fluxerapp/fluxer
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a025f9ed2cac41173db532c018b12ea62ecaf92
fluxer/packages/api/src/stripe/tests/StripeWebhookRefund.test.tsx
Hampus Kraft ac2aba7f0e fix: stripe refund webhook errors
2026-02-18 16:42:04 +00:00

245 lines
8.0 KiB
TypeScript
Raw Blame History

/*
* Copyright (C) 2026 Fluxer Contributors
*
* This file is part of Fluxer.
*
* Fluxer is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Fluxer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
*/
import crypto from 'node:crypto';
import {createTestAccount} from '@fluxer/api/src/auth/tests/AuthTestUtils';
import {createUserID} from '@fluxer/api/src/BrandedTypes';
import {Config} from '@fluxer/api/src/Config';
import {createApiTestHarness} from '@fluxer/api/src/test/ApiTestHarness';
import {
createMockWebhookPayload,
type StripeWebhookEventData,
} from '@fluxer/api/src/test/msw/handlers/StripeApiHandlers';
import {createBuilder} from '@fluxer/api/src/test/TestRequestBuilder';
import {UserFlags} from '@fluxer/constants/src/UserConstants';
import {afterAll, beforeAll, beforeEach, describe, expect, test} from 'vitest';
describe('Stripe Webhook Refund', () => {
let harness: Awaited<ReturnType<typeof createApiTestHarness>>;
let originalWebhookSecret: string | undefined;
beforeAll(async () => {
harness = await createApiTestHarness();
originalWebhookSecret = Config.stripe.webhookSecret;
Config.stripe.webhookSecret = 'whsec_test_secret';
});
afterAll(async () => {
await harness.shutdown();
Config.stripe.webhookSecret = originalWebhookSecret;
});
beforeEach(async () => {
await harness.resetData();
});
function createWebhookSignature(payload: string, timestamp: number, secret: string): string {
const signedPayload = `${timestamp}.${payload}`;
const signature = crypto.createHmac('sha256', secret).update(signedPayload).digest('hex');
return `t=${timestamp},v1=${signature}`;
}
async function sendWebhook(eventData: StripeWebhookEventData): Promise<{received: boolean}> {
const {payload, timestamp} = createMockWebhookPayload(eventData);
const signature = createWebhookSignature(payload, timestamp, Config.stripe.webhookSecret!);
return createBuilder<{received: boolean}>(harness, '')
.post('/stripe/webhook')
.header('stripe-signature', signature)
.header('content-type', 'application/json')
.body(payload)
.execute();
}
describe('charge.refunded', () => {
test('revokes premium and records first refund', async () => {
const account = await createTestAccount(harness);
const userId = createUserID(BigInt(account.userId));
const {PaymentRepository} = await import('@fluxer/api/src/user/repositories/PaymentRepository');
const {UserRepository} = await import('@fluxer/api/src/user/repositories/UserRepository');
const paymentRepository = new PaymentRepository();
const userRepository = new UserRepository();
const paymentIntentId = 'pi_test_refund_first_123';
const checkoutSessionId = 'cs_test_refund_first_123';
await paymentRepository.createPayment({
checkout_session_id: checkoutSessionId,
user_id: userId,
price_id: 'price_test_monthly',
product_type: 'monthly_subscription',
status: 'completed',
is_gift: false,
created_at: new Date(),
});
await paymentRepository.updatePayment({
checkout_session_id: checkoutSessionId,
payment_intent_id: paymentIntentId,
completed_at: new Date(),
});
await sendWebhook({
type: 'charge.refunded',
data: {
object: {
id: 'ch_test_refund_123',
payment_intent: paymentIntentId,
amount_refunded: 2500,
},
},
});
const updatedUser = await userRepository.findUnique(userId);
expect(updatedUser).not.toBeNull();
expect(updatedUser!.firstRefundAt).not.toBeNull();
const updatedPayment = await userRepository.getPaymentByPaymentIntent(paymentIntentId);
expect(updatedPayment).not.toBeNull();
expect(updatedPayment!.status).toBe('refunded');
});
test('applies permanent purchase block on second refund', async () => {
const account = await createTestAccount(harness);
const userId = createUserID(BigInt(account.userId));
const {UserRepository} = await import('@fluxer/api/src/user/repositories/UserRepository');
const userRepository = new UserRepository();
const firstRefundDate = new Date('2024-01-01');
await userRepository.patchUpsert(
userId,
{
first_refund_at: firstRefundDate,
},
(await userRepository.findUnique(userId))!.toRow(),
);
const {PaymentRepository} = await import('@fluxer/api/src/user/repositories/PaymentRepository');
const paymentRepository = new PaymentRepository();
const paymentIntentId = 'pi_test_refund_second_456';
const checkoutSessionId = 'cs_test_refund_second_456';
await paymentRepository.createPayment({
checkout_session_id: checkoutSessionId,
user_id: userId,
price_id: 'price_test_monthly',
product_type: 'monthly_subscription',
status: 'completed',
is_gift: false,
created_at: new Date(),
});
await paymentRepository.updatePayment({
checkout_session_id: checkoutSessionId,
payment_intent_id: paymentIntentId,
completed_at: new Date(),
});
await sendWebhook({
type: 'charge.refunded',
data: {
object: {
id: 'ch_test_refund_456',
payment_intent: paymentIntentId,
amount_refunded: 2500,
},
},
});
const updatedUser = await userRepository.findUnique(userId);
expect(updatedUser).not.toBeNull();
expect(updatedUser!.firstRefundAt).toEqual(firstRefundDate);
expect(updatedUser!.flags & UserFlags.PREMIUM_PURCHASE_DISABLED).toBe(
BigInt(UserFlags.PREMIUM_PURCHASE_DISABLED),
);
const updatedPayment = await userRepository.getPaymentByPaymentIntent(paymentIntentId);
expect(updatedPayment).not.toBeNull();
expect(updatedPayment!.status).toBe('refunded');
});
test('falls back to customer ID when payment intent is not indexed (subscription mode)', async () => {
const account = await createTestAccount(harness);
const userId = createUserID(BigInt(account.userId));
const {UserRepository} = await import('@fluxer/api/src/user/repositories/UserRepository');
const userRepository = new UserRepository();
const stripeCustomerId = 'cus_test_subscription_fallback';
await userRepository.patchUpsert(
userId,
{stripe_customer_id: stripeCustomerId},
(await userRepository.findUnique(userId))!.toRow(),
);
await sendWebhook({
type: 'charge.refunded',
data: {
object: {
id: 'ch_test_refund_sub_789',
payment_intent: 'pi_test_not_indexed_789',
customer: stripeCustomerId,
amount_refunded: 4999,
},
},
});
const updatedUser = await userRepository.findUnique(userId);
expect(updatedUser).not.toBeNull();
expect(updatedUser!.firstRefundAt).not.toBeNull();
});
test('skips premium action for donation customer refund', async () => {
const donationCustomerId = 'cus_test_donation_refund';
const {DonationRepository} = await import('@fluxer/api/src/donation/DonationRepository');
const donationRepository = new DonationRepository();
await donationRepository.createDonor({
email: 'donor-refund-test@example.com',
stripeCustomerId: donationCustomerId,
businessName: null,
taxId: null,
taxIdType: null,
stripeSubscriptionId: null,
subscriptionAmountCents: null,
subscriptionCurrency: null,
subscriptionInterval: null,
subscriptionCurrentPeriodEnd: null,
subscriptionCancelAt: null,
});
const result = await sendWebhook({
type: 'charge.refunded',
data: {
object: {
id: 'ch_test_refund_donation_101',
payment_intent: 'pi_test_donation_not_indexed_101',
customer: donationCustomerId,
amount_refunded: 2500,
},
},
});
expect(result.received).toBe(true);
});
});
});
Reference in New Issue View Git Blame Copy Permalink