Leon Serfaty
126 lines
4.7 KiB
TypeScript
126 lines
4.7 KiB
TypeScript
import type { PlanKey } from "./plans";
|
|
|
|
const SANDBOX_BASE = "https://api-m.sandbox.paypal.com";
|
|
const base = () => process.env.PAYPAL_API_BASE ?? SANDBOX_BASE;
|
|
const appUrl = () => process.env.NEXT_PUBLIC_APP_URL ?? "http://localhost:3000";
|
|
|
|
// Loudly warn (but don't throw — never break deploys) if PayPal is pointed at the
|
|
// sandbox while running in production. The sandbox default is fine for dev.
|
|
if (process.env.NODE_ENV === "production" && base().includes("sandbox.paypal.com")) {
|
|
console.warn(
|
|
"[paypal] WARNING: running against the PayPal SANDBOX in production. " +
|
|
"Set PAYPAL_API_BASE=https://api-m.paypal.com for live billing."
|
|
);
|
|
}
|
|
|
|
function creds(): { id: string; secret: string } {
|
|
const id = process.env.PAYPAL_CLIENT_ID;
|
|
const secret = process.env.PAYPAL_CLIENT_SECRET;
|
|
if (!id || !secret) throw new Error("PayPal credentials are not set");
|
|
return { id, secret };
|
|
}
|
|
|
|
export function isPaypalConfigured(): boolean {
|
|
return !!(process.env.PAYPAL_CLIENT_ID && process.env.PAYPAL_CLIENT_SECRET);
|
|
}
|
|
|
|
async function accessToken(): Promise<string> {
|
|
const { id, secret } = creds();
|
|
const res = await fetch(`${base()}/v1/oauth2/token`, {
|
|
method: "POST",
|
|
headers: {
|
|
Authorization: `Basic ${Buffer.from(`${id}:${secret}`).toString("base64")}`,
|
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
},
|
|
body: "grant_type=client_credentials",
|
|
});
|
|
if (!res.ok) throw new Error(`PayPal token error ${res.status}`);
|
|
const data = (await res.json()) as { access_token: string };
|
|
return data.access_token;
|
|
}
|
|
|
|
export interface PaypalCustom {
|
|
subjectId: string;
|
|
subjectType: "user" | "organization";
|
|
plan: PlanKey;
|
|
}
|
|
|
|
/** Create a PayPal subscription; returns the subscription id + approval URL. */
|
|
export async function createPaypalSubscription(args: {
|
|
planId: string;
|
|
custom: PaypalCustom;
|
|
}): Promise<{ id: string; approveUrl: string }> {
|
|
const token = await accessToken();
|
|
const res = await fetch(`${base()}/v1/billing/subscriptions`, {
|
|
method: "POST",
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
"Content-Type": "application/json",
|
|
Prefer: "return=representation",
|
|
},
|
|
body: JSON.stringify({
|
|
plan_id: args.planId,
|
|
custom_id: JSON.stringify(args.custom),
|
|
application_context: {
|
|
brand_name: "PodcastYes",
|
|
user_action: "SUBSCRIBE_NOW",
|
|
shipping_preference: "NO_SHIPPING",
|
|
return_url: `${appUrl()}/billing?status=success&provider=paypal`,
|
|
cancel_url: `${appUrl()}/billing?status=cancel`,
|
|
},
|
|
}),
|
|
});
|
|
if (!res.ok) throw new Error(`PayPal create subscription ${res.status}: ${await res.text()}`);
|
|
const data = (await res.json()) as { id: string; links: { rel: string; href: string }[] };
|
|
const approveUrl = data.links.find((l) => l.rel === "approve")?.href;
|
|
if (!approveUrl) throw new Error("PayPal did not return an approval URL");
|
|
return { id: data.id, approveUrl };
|
|
}
|
|
|
|
export async function getPaypalSubscription(id: string): Promise<Record<string, unknown>> {
|
|
const token = await accessToken();
|
|
const res = await fetch(`${base()}/v1/billing/subscriptions/${id}`, {
|
|
headers: { Authorization: `Bearer ${token}` },
|
|
});
|
|
if (!res.ok) throw new Error(`PayPal get subscription ${res.status}`);
|
|
return res.json();
|
|
}
|
|
|
|
export async function cancelPaypalSubscription(id: string, reason = "Customer requested"): Promise<void> {
|
|
const token = await accessToken();
|
|
const res = await fetch(`${base()}/v1/billing/subscriptions/${id}/cancel`, {
|
|
method: "POST",
|
|
headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" },
|
|
body: JSON.stringify({ reason }),
|
|
});
|
|
if (!res.ok && res.status !== 204) {
|
|
throw new Error(`PayPal cancel subscription ${res.status}: ${await res.text()}`);
|
|
}
|
|
}
|
|
|
|
/** Verify a PayPal webhook signature against PAYPAL_WEBHOOK_ID. */
|
|
export async function verifyPaypalWebhook(
|
|
headers: Record<string, string | undefined>,
|
|
rawBody: string
|
|
): Promise<boolean> {
|
|
const webhookId = process.env.PAYPAL_WEBHOOK_ID;
|
|
if (!webhookId) return false;
|
|
const token = await accessToken();
|
|
const res = await fetch(`${base()}/v1/notifications/verify-webhook-signature`, {
|
|
method: "POST",
|
|
headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" },
|
|
body: JSON.stringify({
|
|
auth_algo: headers["paypal-auth-algo"],
|
|
cert_url: headers["paypal-cert-url"],
|
|
transmission_id: headers["paypal-transmission-id"],
|
|
transmission_sig: headers["paypal-transmission-sig"],
|
|
transmission_time: headers["paypal-transmission-time"],
|
|
webhook_id: webhookId,
|
|
webhook_event: JSON.parse(rawBody),
|
|
}),
|
|
});
|
|
if (!res.ok) return false;
|
|
const data = (await res.json()) as { verification_status: string };
|
|
return data.verification_status === "SUCCESS";
|
|
}
|