Generate "isCardLinkOperation" on backend

Author: TatianaFomina

src/billing/cloudpayments.ts

@@ -102,7 +102,7 @@ export default class CloudPaymentsWebhooks {
    * @param res - Express response object
    */
   private async composePayment(req: ComposePaymentRequest, res: express.Response): Promise<void> {
-    const { workspaceId, tariffPlanId, shouldSaveCard, isCardLinkOperation } = req.query;
+    const { workspaceId, tariffPlanId, shouldSaveCard } = req.query;
     const userId = req.context.user.id;
 
     if (!workspaceId || !tariffPlanId || !userId) {
@@ -129,23 +129,30 @@ export default class CloudPaymentsWebhooks {
       await this.getMember(userId, workspace);
     } catch (e) {
       const error = e as Error;
-
+      
       this.sendError(res, 1, `[Billing / Compose payment] Can't compose payment due to error: ${error.toString()}`, req.query);
-
+      
       return;
     }
     const invoiceId = this.generateInvoiceId(tariffPlan, workspace);
+    
+    const isCardLinkOperation = workspace.tariffPlanId.toString() === tariffPlanId && !this.isPlanExpired(workspace);
 
     let checksum;
 
     try {
-      checksum = await checksumService.generateChecksum({
+      const checksumData = isCardLinkOperation ? {
+        isCardLinkOperation: true,
+        workspaceId: workspace._id.toString(),
+        userId: userId,
+      } : {
         workspaceId: workspace._id.toString(),
         userId: userId,
         tariffPlanId: tariffPlan._id.toString(),
         shouldSaveCard: shouldSaveCard === 'true',
-        isCardLinkOperation: isCardLinkOperation === 'true',
-      });
+      }
+
+      checksum = await checksumService.generateChecksum(checksumData);
     } catch (e) {
       const error = e as Error;
 
@@ -161,11 +168,24 @@ export default class CloudPaymentsWebhooks {
         name: tariffPlan.name,
         monthlyCharge: tariffPlan.monthlyCharge,
       },
+      isCardLinkOperation,
       currency: 'RUB',
       checksum,
     });
   }
 
+  /**
+   * Returns true if workspace's plan is expired
+   * @param workspace - workspace to check
+   */
+  private isPlanExpired(workspace: WorkspaceModel): boolean {
+    const lastChargeDate = new Date(workspace.lastChargeDate);
+    const planExpiracyDate  = lastChargeDate.setMonth(lastChargeDate.getMonth() + 1);
+    const isPlanExpired = planExpiracyDate < Date.now();
+
+    return isPlanExpired;
+  }
+
   /**
    * Generates invoice id for payment
    *
@@ -204,7 +224,13 @@ export default class CloudPaymentsWebhooks {
     let member: ConfirmedMemberDBScheme;
     let plan: PlanDBScheme;
 
-    if (!data.workspaceId || !data.tariffPlanId || !data.userId || data.isCardLinkOperation === undefined) {
+    if (data.isCardLinkOperation && (!data.userId || !data.workspaceId)) {
+      this.sendError(res, CheckCodes.PAYMENT_COULD_NOT_BE_ACCEPTED, '[Billing / Check] Card linking – invalid data', body);
+
+      return;
+    }
+
+    if (!data.isCardLinkOperation && (!data.userId || !data.workspaceId || !data.tariffPlanId)) {
       this.sendError(res, CheckCodes.PAYMENT_COULD_NOT_BE_ACCEPTED, '[Billing / Check] There is no necessary data in the request', body);
 
       return;

src/billing/types/composePaymentPayload.ts

@@ -15,8 +15,4 @@ export interface ComposePaymentPayload {
    * If true, we will save user card
    */
   shouldSaveCard: 'true' | 'false';
-  /**
-   * True if this is card linking operation – charging minimal amount of money to validate card info
-   */
-  isCardLinkOperation: 'true' | 'false';
 }

src/resolvers/billingNew.ts

@@ -138,6 +138,11 @@ export default {
      */
     async payWithCard(_obj: undefined, args: PayWithCardArgs, { factories, user }: ResolverContextWithUser): Promise<any> {
       const paymentData = checksumService.parseAndVerifyChecksum(args.input.checksum);
+      
+      if (!('tariffPlanId' in paymentData)) {
+        throw new UserInputError('Invalid checksum');
+      }
+      
       const fullUserInfo = await factories.usersFactory.findById(user.id);
 
       const workspace = await factories.workspacesFactory.findById(paymentData.workspaceId);

src/utils/checksumService.ts

@@ -1,7 +1,9 @@
 import { PlanProlongationPayload } from '@hawk.so/types';
 import jwt, { Secret } from 'jsonwebtoken';
 
-interface ChecksumData {
+export type ChecksumData = PlanPurchaseChecksumData | CardLinkChecksumData;
+
+interface PlanPurchaseChecksumData {
   /**
    * Workspace Identifier
    */
@@ -18,6 +20,17 @@ interface ChecksumData {
    * If true, we will save user card
    */
   shouldSaveCard: boolean;
+}
+
+interface CardLinkChecksumData {
+  /**
+ * Workspace Identifier
+ */
+  workspaceId: string;
+  /**
+   * Id of the user making the payment
+   */
+  userId: string;
   /**
    * True if this is card linking operation – charging minimal amount of money to validate card info
    */
@@ -49,18 +62,20 @@ class ChecksumService {
   public parseAndVerifyChecksum(checksum: string): ChecksumData {
     const payload = jwt.verify(checksum, process.env.JWT_SECRET_BILLING_CHECKSUM as Secret) as ChecksumData;
 
-    /**
-     * Filter unnecessary fields from JWT payload (e.g. "iat")
-     */
-    const { tariffPlanId, workspaceId, userId, shouldSaveCard, isCardLinkOperation } = payload;
-
-    return {
-      tariffPlanId,
-      workspaceId,
-      userId,
-      shouldSaveCard,
-      isCardLinkOperation
-    };
+    if ('isCardLinkOperation' in payload) {
+      return {
+        workspaceId: payload.workspaceId,
+        userId: payload.userId,
+        isCardLinkOperation: payload.isCardLinkOperation
+      }
+    } else {
+      return {
+        workspaceId: payload.workspaceId,
+        userId: payload.userId,
+        tariffPlanId: payload.tariffPlanId,
+        shouldSaveCard: payload.shouldSaveCard
+      }
+    }
   }
 }