first commit

calcom/apps/web/pages/api/integrations/[...args].ts

@@ -0,0 +1,88 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import type { Session } from "next-auth";
+
+import { throwIfNotHaveAdminAccessToTeam } from "@calcom/app-store/_utils/throwIfNotHaveAdminAccessToTeam";
+import { getServerSession } from "@calcom/features/auth/lib/getServerSession";
+import { deriveAppDictKeyFromType } from "@calcom/lib/deriveAppDictKeyFromType";
+import { HttpError } from "@calcom/lib/http-error";
+import prisma from "@calcom/prisma";
+import type { AppDeclarativeHandler, AppHandler } from "@calcom/types/AppHandler";
+
+const defaultIntegrationAddHandler = async ({
+  slug,
+  supportsMultipleInstalls,
+  appType,
+  user,
+  teamId = undefined,
+  createCredential,
+}: {
+  slug: string;
+  supportsMultipleInstalls: boolean;
+  appType: string;
+  user?: Session["user"];
+  teamId?: number;
+  createCredential: AppDeclarativeHandler["createCredential"];
+}) => {
+  if (!user?.id) {
+    throw new HttpError({ statusCode: 401, message: "You must be logged in to do this" });
+  }
+  if (!supportsMultipleInstalls) {
+    const alreadyInstalled = await prisma.credential.findFirst({
+      where: {
+        appId: slug,
+        ...(teamId ? { AND: [{ userId: user.id }, { teamId }] } : { userId: user.id }),
+      },
+    });
+    if (alreadyInstalled) {
+      throw new Error("App is already installed");
+    }
+  }
+
+  await throwIfNotHaveAdminAccessToTeam({ teamId: teamId ?? null, userId: user.id });
+
+  await createCredential({ user: user, appType, slug, teamId });
+};
+
+const handler = async (req: NextApiRequest, res: NextApiResponse) => {
+  // Check that user is authenticated
+  req.session = await getServerSession({ req, res });
+
+  const { args, teamId } = req.query;
+
+  if (!Array.isArray(args)) {
+    return res.status(404).json({ message: `API route not found` });
+  }
+
+  const [appName, apiEndpoint] = args;
+  try {
+    /* Absolute path didn't work */
+    const handlerMap = (await import("@calcom/app-store/apps.server.generated")).apiHandlers;
+    const handlerKey = deriveAppDictKeyFromType(appName, handlerMap);
+    const handlers = await handlerMap[handlerKey as keyof typeof handlerMap];
+    if (!handlers) throw new HttpError({ statusCode: 404, message: `No handlers found for ${handlerKey}` });
+    const handler = handlers[apiEndpoint as keyof typeof handlers] as AppHandler;
+    if (typeof handler === "undefined")
+      throw new HttpError({ statusCode: 404, message: `API handler not found` });
+
+    if (typeof handler === "function") {
+      await handler(req, res);
+    } else {
+      await defaultIntegrationAddHandler({ user: req.session?.user, teamId: Number(teamId), ...handler });
+      const redirectUrl = handler.redirect?.url ?? undefined;
+      res.json({ url: redirectUrl, newTab: handler.redirect?.newTab });
+    }
+    if (!res.writableEnded) return res.status(200);
+    return res;
+  } catch (error) {
+    console.error(error);
+    if (error instanceof HttpError) {
+      return res.status(error.statusCode).json({ message: error.message });
+    }
+    if (error instanceof Error) {
+      return res.status(400).json({ message: error.message });
+    }
+    return res.status(404).json({ message: `API handler not found` });
+  }
+};
+
+export default handler;

calcom/apps/web/pages/api/integrations/alby/webhook.ts

@@ -0,0 +1 @@
+export { default, config } from "@calcom/app-store/alby/api/webhook";

calcom/apps/web/pages/api/integrations/paypal/webhook.ts

@@ -0,0 +1 @@
+export { default, config } from "@calcom/app-store/paypal/api/webhook";

calcom/apps/web/pages/api/integrations/stripepayment/webhook.ts

@@ -0,0 +1 @@
+export { default, config } from "@calcom/features/ee/payments/api/webhook";

calcom/apps/web/pages/api/integrations/subscriptions/webhook.ts

@@ -0,0 +1,116 @@
+import { buffer } from "micro";
+import type { NextApiRequest, NextApiResponse } from "next";
+import type Stripe from "stripe";
+
+import stripe from "@calcom/app-store/stripepayment/lib/server";
+import { IS_PRODUCTION } from "@calcom/lib/constants";
+import { getErrorFromUnknown } from "@calcom/lib/errors";
+import { HttpError as HttpCode } from "@calcom/lib/http-error";
+import prisma from "@calcom/prisma";
+
+export const config = {
+  api: {
+    bodyParser: false,
+  },
+};
+
+// This file is a catch-all for any integration related subscription/paid app.
+
+const handleSubscriptionUpdate = async (event: Stripe.Event) => {
+  const subscription = event.data.object as Stripe.Subscription;
+  if (!subscription.id) throw new HttpCode({ statusCode: 400, message: "Subscription ID not found" });
+
+  const app = await prisma.credential.findFirst({
+    where: {
+      subscriptionId: subscription.id,
+    },
+  });
+
+  if (!app) {
+    throw new HttpCode({ statusCode: 202, message: "Received and discarded" });
+  }
+
+  await prisma.credential.update({
+    where: {
+      id: app.id,
+    },
+    data: {
+      paymentStatus: subscription.status,
+    },
+  });
+};
+
+const handleSubscriptionDeleted = async (event: Stripe.Event) => {
+  const subscription = event.data.object as Stripe.Subscription;
+  if (!subscription.id) throw new HttpCode({ statusCode: 400, message: "Subscription ID not found" });
+
+  const app = await prisma.credential.findFirst({
+    where: {
+      subscriptionId: subscription.id,
+    },
+  });
+
+  if (!app) {
+    throw new HttpCode({ statusCode: 202, message: "Received and discarded" });
+  }
+
+  // should we delete the credential here rather than marking as inactive?
+  await prisma.credential.update({
+    where: {
+      id: app.id,
+    },
+    data: {
+      paymentStatus: "inactive",
+      billingCycleStart: null,
+    },
+  });
+};
+
+type WebhookHandler = (event: Stripe.Event) => Promise<void>;
+
+const webhookHandlers: Record<string, WebhookHandler | undefined> = {
+  "customer.subscription.updated": handleSubscriptionUpdate,
+  "customer.subscription.deleted": handleSubscriptionDeleted,
+};
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  try {
+    if (req.method !== "POST") {
+      throw new HttpCode({ statusCode: 405, message: "Method Not Allowed" });
+    }
+    const sig = req.headers["stripe-signature"];
+    if (!sig) {
+      throw new HttpCode({ statusCode: 400, message: "Missing stripe-signature" });
+    }
+
+    if (!process.env.STRIPE_WEBHOOK_SECRET_APPS) {
+      throw new HttpCode({ statusCode: 500, message: "Missing process.env.STRIPE_WEBHOOK_SECRET_APPS" });
+    }
+    const requestBuffer = await buffer(req);
+    const payload = requestBuffer.toString();
+
+    const event = stripe.webhooks.constructEvent(payload, sig, process.env.STRIPE_WEBHOOK_SECRET_APPS);
+
+    const handler = webhookHandlers[event.type];
+    if (handler) {
+      await handler(event);
+    } else {
+      /** Not really an error, just letting Stripe know that the webhook was received but unhandled */
+      throw new HttpCode({
+        statusCode: 202,
+        message: `Unhandled Stripe Webhook event type ${event.type}`,
+      });
+    }
+  } catch (_err) {
+    const err = getErrorFromUnknown(_err);
+    console.error(`Webhook Error: ${err.message}`);
+    res.status(err.statusCode ?? 500).send({
+      message: err.message,
+      stack: IS_PRODUCTION ? undefined : err.stack,
+    });
+    return;
+  }
+
+  // Return a response to acknowledge receipt of the event
+  res.json({ received: true });
+}