krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 15:17:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

v3 payments: port paypal

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-05-10 17:57:55 +02:00
parent 1c887b18e1
commit d33564e5d4
2 changed files with 82 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/helpers/api-integration/requester.js
View File

@@ -33,7 +33,7 @@ function _requestMaker (user, method, additionalSets = {}) {
let url = `http://localhost:${API_TEST_SERVER_PORT}`; let url = `http://localhost:${API_TEST_SERVER_PORT}`;
// do not prefix with api/apiVersion requests to top level routes like dataexport and payments // do not prefix with api/apiVersion requests to top level routes like dataexport and payments
if (route.indexOf('/export') === 0 || route.indexOf('/payments') === 0) { if (route.indexOf('/export') === 0 || route.indexOf('/paypal') === 0 || route.indexOf('/amazon') === 0 || route.indexOf('/stripe') === 0) {
url += `${route}`; url += `${route}`;
} else { } else {
url += `/api/${apiVersion}${route}`; url += `/api/${apiVersion}${route}`;

124
website/src/controllers/top-level/payments/paypal.js
View File

@@ -8,6 +8,7 @@ import ipn from 'paypal-ipn';
import paypal from 'paypal-rest-sdk'; import paypal from 'paypal-rest-sdk';
import shared from '../../../../../common'; import shared from '../../../../../common';
import cc from 'coupon-code'; import cc from 'coupon-code';
import Q from 'q';
import { model as Coupon } from '../../../models/coupon'; import { model as Coupon } from '../../../models/coupon';
import { model as User } from '../../../models/user'; import { model as User } from '../../../models/user';
import { import {
@@ -16,8 +17,8 @@ import {
} from '../../../middlewares/api-v3/auth'; } from '../../../middlewares/api-v3/auth';
import { import {
BadRequest, BadRequest,
NotAuthorized,
} from '../../../libs/api-v3/errors'; } from '../../../libs/api-v3/errors';
import * as logger from '../../../libs/api-v3/logger';
const BASE_URL = nconf.get('BASE_URL'); const BASE_URL = nconf.get('BASE_URL');
@@ -34,17 +35,24 @@ paypal.configure({
client_secret: nconf.get('PAYPAL:client_secret'), client_secret: nconf.get('PAYPAL:client_secret'),
}); });
// TODO better handling of errors
const paypalPaymentCreate = Q.nbind(paypal.payment.create, paypal.payment);
const paypalPaymentExecute = Q.nbind(paypal.payment.execute, paypal.payment);
const paypalBillingAgreementCreate = Q.nbind(paypal.billingAgreement.create, paypal.billingAgreement);
const paypalBillingAgreementExecute = Q.nbind(paypal.billingAgreement.execute, paypal.billingAgreement);
const paypalBillingAgreementGet = Q.nbind(paypal.billingAgreement.get, paypal.billingAgreement);
const paypalBillingAgreementCancel = Q.nbind(paypal.billingAgreement.cancel, paypal.billingAgreement);
const ipnVerifyAsync = Q.nbind(ipn.verify, ipn);
let api = {}; let api = {};
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/checkout Paypal checkout * @api {get} /paypal/checkout Paypal: checkout
* @apiDescription Redirects to Paypal
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalCheckout * @apiName PaypalCheckout
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} gift Query parameter - The stringified object representing the user, the gift recepient.
**/ **/
api.checkout = { api.checkout = {
method: 'GET', method: 'GET',
@@ -62,7 +70,7 @@ api.checkout = {
description = `${description} (Gift)`; description = `${description} (Gift)`;
} else { } else {
amount = Number(shared.content.subscriptionBlocks[gift.subscription.key].price).toFixed(2); amount = Number(shared.content.subscriptionBlocks[gift.subscription.key].price).toFixed(2);
description = 'monthly HabitRPG Subscription (Gift)'; description = 'mo. HabitRPG Subscription (Gift)';
} }
} }
@@ -77,6 +85,7 @@ api.checkout = {
item_list: { item_list: {
items: [{ items: [{
name: description, name: description,
// sku: 1,
price: amount, price: amount,
currency: 'USD', currency: 'USD',
quality: 1, quality: 1,
@@ -90,27 +99,18 @@ api.checkout = {
}], }],
}; };
try { let result = await paypalPaymentCreate(createPayment);
let result = await paypal.payment.create(createPayment);
let link = _.find(result.links, { rel: 'approval_url' }).href; let link = _.find(result.links, { rel: 'approval_url' }).href;
res.redirect(link); res.redirect(link);
} catch (e) {
throw new BadRequest(e);
}
}, },
}; };
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/checkout/success Paypal checkout success * @api {get} /paypal/checkout/success Paypal: checkout success
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalCheckoutSuccess * @apiName PaypalCheckoutSuccess
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} paymentId The payment id
* @apiParam {string} payerID The payer id, notice ID not id
*
* @apiSuccess {} redirect
**/ **/
api.checkoutSuccess = { api.checkoutSuccess = {
method: 'GET', method: 'GET',
@@ -119,6 +119,7 @@ api.checkoutSuccess = {
async handler (req, res) { async handler (req, res) {
let paymentId = req.query.paymentId; let paymentId = req.query.paymentId;
let customerId = req.query.payerID; let customerId = req.query.payerID;
let method = 'buyGems'; let method = 'buyGems';
let data = { let data = {
user: res.locals.user, user: res.locals.user,
@@ -126,38 +127,31 @@ api.checkoutSuccess = {
paymentMethod: 'Paypal', paymentMethod: 'Paypal',
}; };
try {
let gift = req.session.gift ? JSON.parse(req.session.gift) : undefined; let gift = req.session.gift ? JSON.parse(req.session.gift) : undefined;
delete req.session.gift; delete req.session.gift;
if (gift) { if (gift) {
gift.member = await User.findById(gift.uuid); gift.member = await User.findById(gift.uuid);
if (gift.type === 'subscription') { if (gift.type === 'subscription') {
method = 'createSubscription'; method = 'createSubscription';
data.paymentMethod = 'Gift';
} }
data.paymentMethod = 'Gift';
data.gift = gift; data.gift = gift;
} }
await paypal.payment.execute(paymentId, { payer_id: customerId }); await paypalPaymentExecute(paymentId, { payer_id: customerId });
await payments[method](data); await payments[method](data);
res.redirect('/'); res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
}, },
}; };
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe Paypal subscribe * @api {get} /paypal/subscribe Paypal: subscribe
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalSubscribe * @apiName PaypalSubscribe
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} sub subscription, possible values are: basic_earned, basic_3mo, basic_6mo, google_6mo, basic_12mo
* @apiParam {string} coupon coupon for the matching subscription, required only for certain subscriptions
*
* @apiSuccess {} empty object
**/ **/
api.subscribe = { api.subscribe = {
method: 'GET', method: 'GET',
@@ -165,10 +159,11 @@ api.subscribe = {
middlewares: [authWithUrl], middlewares: [authWithUrl],
async handler (req, res) { async handler (req, res) {
let sub = shared.content.subscriptionBlocks[req.query.sub]; let sub = shared.content.subscriptionBlocks[req.query.sub];
if (sub.discount) { if (sub.discount) {
if (!req.query.coupon) throw new BadRequest(res.t('couponCodeRequired')); if (!req.query.coupon) throw new BadRequest(res.t('couponCodeRequired'));
let coupon = await Coupon.findOne({_id: cc.validate(req.query.coupon), event: sub.key}); let coupon = await Coupon.findOne({_id: cc.validate(req.query.coupon), event: sub.key});
if (!coupon) throw new BadRequest(res.t('invalidCoupon')); if (!coupon) throw new NotAuthorized(res.t('invalidCoupon'));
} }
let billingPlanTitle = `HabitRPG Subscription ($${sub.price} every ${sub.months} months, recurring)`; let billingPlanTitle = `HabitRPG Subscription ($${sub.price} every ${sub.months} months, recurring)`;
@@ -183,27 +178,20 @@ api.subscribe = {
payment_method: 'Paypal', payment_method: 'Paypal',
}, },
}; };
try { let billingAgreement = await paypalBillingAgreementCreate(billingAgreementAttributes);
let billingAgreement = await paypal.billingAgreement.create(billingAgreementAttributes);
req.session.paypalBlock = req.query.sub; req.session.paypalBlock = req.query.sub;
let link = _.find(billingAgreement.links, { rel: 'approval_url' }).href; let link = _.find(billingAgreement.links, { rel: 'approval_url' }).href;
res.redirect(link); res.redirect(link);
} catch (e) {
throw new BadRequest(e);
}
}, },
}; };
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe/success Paypal subscribe success * @api {get} /paypal/subscribe/success Paypal: subscribe success
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalSubscribeSuccess * @apiName PaypalSubscribeSuccess
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} token The token in query
*
* @apiSuccess {} redirect
**/ **/
api.subscribeSuccess = { api.subscribeSuccess = {
method: 'GET', method: 'GET',
@@ -213,31 +201,25 @@ api.subscribeSuccess = {
let user = res.locals.user; let user = res.locals.user;
let block = shared.content.subscriptionBlocks[req.session.paypalBlock]; let block = shared.content.subscriptionBlocks[req.session.paypalBlock];
delete req.session.paypalBlock; delete req.session.paypalBlock;
try {
let result = await paypal.billingAgreement.execute(req.query.token, {}); let result = await paypalBillingAgreementExecute(req.query.token, {});
await payments.createSubscription({ await payments.createSubscription({
user, user,
customerId: result.id, customerId: result.id,
paymentMethod: 'Paypal', paymentMethod: 'Paypal',
sub: block, sub: block,
}); });
res.redirect('/'); res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
}, },
}; };
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe/cancel Paypal subscribe cancel * @api {get} /paypal/subscribe/cancel Paypal: subscribe cancel
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalSubscribeCancel * @apiName PaypalSubscribeCancel
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} token The token in query
*
* @apiSuccess {} redirect
**/ **/
api.subscribeCancel = { api.subscribeCancel = {
method: 'GET', method: 'GET',
@@ -246,59 +228,51 @@ api.subscribeCancel = {
async handler (req, res) { async handler (req, res) {
let user = res.locals.user; let user = res.locals.user;
let customerId = user.purchased.plan.customerId; let customerId = user.purchased.plan.customerId;
if (!user.purchased.plan.customerId) throw new BadRequest(res.t('missingSubscription')); if (!user.purchased.plan.customerId) throw new NotAuthorized(res.t('missingSubscription'));
try {
let customer = await paypal.billingAgreement.get(customerId); let customer = await paypalBillingAgreementGet(customerId);
let nextBillingDate = customer.agreement_details.next_billing_date; let nextBillingDate = customer.agreement_details.next_billing_date;
if (customer.agreement_details.cycles_completed === '0') { // hasn't billed yet if (customer.agreement_details.cycles_completed === '0') { // hasn't billed yet
throw new BadRequest(res.t('planNotActive', { nextBillingDate })); throw new BadRequest(res.t('planNotActive', { nextBillingDate }));
} }
await paypal.billingAgreement.cancel(customerId, { note: res.t('cancelingSubscription') });
let data = { await paypalBillingAgreementCancel(customerId, { note: res.t('cancelingSubscription') });
await payments.cancelSubscription({
user, user,
paymentMethod: 'Paypal', paymentMethod: 'Paypal',
nextBill: nextBillingDate, nextBill: nextBillingDate,
}; });
await payments.cancelSubscription(data);
res.redirect('/'); res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
}, },
}; };
// General IPN handler. We catch cancelled HabitRPG subscriptions for users who manually cancel their
// recurring paypal payments in their paypal dashboard. TODO ? Remove this when we can move to webhooks or some other solution
/** /**
* @apiIgnore Payments are considered part of the private API * @apiIgnore Payments are considered part of the private API
* @api {post} /paypal/ipn Paypal IPN * @api {post} /paypal/ipn Paypal IPN
* @apiVersion 3.0.0 * @apiVersion 3.0.0
* @apiName PaypalIpn * @apiName PaypalIpn
* @apiGroup Payments * @apiGroup Payments
*
* @apiParam {string} txn_type txn_type
* @apiParam {string} recurring_payment_id recurring_payment_id
*
* @apiSuccess {} empty object
**/ **/
api.ipn = { api.ipn = {
method: 'POST', method: 'POST',
url: '/paypal/ipn', url: '/paypal/ipn',
middlewares: [],
async handler (req, res) { async handler (req, res) {
res.respond(200); res.sendStatus(200);
try {
await ipn.verify(req.body); await ipnVerifyAsync(req.body);
if (req.body.txn_type === 'recurring_payment_profile_cancel' || req.body.txn_type === 'subscr_cancel') { if (req.body.txn_type === 'recurring_payment_profile_cancel' || req.body.txn_type === 'subscr_cancel') {
let user = await User.findOne({ 'purchased.plan.customerId': req.body.recurring_payment_id }); let user = await User.findOne({ 'purchased.plan.customerId': req.body.recurring_payment_id });
if (user) { if (user) {
payments.cancelSubscriptoin({ user, paymentMethod: 'Paypal' }); await payments.cancelSubscription({ user, paymentMethod: 'Paypal' });
} }
} }
} catch (e) {
logger.error(e);
}
}, },
}; };
/* eslint-disable camelcase */
module.exports = api; module.exports = api;