Update app.js

app.js

@@ -1,5 +1,5 @@
 // paystack-webhook.js
-// Node >= 14, install dependencies:
+// Node >= 14
 // npm install express firebase-admin axios
 
 const express = require('express');
@@ -9,455 +9,420 @@ const axios = require('axios');
 
 const app = express();
 
-// -------------------------------------------------
-// Environment variables (set these in your env/secrets)
-// -------------------------------------------------
-// - FIREBASE_CREDENTIALS: stringified JSON service account
-// - PAYSTACK_DEMO_SECRET
-// - PAYSTACK_LIVE_SECRET
-// - PORT (optional)
-// -------------------------------------------------
-
 const {
   FIREBASE_CREDENTIALS,
   PAYSTACK_DEMO_SECRET,
   PAYSTACK_LIVE_SECRET,
-  PORT,
+  PORT = 7860,
 } = process.env;
-
-// choose which secret to use (dev/demo by default)
 const PAYSTACK_SECRET = PAYSTACK_DEMO_SECRET || PAYSTACK_LIVE_SECRET;
 
-if (!PAYSTACK_SECRET) {
-  console.warn('WARNING: PAYSTACK_SECRET is not set. Outgoing Paystack calls and webhook verification will fail.');
-}
+if (!PAYSTACK_SECRET) console.warn('WARNING: PAYSTACK secret not set.');
 
-// Initialize Firebase Admin using credentials read from env
 let db = null;
 try {
   if (FIREBASE_CREDENTIALS) {
-    const serviceAccount = JSON.parse(FIREBASE_CREDENTIALS);
-    admin.initializeApp({
-      credential: admin.credential.cert(serviceAccount),
-    });
+    const svc = JSON.parse(FIREBASE_CREDENTIALS);
+    admin.initializeApp({ credential: admin.credential.cert(svc) });
     db = admin.firestore();
     console.log('Firebase admin initialized from FIREBASE_CREDENTIALS env var.');
   } else {
-    // If admin was already initialized in the environment (e.g. GCP), this will succeed
     if (!admin.apps.length) {
-      console.warn('FIREBASE_CREDENTIALS not provided. Firebase admin not initialized. Some operations will error if they require Firestore.');
+      console.warn('FIREBASE_CREDENTIALS not provided and admin not initialized.');
     } else {
       db = admin.firestore();
     }
   }
-} catch (err) {
-  console.error('Failed to initialize Firebase admin:', err);
-  // keep running — code paths that need db will guard and log appropriately
+} catch (e) {
+  console.error('Failed to init Firebase admin:', e);
+}
+
+/* -------------------- Helpers -------------------- */
+
+function safeParseJSON(raw) {
+  try { return JSON.parse(raw); } catch (e) { return null; }
 }
 
-// -------------------------------------------------
-// Utility: verify x-paystack-signature
-// -------------------------------------------------
 function verifyPaystackSignature(rawBodyBuffer, signatureHeader) {
-  if (!PAYSTACK_SECRET) return false;
-  if (!rawBodyBuffer) return false;
+  if (!PAYSTACK_SECRET || !rawBodyBuffer || !signatureHeader) return false;
   try {
     const hmac = crypto.createHmac('sha512', PAYSTACK_SECRET);
     hmac.update(rawBodyBuffer);
     const expected = hmac.digest('hex');
-    // signatureHeader may be undefined - handle gracefully
-    if (!signatureHeader) return false;
     return crypto.timingSafeEqual(Buffer.from(expected, 'utf8'), Buffer.from(String(signatureHeader), 'utf8'));
   } catch (e) {
-    console.error('Error while verifying signature:', e);
+    console.error('Signature verification error:', e);
     return false;
   }
 }
 
-// Helper: safe JSON parse
-function safeParseJSON(raw) {
+function extractSlugFromReferrer(refUrl) {
+  if (!refUrl || typeof refUrl !== 'string') return null;
+  // common patterns: https://paystack.shop/pay/<slug>, https://example.com/pay/<slug>?...
   try {
-    return JSON.parse(raw);
-  } catch (err) {
-    return null;
+    // quick regex: look for /pay/<slug> or /p/<slug>
+    const m = refUrl.match(/\/(?:pay|p)\/([^\/\?\#]+)/i);
+    if (m && m[1]) return m[1];
+    // fallback: last path segment
+    const parts = new URL(refUrl).pathname.split('/').filter(Boolean);
+    if (parts.length) return parts[parts.length - 1];
+  } catch (e) {
+    // invalid URL string; try fallback heuristic
+    const fallback = (refUrl.split('/').pop() || '').split('?')[0].split('#')[0];
+    return fallback || null;
   }
+  return null;
 }
 
-// ------------------------------
-// Expiry helper: getExpiryFromPlan
-// ------------------------------
-const EXTRA_FREE_MS = 2 * 60 * 60 * 1000; // 2 hours in ms
-
-const WEEKLY_PLAN_IDS = new Set([
-  3311892,
-  3305738,
-  'PLN_ngz4l76whecrpkv',
-  'PLN_f7a3oagrpt47d5f',
-]);
-
-const MONTHLY_PLAN_IDS = new Set([
-  3305739,
-  'PLN_584ck56g65xhkum',
-]);
-
+/* expiry helper (same as before) */
+const EXTRA_FREE_MS = 2 * 60 * 60 * 1000;
+const WEEKLY_PLAN_IDS = new Set([3311892, 3305738, 'PLN_ngz4l76whecrpkv', 'PLN_f7a3oagrpt47d5f']);
+const MONTHLY_PLAN_IDS = new Set([3305739, 'PLN_584ck56g65xhkum']);
 function getExpiryFromPlan(planInput) {
-  let interval = null;
-  let planId = null;
-  let planCode = null;
-
-  if (!planInput) {
-    interval = null;
-  } else if (typeof planInput === 'object') {
+  let interval = null, planId = null, planCode = null;
+  if (!planInput) { interval = null; }
+  else if (typeof planInput === 'object') {
     planId = planInput.id ?? planInput.plan_id ?? null;
     planCode = planInput.plan_code ?? planInput.planCode ?? null;
-    interval = (planInput.interval || planInput.billing_interval || null);
-  } else if (typeof planInput === 'number') {
-    planId = planInput;
-  } else if (typeof planInput === 'string') {
-    planCode = planInput;
-    const asNum = Number(planInput);
-    if (!Number.isNaN(asNum)) planId = asNum;
-  }
+    interval = planInput.interval || planInput.billing_interval || null;
+  } else if (typeof planInput === 'number') planId = planInput;
+  else if (typeof planInput === 'string') { planCode = planInput; const asNum = Number(planInput); if (!Number.isNaN(asNum)) planId = asNum; }
 
   if (interval) {
     interval = String(interval).toLowerCase();
     if (interval.includes('week')) {
-      const expires = Date.now() + 7 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+      const expires = Date.now() + 7*24*60*60*1000 + EXTRA_FREE_MS;
       return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
     }
     if (interval.includes('month')) {
-      const expires = Date.now() + 30 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+      const expires = Date.now() + 30*24*60*60*1000 + EXTRA_FREE_MS;
       return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
     }
     if (interval.includes('hour')) {
-      // treat hour interval as a week by default (matching original logic)
-      const expires = Date.now() + 7 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+      const expires = Date.now() + 7*24*60*60*1000 + EXTRA_FREE_MS;
       return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
     }
   }
 
   if (planId && WEEKLY_PLAN_IDS.has(planId)) {
-    const expires = Date.now() + 7 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+    const expires = Date.now() + 7*24*60*60*1000 + EXTRA_FREE_MS;
     return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
   }
   if (planCode && WEEKLY_PLAN_IDS.has(planCode)) {
-    const expires = Date.now() + 7 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+    const expires = Date.now() + 7*24*60*60*1000 + EXTRA_FREE_MS;
     return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
   }
   if (planId && MONTHLY_PLAN_IDS.has(planId)) {
-    const expires = Date.now() + 30 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+    const expires = Date.now() + 30*24*60*60*1000 + EXTRA_FREE_MS;
     return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
   }
   if (planCode && MONTHLY_PLAN_IDS.has(planCode)) {
-    const expires = Date.now() + 30 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+    const expires = Date.now() + 30*24*60*60*1000 + EXTRA_FREE_MS;
     return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
   }
 
-  const expires = Date.now() + 30 * 24 * 60 * 60 * 1000 + EXTRA_FREE_MS;
+  const expires = Date.now() + 30*24*60*60*1000 + EXTRA_FREE_MS;
   return { expiresAtMs: expires, expiresAtIso: new Date(expires).toISOString() };
 }
 
-// ------------------------------
-// Helper: get userId from stored slug mapping
-//   - try doc id == slug
-//   - fallback: query where pageId == slug
-// ------------------------------
+/* -------------------- Mapping resolution helpers -------------------- */
+
+// get userId string from mapping doc (doc id == slug or where pageId==slug)
 async function getUserIdFromSlug(dbInstance, slugOrPageId) {
-  if (!slugOrPageId || !dbInstance) return null;
+  if (!dbInstance || !slugOrPageId) return null;
   try {
-    // try doc id first (we store mapping under doc id === slug)
-    const doc = await dbInstance.collection('paystack-page-mappings').doc(String(slugOrPageId)).get();
-    if (doc.exists) {
-      const data = doc.data();
-      if (data?.userId) return data.userId;
+    // doc id lookup
+    const docRef = dbInstance.collection('paystack-page-mappings').doc(String(slugOrPageId));
+    const snap = await docRef.get();
+    if (snap.exists) {
+      const d = snap.data();
+      if (d?.userId) {
+        console.log('Found mapping doc (by docId) for', slugOrPageId, ':', d);
+        return d.userId;
+      }
     }
-
-    // fallback: maybe caller passed pageId; search by pageId field
+    // fallback query by pageId
     const q = await dbInstance.collection('paystack-page-mappings').where('pageId', '==', String(slugOrPageId)).limit(1).get();
     if (!q.empty) {
       const d = q.docs[0].data();
+      console.log('Found mapping doc (by pageId) for', slugOrPageId, ':', d);
       if (d?.userId) return d.userId;
     }
-
     return null;
   } catch (e) {
-    console.error('Failed to read page mapping for slug/pageId:', slugOrPageId, e);
+    console.error('getUserIdFromSlug error:', e);
     return null;
   }
 }
 
-// ------------------------------
-// Robust extractor for userId (tries metadata, custom_fields, customer metadata, slug mapping, email fallback)
-// ------------------------------
-async function extractUserIdFromPayload(data = {}, dbInstance) {
-  // 1) direct metadata on data
-  const metadata = data.metadata || {};
-  if (metadata.userId || metadata.user_id) return { userId: metadata.userId || metadata.user_id, source: 'metadata' };
-
-  // 2) customer.metadata
-  const custMeta = data.customer?.metadata || {};
-  if (custMeta.userId || custMeta.user_id) return { userId: custMeta.userId || custMeta.user_id, source: 'customer.metadata' };
-
-  // 3) top-level custom_fields (array)
-  if (Array.isArray(data.custom_fields)) {
-    for (const f of data.custom_fields) {
-      const name = (f.variable_name || f.display_name || '').toString().toLowerCase();
-      if ((name.includes('user') || name.includes('user_id') || name.includes('userid')) && f.value) {
-        return { userId: f.value, source: 'custom_fields' };
-      }
-    }
-  }
+// Attempt resolution: given mapping key (slug), return a users/<docRef> or null
+async function resolveUserDocFromMapping(dbInstance, key) {
+  if (!dbInstance || !key) return null;
+  try {
+    // map to userId (string) first
+    const mappedUserId = await getUserIdFromSlug(dbInstance, key);
+    if (!mappedUserId) return null;
 
-  // 4) metadata.custom_fields
-  if (metadata.custom_fields) {
-    if (Array.isArray(metadata.custom_fields)) {
-      for (const f of metadata.custom_fields) {
-        const name = (f.variable_name || f.display_name || '').toString().toLowerCase();
-        if (name.includes('user') && f.value) return { userId: f.value, source: 'metadata.custom_fields' };
-      }
-    } else if (typeof metadata.custom_fields === 'object') {
-      for (const k of Object.keys(metadata.custom_fields)) {
-        if (k.toLowerCase().includes('user')) return { userId: metadata.custom_fields[k], source: 'metadata.custom_fields_object' };
+    const usersRef = dbInstance.collection('users');
+
+    // try doc id first
+    try {
+      const directRef = usersRef.doc(String(mappedUserId));
+      const ds = await directRef.get();
+      if (ds.exists) {
+        console.log('Resolved user by direct doc id:', directRef.path);
+        return directRef;
       }
+    } catch (e) {
+      // continue to queries
     }
-  }
 
-  // 5) slug / page id mapping fallback - many Paystack page webhooks include data.page.slug or data.page.id
-  const slugCandidate = data.slug || data.page?.slug || data.page?.id || metadata?.slug || metadata?.page_slug || null;
-  if (slugCandidate && dbInstance) {
-    const mappedUserId = await getUserIdFromSlug(dbInstance, slugCandidate);
-    if (mappedUserId) return { userId: mappedUserId, source: 'slug_mapping' };
-  }
+    // if mappedUserId looks like email, try email query
+    const looksLikeEmail = String(mappedUserId).includes('@');
+    if (looksLikeEmail) {
+      try {
+        const q = await usersRef.where('email', '==', String(mappedUserId)).limit(1).get();
+        if (!q.empty) {
+          console.log('Resolved user by email query for', mappedUserId);
+          return q.docs[0].ref;
+        }
+      } catch (e) { /* ignore */ }
+    }
 
-  // 6) email fallback (return email so caller can search)
-  if (data.customer?.email) return { userId: data.customer.email, source: 'email' };
+    // fallback to common id fields
+    const idFields = ['userId','uid','id'];
+    for (const f of idFields) {
+      try {
+        const q = await usersRef.where(f,'==',mappedUserId).limit(1).get();
+        if (!q.empty) {
+          console.log('Resolved user by field', f, 'for', mappedUserId);
+          return q.docs[0].ref;
+        }
+      } catch (e) { /* ignore */ }
+    }
 
-  // nothing found
-  return { userId: null, source: null };
+    return null;
+  } catch (e) {
+    console.error('resolveUserDocFromMapping error:', e);
+    return null;
+  }
 }
 
-// ------------------------------
-// Helper: find user doc reference in Firestore (tries doc id and queries by fields)
-// ------------------------------
+/* -------------------- Fallback user resolution -------------------- */
+
 async function findUserDocRef(dbInstance, { metadataUserId, email, paystackCustomerId } = {}) {
   if (!dbInstance) return null;
   const usersRef = dbInstance.collection('users');
 
   if (metadataUserId) {
-    // if metadataUserId looks like an email, skip docId check and search by email
     if (!String(metadataUserId).includes('@')) {
       try {
         const docRef = usersRef.doc(String(metadataUserId));
-        const snap = await docRef.get();
-        if (snap.exists) return docRef;
-      } catch (e) {
-        // continue to queries
-      }
+        const s = await docRef.get();
+        if (s.exists) return docRef;
+      } catch (e) {}
     }
 
-    // try equality queries on commonly used id fields
-    const idFields = ['userId', 'uid', 'id'];
-    for (const field of idFields) {
+    const idFields = ['userId','uid','id'];
+    for (const f of idFields) {
       try {
-        const qSnap = await usersRef.where(field, '==', metadataUserId).limit(1).get();
-        if (!qSnap.empty) return qSnap.docs[0].ref;
-      } catch (e) {
-        // ignore and proceed
-      }
+        const q = await usersRef.where(f,'==',metadataUserId).limit(1).get();
+        if (!q.empty) return q.docs[0].ref;
+      } catch (e) {}
     }
   }
 
-  // If paystack_customer_id was provided, try that too
   if (paystackCustomerId) {
     try {
-      const qSnap = await usersRef.where('paystack_customer_id', '==', String(paystackCustomerId)).limit(1).get();
-      if (!qSnap.empty) return qSnap.docs[0].ref;
-    } catch (e) {
-      // ignore
-    }
+      const q = await usersRef.where('paystack_customer_id','==',String(paystackCustomerId)).limit(1).get();
+      if (!q.empty) return q.docs[0].ref;
+    } catch (e) {}
   }
 
   if (email) {
     try {
-      const qSnap = await usersRef.where('email', '==', email).limit(1).get();
-      if (!qSnap.empty) return qSnap.docs[0].ref;
-    } catch (e) {
-      // ignore
-    }
+      const q = await usersRef.where('email','==',String(email)).limit(1).get();
+      if (!q.empty) return q.docs[0].ref;
+    } catch (e) {}
   }
 
-  // Not found
   return null;
 }
 
-// ------------------------------
-// Cleanup that should run after a successful charge for the user
-// - Deletes page mapping doc if slug provided and mapping matches user
-// - Removes any "pending-payments" documents for the user (optional)
-// - Writes a paymentCleanup log
-// Customize this per your app's needs.
-// ------------------------------
+/* -------------------- Cleanup -------------------- */
+
 async function cleanUpAfterSuccessfulCharge(dbInstance, userDocRef, { slug, pageId, reference, email } = {}) {
   if (!dbInstance || !userDocRef) return;
   try {
-    // 1) delete mapping doc if exists and mapping.userId === user's id
-    if (slug) {
+    const tryDelete = async (docId) => {
+      if (!docId) return;
       try {
-        const mapRef = dbInstance.collection('paystack-page-mappings').doc(String(slug));
-        const mapSnap = await mapRef.get();
-        if (mapSnap.exists) {
-          const map = mapSnap.data();
-          // if mapping.userId equals user doc id or equals user's email or similar, delete.
-          const userIdCandidate = userDocRef.id;
-          if (String(map.userId) === String(userIdCandidate) || (email && String(map.userId) === String(email))) {
-            await mapRef.delete();
-            console.log('Deleted paystack-page-mappings doc for slug:', slug);
-          } else {
-            console.log('Skipping deletion of mapping for slug (owner mismatch):', slug);
-          }
+        const ref = dbInstance.collection('paystack-page-mappings').doc(String(docId));
+        const s = await ref.get();
+        if (!s.exists) return;
+        const map = s.data();
+        const owner = String(map.userId || '');
+        if (owner === String(userDocRef.id) || (email && owner === String(email))) {
+          await ref.delete();
+          console.log('Deleted mapping doc:', docId);
+        } else {
+          console.log('Mapping owner mismatch, not deleting:', docId, 'owner=', owner, 'user=', userDocRef.id);
         }
       } catch (e) {
-        console.error('Error deleting paystack-page-mappings doc for slug:', slug, e);
+        console.error('Error deleting mapping doc', docId, e);
       }
-    }
+    };
+    await tryDelete(slug);
+    await tryDelete(pageId);
 
-    // 2) optional: remove pending-payments documents (if your app stores them)
+    // optional: clear pending-payments
     try {
       const pendingRef = dbInstance.collection('pending-payments');
-      const q = await pendingRef.where('userId', '==', userDocRef.id).limit(50).get();
+      const q = await pendingRef.where('userId','==',userDocRef.id).limit(100).get();
       if (!q.empty) {
         const batch = dbInstance.batch();
-        q.docs.forEach(doc => batch.delete(doc.ref));
+        q.docs.forEach(d => batch.delete(d.ref));
         await batch.commit();
         console.log('Deleted pending-payments for user:', userDocRef.id);
       }
     } catch (e) {
-      // not critical
-      console.error('Failed to delete pending-payments (non-fatal):', e);
+      console.error('Failed deleting pending-payments (non-fatal):', e);
     }
 
-    // 3) log the cleanup
+    // log cleanup
     try {
       await dbInstance.collection('paystack-cleanups').add({
         userRef: userDocRef.path,
         slug: slug || null,
-        pageId: pageId ? String(pageId) : null,
+        pageId: pageId || null,
         reference: reference || null,
         email: email || null,
         cleanedAt: admin.firestore.FieldValue.serverTimestamp(),
       });
     } catch (e) {
-      console.error('Failed to log cleanup:', e);
+      console.error('Failed logging cleanup:', e);
     }
   } catch (e) {
-    console.error('Unexpected error during cleanup:', e);
+    console.error('Unexpected cleanup error:', e);
   }
 }
 
-// ------------------------
-// Webhook endpoint (only this route uses express.raw so other routes can use express.json)
-// ------------------------
+/* -------------------- Webhook route -------------------- */
+
 app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1mb' }), async (req, res) => {
-  const raw = req.body; // Buffer
+  const raw = req.body;
   const signature = req.get('x-paystack-signature') || req.get('X-Paystack-Signature');
 
-  // Verify signature
   if (!signature || !verifyPaystackSignature(raw, signature)) {
-    console.warn('Paystack webhook signature verification failed. Signature header:', signature);
+    console.warn('Paystack webhook signature verify failed. header:', signature);
     return res.status(400).json({ ok: false, message: 'Invalid signature' });
   }
 
-  // Parse payload
   const bodyStr = raw.toString('utf8');
   const payload = safeParseJSON(bodyStr);
-
-  if (!payload) {
-    console.warn('Could not parse webhook JSON payload.');
-    return res.status(400).json({ ok: false, message: 'Invalid JSON' });
-  }
+  if (!payload) return res.status(400).json({ ok: false, message: 'Invalid JSON' });
 
   const event = (payload.event || payload.type || '').toString();
   const isRefund = /refund/i.test(event);
   const isChargeSuccess = /charge\.success/i.test(event);
-  const isInvoiceOrSubscription = /invoice\.(payment_succeeded|paid)|subscription\./i.test(event);
   const isPayment = isChargeSuccess;
 
-  if (!db) {
-    console.error('Firestore (admin) not initialized; webhook will not persist data.');
+  if (!db) console.error('Firestore admin not initialized — cannot persist webhook data.');
+
+  // audit write
+  try {
+    if (db) {
+      await db.collection('paystack-webhooks').add({ event, payload, receivedAt: admin.firestore.FieldValue.serverTimestamp() });
+    }
+  } catch (e) {
+    console.error('Failed to persist webhook audit:', e);
   }
 
-  if (isRefund || isPayment || /subscription\.create/i.test(event) || /subscription\.update/i.test(event)) {
+  if (/subscription\.create/i.test(event) || isRefund || isPayment || /subscription\.update/i.test(event)) {
     console.log('--- PAYSTACK WEBHOOK (INTERESTING EVENT) ---');
     console.log('event:', event);
-    // persist webhook for auditing (best-effort)
-    console.log(payload);
-    
-    try {
-      if (db) {
-        await db.collection('paystack-webhooks').add({
-          event,
-          payload,
-          receivedAt: admin.firestore.FieldValue.serverTimestamp(),
-        });
+    // payload.data is the object of interest
+    const data = payload.data || {};
+
+    // Extract slug candidate:
+    // prefer: data.page.id / data.page.slug / data.slug
+    // else: look into data.metadata.referrer URL and extract /pay/<slug>
+    let maybePageId = data.page?.id || data.page_id || null;
+    let maybeSlug = data.page?.slug || data.slug || null;
+
+    // Look for metadata.referrer (primary for your case)
+    const referrer = data.metadata?.referrer || (data.metadata && data.metadata.referrer) || null;
+    if (!maybeSlug && referrer) {
+      const extracted = extractSlugFromReferrer(String(referrer));
+      if (extracted) {
+        maybeSlug = extracted;
+        console.log('Extracted slug from metadata.referrer:', maybeSlug, ' (referrer=', referrer, ')');
+      } else {
+        console.log('Could not extract slug from referrer:', referrer);
       }
-    } catch (err) {
-      console.error('Failed to persist webhook audit:', err);
     }
 
-    const data = payload.data || {};
+    // Also log the metadata object for debugging
+    console.log('payload.data.metadata (raw):', data.metadata);
 
-    // Try to extract userId robustly (metadata/custom_fields/slug/email)
+    // Try to extract userId from other places (metadata.custom_fields, customer.metadata, email)
     let metadataUserId = null;
     let customerEmail = null;
     let extractorSource = null;
-    let maybeSlug = null;
-    let maybePageId = null;
     try {
-      const extracted = await extractUserIdFromPayload(data, db);
-      metadataUserId = extracted.userId || null;
-      extractorSource = extracted.source || null;
-      // If extractor returned an email, set as customerEmail
-      if (metadataUserId && String(metadataUserId).includes('@')) {
-        customerEmail = String(metadataUserId);
-        metadataUserId = null;
+      // quick extraction: metadata.userId etc
+      const metadata = data.metadata || {};
+      if (metadata.userId || metadata.user_id) {
+        metadataUserId = metadata.userId || metadata.user_id;
+        extractorSource = 'metadata';
+      } else if (data.customer?.metadata) {
+        const cm = data.customer.metadata;
+        if (cm.userId || cm.user_id) {
+          metadataUserId = cm.userId || cm.user_id;
+          extractorSource = 'customer.metadata';
+        }
+      } else if (Array.isArray(data.custom_fields)) {
+        for (const f of data.custom_fields) {
+          const n = (f.variable_name || f.display_name || '').toString().toLowerCase();
+          if ((n.includes('user') || n.includes('user_id') || n.includes('userid')) && f.value) {
+            metadataUserId = f.value;
+            extractorSource = 'custom_fields';
+            break;
+          }
+        }
       }
     } catch (e) {
-      console.error('Error extracting userId from payload:', e);
+      console.error('Error during quick metadata extraction:', e);
     }
 
-    // Also set explicit customer email if present
     if (!customerEmail && data.customer?.email) customerEmail = data.customer.email;
-
-    // Save possible slug/pageId for cleanup/connection
-    maybeSlug = data.slug || data.page?.slug || data.metadata?.slug || null;
-    maybePageId = data.page?.id || data.page_id || data.metadata?.page_id || null;
-
-    // Also try to get paystack customer id from payload (helps linking)
     const paystackCustomerId = data.customer?.id ?? data.customer?.customer_code ?? null;
 
-    // Find user doc reference
+    // Resolve user: mapping-first using maybeSlug (important)
     let userDocRef = null;
     try {
-      userDocRef = await findUserDocRef(db, { metadataUserId, email: customerEmail, paystackCustomerId });
-      // If still null and metadataUserId is present but looks like slug, try slug mapping as last resort
-      if (!userDocRef && metadataUserId && db) {
-        const mapped = await getUserIdFromSlug(db, metadataUserId);
-        if (mapped) {
-          userDocRef = await findUserDocRef(db, { metadataUserId: mapped, email: customerEmail, paystackCustomerId });
-        }
+      const mappingKey = maybeSlug || maybePageId || metadataUserId || null;
+      if (mappingKey && db) {
+        userDocRef = await resolveUserDocFromMapping(db, mappingKey);
+        if (userDocRef) console.log('resolveUserDocFromMapping found user:', userDocRef.path, 'using key:', mappingKey);
+        else console.log('resolveUserDocFromMapping found nothing for key:', mappingKey);
+      }
+      if (!userDocRef) {
+        userDocRef = await findUserDocRef(db, { metadataUserId, email: customerEmail, paystackCustomerId });
+        if (userDocRef) console.log('findUserDocRef found user:', userDocRef.path);
       }
-    } catch (err) {
-      console.error('Error finding user doc:', err);
+    } catch (e) {
+      console.error('Error resolving userDocRef (mapping-first):', e);
       userDocRef = null;
     }
 
-    // Handler: subscription.create - store subscription id and paystack_customer_id
+    // subscription.create handler
     if (/subscription\.create/i.test(event) || event === 'subscription.create') {
       const subscriptionCode = data.subscription_code || data.subscription?.subscription_code || (data.id ? String(data.id) : null);
       const status = data.status || 'active';
       const planObj = data.plan || data.subscription?.plan || null;
       const expiry = getExpiryFromPlan(planObj);
-      const paystackCustomerId = data.customer?.id ?? (data.customer?.customer_code ? data.customer.customer_code : null);
+      const paystackCustomerIdLocal = data.customer?.id ?? data.customer?.customer_code ?? null;
 
       if (userDocRef && subscriptionCode) {
         try {
@@ -473,24 +438,21 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
             },
             updatedAt: admin.firestore.FieldValue.serverTimestamp(),
           };
-
-          // attach paystack_customer_id if present
-          if (paystackCustomerId) {
-            updateObj.paystack_customer_id = String(paystackCustomerId);
-          }
-
+          if (paystackCustomerIdLocal) updateObj.paystack_customer_id = String(paystackCustomerIdLocal);
           await userDocRef.update(updateObj);
-          console.log(`User doc updated with subscription ${subscriptionCode} and expiry ${expiry.expiresAtIso} (source: ${extractorSource})`);
-        } catch (err) {
-          console.error('Failed to update user subscription info:', err);
+          console.log('subscription.create: updated user with subscription:', subscriptionCode);
+        } catch (e) {
+          console.error('subscription.create: failed to update user:', e);
         }
       } else {
         console.warn('subscription.create received but user not found or subscriptionCode missing — skipping user update.');
       }
     }
 
-    // Handler: charge.success - add entitlement on successful subscription charge
+    // charge.success handler - entitlement add
     if (isPayment) {
+      console.log('charge.success identifiers:', { metadataUserId, customerEmail, maybeSlug, maybePageId, paystackCustomerId, extractorSource });
+
       const recurringMarker = Boolean((data.metadata && (data.metadata.custom_filters?.recurring || data.metadata.recurring)) || false);
       const hasSubscription = !!(data.subscription || data.subscriptions || data.plan);
       const isLikelySubscriptionPayment = recurringMarker || hasSubscription;
@@ -507,149 +469,193 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
         plan: planObj ? { id: planObj.id, code: planObj.plan_code } : null,
         expiresAtMs: expiry.expiresAtMs,
         expiresAtIso: expiry.expiresAtIso,
-        createdAt: admin.firestore.FieldValue.serverTimestamp(),
+        createdAt: admin.firestore.Timestamp.now(),
       };
 
+      // debug record
+      try {
+        if (db) {
+          await db.collection('paystack-debug').add({
+            kind: 'charge-success',
+            mappingKey: maybeSlug || maybePageId || null,
+            identifiers: { metadataUserId, customerEmail, maybeSlug, maybePageId, paystackCustomerId, extractorSource },
+            entitlement,
+            raw: data,
+            createdAt: admin.firestore.FieldValue.serverTimestamp(),
+          });
+        }
+      } catch (e) {
+        console.error('Failed writing paystack-debug:', e);
+      }
+
       if (userDocRef && isLikelySubscriptionPayment) {
         try {
+          console.log('Adding entitlement to', userDocRef.path);
           await userDocRef.update({
             entitlements: admin.firestore.FieldValue.arrayUnion(entitlement),
-            updatedAt: admin.firestore.FieldValue.serverTimestamp(),
             lastPaymentAt: admin.firestore.FieldValue.serverTimestamp(),
-            // Save paystack_customer_id if present and not already present
+            updatedAt: admin.firestore.FieldValue.serverTimestamp(),
             ...(paystackCustomerId ? { paystack_customer_id: String(paystackCustomerId) } : {}),
           });
-          console.log('Added entitlement to user:', entitlement.id || entitlement.reference, 'expiry:', expiry.expiresAtIso);
-
-          // Run cleanup now that the charge is successful for this user
+          console.log('Entitlement added (arrayUnion) to', userDocRef.path);
+        } catch (err) {
+          console.error('arrayUnion failed, falling back:', err);
+          // fallback: read-modify-write
           try {
-            await cleanUpAfterSuccessfulCharge(db, userDocRef, {
-              slug: maybeSlug,
-              pageId: maybePageId,
-              reference: entitlement.reference || entitlement.id,
-              email: customerEmail,
-            });
-          } catch (cleanupErr) {
-            console.error('Cleanup after successful charge failed:', cleanupErr);
+            const snap = await userDocRef.get();
+            const userData = snap.exists ? snap.data() : {};
+            const current = Array.isArray(userData.entitlements) ? userData.entitlements : [];
+            const exists = current.some(e => (e.reference || e.id) === (entitlement.reference || entitlement.id));
+            if (!exists) {
+              current.push(entitlement);
+              await userDocRef.update({
+                entitlements: current,
+                lastPaymentAt: admin.firestore.FieldValue.serverTimestamp(),
+                updatedAt: admin.firestore.FieldValue.serverTimestamp(),
+                ...(paystackCustomerId ? { paystack_customer_id: String(paystackCustomerId) } : {}),
+              });
+              console.log('Entitlement appended via fallback.');
+            } else {
+              console.log('Entitlement already present, skipping append.');
+            }
+          } catch (err2) {
+            console.error('Fallback persistence failed:', err2);
+            try {
+              if (db) {
+                await db.collection('paystack-debug-failures').add({
+                  kind: 'entitlement-persist-failure',
+                  userRef: userDocRef.path,
+                  error: String(err2 && err2.message ? err2.message : err2),
+                  entitlement,
+                  raw: data,
+                  createdAt: admin.firestore.FieldValue.serverTimestamp(),
+                });
+              }
+            } catch (e) {
+              console.error('Failed writing failure debug doc:', e);
+            }
           }
+        }
 
-        } catch (err) {
-          console.error('Failed to add entitlement to user:', err);
+        // cleanup (best effort)
+        try {
+          await cleanUpAfterSuccessfulCharge(db, userDocRef, { slug: maybeSlug, pageId: maybePageId, reference: entitlement.reference || entitlement.id, email: customerEmail });
+        } catch (e) {
+          console.error('Cleanup failed:', e);
         }
       } else if (userDocRef && !isLikelySubscriptionPayment) {
-        console.log('charge.success received but not marked recurring/subscription - skipping entitlement add by default.');
+        console.log('charge.success received but not flagged subscription/recurring - skipping entitlement add.');
       } else {
         console.warn('charge.success: user not found, skipping entitlement update.');
+        try {
+          if (db) {
+            await db.collection('paystack-unmatched').add({
+              kind: 'charge.success.unmatched',
+              mappingKey: maybeSlug || maybePageId || null,
+              identifiers: { metadataUserId, customerEmail, maybeSlug, maybePageId, paystackCustomerId, extractorSource },
+              raw: data,
+              createdAt: admin.firestore.FieldValue.serverTimestamp(),
+            });
+          }
+        } catch (e) { console.error('Failed creating unmatched debug doc:', e); }
       }
     }
 
-    // Handler: refunds - remove entitlement(s) associated with refunded transaction
+    // refunds
     if (isRefund) {
       const refund = data;
       const refundedReference = refund.reference || refund.transaction?.reference || refund.transaction?.id || null;
-
       if (userDocRef && refundedReference) {
         try {
           const snap = await userDocRef.get();
           if (snap.exists) {
             const userData = snap.data();
-            const currentEntitlements = Array.isArray(userData.entitlements) ? userData.entitlements : [];
-            const filtered = currentEntitlements.filter(e => {
-              const ref = e.reference || e.id || '';
-              return ref !== refundedReference && ref !== String(refundedReference);
-            });
-
-            await userDocRef.update({
-              entitlements: filtered,
-              updatedAt: admin.firestore.FieldValue.serverTimestamp(),
+            const current = Array.isArray(userData.entitlements) ? userData.entitlements : [];
+            const filtered = current.filter(e => {
+              const r = e.reference || e.id || '';
+              return r !== refundedReference && r !== String(refundedReference);
             });
-            console.log('Removed entitlements matching refunded reference:', refundedReference);
+            await userDocRef.update({ entitlements: filtered, updatedAt: admin.firestore.FieldValue.serverTimestamp() });
+            console.log('Removed entitlements matching refund:', refundedReference);
           } else {
-            console.warn('Refund handling: user doc disappeared between lookup and removal.');
+            console.warn('Refund handling: user doc vanished.');
           }
-        } catch (err) {
-          console.error('Failed to remove entitlement on refund:', err);
+        } catch (e) {
+          console.error('Refund entitlement removal failed:', e);
         }
       } else {
-        console.warn('Refund received but user or refundedReference not found — skipping entitlement removal.');
+        console.warn('Refund: user or refundedReference missing; skipping.');
       }
     }
   } else {
-    console.log(`Received Paystack webhook for event "${event}" — ignored (not refund/payment/subscription.create).`);
+    console.log('Ignoring event:', event);
   }
 
   return res.status(200).json({ ok: true });
 });
 
-// ------------------------
-// Create Payment Page (link) for a plan
-// ------------------------
+/* -------------------- Create payment link endpoint -------------------- */
+
 app.post('/create-payment-link', express.json(), async (req, res) => {
   const { planId, userId, name, amount, redirect_url, collect_phone = false, fixed_amount = false } = req.body || {};
+  if (!planId) return res.status(400).json({ ok: false, message: 'planId required' });
+  if (!userId) return res.status(400).json({ ok: false, message: 'userId required' });
+  if (!name) return res.status(400).json({ ok: false, message: 'name required' });
 
-  if (!planId) return res.status(400).json({ ok: false, message: 'planId is required' });
-  if (!userId) return res.status(400).json({ ok: false, message: 'userId is required' });
-  if (!name) return res.status(400).json({ ok: false, message: 'name is required (page title)' });
-
-  // Build the body per Paystack's Payment Pages API.
-  const payload = {
-    name,
-    type: 'subscription',
-    plan: planId,
-    metadata: {
-      userId: String(userId),
-    },
-    collect_phone,
-    fixed_amount,
-  };
-
-  if (amount) payload.amount = amount; // amount is optional (in kobo/cents)
+  const payload = { name, type: 'subscription', plan: planId, metadata: { userId: String(userId) }, collect_phone, fixed_amount };
+  if (amount) payload.amount = amount;
   if (redirect_url) payload.redirect_url = redirect_url;
 
   try {
     const response = await axios.post('https://api.paystack.co/page', payload, {
-      headers: {
-        Authorization: `Bearer ${PAYSTACK_SECRET}`,
-        'Content-Type': 'application/json',
-      },
+      headers: { Authorization: `Bearer ${PAYSTACK_SECRET}`, 'Content-Type': 'application/json' },
       timeout: 10_000,
     });
 
     const pageData = response.data && response.data.data ? response.data.data : response.data;
 
-    // Persist slug -> userId mapping so webhooks can recover missing metadata later
+    // persist mapping docs: docId = slug and docId = pageId if available
     try {
-      const slug = pageData.slug || pageData.data?.slug || null;
-      const pageId = pageData.id || pageData.data?.id || null;
-      if (slug && db) {
-        await db.collection('paystack-page-mappings').doc(String(slug)).set({
-          userId: String(userId),
-          pageId: pageId ? String(pageId) : null,
-          createdAt: admin.firestore.FieldValue.serverTimestamp(),
-        }, { merge: true });
-        console.log('Saved page slug mapping for', slug);
-      } else if (pageId && db) {
-        // also ensure a record exists by pageId lookup (useful if slug missing in some responses)
-        await db.collection('paystack-page-mappings').doc(String(pageId)).set({
-          userId: String(userId),
-          pageId: String(pageId),
-          createdAt: admin.firestore.FieldValue.serverTimestamp(),
-        }, { merge: true });
+      if (db) {
+        const slug = pageData.slug || pageData.data?.slug || null;
+        const pageId = pageData.id || pageData.data?.id || null;
+
+        if (slug) {
+          await db.collection('paystack-page-mappings').doc(String(slug)).set({
+            userId: String(userId),
+            userIdType: String(userId).includes('@') ? 'email' : 'uid',
+            pageId: pageId ? String(pageId) : null,
+            slug: String(slug),
+            createdAt: admin.firestore.FieldValue.serverTimestamp(),
+          }, { merge: true });
+          console.log('Saved page slug mapping for', slug);
+        }
+
+        if (pageId) {
+          await db.collection('paystack-page-mappings').doc(String(pageId)).set({
+            userId: String(userId),
+            userIdType: String(userId).includes('@') ? 'email' : 'uid',
+            pageId: String(pageId),
+            slug: slug || null,
+            createdAt: admin.firestore.FieldValue.serverTimestamp(),
+          }, { merge: true });
+          console.log('Saved pageId mapping for', pageId);
+        }
       }
     } catch (e) {
-      console.error('Failed to persist page slug mapping:', e);
+      console.error('Failed to persist mapping docs:', e);
     }
 
     return res.status(201).json({ ok: true, page: pageData });
   } catch (err) {
-    console.error('Error creating Paystack payment page:', err?.response?.data || err.message || err);
+    console.error('Error creating Paystack page:', err?.response?.data || err.message || err);
     const errorDetail = err?.response?.data || { message: err.message };
     return res.status(500).json({ ok: false, error: errorDetail });
   }
 });
 
-// Simple health check
-app.get('/health', (req, res) => res.json({ ok: true }));
+/* health */
+app.get('/health', (_req, res) => res.json({ ok: true }));
 
 app.listen(PORT, () => {
   console.log(`Paystack webhook server listening on port ${PORT}`);