payment-kit 1.13.23 → 1.13.25

package/README.md

@@ -15,3 +15,7 @@ The decentralized stripe for blocklet platform.
 1. Install and login with instructions from: https://stripe.com/docs/stripe-cli
 2. Start your local payment-kit server, get it's port
 3. Run `stripe listen --forward-to http://127.0.0.1:8188/api/integrations/stripe/webhook --log-level=debug --latest`
+
+### Test Stripe
+
+Invoices for subscriptions are not finalized automatically. You can use stripe postman collection to finalize it and then confirm the payment.

package/api/src/integrations/stripe/handlers/invoice.ts

@@ -219,10 +219,10 @@ export async function handleInvoiceEvent(event: TEventExpanded, client: Stripe)
       try {
         await waitForStripeInvoiceMirrored(event.data.object.id);
       } catch (err) {
-        logger.error('wait for stripe invoice mirror error', { localInvoiceId, error: err });
+        logger.error('wait for stripe invoice mirror error', { id: event.id, type: event.type, error: err });
       }
 
-      logger.warn('local invoice id not found in strip event', { localInvoiceId });
+      logger.warn('local invoice id not found in strip event', { id: event.id, type: event.type });
       return;
     }
   }

package/api/src/integrations/stripe/handlers/payment-intent.ts

@@ -123,10 +123,10 @@ export async function handlePaymentIntentEvent(event: TEventExpanded, client: St
     try {
       await waitForStripePaymentMirrored(event.data.object.id);
     } catch (err) {
-      logger.error('wait for stripe payment intent mirror error', { localIntentId, error: err });
+      logger.error('wait for stripe payment intent mirror error', { id: event.id, type: event.type, error: err });
     }
 
-    logger.warn('local payment intent id not found in strip event', { localIntentId });
+    logger.warn('local payment intent id not found in strip event', { id: event.id, type: event.type });
     return;
   }
 

package/api/src/integrations/stripe/handlers/setup-intent.ts

@@ -11,7 +11,7 @@ export async function handleSetupIntentEvent(event: TEventExpanded, _: Stripe) {
   });
 
   if (!subscription) {
-    logger.warn('local subscription not found for setup intent', { stripeIntentId });
+    logger.warn('local subscription not found for setup intent', { id: event.id, type: event.type, stripeIntentId });
     return;
   }
 

package/api/src/integrations/stripe/handlers/subscription.ts

@@ -26,12 +26,12 @@ export async function handleStripeSubscriptionSucceed(subscription: Subscription
 export async function handleSubscriptionEvent(event: TEventExpanded, _: Stripe) {
   const localSubscriptionId = event.data.object.metadata?.id;
   if (!localSubscriptionId) {
-    logger.warn('local subscription id not found in strip event', { localSubscriptionId });
+    logger.warn('local subscription id not found in strip event', { id: event.id, type: event.type });
     return;
   }
   const subscription = await Subscription.findByPk(localSubscriptionId);
   if (!subscription) {
-    logger.warn('local subscription not found', { localSubscriptionId });
+    logger.warn('local subscription not found', { id: event.id, type: event.type, localSubscriptionId });
     return;
   }
 

package/api/src/jobs/event.ts

@@ -1,11 +1,13 @@
 import { Op } from 'sequelize';
 
+import { events } from '../libs/event';
 import logger from '../libs/logger';
 import createQueue from '../libs/queue';
+import { getWebhookJobId } from '../libs/util';
 import { Event } from '../store/models/event';
 import { WebhookAttempt } from '../store/models/webhook-attempt';
 import { WebhookEndpoint } from '../store/models/webhook-endpoint';
-import { getJobId, webhookQueue } from './webhook';
+import { webhookQueue } from './webhook';
 
 type EventJob = {
   eventId: string;
@@ -43,7 +45,7 @@ export const handleEvent = async (job: EventJob) => {
     if (!attempted) {
       logger.info('schedule initial attempt for event', job);
       webhookQueue.push({
-        id: getJobId(event.id, webhook.id),
+        id: getWebhookJobId(event.id, webhook.id),
         job: { eventId: event.id, webhookId: webhook.id },
       });
     }
@@ -60,14 +62,14 @@ export const eventQueue = createQueue<EventJob>({
 });
 
 export const startEventQueue = async () => {
-  const events = await Event.findAll({
+  const docs = await Event.findAll({
     where: {
       pending_webhooks: { [Op.gt]: 0 },
     },
     attributes: ['id'],
   });
 
-  events.forEach(async (x) => {
+  docs.forEach(async (x) => {
     const exist = await eventQueue.get(x.id);
     if (!exist) {
       eventQueue.push({ id: x.id, job: { eventId: x.id } });
@@ -78,3 +80,7 @@ export const startEventQueue = async () => {
 eventQueue.on('failed', ({ id, job, error }) => {
   logger.error('event job failed', { id, job, error });
 });
+
+events.on('event.created', (event) => {
+  eventQueue.push({ id: event.id, job: { eventId: event.id } });
+});

package/api/src/jobs/webhook.ts

@@ -4,8 +4,10 @@ import axios, { AxiosError } from 'axios';
 import { wallet } from '../libs/auth';
 import logger from '../libs/logger';
 import createQueue from '../libs/queue';
-import { MAX_RETRY_COUNT, getNextRetry, md5 } from '../libs/util';
+import { MAX_RETRY_COUNT, getNextRetry, getWebhookJobId } from '../libs/util';
+import { Customer } from '../store/models/customer';
 import { Event } from '../store/models/event';
+import { PaymentCurrency } from '../store/models/payment-currency';
 import { WebhookAttempt } from '../store/models/webhook-attempt';
 import { WebhookEndpoint } from '../store/models/webhook-endpoint';
 
@@ -14,10 +16,6 @@ type WebhookJob = {
   webhookId: string;
 };
 
-export const getJobId = (eventId: string, webhookId: string) => {
-  return md5([eventId, webhookId].join('-'));
-};
-
 // https://stripe.com/docs/webhooks
 export const handleWebhook = async (job: WebhookJob) => {
   logger.info('handle webhook', job);
@@ -45,16 +43,27 @@ export const handleWebhook = async (job: WebhookJob) => {
   const retryCount = lastRetryCount ? +lastRetryCount + 1 : 1;
 
   try {
+    const json = event.toJSON();
+
+    // expand basic fields
+    const { object } = json.data;
+    if (object.customer_id && !object.customer) {
+      object.customer = await Customer.findByPk(object.customer_id);
+    }
+    if (object.currency_id && !object.currency) {
+      object.currency = await PaymentCurrency.findByPk(object.currency_id);
+    }
+
     // verify similar to component call, but supports external urls
     const result = await axios({
       url: webhook.url,
       method: 'POST',
       timeout: 60 * 1000,
-      data: event.toJSON(),
+      data: json,
       headers: {
         'x-app-id': wallet.address,
         'x-app-pk': wallet.publicKey,
-        'x-component-sig': sign(event.toJSON()),
+        'x-component-sig': sign(json),
         'x-component-did': process.env.BLOCKLET_COMPONENT_DID as string,
       },
     });
@@ -87,7 +96,7 @@ export const handleWebhook = async (job: WebhookJob) => {
     if (retryCount < MAX_RETRY_COUNT) {
       process.nextTick(() => {
         webhookQueue.push({
-          id: getJobId(event.id, webhook.id),
+          id: getWebhookJobId(event.id, webhook.id),
           job: { eventId: event.id, webhookId: webhook.id },
           runAt: getNextRetry(retryCount),
         });

package/api/src/libs/audit.ts

@@ -1,7 +1,7 @@
 import pick from 'lodash/pick';
 
-import { eventQueue } from '../jobs/event';
 import { Event } from '../store/models/event';
+import { events } from './event';
 
 export async function createEvent(scope: string, type: string, model: any, options: any) {
   // console.log('createEvent', scope, type, model, options);
@@ -28,7 +28,7 @@ export async function createEvent(scope: string, type: string, model: any, optio
     pending_webhooks: 99, // force all events goto the event queue
   });
 
-  eventQueue.push({ id: event.id, job: { eventId: event.id } });
+  events.emit('event.created', { id: event.id });
 }
 
 export async function createStatusEvent(
@@ -69,5 +69,5 @@ export async function createStatusEvent(
     pending_webhooks: 99, // force all events goto the event queue
   });
 
-  eventQueue.push({ id: event.id, job: { eventId: event.id } });
+  events.emit('event.created', { id: event.id });
 }

package/api/src/libs/event.ts

@@ -0,0 +1,3 @@
+import EventEmitter from 'events';
+
+export const events = new EventEmitter();

package/api/src/libs/util.ts

@@ -66,6 +66,7 @@ export function createCodeGenerator(prefix: string, size: number = 24) {
   return prefix ? () => `${prefix}_${generator()}` : generator;
 }
 
+// FIXME: merge with old metadata
 export function formatMetadata(metadata?: Record<string, any>): Record<string, any> {
   if (!metadata) {
     return {};
@@ -137,3 +138,7 @@ export const getNextRetry = (retryCount: number) => {
   const now = dayjs().unix();
   return now + delay;
 };
+
+export const getWebhookJobId = (eventId: string, webhookId: string) => {
+  return md5([eventId, webhookId].join('-'));
+};

package/api/src/routes/checkout-sessions.ts

@@ -61,7 +61,7 @@ const getPaymentTypes = async (items: any[]) => {
   return methods.map((x) => x.type);
 };
 
-const formatBeforeSave = async (payload: any, throwOnEmptyItems = true) => {
+export const formatCheckoutSession = async (payload: any, throwOnEmptyItems = true) => {
   const raw: Partial<CheckoutSession> = Object.assign(
     {
       allow_promotion_codes: false,
@@ -172,7 +172,7 @@ const formatBeforeSave = async (payload: any, throwOnEmptyItems = true) => {
 
 // create checkout session
 router.post('/', auth, async (req, res) => {
-  const raw: Partial<CheckoutSession> = await formatBeforeSave(req.body);
+  const raw: Partial<CheckoutSession> = await formatCheckoutSession(req.body);
   raw.livemode = !!req.livemode;
   raw.created_via = req.user?.via as string;
 
@@ -197,7 +197,7 @@ router.post('/start/:id', user, async (req, res) => {
 
   const items = await Price.expand(link.line_items);
 
-  const raw: Partial<CheckoutSession> = await formatBeforeSave(link, false);
+  const raw: Partial<CheckoutSession> = await formatCheckoutSession(link, false);
   raw.livemode = link.livemode;
   raw.created_via = 'portal';
   raw.currency_id = link.currency_id || req.currency.id;

package/api/src/routes/connect/pay.ts

@@ -8,7 +8,7 @@ import dayjs from '../../libs/dayjs';
 import { ensureInvoiceForCheckout, ensurePaymentIntent, getAuthPrincipalClaim } from './shared';
 
 export default {
-  action: 'pay',
+  action: 'payment',
   authPrincipal: false,
   claims: {
     authPrincipal: async ({ extraParams }: CallbackArgs) => {

package/api/src/routes/index.ts

@@ -11,6 +11,7 @@ import paymentIntents from './payment-intents';
 import paymentLinks from './payment-links';
 import paymentMethods from './payment-methods';
 import prices from './prices';
+import pricingTables from './pricing-table';
 import products from './products';
 import settings from './settings';
 import subscriptionItems from './subscription-items';
@@ -50,6 +51,7 @@ router.use('/payment-links', paymentLinks);
 router.use('/payment-methods', paymentMethods);
 router.use('/payment-currencies', paymentCurrencies);
 router.use('/prices', prices);
+router.use('/pricing-tables', pricingTables);
 router.use('/products', products);
 router.use('/settings', settings);
 router.use('/subscription-items', subscriptionItems);

package/api/src/routes/payment-links.ts

@@ -244,7 +244,6 @@ router.post('/stash', auth, async (req, res) => {
     raw.active = true;
     raw.livemode = !!req.livemode;
     raw.created_via = req.user?.via;
-    raw.created_via = 'portal';
     raw.currency_id = raw.currency_id || req.currency.id;
 
     let doc = await PaymentLink.findByPk(raw.id);

package/api/src/routes/pricing-table.ts

@@ -0,0 +1,342 @@
+import { getUrl } from '@blocklet/sdk/lib/component';
+import { Router } from 'express';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+import uniq from 'lodash/uniq';
+import { Op, WhereOptions } from 'sequelize';
+
+import { authenticate } from '../libs/security';
+import { isLineItemCurrencyAligned } from '../libs/session';
+import { formatMetadata } from '../libs/util';
+import { CheckoutSession } from '../store/models/checkout-session';
+import { PaymentCurrency } from '../store/models/payment-currency';
+import { Price } from '../store/models/price';
+import { PricingTable } from '../store/models/pricing-table';
+import { Product } from '../store/models/product';
+import { formatCheckoutSession } from './checkout-sessions';
+
+const router = Router();
+const auth = authenticate<PricingTable>({ component: true, roles: ['owner', 'admin'] });
+
+const formatPricingTable = (payload: any) => {
+  const raw: Partial<PricingTable> = Object.assign(
+    {
+      branding_settings: {
+        background_color: '#ffffff',
+        border_style: 'default',
+        button_color: '#0074d4',
+        font_family: 'default',
+      },
+    },
+    pick(payload, ['name', 'items', 'metadata', 'brand_settings'])
+  );
+
+  raw.items = raw.items?.map((x) => {
+    const item = Object.assign(
+      {
+        adjustable_quantity: {
+          enabled: false,
+          maximum: 1,
+          minimum: 0,
+        },
+        after_completion: {
+          type: 'hosted_confirmation',
+          hosted_confirmation: {
+            custom_message: '',
+          },
+        },
+        allow_promotion_codes: false,
+        customer_creation: 'always',
+        consent_collection: {
+          promotions: 'none',
+          terms_of_service: 'none',
+        },
+        invoice_creation: {
+          enabled: true,
+        },
+        phone_number_collection: {
+          enabled: false,
+        },
+        billing_address_collection: 'auto',
+        subscription_data: {
+          description: '',
+          trial_period_days: 0,
+        },
+        submit_type: 'auto',
+      },
+      pick(x, [
+        'product_id',
+        'price_id',
+        'is_highlight',
+        'highlight_text',
+        'adjustable_quantity',
+        'after_completion',
+        'allow_promotion_codes',
+        'consent_collection',
+        'custom_fields',
+        'phone_number_collection',
+        'billing_address_collection',
+        'submit_type',
+        'subscription_data',
+      ])
+    );
+
+    if (item.adjustable_quantity?.enabled) {
+      item.adjustable_quantity.minimum = Number(item.adjustable_quantity?.minimum);
+      item.adjustable_quantity.maximum = Number(item.adjustable_quantity?.maximum);
+    }
+    if (item.after_completion?.type === 'hosted_confirmation') {
+      // @ts-ignore
+      item.after_completion.redirect = null;
+    }
+    if (item.after_completion?.type === 'redirect') {
+      // @ts-ignore
+      item.after_completion.hosted_confirmation = null;
+    }
+
+    return item;
+  });
+
+  if (payload.highlight && payload.highlight_product_id) {
+    raw.items?.forEach((x) => {
+      if (x.product_id === payload.highlight_product_id) {
+        x.is_highlight = x.product_id === payload.highlight_product_id;
+        x.highlight_text = payload.highlight_text || 'popular';
+      } else {
+        x.is_highlight = false;
+        x.highlight_text = 'popular';
+      }
+    });
+  }
+
+  raw.metadata = formatMetadata(raw.metadata);
+
+  return raw;
+};
+
+// FIXME: @wangshijun use schema validation
+// eslint-disable-next-line consistent-return
+router.post('/', auth, async (req, res) => {
+  const raw: Partial<PricingTable> = formatPricingTable(req.body);
+  raw.active = true;
+  raw.locked = false;
+  raw.livemode = !!req.livemode;
+  raw.created_via = req.user?.via;
+
+  if (!raw.items?.length) {
+    return res.status(400).json({ error: 'items should not be empty for pricing table' });
+  }
+
+  // @ts-ignore
+  const items = await Price.expand(raw.items);
+  for (let i = 0; i < items.length; i++) {
+    if (isLineItemCurrencyAligned(items, i) === false) {
+      return res.status(400).json({ error: 'items should have same currency' });
+    }
+  }
+
+  const link = await PricingTable.create(raw as PricingTable);
+
+  res.json(link);
+});
+
+// list pricing tables
+const paginationSchema = Joi.object<{
+  page: number;
+  pageSize: number;
+  active?: boolean;
+  livemode?: boolean;
+}>({
+  page: Joi.number().integer().min(1).default(1),
+  pageSize: Joi.number().integer().min(1).max(100).default(20),
+  active: Joi.boolean().empty(''),
+  livemode: Joi.boolean().empty(''),
+});
+router.get('/', auth, async (req, res) => {
+  const { page, pageSize, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+  const where: WhereOptions<PricingTable> = { id: { [Op.notIn]: [`prctbl_${req.user?.did}`] } };
+
+  if (typeof query.active === 'boolean') {
+    where.active = query.active;
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await PricingTable.findAndCountAll({
+      where,
+      order: [['created_at', 'DESC']],
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
+      include: [],
+    });
+
+    const priceIds: string[] = uniq(list.reduce((acc: string[], x) => acc.concat(x.items.map((i) => i.price_id)), []));
+    const prices = await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] });
+    const products = await Product.findAll({ where: { id: uniq(prices.map((x) => x.product_id)) } });
+
+    list.forEach((x) => {
+      x.items.forEach((i) => {
+        // @ts-ignore
+        i.price = prices.find((p) => p.id === i.price_id);
+        // @ts-ignore
+        i.product = products.find((p) => p.id === i.product_id);
+      });
+    });
+
+    res.json({ count, list });
+  } catch (err) {
+    console.error(err);
+    res.json({ count: 0, list: [] });
+  }
+});
+
+// eslint-disable-next-line consistent-return
+router.get('/:id', async (req, res) => {
+  const doc = await PricingTable.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'pricing table not found' });
+  }
+
+  const prices = await Price.findAll({ where: { id: uniq(doc.items.map((x) => x.price_id)) } });
+  const products = await Product.findAll({ where: { id: uniq(doc.items.map((x) => x.product_id)) } });
+
+  doc.items.forEach((i) => {
+    // @ts-ignore
+    i.price = prices.find((p) => p.id === i.price_id);
+    // @ts-ignore
+    i.product = products.find((p) => p.id === i.product_id);
+  });
+
+  const currency = await PaymentCurrency.findOne({ where: { livemode: doc.livemode, is_base_currency: true } });
+
+  res.json({ ...doc.toJSON(), currency });
+});
+
+// update
+// eslint-disable-next-line consistent-return
+router.put('/:id', auth, async (req, res) => {
+  const doc = await PricingTable.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'pricing table not found' });
+  }
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'pricing table archived' });
+  }
+  // if (doc.locked) {
+  //   return res.status(403).json({ error: 'pricing table locked' });
+  // }
+
+  // FIXME: should only allow update some fields
+  await doc.update(formatPricingTable(req.body));
+
+  res.json(doc);
+});
+
+// archive
+router.put('/:id/archive', auth, async (req, res) => {
+  const doc = await PricingTable.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'pricing table not found' });
+  }
+
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'pricing table already archived' });
+  }
+
+  await doc.update({ active: false });
+  return res.json(doc);
+});
+
+// delete
+router.delete('/:id', auth, async (req, res) => {
+  const doc = await PricingTable.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'pricing table not found' });
+  }
+
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'pricing table archived' });
+  }
+
+  if (doc.locked) {
+    return res.status(403).json({ error: 'pricing table locked' });
+  }
+
+  await doc.destroy();
+  return res.json(doc);
+});
+
+router.post('/stash', auth, async (req, res) => {
+  try {
+    const raw: Partial<PricingTable> = req.body;
+    raw.id = `prctbl_${req.user?.did}`;
+    raw.active = true;
+    raw.locked = false;
+    raw.livemode = !!req.livemode;
+    raw.created_via = req.user?.via;
+
+    let doc = await PricingTable.findByPk(raw.id);
+    if (doc) {
+      await doc.update(formatPricingTable(req.body));
+    } else {
+      doc = await PricingTable.create(raw as PricingTable);
+    }
+    res.json(doc);
+  } catch (err) {
+    console.error(err);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// eslint-disable-next-line consistent-return
+router.post('/:id/checkout/:priceId', async (req, res) => {
+  const doc = await PricingTable.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'pricing table not found' });
+  }
+  if (doc.active === false) {
+    return res.status(403).json({ error: 'pricing table archived' });
+  }
+  if (doc.locked) {
+    return res.status(403).json({ error: 'pricing table locked' });
+  }
+
+  const price = await doc.items.find((x) => x.price_id === req.params.priceId);
+  if (!price) {
+    return res.status(403).json({ error: 'pricing table item not valid' });
+  }
+
+  const raw: Partial<CheckoutSession> = await formatCheckoutSession({
+    line_items: [{ price_id: price.price_id, quantity: 1, adjustable_quantity: price.adjustable_quantity }],
+    ...pick(price, [
+      'allow_promotion_codes',
+      'consent_collection',
+      'custom_fields',
+      'customer_creation',
+      'invoice_creation',
+      'phone_number_collection',
+      'billing_address_collection',
+      'submit_type',
+      'subscription_data',
+    ]),
+    metadata: {
+      pricing_table: doc.id,
+    },
+  });
+
+  raw.livemode = doc.livemode;
+  raw.created_via = 'portal';
+  raw.currency_id = req.currency.id;
+
+  const session = await CheckoutSession.create(raw as any);
+  res.json({ ...session.toJSON(), url: getUrl(`/checkout/pay/${session.id}`) });
+});
+
+export default router;

package/api/src/routes/subscriptions.ts

@@ -8,6 +8,7 @@ import dayjs from '../libs/dayjs';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { expandLineItems } from '../libs/session';
+import { formatMetadata } from '../libs/util';
 import { Customer } from '../store/models/customer';
 import { PaymentCurrency } from '../store/models/payment-currency';
 import { PaymentMethod } from '../store/models/payment-method';
@@ -302,4 +303,18 @@ router.put('/:id/resume', auth, async (req, res) => {
   return res.json(doc);
 });
 
+router.put('/:id', auth, async (req, res) => {
+  const doc = await Subscription.findByPk(req.params.id);
+
+  if (!doc) {
+    return res.status(404).json({ error: 'Subscription not found' });
+  }
+
+  if (req.body.metadata) {
+    await doc.update({ metadata: formatMetadata(req.body.metadata) });
+  }
+
+  return res.json(doc);
+});
+
 export default router;

package/api/src/store/migrations/20231017-pricing-table.ts

@@ -0,0 +1,10 @@
+import type { Migration } from '../migrate';
+import models from '../models';
+
+export const up: Migration = async ({ context: queryInterface }) => {
+  await queryInterface.createTable('pricing_tables', models.PricingTable.GENESIS_ATTRIBUTES);
+};
+
+export const down: Migration = async ({ context: queryInterface }) => {
+  await queryInterface.dropTable('pricing_tables');
+};