.json(json);
+    } else {
+      res.json(null);
+    }
+  } catch (err) {
+    console.error(err);
+    res.json(null);
+  }
+});
+
+router.put('/:id/cancel', authPortal, async (req, res) => {
+  const doc = await Subscription.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'subscription not found' });
+  }
+  if (doc.status === 'canceled') {
+    return res.status(400).json({ error: 'Subscription already canceled' });
+  }
+  if (doc.cancel_at) {
+    return res.status(400).json({ error: 'subscription scheduled to canceled' });
+  }
+
+  const { at = 'current_period_end', time, feedback = 'other', comment = '' } = req.body;
+  if (at === 'custom' && dayjs(time).unix() < dayjs().unix()) {
+    return res.status(400).json({ error: 'cancel at must be a future timestamp' });
+  }
+
+  // update cancel at
+  const updates: Partial<Subscription> = {};
+  if (req.user?.via === 'portal') {
+    updates.cancel_at_period_end = true;
+    updates.cancel_at = doc.current_period_end;
+    updates.cancelation_details = { reason: 'cancellation_requested', feedback, comment };
+  } else if (at === 'now') {
+    updates.status = 'canceled';
+    updates.cancel_at = dayjs().unix();
+    updates.canceled_at = dayjs().unix();
+  } else if (at === 'current_period_end') {
+    updates.cancel_at_period_end = true;
+    updates.cancel_at = doc.current_period_end;
+  } else {
+    updates.cancel_at = dayjs(time).unix();
+    subscriptionQueue.push({
+      id: `cancel-${doc.id}`,
+      job: { subscriptionId: doc.id, action: 'cancel' },
+      runAt: updates.cancel_at,
+    });
+  }
+
+  await doc.update(updates);
+
+  return res.json(doc);
+});
+
+router.put('/:id/recover', authPortal, async (req, res) => {
+  const doc = await Subscription.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'Subscription not found' });
+  }
+  if (!doc.cancel_at_period_end) {
+    return res.status(400).json({ error: 'Subscription not recoverable from cancellation config' });
+  }
+  if (doc.status === 'canceled') {
+    return res.status(400).json({ error: 'Subscription not recoverable from cancellation' });
+  }
+
+  await doc.update({ cancel_at: 0, cancel_at_period_end: false });
+
+  // reschedule jobs
+  subscriptionQueue
+    .cancel(`cancel-${doc.id}`)
+    .then(() => logger.info('subscription cancel job is canceled'))
+    .catch((err) => logger.error('subscription cancel job failed to cancel', { error: err }));
+  subscriptionQueue.push({
+    id: doc.id,
+    job: { subscriptionId: doc.id, action: 'cycle' },
+    runAt: doc.current_period_end,
+  });
+
+  return res.json(doc);
+});
+
+router.put('/:id/pause', auth, async (req, res) => {
+  const doc = await Subscription.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'subscription not found' });
+  }
+  if (doc.status === 'paused') {
+    return res.status(400).json({ error: 'Subscription already paused' });
+  }
+
+  const { type, resumesAt, behavior } = req.body;
+  if (type === 'custom' && dayjs(resumesAt).unix() < dayjs().unix()) {
+    return res.status(400).json({ error: 'resumesAt must be a future timestamp' });
+  }
+
+  const timestamp = type === 'custom' ? dayjs(resumesAt).unix() : 0;
+  await doc.update({
+    status: 'paused',
+    pause_collection: {
+      resumes_at: timestamp,
+      behavior: behavior || 'keep_as_draft',
+    },
+  });
+
+  if (timestamp) {
+    subscriptionQueue.push({
+      id: `resume-${doc.id}`,
+      job: { subscriptionId: doc.id, action: 'resume' },
+      runAt: timestamp,
+    });
+  }
+
+  return res.json(doc);
+});
+
+router.put('/:id/resume', auth, async (req, res) => {
+  const doc = await Subscription.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'Subscription not found' });
+  }
+  if (doc.status !== 'paused') {
+    return res.status(400).json({ error: 'Subscription not paused' });
+  }
+
+  await doc.update({ status: 'active', pause_collection: undefined });
+  subscriptionQueue
+    .cancel(`resume-${doc.id}`)
+    .then(() => logger.info('subscription resume job is canceled'))
+    .catch((err) => logger.error('subscription resume job failed to cancel', { error: err }));
+
+  return res.json(doc);
+});
+
+export default router;

package/api/src/routes/usage-records.ts

@@ -0,0 +1,120 @@
+/* eslint-disable consistent-return */
+import { Router } from 'express';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+
+import dayjs from '../libs/dayjs';
+import { authenticate } from '../libs/security';
+import { formatMetadata } from '../libs/util';
+import { Invoice, Price, Subscription, SubscriptionItem, UsageRecord } from '../store/models';
+
+const router = Router();
+const auth = authenticate<UsageRecord>({ component: true, roles: ['owner', 'admin'] });
+
+// @link https://stripe.com/docs/api/usage_records/create
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<UsageRecord> = pick(req.body, ['timestamp', 'quantity', 'subscription_item_id', 'metadata']);
+  if (raw.metadata) {
+    raw.metadata = formatMetadata(raw.metadata);
+  }
+
+  const item = await SubscriptionItem.findByPk(raw.subscription_item_id);
+  if (!item) {
+    return res.status(400).json({ error: `SubscriptionItem not found: ${raw.subscription_item_id}` });
+  }
+
+  // @ts-ignore
+  if (!raw.timestamp || raw.timestamp === 'now') {
+    raw.timestamp = dayjs().unix();
+  }
+
+  const exist = await UsageRecord.findOne({ where: { timestamp: raw.timestamp } });
+  if (exist) {
+    if (req.body.action === 'increment') {
+      await exist.increment('quantity', { by: raw.quantity });
+    } else {
+      const subscription = await Subscription.findByPk(item.subscription_id);
+      if (subscription?.billing_thresholds) {
+        return res
+          .status(400)
+          .json({ error: 'UsageRecord action must be increment for subscriptions with billing_thresholds' });
+      }
+      await exist.update({ quantity: raw.quantity });
+    }
+  }
+
+  raw.livemode = req.livemode;
+  const doc = await UsageRecord.create(raw as UsageRecord);
+  return res.json(doc);
+});
+
+// @link https://stripe.com/docs/api/usage_records/subscription_item_summary_list
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  subscription_item_id: string;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  subscription_item_id: Joi.string().required(),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+
+  try {
+    const item = await SubscriptionItem.findByPk(query.subscription_item_id, {
+      include: [{ model: Price, as: 'price' }],
+    });
+    if (!item) {
+      return res.status(400).json({ error: `SubscriptionItem not found: ${query.subscription_item_id}` });
+    }
+
+    // const subscription = await Subscription.findByPk(item.subscription_id);
+    // const result = await UsageRecord.getSummary(
+    //   item.id,
+    //   subscription?.current_period_start as number,
+    //   subscription?.current_period_end as number,
+    //   // @ts-ignore
+    //   item.price.recurring.aggregate_usage
+    // );
+    // return res.json({ result });
+
+    const { rows, count } = await Invoice.findAndCountAll({
+      where: { subscription_id: item.subscription_id },
+      attributes: ['id', 'period_end', 'period_start'],
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+    });
+
+    const list = await Promise.all(
+      rows.map(async (invoice) => {
+        return {
+          livemode: invoice.livemode,
+          invoice_id: invoice.id,
+          subscription_item_id: item.id,
+          total_usage: await UsageRecord.getSummary(
+            item.id,
+            invoice.period_start,
+            invoice.period_end,
+            // @ts-ignore
+            item.price.recurring.aggregate_usage
+          ),
+          period: {
+            start: invoice.period_start,
+            end: invoice.period_end,
+          },
+        };
+      })
+    );
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+export default router;

package/api/src/routes/webhook-attempts.ts

@@ -0,0 +1,57 @@
+import { Router } from 'express';
+import Joi from 'joi';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { Event, WebhookAttempt, WebhookEndpoint } from '../store/models';
+
+const router = Router();
+const auth = authenticate<WebhookAttempt>({ component: true, roles: ['owner', 'admin'] });
+
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  livemode?: boolean;
+  event_id?: string;
+  webhook_endpoint_id?: string;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  livemode: Joi.boolean().empty(''),
+  event_id: Joi.string().empty(''),
+  webhook_endpoint_id: Joi.string().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<WebhookAttempt> = {};
+
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+  if (query.event_id) {
+    where.event_id = query.event_id;
+  }
+  if (query.webhook_endpoint_id) {
+    where.webhook_endpoint_id = query.webhook_endpoint_id;
+  }
+
+  try {
+    const { rows: list, count } = await WebhookAttempt.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [
+        { model: Event, as: 'event' },
+        { model: WebhookEndpoint, as: 'endpoint' },
+      ],
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+export default router;

package/api/src/routes/webhook-endpoints.ts

@@ -0,0 +1,105 @@
+import { Router } from 'express';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+import type { WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { formatMetadata } from '../libs/util';
+import { WebhookEndpoint } from '../store/models';
+
+const router = Router();
+const auth = authenticate<WebhookEndpoint>({ component: true, roles: ['owner', 'admin'] });
+
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<WebhookEndpoint> = pick(req.body, ['url', 'description', 'metadata', 'status', 'enabled_events']);
+  const exist = await WebhookEndpoint.findOne({ where: { url: raw.url } });
+  if (exist) {
+    return res.status(400).json({ error: 'webhook endpoint with same url already exist' });
+  }
+
+  raw.livemode = req.livemode;
+  raw.api_version = '2023-09-05';
+  raw.status = raw.status || 'enabled';
+  if (raw.metadata) {
+    raw.metadata = formatMetadata(raw.metadata);
+  }
+
+  const doc = await WebhookEndpoint.create(raw as WebhookEndpoint);
+  return res.json(doc);
+});
+
+const schema = Joi.object<{
+  page: number;
+  size: number;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  size: Joi.number().integer().min(1).max(100).default(20),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<WebhookEndpoint> = {};
+
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await WebhookEndpoint.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * size,
+      limit: size,
+      include: [],
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+router.get('/:id', auth, async (req, res) => {
+  try {
+    const doc = await WebhookEndpoint.findOne({
+      where: { id: req.params.id },
+      include: [],
+    });
+    res.json(doc);
+  } catch (err) {
+    console.error(err);
+    res.json(null);
+  }
+});
+
+router.put('/:id', auth, async (req, res) => {
+  const doc = await WebhookEndpoint.findByPk(req.params.id as string);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'webhook endpoint not found' });
+  }
+
+  const updates: Partial<WebhookEndpoint> = pick(req.body, ['description', 'metadata', 'status', 'enabled_events']);
+  if (updates.metadata) {
+    updates.metadata = formatMetadata(updates.metadata);
+  }
+
+  await doc.update(updates);
+
+  return res.json(doc);
+});
+
+router.delete('/:id', auth, async (req, res) => {
+  const doc = await WebhookEndpoint.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'webhook endpoint not found' });
+  }
+
+  await doc.destroy();
+  return res.json(doc);
+});
+
+export default router;

package/api/src/store/migrate.ts

@@ -0,0 +1,16 @@
+import { SequelizeStorage, Umzug } from 'umzug';
+
+import { sequelize } from './sequelize';
+
+const umzug = new Umzug({
+  migrations: { glob: ['migrations/*.{ts,js}', { cwd: __dirname }] },
+  context: sequelize.getQueryInterface(),
+  storage: new SequelizeStorage({ sequelize }),
+  logger: console,
+});
+
+export default function migrate() {
+  return umzug.up();
+}
+
+export type Migration = typeof umzug._types.migration;

package/api/src/store/migrations/20230905-genesis.ts

@@ -0,0 +1,52 @@
+import type { Migration } from '../migrate';
+import models from '../models';
+
+export const up: Migration = async ({ context: queryInterface }) => {
+  await queryInterface.createTable('checkout_sessions', models.CheckoutSession.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('coupons', models.Coupon.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('customers', models.Customer.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('discounts', models.Discount.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('events', models.Event.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('jobs', models.Job.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('invoices', models.Invoice.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('invoice_items', models.InvoiceItem.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('payment_currencies', models.PaymentCurrency.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('payment_intents', models.PaymentIntent.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('payment_links', models.PaymentLink.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('payment_methods', models.PaymentMethod.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('prices', models.Price.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('products', models.Product.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('promotion_codes', models.PromotionCode.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('setup_intents', models.SetupIntent.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('subscription_items', models.SubscriptionItem.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('subscription_schedules', models.SubscriptionSchedule.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('subscriptions', models.Subscription.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('usage_records', models.UsageRecord.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('webhook_attempts', models.WebhookAttempt.GENESIS_ATTRIBUTES);
+  await queryInterface.createTable('webhook_endpoints', models.WebhookEndpoint.GENESIS_ATTRIBUTES);
+};
+
+export const down: Migration = async ({ context: queryInterface }) => {
+  await queryInterface.dropTable('checkout_sessions');
+  await queryInterface.dropTable('coupons');
+  await queryInterface.dropTable('customers');
+  await queryInterface.dropTable('discounts');
+  await queryInterface.dropTable('events');
+  await queryInterface.dropTable('jobs');
+  await queryInterface.dropTable('invoices');
+  await queryInterface.dropTable('invoice_items');
+  await queryInterface.dropTable('payment_currencies');
+  await queryInterface.dropTable('payment_intents');
+  await queryInterface.dropTable('payment_links');
+  await queryInterface.dropTable('payment_methods');
+  await queryInterface.dropTable('prices');
+  await queryInterface.dropTable('products');
+  await queryInterface.dropTable('promotion_codes');
+  await queryInterface.dropTable('setup_intents');
+  await queryInterface.dropTable('subscription_items');
+  await queryInterface.dropTable('subscription_schedules');
+  await queryInterface.dropTable('subscriptions');
+  await queryInterface.dropTable('usage_records');
+  await queryInterface.dropTable('webhook_endpoints');
+  await queryInterface.dropTable('webhook_attempts');
+};