Update app.js

app.js

@@ -123,7 +123,6 @@ function getExpiryFromPlan(planInput) {
 
 /* -------------------- Mapping helpers & updates -------------------- */
 
-// update mapping doc(s) by slug/pageId with authoritative identifiers. merge=true
 async function updateMappingWithIdentifiers(dbInstance, { slug, pageId, userId, customerId, payerEmail, subscriptionCode, authorizationCode } = {}) {
   if (!dbInstance) return;
   try {
@@ -154,11 +153,9 @@ async function updateMappingWithIdentifiers(dbInstance, { slug, pageId, userId,
   }
 }
 
-// get userId string from mapping doc (doc id == slug or where pageId==slug)
 async function getUserIdFromSlug(dbInstance, slugOrPageId) {
   if (!dbInstance || !slugOrPageId) return null;
   try {
-    // doc id lookup
     const docRef = dbInstance.collection('paystack-page-mappings').doc(String(slugOrPageId));
     const snap = await docRef.get();
     if (snap.exists) {
@@ -167,9 +164,7 @@ async function getUserIdFromSlug(dbInstance, slugOrPageId) {
         console.log('Found mapping doc (by docId) for', slugOrPageId, ':', { userId: d.userId, customerId: d.customerId, payerEmail: d.payerEmail, subscriptionCode: d.subscriptionCode });
         return d.userId;
       }
-      // If doc exists but doesn't have userId, still return null (we'll use other mapping queries later)
     }
-    // fallback query by pageId
     const q = await dbInstance.collection('paystack-page-mappings').where('pageId', '==', String(slugOrPageId)).limit(1).get();
     if (!q.empty) {
       const d = q.docs[0].data();
@@ -183,7 +178,6 @@ async function getUserIdFromSlug(dbInstance, slugOrPageId) {
   }
 }
 
-// If direct slug/pageId mapping didn't resolve, search mapping collection by customerId/payerEmail/subscriptionCode
 async function findMappingByIdentifiers(dbInstance, { customerId, payerEmail, subscriptionCode } = {}) {
   if (!dbInstance) return null;
   try {
@@ -207,23 +201,19 @@ async function findMappingByIdentifiers(dbInstance, { customerId, payerEmail, su
   }
 }
 
-// Attempt resolution: given mapping key (slug), return a users/<docRef> or null
 async function resolveUserDocFromMapping(dbInstance, { key = null, customerId = null, payerEmail = null, subscriptionCode = null } = {}) {
   if (!dbInstance) return null;
   const usersRef = dbInstance.collection('users');
 
   try {
     if (key) {
-      // first try direct mapping doc by key (slug or pageId)
       const mappedUserId = await getUserIdFromSlug(dbInstance, key);
       if (mappedUserId) {
-        // Try doc lookup
         try {
           const directRef = usersRef.doc(String(mappedUserId));
           const ds = await directRef.get();
           if (ds.exists) return directRef;
         } catch (e) {}
-        // fallback queries by common id/email fields
         if (String(mappedUserId).includes('@')) {
           try {
             const q = await usersRef.where('email', '==', String(mappedUserId)).limit(1).get();
@@ -240,7 +230,6 @@ async function resolveUserDocFromMapping(dbInstance, { key = null, customerId =
       }
     }
 
-    // if not resolved by key, try mapping collection queries (customerId/payerEmail/subscriptionCode)
     const mappingFound = await findMappingByIdentifiers(dbInstance, { customerId, payerEmail, subscriptionCode });
     if (mappingFound && mappingFound.data) {
       const mappedUserId = mappingFound.data.userId;
@@ -250,7 +239,6 @@ async function resolveUserDocFromMapping(dbInstance, { key = null, customerId =
           const ds = await directRef.get();
           if (ds.exists) return directRef;
         } catch (e) {}
-        // fallback queries
         if (String(mappedUserId).includes('@')) {
           try {
             const q = await usersRef.where('email', '==', String(mappedUserId)).limit(1).get();
@@ -315,33 +303,109 @@ async function findUserDocRef(dbInstance, { metadataUserId, email, paystackCusto
   return null;
 }
 
-/* -------------------- Cleanup (MAPPING ONLY) -------------------- */
+/* -------------------- Prune helper (entitlements + old webhook audits) -------------------- */
 
-async function cleanUpAfterSuccessfulCharge(dbInstance, userDocRef, { slug, pageId, reference, email } = {}) {
+async function pruneUserEntitlementsAndWebhooks(dbInstance, userDocRef, { paystackCustomerId = null, payerEmail = null } = {}) {
   if (!dbInstance || !userDocRef) return;
   try {
-    const tryDelete = async (docId) => {
-      if (!docId) return;
-      try {
-        const ref = dbInstance.collection('paystack-page-mappings').doc(String(docId));
-        const s = await ref.get();
-        if (!s.exists) return;
-        const map = s.data();
-        const owner = String(map.userId || '');
-        if (owner === String(userDocRef.id) || (email && owner === String(email))) {
-          await ref.delete();
-          console.log('Deleted mapping doc:', docId);
-        } else {
-          console.log('Mapping owner mismatch, not deleting:', docId, 'owner=', owner, 'user=', userDocRef.id);
+    // cutoff ~60 days (2 months approximated as 60 days)
+    const cutoffMs = Date.now() - (60 * 24 * 60 * 60 * 1000);
+
+    // 1) prune entitlements on the user doc
+    const snap = await userDocRef.get();
+    if (!snap.exists) return;
+    const userData = snap.data() || {};
+    const entitlements = Array.isArray(userData.entitlements) ? userData.entitlements : [];
+
+    const cleaned = entitlements.filter(e => {
+      // if expiresAtMs present -> keep only if still in future
+      if (e && (e.expiresAtMs || e.expiresAtMs === 0)) {
+        const exMs = Number(e.expiresAtMs) || 0;
+        return exMs > Date.now(); // keep if expiry in future
+      }
+      // else if createdAt present -> keep only if createdAt within cutoff window
+      if (e && e.createdAt) {
+        // createdAt could be a Firestore Timestamp or a number/string
+        let createdMs = 0;
+        try {
+          if (typeof e.createdAt === 'number') createdMs = e.createdAt;
+          else if (e.createdAt && typeof e.createdAt.toMillis === 'function') createdMs = e.createdAt.toMillis();
+          else if (typeof e.createdAt === 'string') createdMs = Number(e.createdAt) || 0;
+          else if (e.createdAt._seconds) createdMs = (Number(e.createdAt._seconds) * 1000) + (Number(e.createdAt._nanoseconds || 0) / 1e6);
+        } catch (ee) {
+          createdMs = 0;
+        }
+        if (createdMs) return createdMs >= cutoffMs;
+        // if no timestamps at all, conservatively keep
+        return true;
+      }
+      // if no expiry and no createdAt -> keep (can't judge)
+      return true;
+    });
+
+    if (cleaned.length !== entitlements.length) {
+      await userDocRef.update({
+        entitlements: cleaned,
+        updatedAt: admin.firestore.FieldValue.serverTimestamp(),
+      });
+      console.log('Pruned entitlements: removed', entitlements.length - cleaned.length, 'entries for', userDocRef.path);
+    } else {
+      console.log('No entitlements to prune for', userDocRef.path);
+    }
+
+    // 2) prune paystack-webhooks audit docs for this user older than cutoff
+    try {
+      const coll = dbInstance.collection('paystack-webhooks');
+      const toDeleteRefs = [];
+
+      // Query by customer id
+      if (paystackCustomerId) {
+        try {
+          const q = await coll.where('payload.data.customer.id', '==', paystackCustomerId).get();
+          q.docs.forEach(d => {
+            const r = d.data();
+            const ts = r.receivedAt;
+            let tsMs = 0;
+            if (ts && typeof ts.toMillis === 'function') tsMs = ts.toMillis();
+            if (tsMs && tsMs < cutoffMs) toDeleteRefs.push(d.ref);
+          });
+        } catch (e) {
+          // May require index; ignore failure to avoid breaking webhook
+          console.warn('Could not query paystack-webhooks by customer.id (skipping):', e);
         }
-      } catch (e) {
-        console.error('Error deleting mapping doc', docId, e);
       }
-    };
-    await tryDelete(slug);
-    await tryDelete(pageId);
+
+      // Query by payer email
+      if (payerEmail) {
+        try {
+          const q2 = await coll.where('payload.data.customer.email', '==', payerEmail).get();
+          q2.docs.forEach(d => {
+            const r = d.data();
+            const ts = r.receivedAt;
+            let tsMs = 0;
+            if (ts && typeof ts.toMillis === 'function') tsMs = ts.toMillis();
+            if (tsMs && tsMs < cutoffMs) {
+              if (!toDeleteRefs.find(x => x.path === d.ref.path)) toDeleteRefs.push(d.ref);
+            }
+          });
+        } catch (e) {
+          console.warn('Could not query paystack-webhooks by customer.email (skipping):', e);
+        }
+      }
+
+      if (toDeleteRefs.length) {
+        const batch = dbInstance.batch();
+        toDeleteRefs.forEach(r => batch.delete(r));
+        await batch.commit();
+        console.log('Deleted', toDeleteRefs.length, 'old paystack-webhooks audit docs for user', userDocRef.id);
+      } else {
+        console.log('No old paystack-webhooks audit docs to prune for user', userDocRef.id);
+      }
+    } catch (e) {
+      console.error('Failed pruning paystack-webhooks (non-fatal):', e);
+    }
   } catch (e) {
-    console.error('Unexpected cleanup error:', e);
+    console.error('pruneUserEntitlementsAndWebhooks failed:', e);
   }
 }
 
@@ -367,7 +431,7 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
 
   if (!db) console.error('Firestore admin not initialized — cannot persist webhook data.');
 
-  // persist webhook audit (only this extra collection is kept)
+  // persist webhook audit
   try {
     if (db) {
       await db.collection('paystack-webhooks').add({ event, payload, receivedAt: admin.firestore.FieldValue.serverTimestamp() });
@@ -396,15 +460,14 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       }
     }
 
-    // extract authoritative identifiers from payload
+    // authoritative identifiers
     const paystackCustomerId = data.customer?.id ?? data.customer?.customer_code ?? null;
-    const payerEmail = data.customer?.email ?? null; // save as payerEmail in mapping to decouple from user's app email
+    const payerEmail = data.customer?.email ?? null; // saved on mapping as payerEmail
     const subscriptionCode = data.subscription_code || data.subscription?.subscription_code || null;
     const authorizationCode = data.authorization?.authorization_code || data.authorization_code || null;
 
-    // quick metadata extraction (keeps prior behavior)
+    // quick metadata extraction
     let metadataUserId = null;
-    let customerEmail = null;
     let extractorSource = null;
     try {
       const metadata = data.metadata || {};
@@ -431,12 +494,9 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       console.error('Error during quick metadata extraction:', e);
     }
 
-    if (!customerEmail && data.customer?.email) customerEmail = data.customer.email;
-
-    // Resolve user: mapping-first (key), then mapping-by-identifiers, then fallback findUserDocRef
+    // Resolve user: mapping-first (slug/pageId), then mapping by identifiers, then fallback queries
     let userDocRef = null;
     try {
-      // try mapping with slug/pageId first (fast)
       const mappingKey = maybeSlug || maybePageId || null;
       if (mappingKey && db) {
         userDocRef = await resolveUserDocFromMapping(db, { key: mappingKey, customerId: paystackCustomerId, payerEmail, subscriptionCode });
@@ -444,15 +504,13 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
         else console.log('No mapping resolved from key:', mappingKey);
       }
 
-      // if not found via key, try mapping by identifiers (customerId / payerEmail / subscriptionCode)
       if (!userDocRef && db && (paystackCustomerId || payerEmail || subscriptionCode)) {
         userDocRef = await resolveUserDocFromMapping(db, { key: null, customerId: paystackCustomerId, payerEmail, subscriptionCode });
         if (userDocRef) console.log('Resolved user from mapping by identifiers ->', userDocRef.path);
       }
 
-      // fallback: resolve user document using direct user fields
       if (!userDocRef) {
-        userDocRef = await findUserDocRef(db, { metadataUserId, email: customerEmail, paystackCustomerId });
+        userDocRef = await findUserDocRef(db, { metadataUserId, email: payerEmail, paystackCustomerId });
         if (userDocRef) console.log('Resolved user via fallback queries:', userDocRef.path);
       }
     } catch (e) {
@@ -460,7 +518,7 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       userDocRef = null;
     }
 
-    // If we have mapping slug present and payload contains authoritative identifiers, update mapping immediately
+    // update mapping with authoritative identifiers if available
     try {
       await updateMappingWithIdentifiers(db, {
         slug: maybeSlug,
@@ -475,21 +533,19 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       console.error('Failed updateMappingWithIdentifiers:', e);
     }
 
-    // ---------------------------
     // subscription.create handler
-    // ---------------------------
     if (/subscription\.create/i.test(event) || event === 'subscription.create') {
-      const subscriptionCode = subscriptionCode || (data.id ? String(data.id) : null);
+      const subscriptionCodeLocal = subscriptionCode || (data.id ? String(data.id) : null);
       const status = data.status || 'active';
       const planObj = data.plan || data.subscription?.plan || null;
       const expiry = getExpiryFromPlan(planObj);
 
-      if (userDocRef && subscriptionCode) {
+      if (userDocRef && subscriptionCodeLocal) {
         try {
           const updateObj = {
-            subscriptionId: subscriptionCode,
+            subscriptionId: subscriptionCodeLocal,
             subscription: {
-              id: subscriptionCode,
+              id: subscriptionCodeLocal,
               status,
               plan: planObj ? { id: planObj.id, code: planObj.plan_code, amount: planObj.amount, interval: planObj.interval } : null,
               createdAt: data.createdAt ? admin.firestore.Timestamp.fromDate(new Date(data.createdAt)) : admin.firestore.FieldValue.serverTimestamp(),
@@ -500,7 +556,9 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
           };
           if (paystackCustomerId) updateObj.paystack_customer_id = String(paystackCustomerId);
           await userDocRef.update(updateObj);
-          console.log('subscription.create: updated user with subscription:', subscriptionCode);
+          console.log('subscription.create: updated user with subscription:', subscriptionCodeLocal);
+          // prune after successful subscription update
+          await pruneUserEntitlementsAndWebhooks(db, userDocRef, { paystackCustomerId, payerEmail });
         } catch (e) {
           console.error('subscription.create: failed to update user:', e);
         }
@@ -509,11 +567,9 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       }
     }
 
-    // ---------------------------
     // charge.success handler - entitlement add + mapping updates
-    // ---------------------------
     if (isPayment) {
-      console.log('charge.success identifiers:', { metadataUserId, customerEmail, maybeSlug, maybePageId, paystackCustomerId, subscriptionCode, extractorSource });
+      console.log('charge.success identifiers:', { metadataUserId, payerEmail, maybeSlug, maybePageId, paystackCustomerId, subscriptionCode, extractorSource });
 
       const recurringMarker = Boolean((data.metadata && (data.metadata.custom_filters?.recurring || data.metadata.recurring)) || false);
       const hasSubscription = !!(data.subscription || data.subscriptions || data.plan || subscriptionCode);
@@ -534,7 +590,7 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
         createdAt: admin.firestore.Timestamp.now(),
       };
 
-      // Ensure mapping gets authoritative identifiers on first charge (if not already present)
+      // Ensure mapping gets authoritative identifiers on first charge
       try {
         await updateMappingWithIdentifiers(db, {
           slug: maybeSlug,
@@ -550,7 +606,6 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
       }
 
       if (userDocRef && isLikelySubscriptionPayment) {
-        // add entitlement & save customer id on user
         try {
           await userDocRef.update({
             entitlements: admin.firestore.FieldValue.arrayUnion(entitlement),
@@ -589,6 +644,13 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
         } catch (e) {
           console.error('Cleanup failed:', e);
         }
+
+        // prune entitlements and old webhook audits for this user (runs after successful processing)
+        try {
+          await pruneUserEntitlementsAndWebhooks(db, userDocRef, { paystackCustomerId, payerEmail });
+        } catch (e) {
+          console.error('Prune helper failed:', e);
+        }
       } else if (userDocRef && !isLikelySubscriptionPayment) {
         console.log('charge.success received but not flagged subscription/recurring - skipping entitlement add.');
       } else {
@@ -612,6 +674,8 @@ app.post('/webhook/paystack', express.raw({ type: 'application/json', limit: '1m
             });
             await userDocRef.update({ entitlements: filtered, updatedAt: admin.firestore.FieldValue.serverTimestamp() });
             console.log('Removed entitlements matching refund:', refundedReference);
+            // also prune (to remove other expired ones if present)
+            await pruneUserEntitlementsAndWebhooks(db, userDocRef, { paystackCustomerId, payerEmail });
           } else {
             console.warn('Refund handling: user doc vanished.');
           }