stripe initial commit (#66)

* stripe initial commit

Author: davidcheung

Makefile

@@ -12,7 +12,7 @@ PROJECT_NAME := ${PROJECT_NAME}
 
 .EXPORT_ALL_VARIABLES:
 
-run: ci_setup
+run: ci_setup billing_setup
 	@echo "\nDone"
 
 ci_setup:
@@ -24,6 +24,11 @@ ifeq ($(CIVendor), circleci)
 ci_setup: circle_ci_setup
 endif
 
+billing_setup:
+ifeq ($(billingEnabled), yes)
+	sh scripts/setup-stripe-secrets.sh
+endif
+
 circle_ci_setup:
 	@echo "Set CIRCLECI environment variables\n"
 	export AWS_ACCESS_KEY_ID=$(shell aws secretsmanager get-secret-value --region ${region} --secret-id=${PROJECT_NAME}-ci-user-aws-keys${randomSeed} | jq -r '.SecretString'| jq -r .access_key_id)

README.md

@@ -21,6 +21,14 @@ This repository is language/business-logic agnostic; mainly showcasing some univ
 |-- Makefile                        #make command triggers the initialization of repository
 |-- zero-module.yml                 #module declares required parameters and credentials
 |   # files in templates become the repo for users
+|   scripts/
+|   |   # these are scripts called only once during zero apply, and we don't
+|   |   # expect a need to rerun them throughout development of the  repository
+|   |   # used for checking binary requires / setting up CI / secrets
+|   |   |-- check.sh
+|   |   |-- gha-setup.sh
+|   |   |-- required-bins.sh
+|   |   |-- setup-stripe-secrets.sh
 |   templates/
 |   |   # this makefile is used both during init and
 |   |   # on-going needs/utilities for user to maintain their infrastructure
@@ -31,8 +39,8 @@ This repository is language/business-logic agnostic; mainly showcasing some univ
 |       |   |-- deployment.yml
 |       |   |-- kustomization.yml
 |       |   |-- service.yml
-│       ├── migration/
-│       │   └── job.yml
+|       |-- migration/
+|       |   |-- job.yml
 |       |-- overlays/
 |       |   |-- production/
 |       |   |   |-- deployment.yml

scripts/setup-stripe-secrets.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# This script runs only when billingEnabled = "yes", invoked from makefile
+# modify the kubernetes application secret and appends STRIPE_API_SECRET_KEY
+# the deployment by default will pick up all key-value pairs as env-vars from the secret
+
+if [[ "$ENVIRONMENT" == "" ]]; then
+  echo "Must specify \$ENVIRONMENT to create stripe secret ">&2; exit 1;
+elif [[ "$ENVIRONMENT" == "stage" ]]; then
+PUBLISHABLE_API_KEY=$stagingStripePublicApiKey
+SECRET_API_KEY=$stagingStripeSecretApiKey
+elif [[ "$ENVIRONMENT" == "prod" ]]; then
+PUBLISHABLE_API_KEY=$productionStripePublicApiKey
+SECRET_API_KEY=$productionStripeSecretApiKey
+fi
+
+CLUSTER_NAME=${PROJECT_NAME}-${ENVIRONMENT}-${REGION}
+NAMESPACE=${PROJECT_NAME}
+
+BASE64_TOKEN=$(printf ${SECRET_API_KEY} | base64)
+## Modify existing application secret to have stripe api key
+kubectl --context $CLUSTER_NAME -n $NAMESPACE get secret ${PROJECT_NAME} -o json | \
+  jq --arg STRIPE_API_SECRET_KEY $BASE64_TOKEN '.data["STRIPE_API_SECRET_KEY"]=$STRIPE_API_SECRET_KEY' \
+  | kubectl apply -f -
+
+sh ${PROJECT_DIR}/scripts/stripe-example-setup.sh

templates/README.md

@@ -210,7 +210,26 @@ ALTER TABLE address
  ADD COLUMN city VARCHAR(30) AFTER street_name,
  ADD COLUMN province VARCHAR(30) AFTER city
 ```
+<%if eq (index .Params `billingEnabled`) "yes" %>
+## Billing example
+A subscription and checkout example using [Stripe](https://stripe.com), coupled with the frontend repository to provide an end-to-end checkout example for you to customize. We also setup a webhook and an endpoint in the backend to receive webhook when events occur.
 
+### Setup
+The following example content has been set up in Stripe:
+- 1 product
+- 3 prices(subscriptions) [annual, monthly, daily]
+- 1 webhook [`charge.failed`, `charge.succeeded`, `customer.created`, `subscription_schedule.created`] 
+See link for available webhooks: https://stripe.com/docs/api/webhook_endpoints/create?lang=curl#create_webhook_endpoint-enabled_events
+
+this is setup using the script [scripts/stripe-example-setup.sh](scripts/stripe-example-setup.sh)
+
+### Deployment
+The deployment only requires the environment variables:
+- STRIPE_API_SECRET_KEY (created in AWS secret then deployed via Kubernetes Secret)
+- FRONTEND_HOST (used for sending user back to frontend upon checkouts)
+- BACKEND_HOST (used for redirects after checkout and webhooks)
+
+<% end %>
 <!-- Links -->
 [base-cronjob]: ./kubernetes/base/cronjob.yml
 [base-deployment]: ./kubernetes/base/deployment.yml

templates/go.mod

@@ -4,6 +4,9 @@ go 1.14
 
 require (
 	github.com/aws/aws-sdk-go v1.37.6
-	github.com/jinzhu/gorm v1.9.16 
+	github.com/jinzhu/gorm v1.9.16
 	github.com/joho/godotenv v1.3.0
+<%- if eq (index .Params `billingEnabled`) "yes" %>
+	github.com/stripe/stripe-go/v72 v72.43.0
+<%- end %>
 )

templates/internal/billing/billing.go

@@ -0,0 +1,184 @@
+package billing
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+
+	Stripe "github.com/stripe/stripe-go/v72"
+	"github.com/stripe/stripe-go/v72/client"
+<%- if eq (index .Params `userAuth`) "yes" %>
+	"<% .Files.Repository %>/internal/auth"
+<%- end %>
+)
+
+var backendHost = os.Getenv("BACKEND_HOST")
+var frontendHost = os.Getenv("FRONTEND_HOST")
+
+var Handler = getHandler()
+var stripe *client.API
+
+// Subscriptions for frontend to display available plans available for checkout
+type Subscriptions struct {
+	Nickname string `json:"nickname"`
+	Interval string `json:"interval"`
+	Type     string `json:"type"`
+	ID       string `json:"id"`
+	Price    string `json:"price"`
+}
+
+func getHandler() http.Handler {
+	setupStripe()
+	mux := http.NewServeMux()
+	mux.HandleFunc("/billing/products", getProducts)
+	mux.HandleFunc("/billing/checkout", checkout)
+	mux.HandleFunc("/billing/success", success)
+	mux.HandleFunc("/billing/cancel", cancel)
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("Not found"))
+	})
+	return mux
+}
+
+func setupStripe() {
+	stripe = &client.API{}
+	apiKey := os.Getenv("STRIPE_API_SECRET_KEY")
+	stripe.Init(apiKey, nil)
+}
+
+func getProducts(w http.ResponseWriter, r *http.Request) {
+	active := true
+	listParams := &Stripe.PriceListParams{Active: &active}
+	stripePriceIterator := stripe.Prices.List(listParams).Iter
+
+	subs := []Subscriptions{}
+	// Data to display subscriptions for the frontend example
+	for stripePriceIterator.Next() {
+		stripePrice := stripePriceIterator.Current().(*Stripe.Price)
+		amount := float64(stripePrice.UnitAmount) / 100
+		displayPrice := fmt.Sprintf("%s $%.2f/%s", strings.ToUpper(string(stripePrice.Currency)), amount, string(stripePrice.Recurring.Interval))
+		sub := Subscriptions{
+			Nickname: stripePrice.Nickname,
+			Interval: string(stripePrice.Recurring.Interval),
+			Type:     string(stripePrice.Type),
+			ID:       stripePrice.ID,
+			Price:    displayPrice,
+		}
+		subs = append(subs, sub)
+	}
+	output, err := json.Marshal(&subs)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+	w.Write(output)
+}
+
+func checkout(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "POST" {
+		http.Error(w, "Incorrect method", http.StatusBadRequest)
+		return
+	}
+
+	price := struct {
+		ID string `json:"price_id"`
+	}{}
+	err := json.NewDecoder(r.Body).Decode(&price)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	paymentMethod := "card"
+	paymentMode := "subscription"
+	checkoutQuantity := int64(1)
+	lineItem := &Stripe.CheckoutSessionLineItemParams{
+		Price:    &price.ID,
+		Quantity: &checkoutQuantity,
+	}
+	successURL := "https://" + backendHost + "/billing/success?session_id={CHECKOUT_SESSION_ID}"
+	cancelURL := "https://" + backendHost + "/billing/cancel?session_id={CHECKOUT_SESSION_ID}"
+<% if eq (index .Params `userAuth`) "yes" %>
+	authErr, userInfo := auth.GetUserInfoFromHeaders(r)
+	clientReferenceID := userInfo.ID
+	if authErr != nil {
+		http.Error(w, authErr.Error(), http.StatusUnauthorized)
+		return
+	}
+	<%- else %>
+	clientReferenceID := "internal-app-reference-id"
+	<%- end %>
+
+	checkoutParams := &Stripe.CheckoutSessionParams{
+		Mode:               &paymentMode,
+		PaymentMethodTypes: []*string{&paymentMethod},
+		ClientReferenceID:  &clientReferenceID,
+		LineItems:          []*Stripe.CheckoutSessionLineItemParams{lineItem},
+		SuccessURL:         &successURL,
+		CancelURL:          &cancelURL,
+	}
+	session, err := stripe.CheckoutSessions.New(checkoutParams)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	fmt.Fprintf(w, `{"sessionId": "%s"}`, session.ID)
+}
+
+func success(w http.ResponseWriter, r *http.Request) {
+	sessionId := string(r.URL.Query().Get("session_id"))
+
+	session, err := stripe.CheckoutSessions.Get(sessionId, &Stripe.CheckoutSessionParams{})
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	data := map[string]string{
+		"payment_status": string(session.PaymentStatus),
+		"amount":         fmt.Sprintf("%d", session.AmountSubtotal),
+		"currency":       string(session.Currency),
+		"customer":       string(session.CustomerDetails.Email),
+		"reference":      string(session.ClientReferenceID),
+	}
+
+	baseUrl := url.URL{
+		Scheme: "https",
+		Host:   frontendHost,
+		Path:   "/billing/confirmation",
+	}
+	redirectURL := fmt.Sprintf("%s?%s", baseUrl.String(), mapToQueryString(data))
+	http.Redirect(w, r, redirectURL, 302)
+}
+
+func cancel(w http.ResponseWriter, r *http.Request) {
+	sessionId := string(r.URL.Query().Get("session_id"))
+
+	session, err := stripe.CheckoutSessions.Get(sessionId, &Stripe.CheckoutSessionParams{})
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	data := map[string]string{
+		"payment_status": string(session.PaymentStatus),
+		"amount":         fmt.Sprintf("%d", session.AmountSubtotal),
+		"currency":       string(session.Currency),
+		"reference":      string(session.ClientReferenceID),
+	}
+	baseUrl := url.URL{
+		Scheme: "https",
+		Host:   frontendHost,
+		Path:   "/billing/confirmation",
+	}
+	redirectURL := fmt.Sprintf("%s?%s", baseUrl.String(), mapToQueryString(data))
+	http.Redirect(w, r, redirectURL, 302)
+}
+
+func mapToQueryString(data map[string]string) string {
+	queryString := url.Values{}
+	for k, v := range data {
+		queryString.Add(k, v)
+	}
+	return queryString.Encode()
+}

templates/kubernetes/base/deployment.yml

@@ -41,23 +41,15 @@ spec:
           envFrom:
           - configMapRef:
               name: <% .Name %>-config
+          - secretRef:
+              name: <% .Name %>
           env:
           - name: SERVER_PORT
             value: "80"
           - name: POD_NAME
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-          - name: DATABASE_USERNAME
-            valueFrom:
-                secretKeyRef:
-                  name: <% .Name %>
-                  key: DATABASE_USERNAME
-          - name: DATABASE_PASSWORD
-            valueFrom:
-                secretKeyRef:
-                  name: <% .Name %>
-                  key: DATABASE_PASSWORD
 ---
 apiVersion: autoscaling/v1
 kind: HorizontalPodAutoscaler

templates/kubernetes/overlays/production/auth.yml

@@ -7,7 +7,7 @@ metadata:
   name: public-backend-endpoints
 spec:
   match:
-    url: http://<% index .Params `productionBackendSubdomain` %><% index .Params `productionHostRoot` %>/status/<.*>
+    url: http://<% index .Params `productionBackendSubdomain` %><% index .Params `productionHostRoot` %>/<(status|webhook)\/.*>
 ---
 ## Backend User-restricted endpoint
 # pattern: http://<proxy>/<not [/.ory/kratos and /status]>
@@ -21,5 +21,5 @@ metadata:
   name: authenticated-backend-endpoints
 spec:
   match:
-    url: http://<% index .Params `productionBackendSubdomain` %><% index .Params `productionHostRoot` %>/<(?!(status|\.ory\/kratos)).*>
+    url: http://<% index .Params `productionBackendSubdomain` %><% index .Params `productionHostRoot` %>/<(?!(status|webhook|\.ory\/kratos)).*>
 

templates/kubernetes/overlays/production/kustomization.yml

@@ -17,3 +17,5 @@ configMapGenerator:
   behavior: merge
   literals:
     - ENVIRONMENT=production
+    - BACKEND_HOST=<% index .Params `productionBackendSubdomain` %><% index .Params `productionHostRoot` %>
+    - FRONTEND_HOST=<% index .Params `productionFrontendSubdomain` %><% index .Params `productionHostRoot` %>

templates/kubernetes/overlays/staging/auth.yml

@@ -7,7 +7,7 @@ metadata:
   name: public-backend-endpoints
 spec:
   match:
-    url: http://<% index .Params `stagingBackendSubdomain` %><% index .Params `stagingHostRoot` %>/status/<.*>
+    url: http://<% index .Params `stagingBackendSubdomain` %><% index .Params `stagingHostRoot` %>/<(status|webhook)\/.*>
 ---
 ## Backend User-restricted endpoint
 # pattern: http://<proxy>/<not `status`/`.ory/kratos`>, everything else should be authenticated
@@ -21,4 +21,4 @@ metadata:
   name: authenticated-backend-endpoints
 spec:
   match:
-    url: http://<% index .Params `stagingBackendSubdomain` %><% index .Params `stagingHostRoot` %>/<(?!(status|\.ory\/kratos)).*>
+    url: http://<% index .Params `stagingBackendSubdomain` %><% index .Params `stagingHostRoot` %>/<(?!(status|webhook|\.ory\/kratos)).*>