payment-kit 1.29.1 → 1.29.3

package/api/src/queues/payout.ts

@@ -2,8 +2,9 @@ import dayjs from '../libs/dayjs';
 import { events } from '../libs/event';
 import logger from '../libs/logger';
 import { getGasPayerExtra } from '../libs/payment';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { wallet, ethWallet } from '../libs/auth';
+import { withTenant } from '../libs/context';
 import { sendErc20ToUser } from '../integrations/ethereum/token';
 import { PaymentMethod } from '../store/models/payment-method';
 import { PaymentCurrency } from '../store/models/payment-currency';
@@ -11,6 +12,7 @@ import { Payout } from '../store/models/payout';
 import { EVM_CHAIN_TYPES } from '../libs/constants';
 import type { PaymentError } from '../store/models/types';
 import { getNextRetry, MAX_RETRY_COUNT } from '../libs/util';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 
 type PayoutJob = {
   payoutId: string;
@@ -23,28 +25,31 @@ type ValidationResult =
 
 // Validate payout and fetch required data
 async function validatePayoutAndFetchData(job: PayoutJob): Promise<ValidationResult> {
-  const payout = await Payout.findByPk(job.payoutId);
+  const payout = await systemFindByPk(Payout, job.payoutId);
   if (!payout) {
     logger.warn('Payout not found', { id: job.payoutId });
     return { valid: false };
   }
+  assertJobObjectTenant(payout);
 
   if (payout.status !== 'pending') {
     logger.warn('Payout status not expected', { id: payout.id, status: payout.status });
     return { valid: false };
   }
 
-  const paymentMethod = await PaymentMethod.findByPk(payout.payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, payout.payment_method_id);
   if (!paymentMethod) {
     logger.warn('PaymentMethod not found', { id: payout.payment_method_id });
     return { valid: false };
   }
+  assertJobObjectTenant(paymentMethod);
 
-  const paymentCurrency = await PaymentCurrency.findByPk(payout.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, payout.currency_id);
   if (!paymentCurrency) {
     logger.warn('PaymentCurrency not found', { id: payout.currency_id });
     return { valid: false };
   }
+  assertJobObjectTenant(paymentCurrency);
 
   return {
     valid: true,
@@ -234,30 +239,41 @@ payoutQueue.on('failed', ({ id, job, error }) => {
 
 // Start queue, find all payouts with "pending" status
 export const startPayoutQueue = async () => {
-  const payouts = await Payout.findAll({
+  const payouts = await systemFindAll(Payout, {
     where: {
       status: 'pending',
     },
   });
 
-  payouts.forEach(async (payout) => {
-    const exist = await payoutQueue.get(payout.id);
-    if (!exist) {
-      // Use next attempt time if set
-      if (payout.next_attempt && payout.next_attempt > dayjs().unix()) {
-        payoutQueue.push({
-          id: payout.id,
-          job: { payoutId: payout.id, retryOnError: true },
-          runAt: payout.next_attempt,
-        });
-      } else {
-        payoutQueue.push({
-          id: payout.id,
-          job: { payoutId: payout.id, retryOnError: true },
-        });
+  // Per-record tenant context: queue push stamps the job tenant via getInstanceDid,
+  // which fails closed in multi mode without it. for-of + await (not forEach(async),
+  // which leaks an unhandledRejection → FATAL on boot); per-record catch isolates.
+  for (const payout of payouts) {
+    const dispatch = async () => {
+      const exist = await payoutQueue.get(payout.id);
+      if (!exist) {
+        // Use next attempt time if set
+        if (payout.next_attempt && payout.next_attempt > dayjs().unix()) {
+          payoutQueue.push({
+            id: payout.id,
+            job: { payoutId: payout.id, retryOnError: true },
+            runAt: payout.next_attempt,
+          });
+        } else {
+          payoutQueue.push({
+            id: payout.id,
+            job: { payoutId: payout.id, retryOnError: true },
+          });
+        }
       }
+    };
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      await (payout.instance_did ? withTenant(payout.instance_did, dispatch) : dispatch());
+    } catch (error) {
+      logger.error('startPayoutQueue: re-queue failed', { id: payout.id, error });
     }
-  });
+  }
 };
 
 // Listen for newly created payouts

package/api/src/queues/refund.ts

@@ -3,11 +3,12 @@ import { isRefundReasonSupportedByStripe } from '../libs/refund';
 import { checkRemainingStake, getSubscriptionStakeAddress } from '../libs/subscription';
 import { sendErc20ToUser } from '../integrations/ethereum/token';
 import { wallet } from '../libs/auth';
+import { withTenant } from '../libs/context';
 import CustomError, { NonRetryableError } from '../libs/error';
 import { events } from '../libs/event';
 import logger from '../libs/logger';
 import { getGasPayerExtra, isBalanceSufficientForRefund } from '../libs/payment';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { MAX_RETRY_COUNT, getNextRetry } from '../libs/util';
 import { Customer } from '../store/models/customer';
 import { PaymentCurrency } from '../store/models/payment-currency';
@@ -20,6 +21,7 @@ import { Invoice } from '../store/models/invoice';
 import { burnToken, getAccountState } from '../integrations/arcblock/token';
 import type { EVMChainType, PaymentError } from '../store/models/types';
 import { EVM_CHAIN_TYPES } from '../libs/constants';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 
 type RefundJob = {
   refundId: string;
@@ -83,11 +85,12 @@ export const handleRefundFailed = (refund: Refund, error: PaymentError) => {
 export const handleRefund = async (job: RefundJob) => {
   logger.info('handle refund', job);
 
-  const refund = await Refund.findByPk(job.refundId);
+  const refund = await systemFindByPk(Refund, job.refundId);
   if (!refund) {
     logger.warn(`refund not found: ${job.refundId}`);
     return;
   }
+  assertJobObjectTenant(refund);
 
   if (['pending'].includes(refund.status) === false) {
     logger.warn(`refund status not expected: ${refund.status}`);
@@ -106,25 +109,28 @@ export const handleRefund = async (job: RefundJob) => {
     return;
   }
 
-  const paymentCurrency = await PaymentCurrency.findByPk(refund.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, refund.currency_id);
   if (!paymentCurrency) {
     logger.warn(`PaymentCurrency not found: ${refund.currency_id}`);
     await markRefundNonRetryable(refund, 'CURRENCY_NOT_FOUND', 'Payment currency not found');
     return;
   }
-  const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+  assertJobObjectTenant(paymentCurrency);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentCurrency.payment_method_id);
   if (!paymentMethod) {
     logger.warn(`PaymentMethod not found: ${paymentCurrency.payment_method_id}`);
     await markRefundNonRetryable(refund, 'PAYMENT_METHOD_NOT_FOUND', 'Payment method not found');
     return;
   }
+  assertJobObjectTenant(paymentMethod);
 
-  const customer = await Customer.findByPk(refund.customer_id);
+  const customer = await systemFindByPk(Customer, refund.customer_id);
   if (!customer) {
     logger.warn(`Customer not found: ${refund.customer_id}`);
     await markRefundNonRetryable(refund, 'CUSTOMER_NOT_FOUND', 'Customer not found', paymentMethod);
     return;
   }
+  assertJobObjectTenant(customer);
 
   if (refund?.type === 'stake_return') {
     await handleStakeReturnJob(job, refund, paymentCurrency, paymentMethod, customer);
@@ -197,10 +203,11 @@ const handleRefundJob = async (
     if (!refund.payment_intent_id) {
       throw new NonRetryableError('PAYMENT_INTENT_NOT_FOUND', 'payment_intent_id is missing for refund');
     }
-    const paymentIntent = await PaymentIntent.findByPk(refund.payment_intent_id);
+    const paymentIntent = await systemFindByPk(PaymentIntent, refund.payment_intent_id);
     if (!paymentIntent) {
       throw new NonRetryableError('PAYMENT_INTENT_NOT_FOUND', 'PaymentIntent not found');
     }
+    assertJobObjectTenant(paymentIntent);
     let result;
     if (paymentMethod.type === 'arcblock') {
       const client = paymentMethod.getOcapClient();
@@ -378,7 +385,7 @@ const handleStakeReturnJob = async (
         return;
       }
       const client = paymentMethod.getOcapClient();
-      const subscription = await Subscription.findByPk(refund.subscription_id);
+      const subscription = await systemFindByPk(Subscription, refund.subscription_id);
       const address =
         arcblockDetail?.staking?.address ||
         (await getSubscriptionStakeAddress(subscription!, customer.did, paymentMethod));
@@ -486,14 +493,25 @@ export const refundQueue = createQueue<RefundJob>({
 });
 
 export const startRefundQueue = async () => {
-  const refunds = await Refund.findAll({ where: { status: ['pending'] } });
-  refunds.forEach(async (x) => {
-    const exist = await refundQueue.get(x.id);
-    if (!exist) {
-      refundQueue.push({ id: x.id, job: { refundId: x.id } });
-      logger.info('Re-queued pending refund', { id: x.id });
+  const refunds = await systemFindAll(Refund, { where: { status: ['pending'] } });
+  // Per-record tenant context: queue push stamps the job tenant via getInstanceDid,
+  // which fails closed in multi mode without it. for-of + await (not forEach(async),
+  // which leaks an unhandledRejection → FATAL on boot); per-record catch isolates.
+  for (const x of refunds) {
+    const dispatch = async () => {
+      const exist = await refundQueue.get(x.id);
+      if (!exist) {
+        refundQueue.push({ id: x.id, job: { refundId: x.id } });
+        logger.info('Re-queued pending refund', { id: x.id });
+      }
+    };
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      await (x.instance_did ? withTenant(x.instance_did, dispatch) : dispatch());
+    } catch (error) {
+      logger.error('startRefundQueue: re-queue failed', { id: x.id, error });
     }
-  });
+  }
 };
 
 refundQueue.on('failed', ({ id, job, error }) => {
@@ -528,8 +546,8 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
     return undefined;
   }
 
-  const invoice = await Invoice.findByPk(refund.invoice_id);
-  const customer = await Customer.findByPk(refund.customer_id);
+  const invoice = await systemFindByPk(Invoice, refund.invoice_id);
+  const customer = await systemFindByPk(Customer, refund.customer_id);
 
   if (!invoice || !customer?.did) {
     throw new Error('Invoice or customer not found for refund');
@@ -541,7 +559,7 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
   }
 
   // Find ALL credit grants related to this invoice (both on-chain and off-chain).
-  const allGrants = await CreditGrant.findAll({
+  const allGrants = await systemFindAll(CreditGrant, {
     where: {
       customer_id: refund.customer_id,
       status: ['pending', 'granted'],
@@ -570,7 +588,7 @@ export async function handleCreditRefund(refund: Refund): Promise<string | undef
   for (const creditGrant of creditGrants) {
     // Get the currency for THIS grant
     // eslint-disable-next-line no-await-in-loop
-    const grantCurrency = await PaymentCurrency.findByPk(creditGrant.currency_id);
+    const grantCurrency = await systemFindByPk(PaymentCurrency, creditGrant.currency_id);
 
     if (!grantCurrency) {
       logger.error('Payment currency not found for credit grant refund', {