krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

v3 payments: port paypal

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-05-10 17:57:55 +02:00
parent 1c887b18e1
commit d33564e5d4
2 changed files with 82 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/helpers/api-integration/requester.js
View File

@@ -33,7 +33,7 @@ function _requestMaker (user, method, additionalSets = {}) {
let url = `http://localhost:${API_TEST_SERVER_PORT}`;
// do not prefix with api/apiVersion requests to top level routes like dataexport and payments
if (route.indexOf('/export') === 0 || route.indexOf('/payments') === 0) {
if (route.indexOf('/export') === 0 || route.indexOf('/paypal') === 0 || route.indexOf('/amazon') === 0 || route.indexOf('/stripe') === 0) {
url += `${route}`;
} else {
url += `/api/${apiVersion}${route}`;

126
website/src/controllers/top-level/payments/paypal.js
View File

@@ -8,6 +8,7 @@ import ipn from 'paypal-ipn';
import paypal from 'paypal-rest-sdk';
import shared from '../../../../../common';
import cc from 'coupon-code';
import Q from 'q';
import { model as Coupon } from '../../../models/coupon';
import { model as User } from '../../../models/user';
import {
@@ -16,8 +17,8 @@ import {
} from '../../../middlewares/api-v3/auth';
import {
BadRequest,
NotAuthorized,
} from '../../../libs/api-v3/errors';
import * as logger from '../../../libs/api-v3/logger';
const BASE_URL = nconf.get('BASE_URL');
@@ -34,17 +35,24 @@ paypal.configure({
client_secret: nconf.get('PAYPAL:client_secret'),
});
// TODO better handling of errors
const paypalPaymentCreate = Q.nbind(paypal.payment.create, paypal.payment);
const paypalPaymentExecute = Q.nbind(paypal.payment.execute, paypal.payment);
const paypalBillingAgreementCreate = Q.nbind(paypal.billingAgreement.create, paypal.billingAgreement);
const paypalBillingAgreementExecute = Q.nbind(paypal.billingAgreement.execute, paypal.billingAgreement);
const paypalBillingAgreementGet = Q.nbind(paypal.billingAgreement.get, paypal.billingAgreement);
const paypalBillingAgreementCancel = Q.nbind(paypal.billingAgreement.cancel, paypal.billingAgreement);
const ipnVerifyAsync = Q.nbind(ipn.verify, ipn);
let api = {};
/**
* @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/checkout Paypal checkout
* @apiDescription Redirects to Paypal
* @api {get} /paypal/checkout Paypal: checkout
* @apiVersion 3.0.0
* @apiName PaypalCheckout
* @apiGroup Payments
*
* @apiParam {string} gift Query parameter - The stringified object representing the user, the gift recepient.
**/
api.checkout = {
method: 'GET',
@@ -62,7 +70,7 @@ api.checkout = {
description = `${description} (Gift)`;
} else {
amount = Number(shared.content.subscriptionBlocks[gift.subscription.key].price).toFixed(2);
description = 'monthly HabitRPG Subscription (Gift)';
description = 'mo. HabitRPG Subscription (Gift)';
}
}
@@ -77,6 +85,7 @@ api.checkout = {
item_list: {
items: [{
name: description,
// sku: 1,
price: amount,
currency: 'USD',
quality: 1,
@@ -90,27 +99,18 @@ api.checkout = {
}],
};
try {
let result = await paypal.payment.create(createPayment);
let result = await paypalPaymentCreate(createPayment);
let link = _.find(result.links, { rel: 'approval_url' }).href;
res.redirect(link);
} catch (e) {
throw new BadRequest(e);
}
},
};
/**
* @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/checkout/success Paypal checkout success
* @api {get} /paypal/checkout/success Paypal: checkout success
* @apiVersion 3.0.0
* @apiName PaypalCheckoutSuccess
* @apiGroup Payments
*
* @apiParam {string} paymentId The payment id
* @apiParam {string} payerID The payer id, notice ID not id
*
* @apiSuccess {} redirect
**/
api.checkoutSuccess = {
method: 'GET',
@@ -119,6 +119,7 @@ api.checkoutSuccess = {
async handler (req, res) {
let paymentId = req.query.paymentId;
let customerId = req.query.payerID;
let method = 'buyGems';
let data = {
user: res.locals.user,
@@ -126,38 +127,31 @@ api.checkoutSuccess = {
paymentMethod: 'Paypal',
};
try {
let gift = req.session.gift ? JSON.parse(req.session.gift) : undefined;
delete req.session.gift;
if (gift) {
gift.member = await User.findById(gift.uuid);
if (gift.type === 'subscription') {
method = 'createSubscription';
data.paymentMethod = 'Gift';
}
data.paymentMethod = 'Gift';
data.gift = gift;
}
await paypal.payment.execute(paymentId, { payer_id: customerId });
await paypalPaymentExecute(paymentId, { payer_id: customerId });
await payments[method](data);
res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
},
};
/**
* @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe Paypal subscribe
* @api {get} /paypal/subscribe Paypal: subscribe
* @apiVersion 3.0.0
* @apiName PaypalSubscribe
* @apiGroup Payments
*
* @apiParam {string} sub subscription, possible values are: basic_earned, basic_3mo, basic_6mo, google_6mo, basic_12mo
* @apiParam {string} coupon coupon for the matching subscription, required only for certain subscriptions
*
* @apiSuccess {} empty object
**/
api.subscribe = {
method: 'GET',
@@ -165,17 +159,18 @@ api.subscribe = {
middlewares: [authWithUrl],
async handler (req, res) {
let sub = shared.content.subscriptionBlocks[req.query.sub];
if (sub.discount) {
if (!req.query.coupon) throw new BadRequest(res.t('couponCodeRequired'));
let coupon = await Coupon.findOne({_id: cc.validate(req.query.coupon), event: sub.key});
if (!coupon) throw new BadRequest(res.t('invalidCoupon'));
if (!coupon) throw new NotAuthorized(res.t('invalidCoupon'));
}
let billingPlanTitle = `HabitRPG Subscription ($${sub.price} every ${sub.months} months, recurring)`;
let billingAgreementAttributes = {
name: billingPlanTitle,
description: billingPlanTitle,
start_date: moment().add({ minutes: 5}).format(),
start_date: moment().add({ minutes: 5 }).format(),
plan: {
id: sub.paypalKey,
},
@@ -183,27 +178,20 @@ api.subscribe = {
payment_method: 'Paypal',
},
};
try {
let billingAgreement = await paypal.billingAgreement.create(billingAgreementAttributes);
let billingAgreement = await paypalBillingAgreementCreate(billingAgreementAttributes);
req.session.paypalBlock = req.query.sub;
let link = _.find(billingAgreement.links, { rel: 'approval_url' }).href;
res.redirect(link);
} catch (e) {
throw new BadRequest(e);
}
},
};
/**
* @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe/success Paypal subscribe success
* @api {get} /paypal/subscribe/success Paypal: subscribe success
* @apiVersion 3.0.0
* @apiName PaypalSubscribeSuccess
* @apiGroup Payments
*
* @apiParam {string} token The token in query
*
* @apiSuccess {} redirect
**/
api.subscribeSuccess = {
method: 'GET',
@@ -213,31 +201,25 @@ api.subscribeSuccess = {
let user = res.locals.user;
let block = shared.content.subscriptionBlocks[req.session.paypalBlock];
delete req.session.paypalBlock;
try {
let result = await paypal.billingAgreement.execute(req.query.token, {});
let result = await paypalBillingAgreementExecute(req.query.token, {});
await payments.createSubscription({
user,
customerId: result.id,
paymentMethod: 'Paypal',
sub: block,
});
res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
},
};
/**
* @apiIgnore Payments are considered part of the private API
* @api {get} /paypal/subscribe/cancel Paypal subscribe cancel
* @api {get} /paypal/subscribe/cancel Paypal: subscribe cancel
* @apiVersion 3.0.0
* @apiName PaypalSubscribeCancel
* @apiGroup Payments
*
* @apiParam {string} token The token in query
*
* @apiSuccess {} redirect
**/
api.subscribeCancel = {
method: 'GET',
@@ -246,59 +228,51 @@ api.subscribeCancel = {
async handler (req, res) {
let user = res.locals.user;
let customerId = user.purchased.plan.customerId;
if (!user.purchased.plan.customerId) throw new BadRequest(res.t('missingSubscription'));
try {
let customer = await paypal.billingAgreement.get(customerId);
if (!user.purchased.plan.customerId) throw new NotAuthorized(res.t('missingSubscription'));
let customer = await paypalBillingAgreementGet(customerId);
let nextBillingDate = customer.agreement_details.next_billing_date;
if (customer.agreement_details.cycles_completed === '0') { // hasn't billed yet
throw new BadRequest(res.t('planNotActive', { nextBillingDate }));
}
await paypal.billingAgreement.cancel(customerId, { note: res.t('cancelingSubscription') });
let data = {
await paypalBillingAgreementCancel(customerId, { note: res.t('cancelingSubscription') });
await payments.cancelSubscription({
user,
paymentMethod: 'Paypal',
nextBill: nextBillingDate,
};
await payments.cancelSubscription(data);
});
res.redirect('/');
} catch (e) {
throw new BadRequest(e);
}
},
};
// General IPN handler. We catch cancelled HabitRPG subscriptions for users who manually cancel their
// recurring paypal payments in their paypal dashboard. TODO ? Remove this when we can move to webhooks or some other solution
/**
* @apiIgnore Payments are considered part of the private API
* @api {post} /paypal/ipn Paypal IPN
* @apiVersion 3.0.0
* @apiName PaypalIpn
* @apiGroup Payments
*
* @apiParam {string} txn_type txn_type
* @apiParam {string} recurring_payment_id recurring_payment_id
*
* @apiSuccess {} empty object
**/
api.ipn = {
method: 'POST',
url: '/paypal/ipn',
middlewares: [],
async handler (req, res) {
res.respond(200);
try {
await ipn.verify(req.body);
res.sendStatus(200);
await ipnVerifyAsync(req.body);
if (req.body.txn_type === 'recurring_payment_profile_cancel' || req.body.txn_type === 'subscr_cancel') {
let user = await User.findOne({ 'purchased.plan.customerId': req.body.recurring_payment_id });
if (user) {
payments.cancelSubscriptoin({ user, paymentMethod: 'Paypal' });
await payments.cancelSubscription({ user, paymentMethod: 'Paypal' });
}
}
} catch (e) {
logger.error(e);
}
},
};
/* eslint-disable camelcase */
module.exports = api;