cal.pub0.org/packages/features/ee/payments/api/paypal-webhook.ts

343 lines
9.6 KiB
TypeScript

import type { Prisma } from "@prisma/client";
import type { NextApiRequest, NextApiResponse } from "next";
import getRawBody from "raw-body";
import * as z from "zod";
import { paypalCredentialKeysSchema } from "@calcom/app-store/paypal/lib";
import Paypal from "@calcom/app-store/paypal/lib/Paypal";
import EventManager from "@calcom/core/EventManager";
import { sendScheduledEmails } from "@calcom/emails";
import { getCalEventResponses } from "@calcom/features/bookings/lib/getCalEventResponses";
import { handleConfirmation } from "@calcom/features/bookings/lib/handleConfirmation";
import { isPrismaObjOrUndefined, parseRecurringEvent } from "@calcom/lib";
import { IS_PRODUCTION } from "@calcom/lib/constants";
import { getErrorFromUnknown } from "@calcom/lib/errors";
import { HttpError as HttpCode } from "@calcom/lib/http-error";
import { getTranslation } from "@calcom/lib/server/i18n";
import prisma, { bookingMinimalSelect } from "@calcom/prisma";
import { BookingStatus } from "@calcom/prisma/enums";
import type { CalendarEvent } from "@calcom/types/Calendar";
export const config = {
api: {
bodyParser: false,
},
};
async function getEventType(id: number) {
return prisma.eventType.findUnique({
where: {
id,
},
select: {
recurringEvent: true,
requiresConfirmation: true,
},
});
}
export async function handlePaymentSuccess(
payload: z.infer<typeof eventSchema>,
rawPayload: string,
webhookHeaders: WebHookHeadersType
) {
const payment = await prisma.payment.findFirst({
where: {
externalId: payload?.resource?.id,
},
select: {
id: true,
bookingId: true,
success: true,
},
});
if (!payment?.bookingId) throw new HttpCode({ statusCode: 204, message: "Payment not found" });
const booking = await prisma.booking.findUnique({
where: {
id: payment.bookingId,
},
select: {
...bookingMinimalSelect,
eventType: true,
smsReminderNumber: true,
location: true,
eventTypeId: true,
userId: true,
uid: true,
paid: true,
destinationCalendar: true,
status: true,
responses: true,
user: {
select: {
id: true,
username: true,
credentials: true,
timeZone: true,
email: true,
name: true,
locale: true,
destinationCalendar: true,
},
},
},
});
if (!booking) throw new HttpCode({ statusCode: 204, message: "No booking found" });
// Probably booking it's already paid from /capture but we need to send confirmation email
const foundCredentials = await findPaymentCredentials(booking.id);
if (!foundCredentials) throw new HttpCode({ statusCode: 204, message: "No credentials found" });
const { webhookId, ...credentials } = foundCredentials;
const paypalClient = new Paypal(credentials);
await paypalClient.getAccessToken();
await paypalClient.verifyWebhook({
body: {
auth_algo: webhookHeaders["paypal-auth-algo"],
cert_url: webhookHeaders["paypal-cert-url"],
transmission_id: webhookHeaders["paypal-transmission-id"],
transmission_sig: webhookHeaders["paypal-transmission-sig"],
transmission_time: webhookHeaders["paypal-transmission-time"],
webhook_id: webhookId,
webhook_event: rawPayload,
},
});
type EventTypeRaw = Awaited<ReturnType<typeof getEventType>>;
let eventTypeRaw: EventTypeRaw | null = null;
if (booking.eventTypeId) {
eventTypeRaw = await getEventType(booking.eventTypeId);
}
const { user } = booking;
if (!user) throw new HttpCode({ statusCode: 204, message: "No user found" });
const t = await getTranslation(user.locale ?? "en", "common");
const attendeesListPromises = booking.attendees.map(async (attendee) => {
return {
name: attendee.name,
email: attendee.email,
timeZone: attendee.timeZone,
language: {
translate: await getTranslation(attendee.locale ?? "en", "common"),
locale: attendee.locale ?? "en",
},
};
});
const attendeesList = await Promise.all(attendeesListPromises);
const evt: CalendarEvent = {
type: booking.title,
title: booking.title,
description: booking.description || undefined,
startTime: booking.startTime.toISOString(),
endTime: booking.endTime.toISOString(),
customInputs: isPrismaObjOrUndefined(booking.customInputs),
...getCalEventResponses({
booking: booking,
bookingFields: booking.eventType?.bookingFields || null,
}),
organizer: {
email: user.email,
name: user.name!,
timeZone: user.timeZone,
language: { translate: t, locale: user.locale ?? "en" },
},
attendees: attendeesList,
uid: booking.uid,
destinationCalendar: booking.destinationCalendar
? [booking.destinationCalendar]
: user.destinationCalendar
? [user.destinationCalendar]
: [],
recurringEvent: parseRecurringEvent(eventTypeRaw?.recurringEvent),
};
if (booking.location) evt.location = booking.location;
const bookingData: Prisma.BookingUpdateInput = {
paid: true,
status: BookingStatus.ACCEPTED,
};
const isConfirmed = booking.status === BookingStatus.ACCEPTED;
if (isConfirmed) {
const eventManager = new EventManager(user);
const scheduleResult = await eventManager.create(evt);
bookingData.references = { create: scheduleResult.referencesToCreate };
}
if (eventTypeRaw?.requiresConfirmation) {
delete bookingData.status;
}
if (!payment?.success) {
await prisma.payment.update({
where: {
id: payment.id,
},
data: {
success: true,
},
});
}
if (booking.status === "PENDING") {
await prisma.booking.update({
where: {
id: booking.id,
},
data: bookingData,
});
}
if (!isConfirmed && !eventTypeRaw?.requiresConfirmation) {
await handleConfirmation({ user, evt, prisma, bookingId: booking.id, booking, paid: true });
} else {
await sendScheduledEmails({ ...evt });
}
throw new HttpCode({
statusCode: 200,
message: `Booking with id '${booking.id}' was paid and confirmed.`,
});
}
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
try {
if (req.method !== "POST") {
throw new HttpCode({ statusCode: 405, message: "Method Not Allowed" });
}
const bodyRaw = await getRawBody(req);
const headers = req.headers;
const bodyAsString = bodyRaw.toString();
const parseHeaders = webhookHeadersSchema.safeParse(headers);
if (!parseHeaders.success) {
console.error(parseHeaders.error);
throw new HttpCode({ statusCode: 400, message: "Bad Request" });
}
const parse = eventSchema.safeParse(JSON.parse(bodyAsString));
if (!parse.success) {
console.error(parse.error);
throw new HttpCode({ statusCode: 400, message: "Bad Request" });
}
const { data: parsedPayload } = parse;
if (parsedPayload.event_type === "CHECKOUT.ORDER.APPROVED") {
return await handlePaymentSuccess(parsedPayload, bodyAsString, parseHeaders.data);
}
} catch (_err) {
const err = getErrorFromUnknown(_err);
console.error(`Webhook Error: ${err.message}`);
res.status(200).send({
message: err.message,
stack: IS_PRODUCTION ? undefined : err.stack,
});
return;
}
// Return a response to acknowledge receipt of the event
res.status(200).end();
}
const resourceSchema = z
.object({
create_time: z.string(),
id: z.string(),
payment_source: z.object({
paypal: z.object({}).optional(),
}),
intent: z.string(),
payer: z.object({
email_address: z.string(),
payer_id: z.string(),
address: z.object({
country_code: z.string(),
}),
}),
status: z.string().optional(),
})
.passthrough();
const eventSchema = z
.object({
id: z.string(),
create_time: z.string(),
resource_type: z.string(),
event_type: z.string(),
summary: z.string(),
resource: resourceSchema,
status: z.string().optional(),
event_version: z.string(),
resource_version: z.string(),
})
.passthrough();
const webhookHeadersSchema = z
.object({
"paypal-auth-algo": z.string(),
"paypal-cert-url": z.string(),
"paypal-transmission-id": z.string(),
"paypal-transmission-sig": z.string(),
"paypal-transmission-time": z.string(),
})
.passthrough();
type WebHookHeadersType = z.infer<typeof webhookHeadersSchema>;
export const findPaymentCredentials = async (
bookingId: number
): Promise<{ clientId: string; secretKey: string; webhookId: string }> => {
try {
// @TODO: what about team bookings with paypal?
const userFromBooking = await prisma?.booking.findFirst({
where: {
id: bookingId,
},
select: {
id: true,
userId: true,
},
});
if (!userFromBooking) throw new Error("No user found");
const credentials = await prisma?.credential.findFirst({
where: {
appId: "paypal",
userId: userFromBooking?.userId,
},
select: {
key: true,
},
});
if (!credentials) {
throw new Error("No credentials found");
}
const parsedCredentials = paypalCredentialKeysSchema.safeParse(credentials?.key);
if (!parsedCredentials.success) {
throw new Error("Credentials malformed");
}
return {
clientId: parsedCredentials.data.client_id,
secretKey: parsedCredentials.data.secret_key,
webhookId: parsedCredentials.data.webhook_id,
};
} catch (err) {
console.error(err);
return {
clientId: "",
secretKey: "",
webhookId: "",
};
}
};