feat: implement "create admin session" capability (#374)

Implement plan/create-admin-session - see
storacha/console#98 for an example of this in
action.

Originally #358, moving here
to unstick the integration tests.

Author: Travis Vachon

billing/utils/stripe.js

@@ -6,6 +6,15 @@ import * as DidMailto from '@web3-storage/did-mailto'
  * @typedef {import('stripe').Stripe.CustomerSubscriptionCreatedEvent} CustomerSubscriptionCreatedEvent
  */
 
+/**
+ * 
+ * @param {string} stripeID 
+ * @returns {AccountID}
+ */
+export function stripeIDToAccountID(stripeID) {
+  return /** @type {AccountID} */(`stripe:${stripeID}`)
+}
+
 /**
  *
  * @param {Stripe} stripe
@@ -21,7 +30,7 @@ export async function handleCustomerSubscriptionCreated(stripe, event, customerS
     return { error: new Error(`Invalid product: ${product}`) }
   }
 
-  const account = /** @type {AccountID} */ (`stripe:${customerId}`)
+  const account = stripeIDToAccountID(customerId)
   const stripeCustomer = await stripe.customers.retrieve(customerId)
   if (stripeCustomer.deleted) {
     return {

package-lock.json

@@ -35,10 +35,11 @@ export class BillingProviderUpdateError extends Failure {
 
 /**
  * 
- * @param {import('stripe').Stripe} stripe 
+ * @param {import('stripe').Stripe} stripe
+ * @param {import("@web3-storage/w3infra-billing/lib/api").CustomerStore} customerStore
  * @returns {import("./types").BillingProvider}
  */
-export function createStripeBillingProvider(stripe) {
+export function createStripeBillingProvider(stripe, customerStore) {
   return {
     async hasCustomer(customer) {
       const customersResponse = await stripe.customers.list({ email: toEmail(/** @type {import('@web3-storage/did-mailto').DidMailto} */(customer)) })
@@ -84,6 +85,29 @@ export function createStripeBillingProvider(stripe) {
       } catch (/** @type {any} */ err) {
         return { error: new BillingProviderUpdateError(err.message, { cause: err }) }
       }
+    },
+
+    async createAdminSession(account, returnURL) {
+      const response = await customerStore.get({ customer: account })
+      if (response.error) {
+        return {
+          error: {
+            name: 'CustomerNotFound',
+            message: 'Error getting customer',
+            cause: response.error
+          }
+        }
+      }
+      const customer = response.ok.account.slice('stripe:'.length)
+      const session = await stripe.billingPortal.sessions.create({
+        customer,
+        return_url: returnURL
+      })
+      return {
+        ok: {
+          url: session.url
+        }
+      }
     }
   }
 }

upload-api/billing.js

@@ -186,7 +186,7 @@ export async function ucanInvocationRouter(request) {
   const customerStore = createCustomerStore({ region: AWS_REGION }, { tableName: customerTableName })
   if (!STRIPE_SECRET_KEY) throw new Error('missing secret: STRIPE_SECRET_KEY')
   const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: '2023-10-16' })
-  const plansStorage = usePlansStore(customerStore, createStripeBillingProvider(stripe))
+  const plansStorage = usePlansStore(customerStore, createStripeBillingProvider(stripe, customerStore))
   const rateLimitsStorage = createRateLimitTable(AWS_REGION, rateLimitTableName)
   const spaceMetricsTable = createSpaceMetricsTable(AWS_REGION, spaceMetricsTableName)
 

upload-api/functions/ucan-invocation-router.js

@@ -90,8 +90,6 @@ export function usePlansStore(customerStore, billingProvider) {
       return { ok: {} }
     },
 
-    createAdminSession: (account, returnURL) => {
-      throw new Error('not implemented')
-    }
+    createAdminSession: async (account, returnURL) => billingProvider.createAdminSession(account, returnURL)
   }
 }

upload-api/stores/plans.js

@@ -5,9 +5,26 @@ import dotenv from 'dotenv'
 
 import Stripe from 'stripe'
 import { fileURLToPath } from 'node:url'
+import { createCustomerStore, customerTableProps } from '@web3-storage/w3infra-billing/tables/customer.js'
+import { createTable } from './helpers/resources.js'
+import { createDynamoDB } from '@web3-storage/w3infra-billing/test/helpers/aws.js'
+import { stripeIDToAccountID } from '@web3-storage/w3infra-billing/utils/stripe.js'
 
 dotenv.config({ path: fileURLToPath(new URL('../../.env', import.meta.url)) })
 
+/**
+ * @typedef {object} BillingContext
+ * @property {import('@web3-storage/w3infra-billing/lib/api.js').CustomerStore} BillingContext.customerStore
+ * @property {Stripe} BillingContext.stripe
+ * @property {import('../types.js').BillingProvider} BillingContext.billingProvider
+ */
+
+const customerDID = /** @type {import('@web3-storage/did-mailto').DidMailto} */(
+  `did:mailto:example.com:w3up-billing-test-${Date.now()}`
+)
+const email = toEmail(customerDID)
+const initialPlan = 'did:web:starter.web3.storage'
+
 /**
  * 
  * @param {Stripe} stripe 
@@ -27,10 +44,20 @@ async function getCustomerPlanByEmail(stripe, email) {
  * 
  * @param {Stripe} stripe 
  * @param {string} email 
+ * @param {import('@web3-storage/w3infra-billing/lib/api.js').CustomerStore} customerStore
  * @returns {Promise<Stripe.Customer>}
  */
-async function setupCustomer(stripe, email) {
+async function setupCustomer(stripe, email, customerStore) {
   const customer = await stripe.customers.create({ email })
+  const customerCreation = await customerStore.put({
+    customer: customerDID,
+    account: stripeIDToAccountID(customer.id),
+    product: initialPlan,
+    insertedAt: new Date()
+  })
+  if (!customerCreation.ok){
+    throw customerCreation.error
+  }
 
   // set up a payment method - otherwise we won't be able to update the plan later
   let setupIntent = await stripe.setupIntents.create({
@@ -45,52 +72,83 @@ async function setupCustomer(stripe, email) {
   )
   const paymentMethod = /** @type {string} */(setupIntent.payment_method)
   await stripe.customers.update(customer.id, { invoice_settings: { default_payment_method: paymentMethod } })
+  // create a subscription to initialPlan
+  const prices = await stripe.prices.list({ lookup_keys: [initialPlan] })
+  const initialPriceID = prices.data.find(price => price.lookup_key === initialPlan)?.id
+  if (!initialPriceID) {
+    throw new Error(`could not find priceID ${initialPlan} in Stripe`)
+  }
+  await stripe.subscriptions.create({ customer: customer.id, items: [{ price: initialPriceID }] })
   return customer
 }
 
-test('stripe plan can be updated', async (t) => {
+/**
+ * 
+ * @param {BillingContext} context 
+ * @param {(c: BillingContext) => Promise<void>} testFn 
+ */
+async function withCustomer(context, testFn) {
+  const { stripe, customerStore } = context
+  let customer
+  try {
+    // create a new customer and set up its subscription with "initialPlan"
+    customer = await setupCustomer(stripe, email, customerStore)
+    await testFn(context)
+  } finally {
+    if (customer) {
+      // clean up the user we created
+      await stripe.customers.del(customer.id)
+    }
+  }
+}
+
+test.before(async t => {
   const stripeSecretKey = process.env.STRIPE_TEST_SECRET_KEY
-  if (stripeSecretKey) {
-    const stripe = new Stripe(stripeSecretKey, { apiVersion: '2023-10-16' })
-    const billingProvider = createStripeBillingProvider(stripe)
-    const customerDID = /** @type {import('@web3-storage/did-mailto').DidMailto} */(
-      `did:mailto:example.com:w3up-billing-test-${Date.now()}`
-    )
-    const email = toEmail(customerDID)
-
-    const initialPlan = 'did:web:starter.web3.storage'
-    const updatedPlan = 'did:web:lite.web3.storage'
 
-    const prices = await stripe.prices.list({ lookup_keys: [initialPlan] })
-    const initialPriceID = prices.data.find(price => price.lookup_key === initialPlan)?.id
-    if (!initialPriceID){
-      t.fail(`could not find Stripe price with lookup_key ${initialPlan}`)
-    }
-    let customer
-    try {
-      // create a new customer and set up its subscription with "initialPlan"
-      customer = await setupCustomer(stripe, email)
-      
-      // create a subscription to initialPlan
-      await stripe.subscriptions.create({ customer: customer.id, items: [{ price: initialPriceID }] })
-
-      // use the stripe API to verify plan has been initialized correctly
-      const initialStripePlan = await getCustomerPlanByEmail(stripe, email)
-      t.deepEqual(initialPlan, initialStripePlan)
-
-      // this is the actual code under test!
-      await billingProvider.setPlan(customerDID, updatedPlan)
-
-      // use the stripe API to verify plan has been updated
-      const updatedStripePlan = await getCustomerPlanByEmail(stripe, email)
-      t.deepEqual(updatedPlan, updatedStripePlan)
-    } finally {
-      if (customer) {
-        // clean up the user we created
-        await stripe.customers.del(customer.id)
-      }
-    }
-  } else {
-    t.fail('STRIPE_TEST_SECRET_KEY environment variable is not set')
+  if (!stripeSecretKey) {
+    throw new Error('STRIPE_TEST_SECRET_KEY environment variable is not set')
   }
+  const { client: dynamo } = await createDynamoDB()
+
+  const stripe = new Stripe(stripeSecretKey, { apiVersion: '2023-10-16' })
+
+  const customerStore = createCustomerStore(dynamo, { tableName: await createTable(dynamo, customerTableProps) })
+  const billingProvider = createStripeBillingProvider(stripe, customerStore)
+
+  Object.assign(t.context, {
+    dynamo,
+    customerStore,
+    stripe,
+    billingProvider
+  })
+})
+
+test('stripe plan can be updated', async (t) => {
+  const context = /** @type {typeof t.context & BillingContext } */(t.context)
+  const { stripe, billingProvider } = context
+
+  await withCustomer(context, async () => {
+    // use the stripe API to verify plan has been initialized correctly
+    const initialStripePlan = await getCustomerPlanByEmail(stripe, email)
+    t.deepEqual(initialPlan, initialStripePlan)
+
+    // this is the actual code under test!
+    const updatedPlan = 'did:web:lite.web3.storage'
+    await billingProvider.setPlan(customerDID, updatedPlan)
+
+    // use the stripe API to verify plan has been updated
+    const updatedStripePlan = await getCustomerPlanByEmail(stripe, email)
+    t.deepEqual(updatedPlan, updatedStripePlan)
+  })
 })
+
+test('stripe billing session can be generated', async (t) => {
+  const context = /** @type {typeof t.context & BillingContext } */(t.context)
+  const { billingProvider } = context
+
+  await withCustomer(context, async () => {
+    const response = await billingProvider.createAdminSession(customerDID, 'https://example.com/return-url')
+    t.assert(response.ok)
+    t.assert(response.ok?.url)
+  })
+})

upload-api/test/billing.test.js

@@ -14,6 +14,10 @@ export function createTestBillingProvider() {
     async setPlan(customer, product) {
       customers[customer] = product
       return { ok: {} }
+    },
+
+    async createAdminSession(customer) {
+      return { ok: { url: 'https://example/test-billing-admin-session' } }
     }
   }
 }

upload-api/test/helpers/billing.js

@@ -3,7 +3,7 @@ import { DID, Link, Delegation, Signature, Block, UCANLink, ByteView, DIDKey, Re
 import { UnknownLink } from 'multiformats'
 import { CID } from 'multiformats/cid'
 import { Kinesis } from '@aws-sdk/client-kinesis'
-import { AccountDID, ProviderDID, Service, SpaceDID, CarStoreBucket, AllocationsStorage } from '@web3-storage/upload-api'
+import { AccountDID, ProviderDID, Service, SpaceDID, CarStoreBucket, AllocationsStorage, PlanCreateAdminSessionSuccess, PlanCreateAdminSessionFailure } from '@web3-storage/upload-api'
 
 export interface StoreOperationError extends Error {
   name: 'StoreOperationFailed'
@@ -282,6 +282,7 @@ type SetPlanFailure = InvalidSubscriptionState | BillingProviderUpdateError
 export interface BillingProvider {
   hasCustomer: (customer: AccountDID) => Promise<Result<boolean, Failure>>
   setPlan: (customer: AccountDID, plan: DID) => Promise<Result<Unit, SetPlanFailure>>
+  createAdminSession: (customer: AccountDID, returnURL: string) => Promise<Result<PlanCreateAdminSessionSuccess, PlanCreateAdminSessionFailure>>
 }
 
 export {}