payment-kit 1.29.0 → 1.29.2

package/api/src/queues/payment.ts

@@ -1,9 +1,11 @@
 import isEmpty from 'lodash/isEmpty';
-
 import { BN } from '@ocap/util';
+import { isCfWorker } from '../libs/env';
+import { systemFindAll, systemFindByPk, systemFindOne } from '../store/scoped';
+
 import { ensureStakedForGas } from '../integrations/arcblock/stake';
 import { transferErc20FromUser } from '../integrations/ethereum/token';
-import { createEvent } from '../libs/audit';
+import { createEvent, reportAuditFailure } from '../libs/audit';
 import { blocklet, wallet } from '../libs/auth';
 import dayjs from '../libs/dayjs';
 import CustomError from '../libs/error';
@@ -41,7 +43,7 @@ import { notificationQueue } from './notification';
 import { ensureOverdraftProtectionInvoiceAndItems } from '../libs/invoice';
 import { AutoRechargeConfig, Lock, MeterEvent } from '../store/models';
 import { ensureOverdraftProtectionPrice } from '../libs/overdraft-protection';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { CHARGE_SUPPORTED_CHAIN_TYPES, EVM_CHAIN_TYPES } from '../libs/constants';
 import { getCheckoutSessionSubscriptionIds, getSubscriptionCreateSetup, SlippageOptions } from '../libs/session';
 import { syncStripeSubscriptionAfterRecovery } from '../integrations/stripe/handlers/subscription';
@@ -170,11 +172,11 @@ export async function updateSubscriptionOnPaymentSuccess(
   // Trigger renewal and upgrade events
   if (triggerRenew && (!invoice || invoice.billing_reason !== 'subscription_update')) {
     if (!invoice || invoice.billing_reason === 'subscription_cycle' || paymentIntent?.capture_method === 'manual') {
-      createEvent('Subscription', 'customer.subscription.renewed', subscription).catch(console.error);
+      createEvent('Subscription', 'customer.subscription.renewed', subscription).catch(reportAuditFailure);
     }
   }
   if (invoice?.billing_reason === 'subscription_update') {
-    createEvent('Subscription', 'customer.subscription.upgraded', subscription).catch(console.error);
+    createEvent('Subscription', 'customer.subscription.upgraded', subscription).catch(reportAuditFailure);
   }
 }
 
@@ -232,11 +234,11 @@ export async function handlePastDueSubscriptionRecovery(
     }
 
     // Reset billing cycle
-    const subscriptionItems = await SubscriptionItem.findAll({ where: { subscription_id: subscription.id } });
+    const subscriptionItems = await systemFindAll(SubscriptionItem, { where: { subscription_id: subscription.id } });
     const lineItems = await Price.expand(subscriptionItems.map((x) => x.toJSON()));
     // Use the subscription's slippage config if available, otherwise use default 0.5%
     const slippageConfig = subscription.slippage_config;
-    const currency = await PaymentCurrency.findByPk(subscription.currency_id);
+    const currency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
     const slippageOptions: SlippageOptions = {
       percent: slippageConfig?.percent ?? 0.5,
       minAcceptableRate: slippageConfig?.min_acceptable_rate,
@@ -255,7 +257,7 @@ export async function handlePastDueSubscriptionRecovery(
       cancelation_details: null,
     });
 
-    createEvent('Subscription', 'customer.subscription.recovered', subscription).catch(console.error);
+    createEvent('Subscription', 'customer.subscription.recovered', subscription).catch(reportAuditFailure);
     const recoveryReason =
       subscription.cancelation_details?.reason === 'insufficient_credit' ? 'credit replenished' : 'payment done';
     logger.info(
@@ -405,20 +407,20 @@ export const handlePaymentSucceed = async (
 
   let invoice;
   if (paymentIntent.invoice_id) {
-    invoice = await Invoice.findByPk(paymentIntent.invoice_id);
+    invoice = await systemFindByPk(Invoice, paymentIntent.invoice_id);
   }
 
   // Handle checkout session when no invoice exists
   if (!invoice && !slashStake) {
-    const checkoutSession = await CheckoutSession.findOne({ where: { payment_intent_id: paymentIntent.id } });
+    const checkoutSession = await systemFindOne(CheckoutSession, { where: { payment_intent_id: paymentIntent.id } });
     if (checkoutSession) {
       if (
-        (globalThis as any).__CF_ENV__ &&
+        isCfWorker() &&
         checkoutSession.mode === 'payment' &&
         checkoutSession.invoice_creation?.enabled &&
         !checkoutSession.invoice_id
       ) {
-        const customer = await Customer.findByPk(checkoutSession.customer_id);
+        const customer = await systemFindByPk(Customer, checkoutSession.customer_id);
         if (customer) {
           try {
             const result = await ensureInvoiceForCheckout({
@@ -480,7 +482,7 @@ export const handlePaymentSucceed = async (
   }
   // Update subscription status
   if (invoice && invoice.subscription_id && !slashStake) {
-    const subscription = await Subscription.findByPk(invoice.subscription_id);
+    const subscription = await systemFindByPk(Subscription, invoice.subscription_id);
     if (subscription) {
       await updateSubscriptionOnPaymentSuccess(paymentIntent, subscription, invoice, triggerRenew);
     }
@@ -488,7 +490,7 @@ export const handlePaymentSucceed = async (
 
   // Update checkout session
   if (invoice && invoice.checkout_session_id && !slashStake) {
-    const checkoutSession = await CheckoutSession.findByPk(invoice.checkout_session_id);
+    const checkoutSession = await systemFindByPk(CheckoutSession, invoice.checkout_session_id);
     if (checkoutSession) {
       await updateCheckoutSessionOnPaymentSuccess(paymentIntent, checkoutSession, invoice);
     }
@@ -508,7 +510,7 @@ export const doOverdraftProtection = async (
     });
     return;
   }
-  const existProtectedInvoice = await Invoice.findOne({
+  const existProtectedInvoice = await systemFindOne(Invoice, {
     where: {
       subscription_id: subscription.id,
       billing_reason: 'overdraft_protection',
@@ -593,10 +595,11 @@ export const handlePaymentFailed = async (
   if (!invoice.subscription_id) {
     return updates.retry;
   }
-  const subscription = await Subscription.findByPk(invoice.subscription_id);
+  const subscription = await systemFindByPk(Subscription, invoice.subscription_id);
   if (!subscription) {
     return updates.retry;
   }
+  assertJobObjectTenant(subscription);
 
   const { interval } = subscription.pending_invoice_item_interval;
   updates.retry.minRetryMail = getMinRetryMail(interval);
@@ -636,7 +639,7 @@ export const handlePaymentFailed = async (
     return updates.terminate;
   }
   // check overdraft protection, if protected, no need to check due
-  const customer = await Customer.findByPk(invoice.customer_id);
+  const customer = await systemFindByPk(Customer, invoice.customer_id);
 
   const { enabled: enableOverdraftProtection, unused: unusedAmount } =
     await isSubscriptionOverdraftProtectionEnabled(subscription);
@@ -649,7 +652,9 @@ export const handlePaymentFailed = async (
     const isLock = await Lock.isLocked(lockKey);
     if (!isLock) {
       await Lock.acquire(lockKey, subscription.current_period_end);
-      createEvent('Subscription', 'subscription.overdraft_protection.exhausted', subscription).catch(console.error);
+      createEvent('Subscription', 'subscription.overdraft_protection.exhausted', subscription).catch(
+        reportAuditFailure
+      );
     }
   }
 
@@ -735,7 +740,10 @@ export const handlePaymentFailed = async (
     });
 
     if (invoice.billing_reason === 'auto_recharge' && invoice.metadata?.recharge_config?.recharge_id) {
-      const autoRechargeConfig = await AutoRechargeConfig.findByPk(invoice.metadata?.recharge_config?.recharge_id);
+      const autoRechargeConfig = await systemFindByPk(
+        AutoRechargeConfig,
+        invoice.metadata?.recharge_config?.recharge_id
+      );
       if (autoRechargeConfig && autoRechargeConfig.enabled) {
         autoRechargeConfig.update({
           enabled: false,
@@ -760,7 +768,7 @@ const handleStakeSlash = async (
   customer: Customer,
   paymentCurrency: PaymentCurrency
 ) => {
-  const subscription = await Subscription.findByPk(invoice.subscription_id);
+  const subscription = await systemFindByPk(Subscription, invoice.subscription_id);
   if (!subscription) {
     logger.warn('Stake slashing skipped because Subscription not found', {
       subscription: invoice.subscription_id,
@@ -769,6 +777,7 @@ const handleStakeSlash = async (
     });
     return;
   }
+  assertJobObjectTenant(subscription);
   if (!subscription.cancelation_details?.slash_stake || subscription.status !== 'canceled') {
     logger.warn('Stake slashing skipped because subscription not canceled or slash_stake is false', {
       subscription: invoice.subscription_id,
@@ -871,22 +880,24 @@ const handleStakeSlash = async (
 export const handlePayment = async (job: PaymentJob) => {
   logger.info('handle payment', job);
 
-  const paymentIntent = await PaymentIntent.findByPk(job.paymentIntentId);
+  const paymentIntent = await systemFindByPk(PaymentIntent, job.paymentIntentId);
   if (!paymentIntent) {
     logger.warn('PaymentIntent not found', { id: job.paymentIntentId });
     return;
   }
+  assertJobObjectTenant(paymentIntent);
 
   if (['requires_capture', 'processing'].includes(paymentIntent.status) === false) {
     logger.warn('PaymentIntent status not expected', { id: paymentIntent.id, status: paymentIntent.status });
     return;
   }
 
-  const paymentMethod = await PaymentMethod.findByPk(paymentIntent.payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentIntent.payment_method_id);
   if (!paymentMethod) {
     logger.warn('PaymentMethod not found', { id: paymentIntent.payment_method_id });
     return;
   }
+  assertJobObjectTenant(paymentMethod);
 
   const supportAutoCharge = await PaymentMethod.supportAutoCharge(paymentIntent.payment_method_id);
   if (supportAutoCharge === false) {
@@ -894,26 +905,28 @@ export const handlePayment = async (job: PaymentJob) => {
     return;
   }
 
-  const paymentCurrency = await PaymentCurrency.findByPk(paymentIntent.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, paymentIntent.currency_id);
   if (!paymentCurrency) {
     logger.warn('PaymentCurrency not found', { id: paymentIntent.currency_id });
     return;
   }
+  assertJobObjectTenant(paymentCurrency);
 
   if (paymentCurrency.isCredit()) {
     logger.info('PaymentIntent capture skipped because paymentCurrency is credit', { id: paymentIntent.id });
     return;
   }
 
-  const customer = await Customer.findByPk(paymentIntent.customer_id);
+  const customer = await systemFindByPk(Customer, paymentIntent.customer_id);
   if (!customer) {
     logger.warn('Customer not found', { id: paymentIntent.customer_id });
     return;
   }
+  assertJobObjectTenant(customer);
 
-  const invoice = await Invoice.findByPk(paymentIntent.invoice_id);
+  const invoice = await systemFindByPk(Invoice, paymentIntent.invoice_id);
   // Fetch subscription early for migration fallback support and overdraft protection check
-  const subscription = invoice?.subscription_id ? await Subscription.findByPk(invoice.subscription_id) : null;
+  const subscription = invoice?.subscription_id ? await systemFindByPk(Subscription, invoice.subscription_id) : null;
 
   if (invoice?.status === 'void') {
     await paymentIntent.update({
@@ -1359,7 +1372,7 @@ export const paymentQueue = createQueue<PaymentJob>({
 });
 
 export const startPaymentQueue = async () => {
-  const payments = await PaymentIntent.findAll({
+  const payments = await systemFindAll(PaymentIntent, {
     where: {
       status: ['requires_capture', 'processing'],
       capture_method: 'automatic',
@@ -1384,7 +1397,7 @@ paymentQueue.on('failed', ({ id, job, error }) => {
 
 // Do gas stake as soon as possible after payment succeed
 events.on('payment_intent.succeeded', async (paymentIntent: PaymentIntent) => {
-  const paymentMethod = await PaymentMethod.findByPk(paymentIntent.payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentIntent.payment_method_id);
   if (paymentMethod && paymentMethod.type === 'arcblock') {
     ensureStakedForGas();
   }

package/api/src/queues/payout.ts

@@ -2,7 +2,7 @@ import dayjs from '../libs/dayjs';
 import { events } from '../libs/event';
 import logger from '../libs/logger';
 import { getGasPayerExtra } from '../libs/payment';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { wallet, ethWallet } from '../libs/auth';
 import { sendErc20ToUser } from '../integrations/ethereum/token';
 import { PaymentMethod } from '../store/models/payment-method';
@@ -11,6 +11,7 @@ import { Payout } from '../store/models/payout';
 import { EVM_CHAIN_TYPES } from '../libs/constants';
 import type { PaymentError } from '../store/models/types';
 import { getNextRetry, MAX_RETRY_COUNT } from '../libs/util';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 
 type PayoutJob = {
   payoutId: string;
@@ -23,28 +24,31 @@ type ValidationResult =
 
 // Validate payout and fetch required data
 async function validatePayoutAndFetchData(job: PayoutJob): Promise<ValidationResult> {
-  const payout = await Payout.findByPk(job.payoutId);
+  const payout = await systemFindByPk(Payout, job.payoutId);
   if (!payout) {
     logger.warn('Payout not found', { id: job.payoutId });
     return { valid: false };
   }
+  assertJobObjectTenant(payout);
 
   if (payout.status !== 'pending') {
     logger.warn('Payout status not expected', { id: payout.id, status: payout.status });
     return { valid: false };
   }
 
-  const paymentMethod = await PaymentMethod.findByPk(payout.payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, payout.payment_method_id);
   if (!paymentMethod) {
     logger.warn('PaymentMethod not found', { id: payout.payment_method_id });
     return { valid: false };
   }
+  assertJobObjectTenant(paymentMethod);
 
-  const paymentCurrency = await PaymentCurrency.findByPk(payout.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, payout.currency_id);
   if (!paymentCurrency) {
     logger.warn('PaymentCurrency not found', { id: payout.currency_id });
     return { valid: false };
   }
+  assertJobObjectTenant(paymentCurrency);
 
   return {
     valid: true,
@@ -234,7 +238,7 @@ payoutQueue.on('failed', ({ id, job, error }) => {
 
 // Start queue, find all payouts with "pending" status
 export const startPayoutQueue = async () => {
-  const payouts = await Payout.findAll({
+  const payouts = await systemFindAll(Payout, {
     where: {
       status: 'pending',
     },

package/api/src/queues/refund.ts

@@ -7,7 +7,7 @@ import CustomError, { NonRetryableError } from '../libs/error';
 import { events } from '../libs/event';
 import logger from '../libs/logger';
 import { getGasPayerExtra, isBalanceSufficientForRefund } from '../libs/payment';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { MAX_RETRY_COUNT, getNextRetry } from '../libs/util';
 import { Customer } from '../store/models/customer';
 import { PaymentCurrency } from '../store/models/payment-currency';
@@ -20,6 +20,7 @@ import { Invoice } from '../store/models/invoice';
 import { burnToken, getAccountState } from '../integrations/arcblock/token';
 import type { EVMChainType, PaymentError } from '../store/models/types';
 import { EVM_CHAIN_TYPES } from '../libs/constants';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 
 type RefundJob = {
   refundId: string;
@@ -83,11 +84,12 @@ export const handleRefundFailed = (refund: Refund, error: PaymentError) => {
 export const handleRefund = async (job: RefundJob) => {
   logger.info('handle refund', job);
 
-  const refund = await Refund.findByPk(job.refundId);
+  const refund = await systemFindByPk(Refund, job.refundId);
   if (!refund) {
     logger.warn(`refund not found: ${job.refundId}`);
     return;
   }
+  assertJobObjectTenant(refund);
 
   if (['pending'].includes(refund.status) === false) {
     logger.warn(`refund status not expected: ${refund.status}`);
@@ -106,25 +108,28 @@ export const handleRefund = async (job: RefundJob) => {
     return;
   }
 
-  const paymentCurrency = await PaymentCurrency.findByPk(refund.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, refund.currency_id);
   if (!paymentCurrency) {
     logger.warn(`PaymentCurrency not found: ${refund.currency_id}`);
     await markRefundNonRetryable(refund, 'CURRENCY_NOT_FOUND', 'Payment currency not found');
     return;
   }
-  const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+  assertJobObjectTenant(paymentCurrency);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentCurrency.payment_method_id);
   if (!paymentMethod) {
     logger.warn(`PaymentMethod not found: ${paymentCurrency.payment_method_id}`);
     await markRefundNonRetryable(refund, 'PAYMENT_METHOD_NOT_FOUND', 'Payment method not found');
     return;
   }
+  assertJobObjectTenant(paymentMethod);
 
-  const customer = await Customer.findByPk(refund.customer_id);
+  const customer = await systemFindByPk(Customer, refund.customer_id);
   if (!customer) {
     logger.warn(`Customer not found: ${refund.customer_id}`);
     await markRefundNonRetryable(refund, 'CUSTOMER_NOT_FOUND', 'Customer not found', paymentMethod);
     return;
   }
+  assertJobObjectTenant(customer);
 
   if (refund?.type === 'stake_return') {
     await handleStakeReturnJob(job, refund, paymentCurrency, paymentMethod, customer);
@@ -197,10 +202,11 @@ const handleRefundJob = async (
     if (!refund.payment_intent_id) {
       throw new NonRetryableError('PAYMENT_INTENT_NOT_FOUND', 'payment_intent_id is missing for refund');
     }
-    const paymentIntent = await PaymentIntent.findByPk(refund.payment_intent_id);
+    const paymentIntent = await systemFindByPk(PaymentIntent, refund.payment_intent_id);
     if (!paymentIntent) {
       throw new NonRetryableError('PAYMENT_INTENT_NOT_FOUND', 'PaymentIntent not found');
     }
+    assertJobObjectTenant(paymentIntent);
     let result;
     if (paymentMethod.type === 'arcblock') {
       const client = paymentMethod.getOcapClient();
@@ -378,7 +384,7 @@ const handleStakeReturnJob = async (
         return;
       }
       const client = paymentMethod.getOcapClient();
-      const subscription = await Subscription.findByPk(refund.subscription_id);
+      const subscription = await systemFindByPk(Subscription, refund.subscription_id);
       const address =
         arcblockDetail?.staking?.address ||
         (await getSubscriptionStakeAddress(subscription!, customer.did, paymentMethod));
@@ -486,7 +492,7 @@ export const refundQueue = createQueue<RefundJob>({
 });
 
 export const startRefundQueue = async () => {
-  const refunds = await Refund.findAll({ where: { status: ['pending'] } });
+  const refunds = await systemFindAll(Refund, { where: { status: ['pending'] } });
   refunds.forEach(async (x) => {
     const exist = await refundQueue.get(x.id);
     if (!exist) {
@@ -528,8 +534,8 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
     return undefined;
   }
 
-  const invoice = await Invoice.findByPk(refund.invoice_id);
-  const customer = await Customer.findByPk(refund.customer_id);
+  const invoice = await systemFindByPk(Invoice, refund.invoice_id);
+  const customer = await systemFindByPk(Customer, refund.customer_id);
 
   if (!invoice || !customer?.did) {
     throw new Error('Invoice or customer not found for refund');
@@ -541,7 +547,7 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
   }
 
   // Find ALL credit grants related to this invoice (both on-chain and off-chain).
-  const allGrants = await CreditGrant.findAll({
+  const allGrants = await systemFindAll(CreditGrant, {
     where: {
       customer_id: refund.customer_id,
       status: ['pending', 'granted'],
@@ -570,7 +576,7 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
   for (const creditGrant of creditGrants) {
     // Get the currency for THIS grant
     // eslint-disable-next-line no-await-in-loop
-    const grantCurrency = await PaymentCurrency.findByPk(creditGrant.currency_id);
+    const grantCurrency = await systemFindByPk(PaymentCurrency, creditGrant.currency_id);
 
     if (!grantCurrency) {
       logger.error('Payment currency not found for credit grant refund', {