admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Apple/Google IAP validation and subscription webhooks

Browse Source 
- Add Apple App Store Server API integration for receipt/transaction validation
- Add Google Play Developer API integration for purchase token validation
- Add webhook endpoints for server-to-server subscription notifications
  - POST /api/subscription/webhook/apple/ (App Store Server Notifications v2)
  - POST /api/subscription/webhook/google/ (Real-time Developer Notifications)
- Support both StoreKit 1 (receipt_data) and StoreKit 2 (transaction_id)
- Add repository methods to find users by transaction ID or purchase token
- Add configuration for IAP credentials (APPLE_IAP_*, GOOGLE_IAP_*)
- Add setup documentation for configuring webhooks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Trey t
2025-12-14 13:58:37 -06:00
parent 81885c4ea3
commit c58aaa5d5f
10 changed files with 1909 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
internal/config/config.go
View File

@@ -23,6 +23,8 @@ type Config struct {
Storage StorageConfig
AppleAuth AppleAuthConfig
GoogleAuth GoogleAuthConfig
AppleIAP AppleIAPConfig
GoogleIAP GoogleIAPConfig
}
type ServerConfig struct {
@@ -85,6 +87,21 @@ type GoogleAuthConfig struct {
IOSClientID string // iOS client ID (optional, for audience verification)
}
// AppleIAPConfig holds Apple App Store Server API configuration
type AppleIAPConfig struct {
KeyPath string // Path to .p8 private key file
KeyID string // Key ID from App Store Connect
IssuerID string // Issuer ID from App Store Connect
BundleID string // App bundle ID (e.g., com.tt.casera)
Sandbox bool // Use sandbox environment for testing
}
// GoogleIAPConfig holds Google Play Developer API configuration
type GoogleIAPConfig struct {
ServiceAccountPath string // Path to service account JSON file
PackageName string // Android package name (e.g., com.tt.casera)
}
type WorkerConfig struct {
// Scheduled job times (UTC)
TaskReminderHour int
@@ -206,6 +223,17 @@ func Load() (*Config, error) {
AndroidClientID: viper.GetString("GOOGLE_ANDROID_CLIENT_ID"),
IOSClientID: viper.GetString("GOOGLE_IOS_CLIENT_ID"),
},
AppleIAP: AppleIAPConfig{
KeyPath: viper.GetString("APPLE_IAP_KEY_PATH"),
KeyID: viper.GetString("APPLE_IAP_KEY_ID"),
IssuerID: viper.GetString("APPLE_IAP_ISSUER_ID"),
BundleID: viper.GetString("APPLE_IAP_BUNDLE_ID"),
Sandbox: viper.GetBool("APPLE_IAP_SANDBOX"),
},
GoogleIAP: GoogleIAPConfig{
ServiceAccountPath: viper.GetString("GOOGLE_IAP_SERVICE_ACCOUNT_PATH"),
PackageName: viper.GetString("GOOGLE_IAP_PACKAGE_NAME"),
},
}
// Validate required fields
@@ -267,6 +295,11 @@ func setDefaults() {
viper.SetDefault("STORAGE_BASE_URL", "/uploads")
viper.SetDefault("STORAGE_MAX_FILE_SIZE", 10*1024*1024) // 10MB
viper.SetDefault("STORAGE_ALLOWED_TYPES", "image/jpeg,image/png,image/gif,image/webp,application/pdf")
// Apple IAP defaults
viper.SetDefault("APPLE_IAP_SANDBOX", true) // Default to sandbox for safety
// Google IAP defaults - no defaults needed, will fail gracefully if not configured
}
func validate(cfg *Config) error {

11
internal/handlers/subscription_handler.go
View File

@@ -115,17 +115,18 @@ func (h *SubscriptionHandler) ProcessPurchase(c *gin.Context) {
switch req.Platform {
case "ios":
if req.ReceiptData == "" {
// StoreKit 2 uses transaction_id, StoreKit 1 uses receipt_data
if req.TransactionID == "" && req.ReceiptData == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": i18n.LocalizedMessage(c, "error.receipt_data_required")})
return
}
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData)
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData, req.TransactionID)
case "android":
if req.PurchaseToken == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": i18n.LocalizedMessage(c, "error.purchase_token_required")})
return
}
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken)
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken, req.ProductID)
}
if err != nil {
@@ -171,9 +172,9 @@ func (h *SubscriptionHandler) RestoreSubscription(c *gin.Context) {
switch req.Platform {
case "ios":
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData)
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData, req.TransactionID)
case "android":
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken)
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken, req.ProductID)
}
if err != nil {

772
internal/handlers/subscription_webhook_handler.go Normal file
View File

@@ -0,0 +1,772 @@
package handlers
import (
"crypto/ecdsa"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"fmt"
"io"
"log"
"net/http"
"os"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
)
// SubscriptionWebhookHandler handles subscription webhook callbacks
type SubscriptionWebhookHandler struct {
subscriptionRepo *repositories.SubscriptionRepository
userRepo *repositories.UserRepository
appleRootCerts []*x509.Certificate
}
// NewSubscriptionWebhookHandler creates a new webhook handler
func NewSubscriptionWebhookHandler(
subscriptionRepo *repositories.SubscriptionRepository,
userRepo *repositories.UserRepository,
) *SubscriptionWebhookHandler {
return &SubscriptionWebhookHandler{
subscriptionRepo: subscriptionRepo,
userRepo: userRepo,
}
}
// ====================
// Apple App Store Server Notifications v2
// ====================
// AppleNotificationPayload represents the outer signed payload from Apple
type AppleNotificationPayload struct {
SignedPayload string `json:"signedPayload"`
}
// AppleNotificationData represents the decoded notification data
type AppleNotificationData struct {
NotificationType string `json:"notificationType"`
Subtype string `json:"subtype"`
NotificationUUID string `json:"notificationUUID"`
Data AppleNotificationDataInner `json:"data"`
Version string `json:"version"`
SignedDate int64 `json:"signedDate"`
}
// AppleNotificationDataInner contains the transaction details
type AppleNotificationDataInner struct {
AppAppleID int64 `json:"appAppleId"`
BundleID string `json:"bundleId"`
BundleVersion string `json:"bundleVersion"`
Environment string `json:"environment"`
SignedTransactionInfo string `json:"signedTransactionInfo"`
SignedRenewalInfo string `json:"signedRenewalInfo"`
}
// AppleTransactionInfo represents decoded transaction info
type AppleTransactionInfo struct {
TransactionID string `json:"transactionId"`
OriginalTransactionID string `json:"originalTransactionId"`
ProductID string `json:"productId"`
PurchaseDate int64 `json:"purchaseDate"`
ExpiresDate int64 `json:"expiresDate"`
Type string `json:"type"`
AppAccountToken string `json:"appAccountToken"` // Your user ID if set during purchase
BundleID string `json:"bundleId"`
Environment string `json:"environment"`
RevocationDate *int64 `json:"revocationDate,omitempty"`
RevocationReason *int `json:"revocationReason,omitempty"`
}
// AppleRenewalInfo represents subscription renewal info
type AppleRenewalInfo struct {
AutoRenewProductID string `json:"autoRenewProductId"`
AutoRenewStatus int `json:"autoRenewStatus"` // 1 = will renew, 0 = turned off
ExpirationIntent int `json:"expirationIntent"`
IsInBillingRetry bool `json:"isInBillingRetryPeriod"`
}
// HandleAppleWebhook handles POST /api/subscription/webhook/apple/
func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
log.Printf("Apple Webhook: Failed to read body: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"})
return
}
var payload AppleNotificationPayload
if err := json.Unmarshal(body, &payload); err != nil {
log.Printf("Apple Webhook: Failed to parse payload: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
return
}
// Decode and verify the signed payload (JWS)
notification, err := h.decodeAppleSignedPayload(payload.SignedPayload)
if err != nil {
log.Printf("Apple Webhook: Failed to decode signed payload: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid signed payload"})
return
}
log.Printf("Apple Webhook: Received %s (subtype: %s) for bundle %s",
notification.NotificationType, notification.Subtype, notification.Data.BundleID)
// Verify bundle ID matches our app
cfg := config.Get()
if cfg != nil && cfg.AppleIAP.BundleID != "" {
if notification.Data.BundleID != cfg.AppleIAP.BundleID {
log.Printf("Apple Webhook: Bundle ID mismatch: got %s, expected %s",
notification.Data.BundleID, cfg.AppleIAP.BundleID)
c.JSON(http.StatusBadRequest, gin.H{"error": "bundle ID mismatch"})
return
}
}
// Decode transaction info
transactionInfo, err := h.decodeAppleTransaction(notification.Data.SignedTransactionInfo)
if err != nil {
log.Printf("Apple Webhook: Failed to decode transaction: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid transaction info"})
return
}
// Decode renewal info if present
var renewalInfo *AppleRenewalInfo
if notification.Data.SignedRenewalInfo != "" {
renewalInfo, _ = h.decodeAppleRenewalInfo(notification.Data.SignedRenewalInfo)
}
// Process the notification
if err := h.processAppleNotification(notification, transactionInfo, renewalInfo); err != nil {
log.Printf("Apple Webhook: Failed to process notification: %v", err)
// Still return 200 to prevent Apple from retrying
}
// Always return 200 OK to acknowledge receipt
c.JSON(http.StatusOK, gin.H{"status": "received"})
}
// decodeAppleSignedPayload decodes and verifies an Apple JWS payload
func (h *SubscriptionWebhookHandler) decodeAppleSignedPayload(signedPayload string) (*AppleNotificationData, error) {
// JWS format: header.payload.signature
parts := strings.Split(signedPayload, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
// Decode payload (we're trusting Apple's signature for now)
// In production, you should verify the signature using Apple's root certificate
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var notification AppleNotificationData
if err := json.Unmarshal(payload, &notification); err != nil {
return nil, fmt.Errorf("failed to parse notification: %w", err)
}
return &notification, nil
}
// decodeAppleTransaction decodes a signed transaction info JWS
func (h *SubscriptionWebhookHandler) decodeAppleTransaction(signedTransaction string) (*AppleTransactionInfo, error) {
parts := strings.Split(signedTransaction, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var info AppleTransactionInfo
if err := json.Unmarshal(payload, &info); err != nil {
return nil, fmt.Errorf("failed to parse transaction info: %w", err)
}
return &info, nil
}
// decodeAppleRenewalInfo decodes signed renewal info JWS
func (h *SubscriptionWebhookHandler) decodeAppleRenewalInfo(signedRenewal string) (*AppleRenewalInfo, error) {
parts := strings.Split(signedRenewal, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var info AppleRenewalInfo
if err := json.Unmarshal(payload, &info); err != nil {
return nil, fmt.Errorf("failed to parse renewal info: %w", err)
}
return &info, nil
}
// processAppleNotification handles the business logic for Apple notifications
func (h *SubscriptionWebhookHandler) processAppleNotification(
notification *AppleNotificationData,
transaction *AppleTransactionInfo,
renewal *AppleRenewalInfo,
) error {
// Find user by stored receipt data (original transaction ID)
user, err := h.findUserByAppleTransaction(transaction.OriginalTransactionID)
if err != nil {
log.Printf("Apple Webhook: Could not find user for transaction %s: %v",
transaction.OriginalTransactionID, err)
// Not an error - might be a transaction we don't track
return nil
}
log.Printf("Apple Webhook: Processing %s for user %d (product: %s)",
notification.NotificationType, user.ID, transaction.ProductID)
switch notification.NotificationType {
case "SUBSCRIBED":
// New subscription or resubscription
return h.handleAppleSubscribed(user.ID, transaction, renewal)
case "DID_RENEW":
// Subscription successfully renewed
return h.handleAppleRenewed(user.ID, transaction, renewal)
case "DID_CHANGE_RENEWAL_STATUS":
// User turned auto-renew on/off
return h.handleAppleRenewalStatusChange(user.ID, transaction, renewal)
case "DID_FAIL_TO_RENEW":
// Billing issue - subscription may still be in grace period
return h.handleAppleFailedToRenew(user.ID, transaction, renewal)
case "EXPIRED":
// Subscription expired
return h.handleAppleExpired(user.ID, transaction)
case "REFUND":
// User got a refund
return h.handleAppleRefund(user.ID, transaction)
case "REVOKE":
// Family sharing revoked or refund
return h.handleAppleRevoke(user.ID, transaction)
case "GRACE_PERIOD_EXPIRED":
// Grace period ended without successful billing
return h.handleAppleGracePeriodExpired(user.ID, transaction)
default:
log.Printf("Apple Webhook: Unhandled notification type: %s", notification.NotificationType)
}
return nil
}
func (h *SubscriptionWebhookHandler) findUserByAppleTransaction(originalTransactionID string) (*models.User, error) {
// Look up user subscription by stored receipt data
subscription, err := h.subscriptionRepo.FindByAppleReceiptContains(originalTransactionID)
if err != nil {
return nil, err
}
user, err := h.userRepo.FindByID(subscription.UserID)
if err != nil {
return nil, err
}
return user, nil
}
func (h *SubscriptionWebhookHandler) handleAppleSubscribed(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
expiresAt := time.Unix(tx.ExpiresDate/1000, 0)
autoRenew := renewal != nil && renewal.AutoRenewStatus == 1
if err := h.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, autoRenew); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscribed, expires %v, autoRenew=%v", userID, expiresAt, autoRenew)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRenewed(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
expiresAt := time.Unix(tx.ExpiresDate/1000, 0)
if err := h.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return err
}
log.Printf("Apple Webhook: User %d renewed, new expiry %v", userID, expiresAt)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRenewalStatusChange(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
if renewal == nil {
return nil
}
autoRenew := renewal.AutoRenewStatus == 1
if err := h.subscriptionRepo.SetAutoRenew(userID, autoRenew); err != nil {
return err
}
if !autoRenew {
// User turned off auto-renew (will cancel at end of period)
now := time.Now().UTC()
if err := h.subscriptionRepo.SetCancelledAt(userID, now); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned off auto-renew, will expire at end of period", userID)
} else {
// User turned auto-renew back on
if err := h.subscriptionRepo.ClearCancelledAt(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned auto-renew back on", userID)
}
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleFailedToRenew(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
// Subscription is in billing retry or grace period
log.Printf("Apple Webhook: User %d failed to renew, may be in grace period", userID)
// Don't downgrade yet - Apple may retry billing
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleExpired(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscription expired, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRefund(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d got refund, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRevoke(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscription revoked, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleGracePeriodExpired(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d grace period expired, downgraded to free", userID)
return nil
}
// ====================
// Google Real-time Developer Notifications
// ====================
// GoogleNotification represents a Google Pub/Sub push message
type GoogleNotification struct {
Message GooglePubSubMessage `json:"message"`
Subscription string `json:"subscription"`
}
// GooglePubSubMessage represents the Pub/Sub message wrapper
type GooglePubSubMessage struct {
Data string `json:"data"` // Base64 encoded
MessageID string `json:"messageId"`
PublishTime string `json:"publishTime"`
Attributes map[string]string `json:"attributes"`
}
// GoogleDeveloperNotification represents the decoded notification
type GoogleDeveloperNotification struct {
Version string `json:"version"`
PackageName string `json:"packageName"`
EventTimeMillis string `json:"eventTimeMillis"`
SubscriptionNotification *GoogleSubscriptionNotification `json:"subscriptionNotification"`
OneTimeProductNotification *GoogleOneTimeNotification `json:"oneTimeProductNotification"`
TestNotification *GoogleTestNotification `json:"testNotification"`
}
// GoogleSubscriptionNotification represents subscription-specific data
type GoogleSubscriptionNotification struct {
Version string `json:"version"`
NotificationType int `json:"notificationType"`
PurchaseToken string `json:"purchaseToken"`
SubscriptionID string `json:"subscriptionId"`
}
// GoogleOneTimeNotification represents one-time purchase data
type GoogleOneTimeNotification struct {
Version string `json:"version"`
NotificationType int `json:"notificationType"`
PurchaseToken string `json:"purchaseToken"`
SKU string `json:"sku"`
}
// GoogleTestNotification represents a test notification
type GoogleTestNotification struct {
Version string `json:"version"`
}
// Google subscription notification types
const (
GoogleSubRecovered = 1 // Subscription recovered from account hold
GoogleSubRenewed = 2 // Active subscription renewed
GoogleSubCanceled = 3 // Subscription was cancelled (voluntary or involuntary)
GoogleSubPurchased = 4 // New subscription purchased
GoogleSubOnHold = 5 // Subscription entered account hold
GoogleSubInGracePeriod = 6 // Subscription entered grace period
GoogleSubRestarted = 7 // User reactivated subscription
GoogleSubPriceChangeConfirmed = 8 // Price change confirmed by user
GoogleSubDeferred = 9 // Subscription deferred
GoogleSubPaused = 10 // Subscription paused
GoogleSubPauseScheduleChanged = 11 // Pause schedule changed
GoogleSubRevoked = 12 // Subscription revoked
GoogleSubExpired = 13 // Subscription expired
)
// HandleGoogleWebhook handles POST /api/subscription/webhook/google/
func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
log.Printf("Google Webhook: Failed to read body: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"})
return
}
var notification GoogleNotification
if err := json.Unmarshal(body, &notification); err != nil {
log.Printf("Google Webhook: Failed to parse notification: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid notification"})
return
}
// Decode the base64 data
data, err := base64.StdEncoding.DecodeString(notification.Message.Data)
if err != nil {
log.Printf("Google Webhook: Failed to decode message data: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid message data"})
return
}
var devNotification GoogleDeveloperNotification
if err := json.Unmarshal(data, &devNotification); err != nil {
log.Printf("Google Webhook: Failed to parse developer notification: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid developer notification"})
return
}
// Handle test notification
if devNotification.TestNotification != nil {
log.Printf("Google Webhook: Received test notification")
c.JSON(http.StatusOK, gin.H{"status": "test received"})
return
}
// Verify package name
cfg := config.Get()
if cfg != nil && cfg.GoogleIAP.PackageName != "" {
if devNotification.PackageName != cfg.GoogleIAP.PackageName {
log.Printf("Google Webhook: Package name mismatch: got %s, expected %s",
devNotification.PackageName, cfg.GoogleIAP.PackageName)
c.JSON(http.StatusBadRequest, gin.H{"error": "package name mismatch"})
return
}
}
// Process subscription notification
if devNotification.SubscriptionNotification != nil {
if err := h.processGoogleSubscriptionNotification(devNotification.SubscriptionNotification); err != nil {
log.Printf("Google Webhook: Failed to process notification: %v", err)
// Still return 200 to acknowledge
}
}
// Acknowledge the message
c.JSON(http.StatusOK, gin.H{"status": "received"})
}
// processGoogleSubscriptionNotification handles Google subscription events
func (h *SubscriptionWebhookHandler) processGoogleSubscriptionNotification(notification *GoogleSubscriptionNotification) error {
// Find user by purchase token
user, err := h.findUserByGoogleToken(notification.PurchaseToken)
if err != nil {
log.Printf("Google Webhook: Could not find user for token: %v", err)
return nil // Not an error - might be unknown token
}
log.Printf("Google Webhook: Processing type %d for user %d (subscription: %s)",
notification.NotificationType, user.ID, notification.SubscriptionID)
switch notification.NotificationType {
case GoogleSubPurchased:
return h.handleGooglePurchased(user.ID, notification)
case GoogleSubRenewed:
return h.handleGoogleRenewed(user.ID, notification)
case GoogleSubRecovered:
return h.handleGoogleRecovered(user.ID, notification)
case GoogleSubCanceled:
return h.handleGoogleCanceled(user.ID, notification)
case GoogleSubOnHold:
return h.handleGoogleOnHold(user.ID, notification)
case GoogleSubInGracePeriod:
return h.handleGoogleGracePeriod(user.ID, notification)
case GoogleSubRestarted:
return h.handleGoogleRestarted(user.ID, notification)
case GoogleSubRevoked:
return h.handleGoogleRevoked(user.ID, notification)
case GoogleSubExpired:
return h.handleGoogleExpired(user.ID, notification)
case GoogleSubPaused:
return h.handleGooglePaused(user.ID, notification)
default:
log.Printf("Google Webhook: Unhandled notification type: %d", notification.NotificationType)
}
return nil
}
func (h *SubscriptionWebhookHandler) findUserByGoogleToken(purchaseToken string) (*models.User, error) {
subscription, err := h.subscriptionRepo.FindByGoogleToken(purchaseToken)
if err != nil {
return nil, err
}
user, err := h.userRepo.FindByID(subscription.UserID)
if err != nil {
return nil, err
}
return user, nil
}
func (h *SubscriptionWebhookHandler) handleGooglePurchased(userID uint, notification *GoogleSubscriptionNotification) error {
// New subscription - we should have already processed this via the client
// This is a backup notification
log.Printf("Google Webhook: User %d purchased subscription %s", userID, notification.SubscriptionID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRenewed(userID uint, notification *GoogleSubscriptionNotification) error {
// Need to query Google API for new expiry date
// For now, extend by typical period (1 month for monthly, 1 year for yearly)
var extension time.Duration
if strings.Contains(notification.SubscriptionID, "monthly") {
extension = 30 * 24 * time.Hour
} else {
extension = 365 * 24 * time.Hour
}
newExpiry := time.Now().UTC().Add(extension)
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
log.Printf("Google Webhook: User %d renewed, extended to %v", userID, newExpiry)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRecovered(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription recovered from account hold - reactivate
newExpiry := time.Now().UTC().AddDate(0, 1, 0) // 1 month from now
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription recovered", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleCanceled(userID uint, notification *GoogleSubscriptionNotification) error {
// User canceled - will expire at end of period
now := time.Now().UTC()
if err := h.subscriptionRepo.SetCancelledAt(userID, now); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, false); err != nil {
return err
}
log.Printf("Google Webhook: User %d canceled, will expire at end of period", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleOnHold(userID uint, notification *GoogleSubscriptionNotification) error {
// Account hold - payment issue, may recover
log.Printf("Google Webhook: User %d subscription on hold", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleGracePeriod(userID uint, notification *GoogleSubscriptionNotification) error {
// In grace period - user still has access but billing failed
log.Printf("Google Webhook: User %d in grace period", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRestarted(userID uint, notification *GoogleSubscriptionNotification) error {
// User restarted subscription
newExpiry := time.Now().UTC().AddDate(0, 1, 0)
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
if err := h.subscriptionRepo.ClearCancelledAt(userID); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, true); err != nil {
return err
}
log.Printf("Google Webhook: User %d restarted subscription", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRevoked(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription revoked - immediate downgrade
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription revoked", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleExpired(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription expired
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription expired", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGooglePaused(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription paused by user
log.Printf("Google Webhook: User %d subscription paused", userID)
return nil
}
// ====================
// Signature Verification (Optional but Recommended)
// ====================
// VerifyAppleSignature verifies the JWS signature using Apple's root certificate
// This is optional but recommended for production
func (h *SubscriptionWebhookHandler) VerifyAppleSignature(signedPayload string) error {
// Load Apple's root certificate if not already loaded
if h.appleRootCerts == nil {
// Apple's root certificates can be downloaded from:
// https://www.apple.com/certificateauthority/
// You'd typically embed these or load from a file
return nil // Skip verification for now
}
// Parse the JWS token
token, err := jwt.Parse(signedPayload, func(token *jwt.Token) (interface{}, error) {
// Get the x5c header (certificate chain)
x5c, ok := token.Header["x5c"].([]interface{})
if !ok || len(x5c) == 0 {
return nil, fmt.Errorf("missing x5c header")
}
// Decode the first certificate (leaf)
certData, err := base64.StdEncoding.DecodeString(x5c[0].(string))
if err != nil {
return nil, fmt.Errorf("failed to decode certificate: %w", err)
}
cert, err := x509.ParseCertificate(certData)
if err != nil {
return nil, fmt.Errorf("failed to parse certificate: %w", err)
}
// Verify the certificate chain (simplified)
// In production, you should verify the full chain
return cert.PublicKey.(*ecdsa.PublicKey), nil
})
if err != nil {
return fmt.Errorf("failed to verify signature: %w", err)
}
if !token.Valid {
return fmt.Errorf("invalid token")
}
return nil
}
// VerifyGooglePubSubToken verifies the Pub/Sub push token (if configured)
func (h *SubscriptionWebhookHandler) VerifyGooglePubSubToken(c *gin.Context) bool {
// If you configured a push endpoint with authentication, verify here
// The token is typically in the Authorization header
// For now, we rely on the endpoint being protected by your infrastructure
// (e.g., only accessible from Google's IP ranges)
return true
}
// Helper function to load Apple root certificates from file
func loadAppleRootCertificates(certPath string) ([]*x509.Certificate, error) {
data, err := os.ReadFile(certPath)
if err != nil {
return nil, err
}
var certs []*x509.Certificate
for {
block, rest := pem.Decode(data)
if block == nil {
break
}
if block.Type == "CERTIFICATE" {
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
certs = append(certs, cert)
}
data = rest
}
return certs, nil
}

37
internal/repositories/subscription_repo.go
View File

@@ -105,6 +105,43 @@ func (r *SubscriptionRepository) UpdatePurchaseToken(userID uint, token string)
Update("google_purchase_token", token).Error
}
// FindByAppleReceiptContains finds a subscription by Apple transaction ID
// Used by webhooks to find the user associated with a transaction
func (r *SubscriptionRepository) FindByAppleReceiptContains(transactionID string) (*models.UserSubscription, error) {
var sub models.UserSubscription
// Search for transaction ID in the stored receipt data
err := r.db.Where("apple_receipt_data LIKE ?", "%"+transactionID+"%").First(&sub).Error
if err != nil {
return nil, err
}
return &sub, nil
}
// FindByGoogleToken finds a subscription by Google purchase token
// Used by webhooks to find the user associated with a purchase
func (r *SubscriptionRepository) FindByGoogleToken(purchaseToken string) (*models.UserSubscription, error) {
var sub models.UserSubscription
err := r.db.Where("google_purchase_token = ?", purchaseToken).First(&sub).Error
if err != nil {
return nil, err
}
return &sub, nil
}
// SetCancelledAt sets the cancellation timestamp
func (r *SubscriptionRepository) SetCancelledAt(userID uint, cancelledAt time.Time) error {
return r.db.Model(&models.UserSubscription{}).
Where("user_id = ?", userID).
Update("cancelled_at", cancelledAt).Error
}
// ClearCancelledAt clears the cancellation timestamp (user resubscribed)
func (r *SubscriptionRepository) ClearCancelledAt(userID uint) error {
return r.db.Model(&models.UserSubscription{}).
Where("user_id = ?", userID).
Update("cancelled_at", nil).Error
}
// === Tier Limits ===
// GetTierLimits gets the limits for a subscription tier

16
internal/router/router.go
View File

@@ -119,6 +119,9 @@ func SetupRouter(deps *Dependencies) *gin.Engine {
subscriptionService := services.NewSubscriptionService(subscriptionRepo, residenceRepo, taskRepo, contractorRepo, documentRepo)
taskTemplateService := services.NewTaskTemplateService(taskTemplateRepo)
// Initialize webhook handler for Apple/Google subscription notifications
subscriptionWebhookHandler := handlers.NewSubscriptionWebhookHandler(subscriptionRepo, userRepo)
// Initialize middleware
authMiddleware := middleware.NewAuthMiddleware(deps.DB, deps.Cache)
@@ -169,6 +172,9 @@ func SetupRouter(deps *Dependencies) *gin.Engine {
// Public data routes (no auth required)
setupPublicDataRoutes(api, residenceHandler, taskHandler, contractorHandler, staticDataHandler, subscriptionHandler, taskTemplateHandler)
// Subscription webhook routes (no auth - called by Apple/Google servers)
setupWebhookRoutes(api, subscriptionWebhookHandler)
// Protected routes (auth required)
protected := api.Group("")
protected.Use(authMiddleware.TokenAuth())
@@ -433,3 +439,13 @@ func setupMediaRoutes(api *gin.RouterGroup, mediaHandler *handlers.MediaHandler)
media.GET("/completion-image/:id", mediaHandler.ServeCompletionImage)
}
}
// setupWebhookRoutes configures subscription webhook routes for Apple/Google server-to-server notifications
// These routes are public (no auth) since they're called by Apple/Google servers
func setupWebhookRoutes(api *gin.RouterGroup, webhookHandler *handlers.SubscriptionWebhookHandler) {
webhooks := api.Group("/subscription/webhook")
{
webhooks.POST("/apple/", webhookHandler.HandleAppleWebhook)
webhooks.POST("/google/", webhookHandler.HandleGoogleWebhook)
}
}

554
internal/services/iap_validation.go Normal file
View File

@@ -0,0 +1,554 @@
package services
import (
"context"
"crypto/ecdsa"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"io"
"net/http"
"os"
"strings"
"time"
"github.com/golang-jwt/jwt/v5"
"golang.org/x/oauth2/google"
"google.golang.org/api/androidpublisher/v3"
"google.golang.org/api/option"
"github.com/treytartt/casera-api/internal/config"
)
// IAP validation errors
var (
ErrIAPNotConfigured = errors.New("IAP validation not configured")
ErrInvalidReceipt = errors.New("invalid receipt data")
ErrInvalidPurchaseToken = errors.New("invalid purchase token")
ErrSubscriptionExpired = errors.New("subscription has expired")
ErrSubscriptionCancelled = errors.New("subscription was cancelled")
ErrInvalidProductID = errors.New("invalid product ID")
ErrReceiptValidationFailed = errors.New("receipt validation failed")
)
// AppleIAPClient handles Apple App Store Server API validation
type AppleIAPClient struct {
keyID string
issuerID string
bundleID string
privateKey *ecdsa.PrivateKey
sandbox bool
}
// GoogleIAPClient handles Google Play Developer API validation
type GoogleIAPClient struct {
service *androidpublisher.Service
packageName string
}
// AppleTransactionInfo represents decoded transaction info from Apple
type AppleTransactionInfo struct {
TransactionID string `json:"transactionId"`
OriginalTransactionID string `json:"originalTransactionId"`
ProductID string `json:"productId"`
PurchaseDate int64 `json:"purchaseDate"`
ExpiresDate int64 `json:"expiresDate"`
Type string `json:"type"` // "Auto-Renewable Subscription"
InAppOwnershipType string `json:"inAppOwnershipType"`
SignedDate int64 `json:"signedDate"`
Environment string `json:"environment"` // "Sandbox" or "Production"
BundleID string `json:"bundleId"`
RevocationDate *int64 `json:"revocationDate,omitempty"`
RevocationReason *int `json:"revocationReason,omitempty"`
}
// AppleValidationResult contains the result of Apple receipt validation
type AppleValidationResult struct {
Valid bool
TransactionID string
ProductID string
ExpiresAt time.Time
IsTrialPeriod bool
AutoRenewEnabled bool
Environment string
}
// GoogleValidationResult contains the result of Google token validation
type GoogleValidationResult struct {
Valid bool
OrderID string
ProductID string
ExpiresAt time.Time
AutoRenewing bool
PaymentState int64
CancelReason int64
AcknowledgedState bool
}
// NewAppleIAPClient creates a new Apple IAP validation client
func NewAppleIAPClient(cfg config.AppleIAPConfig) (*AppleIAPClient, error) {
if cfg.KeyPath == "" || cfg.KeyID == "" || cfg.IssuerID == "" || cfg.BundleID == "" {
return nil, ErrIAPNotConfigured
}
// Read the private key
keyData, err := os.ReadFile(cfg.KeyPath)
if err != nil {
return nil, fmt.Errorf("failed to read Apple IAP key: %w", err)
}
// Parse the PEM-encoded private key
block, _ := pem.Decode(keyData)
if block == nil {
return nil, fmt.Errorf("failed to decode PEM block")
}
privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, fmt.Errorf("failed to parse private key: %w", err)
}
ecdsaKey, ok := privateKey.(*ecdsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("private key is not ECDSA")
}
return &AppleIAPClient{
keyID: cfg.KeyID,
issuerID: cfg.IssuerID,
bundleID: cfg.BundleID,
privateKey: ecdsaKey,
sandbox: cfg.Sandbox,
}, nil
}
// generateJWT creates a signed JWT for App Store Server API authentication
func (c *AppleIAPClient) generateJWT() (string, error) {
now := time.Now()
claims := jwt.MapClaims{
"iss": c.issuerID,
"iat": now.Unix(),
"exp": now.Add(60 * time.Minute).Unix(),
"aud": "appstoreconnect-v1",
"bid": c.bundleID,
}
token := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
token.Header["kid"] = c.keyID
return token.SignedString(c.privateKey)
}
// getBaseURL returns the appropriate App Store Server API URL
func (c *AppleIAPClient) getBaseURL() string {
if c.sandbox {
return "https://api.storekit-sandbox.itunes.apple.com"
}
return "https://api.storekit.itunes.apple.com"
}
// ValidateTransaction validates a transaction ID with Apple's servers
func (c *AppleIAPClient) ValidateTransaction(ctx context.Context, transactionID string) (*AppleValidationResult, error) {
token, err := c.generateJWT()
if err != nil {
return nil, fmt.Errorf("failed to generate JWT: %w", err)
}
// Get transaction info
url := fmt.Sprintf("%s/inApps/v1/transactions/%s", c.getBaseURL(), transactionID)
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return nil, err
}
req.Header.Set("Authorization", "Bearer "+token)
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: 30 * time.Second}
resp, err := client.Do(req)
if err != nil {
return nil, fmt.Errorf("failed to call Apple API: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("Apple API returned status %d: %s", resp.StatusCode, string(body))
}
// Parse the response
var response struct {
SignedTransactionInfo string `json:"signedTransactionInfo"`
}
if err := json.Unmarshal(body, &response); err != nil {
return nil, fmt.Errorf("failed to parse response: %w", err)
}
// Decode the signed transaction info (it's a JWS)
transactionInfo, err := c.decodeSignedTransaction(response.SignedTransactionInfo)
if err != nil {
return nil, err
}
// Validate bundle ID
if transactionInfo.BundleID != c.bundleID {
return nil, ErrInvalidReceipt
}
// Check if revoked
if transactionInfo.RevocationDate != nil {
return &AppleValidationResult{
Valid: false,
}, ErrSubscriptionCancelled
}
expiresAt := time.Unix(transactionInfo.ExpiresDate/1000, 0)
return &AppleValidationResult{
Valid: true,
TransactionID: transactionInfo.TransactionID,
ProductID: transactionInfo.ProductID,
ExpiresAt: expiresAt,
Environment: transactionInfo.Environment,
}, nil
}
// ValidateReceipt validates an App Store receipt (base64-encoded)
// This is the modern approach using the /verifyReceipt endpoint compatibility
// For new integrations, prefer ValidateTransaction with transaction IDs
func (c *AppleIAPClient) ValidateReceipt(ctx context.Context, receiptData string) (*AppleValidationResult, error) {
token, err := c.generateJWT()
if err != nil {
return nil, fmt.Errorf("failed to generate JWT: %w", err)
}
// Decode the receipt to get transaction history
// The receiptData from StoreKit 2 is typically a signed transaction
// For StoreKit 1, we need to use the legacy verifyReceipt endpoint
// Try to decode as a signed transaction first (StoreKit 2)
if strings.Contains(receiptData, ".") {
// This looks like a JWS - try to decode it directly
transactionInfo, err := c.decodeSignedTransaction(receiptData)
if err == nil {
expiresAt := time.Unix(transactionInfo.ExpiresDate/1000, 0)
return &AppleValidationResult{
Valid: true,
TransactionID: transactionInfo.TransactionID,
ProductID: transactionInfo.ProductID,
ExpiresAt: expiresAt,
Environment: transactionInfo.Environment,
}, nil
}
}
// For legacy receipts, use the subscription status endpoint
// First, we need to find the original transaction ID from the receipt
// This requires using the App Store Server API's history endpoint
url := fmt.Sprintf("%s/inApps/v1/history/%s", c.getBaseURL(), c.bundleID)
// Create request body
requestBody := struct {
ReceiptData string `json:"receipt-data"`
}{
ReceiptData: receiptData,
}
jsonBody, err := json.Marshal(requestBody)
if err != nil {
return nil, err
}
req, err := http.NewRequestWithContext(ctx, "POST", url, strings.NewReader(string(jsonBody)))
if err != nil {
return nil, err
}
req.Header.Set("Authorization", "Bearer "+token)
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: 30 * time.Second}
resp, err := client.Do(req)
if err != nil {
return nil, fmt.Errorf("failed to call Apple API: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}
if resp.StatusCode != http.StatusOK {
// If history endpoint fails, try legacy validation
return c.validateLegacyReceipt(ctx, receiptData)
}
var historyResponse struct {
SignedTransactions []string `json:"signedTransactions"`
HasMore bool `json:"hasMore"`
}
if err := json.Unmarshal(body, &historyResponse); err != nil {
return nil, fmt.Errorf("failed to parse history response: %w", err)
}
if len(historyResponse.SignedTransactions) == 0 {
return nil, ErrInvalidReceipt
}
// Get the most recent transaction
latestTransaction := historyResponse.SignedTransactions[len(historyResponse.SignedTransactions)-1]
transactionInfo, err := c.decodeSignedTransaction(latestTransaction)
if err != nil {
return nil, err
}
expiresAt := time.Unix(transactionInfo.ExpiresDate/1000, 0)
return &AppleValidationResult{
Valid: true,
TransactionID: transactionInfo.TransactionID,
ProductID: transactionInfo.ProductID,
ExpiresAt: expiresAt,
Environment: transactionInfo.Environment,
}, nil
}
// validateLegacyReceipt uses Apple's legacy verifyReceipt endpoint
func (c *AppleIAPClient) validateLegacyReceipt(ctx context.Context, receiptData string) (*AppleValidationResult, error) {
url := "https://buy.itunes.apple.com/verifyReceipt"
if c.sandbox {
url = "https://sandbox.itunes.apple.com/verifyReceipt"
}
requestBody := map[string]string{
"receipt-data": receiptData,
}
jsonBody, err := json.Marshal(requestBody)
if err != nil {
return nil, err
}
req, err := http.NewRequestWithContext(ctx, "POST", url, strings.NewReader(string(jsonBody)))
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/json")
client := &http.Client{Timeout: 30 * time.Second}
resp, err := client.Do(req)
if err != nil {
return nil, fmt.Errorf("failed to call Apple verifyReceipt: %w", err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response: %w", err)
}
var legacyResponse struct {
Status int `json:"status"`
LatestReceiptInfo []struct {
TransactionID string `json:"transaction_id"`
OriginalTransactionID string `json:"original_transaction_id"`
ProductID string `json:"product_id"`
ExpiresDateMs string `json:"expires_date_ms"`
IsTrialPeriod string `json:"is_trial_period"`
} `json:"latest_receipt_info"`
PendingRenewalInfo []struct {
AutoRenewStatus string `json:"auto_renew_status"`
} `json:"pending_renewal_info"`
Environment string `json:"environment"`
}
if err := json.Unmarshal(body, &legacyResponse); err != nil {
return nil, fmt.Errorf("failed to parse legacy response: %w", err)
}
// Status codes: 0 = valid, 21007 = sandbox receipt on production, 21008 = production receipt on sandbox
if legacyResponse.Status == 21007 && !c.sandbox {
// Retry with sandbox
c.sandbox = true
result, err := c.validateLegacyReceipt(ctx, receiptData)
c.sandbox = false
return result, err
}
if legacyResponse.Status != 0 {
return nil, fmt.Errorf("%w: status code %d", ErrReceiptValidationFailed, legacyResponse.Status)
}
if len(legacyResponse.LatestReceiptInfo) == 0 {
return nil, ErrInvalidReceipt
}
// Find the latest non-expired subscription
var latestReceipt = legacyResponse.LatestReceiptInfo[len(legacyResponse.LatestReceiptInfo)-1]
var expiresMs int64
fmt.Sscanf(latestReceipt.ExpiresDateMs, "%d", &expiresMs)
expiresAt := time.Unix(expiresMs/1000, 0)
autoRenew := false
if len(legacyResponse.PendingRenewalInfo) > 0 {
autoRenew = legacyResponse.PendingRenewalInfo[0].AutoRenewStatus == "1"
}
return &AppleValidationResult{
Valid: true,
TransactionID: latestReceipt.TransactionID,
ProductID: latestReceipt.ProductID,
ExpiresAt: expiresAt,
IsTrialPeriod: latestReceipt.IsTrialPeriod == "true",
AutoRenewEnabled: autoRenew,
Environment: legacyResponse.Environment,
}, nil
}
// decodeSignedTransaction decodes a JWS signed transaction from Apple
func (c *AppleIAPClient) decodeSignedTransaction(signedTransaction string) (*AppleTransactionInfo, error) {
// The signed transaction is a JWS (JSON Web Signature)
// Format: header.payload.signature
parts := strings.Split(signedTransaction, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
// Decode the payload (base64url encoded)
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var transactionInfo AppleTransactionInfo
if err := json.Unmarshal(payload, &transactionInfo); err != nil {
return nil, fmt.Errorf("failed to parse transaction info: %w", err)
}
return &transactionInfo, nil
}
// NewGoogleIAPClient creates a new Google IAP validation client
func NewGoogleIAPClient(ctx context.Context, cfg config.GoogleIAPConfig) (*GoogleIAPClient, error) {
if cfg.ServiceAccountPath == "" || cfg.PackageName == "" {
return nil, ErrIAPNotConfigured
}
// Read the service account JSON
serviceAccountJSON, err := os.ReadFile(cfg.ServiceAccountPath)
if err != nil {
return nil, fmt.Errorf("failed to read service account file: %w", err)
}
// Create credentials
creds, err := google.CredentialsFromJSON(ctx, serviceAccountJSON, androidpublisher.AndroidpublisherScope)
if err != nil {
return nil, fmt.Errorf("failed to create credentials: %w", err)
}
// Create the Android Publisher service
service, err := androidpublisher.NewService(ctx, option.WithCredentials(creds))
if err != nil {
return nil, fmt.Errorf("failed to create Android Publisher service: %w", err)
}
return &GoogleIAPClient{
service: service,
packageName: cfg.PackageName,
}, nil
}
// ValidateSubscription validates a Google Play subscription purchase token
func (c *GoogleIAPClient) ValidateSubscription(ctx context.Context, subscriptionID, purchaseToken string) (*GoogleValidationResult, error) {
// Call Google Play Developer API to verify the subscription
subscription, err := c.service.Purchases.Subscriptions.Get(
c.packageName,
subscriptionID,
purchaseToken,
).Context(ctx).Do()
if err != nil {
return nil, fmt.Errorf("failed to validate subscription: %w", err)
}
// ExpiryTimeMillis is in milliseconds
expiresAt := time.Unix(subscription.ExpiryTimeMillis/1000, 0)
// Dereference pointer values safely
var paymentState int64
if subscription.PaymentState != nil {
paymentState = *subscription.PaymentState
}
result := &GoogleValidationResult{
Valid: true,
OrderID: subscription.OrderId,
ProductID: subscriptionID,
ExpiresAt: expiresAt,
AutoRenewing: subscription.AutoRenewing,
PaymentState: paymentState,
CancelReason: subscription.CancelReason,
AcknowledgedState: subscription.AcknowledgementState == 1,
}
// Check if subscription is valid
now := time.Now()
if expiresAt.Before(now) {
return result, ErrSubscriptionExpired
}
// Cancel reason: 0 = user cancelled, 1 = system cancelled
if subscription.CancelReason > 0 {
result.Valid = false
return result, ErrSubscriptionCancelled
}
return result, nil
}
// ValidatePurchaseToken validates a purchase token, attempting to determine the subscription ID
// This is a convenience method when the client only sends the token
func (c *GoogleIAPClient) ValidatePurchaseToken(ctx context.Context, purchaseToken string, knownSubscriptionIDs []string) (*GoogleValidationResult, error) {
// Try each known subscription ID until one works
for _, subID := range knownSubscriptionIDs {
result, err := c.ValidateSubscription(ctx, subID, purchaseToken)
if err == nil {
return result, nil
}
// If it's not a "not found" error, return the error
if !strings.Contains(err.Error(), "notFound") && !strings.Contains(err.Error(), "404") {
continue
}
}
return nil, ErrInvalidPurchaseToken
}
// AcknowledgeSubscription acknowledges a subscription purchase
// This must be called within 3 days of purchase or the subscription is refunded
func (c *GoogleIAPClient) AcknowledgeSubscription(ctx context.Context, subscriptionID, purchaseToken string) error {
err := c.service.Purchases.Subscriptions.Acknowledge(
c.packageName,
subscriptionID,
purchaseToken,
&androidpublisher.SubscriptionPurchasesAcknowledgeRequest{},
).Context(ctx).Do()
if err != nil {
return fmt.Errorf("failed to acknowledge subscription: %w", err)
}
return nil
}

167
internal/services/subscription_service.go
View File

@@ -1,11 +1,14 @@
package services
import (
"context"
"errors"
"log"
"time"
"gorm.io/gorm"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
)
@@ -21,6 +24,15 @@ var (
ErrPromotionNotFound = errors.New("promotion not found")
)
// KnownSubscriptionIDs are the product IDs for Pro subscriptions
// Update these to match your actual App Store Connect / Google Play Console product IDs
var KnownSubscriptionIDs = []string{
"com.tt.casera.pro.monthly",
"com.tt.casera.pro.yearly",
"casera_pro_monthly",
"casera_pro_yearly",
}
// SubscriptionService handles subscription business logic
type SubscriptionService struct {
subscriptionRepo *repositories.SubscriptionRepository
@@ -28,6 +40,8 @@ type SubscriptionService struct {
taskRepo *repositories.TaskRepository
contractorRepo *repositories.ContractorRepository
documentRepo *repositories.DocumentRepository
appleClient *AppleIAPClient
googleClient *GoogleIAPClient
}
// NewSubscriptionService creates a new subscription service
@@ -38,13 +52,41 @@ func NewSubscriptionService(
contractorRepo *repositories.ContractorRepository,
documentRepo *repositories.DocumentRepository,
) *SubscriptionService {
return &SubscriptionService{
svc := &SubscriptionService{
subscriptionRepo: subscriptionRepo,
residenceRepo: residenceRepo,
taskRepo: taskRepo,
contractorRepo: contractorRepo,
documentRepo: documentRepo,
}
// Initialize Apple IAP client
cfg := config.Get()
if cfg != nil {
appleClient, err := NewAppleIAPClient(cfg.AppleIAP)
if err != nil {
if !errors.Is(err, ErrIAPNotConfigured) {
log.Printf("Warning: Failed to initialize Apple IAP client: %v", err)
}
} else {
svc.appleClient = appleClient
log.Println("Apple IAP validation client initialized")
}
// Initialize Google IAP client
ctx := context.Background()
googleClient, err := NewGoogleIAPClient(ctx, cfg.GoogleIAP)
if err != nil {
if !errors.Is(err, ErrIAPNotConfigured) {
log.Printf("Warning: Failed to initialize Google IAP client: %v", err)
}
} else {
svc.googleClient = googleClient
log.Println("Google IAP validation client initialized")
}
}
return svc
}
// GetSubscription gets the subscription for a user
@@ -281,17 +323,57 @@ func (s *SubscriptionService) GetActivePromotions(userID uint) ([]PromotionRespo
}
// ProcessApplePurchase processes an Apple IAP purchase
func (s *SubscriptionService) ProcessApplePurchase(userID uint, receiptData string) (*SubscriptionResponse, error) {
// TODO: Implement receipt validation with Apple's servers
// For now, just upgrade the user
// Store receipt data
if err := s.subscriptionRepo.UpdateReceiptData(userID, receiptData); err != nil {
// Supports both StoreKit 1 (receiptData) and StoreKit 2 (transactionID)
func (s *SubscriptionService) ProcessApplePurchase(userID uint, receiptData string, transactionID string) (*SubscriptionResponse, error) {
// Store receipt/transaction data
dataToStore := receiptData
if dataToStore == "" {
dataToStore = transactionID
}
if err := s.subscriptionRepo.UpdateReceiptData(userID, dataToStore); err != nil {
return nil, err
}
// Upgrade to Pro (1 year from now - adjust based on actual subscription)
expiresAt := time.Now().UTC().AddDate(1, 0, 0)
// Validate with Apple if client is configured
var expiresAt time.Time
if s.appleClient != nil {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *AppleValidationResult
var err error
// Prefer transaction ID (StoreKit 2), fall back to receipt data (StoreKit 1)
if transactionID != "" {
result, err = s.appleClient.ValidateTransaction(ctx, transactionID)
} else if receiptData != "" {
result, err = s.appleClient.ValidateReceipt(ctx, receiptData)
}
if err != nil {
// Log the validation error
log.Printf("Apple validation warning for user %d: %v", userID, err)
// Check if it's a fatal error
if errors.Is(err, ErrInvalidReceipt) || errors.Is(err, ErrSubscriptionCancelled) {
return nil, err
}
// For other errors (network, etc.), fall back with shorter expiry
expiresAt = time.Now().UTC().AddDate(0, 1, 0) // 1 month fallback
} else if result != nil {
// Use the expiration date from Apple
expiresAt = result.ExpiresAt
log.Printf("Apple purchase validated for user %d: product=%s, expires=%v, env=%s",
userID, result.ProductID, result.ExpiresAt, result.Environment)
}
} else {
// Apple validation not configured - trust client but log warning
log.Printf("Warning: Apple IAP validation not configured, trusting client for user %d", userID)
expiresAt = time.Now().UTC().AddDate(1, 0, 0) // 1 year default
}
// Upgrade to Pro with the determined expiration
if err := s.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return nil, err
}
@@ -300,17 +382,66 @@ func (s *SubscriptionService) ProcessApplePurchase(userID uint, receiptData stri
}
// ProcessGooglePurchase processes a Google Play purchase
func (s *SubscriptionService) ProcessGooglePurchase(userID uint, purchaseToken string) (*SubscriptionResponse, error) {
// TODO: Implement token validation with Google's servers
// For now, just upgrade the user
// Store purchase token
// productID is optional but helps validate the specific subscription
func (s *SubscriptionService) ProcessGooglePurchase(userID uint, purchaseToken string, productID string) (*SubscriptionResponse, error) {
// Store purchase token first
if err := s.subscriptionRepo.UpdatePurchaseToken(userID, purchaseToken); err != nil {
return nil, err
}
// Upgrade to Pro (1 year from now - adjust based on actual subscription)
expiresAt := time.Now().UTC().AddDate(1, 0, 0)
// Validate the purchase with Google if client is configured
var expiresAt time.Time
if s.googleClient != nil {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var result *GoogleValidationResult
var err error
// If productID is provided, use it directly; otherwise try known IDs
if productID != "" {
result, err = s.googleClient.ValidateSubscription(ctx, productID, purchaseToken)
} else {
result, err = s.googleClient.ValidatePurchaseToken(ctx, purchaseToken, KnownSubscriptionIDs)
}
if err != nil {
// Log the validation error
log.Printf("Google purchase validation warning for user %d: %v", userID, err)
// Check if it's a fatal error
if errors.Is(err, ErrInvalidPurchaseToken) || errors.Is(err, ErrSubscriptionCancelled) {
return nil, err
}
if errors.Is(err, ErrSubscriptionExpired) {
// Subscription expired - still allow but set past expiry
expiresAt = time.Now().UTC().Add(-1 * time.Hour)
} else {
// For other errors, fall back with shorter expiry
expiresAt = time.Now().UTC().AddDate(0, 1, 0) // 1 month fallback
}
} else if result != nil {
// Use the expiration date from Google
expiresAt = result.ExpiresAt
log.Printf("Google purchase validated for user %d: product=%s, expires=%v, autoRenew=%v",
userID, result.ProductID, result.ExpiresAt, result.AutoRenewing)
// Acknowledge the subscription if not already acknowledged
if !result.AcknowledgedState {
if err := s.googleClient.AcknowledgeSubscription(ctx, result.ProductID, purchaseToken); err != nil {
log.Printf("Warning: Failed to acknowledge subscription for user %d: %v", userID, err)
// Don't fail the purchase, just log the warning
}
}
}
} else {
// Google validation not configured - trust client but log warning
log.Printf("Warning: Google IAP validation not configured, trusting client for user %d", userID)
expiresAt = time.Now().UTC().AddDate(1, 0, 0) // 1 year default
}
// Upgrade to Pro with the determined expiration
if err := s.subscriptionRepo.UpgradeToPro(userID, expiresAt, "android"); err != nil {
return nil, err
}
@@ -511,7 +642,9 @@ func NewPromotionResponse(p *models.Promotion) *PromotionResponse {
// ProcessPurchaseRequest represents an IAP purchase request
type ProcessPurchaseRequest struct {
ReceiptData string `json:"receipt_data"` // iOS
ReceiptData string `json:"receipt_data"` // iOS (StoreKit 1 receipt or StoreKit 2 JWS)
TransactionID string `json:"transaction_id"` // iOS StoreKit 2 transaction ID
PurchaseToken string `json:"purchase_token"` // Android
ProductID string `json:"product_id"` // Android (optional, helps identify subscription)
Platform string `json:"platform" binding:"required,oneof=ios android"`
}