Debugging payment gateway bug

jzongker · jzongker · commit a2d2537999d8 · 2026-02-02T09:19:35.000-06:00
diff --git a/src/modules/giving/controllers/CustomerController.ts b/src/modules/giving/controllers/CustomerController.ts
@@ -23,7 +23,8 @@ export class CustomerController extends GivingCrudController {
   @httpGet("/:id/subscriptions")
   public async getSubscriptions(@requestParam("id") id: string, req: express.Request<{}, {}, null>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Subscriptions are Stripe-only currently
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       let permission = false;
       if (gateway) {
         if (au.checkAccess(Permissions.donations.viewSummary)) {
diff --git a/src/modules/giving/controllers/PaymentMethodController.ts b/src/modules/giving/controllers/PaymentMethodController.ts
@@ -113,7 +113,8 @@ export class PaymentMethodController extends GivingCrudController {
   @httpGet("/personid/:id")
   public async getPersonPaymentMethods(@requestParam("id") id: string, req: express.Request<{}, {}, null>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Default to Stripe for payment method operations (vault requires Stripe or PayPal)
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       const permission = gateway && (au.checkAccess(Permissions.donations.view) || id === au.personId);
       if (!permission) return this.json({}, 401);
 
@@ -228,9 +229,10 @@ export class PaymentMethodController extends GivingCrudController {
   @httpPost("/addcard")
   public async addCard(req: express.Request<any>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
-      const { id, personId, customerId, email, name, churchId } = req.body;
+      const { id, personId, customerId, email, name, churchId, provider } = req.body;
       const cId = au?.churchId || churchId;
-      const gateway = await GatewayService.getGatewayForChurch(cId, {}, this.repos.gateway).catch(() => null);
+      // Default to Stripe for card operations, but allow frontend to specify provider
+      const gateway = await GatewayService.getGatewayForChurch(cId, { provider: provider || "stripe" }, this.repos.gateway).catch(() => null);
 
       if (!gateway) {
         return this.json({ error: "Payment gateway not configured" }, 400);
@@ -328,8 +330,8 @@ export class PaymentMethodController extends GivingCrudController {
   @httpPost("/updatecard")
   public async updateCard(req: express.Request<any>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
-      const { personId, paymentMethodId, cardData } = req.body;
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      const { personId, paymentMethodId, cardData, provider } = req.body;
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: provider || "stripe" }, this.repos.gateway).catch(() => null);
       const permission = gateway && (au.checkAccess(Permissions.donations.edit) || personId === au.personId);
       if (!permission) return this.json({ error: "Insufficient permissions" }, 401);
       try {
@@ -356,7 +358,8 @@ export class PaymentMethodController extends GivingCrudController {
     return this.actionWrapper(req, res, async (au) => {
       const { personId, customerId, email, name, churchId } = req.body;
       const cId = au?.churchId || churchId;
-      const gateway = await GatewayService.getGatewayForChurch(cId, {}, this.repos.gateway).catch(() => null);
+      // ACH SetupIntent is Stripe-only
+      const gateway = await GatewayService.getGatewayForChurch(cId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
 
       if (!gateway) {
         return this.json({ error: "Payment gateway not configured" }, 400);
@@ -472,7 +475,8 @@ export class PaymentMethodController extends GivingCrudController {
   public async addBankAccount(req: express.Request<any>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
       const { id, personId, customerId, email, name } = req.body;
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Bank accounts are Stripe-only
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       const permission = gateway && (au.checkAccess(Permissions.donations.edit) || personId === au.personId);
       if (!permission) return this.json({ error: "Insufficient permissions" }, 401);
 
@@ -516,7 +520,8 @@ export class PaymentMethodController extends GivingCrudController {
   public async updateBank(req: express.Request<any>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
       const { paymentMethodId, personId, bankData, customerId } = req.body;
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Bank operations are Stripe-only
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       const permission = gateway && (au.checkAccess(Permissions.donations.edit) || personId === au.personId);
       if (!permission) return this.json({}, 401);
       try {
@@ -531,7 +536,8 @@ export class PaymentMethodController extends GivingCrudController {
   public async verifyBank(req: express.Request<any>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
       const { paymentMethodId, customerId, amountData } = req.body;
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Bank verification is Stripe-only
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       const permission =
         gateway &&
         (au.checkAccess(Permissions.donations.edit) || (await this.repos.customer.convertToModel(au.churchId, await this.repos.customer.load(au.churchId, customerId)).personId) === au.personId);
@@ -549,7 +555,9 @@ export class PaymentMethodController extends GivingCrudController {
   @httpDelete("/:id/:customerid")
   public async deletePaymentMethod(@requestParam("id") id: string, @requestParam("customerid") customerId: string, req: express.Request<{}, {}, null>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Determine provider from payment method ID prefix (pm_ and ba_ are Stripe)
+      const isStripe = id.startsWith("pm_") || id.startsWith("ba_");
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: isStripe ? "stripe" : "paypal" }, this.repos.gateway).catch(() => null);
       const permission =
         gateway &&
         (au.checkAccess(Permissions.donations.edit) || (await this.repos.customer.convertToModel(au.churchId, await this.repos.customer.load(au.churchId, customerId)).personId) === au.personId);
diff --git a/src/modules/giving/controllers/SubscriptionController.ts b/src/modules/giving/controllers/SubscriptionController.ts
@@ -32,7 +32,8 @@ export class SubscriptionController extends GivingCrudController {
   public async save(req: express.Request<{}, {}, any[]>, res: express.Response): Promise<any> {
     return this.actionWrapper(req, res, async (au) => {
       const promises: Promise<any>[] = [];
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Subscriptions are Stripe-only currently
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
 
       if (!gateway) return this.json({ error: "No gateway configured" }, 400);
 
@@ -62,7 +63,8 @@ export class SubscriptionController extends GivingCrudController {
       const permission = au.checkAccess(Permissions.donations.edit) || (subscription as any)?.personId === au.personId;
       if (!permission) return this.json(null, 401);
 
-      const gateway = await GatewayService.getGatewayForChurch(au.churchId, {}, this.repos.gateway).catch(() => null);
+      // Subscriptions are Stripe-only currently
+      const gateway = await GatewayService.getGatewayForChurch(au.churchId, { provider: "stripe" }, this.repos.gateway).catch(() => null);
       if (!gateway) return this.json({ error: "No gateway configured" }, 400);
 
       const capabilities = GatewayService.getProviderCapabilities(gateway);
diff --git a/src/shared/helpers/GatewayService.ts b/src/shared/helpers/GatewayService.ts
@@ -46,11 +46,22 @@ export class GatewayService {
       }
     };
 
+    const privateKey = decryptIfPresent(gateway.privateKey);
+
+    if (!privateKey && gateway.provider?.toLowerCase() === "stripe") {
+      console.error("Gateway privateKey is missing or failed to decrypt", {
+        provider: gateway.provider,
+        gatewayId: gateway.id,
+        churchId: gateway.churchId,
+        hasPrivateKey: !!gateway.privateKey
+      });
+    }
+
     return {
       gatewayId: gateway.id,
       churchId: gateway.churchId,
       publicKey: gateway.publicKey,
-      privateKey: decryptIfPresent(gateway.privateKey),
+      privateKey,
       webhookKey: decryptIfPresent(gateway.webhookKey),
       productId: gateway.productId,
       settings: gateway.settings ?? null,
diff --git a/src/shared/helpers/StripeHelper.ts b/src/shared/helpers/StripeHelper.ts
@@ -379,6 +379,9 @@ export class StripeHelper {
   }
 
   private static getStripeObj = (secretKey: string) => {
+    if (!secretKey) {
+      throw new Error("Stripe API key is not configured. Please check your gateway settings.");
+    }
     return new Stripe(secretKey, { apiVersion: "2025-02-24.acacia" });
   };
 }

Original file line number	Diff line number	Diff line change
`@@ -379,6 +379,9 @@ export class StripeHelper {`
`379`	`379`	`}`
`380`	`380`
`381`	`381`	`private static getStripeObj = (secretKey: string) => {`
	`382`	`+ if (!secretKey) {`
	`383`	`+ throw new Error("Stripe API key is not configured. Please check your gateway settings.");`
	`384`	`+ }`
`382`	`385`	`return new Stripe(secretKey, { apiVersion: "2025-02-24.acacia" });`
`383`	`386`	`};`
`384`	`387`	`}`