gatekpr_patterns/

billing.rs

//! Billing-related patterns for Shopify Billing API compliance
//!
//! Includes patterns for Shopify Billing API usage and third-party payment detection.

use crate::registry::PatternRegistry;
use once_cell::sync::Lazy;

/// Pre-built billing pattern registry
pub static BILLING_PATTERNS: Lazy<PatternRegistry> = Lazy::new(|| {
    let mut registry = PatternRegistry::new();

    // Shopify Billing API patterns
    registry
        .register(
            "app_subscription_create",
            r"(?i)(appSubscriptionCreate|app_subscription_create|createAppSubscription)",
        )
        .unwrap();

    registry
        .register(
            "recurring_charge",
            r"(?i)(recurring_application_charge|RecurringApplicationCharge|recurringCharge)",
        )
        .unwrap();

    registry
        .register(
            "usage_charge",
            r"(?i)(usage_charge|UsageCharge|appUsageRecord|usageRecord)",
        )
        .unwrap();

    registry
        .register(
            "one_time_charge",
            r"(?i)(application_charge|ApplicationCharge|oneTimeCharge|appPurchaseOneTime)",
        )
        .unwrap();

    registry
        .register(
            "billing_api",
            r"(?i)(shopify.*billing|billing.*shopify|/admin/api/.*/(recurring_application_charges|application_charges))",
        )
        .unwrap();

    // Third-party payment patterns (not allowed for public apps)
    registry
        .register(
            "stripe_integration",
            r"(?i)(stripe\.|@stripe/|stripe-js|new\s+Stripe\s*\(|StripeClient|createPaymentIntent|PaymentElement)",
        )
        .unwrap();

    registry
        .register(
            "paypal_integration",
            r"(?i)(paypal\.|@paypal/|paypal-js|PayPalButtons|paypalSdk)",
        )
        .unwrap();

    registry
        .register(
            "square_integration",
            r"(?i)(square\.|squareup|SquareClient|square-web-sdk)",
        )
        .unwrap();

    registry
        .register(
            "braintree_integration",
            r"(?i)(braintree\.|braintree-web|BraintreeClient|braintreeGateway)",
        )
        .unwrap();

    registry
        .register(
            "adyen_integration",
            r"(?i)(adyen\.|@adyen/|AdyenCheckout|adyenPayment)",
        )
        .unwrap();

    registry
        .register(
            "generic_payment_gateway",
            r"(?i)(payment.*gateway|checkout.*session|process.*payment|charge.*card)",
        )
        .unwrap();

    registry
});

/// Pattern keys for Shopify Billing API
pub const SHOPIFY_BILLING_KEYS: &[&str] = &[
    "app_subscription_create",
    "recurring_charge",
    "usage_charge",
    "one_time_charge",
    "billing_api",
];

/// Pattern keys for third-party payment providers
pub const THIRD_PARTY_PAYMENT_KEYS: &[&str] = &[
    "stripe_integration",
    "paypal_integration",
    "square_integration",
    "braintree_integration",
    "adyen_integration",
    "generic_payment_gateway",
];

/// Check billing compliance in code
pub fn check_billing_compliance(text: &str) -> BillingStatus {
    let mut third_party_detected = Vec::new();

    for key in THIRD_PARTY_PAYMENT_KEYS {
        if BILLING_PATTERNS.is_match(key, text) {
            third_party_detected.push(key.to_string());
        }
    }

    BillingStatus {
        uses_shopify_billing: BILLING_PATTERNS.any_match(SHOPIFY_BILLING_KEYS, text),
        third_party_detected,
        has_subscription: BILLING_PATTERNS.is_match("app_subscription_create", text)
            || BILLING_PATTERNS.is_match("recurring_charge", text),
        has_usage_billing: BILLING_PATTERNS.is_match("usage_charge", text),
        has_one_time: BILLING_PATTERNS.is_match("one_time_charge", text),
    }
}

/// Billing compliance status
#[derive(Debug, Clone, Default)]
pub struct BillingStatus {
    /// Whether Shopify Billing API is used
    pub uses_shopify_billing: bool,
    /// List of third-party payment providers detected
    pub third_party_detected: Vec<String>,
    /// Whether subscription billing is implemented
    pub has_subscription: bool,
    /// Whether usage-based billing is implemented
    pub has_usage_billing: bool,
    /// Whether one-time charges are implemented
    pub has_one_time: bool,
}

impl BillingStatus {
    /// Check if billing is compliant (uses Shopify, no third-party)
    pub fn is_compliant(&self) -> bool {
        self.uses_shopify_billing && self.third_party_detected.is_empty()
    }

    /// Get compliance status string
    pub fn status(&self) -> &'static str {
        if !self.third_party_detected.is_empty() {
            "fail"
        } else if self.uses_shopify_billing {
            "pass"
        } else {
            "warning"
        }
    }

    /// Check if any billing is implemented
    pub fn has_billing(&self) -> bool {
        self.uses_shopify_billing || !self.third_party_detected.is_empty()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_shopify_billing_detection() {
        let code = r#"
            const response = await client.mutate({
                mutation: appSubscriptionCreate,
                variables: { name: "Pro Plan", lineItems: [...] }
            });
        "#;

        let status = check_billing_compliance(code);
        assert!(status.uses_shopify_billing);
        assert!(status.has_subscription);
        assert!(status.third_party_detected.is_empty());
        assert!(status.is_compliant());
    }

    #[test]
    fn test_stripe_detection() {
        let code = r#"
            import Stripe from 'stripe';
            const stripe = new Stripe(process.env.STRIPE_SECRET_KEY);
            const paymentIntent = await stripe.paymentIntents.create({...});
        "#;

        let status = check_billing_compliance(code);
        assert!(!status.third_party_detected.is_empty());
        assert!(status
            .third_party_detected
            .contains(&"stripe_integration".to_string()));
        assert!(!status.is_compliant());
    }

    #[test]
    fn test_paypal_detection() {
        let code = r#"
            import { PayPalButtons } from "@paypal/react-paypal-js";
            <PayPalButtons createOrder={...} />
        "#;

        let status = check_billing_compliance(code);
        assert!(status
            .third_party_detected
            .contains(&"paypal_integration".to_string()));
        assert!(!status.is_compliant());
    }

    #[test]
    fn test_usage_billing() {
        let code = r#"
            const usageRecord = await client.mutate({
                mutation: appUsageRecordCreate,
                variables: { subscriptionLineItemId, price: "0.05" }
            });
        "#;

        let status = check_billing_compliance(code);
        assert!(status.has_usage_billing);
    }

    #[test]
    fn test_compliant_code() {
        let code = r#"
            // Using Shopify Billing API for subscriptions
            const subscription = await admin.graphql(`
                mutation appSubscriptionCreate($name: String!, $lineItems: [AppSubscriptionLineItemInput!]!) {
                    appSubscriptionCreate(name: $name, lineItems: $lineItems) {
                        appSubscription { id }
                    }
                }
            `);
        "#;

        let status = check_billing_compliance(code);
        assert!(status.is_compliant());
        assert_eq!(status.status(), "pass");
    }

    #[test]
    fn test_no_billing() {
        let code = r#"
            // Simple app with no billing
            function getProducts() {
                return fetch('/api/products');
            }
        "#;

        let status = check_billing_compliance(code);
        assert!(!status.has_billing());
        assert_eq!(status.status(), "warning");
    }
}