v3 payments: port paypal

test/helpers/api-integration/requester.js

@@ -33,7 +33,7 @@ function _requestMaker (user, method, additionalSets = {}) {
       let url = `http://localhost:${API_TEST_SERVER_PORT}`;
 
       // do not prefix with api/apiVersion requests to top level routes like dataexport and payments
-      if (route.indexOf('/export') === 0 || route.indexOf('/payments') === 0) {
+      if (route.indexOf('/export') === 0 || route.indexOf('/paypal') === 0 || route.indexOf('/amazon') === 0 || route.indexOf('/stripe') === 0) {
         url += `${route}`;
       } else {
         url += `/api/${apiVersion}${route}`;

website/src/controllers/top-level/payments/paypal.js

@@ -8,6 +8,7 @@ import ipn from 'paypal-ipn';
 import paypal from 'paypal-rest-sdk';
 import shared from '../../../../../common';
 import cc from 'coupon-code';
+import Q from 'q';
 import { model as Coupon } from '../../../models/coupon';
 import { model as User } from '../../../models/user';
 import {
@@ -16,8 +17,8 @@ import {
 } from '../../../middlewares/api-v3/auth';
 import {
   BadRequest,
+  NotAuthorized,
 } from '../../../libs/api-v3/errors';
-import * as logger from '../../../libs/api-v3/logger';
 
 const BASE_URL = nconf.get('BASE_URL');
 
@@ -34,17 +35,24 @@ paypal.configure({
   client_secret: nconf.get('PAYPAL:client_secret'),
 });
 
+// TODO better handling of errors
+const paypalPaymentCreate = Q.nbind(paypal.payment.create, paypal.payment);
+const paypalPaymentExecute = Q.nbind(paypal.payment.execute, paypal.payment);
+const paypalBillingAgreementCreate = Q.nbind(paypal.billingAgreement.create, paypal.billingAgreement);
+const paypalBillingAgreementExecute = Q.nbind(paypal.billingAgreement.execute, paypal.billingAgreement);
+const paypalBillingAgreementGet = Q.nbind(paypal.billingAgreement.get, paypal.billingAgreement);
+const paypalBillingAgreementCancel = Q.nbind(paypal.billingAgreement.cancel, paypal.billingAgreement);
+
+const ipnVerifyAsync = Q.nbind(ipn.verify, ipn);
+
 let api = {};
 
 /**
  * @apiIgnore Payments are considered part of the private API
- * @api {get} /paypal/checkout Paypal checkout
+ * @api {get} /paypal/checkout Paypal: checkout
- * @apiDescription Redirects to Paypal
  * @apiVersion 3.0.0
  * @apiName PaypalCheckout
  * @apiGroup Payments
- *
- * @apiParam {string} gift Query parameter - The stringified object representing the user, the gift recepient.
  **/
 api.checkout = {
   method: 'GET',
@@ -62,7 +70,7 @@ api.checkout = {
         description = `${description} (Gift)`;
       } else {
         amount = Number(shared.content.subscriptionBlocks[gift.subscription.key].price).toFixed(2);
-        description = 'monthly HabitRPG Subscription (Gift)';
+        description = 'mo. HabitRPG Subscription (Gift)';
       }
     }
 
@@ -77,6 +85,7 @@ api.checkout = {
         item_list: {
           items: [{
             name: description,
+            // sku: 1,
             price: amount,
             currency: 'USD',
             quality: 1,
@@ -90,27 +99,18 @@ api.checkout = {
       }],
     };
 
-    try {
+    let result = await paypalPaymentCreate(createPayment);
-      let result = await paypal.payment.create(createPayment);
+    let link = _.find(result.links, { rel: 'approval_url' }).href;
-      let link = _.find(result.links, { rel: 'approval_url' }).href;
+    res.redirect(link);
-      res.redirect(link);
-    } catch (e) {
-      throw new BadRequest(e);
-    }
   },
 };
 
 /**
  * @apiIgnore Payments are considered part of the private API
- * @api {get} /paypal/checkout/success Paypal checkout success
+ * @api {get} /paypal/checkout/success Paypal: checkout success
  * @apiVersion 3.0.0
  * @apiName PaypalCheckoutSuccess
  * @apiGroup Payments
- *
- * @apiParam {string} paymentId The payment id
- * @apiParam {string} payerID The payer id, notice ID not id
- *
- * @apiSuccess {} redirect
  **/
 api.checkoutSuccess = {
   method: 'GET',
@@ -119,6 +119,7 @@ api.checkoutSuccess = {
   async handler (req, res) {
     let paymentId = req.query.paymentId;
     let customerId = req.query.payerID;
+
     let method = 'buyGems';
     let data = {
       user: res.locals.user,
@@ -126,38 +127,31 @@ api.checkoutSuccess = {
       paymentMethod: 'Paypal',
     };
 
-    try {
+    let gift = req.session.gift ? JSON.parse(req.session.gift) : undefined;
-      let gift = req.session.gift ? JSON.parse(req.session.gift) : undefined;
+    delete req.session.gift;
-      delete req.session.gift;
+
-      if (gift) {
+    if (gift) {
-        gift.member = await User.findById(gift.uuid);
+      gift.member = await User.findById(gift.uuid);
-        if (gift.type === 'subscription') {
+      if (gift.type === 'subscription') {
-          method = 'createSubscription';
+        method = 'createSubscription';
-          data.paymentMethod = 'Gift';
-        }
-        data.gift = gift;
       }
 
-      await paypal.payment.execute(paymentId, { payer_id: customerId });
+      data.paymentMethod = 'Gift';
-      await payments[method](data);
+      data.gift = gift;
-      res.redirect('/');
-    } catch (e) {
-      throw new BadRequest(e);
     }
+
+    await paypalPaymentExecute(paymentId, { payer_id: customerId });
+    await payments[method](data);
+    res.redirect('/');
   },
 };
 
 /**
  * @apiIgnore Payments are considered part of the private API
- * @api {get} /paypal/subscribe Paypal subscribe
+ * @api {get} /paypal/subscribe Paypal: subscribe
  * @apiVersion 3.0.0
  * @apiName PaypalSubscribe
  * @apiGroup Payments
- *
- * @apiParam {string} sub subscription, possible values are: basic_earned, basic_3mo, basic_6mo, google_6mo, basic_12mo
- * @apiParam {string} coupon coupon for the matching subscription, required only for certain subscriptions
- *
- * @apiSuccess {} empty object
  **/
 api.subscribe = {
   method: 'GET',
@@ -165,17 +159,18 @@ api.subscribe = {
   middlewares: [authWithUrl],
   async handler (req, res) {
     let sub = shared.content.subscriptionBlocks[req.query.sub];
+
     if (sub.discount) {
       if (!req.query.coupon) throw new BadRequest(res.t('couponCodeRequired'));
       let coupon = await Coupon.findOne({_id: cc.validate(req.query.coupon), event: sub.key});
-      if (!coupon) throw new BadRequest(res.t('invalidCoupon'));
+      if (!coupon) throw new NotAuthorized(res.t('invalidCoupon'));
     }
 
     let billingPlanTitle = `HabitRPG Subscription ($${sub.price} every ${sub.months} months, recurring)`;
     let billingAgreementAttributes = {
       name: billingPlanTitle,
       description: billingPlanTitle,
-      start_date: moment().add({ minutes: 5}).format(),
+      start_date: moment().add({ minutes: 5 }).format(),
       plan: {
         id: sub.paypalKey,
       },
@@ -183,27 +178,20 @@ api.subscribe = {
         payment_method: 'Paypal',
       },
     };
-    try {
+    let billingAgreement = await paypalBillingAgreementCreate(billingAgreementAttributes);
-      let billingAgreement = await paypal.billingAgreement.create(billingAgreementAttributes);
+
-      req.session.paypalBlock = req.query.sub;
+    req.session.paypalBlock = req.query.sub;
-      let link = _.find(billingAgreement.links, { rel: 'approval_url' }).href;
+    let link = _.find(billingAgreement.links, { rel: 'approval_url' }).href;
-      res.redirect(link);
+    res.redirect(link);
-    } catch (e) {
-      throw new BadRequest(e);
-    }
   },
 };
 
 /**
  * @apiIgnore Payments are considered part of the private API
- * @api {get} /paypal/subscribe/success Paypal subscribe success
+ * @api {get} /paypal/subscribe/success Paypal: subscribe success
  * @apiVersion 3.0.0
  * @apiName PaypalSubscribeSuccess
  * @apiGroup Payments
- *
- * @apiParam {string} token The token in query
- *
- * @apiSuccess {} redirect
  **/
 api.subscribeSuccess = {
   method: 'GET',
@@ -213,31 +201,25 @@ api.subscribeSuccess = {
     let user = res.locals.user;
     let block = shared.content.subscriptionBlocks[req.session.paypalBlock];
     delete req.session.paypalBlock;
-    try {
+
-      let result = await paypal.billingAgreement.execute(req.query.token, {});
+    let result = await paypalBillingAgreementExecute(req.query.token, {});
-      await payments.createSubscription({
+    await payments.createSubscription({
-        user,
+      user,
-        customerId: result.id,
+      customerId: result.id,
-        paymentMethod: 'Paypal',
+      paymentMethod: 'Paypal',
-        sub: block,
+      sub: block,
-      });
+    });
-      res.redirect('/');
+
-    } catch (e) {
+    res.redirect('/');
-      throw new BadRequest(e);
-    }
   },
 };
 
 /**
  * @apiIgnore Payments are considered part of the private API
- * @api {get} /paypal/subscribe/cancel Paypal subscribe cancel
+ * @api {get} /paypal/subscribe/cancel Paypal: subscribe cancel
  * @apiVersion 3.0.0
  * @apiName PaypalSubscribeCancel
  * @apiGroup Payments
- *
- * @apiParam {string} token The token in query
- *
- * @apiSuccess {} redirect
  **/
 api.subscribeCancel = {
   method: 'GET',
@@ -246,59 +228,51 @@ api.subscribeCancel = {
   async handler (req, res) {
     let user = res.locals.user;
     let customerId = user.purchased.plan.customerId;
-    if (!user.purchased.plan.customerId) throw new BadRequest(res.t('missingSubscription'));
+    if (!user.purchased.plan.customerId) throw new NotAuthorized(res.t('missingSubscription'));
-    try {
+
-      let customer = await paypal.billingAgreement.get(customerId);
+    let customer = await paypalBillingAgreementGet(customerId);
-      let nextBillingDate = customer.agreement_details.next_billing_date;
+
-      if (customer.agreement_details.cycles_completed === '0') { // hasn't billed yet
+    let nextBillingDate = customer.agreement_details.next_billing_date;
-        throw new BadRequest(res.t('planNotActive', { nextBillingDate }));
+    if (customer.agreement_details.cycles_completed === '0') { // hasn't billed yet
-      }
+      throw new BadRequest(res.t('planNotActive', { nextBillingDate }));
-      await paypal.billingAgreement.cancel(customerId, { note: res.t('cancelingSubscription') });
-      let data = {
-        user,
-        paymentMethod: 'Paypal',
-        nextBill: nextBillingDate,
-      };
-      await payments.cancelSubscription(data);
-      res.redirect('/');
-    } catch (e) {
-      throw new BadRequest(e);
     }
+
+    await paypalBillingAgreementCancel(customerId, { note: res.t('cancelingSubscription') });
+    await payments.cancelSubscription({
+      user,
+      paymentMethod: 'Paypal',
+      nextBill: nextBillingDate,
+    });
+
+    res.redirect('/');
   },
 };
 
+// General IPN handler. We catch cancelled HabitRPG subscriptions for users who manually cancel their
+// recurring paypal payments in their paypal dashboard. TODO ? Remove this when we can move to webhooks or some other solution
+
 /**
  * @apiIgnore Payments are considered part of the private API
  * @api {post} /paypal/ipn Paypal IPN
  * @apiVersion 3.0.0
  * @apiName PaypalIpn
  * @apiGroup Payments
- *
- * @apiParam {string} txn_type txn_type
- * @apiParam {string} recurring_payment_id recurring_payment_id
- *
- * @apiSuccess {} empty object
  **/
 api.ipn = {
   method: 'POST',
   url: '/paypal/ipn',
-  middlewares: [],
   async handler (req, res) {
-    res.respond(200);
+    res.sendStatus(200);
-    try {
+
-      await ipn.verify(req.body);
+    await ipnVerifyAsync(req.body);
-      if (req.body.txn_type === 'recurring_payment_profile_cancel' || req.body.txn_type === 'subscr_cancel') {
+
-        let user = await User.findOne({ 'purchased.plan.customerId': req.body.recurring_payment_id });
+    if (req.body.txn_type === 'recurring_payment_profile_cancel' || req.body.txn_type === 'subscr_cancel') {
-        if (user) {
+      let user = await User.findOne({ 'purchased.plan.customerId': req.body.recurring_payment_id });
-          payments.cancelSubscriptoin({ user, paymentMethod: 'Paypal' });
+      if (user) {
-        }
+        await payments.cancelSubscription({ user, paymentMethod: 'Paypal' });
       }
-    } catch (e) {
-      logger.error(e);
     }
   },
 };
 
-/* eslint-disable camelcase */
-
 module.exports = api;