Ghost/ghost/members-api/lib/stripe/index.js

const debug = require('ghost-ignition').debug('stripe');
const {retrieve, list, create, del} = require('./api/stripeRequests');
const api = require('./api');

const STRIPE_API_VERSION = '2019-09-09';

module.exports = class StripePaymentProcessor {
    constructor(config, storage, logging) {
        this.logging = logging;
        this.storage = storage;
        this._ready = new Promise((resolve, reject) => {
            this._resolveReady = resolve;
            this._rejectReady = reject;
        });
        this._configure(config);
    }

    async ready() {
        return this._ready;
    }

    async _configure(config) {
        this._stripe = require('stripe')(config.secretKey);
        this._stripe.setAppInfo(config.appInfo);
        this._stripe.setApiVersion(STRIPE_API_VERSION);
        this._stripe.__TEST_MODE__ = config.secretKey.startsWith('sk_test_');
        this._public_token = config.publicKey;
        this._checkoutSuccessUrl = config.checkoutSuccessUrl;
        this._checkoutCancelUrl = config.checkoutCancelUrl;
        this._webhookHandlerUrl = config.webhookHandlerUrl;

        try {
            this._product = await api.products.ensure(this._stripe, config.product);

            this._plans = [];
            for (const planSpec of config.plans) {
                const plan = await api.plans.ensure(this._stripe, planSpec, this._product);
                this._plans.push(plan);
            }

            const webhooks = await list(this._stripe, 'webhookEndpoints', {
                limit: 100
            });

            const webhookToDelete = webhooks.data.find((webhook) => {
                return webhook.url === this._webhookHandlerUrl;
            });

            if (webhookToDelete) {
                await del(this._stripe, 'webhookEndpoints', webhookToDelete.id);
            }

            try {
                const webhook = await create(this._stripe, 'webhookEndpoints', {
                    url: this._webhookHandlerUrl,
                    api_version: STRIPE_API_VERSION,
                    enabled_events: ['checkout.session.completed']
                });
                this._webhookSecret = webhook.secret;
            } catch (err) {
                this.logging.warn(err);
                this._webhookSecret = process.env.WEBHOOK_SECRET;
            }
            debug(`Webhook secret set to ${this._webhookSecret}`);
        } catch (err) {
            debug(`Error configuring ${err.message}`);
            return this._rejectReady(err);
        }

        return this._resolveReady({
            product: this._product,
            plans: this._plans
        });
    }

    async parseWebhook(body, signature) {
        return this._stripe.webhooks.constructEvent(body, signature, this._webhookSecret);
    }

    async createCheckoutSession(member, planName) {
        let customer;
        if (member) {
            try {
                customer = await this._customerForMember(member);
            } catch (err) {
                debug(`Ignoring Error getting customer for checkout ${err.message}`);
                customer = null;
            }
        } else {
            customer = null;
        }
        const plan = this._plans.find(plan => plan.nickname === planName);
        const session = await this._stripe.checkout.sessions.create({
            payment_method_types: ['card'],
            success_url: this._checkoutSuccessUrl,
            cancel_url: this._checkoutCancelUrl,
            customer: customer ? customer.id : undefined,
            subscription_data: {
                items: [{
                    plan: plan.id
                }]
            }
        });

        return {
            sessionId: session.id,
            publicKey: this._public_token
        };
    }

    async getSubscriptions(member) {
        const metadata = await this.storage.get(member);

        const customers = await Promise.all(metadata.map(async (data) => {
            try {
                const customer = await this.getCustomer(data.customer_id);
                return customer;
            } catch (err) {
                debug(`Ignoring Error getting customer for active subscriptions ${err.message}`);
                return null;
            }
        }));

        return customers.reduce(function (subscriptions, customer) {
            if (!customer) {
                return subscriptions;
            }
            if (customer.deleted) {
                return subscriptions;
            }
            return subscriptions.concat(customer.subscriptions.data.reduce(function (subscriptions, subscription) {
                // Subscription has more than one plan
                // was not created by us - ignore it.
                if (!subscription.plan) {
                    return subscriptions;
                }

                return subscriptions.concat([{
                    customer: customer.id,
                    status: subscription.status,
                    subscription: subscription.id,
                    plan: subscription.plan.id,
                    name: subscription.plan.nickname,
                    amount: subscription.plan.amount,
                    validUntil: subscription.current_period_end
                }]);
            }, []));
        }, []);
    }

    async getActiveSubscriptions(member) {
        const subscriptions = await this.getSubscriptions(member);

        return subscriptions.filter((subscription) => {
            return subscription.status !== 'cancelled' && subscription.status !== 'unpaid';
        });
    }

    async addCustomerToMember(member, customer) {
        const metadata = await this.storage.get(member);
        // Do not add the customer if they are already linked
        if (metadata.some(data => data.customer_id === customer.id)) {
            return;
        }
        debug(`Attaching customer to member ${member.email} ${customer.id}`);
        return this.storage.set(member, metadata.concat({
            customer_id: customer.id
        }));
    }

    async _customerForMember(member) {
        const metadata = await this.storage.get(member);

        for (const data in metadata) {
            try {
                const customer = await this.getCustomer(data.customer_id);
                if (!customer.deleted) {
                    return customer;
                }
            } catch (err) {
                debug(`Ignoring Error getting customer for member ${err.message}`);
            }
        }

        debug(`Creating customer for member ${member.email}`);
        const customer = await create(this._stripe, 'customers', {
            email: member.email
        });

        await this.addCustomerToMember(member, customer);

        return customer;
    }

    async getCustomer(id) {
        return retrieve(this._stripe, 'customers', id);
    }
};
Ensured we do not create multiple webhooks on boot no-issue This updates the initialisation logic to fetch all webhooks (we use limit: 100, and there are currently a max of 16 webhooks in stripe) and find one with the corrct url. Once found, delete that webhook. We then attempt to create a new one, and log out any errors (this is to allow for local development, creating a webhook with a local url is expected to fail) 2019-10-02 06:36:54 +03:00			`const debug = require('ghost-ignition').debug('stripe');`
			`const {retrieve, list, create, del} = require('./api/stripeRequests');`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`const api = require('./api');`

Updated stripe to setAppInfo and apiVersion no-issue 2019-09-25 07:35:58 +03:00			`const STRIPE_API_VERSION = '2019-09-09';`

Added stripe payments module 2019-09-06 08:13:35 +03:00			`module.exports = class StripePaymentProcessor {`
Improved logging for members-api no-issue This allows the logger to be passed in, and configures stripe to have access to it 2019-10-02 06:57:23 +03:00			`constructor(config, storage, logging) {`
			`this.logging = logging;`
Passed in metadata getter/setter to stripe no-issue This will be used to store information such as customer id 2019-09-25 06:15:31 +03:00			`this.storage = storage;`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`this._ready = new Promise((resolve, reject) => {`
			`this._resolveReady = resolve;`
			`this._rejectReady = reject;`
			`});`
			`this._configure(config);`
			`}`

			`async ready() {`
			`return this._ready;`
			`}`

			`async _configure(config) {`
			`this._stripe = require('stripe')(config.secretKey);`
Updated stripe to setAppInfo and apiVersion no-issue 2019-09-25 07:35:58 +03:00			`this._stripe.setAppInfo(config.appInfo);`
			`this._stripe.setApiVersion(STRIPE_API_VERSION);`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`this._stripe.__TEST_MODE__ = config.secretKey.startsWith('sk_test_');`
			`this._public_token = config.publicKey;`
			`this._checkoutSuccessUrl = config.checkoutSuccessUrl;`
			`this._checkoutCancelUrl = config.checkoutCancelUrl;`
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`this._webhookHandlerUrl = config.webhookHandlerUrl;`
Added stripe payments module 2019-09-06 08:13:35 +03:00
			`try {`
			`this._product = await api.products.ensure(this._stripe, config.product);`

Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`this._plans = [];`
			`for (const planSpec of config.plans) {`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`const plan = await api.plans.ensure(this._stripe, planSpec, this._product);`
			`this._plans.push(plan);`
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`}`

Ensured we do not create multiple webhooks on boot no-issue This updates the initialisation logic to fetch all webhooks (we use limit: 100, and there are currently a max of 16 webhooks in stripe) and find one with the corrct url. Once found, delete that webhook. We then attempt to create a new one, and log out any errors (this is to allow for local development, creating a webhook with a local url is expected to fail) 2019-10-02 06:36:54 +03:00			`const webhooks = await list(this._stripe, 'webhookEndpoints', {`
			`limit: 100`
			`});`

			`const webhookToDelete = webhooks.data.find((webhook) => {`
			`return webhook.url === this._webhookHandlerUrl;`
			`});`

			`if (webhookToDelete) {`
			`await del(this._stripe, 'webhookEndpoints', webhookToDelete.id);`
			`}`

Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`try {`
			`const webhook = await create(this._stripe, 'webhookEndpoints', {`
			`url: this._webhookHandlerUrl,`
Updated stripe to setAppInfo and apiVersion no-issue 2019-09-25 07:35:58 +03:00			`api_version: STRIPE_API_VERSION,`
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`enabled_events: ['checkout.session.completed']`
			`});`
			`this._webhookSecret = webhook.secret;`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`} catch (err) {`
Improved logging for members-api no-issue This allows the logger to be passed in, and configures stripe to have access to it 2019-10-02 06:57:23 +03:00			`this.logging.warn(err);`
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`this._webhookSecret = process.env.WEBHOOK_SECRET;`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`}`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			debug(`Webhook secret set to ${this._webhookSecret}`);
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`} catch (err) {`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			debug(`Error configuring ${err.message}`);
Updated stripe to create webhook on boot configure no-issue This will allow us to a) have an endpoint to receive webhooks and b) get hold of the webhook secret to validate the signature. 2019-09-24 13:20:59 +03:00			`return this._rejectReady(err);`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`}`

			`return this._resolveReady({`
			`product: this._product,`
			`plans: this._plans`
			`});`
			`}`

Added parseWebhook method to stripe no-issue This uses the webhook secret and stripe module to validate the signature and parse the body into an object 2019-09-24 13:24:28 +03:00			`async parseWebhook(body, signature) {`
			`return this._stripe.webhooks.constructEvent(body, signature, this._webhookSecret);`
			`}`

Added stripe payments module 2019-09-06 08:13:35 +03:00			`async createCheckoutSession(member, planName) {`
Updated createCheckoutSession to work w/o member no-issue This will allow us to do a payment first flow, in which a payment is taken, before creating a member 2019-09-25 06:41:58 +03:00			`let customer;`
			`if (member) {`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			`try {`
			`customer = await this._customerForMember(member);`
			`} catch (err) {`
			debug(`Ignoring Error getting customer for checkout ${err.message}`);
			`customer = null;`
			`}`
Updated createCheckoutSession to work w/o member no-issue This will allow us to do a payment first flow, in which a payment is taken, before creating a member 2019-09-25 06:41:58 +03:00			`} else {`
			`customer = null;`
			`}`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`const plan = this._plans.find(plan => plan.nickname === planName);`
			`const session = await this._stripe.checkout.sessions.create({`
			`payment_method_types: ['card'],`
			`success_url: this._checkoutSuccessUrl,`
			`cancel_url: this._checkoutCancelUrl,`
Updated createCheckoutSession to work w/o member no-issue This will allow us to do a payment first flow, in which a payment is taken, before creating a member 2019-09-25 06:41:58 +03:00			`customer: customer ? customer.id : undefined,`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`subscription_data: {`
			`items: [{`
			`plan: plan.id`
			`}]`
			`}`
			`});`

Updated createCheckoutSession to work w/o member no-issue This will allow us to do a payment first flow, in which a payment is taken, before creating a member 2019-09-25 06:41:58 +03:00			`return {`
			`sessionId: session.id,`
			`publicKey: this._public_token`
			`};`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`}`
Added getCustomer method to stripe no-issue This uses the stripeRequests module directly since the customers api was removed. 2019-09-24 13:27:53 +03:00
Refactored getActiveSubscriptions to getSubscriptions no-issue 2019-10-02 10:37:56 +03:00			`async getSubscriptions(member) {`
Added method for getting active subscriptions no-issue 2019-09-25 06:24:45 +03:00			`const metadata = await this.storage.get(member);`

Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			`const customers = await Promise.all(metadata.map(async (data) => {`
			`try {`
			`const customer = await this.getCustomer(data.customer_id);`
			`return customer;`
			`} catch (err) {`
			debug(`Ignoring Error getting customer for active subscriptions ${err.message}`);
			`return null;`
			`}`
Added method for getting active subscriptions no-issue 2019-09-25 06:24:45 +03:00			`}));`

			`return customers.reduce(function (subscriptions, customer) {`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			`if (!customer) {`
			`return subscriptions;`
			`}`
Added method for getting active subscriptions no-issue 2019-09-25 06:24:45 +03:00			`if (customer.deleted) {`
			`return subscriptions;`
			`}`
			`return subscriptions.concat(customer.subscriptions.data.reduce(function (subscriptions, subscription) {`
			`// Subscription has more than one plan`
			`// was not created by us - ignore it.`
			`if (!subscription.plan) {`
			`return subscriptions;`
			`}`

			`return subscriptions.concat([{`
			`customer: customer.id,`
Refactored getActiveSubscriptions to getSubscriptions no-issue 2019-10-02 10:37:56 +03:00			`status: subscription.status,`
Added method for getting active subscriptions no-issue 2019-09-25 06:24:45 +03:00			`subscription: subscription.id,`
			`plan: subscription.plan.id,`
			`name: subscription.plan.nickname,`
			`amount: subscription.plan.amount,`
			`validUntil: subscription.current_period_end`
			`}]);`
			`}, []));`
			`}, []);`
			`}`

Refactored getActiveSubscriptions to getSubscriptions no-issue 2019-10-02 10:37:56 +03:00			`async getActiveSubscriptions(member) {`
			`const subscriptions = await this.getSubscriptions(member);`

			`return subscriptions.filter((subscription) => {`
			`return subscription.status !== 'cancelled' && subscription.status !== 'unpaid';`
			`});`
			`}`

Added method for linking customer to member no-issue Uses the metadata storage passed into stripe 2019-09-25 06:23:01 +03:00			`async addCustomerToMember(member, customer) {`
			`const metadata = await this.storage.get(member);`
Ensured member is not linked to customer twice no-issue Edge case but easy to solve - so we dun it 2019-09-25 06:29:27 +03:00			`// Do not add the customer if they are already linked`
			`if (metadata.some(data => data.customer_id === customer.id)) {`
			`return;`
			`}`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			debug(`Attaching customer to member ${member.email} ${customer.id}`);
Added method for linking customer to member no-issue Uses the metadata storage passed into stripe 2019-09-25 06:23:01 +03:00			`return this.storage.set(member, metadata.concat({`
			`customer_id: customer.id`
			`}));`
			`}`

Added method for getting stripe customer for member no-issue This finds the first active customer that is linked to the member, and created and links a new customer if a viable one does not exist. 2019-09-25 06:23:25 +03:00			`async _customerForMember(member) {`
			`const metadata = await this.storage.get(member);`

			`for (const data in metadata) {`
Wrapped getCustomer in try catch no-issue This protects against live/test mode poisoned databases 2019-10-02 06:36:13 +03:00			`try {`
			`const customer = await this.getCustomer(data.customer_id);`
			`if (!customer.deleted) {`
			`return customer;`
			`}`
Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			`} catch (err) {`
			debug(`Ignoring Error getting customer for member ${err.message}`);
Added method for getting stripe customer for member no-issue This finds the first active customer that is linked to the member, and created and links a new customer if a viable one does not exist. 2019-09-25 06:23:25 +03:00			`}`
			`}`

Added debugs and improved getCustomer handling no-issue This adds more debugs so we can follow what's happening and also adds better handing for failures when getting a customer from stripe 2019-10-02 07:14:21 +03:00			debug(`Creating customer for member ${member.email}`);
Added method for getting stripe customer for member no-issue This finds the first active customer that is linked to the member, and created and links a new customer if a viable one does not exist. 2019-09-25 06:23:25 +03:00			`const customer = await create(this._stripe, 'customers', {`
			`email: member.email`
			`});`

			`await this.addCustomerToMember(member, customer);`

			`return customer;`
			`}`

Added getCustomer method to stripe no-issue This uses the stripeRequests module directly since the customers api was removed. 2019-09-24 13:27:53 +03:00			`async getCustomer(id) {`
			`return retrieve(this._stripe, 'customers', id);`
			`}`
Added stripe payments module 2019-09-06 08:13:35 +03:00			`};`