invoice-payments_8js_source.html

/**

 * @file routes/invoice-payments.js

 * @module routes/invoice-payments

 * @description Invoice payment routes with Stripe integration

 */


const express = require('express');

const router = express.Router();

const pool = require('../services/db');

const authenticateToken = require('../middleware/auth');


// Initialize Stripe with correct key based on mode

const stripeMode = process.env.STRIPE_MODE || 'test';

const stripeSecretKey = stripeMode === 'live'

  ? process.env.STRIPE_LIVE_SECRET_KEY

  : process.env.STRIPE_TEST_SECRET_KEY;

const stripePublishableKey = stripeMode === 'live'

  ? process.env.STRIPE_LIVE_PUBLISHABLE_KEY

  : process.env.STRIPE_TEST_PUBLISHABLE_KEY;


const stripe = require('stripe')(stripeSecretKey);


console.log(`[Stripe] Invoice Payments initialized in ${stripeMode.toUpperCase()} mode`);


/**

 * POST /api/invoices/:id/create-payment-intent

 *

 * Create a Stripe payment intent for an invoice

 */

router.post('/:id/create-payment-intent', authenticateToken, async (req, res) => {

  try {

    const invoiceId = req.params.id;

    const tenantId = req.user.tenant_id;


    // Get invoice details

    const invoiceResult = await pool.query(

      `SELECT i.*, c.name as customer_name, c.email as customer_email

       FROM invoices i

       LEFT JOIN customers c ON i.customer_id = c.customer_id

       WHERE i.invoice_id = $1 AND i.tenant_id = $2`,

      [invoiceId, tenantId]

    );


    if (invoiceResult.rows.length === 0) {

      return res.status(404).json({ error: 'Invoice not found' });

    }


    const invoice = invoiceResult.rows[0];


    // Check if already paid

    if (invoice.payment_status === 'paid') {

      return res.status(400).json({ error: 'Invoice is already paid' });

    }


    // Get tenant's Stripe account

    const stripeAccountResult = await pool.query(

      'SELECT stripe_account_id FROM stripe_config WHERE tenant_id = $1 AND charges_enabled = true',

      [tenantId]

    );


    if (stripeAccountResult.rows.length === 0) {

      return res.status(400).json({ error: 'Stripe account not configured or not enabled for charges' });

    }


    const stripeAccountId = stripeAccountResult.rows[0].stripe_account_id;


    // Calculate amount in cents

    const amountInCents = Math.round(parseFloat(invoice.total || invoice.amount || 0) * 100);


    if (amountInCents <= 0) {

      return res.status(400).json({ error: 'Invalid invoice amount' });

    }


    // Create payment intent on connected account

    const paymentIntent = await stripe.paymentIntents.create({

      amount: amountInCents,

      currency: (invoice.currency || 'AUD').toLowerCase(),

      description: `Invoice #${invoice.invoice_id} - ${invoice.description || 'Payment'}`,

      metadata: {

        invoice_id: invoiceId.toString(),

        customer_id: invoice.customer_id?.toString() || '',

        tenant_id: tenantId,

        customer_name: invoice.customer_name || '',

      },

      application_fee_amount: Math.round(amountInCents * 0.03), // 3% platform fee

    }, {

      stripeAccount: stripeAccountId,

    });


    res.json({

      clientSecret: paymentIntent.client_secret,

      publishableKey: stripePublishableKey,

      stripeAccount: stripeAccountId, // Connected account ID for Elements

      amount: amountInCents,

      currency: (invoice.currency || 'AUD').toLowerCase(),

      mode: stripeMode, // Include mode in response for client-side logging

    });


  } catch (error) {

    console.error('Error creating payment intent:', error);

    res.status(500).json({ error: error.message || 'Failed to create payment intent' });

  }

});


/**

 * POST /api/invoices/:id/confirm-payment

 *

 * Confirm payment and update invoice status (called after successful payment)

 */

router.post('/:id/confirm-payment', authenticateToken, async (req, res) => {

  const client = await pool.connect(); // Get a client for transaction


  try {

    const invoiceId = req.params.id;

    const tenantId = req.user.tenant_id;

    const { paymentIntentId } = req.body;


    if (!paymentIntentId) {

      return res.status(400).json({ error: 'Payment intent ID required' });

    }


    // Get tenant's Stripe account

    const stripeAccountResult = await client.query(

      'SELECT stripe_account_id FROM stripe_config WHERE tenant_id = $1',

      [tenantId]

    );


    if (stripeAccountResult.rows.length === 0) {

      return res.status(400).json({ error: 'Stripe account not configured' });

    }


    const stripeAccountId = stripeAccountResult.rows[0].stripe_account_id;


    // Verify payment intent status with Stripe

    const paymentIntent = await stripe.paymentIntents.retrieve(

      paymentIntentId,

      { stripeAccount: stripeAccountId }

    );


    if (paymentIntent.status !== 'succeeded') {

      return res.status(400).json({ error: 'Payment not completed' });

    }


    // Start transaction

    await client.query('BEGIN');


    // Update invoice payment status

    const invoiceResult = await client.query(

      `UPDATE invoices

       SET payment_status = 'paid',

           status = 'paid',

           updated_at = CURRENT_TIMESTAMP

       WHERE invoice_id = $1 AND tenant_id = $2

       RETURNING invoice_id, payment_status, status`,

      [invoiceId, tenantId]

    );


    if (invoiceResult.rows.length === 0) {

      await client.query('ROLLBACK');

      return res.status(404).json({ error: 'Invoice not found' });

    }


    // Record payment in payments table

    const paymentMethodDetails = paymentIntent.charges?.data[0]?.payment_method_details;


    await client.query(

      `INSERT INTO payments (

        tenant_id, customer_id, invoice_id,

        stripe_payment_intent_id, stripe_charge_id, stripe_account_id,

        amount, currency, status,

        payment_method_type, card_brand, card_last4,

        application_fee_amount, payment_intent_status,

        description, succeeded_at, created_at

      )

      SELECT

        $1, customer_id, $2,

        $3, $4, $5,

        $6, $7, $8,

        $9, $10, $11,

        $12, $13,

        $14, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP

      FROM invoices

      WHERE invoice_id = $2 AND tenant_id = $1`,

      [

        tenantId,

        invoiceId,

        paymentIntentId,

        paymentIntent.charges?.data[0]?.id || null,

        stripeAccountId,

        paymentIntent.amount,

        paymentIntent.currency,

        'succeeded', // Valid status from constraint: pending, processing, succeeded, failed, canceled, refunded

        paymentMethodDetails?.type || 'card',

        paymentMethodDetails?.card?.brand || null,

        paymentMethodDetails?.card?.last4 || null,

        paymentIntent.application_fee_amount || null,

        paymentIntent.status,

        `Invoice #${invoiceId} payment`

      ]

    );


    // Commit transaction

    await client.query('COMMIT');


    res.json({

      success: true,

      invoice: invoiceResult.rows[0],

    });


  } catch (error) {

    // Rollback on any error

    await client.query('ROLLBACK');

    console.error('Error confirming payment:', error);

    res.status(500).json({ error: error.message || 'Failed to confirm payment' });

  } finally {

    // Release client back to pool

    client.release();

  }

});


module.exports = router;