Update app.js

app.js

@@ -22,51 +22,54 @@ const {
   FIREBASE_CREDENTIALS,
   PAYSTACK_DEMO_SECRET,
   PAYSTACK_LIVE_SECRET,
-  PORT,
+  PORT = 3000,
 } = process.env;
 
 // choose which secret to use (dev/demo by default)
-const PAYSTACK_SECRET = PAYSTACK_DEMO_SECRET; // PAYSTACK_LIVE_SECRET
+const PAYSTACK_SECRET = PAYSTACK_DEMO_SECRET || PAYSTACK_LIVE_SECRET;
 
 if (!PAYSTACK_SECRET) {
   console.warn('WARNING: PAYSTACK_SECRET is not set. Outgoing Paystack calls and webhook verification will fail.');
 }
 
 // Initialize Firebase Admin using credentials read from env
-if (FIREBASE_CREDENTIALS) {
-  try {
+let db = null;
+try {
+  if (FIREBASE_CREDENTIALS) {
     const serviceAccount = JSON.parse(FIREBASE_CREDENTIALS);
     admin.initializeApp({
       credential: admin.credential.cert(serviceAccount),
     });
+    db = admin.firestore();
     console.log('Firebase admin initialized from FIREBASE_CREDENTIALS env var.');
-  } catch (err) {
-    console.error('Failed to parse FIREBASE_CREDENTIALS JSON:', err);
-    process.exit(1);
+  } else {
+    // If admin was already initialized in the environment (e.g. GCP), this will succeed
+    if (!admin.apps.length) {
+      console.warn('FIREBASE_CREDENTIALS not provided. Firebase admin not initialized. Some operations will error if they require Firestore.');
+    } else {
+      db = admin.firestore();
+    }
   }
-} else {
-  console.warn('FIREBASE_CREDENTIALS not provided. Firebase admin not initialized.');
+} catch (err) {
+  console.error('Failed to initialize Firebase admin:', err);
+  // keep running — code paths that need db will guard and log appropriately
 }
 
 // -------------------------------------------------
-// Webhook raw parser (required to verify Paystack signature)
-// -------------------------------------------------
-app.use(
-  express.raw({
-    type: 'application/json',
-    limit: '1mb',
-  })
-);
-
 // Utility: verify x-paystack-signature
+// -------------------------------------------------
 function verifyPaystackSignature(rawBodyBuffer, signatureHeader) {
   if (!PAYSTACK_SECRET) return false;
-  const hmac = crypto.createHmac('sha512', PAYSTACK_SECRET);
-  hmac.update(rawBodyBuffer);
-  const expected = hmac.digest('hex');
+  if (!rawBodyBuffer) return false;
   try {
-    return crypto.timingSafeEqual(Buffer.from(expected, 'utf8'), Buffer.from(signatureHeader || '', 'utf8'));
+    const hmac = crypto.createHmac('sha512', PAYSTACK_SECRET);
+    hmac.update(rawBodyBuffer);
+    const expected = hmac.digest('hex');
+    // signatureHeader may be undefined - handle gracefully
+    if (!signatureHeader) return false;
+    return crypto.timingSafeEqual(Buffer.from(expected, 'utf8'), Buffer.from(String(signatureHeader), 'utf8'));
   } catch (e) {
+    console.error('Error while verifying signature:', e);
     return false;
   }
 }
@@ -127,6 +130,7 @@ function getExpiryFromPlan(planInput) {
       return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
     }
     if (interval.includes('hour')) {
+      // treat hour interval as a week by default (matching original logic)
       const expires = Date.now() + 7 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
       return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
     }
@@ -155,16 +159,29 @@ function getExpiryFromPlan(planInput) {
 
 // ------------------------------
 // Helper: get userId from stored slug mapping
+//   - try doc id == slug
+//   - fallback: query where pageId == slug
 // ------------------------------
-async function getUserIdFromSlug(db, slug) {
-  if (!slug) return null;
+async function getUserIdFromSlug(dbInstance, slugOrPageId) {
+  if (!slugOrPageId || !dbInstance) return null;
   try {
-    const doc = await db.collection('paystack-page-mappings').doc(slug).get();
-    if (!doc.exists) return null;
-    const data = doc.data();
-    return data?.userId || null;
+    // try doc id first (we store mapping under doc id === slug)
+    const doc = await dbInstance.collection('paystack-page-mappings').doc(String(slugOrPageId)).get();
+    if (doc.exists) {
+      const data = doc.data();
+      if (data?.userId) return data.userId;
+    }
+
+    // fallback: maybe caller passed pageId; search by pageId field
+    const q = await dbInstance.collection('paystack-page-mappings').where('pageId', '==', String(slugOrPageId)).limit(1).get();
+    if (!q.empty) {
+      const d = q.docs[0].data();
+      if (d?.userId) return d.userId;
+    }
+
+    return null;
   } catch (e) {
-    console.error('Failed to read page mapping for slug:', slug, e);
+    console.error('Failed to read page mapping for slug/pageId:', slugOrPageId, e);
     return null;
   }
 }
@@ -172,7 +189,7 @@ async function getUserIdFromSlug(db, slug) {
 // ------------------------------
 // Robust extractor for userId (tries metadata, custom_fields, customer metadata, slug mapping, email fallback)
 // ------------------------------
-async function extractUserIdFromPayload(data, db) {
+async function extractUserIdFromPayload(data = {}, dbInstance) {
   // 1) direct metadata on data
   const metadata = data.metadata || {};
   if (metadata.userId || metadata.user_id) return { userId: metadata.userId || metadata.user_id, source: 'metadata' };
@@ -205,10 +222,10 @@ async function extractUserIdFromPayload(data, db) {
     }
   }
 
-  // 5) slug mapping fallback - many webhooks include data.slug
-  const slug = data.slug || data.page?.slug || (data.authorization?.reference && null);
-  if (slug) {
-    const mappedUserId = await getUserIdFromSlug(db, slug);
+  // 5) slug / page id mapping fallback - many Paystack page webhooks include data.page.slug or data.page.id
+  const slugCandidate = data.slug || data.page?.slug || data.page?.id || metadata?.slug || metadata?.page_slug || null;
+  if (slugCandidate && dbInstance) {
+    const mappedUserId = await getUserIdFromSlug(dbInstance, slugCandidate);
     if (mappedUserId) return { userId: mappedUserId, source: 'slug_mapping' };
   }
 
@@ -219,15 +236,18 @@ async function extractUserIdFromPayload(data, db) {
   return { userId: null, source: null };
 }
 
+// ------------------------------
 // Helper: find user doc reference in Firestore (tries doc id and queries by fields)
-async function findUserDocRef(db, { metadataUserId, email }) {
-  const usersRef = db.collection('users');
+// ------------------------------
+async function findUserDocRef(dbInstance, { metadataUserId, email, paystackCustomerId } = {}) {
+  if (!dbInstance) return null;
+  const usersRef = dbInstance.collection('users');
 
   if (metadataUserId) {
-    // if metadataUserId looks like an email, skip docId check
+    // if metadataUserId looks like an email, skip docId check and search by email
     if (!String(metadataUserId).includes('@')) {
       try {
-        const docRef = usersRef.doc(metadataUserId);
+        const docRef = usersRef.doc(String(metadataUserId));
         const snap = await docRef.get();
         if (snap.exists) return docRef;
       } catch (e) {
@@ -247,6 +267,16 @@ async function findUserDocRef(db, { metadataUserId, email }) {
     }
   }
 
+  // If paystack_customer_id was provided, try that too
+  if (paystackCustomerId) {
+    try {
+      const qSnap = await usersRef.where('paystack_customer_id', '==', String(paystackCustomerId)).limit(1).get();
+      if (!qSnap.empty) return qSnap.docs[0].ref;
+    } catch (e) {
+      // ignore
+    }
+  }
+
   if (email) {
     try {
       const qSnap = await usersRef.where('email', '==', email).limit(1).get();
@@ -260,11 +290,75 @@ async function findUserDocRef(db, { metadataUserId, email }) {
   return null;
 }
 
+// ------------------------------
+// Cleanup that should run after a successful charge for the user
+// - Deletes page mapping doc if slug provided and mapping matches user
+// - Removes any "pending-payments" documents for the user (optional)
+// - Writes a paymentCleanup log
+// Customize this per your app's needs.
+// ------------------------------
+async function cleanUpAfterSuccessfulCharge(dbInstance, userDocRef, { slug, pageId, reference, email } = {}) {
+  if (!dbInstance || !userDocRef) return;
+  try {
+    // 1) delete mapping doc if exists and mapping.userId === user's id
+    if (slug) {
+      try {
+        const mapRef = dbInstance.collection('paystack-page-mappings').doc(String(slug));
+        const mapSnap = await mapRef.get();
+        if (mapSnap.exists) {
+          const map = mapSnap.data();
+          // if mapping.userId equals user doc id or equals user's email or similar, delete.
+          const userIdCandidate = userDocRef.id;
+          if (String(map.userId) === String(userIdCandidate) || (email && String(map.userId) === String(email))) {
+            await mapRef.delete();
+            console.log('Deleted paystack-page-mappings doc for slug:', slug);
+          } else {
+            console.log('Skipping deletion of mapping for slug (owner mismatch):', slug);
+          }
+        }
+      } catch (e) {
+        console.error('Error deleting paystack-page-mappings doc for slug:', slug, e);
+      }
+    }
+
+    // 2) optional: remove pending-payments documents (if your app stores them)
+    try {
+      const pendingRef = dbInstance.collection('pending-payments');
+      const q = await pendingRef.where('userId', '==', userDocRef.id).limit(50).get();
+      if (!q.empty) {
+        const batch = dbInstance.batch();
+        q.docs.forEach(doc => batch.delete(doc.ref));
+        await batch.commit();
+        console.log('Deleted pending-payments for user:', userDocRef.id);
+      }
+    } catch (e) {
+      // not critical
+      console.error('Failed to delete pending-payments (non-fatal):', e);
+    }
+
+    // 3) log the cleanup
+    try {
+      await dbInstance.collection('paystack-cleanups').add({
+        userRef: userDocRef.path,
+        slug: slug || null,
+        pageId: pageId ? String(pageId) : null,
+        reference: reference || null,
+        email: email || null,
+        cleanedAt: admin.firestore.FieldValue.serverTimestamp(),
+      });
+    } catch (e) {
+      console.error('Failed to log cleanup:', e);
+    }
+  } catch (e) {
+    console.error('Unexpected error during cleanup:', e);
+  }
+}
+
 // ------------------------
-// Existing webhook endpoint (modified to update subscription/entitlements and write paystack_customer_id)
+// Webhook endpoint (only this route uses express.raw so other routes can use express.json)
 // ------------------------
-app.post('/webhook/paystack', async (req, res) => {
-  const raw = req.body; // Buffer because we used express.raw
+app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1mb' }), async (req, res) => {
+  const raw = req.body; // Buffer
   const signature = req.get('x-paystack-signature') || req.get('X-Paystack-Signature');
 
   // Verify signature
@@ -288,20 +382,22 @@ app.post('/webhook/paystack', async (req, res) => {
   const isInvoiceOrSubscription = /invoice\.(payment_succeeded|paid)|subscription\./i.test(event);
   const isPayment = isChargeSuccess;
 
-  const db = admin.firestore();
+  if (!db) {
+    console.error('Firestore (admin) not initialized; webhook will not persist data.');
+  }
 
   if (isRefund || isPayment || /subscription\.create/i.test(event) || /subscription\.update/i.test(event)) {
     console.log('--- PAYSTACK WEBHOOK (INTERESTING EVENT) ---');
     console.log('event:', event);
-    console.log('payload:', JSON.stringify(payload, null, 2));
-
-    // persist webhook for auditing
+    // persist webhook for auditing (best-effort)
     try {
-      await db.collection('paystack-webhooks').add({
-        event,
-        payload,
-        receivedAt: admin.firestore.FieldValue.serverTimestamp(),
-      });
+      if (db) {
+        await db.collection('paystack-webhooks').add({
+          event,
+          payload,
+          receivedAt: admin.firestore.FieldValue.serverTimestamp(),
+        });
+      }
     } catch (err) {
       console.error('Failed to persist webhook audit:', err);
     }
@@ -312,6 +408,8 @@ app.post('/webhook/paystack', async (req, res) => {
     let metadataUserId = null;
     let customerEmail = null;
     let extractorSource = null;
+    let maybeSlug = null;
+    let maybePageId = null;
     try {
       const extracted = await extractUserIdFromPayload(data, db);
       metadataUserId = extracted.userId || null;
@@ -328,16 +426,30 @@ app.post('/webhook/paystack', async (req, res) => {
     // Also set explicit customer email if present
     if (!customerEmail && data.customer?.email) customerEmail = data.customer.email;
 
+    // Save possible slug/pageId for cleanup/connection
+    maybeSlug = data.slug || data.page?.slug || data.metadata?.slug || null;
+    maybePageId = data.page?.id || data.page_id || data.metadata?.page_id || null;
+
+    // Also try to get paystack customer id from payload (helps linking)
+    const paystackCustomerId = data.customer?.id ?? data.customer?.customer_code ?? null;
+
     // Find user doc reference
     let userDocRef = null;
     try {
-      userDocRef = await findUserDocRef(db, { metadataUserId, email: customerEmail });
+      userDocRef = await findUserDocRef(db, { metadataUserId, email: customerEmail, paystackCustomerId });
+      // If still null and metadataUserId is present but looks like slug, try slug mapping as last resort
+      if (!userDocRef && metadataUserId && db) {
+        const mapped = await getUserIdFromSlug(db, metadataUserId);
+        if (mapped) {
+          userDocRef = await findUserDocRef(db, { metadataUserId: mapped, email: customerEmail, paystackCustomerId });
+        }
+      }
     } catch (err) {
       console.error('Error finding user doc:', err);
       userDocRef = null;
     }
 
-    // Handler: subscription.create - store subscription id only and paystack_customer_id
+    // Handler: subscription.create - store subscription id and paystack_customer_id
     if (/subscription\.create/i.test(event) || event === 'subscription.create') {
       const subscriptionCode = data.subscription_code || data.subscription?.subscription_code || (data.id ? String(data.id) : null);
       const status = data.status || 'active';
@@ -377,7 +489,7 @@ app.post('/webhook/paystack', async (req, res) => {
 
     // Handler: charge.success - add entitlement on successful subscription charge
     if (isPayment) {
-      const recurringMarker = (data.metadata && (data.metadata.custom_filters?.recurring || data.metadata.recurring)) || false;
+      const recurringMarker = Boolean((data.metadata && (data.metadata.custom_filters?.recurring || data.metadata.recurring)) || false);
       const hasSubscription = !!(data.subscription || data.subscriptions || data.plan);
       const isLikelySubscriptionPayment = recurringMarker || hasSubscription;
 
@@ -385,7 +497,7 @@ app.post('/webhook/paystack', async (req, res) => {
       const expiry = getExpiryFromPlan(planObj);
 
       const entitlement = {
-        id: data.reference || data.id ? String(data.reference || data.id) : null,
+        id: (data.reference || data.id) ? String(data.reference || data.id) : null,
         source: 'paystack',
         amount: data.amount || null,
         reference: data.reference || null,
@@ -401,8 +513,24 @@ app.post('/webhook/paystack', async (req, res) => {
           await userDocRef.update({
             entitlements: admin.firestore.FieldValue.arrayUnion(entitlement),
             updatedAt: admin.firestore.FieldValue.serverTimestamp(),
+            lastPaymentAt: admin.firestore.FieldValue.serverTimestamp(),
+            // Save paystack_customer_id if present and not already present
+            ...(paystackCustomerId ? { paystack_customer_id: String(paystackCustomerId) } : {}),
           });
           console.log('Added entitlement to user:', entitlement.id || entitlement.reference, 'expiry:', expiry.expiresAtIso);
+
+          // Run cleanup now that the charge is successful for this user
+          try {
+            await cleanUpAfterSuccessfulCharge(db, userDocRef, {
+              slug: maybeSlug,
+              pageId: maybePageId,
+              reference: entitlement.reference || entitlement.id,
+              email: customerEmail,
+            });
+          } catch (cleanupErr) {
+            console.error('Cleanup after successful charge failed:', cleanupErr);
+          }
+
         } catch (err) {
           console.error('Failed to add entitlement to user:', err);
         }
@@ -452,21 +580,10 @@ app.post('/webhook/paystack', async (req, res) => {
 });
 
 // ------------------------
-// New: Create Payment Page (link) for a plan
+// Create Payment Page (link) for a plan
 // ------------------------
 app.post('/create-payment-link', express.json(), async (req, res) => {
-
-  // If req.body was left as a Buffer (because express.raw ran), parse it:
-  let body = req.body;
-  if (Buffer.isBuffer(body)) {
-    try {
-      body = JSON.parse(body.toString('utf8'));
-    } catch (err) {
-      return res.status(400).json({ ok: false, message: 'Invalid JSON' });
-    }
-  }
-
-  const { planId, userId, name, amount, redirect_url, collect_phone = false, fixed_amount = false } = body || {};
+  const { planId, userId, name, amount, redirect_url, collect_phone = false, fixed_amount = false } = req.body || {};
 
   if (!planId) return res.status(400).json({ ok: false, message: 'planId is required' });
   if (!userId) return res.status(400).json({ ok: false, message: 'userId is required' });
@@ -478,18 +595,11 @@ app.post('/create-payment-link', express.json(), async (req, res) => {
     type: 'subscription',
     plan: planId,
     metadata: {
-      userId,
+      userId: String(userId),
+    },
+    customer.metadata: {
+      userId: String(userId),
     },
-    // Pre-fill the custom field so Paystack includes it in transaction if possible
-   /* custom_fields: [
-      {
-        display_name: 'User ID',
-        variable_name: 'user_id',
-        value: userId,
-      },
-    ],
-    */
-    
     collect_phone,
     fixed_amount,
   };
@@ -512,13 +622,20 @@ app.post('/create-payment-link', express.json(), async (req, res) => {
     try {
       const slug = pageData.slug || pageData.data?.slug || null;
       const pageId = pageData.id || pageData.data?.id || null;
-      if (slug) {
-        await admin.firestore().collection('paystack-page-mappings').doc(String(slug)).set({
-          userId,
+      if (slug && db) {
+        await db.collection('paystack-page-mappings').doc(String(slug)).set({
+          userId: String(userId),
           pageId: pageId ? String(pageId) : null,
           createdAt: admin.firestore.FieldValue.serverTimestamp(),
         }, { merge: true });
         console.log('Saved page slug mapping for', slug);
+      } else if (pageId && db) {
+        // also ensure a record exists by pageId lookup (useful if slug missing in some responses)
+        await db.collection('paystack-page-mappings').doc(String(pageId)).set({
+          userId: String(userId),
+          pageId: String(pageId),
+          createdAt: admin.firestore.FieldValue.serverTimestamp(),
+        }, { merge: true });
       }
     } catch (e) {
       console.error('Failed to persist page slug mapping:', e);
@@ -533,7 +650,7 @@ app.post('/create-payment-link', express.json(), async (req, res) => {
 });
 
 // Simple health check
-app.get('/health', (_req, res) => res.json({ ok: true }));
+app.get('/health', (req, res) => res.json({ ok: true }));
 
 app.listen(PORT, () => {
   console.log(`Paystack webhook server listening on port ${PORT}`);