simple_stripe/

lib.rs

use anyhow::{Result, anyhow};
use chrono::Utc;
use hmac::{Hmac, Mac};
use serde::Deserialize;
use serde_json::Value;
use sha2::Sha256;
use std::collections::HashMap;

const CREATE_SESSION_URL: &str = "https://api.stripe.com/v1/checkout/sessions";

// signature code from `async-stripe`
struct Signature<'r> {
    t: i64,
    v1: &'r str,
}

impl<'r> Signature<'r> {
    fn parse(raw: &'r str) -> Result<Signature<'r>> {
        let headers: HashMap<&str, &str> = raw
            .split(',')
            .map(|header| {
                let mut key_and_value = header.split('=');
                let key = key_and_value.next();
                let value = key_and_value.next();
                (key, value)
            })
            .filter_map(|(key, value)| match (key, value) {
                (Some(key), Some(value)) => Some((key, value)),
                _ => None,
            })
            .collect();
        let t = headers
            .get("t")
            .and_then(|t| t.parse::<i64>().ok())
            .ok_or(anyhow!("Bad signature t"))?;
        let v1 = headers.get("v1").ok_or(anyhow!("Bad signature v1"))?;
        Ok(Signature { t, v1 })
    }
}

#[derive(Deserialize)]
struct Event {
    r#type: String,
    data: Object,
}

#[derive(Deserialize)]
struct Object {
    object: Value,
}

/// simple event for one-time payment and subscription
pub enum SimpleEvent {
    // one-time payment complete: session_id, customer_id
    PaymentComplete(String, String),
    // session_id, customer_id
    SubscriptionCreated(String, String),
    // customer_id, prices_id
    SubscriptionPaid(String, Vec<String>),
    // customer_id, prices_id
    SubscriptionDeleted(String, Vec<String>),
    // not support event
    None(String),
}

#[derive(Clone, Debug)]
pub struct Stripe {
    secret: String,
    webhook: String,
    prices: HashMap<String, String>,
    success_url: Option<String>,
    cancel_url: Option<String>,
}

impl Stripe {
    /// init stripe with secret
    pub fn init(secret: String, webhook: String) -> Self {
        Self {
            secret,
            webhook,
            prices: HashMap::new(),
            success_url: None,
            cancel_url: None,
        }
    }

    /// add one-time payment price
    pub fn add_payment_price(&mut self, id: &str) {
        self.prices.insert(id.to_owned(), "payment".to_owned());
    }

    /// add subscription price
    pub fn add_subscription_price(&mut self, id: &str) {
        self.prices.insert(id.to_owned(), "subscription".to_owned());
    }

    /// set session success and cancel url
    pub fn set_urls(&mut self, success: &str, cancel: &str) {
        self.success_url = Some(success.to_owned());
        self.cancel_url = Some(cancel.to_owned());
    }

    /// create session, return the session id and session url
    pub async fn create_session(
        &self,
        uuid: &str,
        email: Option<String>,
        customer: Option<String>,
        price: &str,
        quantity: i32,
    ) -> Result<(String, String)> {
        let mode = self.prices.get(price).ok_or(anyhow!("No price"))?.to_owned();

        let mut params = vec![
            ("mode", mode),
            ("line_items[0][price]", price.to_owned()),
            ("line_items[0][quantity]", quantity.to_string()),
        ];

        if !uuid.is_empty() {
            params.push(("client_reference_id", uuid.to_owned()));
        }

        if let Some(customer) = customer && customer.starts_with("cus_") {
            params.push(("customer", customer));
        } else if let Some(email) = email {
            params.push(("customer_email", email));
        }

        if let Some(url) = &self.success_url {
            params.push(("success_url", url.to_owned()));
        }
        if let Some(url) = &self.cancel_url {
            params.push(("cancel_url", url.to_owned()));
        }

        let client = reqwest::Client::new();
        let resp = client
            .post(CREATE_SESSION_URL)
            .basic_auth(self.secret.clone(), Some(""))
            .form(&params)
            .send()
            .await?
            .json::<Value>()
            .await?;

        match (resp.get("id"), resp.get("url")) {
            (Some(id), Some(url)) => {
                let s_i = id.as_str().unwrap_or_default().to_owned();
                let s_u = url.as_str().unwrap_or_default().to_owned();
                Ok((s_i, s_u))
            }
            _ => Err(anyhow!("Failed to create session for {uuid}: {}", resp["error"]["message"])),
        }
    }

    /// check session is paid, if paid, return customer id, if not, return err
    pub async fn retrieve(&self, _session: &str) -> Result<String> {
        todo!()
    }

    /// verify signature and parse to SimpleEvent
    pub fn simple_event(&self, body: &str, signature: &str) -> Result<SimpleEvent> {
        // Get Stripe signature from header
        let signature = Signature::parse(&signature)?;
        let signed_payload = format!("{}.{}", signature.t, body);

        // Compute HMAC with the SHA256 hash function, using endpoing secret as key
        // and signed_payload string as the message.
        let mut mac = Hmac::<Sha256>::new_from_slice(self.webhook.as_bytes()).map_err(|_| anyhow!("Bad Key"))?;
        mac.update(signed_payload.as_bytes());

        let sig = hex::decode(signature.v1).map_err(|_| anyhow!("Bad signature hex"))?;
        mac.verify_slice(sig.as_slice()).map_err(|_| anyhow!("Bad signature verify"))?;

        // Get current timestamp to compare to signature timestamp
        let current_timestamp = Utc::now().timestamp();
        if (current_timestamp - signature.t).abs() > 300 {
            return Err(anyhow!("Bad signature time"));
        }

        let event: Event = serde_json::from_str(&body)?;
        let se = match event.r#type.as_str() {
            "checkout.session.completed" => {
                // subscription created || one-time paid
                let session = event.data.object["id"].as_str().unwrap_or_default().to_owned();
                let customer = event.data.object["customer"].as_str().unwrap_or_default().to_owned();
                let paid = event.data.object["payment_status"].as_str().unwrap_or_default();
                let mode = event.data.object["mode"].as_str().unwrap_or_default();
                if session.is_empty() || paid.is_empty() || mode.is_empty() {
                    tracing::error!("Stripe checkout.session.completed changed!");
                }
                if paid == "paid" {
                    match mode {
                        "payment" => SimpleEvent::PaymentComplete(session, customer),
                        "subscription" => SimpleEvent::SubscriptionCreated(session, customer),
                        _ => SimpleEvent::None(format!("checkout.session.completed payment mode: {mode}")),
                    }
                } else {
                    SimpleEvent::None(format!("checkout.session.completed payment status: {paid}"))
                }
            }
            "invoice.paid" => {
                // subscription paid
                let customer = event.data.object["customer"].as_str().unwrap_or_default().to_owned();
                let lines = event.data.object["lines"]["data"].as_array();

                let mut prices = vec![];
                if let Some(lines) = lines {
                    for line in lines {
                        if let Some(p) = line.pointer("/pricing/price_details/price") {
                            prices.push(p.as_str().unwrap_or_default().to_owned());
                        }
                    }
                }

                if customer.is_empty() {
                    tracing::error!("Stripe invoice.paid changed!");
                }

                SimpleEvent::SubscriptionPaid(customer, prices)
            }
            "invoice.payment_failed" => {
                // subscription failed
                let customer = event.data.object["customer"].as_str().unwrap_or_default().to_owned();
                let lines = event.data.object["lines"]["data"].as_array();

                let mut prices = vec![];
                if let Some(lines) = lines {
                    for line in lines {
                        if let Some(p) = line.pointer("/pricing/price_details/price") {
                            prices.push(p.as_str().unwrap_or_default().to_owned());
                        }
                    }
                }

                if customer.is_empty() {
                    tracing::error!("Stripe invoice.payment_failed changed!");
                }

                SimpleEvent::SubscriptionDeleted(customer, prices)
            }
            "customer.subscription.deleted" => {
                // subscription cancel & deleted
                let customer = event.data.object["customer"].as_str().unwrap_or_default().to_owned();
                let lines = event.data.object["lines"]["data"].as_array();

                let mut prices = vec![];
                if let Some(lines) = lines {
                    for line in lines {
                        if let Some(p) = line.pointer("/pricing/price_details/price") {
                            prices.push(p.as_str().unwrap_or_default().to_owned());
                        }
                    }
                }

                if customer.is_empty() {
                    tracing::error!("Stripe customer.subscription.deleted changed!");
                }

                SimpleEvent::SubscriptionDeleted(customer, prices)
            }
            _ => SimpleEvent::None(event.r#type)
        };

        Ok(se)
    }
}