xtr.dev/payload-billing
1
0
Fork 0
mirror of https://github.com/xtr-dev/payload-billing.git synced 2025-12-10 02:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: xtr.dev:claude/issue-22-20250919-1107
Branches Tags
xtr.dev:main xtr.dev:dev xtr.dev:claude/issue-22-20250919-1107 xtr.dev:claude/issue-17-20250918-1938 xtr.dev:claude/issue-14-20250918-1914 xtr.dev:add-claude-github-actions-1757776739010
xtr.dev:v0.1.28 xtr.dev:v0.1.27 xtr.dev:v0.1.26 xtr.dev:v0.1.25 xtr.dev:v0.1.24 xtr.dev:v0.1.23 xtr.dev:v0.1.22 xtr.dev:v0.1.21 xtr.dev:v0.1.20 xtr.dev:v0.1.19 xtr.dev:v0.1.18 xtr.dev:v0.1.16 xtr.dev:v0.1.15 xtr.dev:v0.1.14 xtr.dev:v0.1.13 xtr.dev:v0.1.12 xtr.dev:v0.1.11 xtr.dev:v0.1.10 xtr.dev:v0.1.9 xtr.dev:v0.1.8 xtr.dev:v0.1.7 xtr.dev:v0.1.6 xtr.dev:v0.1.5 xtr.dev:v0.1.4 xtr.dev:v0.1.2 xtr.dev:v0.1.1
..
compare: xtr.dev:v0.1.9
Branches Tags
xtr.dev:main xtr.dev:dev xtr.dev:claude/issue-22-20250919-1107 xtr.dev:claude/issue-17-20250918-1938 xtr.dev:claude/issue-14-20250918-1914 xtr.dev:add-claude-github-actions-1757776739010
xtr.dev:v0.1.28 xtr.dev:v0.1.27 xtr.dev:v0.1.26 xtr.dev:v0.1.25 xtr.dev:v0.1.24 xtr.dev:v0.1.23 xtr.dev:v0.1.22 xtr.dev:v0.1.21 xtr.dev:v0.1.20 xtr.dev:v0.1.19 xtr.dev:v0.1.18 xtr.dev:v0.1.16 xtr.dev:v0.1.15 xtr.dev:v0.1.14 xtr.dev:v0.1.13 xtr.dev:v0.1.12 xtr.dev:v0.1.11 xtr.dev:v0.1.10 xtr.dev:v0.1.9 xtr.dev:v0.1.8 xtr.dev:v0.1.7 xtr.dev:v0.1.6 xtr.dev:v0.1.5 xtr.dev:v0.1.4 xtr.dev:v0.1.2 xtr.dev:v0.1.1

6 Commits
claude/iss ... v0.1.9

Author SHA1 Message Date
Bas
2907d0fa9d Merge pull request #25 from xtr-dev/dev 
Dev
 2025-09-19 14:06:09 +02:00
Bas van den Aakster
05d612e606 feat: make InitPayment support both async and non-async functions 
- Updated InitPayment type to return Promise<Partial<Payment>> | Partial<Payment>
- Modified initProviderPayment hook to handle both async and sync returns using Promise.resolve()
- Enables payment providers to use either async or synchronous initPayment implementations

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-19 14:00:58 +02:00
Bas van den Aakster
dc9bc2db57 chore: bump package version to 0.1.9 and simplify test provider initialization logic 2025-09-19 13:55:48 +02:00
Bas van den Aakster
7590a5445c fix: enhance error handling and eliminate type safety issues in test provider 
Database Error Handling:
- Add comprehensive error handling utility `updatePaymentInDatabase()`
- Ensure consistent session status updates across all error scenarios
- Prevent inconsistent states with proper error propagation and logging
- Add structured error responses with detailed error messages

Type Safety Improvements:
- Remove all unsafe `as any` casts except for necessary PayloadCMS collection constraints
- Add proper TypeScript interfaces and validation functions
- Fix type compatibility issues with TestModeIndicators using nullish coalescing
- Enhance error type checking with proper instanceof checks

Utility Functions:
- Abstract common collection name extraction pattern into `getPaymentsCollectionName()`
- Centralize database operation patterns for consistency
- Add structured error handling with success/error result patterns
- Improve logging with proper error message extraction

Code Quality:
- Replace ad-hoc error handling with consistent, reusable patterns
- Add proper error propagation throughout the payment processing flow
- Ensure all database errors are caught and handled gracefully
- Maintain session consistency even when database operations fail

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-19 13:44:13 +02:00
Bas van den Aakster
ed27501afc fix: add comprehensive input validation to test provider API endpoints 
- Add proper request schema validation for ProcessPaymentRequest interface
- Validate paymentId format and ensure it follows test_pay_ pattern
- Validate scenarioId and method parameters with type safety
- Replace unsafe 'as any' casting with proper validation functions
- Add consistent JSON error responses with appropriate HTTP status codes
- Improve error messages for better debugging and API usability

Security improvements:
- Prevent injection attacks through input validation
- Ensure all API endpoints validate their inputs properly
- Add format validation for payment IDs to prevent invalid requests

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-19 13:19:15 +02:00
Bas
56bd4fc7ce Merge pull request #23 from xtr-dev/claude/issue-22-20250919-1107 
Claude/issue 22 20250919 1107
 2025-09-19 13:11:49 +02:00
4 changed files with 206 additions and 79 deletions
Expand all files Collapse all files

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@xtr-dev/payload-billing",
"version": "0.1.8",
"version": "0.1.9",
"description": "PayloadCMS plugin for billing and payment provider integrations with tracking and local testing",
"license": "MIT",
"type": "module",

6
src/collections/hooks.ts
View File

@@ -2,10 +2,12 @@ import type { Payment } from '../plugin/types/index'
import type { Payload } from 'payload'
import { useBillingPlugin } from '../plugin/index'
export const initProviderPayment = (payload: Payload, payment: Partial<Payment>) => {
export const initProviderPayment = async (payload: Payload, payment: Partial<Payment>): Promise<Partial<Payment>> => {
const billing = useBillingPlugin(payload)
if (!payment.provider || !billing.providerConfig[payment.provider]) {
throw new Error(`Provider ${payment.provider} not found.`)
}
return billing.providerConfig[payment.provider].initPayment(payload, payment)
// Handle both async and non-async initPayment functions
const result = billing.providerConfig[payment.provider].initPayment(payload, payment)
return await Promise.resolve(result)
}

275
src/providers/test.ts
View File

@@ -5,6 +5,103 @@ import type { Payload } from 'payload'
import { handleWebhookError, logWebhookEvent } from './utils'
import { isValidAmount, isValidCurrencyCode } from './currency'
// Request validation schemas
interface ProcessPaymentRequest {
paymentId: string
scenarioId: string
method: PaymentMethod
}
// Validation functions
function validateProcessPaymentRequest(body: any): { isValid: boolean; data?: ProcessPaymentRequest; error?: string } {
if (!body || typeof body !== 'object') {
return { isValid: false, error: 'Request body must be a valid JSON object' }
}
const { paymentId, scenarioId, method } = body
if (!paymentId || typeof paymentId !== 'string') {
return { isValid: false, error: 'paymentId is required and must be a string' }
}
if (!scenarioId || typeof scenarioId !== 'string') {
return { isValid: false, error: 'scenarioId is required and must be a string' }
}
if (!method || typeof method !== 'string') {
return { isValid: false, error: 'method is required and must be a string' }
}
// Validate method is a valid payment method
const validMethods: PaymentMethod[] = ['ideal', 'creditcard', 'paypal', 'applepay', 'banktransfer']
if (!validMethods.includes(method as PaymentMethod)) {
return { isValid: false, error: `method must be one of: ${validMethods.join(', ')}` }
}
return {
isValid: true,
data: { paymentId, scenarioId, method: method as PaymentMethod }
}
}
function validatePaymentId(paymentId: string): { isValid: boolean; error?: string } {
if (!paymentId || typeof paymentId !== 'string') {
return { isValid: false, error: 'Payment ID is required and must be a string' }
}
// Validate payment ID format (should match test payment ID pattern)
if (!paymentId.startsWith('test_pay_')) {
return { isValid: false, error: 'Invalid payment ID format' }
}
return { isValid: true }
}
// Utility function to safely extract collection name
function getPaymentsCollectionName(pluginConfig: BillingPluginConfig): string {
if (typeof pluginConfig.collections?.payments === 'string') {
return pluginConfig.collections.payments
}
return 'payments'
}
// Enhanced error handling utility for database operations
async function updatePaymentInDatabase(
payload: Payload,
sessionId: string,
status: Payment['status'],
providerData: ProviderData,
pluginConfig: BillingPluginConfig
): Promise<{ success: boolean; error?: string }> {
try {
const paymentsCollection = getPaymentsCollectionName(pluginConfig)
const payments = await payload.find({
collection: paymentsCollection as any, // PayloadCMS collection type constraint
where: { providerId: { equals: sessionId } },
limit: 1
})
if (payments.docs.length === 0) {
return { success: false, error: 'Payment not found in database' }
}
await payload.update({
collection: paymentsCollection as any, // PayloadCMS collection type constraint
id: payments.docs[0].id,
data: {
status,
providerData
}
})
return { success: true }
} catch (error) {
const errorMessage = error instanceof Error ? error.message : 'Unknown database error'
console.error('[Test Provider] Database update failed:', errorMessage)
return { success: false, error: errorMessage }
}
}
export type PaymentOutcome = 'paid' | 'failed' | 'cancelled' | 'expired' | 'pending'
export type PaymentMethod = 'ideal' | 'creditcard' | 'paypal' | 'applepay' | 'banktransfer'
@@ -145,13 +242,29 @@ export const testProvider = (testConfig: TestProviderConfig) => {
// Extract payment ID from URL path
const urlParts = req.url?.split('/') || []
const paymentId = urlParts[urlParts.length - 1]
if (!paymentId) {
return new Response('Payment ID required', { status: 400 })
return new Response(JSON.stringify({ error: 'Payment ID required' }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
}
// Validate payment ID format
const validation = validatePaymentId(paymentId)
if (!validation.isValid) {
return new Response(JSON.stringify({ error: validation.error }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
}
const session = testPaymentSessions.get(paymentId)
if (!session) {
return new Response('Payment session not found', { status: 404 })
return new Response(JSON.stringify({ error: 'Payment session not found' }), {
status: 404,
headers: { 'Content-Type': 'application/json' }
})
}
// Generate test payment UI
@@ -173,10 +286,10 @@ export const testProvider = (testConfig: TestProviderConfig) => {
name: method.name,
icon: method.icon
})),
testModeIndicators: testConfig.testModeIndicators || {
showWarningBanners: true,
showTestBadges: true,
consoleWarnings: true
testModeIndicators: {
showWarningBanners: testConfig.testModeIndicators?.showWarningBanners ?? true,
showTestBadges: testConfig.testModeIndicators?.showTestBadges ?? true,
consoleWarnings: testConfig.testModeIndicators?.consoleWarnings ?? true
},
defaultDelay: testConfig.defaultDelay || 1000,
customUiRoute: uiRoute
@@ -193,7 +306,17 @@ export const testProvider = (testConfig: TestProviderConfig) => {
try {
const payload = req.payload
const body = await req.json?.() || {}
const { paymentId, scenarioId, method } = body as any
// Validate request body
const validation = validateProcessPaymentRequest(body)
if (!validation.isValid) {
return new Response(JSON.stringify({ error: validation.error }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
}
const { paymentId, scenarioId, method } = validation.data!
const session = testPaymentSessions.get(paymentId)
if (!session) {
@@ -205,7 +328,7 @@ export const testProvider = (testConfig: TestProviderConfig) => {
const scenario = scenarios.find(s => s.id === scenarioId)
if (!scenario) {
return new Response(JSON.stringify({ error: 'Invalid scenario' }), {
return new Response(JSON.stringify({ error: 'Invalid scenario ID' }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
@@ -220,35 +343,35 @@ export const testProvider = (testConfig: TestProviderConfig) => {
setTimeout(() => {
processTestPayment(payload, session, pluginConfig).catch(async (error) => {
console.error('[Test Provider] Failed to process payment:', error)
// Ensure session status is updated consistently
session.status = 'failed'
// Also update the payment record in database
try {
const paymentsCollection = (typeof pluginConfig.collections?.payments === 'string'
? pluginConfig.collections.payments
: 'payments') as any
const payments = await payload.find({
collection: paymentsCollection,
where: { providerId: { equals: session.id } },
limit: 1
})
// Create error provider data
const errorProviderData: ProviderData = {
raw: {
error: error instanceof Error ? error.message : 'Unknown processing error',
processedAt: new Date().toISOString(),
testMode: true
},
timestamp: new Date().toISOString(),
provider: 'test'
}
if (payments.docs.length > 0) {
await payload.update({
collection: paymentsCollection,
id: payments.docs[0].id,
data: {
status: 'failed',
providerData: {
raw: { error: error.message, processedAt: new Date().toISOString() },
timestamp: new Date().toISOString(),
provider: 'test'
}
}
})
}
} catch (dbError) {
console.error('[Test Provider] Failed to update payment in database:', dbError)
// Update payment record in database with enhanced error handling
const dbResult = await updatePaymentInDatabase(
payload,
session.id,
'failed',
errorProviderData,
pluginConfig
)
if (!dbResult.success) {
console.error('[Test Provider] Database error during failure handling:', dbResult.error)
// Even if database update fails, we maintain session consistency
} else {
logWebhookEvent('Test Provider', `Payment ${session.id} marked as failed after processing error`)
}
})
}, scenario.delay || testConfig.defaultDelay || 1000)
@@ -269,10 +392,11 @@ export const testProvider = (testConfig: TestProviderConfig) => {
{
path: '/payload-billing/test/status/:id',
method: 'get',
handler: async (req) => {
handler: (req) => {
// Extract payment ID from URL path
const urlParts = req.url?.split('/') || []
const paymentId = urlParts[urlParts.length - 1]
if (!paymentId) {
return new Response(JSON.stringify({ error: 'Payment ID required' }), {
status: 400,
@@ -280,6 +404,15 @@ export const testProvider = (testConfig: TestProviderConfig) => {
})
}
// Validate payment ID format
const validation = validatePaymentId(paymentId)
if (!validation.isValid) {
return new Response(JSON.stringify({ error: validation.error }), {
status: 400,
headers: { 'Content-Type': 'application/json' }
})
}
const session = testPaymentSessions.get(paymentId)
if (!session) {
return new Response(JSON.stringify({ error: 'Payment session not found' }), {
@@ -299,7 +432,7 @@ export const testProvider = (testConfig: TestProviderConfig) => {
}
]
},
onInit: async (payload: Payload) => {
onInit: (payload: Payload) => {
logWebhookEvent('Test Provider', 'Test payment provider initialized')
// Clean up old sessions periodically (older than 1 hour)
@@ -404,52 +537,44 @@ async function processTestPayment(
// Update session status
session.status = session.scenario.outcome
// Find and update the payment in the database
const paymentsCollection = (typeof pluginConfig.collections?.payments === 'string'
? pluginConfig.collections.payments
: 'payments') as any
const payments = await payload.find({
collection: paymentsCollection,
where: {
providerId: {
equals: session.id
}
// Update payment with final status and provider data
const updatedProviderData: ProviderData = {
raw: {
...session.payment,
id: session.id,
status: session.scenario.outcome,
scenario: session.scenario.name,
method: session.method,
processedAt: new Date().toISOString(),
testMode: true
},
limit: 1
})
timestamp: new Date().toISOString(),
provider: 'test'
}
if (payments.docs.length > 0) {
const payment = payments.docs[0]
// Update payment with final status and provider data
const updatedProviderData: ProviderData = {
raw: {
...session.payment,
id: session.id,
status: session.scenario.outcome,
scenario: session.scenario.name,
method: session.method,
processedAt: new Date().toISOString(),
testMode: true
},
timestamp: new Date().toISOString(),
provider: 'test'
}
await payload.update({
collection: paymentsCollection,
id: payment.id,
data: {
status: finalStatus,
providerData: updatedProviderData
}
})
// Use the utility function for database operations
const dbResult = await updatePaymentInDatabase(
payload,
session.id,
finalStatus,
updatedProviderData,
pluginConfig
)
if (dbResult.success) {
logWebhookEvent('Test Provider', `Payment ${session.id} processed with outcome: ${session.scenario.outcome}`)
} else {
console.error('[Test Provider] Failed to update payment in database:', dbResult.error)
// Update session status to indicate database error, but don't throw
// This allows the UI to still show the intended test result
session.status = 'failed'
throw new Error(`Database update failed: ${dbResult.error}`)
}
} catch (error) {
console.error('[Test Provider] Failed to process payment:', error)
const errorMessage = error instanceof Error ? error.message : 'Unknown processing error'
console.error('[Test Provider] Failed to process payment:', errorMessage)
session.status = 'failed'
throw error // Re-throw to be handled by the caller
}
}

2
src/providers/types.ts
View File

@@ -2,7 +2,7 @@ import type { Payment } from '../plugin/types/payments'
import type { Config, Payload } from 'payload'
import type { BillingPluginConfig } from '../plugin/config'
export type InitPayment = (payload: Payload, payment: Partial<Payment>) => Promise<Partial<Payment>>
export type InitPayment = (payload: Payload, payment: Partial<Payment>) => Promise<Partial<Payment>> | Partial<Payment>
export type PaymentProvider = {
key: string