payment-kit 1.18.3 → 1.18.5

package/api/src/integrations/stripe/setup.ts

@@ -2,6 +2,7 @@
 
 import env from '@blocklet/sdk/lib/env';
 
+import Stripe from 'stripe';
 import logger from '../../libs/logger';
 import { STRIPE_API_VERSION, STRIPE_ENDPOINT, STRIPE_EVENTS } from '../../libs/util';
 import { PaymentMethod } from '../../store/models';
@@ -48,3 +49,29 @@ export async function ensureWebhookRegistered() {
     }
   }
 }
+
+// validate stripe keys
+export async function validateStripeKeys(secretKey: string) {
+  try {
+    const stripe = new Stripe(secretKey, { apiVersion: STRIPE_API_VERSION });
+    await stripe.accounts.retrieve();
+    return true;
+  } catch (error) {
+    logger.error('Invalid Stripe API keys:', error);
+    return false;
+  }
+}
+
+// cleanup old stripe webhook
+export async function cleanupStripeWebhook(stripe: Stripe) {
+  try {
+    const { data } = await stripe.webhookEndpoints.list({ limit: 100 });
+    const existingWebhook = data.find((webhook) => webhook.metadata?.appPid === env.appPid);
+    if (existingWebhook) {
+      await stripe.webhookEndpoints.del(existingWebhook.id);
+      logger.info('stripe webhook deleted', { id: existingWebhook.id });
+    }
+  } catch (err) {
+    logger.error('Failed to clean old webhook:', err);
+  }
+}

package/api/src/routes/payment-methods.ts

@@ -7,7 +7,7 @@ import { InferAttributes, Op, WhereOptions } from 'sequelize';
 import cloneDeep from 'lodash/cloneDeep';
 import merge from 'lodash/merge';
 import { Joi } from '@arcblock/validator';
-import { ensureWebhookRegistered } from '../integrations/stripe/setup';
+import { ensureWebhookRegistered, cleanupStripeWebhook, validateStripeKeys } from '../integrations/stripe/setup';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { PaymentCurrency } from '../store/models/payment-currency';
@@ -51,6 +51,10 @@ router.post('/', auth, async (req, res) => {
     if (!raw.settings.stripe?.secret_key) {
       return res.status(400).json({ error: 'stripe secret key is required' });
     }
+    const isValid = await validateStripeKeys(raw.settings.stripe.secret_key);
+    if (!isValid) {
+      return res.status(400).json({ error: 'Invalid Stripe API keys' });
+    }
 
     raw.settings = pick(PaymentMethod.encryptSettings(raw.settings), ['stripe']) as PaymentMethodSettings;
     raw.logo = getUrl('/methods/stripe.png');
@@ -295,7 +299,7 @@ router.put('/:id', auth, async (req, res) => {
     if ('logo' in method.dataValues || raw.logo !== undefined) {
       updateData.logo = raw.logo ?? method.logo;
     }
-    const updateSettings = 'settings' in req.body ? req.body.settings : null;
+    let updateSettings = 'settings' in req.body ? req.body.settings : null;
     if (EVM_CHAIN_TYPES.includes(method.type as string) && updateSettings) {
       const paymentType = method.type as EVMChainType;
       if (!updateSettings[paymentType]?.api_host) {
@@ -322,7 +326,29 @@ router.put('/:id', auth, async (req, res) => {
       }
       updateData.settings = pick(PaymentMethod.encryptSettings(updateSettings), [paymentType]) as PaymentMethodSettings;
     }
+    if (method.type === 'stripe') {
+      if (!updateSettings.stripe?.publishable_key) {
+        return res.status(400).json({ error: 'stripe publishable key is required' });
+      }
+      if (!updateSettings.stripe?.secret_key) {
+        return res.status(400).json({ error: 'stripe secret key is required' });
+      }
+      if (method.settings?.stripe?.secret_key !== updateSettings.stripe.secret_key) {
+        const isValid = await validateStripeKeys(updateSettings.stripe.secret_key);
+        if (!isValid) {
+          return res.status(400).json({ error: 'Invalid Stripe API keys' });
+        }
+        updateSettings.stripe.webhook_signing_secret = null;
+        updateSettings = PaymentMethod.encryptSettings(updateSettings);
+        cleanupStripeWebhook(method.getStripeClient());
+      }
+      updateData.settings = pick(updateSettings, ['stripe']) as PaymentMethodSettings;
+    }
+
     const updatedMethod = await method.update(updateData);
+    if (method.type === 'stripe') {
+      ensureWebhookRegistered().catch(console.error);
+    }
     return res.json(updatedMethod);
   } catch (err) {
     return res.status(400).json({ error: err.message });

package/api/src/routes/settings.ts

@@ -1,12 +1,18 @@
 import { Router } from 'express';
 import pick from 'lodash/pick';
-import type { WhereOptions } from 'sequelize';
+import { Op, type WhereOptions } from 'sequelize';
 
+import Joi from 'joi';
+import { merge } from 'lodash';
 import { PaymentCurrency } from '../store/models/payment-currency';
 import { PaymentMethod } from '../store/models/payment-method';
+import { authenticate } from '../libs/security';
+import { Setting } from '../store/models';
+import logger from '../libs/logger';
+import { createListParamSchema, getWhereFromKvQuery } from '../libs/api';
 
 const router = Router();
-
+const authAdmin = authenticate<Setting>({ component: true, roles: ['owner', 'admin'] });
 router.get('/', async (req, res) => {
   const attributes = ['id', 'name', 'symbol', 'decimal', 'logo', 'payment_method_id', 'maximum_precision'];
   const where: WhereOptions<PaymentMethod> = { livemode: req.livemode, active: true };
@@ -35,4 +41,247 @@ router.get('/', async (req, res) => {
   });
 });
 
+const donateListSchema = createListParamSchema<{
+  active?: boolean;
+  mountLocation?: string;
+  description?: string;
+  componentDid?: string;
+}>({
+  active: Joi.boolean().empty(''),
+  mountLocation: Joi.string().empty(''),
+  description: Joi.string().empty(''),
+  componentDid: Joi.string().empty(''),
+});
+
+router.get('/donate', async (req, res) => {
+  try {
+    const { page, pageSize, mountLocation, description, componentDid, ...query } = await donateListSchema.validateAsync(
+      req.query,
+      { stripUnknown: false, allowUnknown: true }
+    );
+
+    const where = {
+      type: 'donate',
+      ...getWhereFromKvQuery(query.q),
+    };
+
+    if (typeof query.active === 'boolean') {
+      where.active = query.active;
+    }
+    if (mountLocation) {
+      where.mount_location = mountLocation;
+    }
+    if (description) {
+      where.description = description;
+    }
+    if (componentDid) {
+      where.component_did = componentDid;
+    }
+
+    const { rows: list, count } = await Setting.findAndCountAll({
+      where,
+      order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
+      distinct: true,
+    });
+
+    return res.json({ count, list, paging: { page, pageSize } });
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ error: err.message });
+  }
+});
+
+router.get('/donate/:mountLocationOrId', async (req, res) => {
+  try {
+    if (!req.params.mountLocationOrId) {
+      return res.status(400).json({ error: 'mountLocation is required' });
+    }
+    const settings = await Setting.findOne({
+      where: {
+        type: 'donate',
+        [Op.or]: [{ mount_location: req.params.mountLocationOrId }, { id: req.params.mountLocationOrId }],
+      },
+    });
+    return res.json(settings);
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ error: err.message });
+  }
+});
+
+const SettingSchema = Joi.object({
+  type: Joi.string().required(),
+  mountLocation: Joi.string().required(),
+  settings: Joi.object().optional(),
+  active: Joi.boolean().optional(),
+  description: Joi.string().required(),
+  livemode: Joi.boolean().optional(),
+  componentDid: Joi.string().optional(),
+}).unknown(true);
+router.post('/', async (req, res) => {
+  try {
+    const { error } = SettingSchema.validate(req.body);
+    if (error) {
+      return res.status(400).json({ error: error.message });
+    }
+    const { type, mountLocation, settings = {}, active = true, description, livemode = true, componentDid } = req.body;
+    const raw = {
+      type,
+      mount_location: mountLocation,
+      description,
+      active,
+      livemode,
+      settings: settings || {},
+      component_did: componentDid,
+    };
+    if (type === 'donate') {
+      const defaultSetting = {
+        amount: {
+          presets: ['1', '5', '10'],
+          preset: '1',
+          minimum: '0.01',
+          maximum: '100',
+          custom: true,
+        },
+        btnText: 'Donate',
+        historyType: 'avatar',
+      };
+
+      if (settings?.amount) {
+        const amountSchema = Joi.object({
+          presets: Joi.array()
+            .items(Joi.string())
+            .when('custom', { is: false, then: Joi.required(), otherwise: Joi.optional() }),
+          preset: Joi.string().optional(),
+          minimum: Joi.string().when('custom', { is: true, then: Joi.required() }),
+          maximum: Joi.string().when('custom', { is: true, then: Joi.required() }),
+          custom: Joi.boolean().required(),
+        });
+
+        const { error: amountError } = amountSchema.validate(settings.amount);
+        if (amountError) {
+          return res.status(400).json({ error: amountError.message });
+        }
+      }
+
+      raw.settings = merge({}, defaultSetting, settings);
+      if (settings.amount) {
+        raw.settings.amount = settings.amount;
+      }
+    }
+    const exist = await Setting.findOne({
+      where: {
+        type,
+        mount_location: mountLocation,
+      },
+    });
+    if (exist) {
+      if (exist.component_did !== componentDid) {
+        await exist.update({
+          component_did: componentDid,
+        });
+      }
+      return res.json(exist);
+    }
+    const doc = await Setting.create(raw);
+    return res.json(doc);
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ error: err.message });
+  }
+});
+
+const UpdateSettingSchema = Joi.object({
+  settings: Joi.object().optional(),
+  active: Joi.boolean().optional(),
+  description: Joi.string().optional(),
+}).unknown(true);
+router.put('/:mountLocationOrId', authAdmin, async (req, res) => {
+  try {
+    const { error } = UpdateSettingSchema.validate(req.body);
+    if (error) {
+      return res.status(400).json({ error: error.message });
+    }
+    const { settings = {}, active = true, description } = req.body;
+    const raw: {
+      active: boolean;
+      settings: Record<string, any>;
+      description?: string;
+    } = {
+      active,
+      settings: settings || {},
+    };
+    if (description) {
+      raw.description = description;
+    }
+    const setting = await Setting.findOne({
+      where: {
+        [Op.or]: [
+          {
+            id: req.params.mountLocationOrId,
+          },
+          {
+            mount_location: req.params.mountLocationOrId,
+          },
+        ],
+      },
+    });
+    if (!setting) {
+      return res.status(404).json({ error: 'Setting not found' });
+    }
+    raw.settings = merge({}, setting.settings, settings);
+    if (setting.type === 'donate') {
+      if (settings?.amount) {
+        const amountSchema = Joi.object({
+          presets: Joi.array()
+            .items(Joi.string())
+            .when('custom', { is: false, then: Joi.required(), otherwise: Joi.optional() }),
+          preset: Joi.string().optional(),
+          minimum: Joi.string().when('custom', { is: true, then: Joi.required() }),
+          maximum: Joi.string().when('custom', { is: true, then: Joi.required() }),
+          custom: Joi.boolean().required(),
+        });
+
+        const { error: amountError } = amountSchema.validate(settings.amount);
+        if (amountError) {
+          return res.status(400).json({ error: amountError.message });
+        }
+        raw.settings.amount = settings.amount;
+      }
+    }
+    const doc = await setting.update(raw);
+    return res.json(doc);
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ error: err.message });
+  }
+});
+
+router.delete('/:mountLocationOrId', authAdmin, async (req, res) => {
+  try {
+    const setting = await Setting.findOne({
+      where: {
+        [Op.or]: [
+          {
+            id: req.params.mountLocationOrId,
+          },
+          {
+            mount_location: req.params.mountLocationOrId,
+          },
+        ],
+      },
+    });
+    if (!setting) {
+      return res.status(404).json({ error: `Setting ${req.params.mountLocationOrId} not found` });
+    }
+    await setting.destroy();
+    return res.json({ message: `Setting ${req.params.mountLocationOrId} deleted` });
+  } catch (err) {
+    logger.error(err);
+    return res.status(400).json({ error: err.message });
+  }
+});
+
 export default router;

package/api/src/store/migrations/20250211-setting.ts

@@ -0,0 +1,10 @@
+import type { Migration } from '../migrate';
+import models from '../models';
+
+export const up: Migration = async ({ context }) => {
+  await context.createTable('settings', models.Setting.GENESIS_ATTRIBUTES);
+};
+
+export const down: Migration = async ({ context }) => {
+  await context.dropTable('settings');
+};

package/api/src/store/migrations/20250214-setting-component.ts

@@ -0,0 +1,22 @@
+import { DataTypes } from 'sequelize';
+import { safeApplyColumnChanges, type Migration } from '../migrate';
+
+export const up: Migration = async ({ context }) => {
+  await safeApplyColumnChanges(context, {
+    settings: [
+      {
+        name: 'component_did',
+        field: { type: DataTypes.STRING, allowNull: true },
+      },
+    ],
+  });
+  const columns = await context.describeTable('settings');
+  if (columns.mountLocation) {
+    await context.renameColumn('settings', 'mountLocation', 'mount_location');
+  }
+};
+
+export const down: Migration = async ({ context }) => {
+  await context.removeColumn('settings', 'component_did');
+  await context.renameColumn('settings', 'mount_location', 'mountLocation');
+};

package/api/src/store/models/index.ts

@@ -26,6 +26,7 @@ import type { LineItem, PricingTableItem } from './types';
 import { TUsageRecord, UsageRecord } from './usage-record';
 import { TWebhookAttempt, WebhookAttempt } from './webhook-attempt';
 import { TWebhookEndpoint, WebhookEndpoint } from './webhook-endpoint';
+import { Setting } from './setting';
 
 const models = {
   CheckoutSession,
@@ -55,6 +56,7 @@ const models = {
   WebhookAttempt,
   Job,
   Lock,
+  Setting,
 };
 
 export function initialize(sequelize: any) {
@@ -62,7 +64,9 @@ export function initialize(sequelize: any) {
     model.initialize(sequelize);
   });
   Object.values(models).forEach((model) => {
-    model.associate(models);
+    if ('associate' in model) {
+      (model as any).associate(models);
+    }
   });
 }
 
@@ -96,6 +100,7 @@ export * from './usage-record';
 export * from './webhook-attempt';
 export * from './webhook-endpoint';
 export * from './types';
+export * from './setting';
 
 export type TPriceExpanded = TPrice & {
   object: 'price';

package/api/src/store/models/payment-method.ts

@@ -175,15 +175,21 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
       throw new Error('payment method config insufficient for stripe');
     }
 
-    if (stripeClients.has(this.id)) {
-      return stripeClients.get(this.id) as Stripe;
+    const { secret_key: secretKey } = PaymentMethod.decryptSettings(this.settings).stripe || {};
+    if (!secretKey) {
+      throw new Error('stripe secret key is required');
     }
+    const clientKey = `${this.id}:${secretKey}`;
+    const existingClient = stripeClients.get(clientKey) as Stripe;
 
-    try {
-      const settings = PaymentMethod.decryptSettings(this.settings);
-      const client = new Stripe(settings.stripe?.secret_key as string, { apiVersion: STRIPE_API_VERSION });
-      stripeClients.set(this.id, client);
+    if (existingClient) {
+      return existingClient;
+    }
 
+    try {
+      stripeClients.delete(this.id);
+      const client = new Stripe(secretKey, { apiVersion: STRIPE_API_VERSION });
+      stripeClients.set(clientKey, client);
       return client as Stripe;
     } catch (e) {
       return {} as Stripe;

package/api/src/store/models/setting.ts

@@ -0,0 +1,84 @@
+/* eslint-disable @typescript-eslint/lines-between-class-members */
+import { CreationOptional, DataTypes, InferAttributes, InferCreationAttributes, Model } from 'sequelize';
+
+import { createIdGenerator } from '../../libs/util';
+import type { SettingType } from './types';
+
+const nextId = createIdGenerator('set', 24);
+
+// eslint-disable-next-line prettier/prettier
+export class Setting extends Model<InferAttributes<Setting>, InferCreationAttributes<Setting>> {
+  declare id: CreationOptional<string>;
+
+  declare livemode: boolean;
+
+  declare type: SettingType;
+  declare mount_location: string;
+  declare active: boolean;
+  declare component_did?: string;
+
+  declare settings: Record<string, any>;
+
+  declare created_at: CreationOptional<Date>;
+  declare updated_at: CreationOptional<Date>;
+
+  public static readonly GENESIS_ATTRIBUTES = {
+    id: {
+      type: DataTypes.STRING(30),
+      primaryKey: true,
+      allowNull: false,
+      defaultValue: nextId,
+    },
+    livemode: {
+      type: DataTypes.BOOLEAN,
+      allowNull: false,
+    },
+    active: {
+      type: DataTypes.BOOLEAN,
+      allowNull: false,
+      defaultValue: true,
+    },
+    type: {
+      type: DataTypes.STRING(64),
+      allowNull: false,
+    },
+    mount_location: {
+      type: DataTypes.STRING(255),
+      allowNull: false,
+    },
+    component_did: {
+      type: DataTypes.STRING(255),
+      allowNull: true,
+    },
+    description: {
+      type: DataTypes.STRING(255),
+      allowNull: false,
+    },
+    settings: {
+      type: DataTypes.JSON,
+      allowNull: true,
+    },
+    created_at: {
+      type: DataTypes.DATE,
+      defaultValue: DataTypes.NOW,
+      allowNull: false,
+    },
+    updated_at: {
+      type: DataTypes.DATE,
+      defaultValue: DataTypes.NOW,
+      allowNull: false,
+    },
+  };
+
+  public static initialize(sequelize: any) {
+    this.init(Setting.GENESIS_ATTRIBUTES, {
+      sequelize,
+      modelName: 'Setting',
+      tableName: 'settings',
+      createdAt: 'created_at',
+      updatedAt: 'updated_at',
+    });
+  }
+}
+
+export type TSetting = InferAttributes<Setting>;

package/api/src/store/models/types.ts

@@ -691,3 +691,5 @@ export type EventType = LiteralUnion<
 >;
 
 export type StripeRefundReason = 'duplicate' | 'fraudulent' | 'requested_by_customer';
+
+export type SettingType = LiteralUnion<'donate', string>;

package/blocklet.yml

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.18.3
+version: 1.18.5
 logo: logo.png
 files:
   - dist
@@ -94,6 +94,18 @@ navigation:
     role:
       - admin
       - owner
+  - id: integrations
+    title:
+      en: Integrations
+      zh: 快速集成
+    icon: ion:flash-outline
+    link: /integrations
+    section:
+      - dashboard
+      - sessionManager
+    role:
+      - admin
+      - owner
   - id: billing
     title:
       en: Billing

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.18.3",
+  "version": "1.18.5",
   "scripts": {
     "dev": "blocklet dev --open",
     "eject": "vite eject",
@@ -46,16 +46,16 @@
     "@abtnode/cron": "^1.16.38",
     "@arcblock/did": "^1.19.9",
     "@arcblock/did-auth-storage-nedb": "^1.7.1",
-    "@arcblock/did-connect": "^2.11.30",
+    "@arcblock/did-connect": "^2.11.34",
     "@arcblock/did-util": "^1.19.9",
     "@arcblock/jwt": "^1.19.9",
-    "@arcblock/ux": "^2.11.30",
+    "@arcblock/ux": "^2.11.34",
     "@arcblock/validator": "^1.19.9",
     "@blocklet/js-sdk": "^1.16.38",
     "@blocklet/logger": "^1.16.38",
-    "@blocklet/payment-react": "1.18.3",
+    "@blocklet/payment-react": "1.18.5",
     "@blocklet/sdk": "^1.16.38",
-    "@blocklet/ui-react": "^2.11.30",
+    "@blocklet/ui-react": "^2.11.34",
     "@blocklet/uploader": "^0.1.66",
     "@blocklet/xss": "^0.1.22",
     "@mui/icons-material": "^5.16.6",
@@ -121,7 +121,7 @@
   "devDependencies": {
     "@abtnode/types": "^1.16.38",
     "@arcblock/eslint-config-ts": "^0.3.3",
-    "@blocklet/payment-types": "1.18.3",
+    "@blocklet/payment-types": "1.18.5",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
     "@types/debug": "^4.1.12",
@@ -151,7 +151,7 @@
     "vite": "^5.3.5",
     "vite-node": "^2.0.4",
     "vite-plugin-babel-import": "^2.0.5",
-    "vite-plugin-blocklet": "^0.9.18",
+    "vite-plugin-blocklet": "^0.9.20",
     "vite-plugin-node-polyfills": "^0.21.0",
     "vite-plugin-svgr": "^4.2.0",
     "vite-tsconfig-paths": "^4.3.2",
@@ -167,5 +167,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "a2708c80deb174f7fd9d170ffc90566b68bf844b"
+  "gitHead": "83cca0f1ac5814964c8bedd04f34a3a2a986f554"
 }

package/src/app.tsx

@@ -30,6 +30,7 @@ const CustomerSubscriptionChangePlan = React.lazy(() => import('./pages/customer
 const CustomerSubscriptionChangePayment = React.lazy(() => import('./pages/customer/subscription/change-payment'));
 const CustomerRecharge = React.lazy(() => import('./pages/customer/recharge'));
 const CustomerPayoutDetail = React.lazy(() => import('./pages/customer/payout/detail'));
+const IntegrationsPage = React.lazy(() => import('./pages/integrations'));
 
 // const theme = createTheme({
 //   typography: {
@@ -59,6 +60,10 @@ function App() {
                 <Route key="admin-tabs" path="/admin/:group" element={<AdminPage />} />,
                 <Route key="admin-sub" path="/admin/:group/:page" element={<AdminPage />} />,
                 <Route key="admin-fallback" path="/admin/*" element={<AdminPage />} />,
+                <Route key="integrations-index" path="/integrations" element={<IntegrationsPage />} />
+                <Route key="integrations-tabs" path="/integrations/:group" element={<IntegrationsPage />} />
+                <Route key="integrations-sub" path="/integrations/:group/:page" element={<IntegrationsPage />} />
+                <Route key="integrations-fallback" path="/integrations/*" element={<IntegrationsPage />} />
                 <Route
                   key="customer-home"
                   path="/customer"
@@ -166,7 +171,7 @@ export default function WrappedApp() {
     <ToastProvider>
       <SessionProvider
         serviceHost={prefix}
-        protectedRoutes={['/admin/*', '/customer/*'].map((item) => joinURL(prefix, item))}>
+        protectedRoutes={['/admin/*', '/customer/*', '/integrations/*'].map((item) => joinURL(prefix, item))}>
         <Router basename={prefix}>
           <AppWithTracker />
         </Router>

package/src/components/invoice/list.tsx

@@ -332,11 +332,9 @@ export default function InvoiceList({
           } else {
             setSearch({
               ...search!,
-              status: '',
-              customer_id,
-              subscription_id,
               pageSize: 100,
               page: 1,
+              q: {},
             });
           }
         },