TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-28 14:03:48 +03:00
Code Issues Projects Releases Wiki Activity
5db41169aa
Ghost/ghost/members-api/lib/controllers/router.js

292 lines
9.4 KiB
JavaScript
Raw Normal View History

Fixed incorrect import path no refs
2021-07-14 17:31:29 +03:00
const common = require('../../lib/common');
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
const _ = require('lodash');
/**
* RouterController
*
* @param {object} deps
* @param {any} deps.memberRepository
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
* @param {any} deps.StripePrice
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
* @param {boolean} deps.allowSelfSignup
* @param {any} deps.magicLinkService
Cleaned up stripe-service package usage no refs - updates all usages of `stripe-service` package to new correct `members-stripe-service` package
2021-09-22 15:42:40 +03:00
* @param {import('@tryghost/members-stripe-service')} deps.stripeAPIService
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
* @param {any} deps.tokenService
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
* @param {{isSet(name: string): boolean}} deps.labsService
Passed default URLs when creating checkout session (#235) * Passed default URLs when creating checkout session no-issue This fixes a bug when a checkout session is created without passing custom redirect URLs
2021-01-27 18:19:09 +03:00
* @param {any} deps.config
Removed calls to console.log refs https://github.com/TryGhost/Team/issues/879
2021-07-14 13:37:43 +03:00
* @param {any} deps.logging
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
*/
module.exports = class RouterController {
constructor({
Used OffersAPI over OfferRepository in MembersAPI no-issue The OfferRepository deals with domain objects in the Offers module, and as such is not suitable for use with "external" services. This update means that MembersAPI can deal with POJO DTOs so that there is not a dependency on the internals of the Offers module. Just on the contract it holds with the outside world.
2021-10-13 12:11:12 +03:00
offersAPI,
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
productRepository,
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
memberRepository,
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
StripePrice,
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
allowSelfSignup,
magicLinkService,
stripeAPIService,
tokenService,
Passed default URLs when creating checkout session (#235) * Passed default URLs when creating checkout session no-issue This fixes a bug when a checkout session is created without passing custom redirect URLs
2021-01-27 18:19:09 +03:00
sendEmailWithMagicLink,
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
labsService,
Removed calls to console.log refs https://github.com/TryGhost/Team/issues/879
2021-07-14 13:37:43 +03:00
config,
logging
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}) {
Used OffersAPI over OfferRepository in MembersAPI no-issue The OfferRepository deals with domain objects in the Offers module, and as such is not suitable for use with "external" services. This update means that MembersAPI can deal with POJO DTOs so that there is not a dependency on the internals of the Offers module. Just on the contract it holds with the outside world.
2021-10-13 12:11:12 +03:00
this._offersAPI = offersAPI;
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
this._productRepository = productRepository;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
this._memberRepository = memberRepository;
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
this._StripePrice = StripePrice;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
this._allowSelfSignup = allowSelfSignup;
this._magicLinkService = magicLinkService;
this._stripeAPIService = stripeAPIService;
this._tokenService = tokenService;
this._sendEmailWithMagicLink = sendEmailWithMagicLink;
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
this.labsService = labsService;
Passed default URLs when creating checkout session (#235) * Passed default URLs when creating checkout session no-issue This fixes a bug when a checkout session is created without passing custom redirect URLs
2021-01-27 18:19:09 +03:00
this._config = config;
Removed calls to console.log refs https://github.com/TryGhost/Team/issues/879
2021-07-14 13:37:43 +03:00
this._logging = logging;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
async ensureStripe(_req, res, next) {
Fixed checks for if Stripe is configured no-issue
2021-01-26 14:26:28 +03:00
if (!this._stripeAPIService.configured) {
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
res.writeHead(400);
return res.end('Stripe not configured');
}
try {
await this._stripeAPIService.ready();
next();
} catch (err) {
res.writeHead(500);
return res.end('There was an error configuring stripe');
}
}
async createCheckoutSetupSession(req, res) {
const identity = req.body.identity;
Fixed error responses when missing data no-issue We should error early when recieving a request that does not contain the required data.
2021-01-19 13:42:39 +03:00
if (!identity) {
res.writeHead(400);
return res.end();
}
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
let email;
try {
if (!identity) {
email = null;
} else {
const claims = await this._tokenService.decodeToken(identity);
email = claims && claims.sub;
}
} catch (err) {
res.writeHead(401);
return res.end('Unauthorized');
}
const member = email ? await this._memberRepository.get({email}) : null;
if (!member) {
res.writeHead(403);
return res.end('Bad Request.');
}
🐛 Fixed issues when updating payment method (#247) refs https://github.com/TryGhost/Team/issues/479 * Fixed updating payment method for canceled subscriptions Stripe considers canceled subscriptions as non-existent, so any attempts to update them will fail with a 404 not found. Prior to this change we were attempting to update *all* subscriptions for a customer, including those which were canceled. This would cause an error and the loop to break. * 🐛 Fixed errors for members with multiple active customers Members with multiple active customers would have their first active customer found updated with the new payment method. We would then iterate through *all* active subscription, and attempt to update their payment method. If a subscription was not owned by the customer that was just updated, it would error and cause the loop to break out. * Added ability to update a specific subscription's payment method In order to remove ambiguity we add the ability to update the payment method for a specific subscription. This will remove room for errors as we will not have to worry about if a subscription belong to the customer or not.
2021-02-23 14:19:21 +03:00
let customer;
if (!req.body.subscription_id) {
customer = await this._stripeAPIService.getCustomerForMemberCheckoutSession(member);
} else {
const subscriptions = await member.related('stripeSubscriptions').fetch();
const subscription = subscriptions.models.find((sub) => {
return sub.get('subscription_id') === req.body.subscription_id;
});
if (!subscription) {
res.writeHead(404);
res.end(`Could not find subscription ${req.body.subscription_id}`);
}
customer = await this._stripeAPIService.getCustomer(subscription.get('customer_id'));
}
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
const session = await this._stripeAPIService.createCheckoutSetupSession(customer, {
Passed default URLs when creating checkout session (#235) * Passed default URLs when creating checkout session no-issue This fixes a bug when a checkout session is created without passing custom redirect URLs
2021-01-27 18:19:09 +03:00
successUrl: req.body.successUrl || this._config.billingSuccessUrl,
🐛 Fixed issues when updating payment method (#247) refs https://github.com/TryGhost/Team/issues/479 * Fixed updating payment method for canceled subscriptions Stripe considers canceled subscriptions as non-existent, so any attempts to update them will fail with a 404 not found. Prior to this change we were attempting to update *all* subscriptions for a customer, including those which were canceled. This would cause an error and the loop to break. * 🐛 Fixed errors for members with multiple active customers Members with multiple active customers would have their first active customer found updated with the new payment method. We would then iterate through *all* active subscription, and attempt to update their payment method. If a subscription was not owned by the customer that was just updated, it would error and cause the loop to break out. * Added ability to update a specific subscription's payment method In order to remove ambiguity we add the ability to update the payment method for a specific subscription. This will remove room for errors as we will not have to worry about if a subscription belong to the customer or not.
2021-02-23 14:19:21 +03:00
cancelUrl: req.body.cancelUrl || this._config.billingCancelUrl,
subscription_id: req.body.subscription_id
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
});
const publicKey = this._stripeAPIService.getPublicKey();
const sessionInfo = {
sessionId: session.id,
publicKey
};
res.writeHead(200, {
'Content-Type': 'application/json'
});
res.end(JSON.stringify(sessionInfo));
}
async createCheckoutSession(req, res) {
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
let ghostPriceId = req.body.priceId;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
const identity = req.body.identity;
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
const offerId = req.body.offerId;
Wired up OfferRedemption storage refs https://github.com/TryGhost/Team/issues/1132 We have to include the Offer on the metadata for the Stripe Checkout - as Offers with a duration of 'once' will not always be present on the Subscription after fetching it. Once we receive the Stripe Checkout webhook we emit an event for subscription created - the reason we use an event is because this logic should eventually live in a Payments/Stripe module - and we'd want to decouple it from the Members module. The Members module is in charge of writing Offer Redemptions - rather than the Offers module - because Offer Redemptions are "owned" by a Member - and merely reference and Offer. Eventually Offer Redemptions could be replaced by Subscriptions.
2021-10-18 16:27:17 +03:00
const metadata = req.body.metadata;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
if (!ghostPriceId && !offerId) {
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
res.writeHead(400);
return res.end('Bad Request.');
}
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
if (offerId && ghostPriceId) {
res.writeHead(400);
return res.end('Bad Request.');
}
let coupon = null;
if (offerId && this.labsService.isSet('offers')) {
try {
Used OffersAPI over OfferRepository in MembersAPI no-issue The OfferRepository deals with domain objects in the Offers module, and as such is not suitable for use with "external" services. This update means that MembersAPI can deal with POJO DTOs so that there is not a dependency on the internals of the Offers module. Just on the contract it holds with the outside world.
2021-10-13 12:11:12 +03:00
const offer = await this._offersAPI.getOffer({id: offerId});
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
const tier = (await this._productRepository.get(offer.tier)).toJSON();
Restricted archived Offers from being used refs https://github.com/TryGhost/Team/issues/1133 An archived Offer is intended to be disabled from a redemption point of view. This ensures that we do not allow Stripe Checkout Sessions to be created for them.
2021-10-13 12:19:35 +03:00
if (offer.status === 'archived') {
res.writeHead(403);
return res.end('Offer is archived.');
}
Used OffersAPI over OfferRepository in MembersAPI no-issue The OfferRepository deals with domain objects in the Offers module, and as such is not suitable for use with "external" services. This update means that MembersAPI can deal with POJO DTOs so that there is not a dependency on the internals of the Offers module. Just on the contract it holds with the outside world.
2021-10-13 12:11:12 +03:00
if (offer.cadence === 'month') {
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
ghostPriceId = tier.monthly_price_id;
} else {
ghostPriceId = tier.yearly_price_id;
}
coupon = {
Fixed Stripe Checkout using Offers refs https://github.com/TryGhost/Members/commit/5172e40646 When we updated to use the OffersAPI instead of OfferRepository this was missed, and we were passing blank coupon to Stripe Checkout. This should eventually be replaced with a call like `getCoupon(offerId)` from a payments service.
2021-10-14 13:01:12 +03:00
id: offer.stripe_coupon_id
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
};
Wired up OfferRedemption storage refs https://github.com/TryGhost/Team/issues/1132 We have to include the Offer on the metadata for the Stripe Checkout - as Offers with a duration of 'once' will not always be present on the Subscription after fetching it. Once we receive the Stripe Checkout webhook we emit an event for subscription created - the reason we use an event is because this logic should eventually live in a Payments/Stripe module - and we'd want to decouple it from the Members module. The Members module is in charge of writing Offer Redemptions - rather than the Offers module - because Offer Redemptions are "owned" by a Member - and merely reference and Offer. Eventually Offer Redemptions could be replaced by Subscriptions.
2021-10-18 16:27:17 +03:00
metadata.offer = offer.id;
Applied Offers when creating Stripe Checkout Session refs https://github.com/TryGhost/Team/issues/1090 Instead of the hardcoded 1-day version for Offers, we can now talk directly to the Offers repository and use the real values for Stripe Checkout.
2021-10-06 16:01:04 +03:00
} catch (err) {
res.writeHead(500);
return res.end('Could not use Offer.');
}
}
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
const price = await this._StripePrice.findOne({
id: ghostPriceId
});
if (!price) {
res.writeHead(404);
return res.end('Not Found.');
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
const priceId = price.get('stripe_price_id');
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
let email;
try {
if (!identity) {
email = null;
} else {
const claims = await this._tokenService.decodeToken(identity);
email = claims && claims.sub;
}
} catch (err) {
res.writeHead(401);
return res.end('Unauthorized');
}
Restricted Stripe Checkout to members without products refs https://github.com/TryGhost/Team/issues/858 Replacing the check for subscriptions with products ensures that Stripe Checkout is not able to be opened by comped members.
2021-07-02 18:42:43 +03:00
const member = email ? await this._memberRepository.get({email}, {withRelated: ['stripeCustomers', 'products']}) : null;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
if (!member) {
const customer = null;
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
const session = await this._stripeAPIService.createCheckoutSession(priceId, customer, {
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
coupon,
Passed default URLs when creating checkout session (#235) * Passed default URLs when creating checkout session no-issue This fixes a bug when a checkout session is created without passing custom redirect URLs
2021-01-27 18:19:09 +03:00
successUrl: req.body.successUrl || this._config.checkoutSuccessUrl,
cancelUrl: req.body.cancelUrl || this._config.checkoutCancelUrl,
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
customerEmail: req.body.customerEmail,
Wired up OfferRedemption storage refs https://github.com/TryGhost/Team/issues/1132 We have to include the Offer on the metadata for the Stripe Checkout - as Offers with a duration of 'once' will not always be present on the Subscription after fetching it. Once we receive the Stripe Checkout webhook we emit an event for subscription created - the reason we use an event is because this logic should eventually live in a Payments/Stripe module - and we'd want to decouple it from the Members module. The Members module is in charge of writing Offer Redemptions - rather than the Offers module - because Offer Redemptions are "owned" by a Member - and merely reference and Offer. Eventually Offer Redemptions could be replaced by Subscriptions.
2021-10-18 16:27:17 +03:00
metadata: metadata
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
});
const publicKey = this._stripeAPIService.getPublicKey();
const sessionInfo = {
publicKey,
sessionId: session.id
};
res.writeHead(200, {
'Content-Type': 'application/json'
});
return res.end(JSON.stringify(sessionInfo));
}
Restricted Stripe Checkout to members without products refs https://github.com/TryGhost/Team/issues/858 Replacing the check for subscriptions with products ensures that Stripe Checkout is not able to be opened by comped members.
2021-07-02 18:42:43 +03:00
if (member.related('products').length !== 0) {
res.writeHead(403);
return res.end('No permission');
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
let stripeCustomer;
for (const customer of member.related('stripeCustomers').models) {
try {
const fetchedCustomer = await this._stripeAPIService.getCustomer(customer.get('customer_id'));
if (!fetchedCustomer.deleted) {
stripeCustomer = fetchedCustomer;
break;
}
} catch (err) {
Removed calls to console.log refs https://github.com/TryGhost/Team/issues/879
2021-07-14 13:37:43 +03:00
this._logging.info('Ignoring error for fetching customer for checkout');
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
}
if (!stripeCustomer) {
Fixed Stripe Checkout displaying member email no-issue
2021-01-26 14:26:57 +03:00
stripeCustomer = await this._stripeAPIService.createCustomer({email: member.get('email')});
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
try {
Updated APIs to use price ids refs https://github.com/TryGhost/Team/issues/637 All the APIs that currently work with price names needs to be updated to work with price ids instead to work with custom prices/products. This change updates APIs to work with Price IDs in `checkout` , `updateSubscription` and other APIs/methods.
2021-05-04 18:57:58 +03:00
const session = await this._stripeAPIService.createCheckoutSession(priceId, stripeCustomer, {
Added 1-day version of Offers refs https://github.com/TryGhost/Team/issues/1090 This 1-day version of Offers allows us to test the full flow of the Offers feature without having to implement all of it. The focus here is that we can pass an Offer ID when creating a Stripe Checkout session and have it apply. Here we use hardcoded Stripe Coupons as we haven't yet got persistence implemented for Offers & their related Stripe Coupons
2021-09-28 14:36:30 +03:00
coupon,
Fixed default urls for checkout session no-issue related to https://github.com/TryGhost/Members/commit/ef9cb0862c753169c8d1bbd741cf7455303fac82 In the last patch which fixes the bug for not passing custom redirect urls when a checkout session is created, we missed updating the case where a logged in member tries to update the subscription.
2021-02-01 07:54:16 +03:00
successUrl: req.body.successUrl || this._config.checkoutSuccessUrl,
cancelUrl: req.body.cancelUrl || this._config.checkoutCancelUrl,
Wired up OfferRedemption storage refs https://github.com/TryGhost/Team/issues/1132 We have to include the Offer on the metadata for the Stripe Checkout - as Offers with a duration of 'once' will not always be present on the Subscription after fetching it. Once we receive the Stripe Checkout webhook we emit an event for subscription created - the reason we use an event is because this logic should eventually live in a Payments/Stripe module - and we'd want to decouple it from the Members module. The Members module is in charge of writing Offer Redemptions - rather than the Offers module - because Offer Redemptions are "owned" by a Member - and merely reference and Offer. Eventually Offer Redemptions could be replaced by Subscriptions.
2021-10-18 16:27:17 +03:00
metadata: metadata
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
});
const publicKey = this._stripeAPIService.getPublicKey();
const sessionInfo = {
publicKey,
sessionId: session.id
};
res.writeHead(200, {
'Content-Type': 'application/json'
});
return res.end(JSON.stringify(sessionInfo));
} catch (e) {
const error = e.message || 'Unable to initiate checkout session';
res.writeHead(400);
return res.end(error);
}
}
async sendMagicLink(req, res) {
Fixed security hole in email address change flow refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr The email address change flow was built on top of the unauthenticated signin/signup flow. This meant that ownership of the email being changed wasn't verified and allowed a malicious actore to change the email address of arbitrary accounts to an email address which they controlled. We remove the ability to change email addresses from the signin/signup flow and instead create a dedicated, authenticated flow for changing email address.
2021-09-22 14:32:02 +03:00
const {email, emailType, requestSrc} = req.body;
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
if (!email) {
res.writeHead(400);
return res.end('Bad Request.');
}
try {
if (!this._allowSelfSignup) {
Fixed security hole in email address change flow refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr The email address change flow was built on top of the unauthenticated signin/signup flow. This meant that ownership of the email being changed wasn't verified and allowed a malicious actore to change the email address of arbitrary accounts to an email address which they controlled. We remove the ability to change email addresses from the signin/signup flow and instead create a dedicated, authenticated flow for changing email address.
2021-09-22 14:32:02 +03:00
const member = await this._memberRepository.get({email});
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
if (member) {
Fixed security hole in email address change flow refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr The email address change flow was built on top of the unauthenticated signin/signup flow. This meant that ownership of the email being changed wasn't verified and allowed a malicious actore to change the email address of arbitrary accounts to an email address which they controlled. We remove the ability to change email addresses from the signin/signup flow and instead create a dedicated, authenticated flow for changing email address.
2021-09-22 14:32:02 +03:00
const tokenData = {};
await this._sendEmailWithMagicLink({email, tokenData, requestedType: emailType, requestSrc});
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
} else {
Fixed security hole in email address change flow refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr The email address change flow was built on top of the unauthenticated signin/signup flow. This meant that ownership of the email being changed wasn't verified and allowed a malicious actore to change the email address of arbitrary accounts to an email address which they controlled. We remove the ability to change email addresses from the signin/signup flow and instead create a dedicated, authenticated flow for changing email address.
2021-09-22 14:32:02 +03:00
const tokenData = _.pick(req.body, ['labels', 'name']);
await this._sendEmailWithMagicLink({email, tokenData, requestedType: emailType, requestSrc});
Refactor members-api (#231) no-issue This refactors the members-api module so that it is easier to test going forward, as well as easier to understand & navigate. The Stripe API no longer contains storage code, this is all handled via the member repository. And we have dedicated services for webhooks, and stripe plans initialisation.
2021-01-18 16:55:40 +03:00
}
res.writeHead(201);
return res.end('Created.');
} catch (err) {
const statusCode = (err && err.statusCode) || 500;
common.logging.error(err);
res.writeHead(statusCode);
return res.end('Internal Server Error.');
}
}
};
Reference in New Issue Copy Permalink