Payment stuff, cont'd

2025-05-31 02:29:18 +02:00 · 2023-01-15 23:29:46 -05:00 · 2023-01-15 23:29:46 -05:00 · c06bfb989e
commit c06bfb989e
parent f7f7f469ad
11 changed files with 457 additions and 309 deletions
--- a/server/server_account.go
+++ b/server/server_account.go
@ -2,14 +2,6 @@ package server

 import (
 	"encoding/json"
-	"errors"
-	"github.com/stripe/stripe-go/v74"
-	portalsession "github.com/stripe/stripe-go/v74/billingportal/session"
-	"github.com/stripe/stripe-go/v74/checkout/session"
-	"github.com/stripe/stripe-go/v74/subscription"
-	"github.com/stripe/stripe-go/v74/webhook"
-	"github.com/tidwall/gjson"
-	"heckel.io/ntfy/log"
 	"heckel.io/ntfy/user"
 	"heckel.io/ntfy/util"
 	"net/http"
@ -17,7 +9,6 @@ import (

 const (
 	jsonBodyBytesLimit   = 4096
-	stripeBodyBytesLimit = 16384
 	subscriptionIDLength = 16
 	createdByAPI         = "api"
 )
@ -100,6 +91,14 @@ func (s *Server) handleAccountGet(w http.ResponseWriter, _ *http.Request, v *vis
 				Paid: v.user.Tier.Paid,
 			}
 		}
+		if v.user.Billing.StripeCustomerID != "" {
+			response.Billing = &apiAccountBilling{
+				Customer:     true,
+				Subscription: v.user.Billing.StripeSubscriptionID != "",
+				Status:       string(v.user.Billing.StripeSubscriptionStatus),
+				PaidUntil:    v.user.Billing.StripeSubscriptionPaidUntil.Unix(),
+			}
+		}
 		reservations, err := s.userManager.Reservations(v.user.Name)
 		if err != nil {
 			return err
@ -395,226 +394,3 @@ func (s *Server) handleAccountReservationDelete(w http.ResponseWriter, r *http.R
 	w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
 	return nil
 }
-
-func (s *Server) handleAccountCheckoutSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	req, err := readJSONWithLimit[apiAccountTierChangeRequest](r.Body, jsonBodyBytesLimit)
-	if err != nil {
-		return err
-	}
-	tier, err := s.userManager.Tier(req.Tier)
-	if err != nil {
-		return err
-	}
-	if tier.StripePriceID == "" {
-		log.Info("Checkout: Downgrading to no tier")
-		return errors.New("not a paid tier")
-	} else if v.user.Billing != nil && v.user.Billing.StripeSubscriptionID != "" {
-		log.Info("Checkout: Changing tier and subscription to %s", tier.Code)
-
-		// Upgrade/downgrade tier
-		sub, err := subscription.Get(v.user.Billing.StripeSubscriptionID, nil)
-		if err != nil {
-			return err
-		}
-		params := &stripe.SubscriptionParams{
-			CancelAtPeriodEnd: stripe.Bool(false),
-			ProrationBehavior: stripe.String(string(stripe.SubscriptionSchedulePhaseProrationBehaviorCreateProrations)),
-			Items: []*stripe.SubscriptionItemsParams{
-				{
-					ID:    stripe.String(sub.Items.Data[0].ID),
-					Price: stripe.String(tier.StripePriceID),
-				},
-			},
-		}
-		_, err = subscription.Update(sub.ID, params)
-		if err != nil {
-			return err
-		}
-		response := &apiAccountCheckoutResponse{}
-		w.Header().Set("Content-Type", "application/json")
-		w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
-		if err := json.NewEncoder(w).Encode(response); err != nil {
-			return err
-		}
-		return nil
-	} else {
-		// Checkout flow
-		log.Info("Checkout: No existing subscription, creating checkout flow")
-	}
-
-	successURL := s.config.BaseURL + accountCheckoutSuccessTemplate
-	var stripeCustomerID *string
-	if v.user.Billing != nil {
-		stripeCustomerID = &v.user.Billing.StripeCustomerID
-	}
-	params := &stripe.CheckoutSessionParams{
-		ClientReferenceID: &v.user.Name, // FIXME Should be user ID
-		Customer:          stripeCustomerID,
-		SuccessURL:        &successURL,
-		Mode:              stripe.String(string(stripe.CheckoutSessionModeSubscription)),
-		LineItems: []*stripe.CheckoutSessionLineItemParams{
-			{
-				Price:    stripe.String(tier.StripePriceID),
-				Quantity: stripe.Int64(1),
-			},
-		},
-	}
-	sess, err := session.New(params)
-	if err != nil {
-		return err
-	}
-	response := &apiAccountCheckoutResponse{
-		RedirectURL: sess.URL,
-	}
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
-	if err := json.NewEncoder(w).Encode(response); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *Server) handleAccountCheckoutSessionSuccessGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// We don't have a v.user in this endpoint, only a userManager!
-	matches := accountCheckoutSuccessRegex.FindStringSubmatch(r.URL.Path)
-	if len(matches) != 2 {
-		return errHTTPInternalErrorInvalidPath
-	}
-	sessionID := matches[1]
-	// FIXME how do I rate limit this?
-	sess, err := session.Get(sessionID, nil)
-	if err != nil {
-		log.Warn("Stripe: %s", err)
-		return errHTTPBadRequestInvalidStripeRequest
-	} else if sess.Customer == nil || sess.Subscription == nil || sess.ClientReferenceID == "" {
-		log.Warn("Stripe: Unexpected session, customer or subscription not found")
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	sub, err := subscription.Get(sess.Subscription.ID, nil)
-	if err != nil {
-		return err
-	} else if sub.Items == nil || len(sub.Items.Data) != 1 || sub.Items.Data[0].Price == nil {
-		log.Error("Stripe: Unexpected subscription, expected exactly one line item")
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	priceID := sub.Items.Data[0].Price.ID
-	tier, err := s.userManager.TierByStripePrice(priceID)
-	if err != nil {
-		return err
-	}
-	u, err := s.userManager.User(sess.ClientReferenceID)
-	if err != nil {
-		return err
-	}
-	if u.Billing == nil {
-		u.Billing = &user.Billing{}
-	}
-	u.Billing.StripeCustomerID = sess.Customer.ID
-	u.Billing.StripeSubscriptionID = sess.Subscription.ID
-	if err := s.userManager.ChangeBilling(u); err != nil {
-		return err
-	}
-	if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
-		return err
-	}
-	accountURL := s.config.BaseURL + "/account" // FIXME
-	http.Redirect(w, r, accountURL, http.StatusSeeOther)
-	return nil
-}
-
-func (s *Server) handleAccountBillingPortalSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	if v.user.Billing == nil {
-		return errHTTPBadRequestNotAPaidUser
-	}
-	params := &stripe.BillingPortalSessionParams{
-		Customer:  stripe.String(v.user.Billing.StripeCustomerID),
-		ReturnURL: stripe.String(s.config.BaseURL),
-	}
-	ps, err := portalsession.New(params)
-	if err != nil {
-		return err
-	}
-	response := &apiAccountBillingPortalRedirectResponse{
-		RedirectURL: ps.URL,
-	}
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
-	if err := json.NewEncoder(w).Encode(response); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *Server) handleAccountBillingWebhookTrigger(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// We don't have a v.user in this endpoint, only a userManager!
-	stripeSignature := r.Header.Get("Stripe-Signature")
-	if stripeSignature == "" {
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	body, err := util.Peek(r.Body, stripeBodyBytesLimit)
-	if err != nil {
-		return err
-	} else if body.LimitReached {
-		return errHTTPEntityTooLargeJSONBody
-	}
-	event, err := webhook.ConstructEvent(body.PeekedBytes, stripeSignature, s.config.StripeWebhookKey)
-	if err != nil {
-		log.Warn("Stripe: invalid request: %s", err.Error())
-		return errHTTPBadRequestInvalidStripeRequest
-	} else if event.Data == nil || event.Data.Raw == nil {
-		log.Warn("Stripe: invalid request, data is nil")
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	log.Info("Stripe: webhook event %s received", event.Type)
-	stripeCustomerID := gjson.GetBytes(event.Data.Raw, "customer")
-	if !stripeCustomerID.Exists() {
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	switch event.Type {
-	case "checkout.session.completed":
-		// Payment is successful and the subscription is created.
-		// Provision the subscription, save the customer ID.
-		return s.handleAccountBillingWebhookCheckoutCompleted(stripeCustomerID.String(), event.Data.Raw)
-	case "customer.subscription.updated":
-		return s.handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID.String(), event.Data.Raw)
-	case "invoice.paid":
-		// Continue to provision the subscription as payments continue to be made.
-		// Store the status in your database and check when a user accesses your service.
-		// This approach helps you avoid hitting rate limits.
-		return nil // FIXME
-	case "invoice.payment_failed":
-		// The payment failed or the customer does not have a valid payment method.
-		// The subscription becomes past_due. Notify your customer and send them to the
-		// customer portal to update their payment information.
-		return nil // FIXME
-	default:
-		log.Warn("Stripe: unhandled webhook %s", event.Type)
-		return nil
-	}
-}
-
-func (s *Server) handleAccountBillingWebhookCheckoutCompleted(stripeCustomerID string, event json.RawMessage) error {
-	log.Info("Stripe: checkout completed for customer %s", stripeCustomerID)
-	return nil
-}
-
-func (s *Server) handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID string, event json.RawMessage) error {
-	status := gjson.GetBytes(event, "status")
-	priceID := gjson.GetBytes(event, "items.data.0.price.id")
-	if !status.Exists() || !priceID.Exists() {
-		return errHTTPBadRequestInvalidStripeRequest
-	}
-	log.Info("Stripe: customer %s: subscription updated to %s, with price %s", stripeCustomerID, status, priceID)
-	u, err := s.userManager.UserByStripeCustomer(stripeCustomerID)
-	if err != nil {
-		return err
-	}
-	tier, err := s.userManager.TierByStripePrice(priceID.String())
-	if err != nil {
-		return err
-	}
-	if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
-		return err
-	}
-	return nil
-}