Comprehensive admin + user dashboards (production-ready)
This commit is contained in:
Leon Serfaty
+11
-1
@@ -1,8 +1,18 @@
|
||||
import type { PlanKey } from "./plans";
|
||||
|
||||
const base = () => process.env.PAYPAL_API_BASE ?? "https://api-m.sandbox.paypal.com";
|
||||
const SANDBOX_BASE = "https://api-m.sandbox.paypal.com";
|
||||
const base = () => process.env.PAYPAL_API_BASE ?? SANDBOX_BASE;
|
||||
const appUrl = () => process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
|
||||
|
||||
// Loudly warn (but don't throw — never break deploys) if PayPal is pointed at the
|
||||
// sandbox while running in production. The sandbox default is fine for dev.
|
||||
if (process.env.NODE_ENV === "production" && base().includes("sandbox.paypal.com")) {
|
||||
console.warn(
|
||||
"[paypal] WARNING: running against the PayPal SANDBOX in production. " +
|
||||
"Set PAYPAL_API_BASE=https://api-m.paypal.com for live billing."
|
||||
);
|
||||
}
|
||||
|
||||
function creds(): { id: string; secret: string } {
|
||||
const id = process.env.PAYPAL_CLIENT_ID;
|
||||
const secret = process.env.PAYPAL_CLIENT_SECRET;
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
import { prisma } from "@/lib/db";
|
||||
|
||||
/** True if we've already handled this provider event (idempotency). */
|
||||
export async function alreadyProcessed(eventId: string): Promise<boolean> {
|
||||
const existing = await prisma.webhookEvent.findUnique({ where: { eventId } });
|
||||
return !!existing;
|
||||
}
|
||||
|
||||
/** Record a webhook delivery for the admin log (best-effort; unique on eventId). */
|
||||
export async function logWebhook(
|
||||
provider: "stripe" | "paypal",
|
||||
eventId: string,
|
||||
type: string,
|
||||
status: "processed" | "failed" | "skipped",
|
||||
error?: string
|
||||
): Promise<void> {
|
||||
await prisma.webhookEvent
|
||||
.upsert({
|
||||
where: { eventId },
|
||||
create: { provider, eventId, type, status, error },
|
||||
update: { status, error },
|
||||
})
|
||||
.catch((e) => console.error("[webhook-log] write failed", e));
|
||||
}
|
||||
@@ -1,6 +1,7 @@
|
||||
import { z } from "zod";
|
||||
import { upsertSubscription } from "../subscription";
|
||||
import { planFromPaypalPlan } from "../catalog";
|
||||
import type { PlanKey } from "../plans";
|
||||
import { PLAN_ORDER, type PlanKey } from "../plans";
|
||||
|
||||
interface PaypalResource {
|
||||
id?: string;
|
||||
@@ -14,15 +15,30 @@ interface PaypalEvent {
|
||||
resource: PaypalResource;
|
||||
}
|
||||
|
||||
// custom_id is attacker-influenceable JSON; validate it strictly and never trust
|
||||
// it to default to a paid plan.
|
||||
const customSchema = z.object({
|
||||
subjectId: z.string().min(1),
|
||||
subjectType: z.enum(["user", "organization"]),
|
||||
plan: z.enum(PLAN_ORDER as [PlanKey, ...PlanKey[]]),
|
||||
});
|
||||
|
||||
function parseCustom(
|
||||
custom?: string
|
||||
): { subjectId: string; subjectType: "user" | "organization"; plan: PlanKey } | null {
|
||||
if (!custom) return null;
|
||||
let raw: unknown;
|
||||
try {
|
||||
return JSON.parse(custom);
|
||||
raw = JSON.parse(custom);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
const parsed = customSchema.safeParse(raw);
|
||||
if (!parsed.success) {
|
||||
console.warn("[paypal] invalid custom_id payload, skipping");
|
||||
return null;
|
||||
}
|
||||
return parsed.data;
|
||||
}
|
||||
|
||||
async function sync(resource: PaypalResource, status: string) {
|
||||
|
||||
@@ -2,7 +2,12 @@ import type Stripe from "stripe";
|
||||
import { stripe } from "../stripe";
|
||||
import { upsertSubscription } from "../subscription";
|
||||
import { planFromStripePrice } from "../catalog";
|
||||
import type { PlanKey } from "../plans";
|
||||
import { PLAN_ORDER, type PlanKey } from "../plans";
|
||||
|
||||
/** Narrow attacker-influenceable metadata to a known PlanKey, else null. */
|
||||
function planFromMetadata(value?: string | null): PlanKey | null {
|
||||
return value && (PLAN_ORDER as string[]).includes(value) ? (value as PlanKey) : null;
|
||||
}
|
||||
|
||||
function normalizeStatus(status: Stripe.Subscription.Status): string {
|
||||
switch (status) {
|
||||
@@ -23,9 +28,11 @@ async function syncStripeSubscription(
|
||||
const item = sub.items.data[0];
|
||||
const priceId = item?.price?.id;
|
||||
const mapped = priceId ? planFromStripePrice(priceId) : null;
|
||||
const plan = ((metadata?.plan as PlanKey) || mapped?.plan || "free") as PlanKey;
|
||||
// metadata.plan is attacker-influenceable; only honour it if it's a known plan.
|
||||
// The price-mapping fallback (derived from the real Stripe price) is preferred.
|
||||
const plan: PlanKey = planFromMetadata(metadata?.plan) ?? mapped?.plan ?? "free";
|
||||
const referenceId = metadata?.subjectId || sub.metadata?.subjectId;
|
||||
if (!referenceId) {
|
||||
if (!referenceId || referenceId.trim() === "") {
|
||||
console.warn("[stripe] subscription without subjectId metadata, skipping", sub.id);
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user