Improve webshop backend

Author: ildyria

.env.example

@@ -239,4 +239,30 @@ VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 # VITE_LOCAL_DEV=true
 # VITE_HTTP_PROXY_TARGET=http://localhost:8000
 
-# DISABLE_IMPORT_FROM_SERVER=false
+# DISABLE_IMPORT_FROM_SERVER=false
+
+###################################################################
+# Payment integration (requires SE)                               #
+###################################################################
+
+# Enable test mode (Sandbox mode) for payment gateways.
+# In test mode, no real money transactions are done.
+# OMNIPAY_TEST_MODE=
+
+# Configuration values for Mollie integration
+# MOLLIE_API_KEY=
+# MOLLIE_PROFILE_ID=
+
+# Configuration values for Stripe integration (NOT WORKING YET, MAYBE LATER)
+# STRIPE_API_KEY=
+# STRIPE_PUBLISHABLE_KEY=
+
+# https://github.com/thephpleague/omnipay-paypal/blob/master/src/RestGateway.php
+# PAYPAL_CLIENT_ID=
+# PAYPAL_SECRET=
+
+# https://github.com/thephpleague/omnipay-paypal/blob/master/src/ExpressInContextGateway.php
+# https://github.com/thephpleague/omnipay-paypal/blob/master/src/ProGateway.php
+# PAYPAL_API_USERNAME=
+# PAYPAL_API_PASSWORD=
+# PAYPAL_API_SIGNATURE=

app/Actions/Diagnostics/Pipes/Checks/WebshopCheck.php

@@ -38,6 +38,14 @@ public function handle(array &$data, \Closure $next): array
 			return $next($data);
 		}
 
+		if (config('omnipay.test_mode', false) === true) {
+			$data[] = DiagnosticData::warn(
+				'Webshop is running in test mode.',
+				self::class,
+				['This means that payments won\'t be executed.', 'Users may use it to get free content.']
+			);
+		}
+
 		if (config('app.env', 'production') !== 'production') {
 			$data[] = DiagnosticData::warn(
 				'Webshop is enabled but the application is not running in production mode.',

app/Actions/Shop/CheckoutService.php

@@ -16,6 +16,7 @@
 use App\Models\Order;
 use App\Services\MoneyService;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Session;
 use Omnipay\Common\Exception\InvalidCreditCardException;
 use Omnipay\Common\Message\RedirectResponseInterface;
 use Omnipay\Common\Message\ResponseInterface;
@@ -66,6 +67,9 @@ public function processPayment(Order $order, string $return_url, string $cancel_
 		// Prepare the purchase request parameters
 		$params = $this->preparePurchaseParameters($order, $return_url, $cancel_url, $additional_data);
 
+		// Save the parameters.
+		Session::put('processing', $params);
+
 		try {
 			// Update order status to processing
 			$order->status = PaymentStatusType::PROCESSING;
@@ -151,14 +155,14 @@ public function completePayment(Order $order, ResponseInterface $response): Orde
 	/**
 	 * Handle the return from the payment gateway.
 	 *
-	 * @param Order               $order        The order being processed
-	 * @param array               $request_data The request data from the payment gateway
-	 * @param OmnipayProviderType $provider     The payment provider used
+	 * @param Order               $order    The order being processed
+	 * @param OmnipayProviderType $provider The payment provider used
 	 *
 	 * @return Order|null The updated order if found, null otherwise
 	 */
-	public function handlePaymentReturn(Order $order, array $request_data, OmnipayProviderType $provider): ?Order
+	public function handlePaymentReturn(Order $order, OmnipayProviderType $provider): ?Order
 	{
+		$request_data = Session::get('processing', []);
 		$gateway = $this->omnipay_factory->create_gateway($provider);
 
 		try {

app/Actions/Shop/OrderService.php

@@ -17,14 +17,13 @@
 use App\Models\OrderItem;
 use App\Models\Photo;
 use App\Models\User;
-use App\Services\MoneyService;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Str;
 
 class OrderService
 {
 	public function __construct(
-		private MoneyService $money_service,
 		private PurchasableService $purchasable_service,
 	) {
 	}
@@ -123,4 +122,93 @@ public function getAll(): array
 			})
 			->orderBy('id', 'desc')->get()->all();
 	}
+
+	/**
+	 * Clear old orders that are older than 2 weeks, have no items, and have no user_id.
+	 *
+	 * @return int Number of orders deleted
+	 */
+	public function clearOldOrders(): int
+	{
+		// Delete all the order items first to avoid foreign key constraint issues
+		OrderItem::whereIn('order_id', $this->getQueryOldOrders()->select('id'))->delete();
+
+		return $this->getQueryOldOrders()->delete();
+	}
+
+	/**
+	 * Count the number of old orders.
+	 *
+	 * @return int
+	 */
+	public function countOldOrders(): int
+	{
+		return $this->getQueryOldOrders()->count();
+	}
+
+	/**
+	 * Return the query builder for old orders.
+	 *
+	 * An old order is defined as being older than $weeks weeks,
+	 * - having no user_id,
+	 * - having no items
+	 * - or having items but status is still PENDING
+	 *
+	 * @param int $weeks
+	 *
+	 * @return Builder
+	 */
+	protected function getQueryOldOrders(int $weeks = 2): Builder
+	{
+		$threshold_date = now()->subWeeks($weeks);
+
+		return Order::where('created_at', '<', $threshold_date)
+			->whereNull('user_id')
+			->where(function (Builder $query): void {
+				$query->where('status', PaymentStatusType::PENDING)
+					->orWhereDoesntHave('items');
+			});
+	}
+
+	/**
+	 * Mark an offline order as paid (completed).
+	 *
+	 * @param Order $order The order to mark as paid
+	 *
+	 * @return Order The updated order
+	 *
+	 * @throws \InvalidArgumentException If the order is not in offline status
+	 */
+	public function markAsPaid(Order $order): Order
+	{
+		if ($order->status !== PaymentStatusType::OFFLINE) {
+			throw new \InvalidArgumentException('Order must be in offline status to be marked as paid');
+		}
+
+		$order->status = PaymentStatusType::COMPLETED;
+		$order->save();
+
+		return $order;
+	}
+
+	/**
+	 * Mark a completed order as delivered (closed).
+	 *
+	 * @param Order $order The order to mark as delivered
+	 *
+	 * @return Order The updated order
+	 *
+	 * @throws \InvalidArgumentException If the order is not in completed status
+	 */
+	public function markAsDelivered(Order $order): Order
+	{
+		if ($order->status !== PaymentStatusType::COMPLETED) {
+			throw new \InvalidArgumentException('Order must be in completed status to be marked as delivered');
+		}
+
+		$order->status = PaymentStatusType::CLOSED;
+		$order->save();
+
+		return $order;
+	}
 }

app/Enum/OmnipayProviderType.php

@@ -50,8 +50,8 @@ public function requiredKeys(): array
 	{
 		return match ($this) {
 			OmnipayProviderType::DUMMY => ['apiKey'],
-			OmnipayProviderType::MOLLIE => ['apiKey'],
-			OmnipayProviderType::STRIPE => ['apiKey'],
+			OmnipayProviderType::MOLLIE => ['apiKey', 'profileId'],
+			OmnipayProviderType::STRIPE => ['apiKey', 'publishable_key'],
 			OmnipayProviderType::PAYPAL_REST => ['clientId', 'secret'],
 			OmnipayProviderType::PAYPAL_EXPRESS,
 			OmnipayProviderType::PAYPAL_PRO,

app/Enum/PaymentStatusType.php

@@ -30,9 +30,16 @@ enum PaymentStatusType: string
 	// Intermediate state during payment processing
 	case PROCESSING = 'processing';
 
-	// Final state
+	// When processing is done ofline.
+	// In such case we do not go through the full flow.
+	case OFFLINE = 'offline';
+
+	// Final payment state
 	case COMPLETED = 'completed';
 
+	// The order is closed for any further action: paid and delivered.
+	case CLOSED = 'closed';
+
 	public function canCheckout()
 	{
 		return match ($this) {

app/Http/Controllers/Admin/Maintenance/FlushOldOrders.php

@@ -0,0 +1,41 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2025 LycheeOrg.
+ */
+
+namespace App\Http\Controllers\Admin\Maintenance;
+
+use App\Actions\Shop\OrderService;
+use App\Http\Requests\Maintenance\MaintenanceRequest;
+use Illuminate\Routing\Controller;
+
+/**
+ * We count the number of old orders and can flush them.
+ */
+class FlushOldOrders extends Controller
+{
+	public function __construct(protected OrderService $order_service)
+	{
+	}
+
+	/**
+	 * Delete old orders.
+	 */
+	public function do(MaintenanceRequest $request): void
+	{
+		$this->order_service->clearOldOrders();
+	}
+
+	/**
+	 * Count the number of old orders.
+	 *
+	 * @return int
+	 */
+	public function check(MaintenanceRequest $request): int
+	{
+		return $this->order_service->countOldOrders();
+	}
+}

app/Http/Controllers/Admin/SettingsController.php

@@ -47,7 +47,7 @@ public function getAll(GetAllConfigsRequest $request, DockerVersionInfo $docker_
 				->when(config('features.hide-lychee-SE', false) === true, fn ($q) => $q->where('cat', '!=', 'lychee SE'))
 				->when($docker_info->isDocker(), fn ($q) => $q->where('not_on_docker', '!=', true))
 				->when(!$request->is_se() && !Configs::getValueAsBool('enable_se_preview'), fn ($q) => $q->where('level', '=', 0))
-				->when(config('features.enable-webshop') === false, fn ($q) => $q->where('key', 'NOT LIKE', 'webshop_%')),
+				->when(config('features.webshop') === false, fn ($q) => $q->where('key', 'NOT LIKE', 'webshop_%')),
 		])->orderBy('order', 'asc')->get();
 
 		return ConfigCategoryResource::collect($editable_configs)->filter(fn ($cat) => $cat->configs->isNotEmpty())->values();

app/Http/Controllers/Shop/CheckoutController.php

@@ -12,11 +12,13 @@
 use App\Enum\PaymentStatusType;
 use App\Http\Requests\Checkout\CreateSessionRequest;
 use App\Http\Requests\Checkout\FinalizeRequest;
+use App\Http\Requests\Checkout\OfflineRequest;
 use App\Http\Requests\Checkout\ProcessRequest;
 use App\Http\Resources\Shop\CheckoutOptionResource;
 use App\Http\Resources\Shop\CheckoutResource;
 use App\Http\Resources\Shop\OrderResource;
 use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\URL;
 
 class CheckoutController extends Controller
@@ -110,7 +112,9 @@ public function process(ProcessRequest $request): CheckoutResource
 	public function finalize(FinalizeRequest $request, string $provider, string $transaction_id): CheckoutResource
 	{
 		/** @disregard P1013 */
-		$order = $this->checkout_service->handlePaymentReturn($request->basket(), $request->all(), $request->provider_type());
+		Log::warning("Finalize payment for provider {$provider} and transaction ID {$transaction_id}", $request->all());
+		/** @disregard P1013 */
+		$order = $this->checkout_service->handlePaymentReturn($request->basket(), $request->provider_type());
 
 		if ($order->status !== PaymentStatusType::COMPLETED) {
 			return new CheckoutResource(
@@ -145,4 +149,39 @@ public function cancel(FinalizeRequest $request): CheckoutResource
 			order: OrderResource::fromModel($order),
 		);
 	}
+
+	/**
+	 * Handle offline order completion.
+	 *
+	 * @param OfflineRequest $request
+	 *
+	 * @return CheckoutResource
+	 */
+	public function offline(OfflineRequest $request): CheckoutResource
+	{
+		$order = $request->basket();
+
+		// Add email if provided
+		if ($request->email !== null) {
+			$order->email = $request->email;
+		}
+
+		if ($order->email === null || $order->email === '') {
+			return new CheckoutResource(
+				is_success: false,
+				message: 'Email is required for offline orders.',
+				order: OrderResource::fromModel($order),
+			);
+		}
+
+		// Mark the order as completed (offline)
+		$order->status = PaymentStatusType::OFFLINE;
+		$order->save();
+
+		return new CheckoutResource(
+			is_success: true,
+			message: 'Order marked as completed (offline)',
+			order: OrderResource::fromModel($order),
+		);
+	}
 }

app/Http/Controllers/Shop/OrderController.php

@@ -9,8 +9,11 @@
 namespace App\Http\Controllers\Shop;
 
 use App\Actions\Shop\OrderService;
+use App\Http\Requests\Order\ClearOldOrdersRequest;
 use App\Http\Requests\Order\GetOrderRequest;
 use App\Http\Requests\Order\ListOrderRequest;
+use App\Http\Requests\Order\MarkAsDeliveredOrderRequest;
+use App\Http\Requests\Order\MarkAsPaidOrderRequest;
 use App\Http\Resources\Shop\OrderResource;
 use Illuminate\Routing\Controller;
 
@@ -44,4 +47,38 @@ public function get(GetOrderRequest $request): OrderResource
 	{
 		return OrderResource::fromModel($request->order);
 	}
+
+	/**
+	 * Clear old orders that are still pending.
+	 *
+	 * @return void
+	 */
+	public function clearOldOrders(ClearOldOrdersRequest $request): void
+	{
+		$this->order_service->clearOldOrders();
+	}
+
+	/**
+	 * Mark an order as paid.
+	 *
+	 * @param MarkAsPaidOrderRequest $request
+	 *
+	 * @return void
+	 */
+	public function markAsPaid(MarkAsPaidOrderRequest $request): void
+	{
+		$this->order_service->markAsPaid($request->order);
+	}
+
+	/**
+	 * Mark an order as delivered.
+	 *
+	 * @param MarkAsDeliveredOrderRequest $request
+	 *
+	 * @return void
+	 */
+	public function markAsDelivered(MarkAsDeliveredOrderRequest $request): void
+	{
+		$this->order_service->markAsDelivered($request->order);
+	}
 }