284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
192 lines
8.6 KiB
JavaScript
192 lines
8.6 KiB
JavaScript
/**
|
|
* Migration: Create Payment Provider Tables
|
|
*
|
|
* This migration creates the database schema for the abstract payment provider
|
|
* architecture. These tables support Stripe and future payment providers for
|
|
* invoice payments.
|
|
*
|
|
* Tables created:
|
|
* - payment_provider_configs: Tenant payment provider configuration
|
|
* - client_payment_customers: Client to payment provider customer mapping
|
|
* - invoice_payment_links: Payment links for invoices
|
|
* - payment_webhook_events: Webhook event tracking for idempotency
|
|
*
|
|
* The implementation is idempotent so it can run against databases where the
|
|
* tables already exist (common in shared dev environments).
|
|
*/
|
|
|
|
const ensureTable = async (knex, tableName, createFn) => {
|
|
const exists = await knex.schema.hasTable(tableName);
|
|
if (!exists) {
|
|
await createFn();
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Payment provider configuration per tenant.
|
|
* Stores credentials references and settings for each payment provider.
|
|
*/
|
|
const createPaymentProviderConfigs = (knex) =>
|
|
knex.schema.createTable('payment_provider_configs', (table) => {
|
|
table.uuid('tenant').notNullable();
|
|
table
|
|
.uuid('config_id')
|
|
.defaultTo(knex.raw('gen_random_uuid()'))
|
|
.notNullable();
|
|
table.string('provider_type', 50).notNullable(); // 'stripe', 'paypal', etc.
|
|
table.boolean('is_enabled').defaultTo(false);
|
|
table.boolean('is_default').defaultTo(false);
|
|
table.jsonb('configuration').defaultTo('{}'); // Provider-specific config
|
|
table.text('credentials_vault_path'); // Path to secrets in vault
|
|
table.text('webhook_secret_vault_path'); // Path to webhook secret
|
|
table.jsonb('settings').defaultTo('{}'); // Payment settings (links in emails, etc.)
|
|
table.timestamp('created_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
table.timestamp('updated_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
|
|
table.primary(['tenant', 'config_id']);
|
|
table.foreign('tenant').references('tenants.tenant').onDelete('CASCADE');
|
|
table.unique(['tenant', 'provider_type']);
|
|
});
|
|
|
|
/**
|
|
* Client to payment provider customer mapping.
|
|
* Maps Alga PSA clients to their customer IDs in payment providers.
|
|
*/
|
|
const createClientPaymentCustomers = (knex) =>
|
|
knex.schema.createTable('client_payment_customers', (table) => {
|
|
table.uuid('tenant').notNullable();
|
|
table
|
|
.uuid('mapping_id')
|
|
.defaultTo(knex.raw('gen_random_uuid()'))
|
|
.notNullable();
|
|
table.uuid('client_id').notNullable();
|
|
table.string('provider_type', 50).notNullable();
|
|
table.string('external_customer_id', 255).notNullable(); // stripe: cus_xxx
|
|
table.string('email', 255);
|
|
table.jsonb('metadata').defaultTo('{}');
|
|
table.timestamp('created_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
table.timestamp('updated_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
|
|
table.primary(['tenant', 'mapping_id']);
|
|
table.foreign('tenant').references('tenants.tenant').onDelete('CASCADE');
|
|
table.foreign(['tenant', 'client_id']).references(['tenant', 'client_id']).inTable('clients').onDelete('CASCADE');
|
|
table.unique(['tenant', 'client_id', 'provider_type']);
|
|
});
|
|
|
|
/**
|
|
* Payment links for invoices.
|
|
* Stores payment link URLs and their status for invoice payments.
|
|
*/
|
|
const createInvoicePaymentLinks = (knex) =>
|
|
knex.schema.createTable('invoice_payment_links', (table) => {
|
|
table.uuid('tenant').notNullable();
|
|
table
|
|
.uuid('link_id')
|
|
.defaultTo(knex.raw('gen_random_uuid()'))
|
|
.notNullable();
|
|
table.uuid('invoice_id').notNullable();
|
|
table.string('provider_type', 50).notNullable();
|
|
table.string('external_link_id', 255).notNullable(); // stripe: cs_xxx (checkout session)
|
|
table.text('url').notNullable();
|
|
table.integer('amount').notNullable(); // cents
|
|
table.string('currency', 3).notNullable().defaultTo('USD');
|
|
table.string('status', 50).defaultTo('active'); // active, expired, completed, cancelled
|
|
table.timestamp('expires_at', { useTz: true });
|
|
table.timestamp('completed_at', { useTz: true });
|
|
table.jsonb('metadata').defaultTo('{}');
|
|
table.timestamp('created_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
|
|
table.primary(['tenant', 'link_id']);
|
|
table.foreign('tenant').references('tenants.tenant').onDelete('CASCADE');
|
|
table.foreign(['tenant', 'invoice_id']).references(['tenant', 'invoice_id']).inTable('invoices').onDelete('CASCADE');
|
|
// Allow multiple payment links per invoice (e.g., expired ones replaced by new)
|
|
// but track external_link_id uniqueness per tenant
|
|
table.unique(['tenant', 'external_link_id']);
|
|
});
|
|
|
|
/**
|
|
* Payment webhook events.
|
|
* Stores webhook events for idempotent processing and audit trail.
|
|
*/
|
|
const createPaymentWebhookEvents = (knex) =>
|
|
knex.schema.createTable('payment_webhook_events', (table) => {
|
|
table.uuid('tenant').notNullable();
|
|
table
|
|
.uuid('event_id')
|
|
.defaultTo(knex.raw('gen_random_uuid()'))
|
|
.notNullable();
|
|
table.string('provider_type', 50).notNullable();
|
|
table.string('external_event_id', 255).notNullable(); // stripe: evt_xxx
|
|
table.string('event_type', 100).notNullable(); // e.g., 'checkout.session.completed'
|
|
table.jsonb('event_data').notNullable();
|
|
table.uuid('invoice_id'); // Nullable - may be determined during processing
|
|
table.boolean('processed').defaultTo(false);
|
|
table.string('processing_status', 50).defaultTo('pending'); // pending, processing, completed, failed
|
|
table.text('processing_error');
|
|
table.timestamp('processed_at', { useTz: true });
|
|
table.timestamp('created_at', { useTz: true }).defaultTo(knex.fn.now());
|
|
|
|
table.primary(['tenant', 'event_id']);
|
|
table.foreign('tenant').references('tenants.tenant').onDelete('CASCADE');
|
|
// Note: No ON DELETE SET NULL - incompatible with Citus. Handle in application code.
|
|
table.foreign(['tenant', 'invoice_id']).references(['tenant', 'invoice_id']).inTable('invoices');
|
|
table.unique(['tenant', 'provider_type', 'external_event_id']);
|
|
});
|
|
|
|
exports.up = async function up(knex) {
|
|
// Create tables in order (respecting foreign key dependencies)
|
|
await ensureTable(knex, 'payment_provider_configs', () => createPaymentProviderConfigs(knex));
|
|
await ensureTable(knex, 'client_payment_customers', () => createClientPaymentCustomers(knex));
|
|
await ensureTable(knex, 'invoice_payment_links', () => createInvoicePaymentLinks(knex));
|
|
await ensureTable(knex, 'payment_webhook_events', () => createPaymentWebhookEvents(knex));
|
|
|
|
// Create indexes (idempotent)
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_configs_tenant ON payment_provider_configs(tenant)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_configs_enabled ON payment_provider_configs(tenant, is_enabled) WHERE is_enabled = true'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_client_payment_customers_client ON client_payment_customers(tenant, client_id)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_client_payment_customers_external ON client_payment_customers(provider_type, external_customer_id)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_links_invoice ON invoice_payment_links(tenant, invoice_id)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_links_status ON invoice_payment_links(tenant, status) WHERE status = \'active\''
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_webhook_events_processed ON payment_webhook_events(tenant, processed, created_at)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_webhook_events_type ON payment_webhook_events(tenant, event_type)'
|
|
);
|
|
await knex.schema.raw(
|
|
'CREATE INDEX IF NOT EXISTS idx_payment_webhook_events_invoice ON payment_webhook_events(invoice_id) WHERE invoice_id IS NOT NULL'
|
|
);
|
|
|
|
// Grant privileges to server user
|
|
const dbUserServer = process.env.DB_USER_SERVER;
|
|
if (dbUserServer) {
|
|
const escapedUser = dbUserServer.replace(/"/g, '""');
|
|
await knex.schema.raw(`
|
|
GRANT ALL PRIVILEGES ON TABLE payment_provider_configs TO "${escapedUser}";
|
|
GRANT ALL PRIVILEGES ON TABLE client_payment_customers TO "${escapedUser}";
|
|
GRANT ALL PRIVILEGES ON TABLE invoice_payment_links TO "${escapedUser}";
|
|
GRANT ALL PRIVILEGES ON TABLE payment_webhook_events TO "${escapedUser}";
|
|
`);
|
|
}
|
|
};
|
|
|
|
exports.down = async function down(knex) {
|
|
// Drop tables in reverse order (respecting foreign key dependencies)
|
|
await knex.schema.dropTableIfExists('payment_webhook_events');
|
|
await knex.schema.dropTableIfExists('invoice_payment_links');
|
|
await knex.schema.dropTableIfExists('client_payment_customers');
|
|
await knex.schema.dropTableIfExists('payment_provider_configs');
|
|
};
|