payment-kit 1.13.17 → 1.13.19

package/api/src/routes/connect/subscribe.ts

@@ -9,10 +9,17 @@ import { subscriptionQueue } from '../../jobs/subscription';
 import type { CallbackArgs } from '../../libs/auth';
 import { wallet } from '../../libs/auth';
 import { getClient } from '../../libs/chain/arcblock';
-import { ensureInvoiceForCheckout, ensurePaymentIntent } from './shared';
+import { ensureInvoiceForCheckout, ensurePaymentIntent, getAuthPrincipalClaim } from './shared';
 
 export default {
   action: 'subscription',
+  authPrincipal: false,
+  claims: {
+    authPrincipal: async ({ extraParams }: CallbackArgs) => {
+      const { paymentMethod } = await ensurePaymentIntent(extraParams.checkoutSessionId);
+      return getAuthPrincipalClaim(paymentMethod, 'pay');
+    },
+  },
   onConnect: async ({ userDid, userPk, extraParams }: CallbackArgs) => {
     const { checkoutSessionId } = extraParams;
     const { checkoutSession, paymentMethod, paymentCurrency, subscription } = await ensurePaymentIntent(
@@ -23,7 +30,6 @@ export default {
       throw new Error('Subscription for checkoutSession not found');
     }
 
-    // TODO: support multiple chain and multiple currency
     if (paymentMethod.type === 'arcblock') {
       if (checkoutSession.amount_total > '0') {
         const client = getClient(paymentMethod.settings.arcblock?.api_host as string);
@@ -45,7 +51,6 @@ export default {
             itx: {
               address: toDelegateAddress(userDid, wallet.address),
               to: wallet.address,
-              // FIXME: we need to enforce which token can be transferred, and how much, and at what interval on chain
               ops: [{ typeUrl: 'fg:t:transfer_v2', rules: [] }],
               data: {
                 type: 'json',
@@ -104,8 +109,10 @@ export default {
 
       await subscription.update({
         payment_details: {
-          tx_hash: txHash,
-          payer: userDid,
+          arcblock: {
+            tx_hash: txHash,
+            payer: userDid,
+          },
         },
       });
 

package/api/src/routes/customers.ts

@@ -11,15 +11,15 @@ const auth = authenticate<Customer>({ component: true, roles: ['owner', 'admin']
 
 const schema = Joi.object<{
   page: number;
-  size: number;
+  pageSize: number;
   livemode?: boolean;
 }>({
   page: Joi.number().integer().min(1).default(1),
-  size: Joi.number().integer().min(1).max(100).default(20),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
   livemode: Joi.boolean().empty(''),
 });
 router.get('/', auth, async (req, res) => {
-  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
   const where: WhereOptions<Customer> = {};
 
   if (typeof query.livemode === 'boolean') {
@@ -30,8 +30,8 @@ router.get('/', auth, async (req, res) => {
     const { rows: list, count } = await Customer.findAndCountAll({
       where,
       order: [['created_at', 'DESC']],
-      offset: (page - 1) * size,
-      limit: size,
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
       include: [],
     });
 

package/api/src/routes/events.ts

@@ -10,19 +10,19 @@ const auth = authenticate<Event>({ component: true, roles: ['owner', 'admin'] })
 
 const schema = Joi.object<{
   page: number;
-  size: number;
+  pageSize: number;
   livemode?: boolean;
   type?: string;
   object_id?: string;
 }>({
   page: Joi.number().integer().min(1).default(1),
-  size: Joi.number().integer().min(1).max(100).default(20),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
   livemode: Joi.boolean().empty(''),
   type: Joi.string().empty(''),
   object_id: Joi.string().empty(''),
 });
 router.get('/', auth, async (req, res) => {
-  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
   const where: WhereOptions<Event> = {};
 
   if (query.type) {
@@ -32,7 +32,10 @@ router.get('/', auth, async (req, res) => {
       .filter(Boolean);
   }
   if (query.object_id) {
-    where.object_id = query.object_id;
+    where.object_id = query.object_id
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
   }
   if (typeof query.livemode === 'boolean') {
     where.livemode = query.livemode;
@@ -43,8 +46,8 @@ router.get('/', auth, async (req, res) => {
       where,
       attributes: { exclude: ['data', 'request'] },
       order: [['created_at', 'DESC']],
-      offset: (page - 1) * size,
-      limit: size,
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
       include: [],
     });
 

package/api/src/routes/index.ts

@@ -4,6 +4,7 @@ import { PaymentCurrency } from '../store/models/payment-currency';
 import checkoutSessions from './checkout-sessions';
 import customers from './customers';
 import events from './events';
+import stripe from './integrations/stripe';
 import invoices from './invoices';
 import paymentCurrencies from './payment-currencies';
 import paymentIntents from './payment-intents';
@@ -43,6 +44,7 @@ router.use('/checkout-sessions', checkoutSessions);
 router.use('/customers', customers);
 router.use('/events', events);
 router.use('/invoices', invoices);
+router.use('/integrations/stripe', stripe);
 router.use('/payment-intents', paymentIntents);
 router.use('/payment-links', paymentLinks);
 router.use('/payment-methods', paymentMethods);

package/api/src/routes/integrations/stripe.ts

@@ -0,0 +1,64 @@
+import env from '@blocklet/sdk/lib/env';
+import express, { NextFunction, Request, Response, Router } from 'express';
+import get from 'lodash/get';
+
+import handleStripeEvent from '../../integrations/stripe/handlers';
+import logger from '../../libs/logger';
+import { STRIPE_EVENTS } from '../../libs/util';
+import { PaymentMethod } from '../../store/models';
+
+const router = Router();
+
+const verifyWebhookSig = async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const signature = req.get('stripe-signature');
+    if (!signature) {
+      return res.status(400).json({ error: 'No stripe webhook signature found' });
+    }
+
+    const json = JSON.parse(req.body.toString('utf8'));
+    const method = await PaymentMethod.findOne({ where: { type: 'stripe', livemode: json.livemode } });
+    if (!method) {
+      return res.status(400).json({ error: 'No stripe payment method found' });
+    }
+
+    const stripe = method.getStripe();
+    const settings = PaymentMethod.decryptSettings(method.settings);
+    const secret =
+      process.env.BLOCKLET_MODE === 'development' && process.env.STRIPE_WEBHOOK_SECRET
+        ? process.env.STRIPE_WEBHOOK_SECRET
+        : settings.stripe?.webhook_signing_secret;
+    req.stripeEvent = stripe.webhooks.constructEvent(req.body, signature, secret as string);
+    req.stripeClient = stripe;
+
+    return next();
+  } catch (err) {
+    logger.error('verify signature error', { error: err });
+    return res.status(400).json({ error: err.message });
+  }
+};
+
+const handleEvent = async (req: Request, res: Response) => {
+  const { stripeEvent, stripeClient } = req;
+
+  if (STRIPE_EVENTS.includes(stripeEvent.type) === false) {
+    logger.debug('webhook event not interested', { id: stripeEvent.id, type: stripeEvent.type });
+    return res.status(400).json({ error: 'Not implemented' });
+  }
+
+  // only events from this app should be processed
+  const appPid = get(stripeEvent, 'data.object.metadata.appPid');
+  if (appPid && appPid !== env.appPid) {
+    logger.debug('webhook event for other app', { id: stripeEvent.id, type: stripeEvent.type });
+    return res.json({ received: true });
+  }
+
+  logger.debug('webhook received event', { id: stripeEvent.id, type: stripeEvent.type });
+  await handleStripeEvent(stripeEvent, stripeClient);
+
+  return res.json({ received: true });
+};
+
+router.post('/webhook', express.raw({ type: 'application/json' }), verifyWebhookSig, handleEvent);
+
+export default router;

package/api/src/routes/invoices.ts

@@ -29,7 +29,7 @@ const authPortal = authenticate<Invoice>({
 
 const schema = Joi.object<{
   page: number;
-  size: number;
+  pageSize: number;
   livemode?: boolean;
   status?: string;
   customer_id?: string;
@@ -37,7 +37,7 @@ const schema = Joi.object<{
   subscription_id?: string;
 }>({
   page: Joi.number().integer().min(1).default(1),
-  size: Joi.number().integer().min(1).max(100).default(20),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
   livemode: Joi.boolean().empty(''),
   status: Joi.string().empty(''),
   customer_id: Joi.string().empty(''),
@@ -45,11 +45,14 @@ const schema = Joi.object<{
   subscription_id: Joi.string().empty(''),
 });
 router.get('/', authMine, async (req, res) => {
-  const { page, size, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+  const { page, pageSize, livemode, status, ...query } = await schema.validateAsync(req.query, {
+    stripUnknown: false,
+    allowUnknown: true,
+  });
   const where: WhereOptions<Invoice> = {};
 
-  if (query.status) {
-    where.status = query.status
+  if (status) {
+    where.status = status
       .split(',')
       .map((x) => x.trim())
       .filter(Boolean);
@@ -66,16 +69,23 @@ router.get('/', authMine, async (req, res) => {
   if (query.subscription_id) {
     where.subscription_id = query.subscription_id;
   }
-  if (typeof query.livemode === 'boolean') {
-    where.livemode = query.livemode;
+  if (typeof livemode === 'boolean') {
+    where.livemode = livemode;
   }
 
+  Object.keys(query)
+    .filter((x) => x.startsWith('metadata.'))
+    .forEach((key: string) => {
+      // @ts-ignore
+      where[key] = query[key];
+    });
+
   try {
     const { rows: list, count } = await Invoice.findAndCountAll({
       where,
       order: [['created_at', 'DESC']],
-      offset: (page - 1) * size,
-      limit: size,
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
       include: [
         { model: PaymentCurrency, as: 'paymentCurrency' },
         // { model: PaymentMethod, as: 'paymentMethod' },

package/api/src/routes/payment-intents.ts

@@ -27,7 +27,7 @@ const authPortal = authenticate<PaymentIntent>({
 // list payment links
 const paginationSchema = Joi.object<{
   page: number;
-  size: number;
+  pageSize: number;
   status?: string;
   livemode?: boolean;
   invoice_id?: string;
@@ -35,7 +35,7 @@ const paginationSchema = Joi.object<{
   customer_did?: string;
 }>({
   page: Joi.number().integer().min(1).default(1),
-  size: Joi.number().integer().min(1).max(100).default(20),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
   status: Joi.string().empty(''),
   livemode: Joi.boolean().empty(''),
   invoice_id: Joi.string().empty(''),
@@ -43,11 +43,14 @@ const paginationSchema = Joi.object<{
   customer_did: Joi.string().empty(''),
 });
 router.get('/', authMine, async (req, res) => {
-  const { page, size, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const { page, pageSize, status, livemode, ...query } = await paginationSchema.validateAsync(req.query, {
+    stripUnknown: false,
+    allowUnknown: true,
+  });
   const where: WhereOptions<PaymentIntent> = {};
 
-  if (query.status) {
-    where.status = query.status
+  if (status) {
+    where.status = status
       .split(',')
       .map((x) => x.trim())
       .filter(Boolean);
@@ -64,16 +67,23 @@ router.get('/', authMine, async (req, res) => {
   if (query.invoice_id) {
     where.invoice_id = query.invoice_id;
   }
-  if (typeof query.livemode === 'boolean') {
-    where.livemode = query.livemode;
+  if (typeof livemode === 'boolean') {
+    where.livemode = livemode;
   }
 
+  Object.keys(query)
+    .filter((x) => x.startsWith('metadata.'))
+    .forEach((key: string) => {
+      // @ts-ignore
+      where[key] = query[key];
+    });
+
   try {
     const { rows: list, count } = await PaymentIntent.findAndCountAll({
       where,
       order: [['created_at', 'DESC']],
-      offset: (page - 1) * size,
-      limit: size,
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
       include: [
         { model: PaymentCurrency, as: 'paymentCurrency' },
         { model: PaymentMethod, as: 'paymentMethod' },

package/api/src/routes/payment-links.ts

@@ -2,9 +2,10 @@ import { Router } from 'express';
 import Joi from 'joi';
 // import isEmpty from 'lodash/isEmpty';
 import pick from 'lodash/pick';
-import type { WhereOptions } from 'sequelize';
+import { Op, WhereOptions } from 'sequelize';
 
 import { authenticate } from '../libs/security';
+import { isLineItemAligned } from '../libs/session';
 import { formatMetadata } from '../libs/util';
 import { PaymentLink } from '../store/models/payment-link';
 import { Price } from '../store/models/price';
@@ -29,7 +30,6 @@ const formatBeforeSave = (payload: any) => {
         terms_of_service: 'none',
       },
       invoice_creation: {
-        // FIXME: force to true if we are subscription
         enabled: false,
       },
       phone_number_collection: {
@@ -60,13 +60,16 @@ const formatBeforeSave = (payload: any) => {
     ])
   );
   if (raw.after_completion?.type === 'hosted_confirmation') {
-    delete raw.after_completion?.redirect;
+    // @ts-ignore
+    raw.after_completion.redirect = null;
   }
   if (raw.after_completion?.type === 'redirect') {
-    delete raw.after_completion?.hosted_confirmation;
+    // @ts-ignore
+    raw.after_completion.hosted_confirmation = null;
   }
   if (!payload.include_free_trial) {
-    delete raw.subscription_data;
+    // @ts-ignore
+    raw.subscription_data = null;
   }
 
   raw.line_items?.forEach((x) => {
@@ -81,8 +84,8 @@ const formatBeforeSave = (payload: any) => {
   return raw;
 };
 
-// create payment link
 // FIXME: @wangshijun use schema validation
+// eslint-disable-next-line consistent-return
 router.post('/', auth, async (req, res) => {
   const raw: Partial<PaymentLink> = formatBeforeSave(req.body);
   raw.active = true;
@@ -90,10 +93,26 @@ router.post('/', auth, async (req, res) => {
   raw.created_via = req.user?.via;
   raw.currency_id = raw.currency_id || req.currency.id;
 
-  const link = await PaymentLink.create(raw as PaymentLink);
+  if (!raw.line_items?.length) {
+    return res.status(400).json({ error: 'line_items should not be empty for payment link' });
+  }
+
+  const items = await Price.expand(raw.line_items);
+  for (let i = 0; i < items.length; i++) {
+    const result = isLineItemAligned(items, i);
+    if (result.currency === false) {
+      return res.status(400).json({ error: 'line_items should have same currency' });
+    }
+    if (result.recurring === false) {
+      return res.status(400).json({ error: 'line_items should have same recurring' });
+    }
+  }
 
-  // lock prices
-  await Promise.all(link.line_items.map((x) => Price.update({ locked: true }, { where: { id: x.price_id } })));
+  if (items.some((x) => x.price.type === 'recurring')) {
+    raw.invoice_creation = { enabled: true };
+  }
+
+  const link = await PaymentLink.create(raw as PaymentLink);
 
   res.json(link);
 });
@@ -101,18 +120,18 @@ router.post('/', auth, async (req, res) => {
 // list payment links
 const paginationSchema = Joi.object<{
   page: number;
-  size: number;
+  pageSize: number;
   active?: boolean;
   livemode?: boolean;
 }>({
   page: Joi.number().integer().min(1).default(1),
-  size: Joi.number().integer().min(1).max(100).default(20),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
   active: Joi.boolean().empty(''),
   livemode: Joi.boolean().empty(''),
 });
 router.get('/', auth, async (req, res) => {
-  const { page, size, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
-  const where: WhereOptions<PaymentLink> = {};
+  const { page, pageSize, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<PaymentLink> = { id: { [Op.notIn]: [`plink_${req.user?.did}`] } };
 
   if (typeof query.active === 'boolean') {
     where.active = query.active;
@@ -125,8 +144,8 @@ router.get('/', auth, async (req, res) => {
     const { rows: list, count } = await PaymentLink.findAndCountAll({
       where,
       order: [['created_at', 'DESC']],
-      offset: (page - 1) * size,
-      limit: size,
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
       include: [],
     });
 
@@ -218,4 +237,27 @@ router.delete('/:id', auth, async (req, res) => {
   return res.json(doc);
 });
 
+router.post('/stash', auth, async (req, res) => {
+  try {
+    const raw: Partial<PaymentLink> = req.body;
+    raw.id = `plink_${req.user?.did}`;
+    raw.active = true;
+    raw.livemode = !!req.livemode;
+    raw.created_via = req.user?.via;
+    raw.created_via = 'portal';
+    raw.currency_id = raw.currency_id || req.currency.id;
+
+    let doc = await PaymentLink.findByPk(raw.id);
+    if (doc) {
+      await doc.update(formatBeforeSave(req.body));
+    } else {
+      doc = await PaymentLink.create(raw as PaymentLink);
+    }
+    res.json(doc);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
 export default router;

package/api/src/routes/payment-methods.ts

@@ -1,14 +1,94 @@
+import { getUrl } from '@blocklet/sdk/lib/component';
 import { Router } from 'express';
 import { InferAttributes, Op, WhereOptions } from 'sequelize';
 
+import { ensureWebhookRegistered } from '../integrations/stripe/setup';
 import { authenticate } from '../libs/security';
 import { PaymentCurrency } from '../store/models/payment-currency';
-import { PaymentMethod } from '../store/models/payment-method';
+import { PaymentMethod, TPaymentMethod } from '../store/models/payment-method';
 
 const router = Router();
 
 const auth = authenticate<PaymentMethod>({ component: true, roles: ['owner', 'admin'] });
 
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<TPaymentMethod> = req.body;
+
+  raw.livemode = req.livemode;
+  raw.locked = false;
+  raw.active = true;
+
+  if (!raw.name) {
+    return res.status(400).json({ error: 'payment method name is required' });
+  }
+  if (!raw.description) {
+    return res.status(400).json({ error: 'payment method description is required' });
+  }
+
+  if (!raw.settings) {
+    return res.status(400).json({ error: 'payment method settings is required' });
+  }
+
+  if (raw.type === 'stripe') {
+    const exist = await PaymentMethod.findOne({ where: { type: 'stripe', livemode: raw.livemode } });
+    if (exist) {
+      return res.status(400).json({ error: 'stripe payment method already exist' });
+    }
+
+    if (!raw.settings.stripe?.publishable_key) {
+      return res.status(400).json({ error: 'stripe publishable key is required' });
+    }
+    if (!raw.settings.stripe?.secret_key) {
+      return res.status(400).json({ error: 'stripe secret key is required' });
+    }
+
+    raw.settings = PaymentMethod.encryptSettings(raw.settings);
+    raw.logo = getUrl('/methods/stripe.png');
+    raw.features = {
+      recurring: true,
+      refund: true,
+      dispute: true,
+    };
+    raw.confirmation = {
+      type: 'callback',
+    };
+
+    const method = await PaymentMethod.create(raw as TPaymentMethod);
+
+    // create default currency
+    // FIXME: make this configurable
+    const currency = await PaymentCurrency.create({
+      livemode: method.livemode,
+      active: method.active,
+      locked: false,
+      is_base_currency: false,
+      payment_method_id: method.id,
+
+      name: 'Dollar',
+      description: 'US Dollar',
+      logo: getUrl('/currencies/dollar.png'),
+      symbol: 'USD', // same currency code as stripe
+      decimal: 2,
+
+      minimum_payment_amount: '1', // cent
+      maximum_payment_amount: '100000000000', // billion
+
+      contract: '',
+      metadata: {},
+    });
+
+    await method.update({ default_currency_id: currency.id });
+
+    ensureWebhookRegistered().catch(console.error);
+
+    return res.json({ ...method.toJSON(), payment_currencies: [currency.toJSON()] });
+  }
+
+  // FIXME: support add more payment methods
+
+  return res.status(400).json({ error: 'payment method type is not supported' });
+});
+
 router.get('/', auth, async (req, res) => {
   const { query } = req;
   const where: WhereOptions<InferAttributes<PaymentMethod>> = {};
@@ -28,6 +108,23 @@ router.get('/', auth, async (req, res) => {
   res.json(list);
 });
 
+router.get('/types', auth, (_, res) => {
+  res.json([
+    {
+      type: 'arcblock',
+      name: 'ArcBlock',
+      description: 'Instant payment with ArcBlock chain',
+      logo: getUrl('/methods/arcblock.png'),
+    },
+    {
+      type: 'stripe',
+      name: 'Stripe',
+      description: 'Pay with credit card or bank account',
+      logo: getUrl('/methods/stripe.png'),
+    },
+  ]);
+});
+
 router.get('/:id', auth, async (req, res) => {
   const doc = await PaymentMethod.findOne({
     where: { [Op.or]: [{ id: req.params.id }, { name: req.params.id }] },