feat(payment): integrate stripe checkout, webhooks, and worker dispatch

apps/api/package.json

@@ -17,6 +17,7 @@
         "openai": "^4.0.0",
         "pptxgenjs": "^3.12.0",
         "puppeteer": "^22.0.0",
+        "stripe": "^20.3.1",
         "zod": "^3.25.76"
     },
     "devDependencies": {

apps/api/src/routes/payments.ts

@@ -0,0 +1,117 @@
+import { FastifyInstance } from 'fastify';
+import { stripeService } from '../services/stripe';
+
+// Use the local PrismaClient to avoid the module resolution issue. We'll instantiate it here.
+import { PrismaClient } from '@prisma/client';
+const prisma = new PrismaClient();
+
+export async function paymentRoutes(fastify: FastifyInstance) {
+
+    // Create a Checkout Session
+    fastify.post('/checkout', async (request, reply) => {
+        const { userId, trackId } = request.body as { userId: string, trackId: string };
+
+        if (!userId || !trackId) {
+            return reply.status(400).send({ error: 'Missing userId or trackId' });
+        }
+
+        try {
+            // Validate the track exists and is premium
+            const track = await prisma.track.findUnique({ where: { id: trackId } });
+
+            if (!track || !track.isPremium || !track.stripePriceId) {
+                return reply.status(400).send({ error: 'Invalid or non-premium track' });
+            }
+
+            const user = await prisma.user.findUnique({ where: { id: userId } });
+            if (!user) {
+                return reply.status(404).send({ error: 'User not found' });
+            }
+
+            const checkoutUrl = await stripeService.createCheckoutSession(
+                user.id,
+                track.id,
+                track.stripePriceId,
+                user.phone
+            );
+
+            return { success: true, url: checkoutUrl };
+
+        } catch (error) {
+            fastify.log.error(error);
+            return reply.status(500).send({ error: 'Failed to create checkout session' });
+        }
+    });
+
+    // Handle Stripe Webhook
+    // Note: We need the raw body to verify the signature. Fastify requires specific config for this.
+    fastify.post('/webhook', { config: { rawBody: true } }, async (request, reply) => {
+        const sig = request.headers['stripe-signature'];
+
+        if (!sig || typeof sig !== 'string') {
+            return reply.status(400).send({ error: 'Missing stripe-signature header' });
+        }
+
+        let event;
+
+        try {
+            // @ts-ignore - Assuming rawBody plugin is configured on the Fastify instance
+            event = stripeService.verifyWebhookSignature(request.rawBody || request.body, sig);
+        } catch (err: any) {
+            return reply.status(400).send(`Webhook Error: ${err.message}`);
+        }
+
+        // Handle the checkout.session.completed event
+        if (event.type === 'checkout.session.completed') {
+            const session = event.data.object as any;
+
+            const userId = session.metadata?.userId;
+            const trackId = session.metadata?.trackId;
+            const amountTotal = session.amount_total;
+
+            if (userId && trackId) {
+                try {
+                    // Start a transaction: Record payment and Create Enrollment
+                    await prisma.$transaction(async (tx: any) => {
+                        // 1. Record the payment
+                        await tx.payment.create({
+                            data: {
+                                userId,
+                                trackId,
+                                amount: amountTotal,
+                                status: 'COMPLETED',
+                                stripeSessionId: session.id,
+                                currency: session.currency || 'XOF'
+                            }
+                        });
+
+                        // 2. Create the Enrollment
+                        // Check if an enrollment already exists to avoid duplicates
+                        const existingEnrollment = await tx.enrollment.findFirst({
+                            where: { userId, trackId }
+                        });
+
+                        if (!existingEnrollment) {
+                            await tx.enrollment.create({
+                                data: {
+                                    userId,
+                                    trackId,
+                                    status: 'ACTIVE',
+                                    currentDay: 1
+                                }
+                            });
+                            fastify.log.info(`[PaymentRoute] Enrollment created for User ${userId}, Track ${trackId}`);
+                        }
+                    });
+                } catch (dbError) {
+                    fastify.log.error(dbError, '[PaymentRoute] Database error during webhook processing');
+                    // Standard practice is to still return a 200 to Stripe so it doesn't retry infinitely,
+                    // but you'd want robust alerting here.
+                }
+            }
+        }
+
+        // Return a 200 response to acknowledge receipt of the event
+        reply.send({ received: true });
+    });
+}

apps/api/src/services/stripe.ts

@@ -0,0 +1,67 @@
+import Stripe from 'stripe';
+
+export class StripeService {
+    private stripe: Stripe;
+    private webhookSecret: string;
+    private clientUrl: string;
+
+    constructor() {
+        // Initialize Stripe. Defaults to a dummy key if env var is missing during dev.
+        const secretKey = process.env.STRIPE_SECRET_KEY || 'sk_test_dummy';
+        this.webhookSecret = process.env.STRIPE_WEBHOOK_SECRET || 'whsec_dummy';
+        this.clientUrl = process.env.VITE_CLIENT_URL || 'http://localhost:5174';
+
+        this.stripe = new Stripe(secretKey, {
+            apiVersion: '2025-01-27.acacia' as any,
+        });
+    }
+
+    /**
+     * Creates a Stripe Checkout Session for a specific track and user.
+     */
+    async createCheckoutSession(userId: string, trackId: string, priceId: string, userPhone: string) {
+        try {
+            const session = await this.stripe.checkout.sessions.create({
+                payment_method_types: ['card'],
+                line_items: [
+                    {
+                        price: priceId,
+                        quantity: 1,
+                    },
+                ],
+                mode: 'payment',
+                success_url: `${this.clientUrl}/payment-success?session_id={CHECKOUT_SESSION_ID}`,
+                cancel_url: `${this.clientUrl}/payment-cancel`,
+                client_reference_id: userId,
+                metadata: {
+                    userId,
+                    trackId,
+                    userPhone
+                }
+            });
+
+            return session.url;
+        } catch (error) {
+            console.error('[StripeService] Error creating checkout session:', error);
+            throw new Error('Failed to create payment session');
+        }
+    }
+
+    /**
+     * Verifies the signature of an incoming Stripe webhook.
+     */
+    verifyWebhookSignature(payload: string | Buffer, signature: string): Stripe.Event {
+        try {
+            return this.stripe.webhooks.constructEvent(
+                payload,
+                signature,
+                this.webhookSecret
+            );
+        } catch (error) {
+            console.error('[StripeService] Webhook signature verification failed:', error);
+            throw error;
+        }
+    }
+}
+
+export const stripeService = new StripeService();

apps/whatsapp-worker/src/index.ts

@@ -20,6 +20,50 @@ const worker = new Worker('whatsapp-queue', async (job: Job) => {
             // TODO: Call WhatsApp Cloud API to send text
             console.log(`[MOCK SEND] To User ${userId}: "${text}"`);
         }
+        else if (job.name === 'enroll-user') {
+            const { userId, trackId } = job.data;
+
+            const track = await prisma.track.findUnique({ where: { id: trackId } });
+            if (!track) {
+                console.error(`[WORKER] Enrollment failed: Track ${trackId} not found.`);
+                return;
+            }
+
+            if (track.isPremium) {
+                console.log(`[WORKER] User ${userId} requested Premium Track ${trackId}. Generating Payment Link...`);
+                try {
+                    const API_URL = process.env.VITE_API_URL || 'http://localhost:3001';
+                    const checkoutRes = await fetch(`${API_URL}/v1/payments/checkout`, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({ userId, trackId })
+                    });
+
+                    const checkoutData = await checkoutRes.json();
+                    if (checkoutRes.ok && checkoutData.url) {
+                        console.log(`[MOCK SEND] To User ${userId}: "This track is Premium. Please complete your payment here: ${checkoutData.url}"`);
+                    } else {
+                        console.error('[WORKER] Failed to get checkout URL', checkoutData);
+                    }
+                } catch (err) {
+                    console.error('[WORKER] Error calling checkout endpoint', err);
+                }
+            } else {
+                console.log(`[WORKER] Enrolling User ${userId} in Free Track ${trackId}...`);
+                const existing = await prisma.enrollment.findFirst({ where: { userId, trackId } });
+                if (!existing) {
+                    await prisma.enrollment.create({
+                        data: {
+                            userId,
+                            trackId,
+                            status: 'ACTIVE',
+                            currentDay: 1
+                        }
+                    });
+                    console.log(`[MOCK SEND] To User ${userId}: "Welcome to ${track.title}! Day 1 starts now."`);
+                }
+            }
+        }
         else if (job.name === 'send-content') {
             const { userId, trackId, dayNumber } = job.data;
 

packages/database/prisma/schema.prisma

@@ -21,19 +21,27 @@ model User {
   enrollments Enrollment[]
   responses   Response[]
   messages    Message[]
+  payments    Payment[]
 }
 
 model Track {
-  id          String   @id @default(uuid())
-  title       String
-  description String?
-  duration    Int      // Duration in days
-  language    Language @default(FR)
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
-
-  days        TrackDay[]
-  enrollments Enrollment[]
+  id              String   @id @default(uuid())
+  title           String
+  description     String?
+  duration        Int      // Duration in days
+  language        Language @default(FR)
+  
+  // Payment Integration Fields
+  isPremium       Boolean  @default(false)
+  priceAmount     Int?     // Price in smallest currency unit (e.g., cents/XOF)
+  stripePriceId   String?  // Stripe Price ID
+  
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+
+  days            TrackDay[]
+  enrollments     Enrollment[]
+  payments        Payment[]
 }
 
 model TrackDay {
@@ -116,3 +124,24 @@ enum Direction {
   OUTBOUND
 }
 
+model Payment {
+  id              String        @id @default(uuid())
+  userId          String
+  trackId         String
+  amount          Int
+  currency        String        @default("XOF")
+  status          PaymentStatus @default(PENDING)
+  stripeSessionId String?       @unique
+  createdAt       DateTime      @default(now())
+  updatedAt       DateTime      @updatedAt
+
+  user            User          @relation(fields: [userId], references: [id])
+  track           Track         @relation(fields: [trackId], references: [id])
+}
+
+enum PaymentStatus {
+  PENDING
+  COMPLETED
+  FAILED
+  REFUNDED
+}

pnpm-lock.yaml

@@ -93,6 +93,9 @@ importers:
       puppeteer:
         specifier: ^22.0.0
         version: 22.15.0(typescript@5.9.3)
+      stripe:
+        specifier: ^20.3.1
+        version: 20.3.1(@types/node@20.19.33)
       zod:
         specifier: ^3.25.76
         version: 3.25.76
@@ -1982,6 +1985,15 @@ packages:
     resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
     engines: {node: '>=8'}
 
+  stripe@20.3.1:
+    resolution: {integrity: sha512-k990yOT5G5rhX3XluRPw5Y8RLdJDW4dzQ29wWT66piHrbnM2KyamJ1dKgPsw4HzGHRWjDiSSdcI2WdxQUPV3aQ==}
+    engines: {node: '>=16'}
+    peerDependencies:
+      '@types/node': '>=16'
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+
   sucrase@3.35.1:
     resolution: {integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==}
     engines: {node: '>=16 || 14 >=14.17'}
@@ -3902,6 +3914,10 @@ snapshots:
     dependencies:
       ansi-regex: 5.0.1
 
+  stripe@20.3.1(@types/node@20.19.33):
+    optionalDependencies:
+      '@types/node': 20.19.33
+
   sucrase@3.35.1:
     dependencies:
       '@jridgewell/gen-mapping': 0.3.13