bonadocs · laken11 · May 14, 2025 · May 14, 2025
diff --git a/src/app.ts b/src/app.ts
@@ -9,7 +9,13 @@ import swaggerUi from 'swagger-ui-express';
 import { diMiddleware, useScopedContainer } from '@bonadocs/di';
 import { rootLoggerMiddleware } from '@bonadocs/logger';
 
-import { AppErrorHandler, AuthMiddleware, healthcheckMiddleware, useCors } from './middleware';
+import {
+  AppErrorHandler,
+  AuthMiddleware,
+  healthcheckMiddleware,
+  useCors,
+  webhookMiddleware,
+} from './middleware';
 import {
   AuthController,
   BillingController,
@@ -26,6 +32,8 @@ const configService = getConfigService();
 // add middleware
 app.use(helmet());
 useCors(app);
+app.use('/v1/billing/webhook', express.raw({ type: '*/*' }));
+app.use(webhookMiddleware);
 app.use(express.json({ limit: '300kb' }));
 
 // add this before the logger to avoid unnecessary healthcheck

diff --git a/src/middleware/auth.ts b/src/middleware/auth.ts
@@ -20,7 +20,7 @@ export class AuthMiddleware implements ExpressMiddlewareInterface {
 
   async use(request: Request, response: Response, next: (err?: any) => any): Promise<any> {
     // todo : find a better fix for this
-    const exemptPaths = ['/auth/login', '/auth/register', '/auth/refresh'];
+    const exemptPaths = ['/auth/login', '/auth/register', '/auth/refresh', '/billing/webhook'];
     const isExemptPath = exemptPaths.some((path) => request.path.startsWith(path));
     if (isExemptPath) {
       return next();

diff --git a/src/middleware/index.ts b/src/middleware/index.ts
@@ -2,3 +2,4 @@ export { default as AppErrorHandler } from './errors';
 export { default as healthcheckMiddleware } from './healthcheck';
 export { useCors } from './cors';
 export { AuthMiddleware } from './auth';
+export { default as webhookMiddleware } from './webhook';
diff --git a/src/middleware/webhook.ts b/src/middleware/webhook.ts
@@ -0,0 +1,53 @@
+import { NextFunction, Request, Response } from 'express';
+import { StatusCodes } from 'http-status-codes';
+import Container from 'typedi';
+
+import { getGlobalLogger } from '@bonadocs/di';
+
+import { BillingService } from '../modules/billing/billing.service';
+
+export default function webhookMiddleware(
+  request: Request,
+  response: Response,
+  next: NextFunction,
+): void | Promise<void> {
+  const billingService = Container.get(BillingService);
+  const logger = getGlobalLogger();
+  if (request.path.startsWith('/v1/billing/webhook')) {
+    billingService
+      .verifyWebhookSignature(request)
+      .then(async (eventData) => {
+        if (eventData === null) {
+          return response.status(StatusCodes.BAD_REQUEST).json({
+            status: 'failed',
+            message: 'Unable to verify event signature',
+          });
+        }
+
+        const result = await billingService.handleEvent(eventData);
+
+        if (result) {
+          return response.status(StatusCodes.OK).json({
+            status: 'successful',
+            message: 'Event handled successfully',
+          });
+        }
+
+        return response.status(StatusCodes.BAD_REQUEST).json({
+          status: 'failed',
+          message: 'Unable to handle event',
+        });
+      })
+      .catch((error) => {
+        logger.error('Webhook middleware error:', error);
+        return response.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+          status: 'failed',
+          message: 'Internal server error',
+        });
+      });
+
+    return; // prevent next() from being called prematurely
+  }
+
+  next();
+}
diff --git a/src/modules/billing/billing.controller.ts b/src/modules/billing/billing.controller.ts
@@ -1,12 +1,6 @@
-import { EventName, Paddle } from '@paddle/paddle-node-sdk';
-import { Request } from 'express';
-import { Body, Get, JsonController, Post, Req } from 'routing-controllers';
+import { Body, Get, JsonController, Param, Post } from 'routing-controllers';
 import { Inject, Service } from 'typedi';
 
-import { diConstants } from '@bonadocs/di';
-import { BonadocsLogger } from '@bonadocs/logger';
-
-import { ConfigService, Paddle as PaddleConfig } from '../configuration';
 import { Subscription } from '../repositories/billing';
 import { PlanSummaryDto } from '../repositories/projects';
 import { JsonResponse } from '../shared';
@@ -18,70 +12,23 @@ import { GeneratePaymentLinkDto } from './dto/generate-payment-link.dto';
 @Service()
 @JsonController('/billing')
 export class BillingController {
-  constructor(
-    @Inject(diConstants.logger) private readonly logger: BonadocsLogger,
-    @Inject() private readonly billingService: BillingService,
-    @Inject() private readonly configService: ConfigService,
-  ) {}
+  constructor(@Inject() private readonly billingService: BillingService) {}
 
   @Post('/upgrade')
   async create(
     @Body({ validate: true }) payload: GeneratePaymentLinkDto,
-    @Req() request: Request,
   ): Promise<JsonResponse<BillingSubscriptionResponse>> {
-    const authData = request.auth;
-    await this.billingService.upgradePlan(authData.projectId!, payload.planId);
+    const url = await this.billingService.upgradePlan(
+      payload.projectId!,
+      payload.planId,
+      payload.countryCode,
+    );
     return {
       status: 'successful',
       message: 'Subscription plan upgraded successfully',
-    };
-  }
-
-  @Post('/webhook')
-  async webhook(@Req() request: Request): Promise<JsonResponse<string> | void> {
-    const paddleConfigs = this.configService.getTransformed<PaddleConfig>('paddle');
-    const paddle = new Paddle(paddleConfigs.apiKey);
-    const signature = request.headers['paddle-signature'] as string;
-    const rawBody = request.body.toString();
-    const secretKey = paddleConfigs.webhookSecretKey;
-    try {
-      if (signature && rawBody) {
-        const eventData = await paddle.webhooks.unmarshal(rawBody, secretKey, signature);
-        switch (eventData.eventType) {
-          case EventName.TransactionPaid:
-            this.billingService.handleTransactionPaidWebhook(eventData.data);
-            this.logger.info(
-              `Handle transaction paid webhook event: ${eventData.notificationId} occurred at ${eventData.occurredAt}`,
-            );
-            return {
-              status: 'successful',
-              message: 'Webhook event handled successfully',
-            };
-          case EventName.SubscriptionCanceled:
-            this.billingService.handleSubscriptionCreatedWebhook(eventData.data);
-            this.logger.info(
-              `Handle subscription canceled webhook event: ${eventData.notificationId} occurred at ${eventData.occurredAt}`,
-            );
-            return {
-              status: 'successful',
-              message: 'Webhook event handled successfully',
-            };
-          default:
-            this.logger.warn(`Unhandled event type: ${eventData.eventType}`);
-            return {
-              status: 'error',
-              message: 'Webhook event could not be handled',
-            };
-        }
-      }
-    } catch (error) {
-      this.logger.info(
-        `An error occurred while handling webhook event: ${error} occurred at ${new Date().toISOString()}`,
-      );
-    }
-    return {
-      status: 'error',
-      message: 'Webhook event could not be handled',
+      data: {
+        url,
+      },
     };
   }
 
@@ -95,10 +42,11 @@ export class BillingController {
     };
   }
 
-  @Get('/active-subscription')
-  async getActiveSubscription(@Req() request: Request): Promise<JsonResponse<Subscription>> {
-    const authData = request.auth;
-    const data = await this.billingService.getActiveSubscriptionPlan(authData.projectId!);
+  @Get('/active-subscription/:projectId')
+  async getActiveSubscription(
+    @Param('projectId') projectId: number,
+  ): Promise<JsonResponse<Subscription>> {
+    const data = await this.billingService.getActiveSubscriptionPlan(projectId);
     return {
       status: 'successful',
       message: 'Plans successfully retrieved',