mirror of
https://github.com/stack-auth/stack.git
synced 2026-07-03 21:02:05 +08:00
Some checks failed
all-good: Did all the other checks pass? / all-good (push) Has been cancelled
Ensure Prisma migrations are in sync with the schema / check_prisma_migrations (22.x) (push) Has been cancelled
DB migration compat / Check if migrations changed (push) Has been cancelled
Docker Server Build and Push / Docker Build and Push Server (push) Has been cancelled
Docker Server Build and Run / docker (push) Has been cancelled
Runs E2E API Tests (Local Emulator) / E2E Tests (Local Emulator, Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (mock, 22.x) (push) Has been cancelled
Runs E2E API Tests / E2E Tests (Node ${{ matrix.node-version }}, Freestyle ${{ matrix.freestyle-mode }}) (prod, 22.x) (push) Has been cancelled
Runs E2E API Tests with custom port prefix / build (22.x) (push) Has been cancelled
Runs E2E Fallback Tests / E2E Fallback Tests (Node ${{ matrix.node-version }}) (22.x) (push) Has been cancelled
Lint & build / lint_and_build (24) (push) Has been cancelled
TOC Generator / TOC Generator (push) Has been cancelled
DB migration compat / Back-compat — Current branch migrations with ${{ needs.check-migrations-changed.outputs.base_branch }} branch code (push) Has been cancelled
DB migration compat / Forward-compat — Current branch code with ${{ needs.check-migrations-changed.outputs.base_branch }} branch migrations (push) Has been cancelled
DB migration compat / No migration changes (skipped) (push) Has been cancelled
## Summary
**Stacked on #1468** (`docs/hexclave-rename-plan` — the plan doc). Diff
vs that base = the actual PR 1 code.
This is **PR 1 of the Hexclave rebrand: the invisible compatibility
layer**. Everything is additive. Old SDKs, old wire identifiers, and old
env var names keep working unchanged. The backend dual-accepts and
dual-emits; new SDK code emits `x-hexclave-*` headers and the
`hexclave_` Bearer prefix; cookies dual-write; env vars dual-read across
every category. **No user-visible rebranding lands here** — that's PR 2.
See [`RENAME-TO-HEXCLAVE.md`](./RENAME-TO-HEXCLAVE.md) → *"PR 1
implementation guide"* for the full per-work-area spec, file pointers,
and chosen approach.
## What's implemented (all 14 PR-1 work-areas)
- **SDK export aliases** — `Hexclave*` aliases for the user-facing
`Stack*` exports added in `packages/template`; codegen propagates them
to `@stackframe/{js,stack,react,tanstack-start}`. React-only aliases
correctly excluded from `@stackframe/js`. (`e60550a2`)
- **JWT issuer dual-accept** — `decodeAccessToken` accepts both
`api.stack-auth.com` and `api.hexclave.com` issuers. Signing unchanged.
(`fc781def`)
- **Request-header dual-accept** — backend + dashboard proxies normalize
`x-hexclave-*` → `x-stack-*` at the existing empty proxy hook (so
`smart-request.tsx` and every route schema keep working unchanged); CORS
allowlists extended via a derive-once helper. (`2a056eac`)
- **MCP `ask_hexclave`** — registered alongside `ask_stack_auth` via a
shared helper; `ask_stack_auth` behavior byte-identical. (`30ffd604`)
- **Dev-tool** — DOM ids + header emit switched.
`window.HexclaveDevTool` exposed alongside `window.StackDevTool`.
(`32131ea7`)
- **The big consolidated commit** (`7fed864a`):
- **Env vars** — central `getEnvVariable` prefix-transform (HEXCLAVE
first, STACK fallback); dashboard + template client env files dual-read;
`turbo.json` globalEnv; `NEXT_PUBLIC_STACK_PORT_PREFIX` renamed outright
across ~82 files including docker.
- **Cookies** — dual-write/dual-read auth (`stack-access`/`-refresh-*`
and custom-domain variants), OAuth-state
(`stack-oauth-{inner,outer}-*`), and low-risk cookies (`stack-is-https`,
`stack-last-seen-changelog-version`). Bypass sites patched (backend
OAuth callback, dashboard remote-dev auth route, impersonation snippets,
snapshot serializer).
- **Bearer prefix** — SDK token parser accepts both `stackauth_` and
`hexclave_`; emits `hexclave_`. Discovery correction: this is purely
SDK-internal — the backend never parses it.
- **Response headers** — backend dual-emits
`x-hexclave-{request-id,actual-status,known-error}`; SDKs dual-read (new
first, stack fallback).
- **SDK request-header emit switch** —
`client/server/admin-interface.ts` + dashboard `api-headers.ts` +
`internal-project-headers.ts` + `feedback-form.tsx` switched to
`x-hexclave-*`. Plus `stack_response_mode` query param.
- **Storage keys** — dev-tool / cli-auth / oauth-button / docs keys
renamed (straight); `stack:session-replay:v1` dual-read so in-progress
recordings survive SDK upgrades; `stack_mfa_attempt_code` dual-read.
- **Query params** — cross-domain params dual-emit/dual-accept via
shared helpers; backend `oauth/authorize` accepts
`hexclave_response_mode` and `stack_response_mode`; `stack-init-id`
renamed.
- **`Symbol.for`** — app-internals symbol gets a parallel
`Symbol.for("Hexclave--app-internals")` getter on each attach site (no
read-site churn — old symbol still attached). 3 file-private symbols
renamed outright.
- **Config discovery** — prefer `hexclave.config.ts`, fall back to
`stack.config.ts` at every discovery site (CLI / dashboard / backend /
local-emulator); `init` writes the new filename; CLI credentials path
migrates.
- **Internal renames** — `StackAssertionError`,
`StackClient/Server/AdminInterface` renamed outright (no alias, per the
"internal-only → rename" rule). ~264 files touched.
- **Review-pass fixes** (`21217fbe`) — three real bugs found by parallel
review agents and fixed:
- `snapshot-serializer.ts` was interpolating the whole
`keyedCookieNamePrefixes` array (`${arr}`) — adding a second prefix
would have corrupted **every** OAuth-cookie snapshot, not just new ones.
- **Docker port-prefix producer/consumer mismatch** —
`entrypoint.sh`/`run-emulator.sh`/cloud-init `user-data` were still
producing `NEXT_PUBLIC_STACK_PORT_PREFIX` while the dashboard sentinel +
consumers had been renamed; silent self-host regression (custom port
prefix would be ignored).
- **Missing `hexclave-oauth-inner-*` dual-write** in the OAuth authorize
route — callback's fallback masked it but the dual-write was specified
by the plan.
- Plus: `mcp.test.ts` tool-list assertions updated to include
`ask_hexclave`; two dashboard header-emit sites switched to
`x-hexclave-*` for consistency.
- **E2E snapshot serializer follow-up** (`4b16cc5d`) —
`x-hexclave-request-id` added to the hidden-headers list (mirroring
`x-stack-request-id` treatment), and 2 sample inline snapshots
regenerated in `projects.test.ts` to include the new dual-emitted
headers.
## Verification
- **`pnpm typecheck`** — clean (the fresh-worktree `@/.source` / Prisma
codegen gap in `stack-docs` is pre-existing and unrelated).
- **`pnpm lint`** — 29/29 packages green.
- **`pnpm exec turbo run build --filter=./packages/*`** — 13/13 packages
build (including `@stackframe/stack-cli` once the dashboard standalone
is present).
- **Live E2E** against a running backend on `cl/hexclave-pr1`:
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/mcp.test.ts` — **6/6
pass** (verifies the new `ask_hexclave` tool — the hand-written inline
snapshot matched actual MCP server output).
- `pnpm test run
apps/e2e/tests/backend/endpoints/api/v1/internal/projects.test.ts` —
**11/11 pass** (verifies wire dual-accept + dual-emit end-to-end; the
snapshot serializer fix was found and applied during this check).
A four-agent parallel **review pass** also audited the full diff for
logic/runtime bugs across the work-areas (wire headers + JWT, cookies +
bearer + symbols, env vars, query params + config + MCP + aliases). All
in-slice review verdicts were ✓ except the three bugs listed above,
which are now fixed.
## Known follow-ups (out of scope for this PR)
- **E2E snapshots across the rest of the suite** — backend now
dual-emits `x-hexclave-{known-error,actual-status}` alongside
`x-stack-*`, which legitimately appears in inline snapshots throughout
`apps/e2e`. Two were regenerated here as a sample; the rest should regen
with `vitest -u` in CI.
- **Docker shell env vars beyond `PORT_PREFIX`** — `entrypoint.sh` still
reads `STACK_*` env vars directly (the JS-side `getEnvVariable`
transform doesn't help the shell). JS consumers dual-read so it works in
practice; full shell-level dual-read is a deeper self-host follow-up.
- **`@stackframe/stack-cli` build ordering** — pre-existing; needs
`build:rde-standalone` first. Not affected by this PR.
## Test plan
- [ ] CI runs full e2e suite (with `vitest -u` to absorb dual-emit
snapshot deltas, then committed back)
- [ ] Spot-check: an old SDK build (emitting only `x-stack-*`) still
authenticates against the new backend
- [ ] Spot-check: a new SDK (emitting `x-hexclave-*` / `Bearer
hexclave_*`) still authenticates against an old backend during deploy
ordering
- [ ] Manual: `npx @stackframe/stack-cli@latest init` (new onboarding
entrypoint) generates `hexclave.config.ts`
- [ ] Manual: existing `stack.config.ts`-only project still resolves (no
migration required)
---------
Co-authored-by: bilal <bilal@stack-auth.com>
524 lines
19 KiB
TypeScript
524 lines
19 KiB
TypeScript
import { CustomerType, PurchaseCreationSource, SubscriptionStatus } from "@/generated/prisma/client";
|
|
import { bulldozerWriteOneTimePurchase, bulldozerWriteSubscription } from "@/lib/payments/bulldozer-dual-write";
|
|
import { getOwnedProductsForCustomer, getSubscriptionMapForCustomer } from "@/lib/payments/customer-data";
|
|
import type { OwnedProductsRow, SubscriptionRow } from "@/lib/payments/schema/types";
|
|
import { ensureUserTeamPermissionExists } from "@/lib/request-checks";
|
|
import { getPrismaClientForTenancy, PrismaClientTransaction } from "@/prisma-client";
|
|
import { KnownErrors } from "@stackframe/stack-shared";
|
|
import type { UsersCrud } from "@stackframe/stack-shared/dist/interface/crud/users";
|
|
import type { inlineProductSchema, productSchema, productSchemaWithMetadata } from "@stackframe/stack-shared/dist/schema-fields";
|
|
import { SUPPORTED_CURRENCIES } from "@stackframe/stack-shared/dist/utils/currency-constants";
|
|
import { addInterval } from "@stackframe/stack-shared/dist/utils/dates";
|
|
import { HexclaveAssertionError, StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
|
|
import { filterUndefined, getOrUndefined, has, typedEntries, typedFromEntries, typedKeys, typedValues } from "@stackframe/stack-shared/dist/utils/objects";
|
|
import { typedToUppercase } from "@stackframe/stack-shared/dist/utils/strings";
|
|
import { isUuid } from "@stackframe/stack-shared/dist/utils/uuids";
|
|
import Stripe from "stripe";
|
|
import * as yup from "yup";
|
|
import { getStripeForAccount, useStripeMock } from "./stripe";
|
|
import { Tenancy } from "./tenancies";
|
|
|
|
|
|
type Product = yup.InferType<typeof productSchema>;
|
|
type ProductWithMetadata = yup.InferType<typeof productSchemaWithMetadata>;
|
|
type SelectedPrice = Product["prices"][string];
|
|
|
|
export async function ensureClientCanAccessCustomer(options: {
|
|
customerType: "user" | "team" | "custom",
|
|
customerId: string,
|
|
user: UsersCrud["Admin"]["Read"] | undefined,
|
|
tenancy: Tenancy,
|
|
forbiddenMessage: string,
|
|
}): Promise<void> {
|
|
const currentUser = options.user;
|
|
if (!currentUser) {
|
|
throw new KnownErrors.UserAuthenticationRequired();
|
|
}
|
|
if (options.customerType === "custom") {
|
|
throw new StatusError(StatusError.Forbidden, options.forbiddenMessage);
|
|
}
|
|
if (options.customerType === "user") {
|
|
if (options.customerId !== currentUser.id) {
|
|
throw new StatusError(StatusError.Forbidden, options.forbiddenMessage);
|
|
}
|
|
return;
|
|
}
|
|
|
|
const prisma = await getPrismaClientForTenancy(options.tenancy);
|
|
await ensureUserTeamPermissionExists(prisma, {
|
|
tenancy: options.tenancy,
|
|
teamId: options.customerId,
|
|
userId: currentUser.id,
|
|
permissionId: "team_admin",
|
|
errorType: "required",
|
|
recursive: true,
|
|
});
|
|
}
|
|
|
|
export async function ensureProductIdOrInlineProduct(
|
|
tenancy: Tenancy,
|
|
accessType: "client" | "server" | "admin",
|
|
productId: string | undefined,
|
|
inlineProduct: yup.InferType<typeof inlineProductSchema> | undefined
|
|
): Promise<ProductWithMetadata> {
|
|
if (productId && inlineProduct) {
|
|
throw new StatusError(400, "Cannot specify both product_id and product_inline!");
|
|
}
|
|
if (inlineProduct && accessType === "client") {
|
|
throw new StatusError(400, "Cannot specify product_inline when calling from client! Please call with a server API key, or use the product_id parameter.");
|
|
}
|
|
if (!productId && !inlineProduct) {
|
|
throw new StatusError(400, "Must specify either product_id or product_inline!");
|
|
}
|
|
if (productId) {
|
|
const product = getOrUndefined(tenancy.config.payments.products, productId);
|
|
if (!product) {
|
|
const itemExists = has(tenancy.config.payments.items, productId);
|
|
throw new KnownErrors.ProductDoesNotExist(productId, itemExists ? "item_exists" : null);
|
|
}
|
|
if (product.serverOnly && accessType === "client") {
|
|
throw new KnownErrors.ProductDoesNotExist(productId, "server_only");
|
|
}
|
|
return product;
|
|
} else {
|
|
if (!inlineProduct) {
|
|
throw new HexclaveAssertionError("Inline product does not exist, this should never happen", { inlineProduct, productId });
|
|
}
|
|
return {
|
|
productLineId: undefined,
|
|
isAddOnTo: false,
|
|
displayName: inlineProduct.display_name,
|
|
customerType: inlineProduct.customer_type,
|
|
freeTrial: inlineProduct.free_trial,
|
|
serverOnly: inlineProduct.server_only,
|
|
stackable: false,
|
|
prices: Object.fromEntries(Object.entries(inlineProduct.prices).map(([key, value]) => [key, {
|
|
...typedFromEntries(SUPPORTED_CURRENCIES.map(c => [c.code, getOrUndefined(value, c.code)])),
|
|
interval: value.interval,
|
|
freeTrial: value.free_trial,
|
|
serverOnly: true,
|
|
}])),
|
|
clientMetadata: inlineProduct.client_metadata ?? undefined,
|
|
clientReadOnlyMetadata: inlineProduct.client_read_only_metadata ?? undefined,
|
|
serverMetadata: inlineProduct.server_metadata ?? undefined,
|
|
includedItems: typedFromEntries(Object.entries(inlineProduct.included_items).map(([key, value]) => [key, {
|
|
repeat: value.repeat ?? "never",
|
|
quantity: value.quantity ?? 0,
|
|
expires: value.expires ?? "never",
|
|
}])),
|
|
};
|
|
}
|
|
}
|
|
|
|
// ── Legacy functions deleted ──
|
|
// computeLedgerBalanceAtNow, addWhenRepeatedItemWindowTransactions,
|
|
// getItemQuantityForCustomerLegacy, Subscription type, getSubscriptions,
|
|
// getCustomerPurchaseContext, OwnedProduct type, getOwnedProductsForCustomerLegacy
|
|
// were removed. All reads now go through customer-data.ts backed by Bulldozer.
|
|
|
|
export function isActiveSubscription(subscription: { status: string }): boolean {
|
|
const s = subscription.status;
|
|
return s === "active" || s === SubscriptionStatus.active || s === "trialing" || s === SubscriptionStatus.trialing;
|
|
}
|
|
|
|
/**
|
|
* True when the given product config / snapshot declares itself as an add-on
|
|
* to one or more other products. Add-ons share a product line with their base
|
|
* plan but don't satisfy "base plan owned" invariants on their own.
|
|
*
|
|
* The predicate normalises the three ways a product can signal "not an
|
|
* add-on" (absent, explicitly `false`, or an empty record) so callers don't
|
|
* have to reimplement the check.
|
|
*/
|
|
export function isAddOnProduct(product: { isAddOnTo?: false | Record<string, true> | null }): boolean {
|
|
return product.isAddOnTo != null && product.isAddOnTo !== false && Object.keys(product.isAddOnTo).length > 0;
|
|
}
|
|
|
|
type OwnedProducts = OwnedProductsRow["ownedProducts"];
|
|
|
|
/**
|
|
* Returns true if the customer currently owns the given product (quantity > 0).
|
|
*/
|
|
export function customerOwnsProduct(ownedProducts: OwnedProducts, productId: string): boolean {
|
|
return productId in ownedProducts && ownedProducts[productId].quantity > 0;
|
|
}
|
|
|
|
export async function ensureCustomerExists(options: {
|
|
prisma: PrismaClientTransaction,
|
|
tenancyId: string,
|
|
customerType: "user" | "team" | "custom",
|
|
customerId: string,
|
|
}) {
|
|
if (options.customerType === "user") {
|
|
if (!isUuid(options.customerId)) {
|
|
throw new KnownErrors.UserNotFound();
|
|
}
|
|
const user = await options.prisma.projectUser.findUnique({
|
|
where: {
|
|
tenancyId_projectUserId: {
|
|
tenancyId: options.tenancyId,
|
|
projectUserId: options.customerId,
|
|
},
|
|
},
|
|
});
|
|
if (!user) {
|
|
throw new KnownErrors.UserNotFound();
|
|
}
|
|
} else if (options.customerType === "team") {
|
|
if (!isUuid(options.customerId)) {
|
|
throw new KnownErrors.TeamNotFound(options.customerId);
|
|
}
|
|
const team = await options.prisma.team.findUnique({
|
|
where: {
|
|
tenancyId_teamId: {
|
|
tenancyId: options.tenancyId,
|
|
teamId: options.customerId,
|
|
},
|
|
},
|
|
});
|
|
if (!team) {
|
|
throw new KnownErrors.TeamNotFound(options.customerId);
|
|
}
|
|
}
|
|
}
|
|
|
|
function customerTypeToStripeCustomerType(customerType: "user" | "team") {
|
|
return customerType === "user" ? CustomerType.USER : CustomerType.TEAM;
|
|
}
|
|
|
|
export async function getStripeCustomerForCustomerOrNull(options: {
|
|
stripe: Stripe,
|
|
prisma: PrismaClientTransaction,
|
|
tenancyId: string,
|
|
customerType: "user" | "team",
|
|
customerId: string,
|
|
}): Promise<Stripe.Customer | null> {
|
|
await ensureCustomerExists({
|
|
prisma: options.prisma,
|
|
tenancyId: options.tenancyId,
|
|
customerType: options.customerType,
|
|
customerId: options.customerId,
|
|
});
|
|
|
|
const stripeCustomerType = customerTypeToStripeCustomerType(options.customerType);
|
|
const matchesCustomer = (customer: Stripe.Customer) => {
|
|
const storedType = customer.metadata.customerType;
|
|
if (!storedType) return true;
|
|
return storedType === stripeCustomerType;
|
|
};
|
|
|
|
const stripeCustomerSearch = await options.stripe.customers.search({
|
|
query: `metadata['customerId']:'${options.customerId}'`,
|
|
});
|
|
let matches = stripeCustomerSearch.data.filter(matchesCustomer);
|
|
|
|
if (matches.length === 0) {
|
|
// Stripe's search is eventually consistent; fall back to listing to ensure we can find a newly created customer.
|
|
let startingAfter: string | undefined = undefined;
|
|
for (let i = 0; i < 10; i++) {
|
|
const page: Stripe.ApiList<Stripe.Customer> = await options.stripe.customers.list({
|
|
limit: 100,
|
|
...startingAfter ? { starting_after: startingAfter } : {},
|
|
});
|
|
const exactMatches = page.data.filter((customer) => (
|
|
customer.metadata.customerId === options.customerId && matchesCustomer(customer)
|
|
));
|
|
if (exactMatches.length > 0) {
|
|
matches = exactMatches;
|
|
break;
|
|
}
|
|
if (useStripeMock && page.data.length > 0) {
|
|
matches = [page.data[0]];
|
|
break;
|
|
}
|
|
if (!page.has_more || page.data.length === 0) {
|
|
break;
|
|
}
|
|
startingAfter = page.data[page.data.length - 1].id;
|
|
}
|
|
}
|
|
|
|
if (matches.length > 1) {
|
|
throw new HexclaveAssertionError("Multiple Stripe customers found for customerId; customerType filtering was ambiguous", {
|
|
customerId: options.customerId,
|
|
customerType: options.customerType,
|
|
stripeCustomerIds: matches.map((c) => c.id),
|
|
});
|
|
}
|
|
return matches[0] ?? null;
|
|
}
|
|
|
|
export async function ensureStripeCustomerForCustomer(options: {
|
|
stripe: Stripe,
|
|
prisma: PrismaClientTransaction,
|
|
tenancyId: string,
|
|
customerType: "user" | "team",
|
|
customerId: string,
|
|
}): Promise<Stripe.Customer> {
|
|
const existing = await getStripeCustomerForCustomerOrNull(options);
|
|
if (existing) {
|
|
return existing;
|
|
}
|
|
const stripeCustomerType = customerTypeToStripeCustomerType(options.customerType);
|
|
return await options.stripe.customers.create({
|
|
metadata: {
|
|
customerId: options.customerId,
|
|
customerType: stripeCustomerType,
|
|
},
|
|
});
|
|
}
|
|
|
|
export type StripeCardPaymentMethodSummary = {
|
|
id: string,
|
|
brand: string | null,
|
|
last4: string | null,
|
|
exp_month: number | null,
|
|
exp_year: number | null,
|
|
};
|
|
|
|
export async function getDefaultCardPaymentMethodSummary(options: {
|
|
stripe: Stripe,
|
|
stripeCustomer: Stripe.Customer,
|
|
}): Promise<StripeCardPaymentMethodSummary | null> {
|
|
const paymentMethods = await options.stripe.customers.listPaymentMethods(
|
|
options.stripeCustomer.id,
|
|
{ type: "card", limit: 1 }
|
|
);
|
|
if (paymentMethods.data.length === 0) {
|
|
return null;
|
|
}
|
|
return {
|
|
id: paymentMethods.data[0].id,
|
|
brand: paymentMethods.data[0].card?.brand ?? null,
|
|
last4: paymentMethods.data[0].card?.last4 ?? null,
|
|
exp_month: paymentMethods.data[0].card?.exp_month ?? null,
|
|
exp_year: paymentMethods.data[0].card?.exp_year ?? null,
|
|
};
|
|
}
|
|
|
|
export function productToInlineProduct(product: ProductWithMetadata): yup.InferType<typeof inlineProductSchema> {
|
|
return {
|
|
display_name: product.displayName ?? "Product",
|
|
customer_type: product.customerType,
|
|
stackable: product.stackable === true,
|
|
server_only: product.serverOnly === true,
|
|
included_items: product.includedItems,
|
|
client_metadata: product.clientMetadata ?? null,
|
|
client_read_only_metadata: product.clientReadOnlyMetadata ?? null,
|
|
server_metadata: product.serverMetadata ?? null,
|
|
prices: typedFromEntries(typedEntries(product.prices).map(([key, value]) => [key, filterUndefined({
|
|
...typedFromEntries(SUPPORTED_CURRENCIES.map(c => [c.code, getOrUndefined(value, c.code)])),
|
|
interval: value.interval,
|
|
free_trial: value.freeTrial,
|
|
})])),
|
|
};
|
|
}
|
|
|
|
export async function validatePurchaseSession(options: {
|
|
prisma: PrismaClientTransaction,
|
|
tenancyId: string,
|
|
customerType: "user" | "team" | "custom",
|
|
customerId: string,
|
|
product: Product,
|
|
productId: string | undefined,
|
|
priceId: string | undefined,
|
|
quantity: number,
|
|
}): Promise<{
|
|
selectedPrice: SelectedPrice | undefined,
|
|
conflictingSubscriptions: SubscriptionRow[],
|
|
}> {
|
|
const { prisma, tenancyId, customerType, customerId, product, productId, priceId, quantity } = options;
|
|
|
|
// Step 1: Resolve the selected price from the product config
|
|
let selectedPrice: SelectedPrice | undefined = undefined;
|
|
if (!priceId) {
|
|
selectedPrice = typedValues(product.prices)[0];
|
|
} else {
|
|
const pricesMap = new Map(typedEntries(product.prices));
|
|
selectedPrice = pricesMap.get(priceId);
|
|
if (!selectedPrice) {
|
|
throw new StatusError(400, "Price not found on product associated with this purchase code");
|
|
}
|
|
}
|
|
|
|
// Step 2: Reject non-stackable products with quantity > 1
|
|
if (quantity !== 1 && product.stackable !== true) {
|
|
throw new StatusError(400, "This product is not stackable; quantity must be 1");
|
|
}
|
|
|
|
// Step 3: Fetch owned products once for all subsequent checks
|
|
const ownedProducts = await getOwnedProductsForCustomer({ prisma, tenancyId, customerType, customerId });
|
|
|
|
// Step 4: Check the customer doesn't already own this product
|
|
if (productId && product.stackable !== true && customerOwnsProduct(ownedProducts, productId)) {
|
|
throw new KnownErrors.ProductAlreadyGranted(productId, customerId);
|
|
}
|
|
|
|
// Step 5: Verify add-on prerequisites (customer must own the base product)
|
|
if (product.isAddOnTo) {
|
|
const baseProductIds = typedKeys(product.isAddOnTo);
|
|
if (!baseProductIds.some(id => customerOwnsProduct(ownedProducts, id))) {
|
|
throw new StatusError(400, "This product is an add-on to a product that the customer does not have");
|
|
}
|
|
}
|
|
|
|
// Step 6: Block purchase if customer already owns a product in the same product line.
|
|
// If they do, find active subscriptions to cancel so the caller can replace them.
|
|
// Two exceptions:
|
|
// - Add-on products: allowed even if their base product is in the same line.
|
|
// - Stackable same-product: a second purchase of a stackable product is
|
|
// additive, not a replacement — don't treat the existing holding as a
|
|
// conflict.
|
|
let conflictingSubscriptions: SubscriptionRow[] = [];
|
|
const productLineId = product.productLineId;
|
|
const addOnBaseProductIds = product.isAddOnTo ? typedKeys(product.isAddOnTo) : [];
|
|
const isStackableSelfMatch = (pid: string) =>
|
|
productId != null && pid === productId && product.stackable === true;
|
|
const hasConflictingProductLine = productLineId && Object.entries(ownedProducts).some(
|
|
([pid, p]) =>
|
|
p.productLineId === productLineId
|
|
&& p.quantity > 0
|
|
&& !addOnBaseProductIds.includes(pid)
|
|
&& !isStackableSelfMatch(pid),
|
|
);
|
|
if (hasConflictingProductLine) {
|
|
// Find active subscriptions in this product line that can be canceled/replaced
|
|
const subMap = await getSubscriptionMapForCustomer({ prisma, tenancyId, customerType, customerId });
|
|
conflictingSubscriptions = Object.values(subMap).filter(s =>
|
|
isActiveSubscription(s)
|
|
&& (s.product as Product).productLineId === productLineId
|
|
&& !addOnBaseProductIds.includes(s.productId ?? "")
|
|
&& !isStackableSelfMatch(s.productId ?? ""),
|
|
);
|
|
|
|
// If no cancelable subscriptions found, the customer owns via OTP — block the purchase.
|
|
// TODO: reconsider the coupling here between products and purchases. OTPs can be
|
|
// refunded, so this check conflates product ownership with purchase type.
|
|
if (conflictingSubscriptions.length === 0) {
|
|
throw new StatusError(400, "Customer already has a one-time purchase in this product line");
|
|
}
|
|
}
|
|
|
|
return { selectedPrice, conflictingSubscriptions };
|
|
}
|
|
|
|
export function getClientSecretFromStripeSubscription(subscription: Stripe.Subscription): string {
|
|
const latestInvoice = subscription.latest_invoice;
|
|
if (latestInvoice && typeof latestInvoice !== "string") {
|
|
type InvoiceWithExtras = Stripe.Invoice & {
|
|
confirmation_secret?: { client_secret?: string },
|
|
payment_intent?: string | (Stripe.PaymentIntent & { client_secret?: string }) | null,
|
|
};
|
|
const invoice = latestInvoice as InvoiceWithExtras;
|
|
const confirmationSecret = invoice.confirmation_secret?.client_secret;
|
|
const piSecret = typeof invoice.payment_intent !== "string" ? invoice.payment_intent?.client_secret : undefined;
|
|
if (typeof confirmationSecret === "string") return confirmationSecret;
|
|
if (typeof piSecret === "string") return piSecret;
|
|
}
|
|
throwErr(500, "No client secret returned from Stripe for subscription");
|
|
}
|
|
|
|
type GrantProductResult =
|
|
| {
|
|
type: "one_time",
|
|
purchaseId: string | null,
|
|
}
|
|
| {
|
|
type: "subscription",
|
|
subscriptionId: string,
|
|
};
|
|
|
|
export async function grantProductToCustomer(options: {
|
|
prisma: PrismaClientTransaction,
|
|
tenancy: Tenancy,
|
|
customerType: "user" | "team" | "custom",
|
|
customerId: string,
|
|
product: ProductWithMetadata,
|
|
quantity: number,
|
|
productId: string | undefined,
|
|
priceId: string | undefined,
|
|
creationSource: PurchaseCreationSource,
|
|
}): Promise<GrantProductResult> {
|
|
const { prisma, tenancy, customerId, customerType, product, productId, priceId, quantity, creationSource } = options;
|
|
const { selectedPrice, conflictingSubscriptions } = await validatePurchaseSession({
|
|
prisma,
|
|
tenancyId: tenancy.id,
|
|
customerType,
|
|
customerId,
|
|
product,
|
|
productId,
|
|
priceId,
|
|
quantity,
|
|
});
|
|
|
|
const now = new Date();
|
|
|
|
if (conflictingSubscriptions.length > 0) {
|
|
const conflicting = conflictingSubscriptions[0];
|
|
if (conflicting.stripeSubscriptionId) {
|
|
const stripe = await getStripeForAccount({ tenancy });
|
|
await stripe.subscriptions.cancel(conflicting.stripeSubscriptionId);
|
|
} else if (conflicting.id) {
|
|
const updatedConflicting = await prisma.subscription.update({
|
|
where: {
|
|
tenancyId_id: {
|
|
tenancyId: tenancy.id,
|
|
id: conflicting.id,
|
|
},
|
|
},
|
|
data: {
|
|
status: SubscriptionStatus.canceled,
|
|
cancelAtPeriodEnd: true,
|
|
canceledAt: now,
|
|
endedAt: now,
|
|
},
|
|
});
|
|
await bulldozerWriteSubscription(prisma, updatedConflicting);
|
|
}
|
|
}
|
|
|
|
if (!selectedPrice) {
|
|
return { type: "one_time", purchaseId: null };
|
|
}
|
|
|
|
if (!selectedPrice.interval) {
|
|
const purchase = await prisma.oneTimePurchase.create({
|
|
data: {
|
|
tenancyId: tenancy.id,
|
|
customerId,
|
|
customerType: typedToUppercase(customerType),
|
|
productId,
|
|
priceId,
|
|
product,
|
|
quantity,
|
|
creationSource,
|
|
},
|
|
});
|
|
// dual write - prisma and bulldozer
|
|
await bulldozerWriteOneTimePurchase(prisma, purchase);
|
|
return { type: "one_time", purchaseId: purchase.id };
|
|
}
|
|
|
|
const subscription = await prisma.subscription.create({
|
|
data: {
|
|
tenancyId: tenancy.id,
|
|
customerId,
|
|
customerType: typedToUppercase(customerType),
|
|
status: "active",
|
|
productId,
|
|
priceId,
|
|
product,
|
|
quantity,
|
|
currentPeriodStart: now,
|
|
currentPeriodEnd: addInterval(now, selectedPrice.interval!),
|
|
cancelAtPeriodEnd: false,
|
|
creationSource,
|
|
},
|
|
});
|
|
// dual write - prisma and bulldozer
|
|
await bulldozerWriteSubscription(prisma, subscription);
|
|
|
|
return { type: "subscription", subscriptionId: subscription.id };
|
|
}
|
|
|