fix payment processing workflow

Author: jdnichollsc

.env.example

@@ -25,6 +25,7 @@ EMAIL_FROM_NAME=ProjectX Team
 
 # PAYMENT SETTINGS
 # You can find your secret key in your Stripe account
+STRIPE_PUBLISHABLE_KEY=pk_test_your_stripe_publishable_key
 STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key
 # If you are testing your webhook locally with the Stripe CLI you
 # can find the endpoint's secret by running `stripe listen`

README.md

@@ -220,6 +220,14 @@ docker-compose down --volumes
   - [Automatic fulfillment Orders](https://docs.stripe.com/checkout/fulfillment)
   - [Interactive webhook endpoint builder](https://docs.stripe.com/webhooks/quickstart)
   - [Trigger webhook events with the Stripe CLI](https://docs.stripe.com/stripe-cli/triggers)
+  - [Testing cards](https://docs.stripe.com/testing#cards)
+- Stripe commands for testing webhooks:
+```bash
+brew install stripe/stripe-cli/stripe
+stripe login --api-key ...
+stripe trigger payment_intent.succeeded
+stripe listen --forward-to localhost:8081/order/webhook
+```
 
 ## Supporting 🍻
 I believe in Unicorns 🦄

apps/order/src/app/activities/activities.service.ts

@@ -16,4 +16,8 @@ export class ActivitiesService {
   async reportPaymentFailed(orderId: number) {
     return this.orderService.reportPaymentFailed(orderId);
   }
+
+  async reportPaymentConfirmed(orderId: number) {
+    return this.orderService.reportPaymentConfirmed(orderId);
+  }
 }

apps/order/src/app/app.controller.ts

@@ -4,24 +4,25 @@ import {
   Get,
   Post,
   Headers,
-  RawBodyRequest,
-  Req,
   UseGuards,
   Param,
   HttpStatus,
   HttpCode,
   Delete,
+  Req,
+  RawBodyRequest,
 } from '@nestjs/common';
 import {
   ApiBearerAuth,
   ApiOkResponse,
   ApiOperation,
   ApiParam,
   ApiTags,
+  ApiHeader,
+  ApiResponse,
 } from '@nestjs/swagger';
 import { AuthenticatedUser, AuthUser, JwtAuthGuard } from '@projectx/core';
 import { CreateOrderDto, OrderStatusResponseDto } from '@projectx/models';
-import { Request } from 'express';
 
 import { AppService } from './app.service';
 
@@ -75,11 +76,30 @@ export class AppController {
     return this.appService.cancelOrder(referenceId);
   }
 
+  @ApiOperation({
+    summary: 'Handle Stripe webhook events',
+    description: 'Endpoint for receiving webhook events from Stripe for payment processing',
+  })
+  @ApiHeader({
+    name: 'stripe-signature',
+    description: 'Stripe signature for webhook event verification',
+    required: true,
+  })
+  @ApiResponse({
+    status: 200,
+    description: 'Webhook event processed successfully',
+  })
+  @ApiResponse({
+    status: 400,
+    description: 'Invalid payload or signature',
+  })
+  @HttpCode(HttpStatus.OK)
   @Post('/webhook')
   async handleStripeWebhook(
     @Req() request: RawBodyRequest<Request>,
     @Headers('stripe-signature') signature: string
   ) {
+    // Validate and process the webhook
     return this.appService.handleWebhook(request.rawBody, signature);
   }
 }

apps/order/src/app/app.service.ts

@@ -1,4 +1,10 @@
-import { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common';
+import {
+  BadRequestException,
+  HttpException,
+  HttpStatus,
+  Injectable,
+  Logger,
+} from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import { CreateOrderDto } from '@projectx/models';
 import {
@@ -87,9 +93,9 @@ export class AppService {
           HttpStatus.CONFLICT
         );
       } else {
-        throw new HttpException(
+        this.logger.error(`createOrder(${user.email}) - Error creating order`, error);
+        throw new BadRequestException(
           'Error creating order',
-          HttpStatus.INTERNAL_SERVER_ERROR,
           {
             cause: error,
           }
@@ -111,7 +117,7 @@ export class AppService {
       throw new HttpException('No active order found', HttpStatus.NOT_FOUND);
     }
 
-    if (Date.now() - description.startTime.getMilliseconds() >= WORKFLOW_TTL) {
+    if (Date.now() - description.startTime.getTime() >= WORKFLOW_TTL) {
       throw new HttpException('Order has expired', HttpStatus.GONE);
     }
 
@@ -127,17 +133,25 @@ export class AppService {
     await handle.signal(cancelWorkflowSignal);
   }
 
-  async handleWebhook(payload: Buffer, signature: string) {
-    this.logger.log('Processing webhook event');
+  async handleWebhook(payload: string | Buffer, signature: string) {
+    if (!payload || !signature) {
+      this.logger.error(`handleWebhook(${signature}) - No payload received`);
+      throw new BadRequestException('No payload received');
+    }
+    this.logger.log(`handleWebhook(${signature}) - Processing webhook event`);
     try {
       // Verify and construct the webhook event
-      const event = await this.stripeService.constructWebhookEvent(
+      const event = this.stripeService.constructWebhookEvent(
         payload,
         signature
       );
 
       // Extract payment intent data
       const paymentIntent = this.stripeService.handleWebhookEvent(event);
+      if (!paymentIntent?.metadata) {
+        this.logger.error(`handleWebhook(${signature}) - Unhandled event type: ${event.type}`);
+        return { received: true };
+      }
       const { userId, referenceId } = paymentIntent.metadata;
 
       if (!userId || !referenceId) {
@@ -174,8 +188,10 @@ export class AppService {
       // Return true to indicate the webhook was received
       return { received: true };
     } catch (err) {
-      this.logger.error('Webhook Error:', err.message);
-      throw err;
+      this.logger.error(`handleWebhook(${signature}) - Webhook Error: ${err.message}`);
+      throw new BadRequestException('Webhook Error', {
+        cause: err,
+      });
     }
   }
 }

apps/order/src/app/order/order.service.ts

@@ -46,4 +46,14 @@ export class OrderService {
     // TODO: Send email notification to user about payment failure
     return updatedOrder;
   }
+
+  async reportPaymentConfirmed(orderId: number) {
+    this.logger.log(`reportPaymentConfirmed(${orderId})`);
+    const updatedOrder = await this.orderRepositoryService.updateOrderStatus(
+      orderId,
+      OrderStatus.Confirmed
+    );
+    // TODO: Send email notification to user about payment confirmation
+    return updatedOrder;
+  }
 }

apps/order/src/main.ts

@@ -6,7 +6,8 @@ import { AppModule } from './app/app.module';
 // Export activities to be used in workflows
 export * from './app/activities/activities.service';
 
-bootstrapApp(AppModule).catch((err) => {
+// Enable raw body parsing for webhook events
+bootstrapApp(AppModule, { rawBody: true }).catch((err) => {
   Logger.error(
     `⚠️ Application failed to start: ${err}`
   )

apps/order/src/workflows/order.workflow.ts

@@ -18,24 +18,28 @@ import {
   createOrderUpdate,
   getOrderStateQuery,
   getWorkflowIdByPaymentOrder,
+  paymentWebHookEventSignal,
 } from '../../../../libs/backend/core/src/lib/order/workflow.utils';
 import { cancelWorkflowSignal } from '../../../../libs/backend/core/src/lib/workflows';
 import type { OrderStatusResponseDto } from '../../../../libs/models/src/order/order.dto';
 import type { ActivitiesService } from '../main';
-
-const { createOrder: createOrderActivity, reportPaymentFailed } =
-  proxyActivities<ActivitiesService>({
-    startToCloseTimeout: '5 seconds',
-    retry: {
-      initialInterval: '2s',
-      maximumInterval: '10s',
-      maximumAttempts: 10,
-      backoffCoefficient: 1.5,
-      nonRetryableErrorTypes: [OrderWorkflowNonRetryableErrors.UNKNOWN_ERROR],
-    },
-  });
 import { processPayment } from './process-payment.workflow';
 
+const {
+  createOrder: createOrderActivity,
+  reportPaymentFailed,
+  reportPaymentConfirmed,
+} = proxyActivities<ActivitiesService>({
+  startToCloseTimeout: '5 seconds',
+  retry: {
+    initialInterval: '2s',
+    maximumInterval: '10s',
+    maximumAttempts: 10,
+    backoffCoefficient: 1.5,
+    nonRetryableErrorTypes: [OrderWorkflowNonRetryableErrors.UNKNOWN_ERROR],
+  },
+});
+
 export enum OrderStatus {
   Pending = 'Pending',
   Confirmed = 'Confirmed',
@@ -76,6 +80,9 @@ export async function createOrder(
       log.error('The payment process has already finished, cannot cancel');
     }
   });
+  setHandler(paymentWebHookEventSignal, (e) =>
+    processPaymentWorkflow?.signal(paymentWebHookEventSignal, e)
+  );
   // Create the order and the payment intent with the payment provider
   setHandler(createOrderUpdate, async () => {
     const { order, clientSecret } = await createOrderActivity(data);
@@ -106,6 +113,7 @@ export async function createOrder(
     }
     processPaymentWorkflow = undefined;
     state.status = OrderStatus.Confirmed;
+    await reportPaymentConfirmed(state.orderId);
   }
 
   // TODO: Second step - Ship the order

apps/web/app/config/app.config.server.ts

@@ -7,7 +7,7 @@ export const sessionSecret = getRequiredServerEnvVar(
   'SESSION_SECRET',
   'MY_SECRET_KEY'
 );
-export const stripeSecretKey = getRequiredServerEnvVar('STRIPE_SECRET_KEY');
+export const stripePublishableKey = getRequiredServerEnvVar('STRIPE_PUBLISHABLE_KEY');
 export const authAPIUrl = getRequiredServerEnvVar('AUTH_API_URL', 'http://localhost:8081');
 export const orderAPIUrl = getRequiredServerEnvVar('ORDER_API_URL', 'http://localhost:8082');
 export const productAPIUrl = getRequiredServerEnvVar('PRODUCT_API_URL', 'http://localhost:8083');

apps/web/app/config/env.server.ts

@@ -1,11 +1,18 @@
-import { authAPIUrl, environment, orderAPIUrl, productAPIUrl } from './app.config.server';
+import {
+  authAPIUrl,
+  environment,
+  orderAPIUrl,
+  productAPIUrl,
+  stripePublishableKey,
+} from './app.config.server';
 
 export function getEnv() {
   return {
     NODE_ENV: environment,
     AUTH_API_URL: authAPIUrl,
     ORDER_API_URL: orderAPIUrl,
     PRODUCT_API_URL: productAPIUrl,
+    STRIPE_PUBLISHABLE_KEY: stripePublishableKey,
   };
 }