wiki-plugin-shoppe 0.0.15 → 0.0.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wiki-plugin-shoppe",
-  "version": "0.0.15",
+  "version": "0.0.17",
   "description": "Multi-tenant digital goods shoppe for federated wiki, powered by Sanora",
   "keywords": [
     "wiki",

package/server/server.js

@@ -14,9 +14,6 @@ const RECOVER_STRIPE_TMPL  = fs.readFileSync(path.join(TEMPLATES_DIR, 'generic-r
 const ADDRESS_STRIPE_TMPL  = fs.readFileSync(path.join(TEMPLATES_DIR, 'generic-address-stripe.html'), 'utf8');
 const EBOOK_DOWNLOAD_TMPL  = fs.readFileSync(path.join(TEMPLATES_DIR, 'ebook-download.html'), 'utf8');
 
-function getAllyabaseOrigin() {
-  try { return new URL(getSanoraUrl()).origin; } catch { return getSanoraUrl(); }
-}
 
 function fillTemplate(tmpl, vars) {
   return Object.entries(vars).reduce((html, [k, v]) =>
@@ -25,6 +22,7 @@ function fillTemplate(tmpl, vars) {
 
 const DATA_DIR     = path.join(process.env.HOME || '/root', '.shoppe');
 const TENANTS_FILE = path.join(DATA_DIR, 'tenants.json');
+const BUYERS_FILE  = path.join(DATA_DIR, 'buyers.json');
 const CONFIG_FILE  = path.join(DATA_DIR, 'config.json');
 const TMP_DIR      = '/tmp/shoppe-uploads';
 
@@ -47,6 +45,47 @@ function getSanoraUrl() {
   return `http://localhost:${process.env.SANORA_PORT || 7243}`;
 }
 
+function getAddieUrl(wikiOrigin) {
+  if (wikiOrigin) return `${wikiOrigin}/plugin/allyabase/addie`;
+  try { return new URL(getSanoraUrl()).origin + '/plugin/allyabase/addie'; } catch { /* fall through */ }
+  return `http://localhost:${process.env.ADDIE_PORT || 3005}`;
+}
+
+function loadBuyers() {
+  if (!fs.existsSync(BUYERS_FILE)) return {};
+  try { return JSON.parse(fs.readFileSync(BUYERS_FILE, 'utf8')); } catch { return {}; }
+}
+
+function saveBuyers(buyers) {
+  fs.writeFileSync(BUYERS_FILE, JSON.stringify(buyers, null, 2));
+}
+
+async function getOrCreateBuyerAddieUser(recoveryKey, productId, wikiOrigin) {
+  const buyerKey = recoveryKey + productId;
+  const buyers = loadBuyers();
+  if (buyers[buyerKey]) return buyers[buyerKey];
+
+  const addieKeys = await sessionless.generateKeys(() => {}, () => null);
+  sessionless.getKeys = () => addieKeys;
+  const timestamp = Date.now().toString();
+  const message = timestamp + addieKeys.pubKey;
+  const signature = await sessionless.sign(message);
+
+  const resp = await fetch(`${getAddieUrl(wikiOrigin)}/user/create`, {
+    method: 'PUT',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ timestamp, pubKey: addieKeys.pubKey, signature })
+  });
+
+  const addieUser = await resp.json();
+  if (addieUser.error) throw new Error(`Addie: ${addieUser.error}`);
+
+  const buyer = { uuid: addieUser.uuid, pubKey: addieKeys.pubKey, privateKey: addieKeys.privateKey };
+  buyers[buyerKey] = buyer;
+  saveBuyers(buyers);
+  return buyer;
+}
+
 // Same diverse palette as BDO emojicoding
 const EMOJI_PALETTE = [
   '🌟', '🌙', '🌍', '🌊', '🔥', '💎', '🎨', '🎭', '🎪', '🎯',
@@ -152,6 +191,25 @@ function generateEmojicode(tenants) {
   throw new Error('Failed to generate unique emojicode after 100 attempts');
 }
 
+async function addieCreateUser() {
+  const addieKeys = await sessionless.generateKeys(() => {}, () => null);
+  sessionless.getKeys = () => addieKeys;
+  const timestamp = Date.now().toString();
+  const message = timestamp + addieKeys.pubKey;
+  const signature = await sessionless.sign(message);
+
+  const resp = await fetch(`${getAddieUrl()}/user/create`, {
+    method: 'PUT',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ timestamp, pubKey: addieKeys.pubKey, signature })
+  });
+
+  const addieUser = await resp.json();
+  if (addieUser.error) throw new Error(`Addie: ${addieUser.error}`);
+
+  return { uuid: addieUser.uuid, pubKey: addieKeys.pubKey, privateKey: addieKeys.privateKey };
+}
+
 async function registerTenant(name) {
   const tenants = loadTenants();
 
@@ -173,12 +231,21 @@ async function registerTenant(name) {
 
   const emojicode = generateEmojicode(tenants);
 
+  // Create a dedicated Addie user for payee splits
+  let addieKeys = null;
+  try {
+    addieKeys = await addieCreateUser();
+  } catch (err) {
+    console.warn('[shoppe] Could not create addie user (payouts unavailable):', err.message);
+  }
+
   const tenant = {
     uuid: sanoraUser.uuid,
     emojicode,
     name: name || 'Unnamed Shoppe',
     keys,
     sanoraUser,
+    addieKeys,
     createdAt: Date.now()
   };
 
@@ -937,10 +1004,11 @@ async function startServer(params) {
 
   // Save config (owner only)
   app.post('/plugin/shoppe/config', owner, (req, res) => {
-    const { sanoraUrl } = req.body;
+    const { sanoraUrl, addieUrl } = req.body;
     if (!sanoraUrl) return res.status(400).json({ success: false, error: 'sanoraUrl required' });
     const config = loadConfig();
     config.sanoraUrl = sanoraUrl;
+    if (addieUrl) config.addieUrl = addieUrl;
     saveConfig(config);
     console.log('[shoppe] Sanora URL set to:', sanoraUrl);
     res.json({ success: true });
@@ -953,15 +1021,20 @@ async function startServer(params) {
       if (!tenant) return res.status(404).send('<h1>Shoppe not found</h1>');
 
       const title = decodeURIComponent(req.params.title);
-      const sanoraUrl = getSanoraUrl();
-      const productsResp = await fetch(`${sanoraUrl}/products/${tenant.uuid}`);
+      const sanoraUrlInternal = getSanoraUrl();
+      const wikiOrigin = `${req.protocol}://${req.get('host')}`;
+      const sanoraUrl = `${wikiOrigin}/plugin/allyabase/sanora`;
+      const productsResp = await fetch(`${sanoraUrlInternal}/products/${tenant.uuid}`);
       const products = await productsResp.json();
       const product = products[title] || Object.values(products).find(p => p.title === title);
       if (!product) return res.status(404).send('<h1>Product not found</h1>');
 
-      const imageUrl = product.image ? `${sanoraUrl}/images/${product.image}` : '';
-      const ebookUrl = `${req.protocol}://${req.get('host')}/plugin/shoppe/${tenant.uuid}/download/${encodeURIComponent(title)}`;
-      const shoppeUrl = `${req.protocol}://${req.get('host')}/plugin/shoppe/${tenant.uuid}`;
+      const imageUrl = product.image ? `${sanoraUrlInternal}/images/${product.image}` : '';
+      const ebookUrl = `${wikiOrigin}/plugin/shoppe/${tenant.uuid}/download/${encodeURIComponent(title)}`;
+      const shoppeUrl = `${wikiOrigin}/plugin/shoppe/${tenant.uuid}`;
+      const payees = tenant.addieKeys
+        ? JSON.stringify([{ pubKey: tenant.addieKeys.pubKey, amount: product.price || 0 }])
+        : '[]';
 
       const html = fillTemplate(templateHtml, {
         title:           product.title || title,
@@ -973,9 +1046,11 @@ async function startServer(params) {
         pubKey:          '',
         signature:       '',
         sanoraUrl,
-        allyabaseOrigin: getAllyabaseOrigin(),
+        allyabaseOrigin: wikiOrigin,
         ebookUrl,
-        shoppeUrl
+        shoppeUrl,
+        payees,
+        tenantUuid:      tenant.uuid
       });
 
       res.set('Content-Type', 'text/html');
@@ -994,6 +1069,80 @@ async function startServer(params) {
   app.get('/plugin/shoppe/:identifier/buy/:title/address', (req, res) =>
     renderPurchasePage(req, res, ADDRESS_STRIPE_TMPL));
 
+  // Purchase intent — creates buyer Addie user, checks recovery hash, returns Stripe client secret
+  app.post('/plugin/shoppe/:identifier/purchase/intent', async (req, res) => {
+    try {
+      const tenant = getTenantByIdentifier(req.params.identifier);
+      if (!tenant) return res.status(404).json({ error: 'Shoppe not found' });
+
+      const { recoveryKey, productId, title } = req.body;
+      if (!recoveryKey || !productId) return res.status(400).json({ error: 'recoveryKey and productId required' });
+
+      const sanoraUrlInternal = getSanoraUrl();
+      const wikiOrigin = `${req.protocol}://${req.get('host')}`;
+      const recoveryHash = recoveryKey + productId;
+
+      // Check if already purchased
+      const checkResp = await fetch(`${sanoraUrlInternal}/user/check-hash/${encodeURIComponent(recoveryHash)}/product/${encodeURIComponent(productId)}`);
+      const checkJson = await checkResp.json();
+      if (checkJson.success) return res.json({ purchased: true });
+
+      // Get product price
+      const productsResp = await fetch(`${sanoraUrlInternal}/products/${tenant.uuid}`);
+      const products = await productsResp.json();
+      const product = (title && products[title]) || Object.values(products).find(p => p.productId === productId);
+      const amount = product?.price || 0;
+
+      // Create/retrieve buyer Addie user
+      const buyer = await getOrCreateBuyerAddieUser(recoveryKey, productId, wikiOrigin);
+
+      // Create Stripe intent via Addie
+      const payees = tenant.addieKeys ? [{ pubKey: tenant.addieKeys.pubKey, amount }] : [];
+      const intentResp = await fetch(`${getAddieUrl(wikiOrigin)}/user/${buyer.uuid}/processor/stripe/intent`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ timestamp: Date.now().toString(), amount, currency: 'USD', payees })
+      });
+
+      const intentJson = await intentResp.json();
+      if (intentJson.error) return res.status(500).json({ error: intentJson.error });
+
+      res.json({ purchased: false, clientSecret: intentJson.paymentIntent, publishableKey: intentJson.publishableKey });
+    } catch (err) {
+      console.error('[shoppe] purchase intent error:', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  // Purchase complete — creates recovery hash in Sanora after successful payment
+  app.post('/plugin/shoppe/:identifier/purchase/complete', async (req, res) => {
+    try {
+      const tenant = getTenantByIdentifier(req.params.identifier);
+      if (!tenant) return res.status(404).json({ error: 'Shoppe not found' });
+
+      const { recoveryKey, productId, order } = req.body;
+      if (!recoveryKey || !productId) return res.status(400).json({ error: 'recoveryKey and productId required' });
+
+      const sanoraUrlInternal = getSanoraUrl();
+      const recoveryHash = recoveryKey + productId;
+
+      if (order) {
+        await fetch(`${sanoraUrlInternal}/user/orders`, {
+          method: 'PUT',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ timestamp: Date.now().toString(), order })
+        });
+      }
+
+      const createResp = await fetch(`${sanoraUrlInternal}/user/create-hash/${encodeURIComponent(recoveryHash)}/product/${encodeURIComponent(productId)}`);
+      const createJson = await createResp.json();
+      res.json({ success: createJson.success });
+    } catch (err) {
+      console.error('[shoppe] purchase complete error:', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
   // Ebook download page (reached after successful payment + hash creation)
   app.get('/plugin/shoppe/:identifier/download/:title', async (req, res) => {
     try {

package/server/templates/generic-address-stripe.html

@@ -481,7 +481,7 @@
 	timestamp: new Date().getTime() + '',
 	amount: {{amount}}, 
 	currency: 'USD',
-	payees: [] 
+	payees: {{payees}}
       };
 
       const res = await fetch(`{{allyabaseOrigin}}/plugin/allyabase/addie/processor/stripe/intent`, {

package/server/templates/generic-recover-stripe.html

@@ -83,7 +83,7 @@
         </div>
         
         <!-- Payment Form -->
-        <div>
+        <div id="payment-section" style="display:none">
           <h3 style="margin-bottom: 20px; color: #10b981;">Payment Details</h3>
           <form id="payment-form" class="payment-form" style="
             background: #2a2a2e; 
@@ -137,29 +137,18 @@
 </style>
 
 <script type="text/javascript">
-  // Buy button functionality
+  // Buy button — just reveal the forms section (payment init happens after recovery key submitted)
   document.getElementById('buy-button').addEventListener('click', function() {
     const formsSection = document.getElementById('forms-section');
     formsSection.style.display = 'block';
-    
-    // Smooth scroll to forms section
-    formsSection.scrollIntoView({ 
-      behavior: 'smooth',
-      block: 'start'
-    });
-    
-    // Initialize payment form
-    window.addPaymentForm();
+    formsSection.scrollIntoView({ behavior: 'smooth', block: 'start' });
   });
-  
-  // Form validation for both forms
+
+  // Enable submit once Stripe payment element is ready
   function validateAllForms() {
-    const recoveryValid = validateForm(formConfig);
-    const paymentValid = stripe && elements; // Basic check that payment is initialized
-    
+    const paymentValid = stripe && elements;
     const submitButton = document.getElementById('submit-button');
-    
-    if (recoveryValid && paymentValid) {
+    if (paymentValid) {
       submitButton.style.background = 'linear-gradient(90deg, #10b981, #8b5cf6)';
       submitButton.style.color = 'white';
       submitButton.style.cursor = 'pointer';
@@ -170,7 +159,6 @@
       submitButton.style.color = '#999999';
       submitButton.style.cursor = 'not-allowed';
       submitButton.disabled = true;
-      submitButton.textContent = 'Complete Purchase';
     }
   }
 </script>
@@ -582,23 +570,43 @@
   };
 
   async function handleSubmit(formData) {
-      console.log('Form submitted:', formData);
-      // Do whatever you want with the form data
-      const recoveryHash = formData.Recovery + "{{productId}}";
-      const checkHashURL = `{{sanoraUrl}}/user/check-hash/${recoveryHash}/product/{{productId}}`
+      window.formData = formData;
+      const recoveryKey = formData.Recovery;
+
+      const submitBtn = document.querySelector('[type=submit]');
+      if (submitBtn) { submitBtn.disabled = true; submitBtn.textContent = 'Checking…'; }
+
+      try {
+        const resp = await fetch('/plugin/shoppe/{{tenantUuid}}/purchase/intent', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ recoveryKey, productId: '{{productId}}', title: '{{title}}' })
+        });
+        const json = await resp.json();
+
+        if (json.purchased) {
+          window.location.href = '{{ebookUrl}}';
+          return;
+        }
 
-      const resp = await fetch(checkHashURL);
-      const json = await resp.json();
+        if (json.error) {
+          alert('Error: ' + json.error);
+          return;
+        }
 
-      if(json.success) {
-        window.location.href = '{{ebookUrl}}';
-        return;
+        // Show payment element
+        document.getElementById('payment-section').style.display = 'block';
+        stripe = Stripe(json.publishableKey);
+        elements = stripe.elements({ clientSecret: json.clientSecret });
+        const paymentElement = elements.create('payment');
+        paymentElement.mount('#payment-element');
+        paymentElement.on('ready', () => setTimeout(validateAllForms, 500));
+        paymentElement.on('change', () => setTimeout(validateAllForms, 100));
+      } catch (err) {
+        alert('Unexpected error: ' + err.message);
+      } finally {
+        if (submitBtn) { submitBtn.disabled = false; submitBtn.textContent = 'Check'; }
       }
-
-      window.formData = formData;
-      // Don't show payment form here anymore, it's already visible
-      // Just trigger validation
-      validateAllForms();
   }
 
   const form = getForm(formConfig, handleSubmit);
@@ -608,130 +616,59 @@
 <script type="text/javascript">
   let stripe;
   let elements;
-  let response;
 
   const paymentForm = document.getElementById('payment-form');
   const submitButton = document.getElementById('submit-button');
   const errorMessage = document.getElementById('error-message');
   const loadingMessage = document.getElementById('loading');
 
-  async function getPaymentIntentWithoutSplits(amount, currency) {
-    try {
-      const payload = {
-	timestamp: new Date().getTime() + '',
-	amount: {{amount}}, 
-	currency: 'USD',
-	payees: [] 
-      };
-
-      const res = await fetch(`{{allyabaseOrigin}}/plugin/allyabase/addie/processor/stripe/intent`, {
-        method: 'put',
-        body: JSON.stringify(payload),
-        headers: {'Content-Type': 'application/json'}
-      });
-
-      const response = await res.json();
-console.log('got intent response', response);
-
-      stripe = Stripe(response.publishableKey);
-      elements = stripe.elements({
-        clientSecret: response.paymentIntent
-      });
-
-      const paymentElement = elements.create('payment');
-      paymentElement.mount('#payment-element');
-      
-      // Trigger validation when payment element is ready
-      paymentElement.on('ready', () => {
-        setTimeout(() => validateAllForms(), 500);
-      });
-      
-      paymentElement.on('change', () => {
-        setTimeout(() => validateAllForms(), 100);
-      });
-    } catch(err) {
-  console.warn(err);
-    }    
-  };
-
   window.confirmPayment = async () => {
-    const order = {
-      title: "{{title}}",
-      productId: "{{productId}}",
-      formData
-    };
-
     try {
       const { error } = await stripe.confirmPayment({
-          elements,
-          confirmParams: {
-              return_url: 'http://wiki.planetnineisaspaceship.com'
-          },
-          redirect: 'if_required'
+        elements,
+        confirmParams: { return_url: '{{shoppeUrl}}' },
+        redirect: 'if_required'
       });
 
-      if(error) {
-        return showError(error.message);
-      }
+      if (error) return showError(error.message);
 
-      await fetch('{{sanoraUrl}}/user/orders', {
-	method: 'PUT',
-	headers: {'Content-Type': 'application/json'},
-	body: JSON.stringify({timestamp: new Date().getTime() + '', order})
+      const order = { title: '{{title}}', productId: '{{productId}}', formData: window.formData };
+      const resp = await fetch('/plugin/shoppe/{{tenantUuid}}/purchase/complete', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ recoveryKey: window.formData.Recovery, productId: '{{productId}}', order })
       });
-      const recoveryHash = formData.Recovery + "{{productId}}";
-      const createHashURL = `{{sanoraUrl}}/user/create-hash/${recoveryHash}/product/{{productId}}`
-
-      const resp = await fetch(createHashURL);
       const json = await resp.json();
 
-      if(json.success) {
-	window.location.href = '{{ebookUrl}}';
-	return;
+      if (json.success) {
+        window.location.href = '{{ebookUrl}}';
+      } else {
+        window.alert('Payment successful, but error recording purchase. Contact greetings@planetnine.app');
       }
-
-      window.alert('Your payment was successful, but there was an error creating this recovery hash. Please contact greetings@planetnine.app for support.');
-
-    } catch(err) {
+    } catch (err) {
       showError('An unexpected error occurred.');
-console.warn('payment error: ', err);
+      console.warn('payment error:', err);
     }
   };
 
   paymentForm.addEventListener('submit', async (event) => {
     event.preventDefault();
-
-    if (!stripe || !elements) {
-      return;
-    }
-
-    // Disable payment form submission while processing
+    if (!stripe || !elements) return;
     setLoading(true);
-
     await window.confirmPayment();
-
     setLoading(false);
   });
 
   const showError = (message) => {
     errorMessage.textContent = message;
     errorMessage.style.display = 'block';
-    setTimeout(() => {
-      errorMessage.style.display = 'none';
-      errorMessage.textContent = '';
-    }, 5000);
+    setTimeout(() => { errorMessage.style.display = 'none'; errorMessage.textContent = ''; }, 5000);
   };
 
   const setLoading = (isLoading) => {
     submitButton.disabled = isLoading;
     loadingMessage.style.display = isLoading ? 'block' : 'none';
   };
-
-  const start = () => {
-    getPaymentIntentWithoutSplits({{amount}}, 'USD');
-  };
-
-  window.addPaymentForm = start;
 </script>
 </body>
 </html>