Use shared secret and receipt field (#24)

* Adopt getReceiptFieldValue for apple in_app
  If field is not found in object root, check in_app for value
* Use latest_receipt_info when available

latest receipt info contains up-to-date info on a receipt's history. Especially
regarding monthly accounts that auto-renew. We should provide the transaction id
and product id from this field when available. By default we use the receipt
in_app as a starting point.

* Reference latestReceiptInfo for apple receipts

Added a brief example that includes a monthly auto-renewable subscription as
well as a reference to when the in_app and latestReceiptInfo may be available.

* Sort latest receipt info by transaction id

transaction id is iterable and thus is a better field to sort by versus date

Author: Justin Page

README.md

@@ -54,35 +54,74 @@ contains your In-App Purchase Shared Secret
 **The response**
 
 The response passed back to your callback will also be Apple specific. The entire parsed receipt
-will be in the result object:
+will be in the result object. Applications that support monthly and yearly
+subscription access will represent auto-renewable terms in either the `in_app`
+or `latestReceiptInfo` property.
 
 ```json
 {
-        "receipt": {
-                "original_purchase_date_pst": "2014-02-24 23:19:49 America/Los_Angeles",
-                "purchase_date_ms": "1393312789954",
-                "unique_identifier": "78abf2209323434771637ee22f0ee8b8341f14b4",
-                "original_transaction_id": "1000000102526370",
-                "bvrs": "0.0.1",
-                "transaction_id": "1000000102526671",
-                "quantity": "1",
-                "unique_vendor_identifier": "206FED24-2EAB-4FC6-B946-4AF61086DF21",
-                "item_id": "820817285",
-                "product_id": "abc",
-                "purchase_date": "2014-02-25 07:19:49 Etc/GMT",
-                "original_purchase_date": "2014-02-25 07:19:49 Etc/GMT",
-                "purchase_date_pst": "2014-02-24 23:19:49 America/Los_Angeles",
-                "bid": "test.myapp",
-                "original_purchase_date_ms": "1393312789954"
-        },
-        "transactionId": "1000000102526671",
-        "productId": "abc",
-        "platform": "apple",
-        "environment": "production"
+	"receipt": {
+		"original_purchase_date_pst": "2016-10-29 15:46:57 America/Los_Angeles",
+		"purchase_date_ms": "1477802802000",
+		"unique_identifier": "78abf2209323434771637ee22f0ee8b8341f14b4",
+		"original_transaction_id": "120000257973875",
+		"bvrs": "0.0.1",
+		"transaction_id": "120000265421254",
+		"quantity": "1",
+		"unique_vendor_identifier": "206FED24-2EAB-4FC6-B946-4AF61086DF21",
+		"item_id": "820817285",
+		"product_id": "abc",
+		"purchase_date": "2016-10-29 22:46:57 Etc/GMT",
+		"original_purchase_date": "2016-10-29 22:46:57 Etc/GMT",
+		"purchase_date_pst": "2016-10-29 15:46:57 America/Los_Angeles",
+		"bid": "test.myapp",
+		"original_purchase_date_ms": "1477781217000",
+		"in_app": [
+			{
+				"quantity": "1",
+				"product_id": "abc",
+				"transaction_id": "120000265421254",
+				"original_transaction_id": "120000257973875",
+				"purchase_date": "2016-10-30 04:46:42 Etc/GMT",
+				"purchase_date_ms": "1477802802000",
+				"purchase_date_pst": "2016-10-29 21:46:42 America/Los_Angeles",
+				"original_purchase_date": "2016-10-29 22:46:57 Etc/GMT",
+				"original_purchase_date_ms": "1477781217000",
+				"original_purchase_date_pst": "2016-10-29 15:46:57 America/Los_Angeles",
+				"expires_date": "2016-11-30 05:46:42 Etc/GMT",
+				"expires_date_ms": "1480484802000",
+				"expires_date_pst": "2016-11-29 21:46:42 America/Los_Angeles",
+				"web_order_line_item_id": "820817285",
+				"is_trial_period": "false"
+			},
+		]
+	},
+	"latestReceiptInfo": [
+		{
+			"quantity": "1",
+			"product_id": "abc",
+			"transaction_id": "120000233230473",
+			"original_transaction_id": "120000233230473",
+			"purchase_date": "2016-06-12 22:36:58 Etc/GMT",
+			"purchase_date_ms": "1465771018000",
+			"purchase_date_pst": "2016-06-12 15:36:58 America/Los_Angeles",
+			"original_purchase_date": "2016-06-12 22:36:58 Etc/GMT",
+			"original_purchase_date_ms": "1465771018000",
+			"original_purchase_date_pst": "2016-06-12 15:36:58 America/Los_Angeles",
+			"expires_date": "2016-07-12 22:36:58 Etc/GMT",
+			"expires_date_ms": "1468363018000",
+			"expires_date_pst": "2016-07-12 15:36:58 America/Los_Angeles",
+			"web_order_line_item_id": "120000034778618",
+			"is_trial_period": "true"
+		},
+	],
+	"transactionId": "120000233230473",
+	"productId": "abc",
+	"platform": "apple",
+	"environment": "production"
 }
 ```
 
-
 ### Google Play
 
 **The payment object**
@@ -167,7 +206,6 @@ will be included:
 * productId, which specifies what was purchased.
 * platform, which is always the platform you passed.
 
-
 ## License
 
 MIT

lib/apple/index.js

@@ -17,12 +17,26 @@ var responses = {
 	'21008': 'This receipt is from the production receipt, but it was sent to the test environment service for verification. Send it to the production environment service instead.'
 };
 
+function getReceiptFieldValue(receipt, field) {
+	if (receipt.hasOwnProperty(field)) {
+		return receipt[field];
+	}
+
+	/* jshint camelcase:false*/
+	if (receipt.hasOwnProperty('in_app') && receipt.in_app[0] && receipt.in_app[0].hasOwnProperty(field)) {
+		return receipt.in_app[0][field];
+	}
+	
+	return null;
+}
 
 function parseResult(result) {
 	result = JSON.parse(result);
 
 	var status = parseInt(result.status, 10);
 
+	var latestReceiptInfo = null;
+
 	if (status !== 0) {
 		var msg = responses[status] || 'Unknown status code: ' + status;
 
@@ -32,18 +46,27 @@ function parseResult(result) {
 		throw error;
 	}
 
-	var receipt = result.receipt;
+	var productId = getReceiptFieldValue(result.receipt, 'product_id');
+	var transactionId = getReceiptFieldValue(result.receipt, 'transaction_id');
+
+	/* jshint camelcase:false */
+	if (result.hasOwnProperty('latest_receipt_info') && result.latest_receipt_info[0]) {
+		latestReceiptInfo = result.latest_receipt_info.sort(function (a, b) {
+			return parseInt(a.transaction_id, 10)  - parseInt(b.transaction_id, 10);
+		});
+
+		productId = latestReceiptInfo[latestReceiptInfo.length - 1].product_id;
+		transactionId = latestReceiptInfo[latestReceiptInfo.length - 1].transaction_id;
+	}
 
 	return {
-		receipt: receipt,
-		/* jshint camelcase:false */
-		transactionId: receipt.transaction_id,
-		productId: receipt.product_id
-		/* jshint camelcase:true */
+		receipt: result.receipt,
+		latestReceiptInfo: latestReceiptInfo,
+		productId: productId,
+		transactionId: transactionId
 	};
 }
 
-
 function verify(environmentUrl, options, cb) {
 	https.post(environmentUrl, options, function (error, res, resultString) {
 		if (error) {
@@ -71,7 +94,6 @@ function isBase64like(str) {
 	return !!str.match(/^[a-zA-Z0-9\/+]+\={0,2}$/);
 }
 
-
 exports.verifyPayment = function (payment, cb) {
 	var jsonData = {};
 
@@ -100,18 +122,24 @@ exports.verifyPayment = function (payment, cb) {
 		}
 
 		var receipt = result.receipt;
+		
+		var productId = getReceiptFieldValue(receipt, 'product_id');
 
-		/* jshint camelcase:false */
-		if (payment.hasOwnProperty('productId') && payment.productId !== receipt.product_id) {
-			return cb(new Error('Wrong product ID: ' + payment.productId + ' (expected: ' + receipt.product_id + ')'));
+		if (payment.hasOwnProperty('productId') && payment.productId !== productId) {
+			return cb(new Error('Wrong product ID: ' + payment.productId + ' (expected: ' + productId + ')'));
 		}
-		/* jshint camelcase:true */
+		
+		var receiptBundleId = getReceiptFieldValue(receipt, 'bid');
 
-		if (payment.hasOwnProperty('packageName') && payment.packageName !== receipt.bid) {
-			return cb(new Error('Wrong bundle ID: ' + payment.packageName + ' (expected: ' + receipt.bid + ')'));
+		if (receiptBundleId === null) {
+			receiptBundleId = getReceiptFieldValue(receipt, 'bundle_id');
 		}
 
-        result.environment = environment;
+		if (payment.hasOwnProperty('packageName') && payment.packageName !== receiptBundleId) {
+			return cb(new Error('Wrong bundle ID: ' + payment.packageName + ' (expected: ' + receiptBundleId + ')'));
+		}
+		
+		result.environment = environment;
 
 		return cb(null, result);
 	}