Payment stuff, cont'd
This commit is contained in:
binwiederhier
parent
f7f7f469ad
commit
c06bfb989e
11 changed files with 457 additions and 309 deletions
|
|
@ -37,8 +37,13 @@ import (
|
|||
/*
|
||||
TODO
|
||||
payments:
|
||||
- handle overdue payment (-> downgrade after 7 days)
|
||||
- delete stripe subscription when acocunt is deleted
|
||||
- send dunning emails when overdue
|
||||
- payment methods
|
||||
- unmarshal to stripe.Subscription instead of gjson
|
||||
- Make ResetTier reset the stripe fields
|
||||
- delete subscription when account deleted
|
||||
- remove tier.paid
|
||||
- add tier.visible
|
||||
|
||||
Limits & rate limiting:
|
||||
users without tier: should the stats be persisted? are they meaningful?
|
||||
|
|
@ -97,27 +102,27 @@ var (
|
|||
authPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}(,[-_A-Za-z0-9]{1,64})*/auth$`)
|
||||
publishPathRegex = regexp.MustCompile(`^/[-_A-Za-z0-9]{1,64}/(publish|send|trigger)$`)
|
||||
|
||||
webConfigPath = "/config.js"
|
||||
healthPath = "/v1/health"
|
||||
accountPath = "/v1/account"
|
||||
accountTokenPath = "/v1/account/token"
|
||||
accountPasswordPath = "/v1/account/password"
|
||||
accountSettingsPath = "/v1/account/settings"
|
||||
accountSubscriptionPath = "/v1/account/subscription"
|
||||
accountReservationPath = "/v1/account/reservation"
|
||||
accountBillingPortalPath = "/v1/account/billing/portal"
|
||||
accountBillingWebhookPath = "/v1/account/billing/webhook"
|
||||
accountCheckoutPath = "/v1/account/checkout"
|
||||
accountCheckoutSuccessTemplate = "/v1/account/checkout/success/{CHECKOUT_SESSION_ID}"
|
||||
accountCheckoutSuccessRegex = regexp.MustCompile(`/v1/account/checkout/success/(.+)$`)
|
||||
accountReservationSingleRegex = regexp.MustCompile(`/v1/account/reservation/([-_A-Za-z0-9]{1,64})$`)
|
||||
accountSubscriptionSingleRegex = regexp.MustCompile(`^/v1/account/subscription/([-_A-Za-z0-9]{16})$`)
|
||||
matrixPushPath = "/_matrix/push/v1/notify"
|
||||
staticRegex = regexp.MustCompile(`^/static/.+`)
|
||||
docsRegex = regexp.MustCompile(`^/docs(|/.*)$`)
|
||||
fileRegex = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
|
||||
disallowedTopics = []string{"docs", "static", "file", "app", "account", "settings", "pricing", "signup", "login", "reset-password"} // If updated, also update in Android and web app
|
||||
urlRegex = regexp.MustCompile(`^https?://`)
|
||||
webConfigPath = "/config.js"
|
||||
healthPath = "/v1/health"
|
||||
accountPath = "/v1/account"
|
||||
accountTokenPath = "/v1/account/token"
|
||||
accountPasswordPath = "/v1/account/password"
|
||||
accountSettingsPath = "/v1/account/settings"
|
||||
accountSubscriptionPath = "/v1/account/subscription"
|
||||
accountReservationPath = "/v1/account/reservation"
|
||||
accountBillingPortalPath = "/v1/account/billing/portal"
|
||||
accountBillingWebhookPath = "/v1/account/billing/webhook"
|
||||
accountBillingSubscriptionPath = "/v1/account/billing/subscription"
|
||||
accountBillingSubscriptionCheckoutSuccessTemplate = "/v1/account/billing/subscription/success/{CHECKOUT_SESSION_ID}"
|
||||
accountBillingSubscriptionCheckoutSuccessRegex = regexp.MustCompile(`/v1/account/billing/subscription/success/(.+)$`)
|
||||
accountReservationSingleRegex = regexp.MustCompile(`/v1/account/reservation/([-_A-Za-z0-9]{1,64})$`)
|
||||
accountSubscriptionSingleRegex = regexp.MustCompile(`^/v1/account/subscription/([-_A-Za-z0-9]{16})$`)
|
||||
matrixPushPath = "/_matrix/push/v1/notify"
|
||||
staticRegex = regexp.MustCompile(`^/static/.+`)
|
||||
docsRegex = regexp.MustCompile(`^/docs(|/.*)$`)
|
||||
fileRegex = regexp.MustCompile(`^/file/([-_A-Za-z0-9]{1,64})(?:\.[A-Za-z0-9]{1,16})?$`)
|
||||
disallowedTopics = []string{"docs", "static", "file", "app", "account", "settings", "pricing", "signup", "login", "reset-password"} // If updated, also update in Android and web app
|
||||
urlRegex = regexp.MustCompile(`^https?://`)
|
||||
|
||||
//go:embed site
|
||||
webFs embed.FS
|
||||
|
|
@ -372,14 +377,16 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
|
|||
return s.ensureUser(s.handleAccountReservationAdd)(w, r, v)
|
||||
} else if r.Method == http.MethodDelete && accountReservationSingleRegex.MatchString(r.URL.Path) {
|
||||
return s.ensureUser(s.handleAccountReservationDelete)(w, r, v)
|
||||
} else if r.Method == http.MethodPost && r.URL.Path == accountCheckoutPath {
|
||||
return s.ensureUser(s.handleAccountCheckoutSessionCreate)(w, r, v)
|
||||
} else if r.Method == http.MethodGet && accountCheckoutSuccessRegex.MatchString(r.URL.Path) {
|
||||
} else if r.Method == http.MethodPost && r.URL.Path == accountBillingSubscriptionPath {
|
||||
return s.ensureUser(s.handleAccountBillingSubscriptionChange)(w, r, v)
|
||||
} else if r.Method == http.MethodDelete && r.URL.Path == accountBillingSubscriptionPath {
|
||||
return s.ensureStripeCustomer(s.handleAccountBillingSubscriptionDelete)(w, r, v)
|
||||
} else if r.Method == http.MethodGet && accountBillingSubscriptionCheckoutSuccessRegex.MatchString(r.URL.Path) {
|
||||
return s.ensureUserManager(s.handleAccountCheckoutSessionSuccessGet)(w, r, v) // No user context!
|
||||
} else if r.Method == http.MethodPost && r.URL.Path == accountBillingPortalPath {
|
||||
return s.ensureUser(s.handleAccountBillingPortalSessionCreate)(w, r, v)
|
||||
return s.ensureStripeCustomer(s.handleAccountBillingPortalSessionCreate)(w, r, v)
|
||||
} else if r.Method == http.MethodPost && r.URL.Path == accountBillingWebhookPath {
|
||||
return s.ensureUserManager(s.handleAccountBillingWebhookTrigger)(w, r, v)
|
||||
return s.ensureUserManager(s.handleAccountBillingWebhook)(w, r, v)
|
||||
} else if r.Method == http.MethodGet && r.URL.Path == matrixPushPath {
|
||||
return s.handleMatrixDiscovery(w)
|
||||
} else if r.Method == http.MethodGet && staticRegex.MatchString(r.URL.Path) {
|
||||
|
|
@ -1493,6 +1500,15 @@ func (s *Server) ensureUser(next handleFunc) handleFunc {
|
|||
})
|
||||
}
|
||||
|
||||
func (s *Server) ensureStripeCustomer(next handleFunc) handleFunc {
|
||||
return s.ensureUser(func(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
if v.user.Billing.StripeCustomerID == "" {
|
||||
return errHTTPBadRequestNotAPaidUser
|
||||
}
|
||||
return next(w, r, v)
|
||||
})
|
||||
}
|
||||
|
||||
// transformBodyJSON peeks the request body, reads the JSON, and converts it to headers
|
||||
// before passing it on to the next handler. This is meant to be used in combination with handlePublish.
|
||||
func (s *Server) transformBodyJSON(next handleFunc) handleFunc {
|
||||
|
|
|
|||
|
|
@ -2,14 +2,6 @@ package server
|
|||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/stripe/stripe-go/v74"
|
||||
portalsession "github.com/stripe/stripe-go/v74/billingportal/session"
|
||||
"github.com/stripe/stripe-go/v74/checkout/session"
|
||||
"github.com/stripe/stripe-go/v74/subscription"
|
||||
"github.com/stripe/stripe-go/v74/webhook"
|
||||
"github.com/tidwall/gjson"
|
||||
"heckel.io/ntfy/log"
|
||||
"heckel.io/ntfy/user"
|
||||
"heckel.io/ntfy/util"
|
||||
"net/http"
|
||||
|
|
@ -17,7 +9,6 @@ import (
|
|||
|
||||
const (
|
||||
jsonBodyBytesLimit = 4096
|
||||
stripeBodyBytesLimit = 16384
|
||||
subscriptionIDLength = 16
|
||||
createdByAPI = "api"
|
||||
)
|
||||
|
|
@ -100,6 +91,14 @@ func (s *Server) handleAccountGet(w http.ResponseWriter, _ *http.Request, v *vis
|
|||
Paid: v.user.Tier.Paid,
|
||||
}
|
||||
}
|
||||
if v.user.Billing.StripeCustomerID != "" {
|
||||
response.Billing = &apiAccountBilling{
|
||||
Customer: true,
|
||||
Subscription: v.user.Billing.StripeSubscriptionID != "",
|
||||
Status: string(v.user.Billing.StripeSubscriptionStatus),
|
||||
PaidUntil: v.user.Billing.StripeSubscriptionPaidUntil.Unix(),
|
||||
}
|
||||
}
|
||||
reservations, err := s.userManager.Reservations(v.user.Name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -395,226 +394,3 @@ func (s *Server) handleAccountReservationDelete(w http.ResponseWriter, r *http.R
|
|||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountCheckoutSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
req, err := readJSONWithLimit[apiAccountTierChangeRequest](r.Body, jsonBodyBytesLimit)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
tier, err := s.userManager.Tier(req.Tier)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if tier.StripePriceID == "" {
|
||||
log.Info("Checkout: Downgrading to no tier")
|
||||
return errors.New("not a paid tier")
|
||||
} else if v.user.Billing != nil && v.user.Billing.StripeSubscriptionID != "" {
|
||||
log.Info("Checkout: Changing tier and subscription to %s", tier.Code)
|
||||
|
||||
// Upgrade/downgrade tier
|
||||
sub, err := subscription.Get(v.user.Billing.StripeSubscriptionID, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
params := &stripe.SubscriptionParams{
|
||||
CancelAtPeriodEnd: stripe.Bool(false),
|
||||
ProrationBehavior: stripe.String(string(stripe.SubscriptionSchedulePhaseProrationBehaviorCreateProrations)),
|
||||
Items: []*stripe.SubscriptionItemsParams{
|
||||
{
|
||||
ID: stripe.String(sub.Items.Data[0].ID),
|
||||
Price: stripe.String(tier.StripePriceID),
|
||||
},
|
||||
},
|
||||
}
|
||||
_, err = subscription.Update(sub.ID, params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountCheckoutResponse{}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
} else {
|
||||
// Checkout flow
|
||||
log.Info("Checkout: No existing subscription, creating checkout flow")
|
||||
}
|
||||
|
||||
successURL := s.config.BaseURL + accountCheckoutSuccessTemplate
|
||||
var stripeCustomerID *string
|
||||
if v.user.Billing != nil {
|
||||
stripeCustomerID = &v.user.Billing.StripeCustomerID
|
||||
}
|
||||
params := &stripe.CheckoutSessionParams{
|
||||
ClientReferenceID: &v.user.Name, // FIXME Should be user ID
|
||||
Customer: stripeCustomerID,
|
||||
SuccessURL: &successURL,
|
||||
Mode: stripe.String(string(stripe.CheckoutSessionModeSubscription)),
|
||||
LineItems: []*stripe.CheckoutSessionLineItemParams{
|
||||
{
|
||||
Price: stripe.String(tier.StripePriceID),
|
||||
Quantity: stripe.Int64(1),
|
||||
},
|
||||
},
|
||||
}
|
||||
sess, err := session.New(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountCheckoutResponse{
|
||||
RedirectURL: sess.URL,
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountCheckoutSessionSuccessGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
// We don't have a v.user in this endpoint, only a userManager!
|
||||
matches := accountCheckoutSuccessRegex.FindStringSubmatch(r.URL.Path)
|
||||
if len(matches) != 2 {
|
||||
return errHTTPInternalErrorInvalidPath
|
||||
}
|
||||
sessionID := matches[1]
|
||||
// FIXME how do I rate limit this?
|
||||
sess, err := session.Get(sessionID, nil)
|
||||
if err != nil {
|
||||
log.Warn("Stripe: %s", err)
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
} else if sess.Customer == nil || sess.Subscription == nil || sess.ClientReferenceID == "" {
|
||||
log.Warn("Stripe: Unexpected session, customer or subscription not found")
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
sub, err := subscription.Get(sess.Subscription.ID, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if sub.Items == nil || len(sub.Items.Data) != 1 || sub.Items.Data[0].Price == nil {
|
||||
log.Error("Stripe: Unexpected subscription, expected exactly one line item")
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
priceID := sub.Items.Data[0].Price.ID
|
||||
tier, err := s.userManager.TierByStripePrice(priceID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u, err := s.userManager.User(sess.ClientReferenceID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if u.Billing == nil {
|
||||
u.Billing = &user.Billing{}
|
||||
}
|
||||
u.Billing.StripeCustomerID = sess.Customer.ID
|
||||
u.Billing.StripeSubscriptionID = sess.Subscription.ID
|
||||
if err := s.userManager.ChangeBilling(u); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
|
||||
return err
|
||||
}
|
||||
accountURL := s.config.BaseURL + "/account" // FIXME
|
||||
http.Redirect(w, r, accountURL, http.StatusSeeOther)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingPortalSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
if v.user.Billing == nil {
|
||||
return errHTTPBadRequestNotAPaidUser
|
||||
}
|
||||
params := &stripe.BillingPortalSessionParams{
|
||||
Customer: stripe.String(v.user.Billing.StripeCustomerID),
|
||||
ReturnURL: stripe.String(s.config.BaseURL),
|
||||
}
|
||||
ps, err := portalsession.New(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountBillingPortalRedirectResponse{
|
||||
RedirectURL: ps.URL,
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhookTrigger(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
// We don't have a v.user in this endpoint, only a userManager!
|
||||
stripeSignature := r.Header.Get("Stripe-Signature")
|
||||
if stripeSignature == "" {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
body, err := util.Peek(r.Body, stripeBodyBytesLimit)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if body.LimitReached {
|
||||
return errHTTPEntityTooLargeJSONBody
|
||||
}
|
||||
event, err := webhook.ConstructEvent(body.PeekedBytes, stripeSignature, s.config.StripeWebhookKey)
|
||||
if err != nil {
|
||||
log.Warn("Stripe: invalid request: %s", err.Error())
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
} else if event.Data == nil || event.Data.Raw == nil {
|
||||
log.Warn("Stripe: invalid request, data is nil")
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
log.Info("Stripe: webhook event %s received", event.Type)
|
||||
stripeCustomerID := gjson.GetBytes(event.Data.Raw, "customer")
|
||||
if !stripeCustomerID.Exists() {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
switch event.Type {
|
||||
case "checkout.session.completed":
|
||||
// Payment is successful and the subscription is created.
|
||||
// Provision the subscription, save the customer ID.
|
||||
return s.handleAccountBillingWebhookCheckoutCompleted(stripeCustomerID.String(), event.Data.Raw)
|
||||
case "customer.subscription.updated":
|
||||
return s.handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID.String(), event.Data.Raw)
|
||||
case "invoice.paid":
|
||||
// Continue to provision the subscription as payments continue to be made.
|
||||
// Store the status in your database and check when a user accesses your service.
|
||||
// This approach helps you avoid hitting rate limits.
|
||||
return nil // FIXME
|
||||
case "invoice.payment_failed":
|
||||
// The payment failed or the customer does not have a valid payment method.
|
||||
// The subscription becomes past_due. Notify your customer and send them to the
|
||||
// customer portal to update their payment information.
|
||||
return nil // FIXME
|
||||
default:
|
||||
log.Warn("Stripe: unhandled webhook %s", event.Type)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhookCheckoutCompleted(stripeCustomerID string, event json.RawMessage) error {
|
||||
log.Info("Stripe: checkout completed for customer %s", stripeCustomerID)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID string, event json.RawMessage) error {
|
||||
status := gjson.GetBytes(event, "status")
|
||||
priceID := gjson.GetBytes(event, "items.data.0.price.id")
|
||||
if !status.Exists() || !priceID.Exists() {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
log.Info("Stripe: customer %s: subscription updated to %s, with price %s", stripeCustomerID, status, priceID)
|
||||
u, err := s.userManager.UserByStripeCustomer(stripeCustomerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
tier, err := s.userManager.TierByStripePrice(priceID.String())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
287
server/server_payments.go
Normal file
287
server/server_payments.go
Normal file
|
|
@ -0,0 +1,287 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"github.com/stripe/stripe-go/v74"
|
||||
portalsession "github.com/stripe/stripe-go/v74/billingportal/session"
|
||||
"github.com/stripe/stripe-go/v74/checkout/session"
|
||||
"github.com/stripe/stripe-go/v74/subscription"
|
||||
"github.com/stripe/stripe-go/v74/webhook"
|
||||
"github.com/tidwall/gjson"
|
||||
"heckel.io/ntfy/log"
|
||||
"heckel.io/ntfy/user"
|
||||
"heckel.io/ntfy/util"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
stripeBodyBytesLimit = 16384
|
||||
)
|
||||
|
||||
// handleAccountBillingSubscriptionChange facilitates all subscription/tier changes, including payment flows.
|
||||
//
|
||||
// FIXME this should be two functions!
|
||||
//
|
||||
// It handles two cases:
|
||||
// - Create subscription: Transition from a user without Stripe subscription to a paid subscription (Checkout flow)
|
||||
// - Change subscription: Switching between Stripe prices (& tiers) by changing the Stripe subscription
|
||||
func (s *Server) handleAccountBillingSubscriptionChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
req, err := readJSONWithLimit[apiAccountTierChangeRequest](r.Body, jsonBodyBytesLimit)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
tier, err := s.userManager.Tier(req.Tier)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if v.user.Billing.StripeSubscriptionID == "" && tier.StripePriceID != "" {
|
||||
return s.handleAccountBillingSubscriptionAdd(w, v, tier)
|
||||
} else if v.user.Billing.StripeSubscriptionID != "" {
|
||||
return s.handleAccountBillingSubscriptionUpdate(w, v, tier)
|
||||
}
|
||||
return errors.New("invalid state")
|
||||
}
|
||||
|
||||
// handleAccountBillingSubscriptionDelete facilitates downgrading a paid user to a tier-less user,
|
||||
// and cancelling the Stripe subscription entirely
|
||||
func (s *Server) handleAccountBillingSubscriptionDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
if v.user.Billing.StripeCustomerID == "" {
|
||||
return errHTTPBadRequestNotAPaidUser
|
||||
}
|
||||
if v.user.Billing.StripeSubscriptionID != "" {
|
||||
_, err := subscription.Cancel(v.user.Billing.StripeSubscriptionID, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err := s.userManager.ResetTier(v.user.Name); err != nil {
|
||||
return err
|
||||
}
|
||||
v.user.Billing.StripeSubscriptionID = ""
|
||||
v.user.Billing.StripeSubscriptionStatus = ""
|
||||
v.user.Billing.StripeSubscriptionPaidUntil = time.Unix(0, 0)
|
||||
if err := s.userManager.ChangeBilling(v.user); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingSubscriptionAdd(w http.ResponseWriter, v *visitor, tier *user.Tier) error {
|
||||
log.Info("Stripe: No existing subscription, creating checkout flow")
|
||||
var stripeCustomerID *string
|
||||
if v.user.Billing.StripeCustomerID != "" {
|
||||
stripeCustomerID = &v.user.Billing.StripeCustomerID
|
||||
}
|
||||
successURL := s.config.BaseURL + accountBillingSubscriptionCheckoutSuccessTemplate
|
||||
params := &stripe.CheckoutSessionParams{
|
||||
Customer: stripeCustomerID, // A user may have previously deleted their subscription
|
||||
ClientReferenceID: &v.user.Name, // FIXME Should be user ID
|
||||
SuccessURL: &successURL,
|
||||
Mode: stripe.String(string(stripe.CheckoutSessionModeSubscription)),
|
||||
LineItems: []*stripe.CheckoutSessionLineItemParams{
|
||||
{
|
||||
Price: stripe.String(tier.StripePriceID),
|
||||
Quantity: stripe.Int64(1),
|
||||
},
|
||||
},
|
||||
/*AutomaticTax: &stripe.CheckoutSessionAutomaticTaxParams{
|
||||
Enabled: stripe.Bool(true),
|
||||
},*/
|
||||
}
|
||||
sess, err := session.New(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountCheckoutResponse{
|
||||
RedirectURL: sess.URL,
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingSubscriptionUpdate(w http.ResponseWriter, v *visitor, tier *user.Tier) error {
|
||||
log.Info("Stripe: Changing tier and subscription to %s", tier.Code)
|
||||
sub, err := subscription.Get(v.user.Billing.StripeSubscriptionID, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
params := &stripe.SubscriptionParams{
|
||||
CancelAtPeriodEnd: stripe.Bool(false),
|
||||
ProrationBehavior: stripe.String(string(stripe.SubscriptionSchedulePhaseProrationBehaviorCreateProrations)),
|
||||
Items: []*stripe.SubscriptionItemsParams{
|
||||
{
|
||||
ID: stripe.String(sub.Items.Data[0].ID),
|
||||
Price: stripe.String(tier.StripePriceID),
|
||||
},
|
||||
},
|
||||
}
|
||||
_, err = subscription.Update(sub.ID, params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountCheckoutResponse{}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountCheckoutSessionSuccessGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
// We don't have a v.user in this endpoint, only a userManager!
|
||||
matches := accountBillingSubscriptionCheckoutSuccessRegex.FindStringSubmatch(r.URL.Path)
|
||||
if len(matches) != 2 {
|
||||
return errHTTPInternalErrorInvalidPath
|
||||
}
|
||||
sessionID := matches[1]
|
||||
// FIXME how do I rate limit this?
|
||||
sess, err := session.Get(sessionID, nil)
|
||||
if err != nil {
|
||||
log.Warn("Stripe: %s", err)
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
} else if sess.Customer == nil || sess.Subscription == nil || sess.ClientReferenceID == "" {
|
||||
log.Warn("Stripe: Unexpected session, customer or subscription not found")
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
sub, err := subscription.Get(sess.Subscription.ID, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if sub.Items == nil || len(sub.Items.Data) != 1 || sub.Items.Data[0].Price == nil {
|
||||
log.Error("Stripe: Unexpected subscription, expected exactly one line item")
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
priceID := sub.Items.Data[0].Price.ID
|
||||
tier, err := s.userManager.TierByStripePrice(priceID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u, err := s.userManager.User(sess.ClientReferenceID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.Billing.StripeCustomerID = sess.Customer.ID
|
||||
u.Billing.StripeSubscriptionID = sub.ID
|
||||
u.Billing.StripeSubscriptionStatus = sub.Status
|
||||
u.Billing.StripeSubscriptionPaidUntil = time.Unix(sub.CurrentPeriodEnd, 0)
|
||||
if err := s.userManager.ChangeBilling(u); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
|
||||
return err
|
||||
}
|
||||
accountURL := s.config.BaseURL + "/account" // FIXME
|
||||
http.Redirect(w, r, accountURL, http.StatusSeeOther)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingPortalSessionCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
if v.user.Billing.StripeCustomerID == "" {
|
||||
return errHTTPBadRequestNotAPaidUser
|
||||
}
|
||||
params := &stripe.BillingPortalSessionParams{
|
||||
Customer: stripe.String(v.user.Billing.StripeCustomerID),
|
||||
ReturnURL: stripe.String(s.config.BaseURL),
|
||||
}
|
||||
ps, err := portalsession.New(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
response := &apiAccountBillingPortalRedirectResponse{
|
||||
RedirectURL: ps.URL,
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*") // FIXME remove this
|
||||
if err := json.NewEncoder(w).Encode(response); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhook(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
||||
// We don't have a v.user in this endpoint, only a userManager!
|
||||
stripeSignature := r.Header.Get("Stripe-Signature")
|
||||
if stripeSignature == "" {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
body, err := util.Peek(r.Body, stripeBodyBytesLimit)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if body.LimitReached {
|
||||
return errHTTPEntityTooLargeJSONBody
|
||||
}
|
||||
event, err := webhook.ConstructEvent(body.PeekedBytes, stripeSignature, s.config.StripeWebhookKey)
|
||||
if err != nil {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
} else if event.Data == nil || event.Data.Raw == nil {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
log.Info("Stripe: webhook event %s received", event.Type)
|
||||
stripeCustomerID := gjson.GetBytes(event.Data.Raw, "customer")
|
||||
if !stripeCustomerID.Exists() {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
switch event.Type {
|
||||
case "customer.subscription.updated":
|
||||
return s.handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID.String(), event.Data.Raw)
|
||||
case "customer.subscription.deleted":
|
||||
return s.handleAccountBillingWebhookSubscriptionDeleted(stripeCustomerID.String(), event.Data.Raw)
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhookSubscriptionUpdated(stripeCustomerID string, event json.RawMessage) error {
|
||||
status := gjson.GetBytes(event, "status")
|
||||
currentPeriodEnd := gjson.GetBytes(event, "current_period_end")
|
||||
priceID := gjson.GetBytes(event, "items.data.0.price.id")
|
||||
if !status.Exists() || !currentPeriodEnd.Exists() || !priceID.Exists() {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
log.Info("Stripe: customer %s: subscription updated to %s, with price %s", stripeCustomerID, status, priceID)
|
||||
u, err := s.userManager.UserByStripeCustomer(stripeCustomerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
tier, err := s.userManager.TierByStripePrice(priceID.String())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.userManager.ChangeTier(u.Name, tier.Code); err != nil {
|
||||
return err
|
||||
}
|
||||
u.Billing.StripeSubscriptionStatus = stripe.SubscriptionStatus(status.String())
|
||||
u.Billing.StripeSubscriptionPaidUntil = time.Unix(currentPeriodEnd.Int(), 0)
|
||||
if err := s.userManager.ChangeBilling(u); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) handleAccountBillingWebhookSubscriptionDeleted(stripeCustomerID string, event json.RawMessage) error {
|
||||
status := gjson.GetBytes(event, "status")
|
||||
if !status.Exists() {
|
||||
return errHTTPBadRequestInvalidStripeRequest
|
||||
}
|
||||
log.Info("Stripe: customer %s: subscription deleted, downgrading to unpaid tier", stripeCustomerID)
|
||||
u, err := s.userManager.UserByStripeCustomer(stripeCustomerID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.userManager.ResetTier(u.Name); err != nil {
|
||||
return err
|
||||
}
|
||||
u.Billing.StripeSubscriptionID = ""
|
||||
u.Billing.StripeSubscriptionStatus = ""
|
||||
u.Billing.StripeSubscriptionPaidUntil = time.Unix(0, 0)
|
||||
if err := s.userManager.ChangeBilling(u); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
@ -268,6 +268,13 @@ type apiAccountReservation struct {
|
|||
Everyone string `json:"everyone"`
|
||||
}
|
||||
|
||||
type apiAccountBilling struct {
|
||||
Customer bool `json:"customer"`
|
||||
Subscription bool `json:"subscription"`
|
||||
Status string `json:"status,omitempty"`
|
||||
PaidUntil int64 `json:"paid_until,omitempty"`
|
||||
}
|
||||
|
||||
type apiAccountResponse struct {
|
||||
Username string `json:"username"`
|
||||
Role string `json:"role,omitempty"`
|
||||
|
|
@ -279,6 +286,7 @@ type apiAccountResponse struct {
|
|||
Tier *apiAccountTier `json:"tier,omitempty"`
|
||||
Limits *apiAccountLimits `json:"limits,omitempty"`
|
||||
Stats *apiAccountStats `json:"stats,omitempty"`
|
||||
Billing *apiAccountBilling `json:"billing,omitempty"`
|
||||
}
|
||||
|
||||
type apiAccountReservationRequest struct {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue