KK
/
customer-dashboard-api
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stripe payment

main
alex 2024-02-17 15:14:52 +01:00
parent f56246a524
commit e2d6f23676
12 changed files with 460 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server.ts
View File

@ -23,6 +23,7 @@ import logger, { initLogHandler } from "./src/logger/logger";
import passport from "passport";
import rabbitmq from "./src/rabbitmq/rabbitmq";
import { GOOGLE_CALLBACK_URL } from "./src/utils/constants";
import { StripeWebhook } from "./src/controllers/paymentController";
const app: Express = express();
const host = process.env.HOST || "localhost";
const port = Number(process.env.PORT) || 3000;
@ -110,6 +111,14 @@ app.use(cors());
app.use(cookieParser());
app.use(useragent.express());
// we need to parse the body of the request to get the stripe signature
// it is important that the webhook is registered before the body parser
// see https://github.com/stripe/stripe-node/issues/341
app.use(
"/api/v1/webhooks/stripe",
bodyParser.raw({ type: "application/json" }),
StripeWebhook
);
app.use(bodyParser.json());
app.use("/api/v1/calendar", calendarRoutes);
app.use("/api/v1/payment", paymentRoutes);

337
src/controllers/paymentController.ts
View File

@ -1,15 +1,340 @@
import { Request, Response } from "express";
import logger from "../logger/logger";
import Stripe from "stripe";
import {
ACCOUNT_STATE,
DASHBOARD_URL,
PAYMENT_PLAN_SETTINGS,
} from "../utils/constants";
import UserPendingPayment from "../models/userPendingPayment";
import User from "../models/user";
import { getUserSession } from "../utils/utils";
import Store from "../models/store";
import Session from "../models/session";
const ZeitAdlerBasicMonthly = "zeitadler-basic-monthly";
const ZeitAdlerBasicYearly = "zeitadler-basic-yearly";
const ZeitAdlerPremiumMonthly = "zeitadler-premium-monthly";
const ZeitAdlerPremiumYearly = "zeitadler-premium-yearly";
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY as string);
let cachedPrices = [] as any[];
export async function CreatePaymentIntent(req: Request, res: Response) {
const paymentIntent = await stripe.paymentIntents.create({
amount: 1,
currency: "eur",
export async function loadPrices() {
if (cachedPrices.length > 0) {
return;
}
logger.info("Loading prices from Stripe API");
// load prices from stripe
const prices = await stripe.prices.list({
lookup_keys: [
ZeitAdlerBasicMonthly,
ZeitAdlerBasicYearly,
ZeitAdlerPremiumMonthly,
ZeitAdlerPremiumYearly,
],
expand: ["data.product"],
});
res.send({
clientSecret: paymentIntent.client_secret,
for (const price of prices.data) {
cachedPrices.push({
id: price.id,
unit_amount: price.unit_amount,
lookup_key: price.lookup_key,
});
}
}
export async function getPriceId(paymentPlan: number, interval: number) {
await loadPrices();
const val = `zeitadler-${PAYMENT_PLAN_SETTINGS[paymentPlan].id}-${
interval === 1 ? "yearly" : "monthly"
}`;
const found = cachedPrices.find((price) => price.lookup_key === val);
if (found === undefined) {
return null;
}
return found.id;
}
// used to get the prices for the frontend
export async function GetPrices(req: Request, res: Response) {
try {
const { productId } = req.params;
if (productId === undefined || (productId !== "1" && productId !== "2")) {
return res.status(400).send({ err: "invalid request" });
}
await loadPrices();
let lookupKey: any[] = [];
if (productId === "1") {
lookupKey = [ZeitAdlerBasicMonthly, ZeitAdlerBasicYearly];
} else if (productId === "2") {
lookupKey = [ZeitAdlerPremiumMonthly, ZeitAdlerPremiumYearly];
}
res.status(200).send({
prices: cachedPrices
.filter(
(price) =>
price.lookup_key === lookupKey[0] ||
price.lookup_key === lookupKey[1]
)
.map((price) => {
return {
lookup_key: price.lookup_key,
unit_amount: price.unit_amount,
};
}),
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function CreateCheckoutSession(priceId: string, userId: string) {
try {
if (priceId === undefined || userId === undefined) {
logger.error("CreateCheckoutSession: invalid request");
return "";
}
if (cachedPrices.length === 0) {
logger.info("Loading prices from Stripe API");
await loadPrices();
}
const session = await stripe.checkout.sessions.create({
payment_method_types: ["card"],
line_items: [
{
price: priceId,
quantity: 1,
},
],
customer_email: "hello@roese.dev",
mode: "subscription",
success_url: `${DASHBOARD_URL}/checkout/success/{CHECKOUT_SESSION_ID}`,
cancel_url: `${DASHBOARD_URL}/checkout/canceled/{CHECKOUT_SESSION_ID}`,
metadata: {
userId: userId,
},
});
await UserPendingPayment.create({
payment_session_id: session.id,
user_id: userId,
});
return session.url;
} catch (error) {
logger.error(error);
return "";
}
}
// user is redirected to dashboard checkout page after successful payment
// and then makes request to this endpoint to create a user session
export async function CheckoutSuccess(req: Request, res: Response) {
try {
const { sessionId } = req.body;
logger.info("CheckoutSuccess", sessionId);
if (sessionId === undefined) {
return res.status(400).send({ err: "invalid request" });
}
const userPendingPayment = await UserPendingPayment.findOne({
where: {
payment_session_id: sessionId,
},
});
if (userPendingPayment === null) {
logger.info("CheckoutSuccess payment successful");
return res.status(200).send({ status: 1 });
}
logger.info("CheckoutSuccess pending payment");
res.status(200).send({ status: 0 });
} catch (err) {
logger.error(err);
res.status(500).send({ err: "invalid request" });
}
}
export async function CheckoutCanceled(req: Request, res: Response) {
try {
const { sessionId } = req.body;
if (sessionId === undefined) {
logger.error("CheckoutCanceled: invalid request");
return res.status(400).send({ err: "invalid request" });
}
const userPendingPayment = await UserPendingPayment.findOne({
where: {
payment_session_id: sessionId,
},
});
if (userPendingPayment === null) {
console.log("CheckoutCanceled not found");
return res.status(400).send({ err: "invalid request" });
}
// delete user
await User.destroy({
where: {
user_id: userPendingPayment.user_id,
},
});
// delete store
await Store.destroy({
where: {
owner_user_id: userPendingPayment.user_id,
},
});
// delete all user sessions
await Session.destroy({
where: {
user_id: userPendingPayment.user_id,
},
});
// delete user pending payment
await userPendingPayment.destroy();
res.status(200).send({ status: 1 });
} catch (err) {
logger.error(err);
res.status(500).send({ err: "invalid request" });
}
}
export async function StripeWebhook(req: Request, res: Response) {
try {
if (req.method !== "POST") {
logger.error("StripeWebhook: invalid reques. Method", req.method);
return res.status(405).end(); // Method Not Allowed
}
const payload = req.body;
const sig = req.headers["stripe-signature"] as string;
let event: Stripe.Event;
try {
event = stripe.webhooks.constructEvent(
payload,
sig,
process.env.STRIPE_WEBHOOK_ENDPOINT_SECRET as string
);
} catch (err) {
logger.error("Webhook-Fehler", err);
return res.status(400).send(`Webhook Error: ${err}`);
}
if (event.type === "checkout.session.completed") {
const userId = (event.data.object as Stripe.Checkout.Session)?.metadata
?.userId;
// delete user pending payment
logger.info(
"delete user pending payment",
(event.data.object as Stripe.Checkout.Session).id
);
const pendingPayment = await UserPendingPayment.findOne({
where: {
payment_session_id: (event.data.object as Stripe.Checkout.Session).id,
},
});
if (pendingPayment !== null) {
await pendingPayment.destroy();
const user = await User.findOne({
where: {
user_id: userId,
},
});
if (user !== null && user.state === ACCOUNT_STATE.INIT_PAYMENT) {
// update user state
await User.update(
{
state: ACCOUNT_STATE.ACTIVE,
stripe_customer_id: (event.data.object as Stripe.Checkout.Session)
.customer as string,
},
{
where: {
user_id: userId,
},
}
);
}
}
} else {
logger.warn("Ignoring unknown event:", event.type);
}
res.sendStatus(200);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
export async function GetBillingPortal(req: Request, res: Response) {
try {
const userSession = await getUserSession(req);
if (userSession === null) {
return res.status(401).send({ err: "unauthorized" });
}
const user = await User.findOne({
where: {
user_id: userSession.user_id,
},
attributes: ["stripe_customer_id"],
});
if (user === null || user.stripe_customer_id === null) {
return res.status(400).send({ err: "invalid request" });
}
const session = await stripe.billingPortal.sessions.create({
customer: user.stripe_customer_id,
return_url: `${DASHBOARD_URL}/payment-plan`,
});
res.status(200).send({
url: session.url,
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}

4
src/controllers/storeController.ts
View File

@ -2,7 +2,7 @@ import { Request, Response } from "express";
import Store from "../models/store";
import { getUserSession } from "../utils/utils";
import { isCompanyNameValid } from "../validator/validator";
import { storeLogger, userLogger } from "../logger/logger";
import logger, { storeLogger, userLogger } from "../logger/logger";
export async function GetStore(req: Request, res: Response) {
try {
@ -46,6 +46,7 @@ export async function GetStore(req: Request, res: Response) {
},
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -112,6 +113,7 @@ export async function UpdateStore(req: Request, res: Response) {
res.status(200).send({ msg: "success" });
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}

16
src/controllers/storeServicesController.ts
View File

@ -52,7 +52,7 @@ export async function GetStoreServices(req: Request, res: Response) {
res.status(200).send({ services, users });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -100,7 +100,7 @@ export async function CreateStoreService(req: Request, res: Response) {
res.status(200).send({ service });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -163,7 +163,7 @@ export async function UpdateStoreService(req: Request, res: Response) {
res.status(200).send({ msg: "success" });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -248,7 +248,7 @@ export async function CreateStoreServiceActivity(req: Request, res: Response) {
res.status(200).send({ activity });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -282,7 +282,7 @@ export async function GetStoreServiceActivities(req: Request, res: Response) {
res.status(200).send({ activities: activities });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -418,7 +418,7 @@ export async function UpdateStoreServiceActivity(req: Request, res: Response) {
res.status(200).send({ msg: "success" });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -497,7 +497,7 @@ export async function DeleteStoreServiceActivity(req: Request, res: Response) {
res.status(200).send({ msg: "success" });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}
@ -583,7 +583,7 @@ export async function DeleteStoreService(req: Request, res: Response) {
res.status(200).send({ msg: "success" });
} catch (error) {
console.log(error);
logger.error(error);
res.status(500).send({ err: "invalid request" });
}
}

43
src/controllers/userController.ts
View File

@ -6,6 +6,8 @@ import {
isEmailValid,
isLanguageCodeValid,
isPasswordValid,
isPaymentIntervalValid,
isPaymentPlanValid,
isUsernameValid,
} from "../validator/validator";
import {
@ -14,7 +16,6 @@ import {
CALENDAR_MAX_SERVICE_DURATION,
CALENDAR_MIN_EARLIEST_BOOKING_TIME,
EMAIL_VERIFICATION_STATE,
PAYMENT_PLAN,
PAYMENT_PLAN_SETTINGS,
Roles,
USER_ANALYTICS_ENABLED_DEFAULT,
@ -41,6 +42,7 @@ import rabbitmq from "../rabbitmq/rabbitmq";
import verifyCaptcha from "../utils/recaptcha";
import EmailVerification from "../models/emailVerification";
import UserPendingEmailChange from "../models/userPendingEmailChange";
import { CreateCheckoutSession, getPriceId } from "./paymentController";
export async function SignUp(req: Request, res: Response) {
try {
@ -52,6 +54,8 @@ export async function SignUp(req: Request, res: Response) {
language,
rememberMe,
recaptcha,
paymentPlan,
paymentInterval,
} = req.body;
// validate request
@ -67,7 +71,11 @@ export async function SignUp(req: Request, res: Response) {
!(await isEmailValid(email)) ||
!isLanguageCodeValid(language) ||
rememberMe === undefined ||
!recaptcha
!recaptcha ||
paymentPlan === undefined ||
!isPaymentPlanValid(paymentPlan) ||
paymentInterval === undefined ||
!isPaymentIntervalValid(paymentInterval)
) {
return res.status(400).send({ err: "invalid request" });
}
@ -118,14 +126,14 @@ export async function SignUp(req: Request, res: Response) {
owner_user_id: userId,
name: companyName,
calendar_max_future_booking_days:
PAYMENT_PLAN_SETTINGS[PAYMENT_PLAN.DEMO].calendarMaxFutureBookingDays,
PAYMENT_PLAN_SETTINGS[paymentPlan].calendarMaxFutureBookingDays,
calendar_min_earliest_booking_time: CALENDAR_MIN_EARLIEST_BOOKING_TIME,
calendar_max_service_duration: CALENDAR_MAX_SERVICE_DURATION,
address: "",
});
// create email verification
/*
const emailVerificationId = newEmailVerificationId();
const state = EMAIL_VERIFICATION_STATE.PENDING_EMAIL_VERIFICATION;
@ -137,7 +145,7 @@ export async function SignUp(req: Request, res: Response) {
rabbitmq.sendEmail(email, "dashboardSignUpEmailVerification", language, {
emailVerificationUrl: getEmailVerificationUrl(state, emailVerificationId),
});
}); */
// create user
@ -150,15 +158,26 @@ export async function SignUp(req: Request, res: Response) {
password: hashedPassword,
language: language,
analytics_enabled: USER_ANALYTICS_ENABLED_DEFAULT,
state: ACCOUNT_STATE.PENDING_EMAIL_VERIFICATION,
payment_plan: PAYMENT_PLAN.DEMO,
state: ACCOUNT_STATE.INIT_PAYMENT,
payment_plan: paymentPlan,
});
const checkoutSessionUrl = await CreateCheckoutSession(
await getPriceId(paymentPlan, paymentInterval),
userId
);
if (!checkoutSessionUrl) {
return res.status(500).send({ err: "invalid request" });
}
logger.info(
`new user signed up: user_id: ${userId} email: ${email} language: ${language} company: ${companyName} username: ${username}`
);
res.status(200).send({ msg: "success" });
saveSession(req, res, userId, true, {
redirectUrl: checkoutSessionUrl,
});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
@ -272,7 +291,7 @@ export async function Login(req: Request, res: Response) {
userLogger.info(user.user_id, "User logged in");
// create session
saveSession(req, res, user.user_id, user.username, rememberMe);
saveSession(req, res, user.user_id, rememberMe);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
@ -539,7 +558,7 @@ export async function GetUserProfileSettings(req: Request, res: Response) {
userLogger.info(session.user_id, "GetUserProfileSettings");
res.status(200).json(user);
res.status(200).send(user);
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });
@ -705,7 +724,7 @@ export async function GetUserProfileSessions(req: Request, res: Response) {
userLogger.info(session.user_id, "GetUserProfileSessions");
res.status(200).json({
res.status(200).send({
sessions: sessionsList,
currentSession: currentSession,
});
@ -899,7 +918,7 @@ export async function ExportUserAccount(req: Request, res: Response) {
userLogger.info(session.user_id, "User requested account export");
res.status(200).json({});
res.status(200).send({});
} catch (error) {
logger.error(error);
res.status(500).send({ err: "invalid request" });

2
src/models/index.ts
View File

@ -7,6 +7,7 @@ import StoreServiceActivity from "./storeServiceActivity";
import StoreServiceActivityUsers from "./storeServiceActivityUsers";
import User from "./user";
import UserPendingEmailChange from "./userPendingEmailChange";
import UserPendingPayment from "./userPendingPayment";
function syncModels() {
EmailVerification.sync();
@ -18,6 +19,7 @@ function syncModels() {
StoreServiceActivityUsers.sync();
Feedback.sync();
UserPendingEmailChange.sync();
UserPendingPayment.sync();
// UserGoogleTokens.sync(); not needed as it is created by the calendar backend
}

6
src/models/user.ts
View File

@ -18,6 +18,7 @@ interface UserAttributes {
google_account_picture?: string;
analytics_enabled: boolean;
payment_plan: number;
stripe_customer_id?: string;
}
class User extends Model<UserAttributes> implements UserAttributes {
@ -36,6 +37,7 @@ class User extends Model<UserAttributes> implements UserAttributes {
declare google_account_picture: string;
declare analytics_enabled: boolean;
declare payment_plan: number;
declare stripe_customer_id: string;
declare created_at: Date;
}
@ -103,6 +105,10 @@ User.init(
type: DataTypes.TINYINT,
allowNull: false,
},
stripe_customer_id: {
type: DataTypes.STRING,
allowNull: true,
},
},
{
tableName: "users",

37
src/models/userPendingPayment.ts Normal file
View File

@ -0,0 +1,37 @@
import { DataTypes, Model } from "sequelize";
import sequelize from "../database/database";
interface UserPendingPaymentAttributes {
payment_session_id: string;
user_id: string;
}
class UserPendingPayment
extends Model<UserPendingPaymentAttributes>
implements UserPendingPaymentAttributes
{
declare payment_session_id: string;
declare user_id: string;
}
UserPendingPayment.init(
{
payment_session_id: {
primaryKey: true,
type: DataTypes.STRING,
allowNull: false,
},
user_id: {
type: DataTypes.STRING,
allowNull: false,
},
},
{
sequelize,
modelName: "user_pending_payment",
createdAt: "created_at",
updatedAt: "updated_at",
}
);
export default UserPendingPayment;

7
src/routes/paymentRoutes.ts
View File

@ -3,6 +3,11 @@ const router = express.Router();
import * as paymentController from "../controllers/paymentController";
router.post("/create-payment-intent", paymentController.CreatePaymentIntent);
router.get("/prices/:productId", paymentController.GetPrices);
// webhook is registered in server.ts as it needs registered before the body parser
router.post("/checkout/success", paymentController.CheckoutSuccess);
router.post("/checkout/canceled", paymentController.CheckoutCanceled);
router.get("/portal", paymentController.GetBillingPortal);
export default router;

11
src/utils/constants.ts
View File

@ -53,6 +53,7 @@ export enum ACCOUNT_STATE {
INIT_LOGIN = 2, // account is created but password is not set yet
BANNED = 3, // account is banned, cannot login
PENDING_EMAIL_VERIFICATION = 4, // account is created but email is not verified yet
INIT_PAYMENT = 5, // account is created but payment is not set yet
}
export const FEEDBACK_MIN_LENGTH = 3;
@ -88,15 +89,25 @@ export const TERMIN_PLANNER_URL = process.env.TERMIN_PLANNER_URL;
export enum PAYMENT_PLAN {
DEMO = 0,
BASIC = 1,
PREMIUM = 2,
}
export const PAYMENT_PLAN_SETTINGS = [
{
// demo
maxEmployees: 5,
calendarMaxFutureBookingDays: 14,
},
{
// basic
id: "basic",
maxEmployees: 15,
calendarMaxFutureBookingDays: 60,
},
{
// premium
id: "premium",
maxEmployees: 20,
calendarMaxFutureBookingDays: 90,
},
];

6
src/utils/utils.ts
View File

@ -67,8 +67,8 @@ export async function saveSession(
req: Request,
res: Response,
userId: string,
username: string,
rememberMe: boolean
rememberMe: boolean,
data?: any
) {
try {
const userSession = newUserSession();
@ -88,7 +88,7 @@ export async function saveSession(
res.status(200).json({
XAuthorization: userSession,
Username: username,
...data,
});
} catch (err) {
res.status(500).send({ err: "invalid request" });

11
src/validator/validator.ts
View File

@ -24,6 +24,7 @@ import {
PAYMENT_PLAN_SETTINGS,
CALENDAR_MIN_EARLIEST_BOOKING_TIME,
CALENDAR_MAX_EARLIEST_BOOKING_TIME,
PAYMENT_PLAN,
} from "../utils/constants";
import User from "../models/user";
import UserPendingEmailChange from "../models/userPendingEmailChange";
@ -183,3 +184,13 @@ export function isCalendarMinEarliestBookingTimeValid(
calendarMinEarliestBookingTime <= CALENDAR_MAX_EARLIEST_BOOKING_TIME
);
}
export function isPaymentPlanValid(paymentPlan: number) {
return (
paymentPlan !== PAYMENT_PLAN.DEMO && paymentPlan <= PAYMENT_PLAN.PREMIUM
);
}
export function isPaymentIntervalValid(paymentInterval: number) {
return paymentInterval === 0 || paymentInterval === 1;
}