diff --git a/api/stripe/getPaymentConfig.cfm b/api/stripe/getPaymentConfig.cfm new file mode 100644 index 0000000..8ffec88 --- /dev/null +++ b/api/stripe/getPaymentConfig.cfm @@ -0,0 +1,114 @@ + + + + + +/** + * Get Payment Config for Stripe Payment Sheet (saved cards) + * + * Returns customer ID, ephemeral key, and publishable key needed + * for Payment Sheet to display saved payment methods. + * + * POST: { UserID: int } + */ + +response = { "OK": false }; + +try { + requestData = deserializeJSON(toString(getHttpRequestData().content)); + userID = val(requestData.UserID ?: 0); + + if (userID == 0) { + response["ERROR"] = "UserID is required"; + writeOutput(serializeJSON(response)); + abort; + } + + stripeSecretKey = application.stripeSecretKey ?: "sk_test_LfbmDduJxTwbVZmvcByYmirw"; + + // Get user's Stripe Customer ID + qUser = queryExecute(" + SELECT StripeCustomerId, EmailAddress, FirstName, LastName + FROM Users + WHERE ID = :userID + ", { userID: userID }, { datasource: "payfrit" }); + + if (qUser.recordCount == 0) { + response["ERROR"] = "User not found"; + writeOutput(serializeJSON(response)); + abort; + } + + stripeCustomerId = qUser.StripeCustomerId ?: ""; + + // Create Stripe Customer if user doesn't have one + if (len(trim(stripeCustomerId)) == 0) { + customerService = new http(); + customerService.setMethod("POST"); + customerService.setUrl("https://api.stripe.com/v1/customers"); + customerService.setUsername(stripeSecretKey); + customerService.setPassword(""); + + customerName = trim((qUser.FirstName ?: "") & " " & (qUser.LastName ?: "")); + if (len(customerName) > 0) { + customerService.addParam(type="formfield", name="name", value=customerName); + } + if (len(trim(qUser.EmailAddress ?: "")) > 0) { + customerService.addParam(type="formfield", name="email", value=qUser.EmailAddress); + } + customerService.addParam(type="formfield", name="metadata[user_id]", value=userID); + + customerResult = customerService.send().getPrefix(); + customerData = deserializeJSON(customerResult.fileContent); + + if (structKeyExists(customerData, "error")) { + response["ERROR"] = "Failed to create customer: " & customerData.error.message; + writeOutput(serializeJSON(response)); + abort; + } + + stripeCustomerId = customerData.id; + + // Save to Users table + queryExecute(" + UPDATE Users SET StripeCustomerId = :custId WHERE ID = :userId + ", { + custId: stripeCustomerId, + userId: userID + }, { datasource: "payfrit" }); + + writeLog(file="stripe_webhooks", text="Created Stripe Customer #stripeCustomerId# for user #userID# via getPaymentConfig"); + } + + // Create Ephemeral Key for this customer + ephemeralService = new http(); + ephemeralService.setMethod("POST"); + ephemeralService.setUrl("https://api.stripe.com/v1/ephemeral_keys"); + ephemeralService.setUsername(stripeSecretKey); + ephemeralService.setPassword(""); + + // Stripe API version for ephemeral keys - must match mobile SDK version + ephemeralService.addParam(type="header", name="Stripe-Version", value="2023-10-16"); + ephemeralService.addParam(type="formfield", name="customer", value=stripeCustomerId); + + ephemeralResult = ephemeralService.send().getPrefix(); + ephemeralData = deserializeJSON(ephemeralResult.fileContent); + + if (structKeyExists(ephemeralData, "error")) { + response["ERROR"] = "Failed to create ephemeral key: " & ephemeralData.error.message; + writeOutput(serializeJSON(response)); + abort; + } + + response["OK"] = true; + response["CUSTOMER"] = stripeCustomerId; + response["EPHEMERAL_KEY"] = ephemeralResult.fileContent; // Raw JSON for SDK + response["PUBLISHABLE_KEY"] = application.stripePublishableKey ?: "pk_test_sPBNzSyJ9HcEPJGC7dSo8NqN"; + +} catch (any e) { + response["ERROR"] = e.message; + response["DETAIL"] = e.detail ?: ""; +} + +writeOutput(serializeJSON(response)); +