343 lines
9.6 KiB
TypeScript
343 lines
9.6 KiB
TypeScript
import type { Prisma } from "@prisma/client";
|
|
import type { NextApiRequest, NextApiResponse } from "next";
|
|
import getRawBody from "raw-body";
|
|
import * as z from "zod";
|
|
|
|
import { paypalCredentialKeysSchema } from "@calcom/app-store/paypal/lib";
|
|
import Paypal from "@calcom/app-store/paypal/lib/Paypal";
|
|
import EventManager from "@calcom/core/EventManager";
|
|
import { sendScheduledEmails } from "@calcom/emails";
|
|
import { getCalEventResponses } from "@calcom/features/bookings/lib/getCalEventResponses";
|
|
import { handleConfirmation } from "@calcom/features/bookings/lib/handleConfirmation";
|
|
import { isPrismaObjOrUndefined, parseRecurringEvent } from "@calcom/lib";
|
|
import { IS_PRODUCTION } from "@calcom/lib/constants";
|
|
import { getErrorFromUnknown } from "@calcom/lib/errors";
|
|
import { HttpError as HttpCode } from "@calcom/lib/http-error";
|
|
import { getTranslation } from "@calcom/lib/server/i18n";
|
|
import prisma, { bookingMinimalSelect } from "@calcom/prisma";
|
|
import { BookingStatus } from "@calcom/prisma/enums";
|
|
import type { CalendarEvent } from "@calcom/types/Calendar";
|
|
|
|
export const config = {
|
|
api: {
|
|
bodyParser: false,
|
|
},
|
|
};
|
|
|
|
async function getEventType(id: number) {
|
|
return prisma.eventType.findUnique({
|
|
where: {
|
|
id,
|
|
},
|
|
select: {
|
|
recurringEvent: true,
|
|
requiresConfirmation: true,
|
|
},
|
|
});
|
|
}
|
|
|
|
export async function handlePaymentSuccess(
|
|
payload: z.infer<typeof eventSchema>,
|
|
rawPayload: string,
|
|
webhookHeaders: WebHookHeadersType
|
|
) {
|
|
const payment = await prisma.payment.findFirst({
|
|
where: {
|
|
externalId: payload?.resource?.id,
|
|
},
|
|
select: {
|
|
id: true,
|
|
bookingId: true,
|
|
success: true,
|
|
},
|
|
});
|
|
|
|
if (!payment?.bookingId) throw new HttpCode({ statusCode: 204, message: "Payment not found" });
|
|
|
|
const booking = await prisma.booking.findUnique({
|
|
where: {
|
|
id: payment.bookingId,
|
|
},
|
|
select: {
|
|
...bookingMinimalSelect,
|
|
eventType: true,
|
|
smsReminderNumber: true,
|
|
location: true,
|
|
eventTypeId: true,
|
|
userId: true,
|
|
uid: true,
|
|
paid: true,
|
|
destinationCalendar: true,
|
|
status: true,
|
|
responses: true,
|
|
user: {
|
|
select: {
|
|
id: true,
|
|
username: true,
|
|
credentials: true,
|
|
timeZone: true,
|
|
email: true,
|
|
name: true,
|
|
locale: true,
|
|
destinationCalendar: true,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
if (!booking) throw new HttpCode({ statusCode: 204, message: "No booking found" });
|
|
// Probably booking it's already paid from /capture but we need to send confirmation email
|
|
const foundCredentials = await findPaymentCredentials(booking.id);
|
|
if (!foundCredentials) throw new HttpCode({ statusCode: 204, message: "No credentials found" });
|
|
const { webhookId, ...credentials } = foundCredentials;
|
|
|
|
const paypalClient = new Paypal(credentials);
|
|
await paypalClient.getAccessToken();
|
|
await paypalClient.verifyWebhook({
|
|
body: {
|
|
auth_algo: webhookHeaders["paypal-auth-algo"],
|
|
cert_url: webhookHeaders["paypal-cert-url"],
|
|
transmission_id: webhookHeaders["paypal-transmission-id"],
|
|
transmission_sig: webhookHeaders["paypal-transmission-sig"],
|
|
transmission_time: webhookHeaders["paypal-transmission-time"],
|
|
webhook_id: webhookId,
|
|
webhook_event: rawPayload,
|
|
},
|
|
});
|
|
|
|
type EventTypeRaw = Awaited<ReturnType<typeof getEventType>>;
|
|
let eventTypeRaw: EventTypeRaw | null = null;
|
|
if (booking.eventTypeId) {
|
|
eventTypeRaw = await getEventType(booking.eventTypeId);
|
|
}
|
|
|
|
const { user } = booking;
|
|
|
|
if (!user) throw new HttpCode({ statusCode: 204, message: "No user found" });
|
|
|
|
const t = await getTranslation(user.locale ?? "en", "common");
|
|
const attendeesListPromises = booking.attendees.map(async (attendee) => {
|
|
return {
|
|
name: attendee.name,
|
|
email: attendee.email,
|
|
timeZone: attendee.timeZone,
|
|
language: {
|
|
translate: await getTranslation(attendee.locale ?? "en", "common"),
|
|
locale: attendee.locale ?? "en",
|
|
},
|
|
};
|
|
});
|
|
|
|
const attendeesList = await Promise.all(attendeesListPromises);
|
|
|
|
const evt: CalendarEvent = {
|
|
type: booking.title,
|
|
title: booking.title,
|
|
description: booking.description || undefined,
|
|
startTime: booking.startTime.toISOString(),
|
|
endTime: booking.endTime.toISOString(),
|
|
customInputs: isPrismaObjOrUndefined(booking.customInputs),
|
|
...getCalEventResponses({
|
|
booking: booking,
|
|
bookingFields: booking.eventType?.bookingFields || null,
|
|
}),
|
|
organizer: {
|
|
email: user.email,
|
|
name: user.name!,
|
|
timeZone: user.timeZone,
|
|
language: { translate: t, locale: user.locale ?? "en" },
|
|
},
|
|
attendees: attendeesList,
|
|
uid: booking.uid,
|
|
destinationCalendar: booking.destinationCalendar
|
|
? [booking.destinationCalendar]
|
|
: user.destinationCalendar
|
|
? [user.destinationCalendar]
|
|
: [],
|
|
recurringEvent: parseRecurringEvent(eventTypeRaw?.recurringEvent),
|
|
};
|
|
|
|
if (booking.location) evt.location = booking.location;
|
|
|
|
const bookingData: Prisma.BookingUpdateInput = {
|
|
paid: true,
|
|
status: BookingStatus.ACCEPTED,
|
|
};
|
|
|
|
const isConfirmed = booking.status === BookingStatus.ACCEPTED;
|
|
if (isConfirmed) {
|
|
const eventManager = new EventManager(user);
|
|
const scheduleResult = await eventManager.create(evt);
|
|
bookingData.references = { create: scheduleResult.referencesToCreate };
|
|
}
|
|
|
|
if (eventTypeRaw?.requiresConfirmation) {
|
|
delete bookingData.status;
|
|
}
|
|
|
|
if (!payment?.success) {
|
|
await prisma.payment.update({
|
|
where: {
|
|
id: payment.id,
|
|
},
|
|
data: {
|
|
success: true,
|
|
},
|
|
});
|
|
}
|
|
|
|
if (booking.status === "PENDING") {
|
|
await prisma.booking.update({
|
|
where: {
|
|
id: booking.id,
|
|
},
|
|
data: bookingData,
|
|
});
|
|
}
|
|
|
|
if (!isConfirmed && !eventTypeRaw?.requiresConfirmation) {
|
|
await handleConfirmation({ user, evt, prisma, bookingId: booking.id, booking, paid: true });
|
|
} else {
|
|
await sendScheduledEmails({ ...evt });
|
|
}
|
|
|
|
throw new HttpCode({
|
|
statusCode: 200,
|
|
message: `Booking with id '${booking.id}' was paid and confirmed.`,
|
|
});
|
|
}
|
|
|
|
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
|
|
try {
|
|
if (req.method !== "POST") {
|
|
throw new HttpCode({ statusCode: 405, message: "Method Not Allowed" });
|
|
}
|
|
|
|
const bodyRaw = await getRawBody(req);
|
|
const headers = req.headers;
|
|
const bodyAsString = bodyRaw.toString();
|
|
|
|
const parseHeaders = webhookHeadersSchema.safeParse(headers);
|
|
if (!parseHeaders.success) {
|
|
console.error(parseHeaders.error);
|
|
throw new HttpCode({ statusCode: 400, message: "Bad Request" });
|
|
}
|
|
const parse = eventSchema.safeParse(JSON.parse(bodyAsString));
|
|
if (!parse.success) {
|
|
console.error(parse.error);
|
|
throw new HttpCode({ statusCode: 400, message: "Bad Request" });
|
|
}
|
|
|
|
const { data: parsedPayload } = parse;
|
|
|
|
if (parsedPayload.event_type === "CHECKOUT.ORDER.APPROVED") {
|
|
return await handlePaymentSuccess(parsedPayload, bodyAsString, parseHeaders.data);
|
|
}
|
|
} catch (_err) {
|
|
const err = getErrorFromUnknown(_err);
|
|
console.error(`Webhook Error: ${err.message}`);
|
|
res.status(200).send({
|
|
message: err.message,
|
|
stack: IS_PRODUCTION ? undefined : err.stack,
|
|
});
|
|
return;
|
|
}
|
|
|
|
// Return a response to acknowledge receipt of the event
|
|
res.status(200).end();
|
|
}
|
|
|
|
const resourceSchema = z
|
|
.object({
|
|
create_time: z.string(),
|
|
id: z.string(),
|
|
payment_source: z.object({
|
|
paypal: z.object({}).optional(),
|
|
}),
|
|
intent: z.string(),
|
|
payer: z.object({
|
|
email_address: z.string(),
|
|
payer_id: z.string(),
|
|
address: z.object({
|
|
country_code: z.string(),
|
|
}),
|
|
}),
|
|
status: z.string().optional(),
|
|
})
|
|
.passthrough();
|
|
|
|
const eventSchema = z
|
|
.object({
|
|
id: z.string(),
|
|
create_time: z.string(),
|
|
resource_type: z.string(),
|
|
event_type: z.string(),
|
|
summary: z.string(),
|
|
resource: resourceSchema,
|
|
status: z.string().optional(),
|
|
event_version: z.string(),
|
|
resource_version: z.string(),
|
|
})
|
|
.passthrough();
|
|
|
|
const webhookHeadersSchema = z
|
|
.object({
|
|
"paypal-auth-algo": z.string(),
|
|
"paypal-cert-url": z.string(),
|
|
"paypal-transmission-id": z.string(),
|
|
"paypal-transmission-sig": z.string(),
|
|
"paypal-transmission-time": z.string(),
|
|
})
|
|
.passthrough();
|
|
|
|
type WebHookHeadersType = z.infer<typeof webhookHeadersSchema>;
|
|
|
|
export const findPaymentCredentials = async (
|
|
bookingId: number
|
|
): Promise<{ clientId: string; secretKey: string; webhookId: string }> => {
|
|
try {
|
|
// @TODO: what about team bookings with paypal?
|
|
const userFromBooking = await prisma?.booking.findFirst({
|
|
where: {
|
|
id: bookingId,
|
|
},
|
|
select: {
|
|
id: true,
|
|
userId: true,
|
|
},
|
|
});
|
|
|
|
if (!userFromBooking) throw new Error("No user found");
|
|
|
|
const credentials = await prisma?.credential.findFirst({
|
|
where: {
|
|
appId: "paypal",
|
|
userId: userFromBooking?.userId,
|
|
},
|
|
select: {
|
|
key: true,
|
|
},
|
|
});
|
|
if (!credentials) {
|
|
throw new Error("No credentials found");
|
|
}
|
|
const parsedCredentials = paypalCredentialKeysSchema.safeParse(credentials?.key);
|
|
if (!parsedCredentials.success) {
|
|
throw new Error("Credentials malformed");
|
|
}
|
|
|
|
return {
|
|
clientId: parsedCredentials.data.client_id,
|
|
secretKey: parsedCredentials.data.secret_key,
|
|
webhookId: parsedCredentials.data.webhook_id,
|
|
};
|
|
} catch (err) {
|
|
console.error(err);
|
|
return {
|
|
clientId: "",
|
|
secretKey: "",
|
|
webhookId: "",
|
|
};
|
|
}
|
|
};
|