stack/apps/backend/src/lib/payments.tsx
BilalG1 f7e389809e
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migration compat / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
DB migration compat / No migration changes (skipped) (push) Has been cancelled
feat(hexclave): PR 1 — wire compatibility layer (invisible) (#1475)
## Summary

**Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff
vs that base = the actual PR 1 code.

This is **PR 1 of the Hexclave rebrand: the invisible compatibility
layer**. Everything is additive. Old SDKs, old wire identifiers, and old
env var names keep working unchanged. The backend dual-accepts and
dual-emits; new SDK code emits `x-hexclave-*` headers and the
`hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across
every category. **No user-visible rebranding lands here** — that's PR 2.

See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1
implementation guide"* for the full per-work-area spec, file pointers,
and chosen approach.

## What's implemented (all 14 PR-1 work-areas)

- **SDK export aliases** — `Hexclave*` aliases for the user-facing
`Stack*` exports added in `packages/template`; codegen propagates them
to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases
correctly excluded from `@stackframe/js`. (`e60550a2`)
- **JWT issuer dual-accept** — `decodeAccessToken` accepts both
`api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged.
(`fc781def`)
- **Request-header dual-accept** — backend + dashboard proxies normalize
`x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so
`smart-request.tsx` and every route schema keep working unchanged); CORS
allowlists extended via a derive-once helper. (`2a056eac`)
- **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a
shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`)
- **Dev-tool** — DOM ids + header emit switched.
`window.HexclaveDevTool` exposed alongside `window.StackDevTool`.
(`32131ea7`)
- **The big consolidated commit** (`7fed864a`):
- **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE
first, STACK fallback); dashboard + template client env files dual-read;
`turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright
across ~82 files including docker.
- **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*`
and custom-domain variants), OAuth-state
(`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`,
`stack-last-seen-changelog-version`). Bypass sites patched (backend
OAuth callback, dashboard remote-dev auth route, impersonation snippets,
snapshot serializer).
- **Bearer prefix** — SDK token parser accepts both `stackauth_` and
`hexclave_`; emits `hexclave_`. Discovery correction: this is purely
SDK-internal — the backend never parses it.
- **Response headers** — backend dual-emits
`x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new
first, stack fallback).
- **SDK request-header emit switch** —
`client/server/admin-interface.ts` + dashboard `api-headers.ts` +
`internal-project-headers.ts` + `feedback-form.tsx` switched to
`x-hexclave-*`. Plus `stack_response_mode` query param.
- **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys
renamed (straight); `stack:session-replay:v1` dual-read so in-progress
recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read.
- **Query params** — cross-domain params dual-emit/dual-accept via
shared helpers; backend `oauth/authorize` accepts
`hexclave_response_mode` and `stack_response_mode`; `stack-init-id`
renamed.
- **`Symbol.for`** — app-internals symbol gets a parallel
`Symbol.for("Hexclave--app-internals")` getter on each attach site (no
read-site churn — old symbol still attached). 3 file-private symbols
renamed outright.
- **Config discovery** — prefer `hexclave.config.ts`, fall back to
`stack.config.ts` at every discovery site (CLI / dashboard / backend /
local-emulator); `init` writes the new filename; CLI credentials path
migrates.
- **Internal renames** — `StackAssertionError`,
`StackClient/Server/AdminInterface` renamed outright (no alias, per the
"internal-only → rename" rule). ~264 files touched.
- **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel
review agents and fixed:
- `snapshot-serializer.ts` was interpolating the whole
`keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix
would have corrupted **every** OAuth-cookie snapshot, not just new ones.
- **Docker port-prefix producer/consumer mismatch** —
`entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still
producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel +
consumers had been renamed; silent self-host regression (custom port
prefix would be ignored).
- **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize
route — callback's fallback masked it but the dual-write was specified
by the plan.
- Plus: `mcp.test.ts` tool-list assertions updated to include
`ask_hexclave`; two dashboard header-emit sites switched to
`x-hexclave-*` for consistency.
- **E2E snapshot serializer follow-up** (`4b16cc5d`) —
`x-hexclave-request-id` added to the hidden-headers list (mirroring
`x-stack-request-id` treatment), and 2 sample inline snapshots
regenerated in `projects.test.ts` to include the new dual-emitted
headers.

## Verification

- **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma
codegen gap in `stack-docs` is pre-existing and unrelated).
- **`pnpm lint`** — 29/29 packages green.
- **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages
build (including `@stackframe/stack-cli` once the dashboard standalone
is present).
- **Live E2E** against a running backend on `cl/hexclave-pr1`:
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6
pass** (verifies the new `ask_hexclave` tool — the hand-written inline
snapshot matched actual MCP server output).
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` —
**11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the
snapshot serializer fix was found and applied during this check).

A four-agent parallel **review pass** also audited the full diff for
logic/runtime bugs across the work-areas (wire headers + JWT, cookies +
bearer + symbols, env vars, query params + config + MCP + aliases). All
in-slice review verdicts were ✓ except the three bugs listed above,
which are now fixed.

## Known follow-ups (out of scope for this PR)

- **E2E snapshots across the rest of the suite** — backend now
dual-emits `x-hexclave-{known-error,actual-status}` alongside
`x-stack-*`, which legitimately appears in inline snapshots throughout
`apps/e2e`. Two were regenerated here as a sample; the rest should regen
with `vitest -u` in CI.
- **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still
reads `STACK_*` env vars directly (the JS-side `getEnvVariable`
transform doesn't help the shell). JS consumers dual-read so it works in
practice; full shell-level dual-read is a deeper self-host follow-up.
- **`@stackframe/stack-cli` build ordering** — pre-existing; needs
`build:rde-standalone` first. Not affected by this PR.

## Test plan

- [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit
snapshot deltas, then committed back)
- [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still
authenticates against the new backend
- [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer
hexclave_*`) still authenticates against an old backend during deploy
ordering
- [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding
entrypoint) generates `hexclave.config.ts`
- [ ] Manual: existing `stack.config.ts`-only project still resolves (no
migration required)

---------

Co-authored-by: bilal <bilal@stack-auth.com>
2026-05-23 17:24:55 -07:00

524 lines
19 KiB
TypeScript

import { CustomerType, PurchaseCreationSource, SubscriptionStatus } from "@/generated/prisma/client";
import { bulldozerWriteOneTimePurchase, bulldozerWriteSubscription } from "@/lib/payments/bulldozer-dual-write";
import { getOwnedProductsForCustomer, getSubscriptionMapForCustomer } from "@/lib/payments/customer-data";
import type { OwnedProductsRow, SubscriptionRow } from "@/lib/payments/schema/types";
import { ensureUserTeamPermissionExists } from "@/lib/request-checks";
import { getPrismaClientForTenancy, PrismaClientTransaction } from "@/prisma-client";
import { KnownErrors } from "@stackframe/stack-shared";
import type { UsersCrud } from "@stackframe/stack-shared/dist/interface/crud/users";
import type { inlineProductSchema, productSchema, productSchemaWithMetadata } from "@stackframe/stack-shared/dist/schema-fields";
import { SUPPORTED_CURRENCIES } from "@stackframe/stack-shared/dist/utils/currency-constants";
import { addInterval } from "@stackframe/stack-shared/dist/utils/dates";
import { HexclaveAssertionError, StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
import { filterUndefined, getOrUndefined, has, typedEntries, typedFromEntries, typedKeys, typedValues } from "@stackframe/stack-shared/dist/utils/objects";
import { typedToUppercase } from "@stackframe/stack-shared/dist/utils/strings";
import { isUuid } from "@stackframe/stack-shared/dist/utils/uuids";
import Stripe from "stripe";
import * as yup from "yup";
import { getStripeForAccount, useStripeMock } from "./stripe";
import { Tenancy } from "./tenancies";
type Product = yup.InferType<typeof productSchema>;
type ProductWithMetadata = yup.InferType<typeof productSchemaWithMetadata>;
type SelectedPrice = Product["prices"][string];
export async function ensureClientCanAccessCustomer(options: {
customerType: "user" | "team" | "custom",
customerId: string,
user: UsersCrud["Admin"]["Read"] | undefined,
tenancy: Tenancy,
forbiddenMessage: string,
}): Promise<void> {
const currentUser = options.user;
if (!currentUser) {
throw new KnownErrors.UserAuthenticationRequired();
}
if (options.customerType === "custom") {
throw new StatusError(StatusError.Forbidden, options.forbiddenMessage);
}
if (options.customerType === "user") {
if (options.customerId !== currentUser.id) {
throw new StatusError(StatusError.Forbidden, options.forbiddenMessage);
}
return;
}
const prisma = await getPrismaClientForTenancy(options.tenancy);
await ensureUserTeamPermissionExists(prisma, {
tenancy: options.tenancy,
teamId: options.customerId,
userId: currentUser.id,
permissionId: "team_admin",
errorType: "required",
recursive: true,
});
}
export async function ensureProductIdOrInlineProduct(
tenancy: Tenancy,
accessType: "client" | "server" | "admin",
productId: string | undefined,
inlineProduct: yup.InferType<typeof inlineProductSchema> | undefined
): Promise<ProductWithMetadata> {
if (productId && inlineProduct) {
throw new StatusError(400, "Cannot specify both product_id and product_inline!");
}
if (inlineProduct && accessType === "client") {
throw new StatusError(400, "Cannot specify product_inline when calling from client! Please call with a server API key, or use the product_id parameter.");
}
if (!productId && !inlineProduct) {
throw new StatusError(400, "Must specify either product_id or product_inline!");
}
if (productId) {
const product = getOrUndefined(tenancy.config.payments.products, productId);
if (!product) {
const itemExists = has(tenancy.config.payments.items, productId);
throw new KnownErrors.ProductDoesNotExist(productId, itemExists ? "item_exists" : null);
}
if (product.serverOnly && accessType === "client") {
throw new KnownErrors.ProductDoesNotExist(productId, "server_only");
}
return product;
} else {
if (!inlineProduct) {
throw new HexclaveAssertionError("Inline product does not exist, this should never happen", { inlineProduct, productId });
}
return {
productLineId: undefined,
isAddOnTo: false,
displayName: inlineProduct.display_name,
customerType: inlineProduct.customer_type,
freeTrial: inlineProduct.free_trial,
serverOnly: inlineProduct.server_only,
stackable: false,
prices: Object.fromEntries(Object.entries(inlineProduct.prices).map(([key, value]) => [key, {
...typedFromEntries(SUPPORTED_CURRENCIES.map(c => [c.code, getOrUndefined(value, c.code)])),
interval: value.interval,
freeTrial: value.free_trial,
serverOnly: true,
}])),
clientMetadata: inlineProduct.client_metadata ?? undefined,
clientReadOnlyMetadata: inlineProduct.client_read_only_metadata ?? undefined,
serverMetadata: inlineProduct.server_metadata ?? undefined,
includedItems: typedFromEntries(Object.entries(inlineProduct.included_items).map(([key, value]) => [key, {
repeat: value.repeat ?? "never",
quantity: value.quantity ?? 0,
expires: value.expires ?? "never",
}])),
};
}
}
// ── Legacy functions deleted ──
// computeLedgerBalanceAtNow, addWhenRepeatedItemWindowTransactions,
// getItemQuantityForCustomerLegacy, Subscription type, getSubscriptions,
// getCustomerPurchaseContext, OwnedProduct type, getOwnedProductsForCustomerLegacy
// were removed. All reads now go through customer-data.ts backed by Bulldozer.
export function isActiveSubscription(subscription: { status: string }): boolean {
const s = subscription.status;
return s === "active" || s === SubscriptionStatus.active || s === "trialing" || s === SubscriptionStatus.trialing;
}
/**
* True when the given product config / snapshot declares itself as an add-on
* to one or more other products. Add-ons share a product line with their base
* plan but don't satisfy "base plan owned" invariants on their own.
*
* The predicate normalises the three ways a product can signal "not an
* add-on" (absent, explicitly `false`, or an empty record) so callers don't
* have to reimplement the check.
*/
export function isAddOnProduct(product: { isAddOnTo?: false | Record<string, true> | null }): boolean {
return product.isAddOnTo != null && product.isAddOnTo !== false && Object.keys(product.isAddOnTo).length > 0;
}
type OwnedProducts = OwnedProductsRow["ownedProducts"];
/**
* Returns true if the customer currently owns the given product (quantity > 0).
*/
export function customerOwnsProduct(ownedProducts: OwnedProducts, productId: string): boolean {
return productId in ownedProducts && ownedProducts[productId].quantity > 0;
}
export async function ensureCustomerExists(options: {
prisma: PrismaClientTransaction,
tenancyId: string,
customerType: "user" | "team" | "custom",
customerId: string,
}) {
if (options.customerType === "user") {
if (!isUuid(options.customerId)) {
throw new KnownErrors.UserNotFound();
}
const user = await options.prisma.projectUser.findUnique({
where: {
tenancyId_projectUserId: {
tenancyId: options.tenancyId,
projectUserId: options.customerId,
},
},
});
if (!user) {
throw new KnownErrors.UserNotFound();
}
} else if (options.customerType === "team") {
if (!isUuid(options.customerId)) {
throw new KnownErrors.TeamNotFound(options.customerId);
}
const team = await options.prisma.team.findUnique({
where: {
tenancyId_teamId: {
tenancyId: options.tenancyId,
teamId: options.customerId,
},
},
});
if (!team) {
throw new KnownErrors.TeamNotFound(options.customerId);
}
}
}
function customerTypeToStripeCustomerType(customerType: "user" | "team") {
return customerType === "user" ? CustomerType.USER : CustomerType.TEAM;
}
export async function getStripeCustomerForCustomerOrNull(options: {
stripe: Stripe,
prisma: PrismaClientTransaction,
tenancyId: string,
customerType: "user" | "team",
customerId: string,
}): Promise<Stripe.Customer | null> {
await ensureCustomerExists({
prisma: options.prisma,
tenancyId: options.tenancyId,
customerType: options.customerType,
customerId: options.customerId,
});
const stripeCustomerType = customerTypeToStripeCustomerType(options.customerType);
const matchesCustomer = (customer: Stripe.Customer) => {
const storedType = customer.metadata.customerType;
if (!storedType) return true;
return storedType === stripeCustomerType;
};
const stripeCustomerSearch = await options.stripe.customers.search({
query: `metadata['customerId']:'${options.customerId}'`,
});
let matches = stripeCustomerSearch.data.filter(matchesCustomer);
if (matches.length === 0) {
// Stripe's search is eventually consistent; fall back to listing to ensure we can find a newly created customer.
let startingAfter: string | undefined = undefined;
for (let i = 0; i < 10; i++) {
const page: Stripe.ApiList<Stripe.Customer> = await options.stripe.customers.list({
limit: 100,
...startingAfter ? { starting_after: startingAfter } : {},
});
const exactMatches = page.data.filter((customer) => (
customer.metadata.customerId === options.customerId && matchesCustomer(customer)
));
if (exactMatches.length > 0) {
matches = exactMatches;
break;
}
if (useStripeMock && page.data.length > 0) {
matches = [page.data[0]];
break;
}
if (!page.has_more || page.data.length === 0) {
break;
}
startingAfter = page.data[page.data.length - 1].id;
}
}
if (matches.length > 1) {
throw new HexclaveAssertionError("Multiple Stripe customers found for customerId; customerType filtering was ambiguous", {
customerId: options.customerId,
customerType: options.customerType,
stripeCustomerIds: matches.map((c) => c.id),
});
}
return matches[0] ?? null;
}
export async function ensureStripeCustomerForCustomer(options: {
stripe: Stripe,
prisma: PrismaClientTransaction,
tenancyId: string,
customerType: "user" | "team",
customerId: string,
}): Promise<Stripe.Customer> {
const existing = await getStripeCustomerForCustomerOrNull(options);
if (existing) {
return existing;
}
const stripeCustomerType = customerTypeToStripeCustomerType(options.customerType);
return await options.stripe.customers.create({
metadata: {
customerId: options.customerId,
customerType: stripeCustomerType,
},
});
}
export type StripeCardPaymentMethodSummary = {
id: string,
brand: string | null,
last4: string | null,
exp_month: number | null,
exp_year: number | null,
};
export async function getDefaultCardPaymentMethodSummary(options: {
stripe: Stripe,
stripeCustomer: Stripe.Customer,
}): Promise<StripeCardPaymentMethodSummary | null> {
const paymentMethods = await options.stripe.customers.listPaymentMethods(
options.stripeCustomer.id,
{ type: "card", limit: 1 }
);
if (paymentMethods.data.length === 0) {
return null;
}
return {
id: paymentMethods.data[0].id,
brand: paymentMethods.data[0].card?.brand ?? null,
last4: paymentMethods.data[0].card?.last4 ?? null,
exp_month: paymentMethods.data[0].card?.exp_month ?? null,
exp_year: paymentMethods.data[0].card?.exp_year ?? null,
};
}
export function productToInlineProduct(product: ProductWithMetadata): yup.InferType<typeof inlineProductSchema> {
return {
display_name: product.displayName ?? "Product",
customer_type: product.customerType,
stackable: product.stackable === true,
server_only: product.serverOnly === true,
included_items: product.includedItems,
client_metadata: product.clientMetadata ?? null,
client_read_only_metadata: product.clientReadOnlyMetadata ?? null,
server_metadata: product.serverMetadata ?? null,
prices: typedFromEntries(typedEntries(product.prices).map(([key, value]) => [key, filterUndefined({
...typedFromEntries(SUPPORTED_CURRENCIES.map(c => [c.code, getOrUndefined(value, c.code)])),
interval: value.interval,
free_trial: value.freeTrial,
})])),
};
}
export async function validatePurchaseSession(options: {
prisma: PrismaClientTransaction,
tenancyId: string,
customerType: "user" | "team" | "custom",
customerId: string,
product: Product,
productId: string | undefined,
priceId: string | undefined,
quantity: number,
}): Promise<{
selectedPrice: SelectedPrice | undefined,
conflictingSubscriptions: SubscriptionRow[],
}> {
const { prisma, tenancyId, customerType, customerId, product, productId, priceId, quantity } = options;
// Step 1: Resolve the selected price from the product config
let selectedPrice: SelectedPrice | undefined = undefined;
if (!priceId) {
selectedPrice = typedValues(product.prices)[0];
} else {
const pricesMap = new Map(typedEntries(product.prices));
selectedPrice = pricesMap.get(priceId);
if (!selectedPrice) {
throw new StatusError(400, "Price not found on product associated with this purchase code");
}
}
// Step 2: Reject non-stackable products with quantity > 1
if (quantity !== 1 && product.stackable !== true) {
throw new StatusError(400, "This product is not stackable; quantity must be 1");
}
// Step 3: Fetch owned products once for all subsequent checks
const ownedProducts = await getOwnedProductsForCustomer({ prisma, tenancyId, customerType, customerId });
// Step 4: Check the customer doesn't already own this product
if (productId && product.stackable !== true && customerOwnsProduct(ownedProducts, productId)) {
throw new KnownErrors.ProductAlreadyGranted(productId, customerId);
}
// Step 5: Verify add-on prerequisites (customer must own the base product)
if (product.isAddOnTo) {
const baseProductIds = typedKeys(product.isAddOnTo);
if (!baseProductIds.some(id => customerOwnsProduct(ownedProducts, id))) {
throw new StatusError(400, "This product is an add-on to a product that the customer does not have");
}
}
// Step 6: Block purchase if customer already owns a product in the same product line.
// If they do, find active subscriptions to cancel so the caller can replace them.
// Two exceptions:
// - Add-on products: allowed even if their base product is in the same line.
// - Stackable same-product: a second purchase of a stackable product is
// additive, not a replacement — don't treat the existing holding as a
// conflict.
let conflictingSubscriptions: SubscriptionRow[] = [];
const productLineId = product.productLineId;
const addOnBaseProductIds = product.isAddOnTo ? typedKeys(product.isAddOnTo) : [];
const isStackableSelfMatch = (pid: string) =>
productId != null && pid === productId && product.stackable === true;
const hasConflictingProductLine = productLineId && Object.entries(ownedProducts).some(
([pid, p]) =>
p.productLineId === productLineId
&& p.quantity > 0
&& !addOnBaseProductIds.includes(pid)
&& !isStackableSelfMatch(pid),
);
if (hasConflictingProductLine) {
// Find active subscriptions in this product line that can be canceled/replaced
const subMap = await getSubscriptionMapForCustomer({ prisma, tenancyId, customerType, customerId });
conflictingSubscriptions = Object.values(subMap).filter(s =>
isActiveSubscription(s)
&& (s.product as Product).productLineId === productLineId
&& !addOnBaseProductIds.includes(s.productId ?? "")
&& !isStackableSelfMatch(s.productId ?? ""),
);
// If no cancelable subscriptions found, the customer owns via OTP — block the purchase.
// TODO: reconsider the coupling here between products and purchases. OTPs can be
// refunded, so this check conflates product ownership with purchase type.
if (conflictingSubscriptions.length === 0) {
throw new StatusError(400, "Customer already has a one-time purchase in this product line");
}
}
return { selectedPrice, conflictingSubscriptions };
}
export function getClientSecretFromStripeSubscription(subscription: Stripe.Subscription): string {
const latestInvoice = subscription.latest_invoice;
if (latestInvoice && typeof latestInvoice !== "string") {
type InvoiceWithExtras = Stripe.Invoice & {
confirmation_secret?: { client_secret?: string },
payment_intent?: string | (Stripe.PaymentIntent & { client_secret?: string }) | null,
};
const invoice = latestInvoice as InvoiceWithExtras;
const confirmationSecret = invoice.confirmation_secret?.client_secret;
const piSecret = typeof invoice.payment_intent !== "string" ? invoice.payment_intent?.client_secret : undefined;
if (typeof confirmationSecret === "string") return confirmationSecret;
if (typeof piSecret === "string") return piSecret;
}
throwErr(500, "No client secret returned from Stripe for subscription");
}
type GrantProductResult =
| {
type: "one_time",
purchaseId: string | null,
}
| {
type: "subscription",
subscriptionId: string,
};
export async function grantProductToCustomer(options: {
prisma: PrismaClientTransaction,
tenancy: Tenancy,
customerType: "user" | "team" | "custom",
customerId: string,
product: ProductWithMetadata,
quantity: number,
productId: string | undefined,
priceId: string | undefined,
creationSource: PurchaseCreationSource,
}): Promise<GrantProductResult> {
const { prisma, tenancy, customerId, customerType, product, productId, priceId, quantity, creationSource } = options;
const { selectedPrice, conflictingSubscriptions } = await validatePurchaseSession({
prisma,
tenancyId: tenancy.id,
customerType,
customerId,
product,
productId,
priceId,
quantity,
});
const now = new Date();
if (conflictingSubscriptions.length > 0) {
const conflicting = conflictingSubscriptions[0];
if (conflicting.stripeSubscriptionId) {
const stripe = await getStripeForAccount({ tenancy });
await stripe.subscriptions.cancel(conflicting.stripeSubscriptionId);
} else if (conflicting.id) {
const updatedConflicting = await prisma.subscription.update({
where: {
tenancyId_id: {
tenancyId: tenancy.id,
id: conflicting.id,
},
},
data: {
status: SubscriptionStatus.canceled,
cancelAtPeriodEnd: true,
canceledAt: now,
endedAt: now,
},
});
await bulldozerWriteSubscription(prisma, updatedConflicting);
}
}
if (!selectedPrice) {
return { type: "one_time", purchaseId: null };
}
if (!selectedPrice.interval) {
const purchase = await prisma.oneTimePurchase.create({
data: {
tenancyId: tenancy.id,
customerId,
customerType: typedToUppercase(customerType),
productId,
priceId,
product,
quantity,
creationSource,
},
});
// dual write - prisma and bulldozer
await bulldozerWriteOneTimePurchase(prisma, purchase);
return { type: "one_time", purchaseId: purchase.id };
}
const subscription = await prisma.subscription.create({
data: {
tenancyId: tenancy.id,
customerId,
customerType: typedToUppercase(customerType),
status: "active",
productId,
priceId,
product,
quantity,
currentPeriodStart: now,
currentPeriodEnd: addInterval(now, selectedPrice.interval!),
cancelAtPeriodEnd: false,
creationSource,
},
});
// dual write - prisma and bulldozer
await bulldozerWriteSubscription(prisma, subscription);
return { type: "subscription", subscriptionId: subscription.id };
}