stripe onboarding

Author: vkarpov15

index.js

@@ -19,7 +19,7 @@ const topLevelFiles = new Set(
   fs.readdirSync('./public').filter(file => file.endsWith('.html'))
 );
 
-app.use('/.netlify/functions', cors(), express.json(), function netlifyFunctionsMiddleware(req, res) {
+app.use('/.netlify/functions', cors(), express.json({ verify: (req, res, buf) => { req.rawBody = buf; } }), function netlifyFunctionsMiddleware(req, res) {
   const actionName = req.path.replace(/^\//, '');
   if (!netlifyFunctions.hasOwnProperty(actionName)) {
     throw new Error(`Action ${actionName} not found`);
@@ -29,6 +29,7 @@ app.use('/.netlify/functions', cors(), express.json(), function netlifyFunctions
   const params = {
     headers: req.headers,
     body: JSON.stringify(req.body),
+    rawBody: req.rawBody,
     queryStringParameters: req.query
   };
   action.handler(params).

netlify/functions/getWorkspaceCustomerPortalLink.js

@@ -0,0 +1,5 @@
+'use strict';
+
+const extrovert = require('extrovert');
+
+module.exports = extrovert.toNetlifyFunction(require('../../src/actions/getWorkspaceCustomerPortalLink'));

netlify/functions/stripeWebhook.js

@@ -0,0 +1,5 @@
+'use strict';
+
+const extrovert = require('extrovert');
+
+module.exports = extrovert.toNetlifyFunction(require('../../src/actions/stripeWebhook'));

src/actions/getWorkspaceCustomerPortalLink.js

@@ -0,0 +1,43 @@
+'use strict';
+
+const Archetype = require('archetype');
+const connect = require('../../src/db');
+const mongoose = require('mongoose');
+const stripe = require('../integrations/stripe');
+
+const GetInvitationsForWorkspaceParams = new Archetype({
+  authorization: {
+    $type: 'string',
+    $required: true
+  },
+  workspaceId: {
+    $type: mongoose.Types.ObjectId,
+    $required: true
+  }
+}).compile('GetInvitationsParams');
+
+module.exports = async function getWorkspaceTeam(params) {
+  const { authorization, workspaceId } = new GetInvitationsForWorkspaceParams(params);
+
+  const db = await connect();
+  const { AccessToken, Invitation, User, Workspace } = db.models;
+
+  // Find the user linked to the access token
+  const accessToken = await AccessToken.findById(authorization).orFail(new Error('Invalid access token'));
+  const userId = accessToken.userId;
+
+  // Find the workspace and check user permissions
+  const workspace = await Workspace.findById(workspaceId).orFail(new Error('Workspace not found'));
+
+  const isAuthorized = workspace.members.some(member =>
+    member.userId.toString() === userId.toString() && member.roles.find(role => role === 'admin' || role === 'owner')
+  );
+
+  if (!isAuthorized) {
+    throw new Error('User is not authorized to view workspace team');
+  }
+
+  const url = await stripe.createCustomerPortalLink(workspace.stripeCustomerId);
+
+  return { url };
+};

src/actions/inviteToWorkspace.js

@@ -48,6 +48,9 @@ module.exports = async function inviteToWorkspace(params) {
   if (inviterRoles == null || (!inviterRoles.includes('admin') && !inviterRoles.includes('owner'))) {
     throw new Error('Forbidden');
   }
+  if (workspace.subscriptionTier !== 'pro') {
+    throw new Error('Cannot invite user without creating a subscription');
+  }
 
   const isAlreadyMember = await User.exists(
     { _id: { $in: workspace.members.map(member => member.userId) },

src/actions/removeFromWorkspace.js

@@ -3,6 +3,7 @@
 const Archetype = require('archetype');
 const connect = require('../../src/db');
 const mongoose = require('mongoose');
+const stripe = require('../integrations/stripe');
 
 const RemoveFromWorkspaceParams = new Archetype({
   authorization: {
@@ -21,7 +22,7 @@ const RemoveFromWorkspaceParams = new Archetype({
 
 module.exports = async function removeFromWorkspace(params) {
   const db = await connect();
-  const { AccessToken, Workspace } = db.models;
+  const { AccessToken, User, Workspace } = db.models;
 
   const { authorization, workspaceId, userId } = new RemoveFromWorkspaceParams(params);
 
@@ -46,5 +47,11 @@ module.exports = async function removeFromWorkspace(params) {
   workspace.members.splice(memberIndex, 1);
   await workspace.save();
 
-  return { workspace };
+  const users = await User.find({ _id: { $in: workspace.members.map(member => member.userId) } });
+  if (workspace.stripeSubscriptionId) {
+    const seats = users.filter(user => !user.isFreeUser).length;
+    await stripe.updateSubscriptionSeats(workspace.stripeSubscriptionId, seats);
+  }
+
+  return { workspace, users };
 };

src/actions/stripeWebhook.js

@@ -0,0 +1,60 @@
+'use strict';
+
+const Archetype = require('archetype');
+const assert = require('assert');
+const connect = require('../../src/db');
+const mongoose = require('mongoose');
+const stripe = require('../integrations/stripe');
+
+const StripeWebhookParams = new Archetype({
+  type: {
+    $type: 'string'
+  },
+  data: {
+    object: {
+      client_reference_id: {
+        $type: 'string'
+      },
+      customer: {
+        $type: 'string'
+      },
+      subscription: {
+        $type: 'string'
+      }
+    }
+  }
+}).compile('StripeWebhookParams');
+
+module.exports = async function stripeWebhook(params, req) {
+  console.log('AB', req, req.headers['stripe-signature'], process.env.STRIPE_WEBHOOK_SECRET);
+  try {
+    stripe.client.webhooks.constructEvent(req.rawBody, req.headers['stripe-signature'], process.env.STRIPE_WEBHOOK_SECRET);
+  } catch (err) {
+    console.log('Caught', err);
+    throw new Error('Invalid webhook signature');
+  }
+
+  const db = await connect();
+
+  const { Workspace } = db.models;
+
+  const { type, data } = new StripeWebhookParams(params);
+
+  if (type === 'checkout.session.completed') {
+    const workspaceId = data?.object?.client_reference_id;
+    assert.ok(workspaceId, 'no workspace id found');
+    const workspace = await Workspace.findById(workspaceId).orFail();
+    assert.ok(!workspace.stripeSubscriptionId, 'workspace already has a subscription');
+    assert.ok(data.object.customer, 'no customer found in webhook');
+    assert.ok(data.object.subscription, 'no subscription found in webhook');
+
+    workspace.stripeCustomerId = data.object.customer;
+    workspace.stripeSubscriptionId = data.object.subscription;
+    workspace.subscriptionTier = 'pro';
+    await workspace.save();
+
+    return { workspace };
+  }
+
+  return {};
+};

src/db/workspace.js

@@ -48,4 +48,15 @@ const workspaceSchema = new mongoose.Schema({
 
 workspaceSchema.index({ apiKey: 1 }, { unique: true });
 
+workspaceSchema.virtual('pricePerSeat').get(function pricePerSeat() {
+  if (this.subscriptionTier === 'free') {
+    return 0;
+  }
+  if (this.subscriptionTier === 'pro') {
+    return 19;
+  }
+
+  return null;
+});
+
 module.exports = workspaceSchema;

src/integrations/stripe.js

@@ -3,12 +3,13 @@
 const assert = require('assert');
 const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
 
+exports.client = stripe;
+
 exports.listSubscriptions = async function listSubscriptions() {
   const subscriptions = await stripe.subscriptions.list();
   return subscriptions;
 };
 
-
 exports.getSubscription = async function getSubscription(subscriptionId) {
   const subscription = await stripe.subscriptions.retrieve(subscriptionId);
   return subscription;
@@ -26,4 +27,13 @@ exports.updateSubscriptionSeats = async function updateSubscriptionSeats(subscri
   );
 
   return updatedSubscription;
-};
+};
+
+exports.createCustomerPortalLink = async function createCustomerPortalLink(customerId, returnUrl) {
+  const portalSession = await stripe.billingPortal.sessions.create({
+    customer: customerId,
+    return_url: returnUrl // URL to redirect the user back after they leave the portal
+  });
+
+  return portalSession.url; // This is the link to the customer portal
+};