Allow gems and subs to be gifted through in-app-purchases (#10892)

* Allow gems to be gifted through IAPs

* implement non recurring IAP subscriptions

* fix localization issue in error

* fix non renewing subscription handling

* Fix lint error

* fix tests

* move findbyId mock to helper file

* undo package-lock changes

* Fix lint error

website/server/controllers/top-level/payments/iap.js

@@ -22,11 +22,14 @@ api.iapAndroidVerify = {
   url: '/iap/android/verify',
   middlewares: [authWithHeaders()],
   async handler (req, res) {
-    let user = res.locals.user;
-    let iapBody = req.body;
-
-    let googleRes = await googlePayments.verifyGemPurchase(user, iapBody.transaction.receipt, iapBody.transaction.signature, req.headers);
-
+    if (!req.body.transaction) throw new BadRequest(res.t('missingReceipt'));
+    let googleRes = await googlePayments.verifyGemPurchase({
+      user: res.locals.user,
+      receipt: req.body.transaction.receipt,
+      signature: req.body.transaction.signature,
+      gift: req.body.gift,
+      headers: req.headers,
+    });
     res.respond(200, googleRes);
   },
 };
@@ -43,10 +46,34 @@ api.iapSubscriptionAndroid = {
   middlewares: [authWithHeaders()],
   async handler (req, res) {
     if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
-    let user = res.locals.user;
-    let iapBody = req.body;
+    await googlePayments.subscribe(req.body.sku, res.locals.user, req.body.transaction.receipt, req.body.transaction.signature, req.headers);
 
-    await googlePayments.subscribe(req.body.sku, user, iapBody.transaction.receipt, iapBody.transaction.signature, req.headers);
+    res.respond(200);
+  },
+};
+
+/**
+ * @apiIgnore Payments are considered part of the private API
+ * @api {post} /iap/android/norenew-subscribe Android non-renewing subscription IAP
+ * @apiName iapSubscriptionAndroidNoRenew
+ * @apiGroup Payments
+ **/
+api.iapSubscriptionAndroidNoRenew = {
+  method: 'POST',
+  url: '/iap/android/norenew-subscribe',
+  middlewares: [authWithHeaders()],
+  async handler (req, res) {
+    if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
+    if (!req.body.transaction) throw new BadRequest(res.t('missingReceipt'));
+
+    await googlePayments.noRenewSubscribe({
+      sku: req.body.sku,
+      user: res.locals.user,
+      receipt: req.body.transaction.receipt,
+      signature: req.body.transaction.signature,
+      gift: req.body.gift,
+      headers: req.headers,
+    });
 
     res.respond(200);
   },
@@ -87,9 +114,12 @@ api.iapiOSVerify = {
   middlewares: [authWithHeaders()],
   async handler (req, res) {
     if (!req.body.transaction) throw new BadRequest(res.t('missingReceipt'));
-
-    let appleRes = await applePayments.verifyGemPurchase(res.locals.user, req.body.transaction.receipt, req.headers);
-
+    let appleRes = await applePayments.verifyGemPurchase({
+      user: res.locals.user,
+      receipt: req.body.transaction.receipt,
+      gift: req.body.gift,
+      headers: req.headers,
+    });
     res.respond(200, appleRes);
   },
 };
@@ -137,4 +167,29 @@ api.iapCancelSubscriptioniOS = {
   },
 };
 
+/**
+ * @apiIgnore Payments are considered part of the private API
+ * @api {post} /iap/ios/norenew-subscribe iOS Verify IAP
+ * @apiName IapiOSVerify
+ * @apiGroup Payments
+ **/
+api.iapSubscriptioniOSNoRenew = {
+  method: 'POST',
+  url: '/iap/ios/norenew-subscribe',
+  middlewares: [authWithHeaders()],
+  async handler (req, res) {
+    if (!req.body.sku) throw new BadRequest(res.t('missingSubscriptionCode'));
+    if (!req.body.transaction) throw new BadRequest(res.t('missingReceipt'));
+
+    await applePayments.noRenewSubscribe({
+      sku: req.body.sku,
+      user: res.locals.user,
+      receipt: req.body.transaction.receipt,
+      gift: req.body.gift,
+      headers: req.headers});
+
+    res.respond(200);
+  },
+};
+
 module.exports = api;