tenseleyflow/shithub / 25f49fa

+// Stripe directly; Stripe API details stay in the SP03 adapter layer.

+	InvoiceStatus      = billingdb.BillingInvoiceStatus

+

+	InvoiceStatusDraft         = billingdb.BillingInvoiceStatusDraft

+	InvoiceStatusOpen          = billingdb.BillingInvoiceStatusOpen

+	InvoiceStatusPaid          = billingdb.BillingInvoiceStatusPaid

+	InvoiceStatusVoid          = billingdb.BillingInvoiceStatusVoid

+	InvoiceStatusUncollectible = billingdb.BillingInvoiceStatusUncollectible

+	ErrPoolRequired         = errors.New("billing: pool is required")

+	ErrOrgIDRequired        = errors.New("billing: org id is required")

+	ErrStripeCustomerID     = errors.New("billing: stripe customer id is required")

+	ErrStripeSubscriptionID = errors.New("billing: stripe subscription id is required")

+	ErrStripeInvoiceID      = errors.New("billing: stripe invoice id is required")

+	ErrInvalidPlan          = errors.New("billing: invalid plan")

+	ErrInvalidStatus        = errors.New("billing: invalid subscription status")

+	ErrInvalidInvoiceStatus = errors.New("billing: invalid invoice status")

+	ErrInvalidSeatCount     = errors.New("billing: seat counts cannot be negative")

+	ErrWebhookEventID       = errors.New("billing: webhook event id is required")

+	ErrWebhookEventType     = errors.New("billing: webhook event type is required")

+	ErrWebhookPayload       = errors.New("billing: webhook payload must be a JSON object")

+type InvoiceSnapshot struct {

+	OrgID                int64

+	StripeInvoiceID      string

+	StripeCustomerID     string

+	StripeSubscriptionID string

+	Status               InvoiceStatus

+	Number               string

+	Currency             string

+	AmountDueCents       int64

+	AmountPaidCents      int64

+	AmountRemainingCents int64

+	HostedInvoiceURL     string

+	InvoicePDFURL        string

+	PeriodStart          time.Time

+	PeriodEnd            time.Time

+	DueAt                time.Time

+	PaidAt               time.Time

+	VoidedAt             time.Time

+}

+

+func GetOrgBillingStateByStripeCustomer(ctx context.Context, deps Deps, customerID string) (State, error) {

+	if err := validateDeps(deps); err != nil {

+		return State{}, err

+	}

+	customerID = strings.TrimSpace(customerID)

+	if customerID == "" {

+		return State{}, ErrStripeCustomerID

+	}

+	return billingdb.New().GetOrgBillingStateByStripeCustomer(ctx, deps.Pool, pgText(customerID))

+}

+

+func GetOrgBillingStateByStripeSubscription(ctx context.Context, deps Deps, subscriptionID string) (State, error) {

+	if err := validateDeps(deps); err != nil {

+		return State{}, err

+	}

+	subscriptionID = strings.TrimSpace(subscriptionID)

+	if subscriptionID == "" {

+		return State{}, ErrStripeSubscriptionID

+	}

+	return billingdb.New().GetOrgBillingStateByStripeSubscription(ctx, deps.Pool, pgText(subscriptionID))

+}

+

+func MarkWebhookEventProcessed(ctx context.Context, deps Deps, providerEventID string) (billingdb.BillingWebhookEvent, error) {

+	if err := validateDeps(deps); err != nil {

+		return billingdb.BillingWebhookEvent{}, err

+	}

+	providerEventID = strings.TrimSpace(providerEventID)

+	if providerEventID == "" {

+		return billingdb.BillingWebhookEvent{}, ErrWebhookEventID

+	}

+	return billingdb.New().MarkWebhookEventProcessed(ctx, deps.Pool, providerEventID)

+}

+

+func MarkWebhookEventFailed(ctx context.Context, deps Deps, providerEventID, processError string) (billingdb.BillingWebhookEvent, error) {

+	if err := validateDeps(deps); err != nil {

+		return billingdb.BillingWebhookEvent{}, err

+	}

+	providerEventID = strings.TrimSpace(providerEventID)

+	if providerEventID == "" {

+		return billingdb.BillingWebhookEvent{}, ErrWebhookEventID

+	}

+	processError = strings.TrimSpace(processError)

+	if len(processError) > 2000 {

+		processError = processError[:2000]

+	}

+	return billingdb.New().MarkWebhookEventFailed(ctx, deps.Pool, billingdb.MarkWebhookEventFailedParams{

+		ProviderEventID: providerEventID,

+		ProcessError:    processError,

+	})

+}

+

+func UpsertInvoice(ctx context.Context, deps Deps, snap InvoiceSnapshot) (billingdb.BillingInvoice, error) {

+	if err := validateDeps(deps); err != nil {

+		return billingdb.BillingInvoice{}, err

+	}

+	if snap.OrgID == 0 {

+		return billingdb.BillingInvoice{}, ErrOrgIDRequired

+	}

+	snap.StripeInvoiceID = strings.TrimSpace(snap.StripeInvoiceID)

+	if snap.StripeInvoiceID == "" {

+		return billingdb.BillingInvoice{}, ErrStripeInvoiceID

+	}

+	snap.StripeCustomerID = strings.TrimSpace(snap.StripeCustomerID)

+	if snap.StripeCustomerID == "" {

+		return billingdb.BillingInvoice{}, ErrStripeCustomerID

+	}

+	if !validInvoiceStatus(snap.Status) {

+		return billingdb.BillingInvoice{}, fmt.Errorf("%w: %q", ErrInvalidInvoiceStatus, snap.Status)

+	}

+	row, err := billingdb.New().UpsertInvoice(ctx, deps.Pool, billingdb.UpsertInvoiceParams{

+		OrgID:                snap.OrgID,

+		StripeInvoiceID:      snap.StripeInvoiceID,

+		StripeCustomerID:     snap.StripeCustomerID,

+		StripeSubscriptionID: pgText(snap.StripeSubscriptionID),

+		Status:               snap.Status,

+		Number:               strings.TrimSpace(snap.Number),

+		Currency:             strings.ToLower(strings.TrimSpace(snap.Currency)),

+		AmountDueCents:       snap.AmountDueCents,

+		AmountPaidCents:      snap.AmountPaidCents,

+		AmountRemainingCents: snap.AmountRemainingCents,

+		HostedInvoiceUrl:     strings.TrimSpace(snap.HostedInvoiceURL),

+		InvoicePdfUrl:        strings.TrimSpace(snap.InvoicePDFURL),

+		PeriodStart:          pgTime(snap.PeriodStart),

+		PeriodEnd:            pgTime(snap.PeriodEnd),

+		DueAt:                pgTime(snap.DueAt),

+		PaidAt:               pgTime(snap.PaidAt),

+		VoidedAt:             pgTime(snap.VoidedAt),

+	})

+	if err != nil {

+		return billingdb.BillingInvoice{}, err

+	}

+	return row, nil

+}

+

+func CountBillableOrgMembers(ctx context.Context, deps Deps, orgID int64) (int, error) {

+	if err := validateDeps(deps); err != nil {

+		return 0, err

+	}

+	if orgID == 0 {

+		return 0, ErrOrgIDRequired

+	}

+	n, err := billingdb.New().CountBillableOrgMembers(ctx, deps.Pool, orgID)

+	if err != nil {

+		return 0, err

+	}

+	return int(n), nil

+}

+

+func validInvoiceStatus(status InvoiceStatus) bool {

+	switch status {

+	case InvoiceStatusDraft,

+		InvoiceStatusOpen,

+		InvoiceStatusPaid,

+		InvoiceStatusVoid,

+		InvoiceStatusUncollectible:

+		return true

+	default:

+		return false

+	}

+}

+

+

+	if _, err := billing.MarkWebhookEventProcessed(ctx, deps, event.ProviderEventID); err != nil {

+		t.Fatalf("MarkWebhookEventProcessed: %v", err)

+	}

+	if _, err := billing.MarkWebhookEventFailed(ctx, deps, event.ProviderEventID, "late duplicate"); err != nil {

+		t.Fatalf("MarkWebhookEventFailed: %v", err)

+	}

+

+	count, err := billing.CountBillableOrgMembers(ctx, deps, org.ID)

+	if err != nil {

+		t.Fatalf("CountBillableOrgMembers: %v", err)

+	}

+	if count != 1 {

+		t.Fatalf("billable members: got %d, want 1", count)

+	}

+}

+

+func TestStripeLookupsAndInvoiceSnapshot(t *testing.T) {

+	_, deps, org := setup(t)

+	ctx := context.Background()

+

+	start := time.Now().UTC().Truncate(time.Second)

+	if _, err := billing.SetStripeCustomer(ctx, deps, org.ID, "cus_lookup"); err != nil {

+		t.Fatalf("SetStripeCustomer: %v", err)

+	}

+	if _, err := billing.ApplySubscriptionSnapshot(ctx, deps, billing.SubscriptionSnapshot{

+		OrgID:                    org.ID,

+		Plan:                     billing.PlanTeam,

+		Status:                   billing.SubscriptionStatusActive,

+		StripeSubscriptionID:     "sub_lookup",

+		StripeSubscriptionItemID: "si_lookup",

+		CurrentPeriodStart:       start,

+		CurrentPeriodEnd:         start.Add(30 * 24 * time.Hour),

+		LastWebhookEventID:       "evt_lookup",

+	}); err != nil {

+		t.Fatalf("ApplySubscriptionSnapshot: %v", err)

+	}

+

+	byCustomer, err := billing.GetOrgBillingStateByStripeCustomer(ctx, deps, "cus_lookup")

+	if err != nil {

+		t.Fatalf("GetOrgBillingStateByStripeCustomer: %v", err)

+	}

+	if byCustomer.OrgID != org.ID {

+		t.Fatalf("customer lookup org_id: got %d, want %d", byCustomer.OrgID, org.ID)

+	}

+	bySubscription, err := billing.GetOrgBillingStateByStripeSubscription(ctx, deps, "sub_lookup")

+	if err != nil {

+		t.Fatalf("GetOrgBillingStateByStripeSubscription: %v", err)

+	}

+	if bySubscription.OrgID != org.ID {

+		t.Fatalf("subscription lookup org_id: got %d, want %d", bySubscription.OrgID, org.ID)

+	}

+

+	invoice, err := billing.UpsertInvoice(ctx, deps, billing.InvoiceSnapshot{

+		OrgID:                org.ID,

+		StripeInvoiceID:      "in_lookup",

+		StripeCustomerID:     "cus_lookup",

+		StripeSubscriptionID: "sub_lookup",

+		Status:               billing.InvoiceStatusPaid,

+		Number:               "SHI-0001",

+		Currency:             "USD",

+		AmountDueCents:       1200,

+		AmountPaidCents:      1200,

+		AmountRemainingCents: 0,

+		HostedInvoiceURL:     "https://invoice.stripe.test/i",

+		InvoicePDFURL:        "https://invoice.stripe.test/i.pdf",

+		PeriodStart:          start,

+		PeriodEnd:            start.Add(30 * 24 * time.Hour),

+		PaidAt:               start.Add(time.Minute),

+	})

+	if err != nil {

+		t.Fatalf("UpsertInvoice: %v", err)

+	}

+	if invoice.StripeInvoiceID != "in_lookup" || invoice.Status != billing.InvoiceStatusPaid || invoice.Currency != "usd" {

+		t.Fatalf("unexpected invoice: %+v", invoice)

+	}

+-- name: GetOrgBillingStateByStripeCustomer :one

+SELECT * FROM org_billing_states

+WHERE provider = 'stripe'

+  AND stripe_customer_id = $1;

+

+-- name: GetOrgBillingStateByStripeSubscription :one

+SELECT * FROM org_billing_states

+WHERE provider = 'stripe'

+  AND stripe_subscription_id = $1;

+

+-- name: CountBillableOrgMembers :one

+SELECT count(*)::integer

+FROM org_members

+WHERE org_id = $1;

+

+const countBillableOrgMembers = `-- name: CountBillableOrgMembers :one

+SELECT count(*)::integer

+FROM org_members

+WHERE org_id = $1

+`

+

+func (q *Queries) CountBillableOrgMembers(ctx context.Context, db DBTX, orgID int64) (int32, error) {

+	row := db.QueryRow(ctx, countBillableOrgMembers, orgID)

+	var column_1 int32

+	err := row.Scan(&column_1)

+	return column_1, err

+}

+

+const getOrgBillingStateByStripeCustomer = `-- name: GetOrgBillingStateByStripeCustomer :one

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at FROM org_billing_states

+WHERE provider = 'stripe'

+  AND stripe_customer_id = $1

+`

+

+func (q *Queries) GetOrgBillingStateByStripeCustomer(ctx context.Context, db DBTX, stripeCustomerID pgtype.Text) (OrgBillingState, error) {

+	row := db.QueryRow(ctx, getOrgBillingStateByStripeCustomer, stripeCustomerID)

+	var i OrgBillingState

+	err := row.Scan(

+		&i.OrgID,

+		&i.Provider,

+		&i.StripeCustomerID,

+		&i.StripeSubscriptionID,

+		&i.StripeSubscriptionItemID,

+		&i.Plan,

+		&i.SubscriptionStatus,

+		&i.BillableSeats,

+		&i.SeatSnapshotAt,

+		&i.CurrentPeriodStart,

+		&i.CurrentPeriodEnd,

+		&i.CancelAtPeriodEnd,

+		&i.TrialEnd,

+		&i.PastDueAt,

+		&i.CanceledAt,

+		&i.LockedAt,

+		&i.LockReason,

+		&i.GraceUntil,

+		&i.LastWebhookEventID,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+const getOrgBillingStateByStripeSubscription = `-- name: GetOrgBillingStateByStripeSubscription :one

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at FROM org_billing_states

+WHERE provider = 'stripe'

+  AND stripe_subscription_id = $1

+`

+

+func (q *Queries) GetOrgBillingStateByStripeSubscription(ctx context.Context, db DBTX, stripeSubscriptionID pgtype.Text) (OrgBillingState, error) {

+	row := db.QueryRow(ctx, getOrgBillingStateByStripeSubscription, stripeSubscriptionID)

+	var i OrgBillingState

+	err := row.Scan(

+		&i.OrgID,

+		&i.Provider,

+		&i.StripeCustomerID,

+		&i.StripeSubscriptionID,

+		&i.StripeSubscriptionItemID,

+		&i.Plan,

+		&i.SubscriptionStatus,

+		&i.BillableSeats,

+		&i.SeatSnapshotAt,

+		&i.CurrentPeriodStart,

+		&i.CurrentPeriodEnd,

+		&i.CancelAtPeriodEnd,

+		&i.TrialEnd,

+		&i.PastDueAt,

+		&i.CanceledAt,

+		&i.LockedAt,

+		&i.LockReason,

+		&i.GraceUntil,

+		&i.LastWebhookEventID,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+

+	"github.com/jackc/pgx/v5/pgtype"

+	CountBillableOrgMembers(ctx context.Context, db DBTX, orgID int64) (int32, error)

+	GetOrgBillingStateByStripeCustomer(ctx context.Context, db DBTX, stripeCustomerID pgtype.Text) (OrgBillingState, error)

+	GetOrgBillingStateByStripeSubscription(ctx context.Context, db DBTX, stripeSubscriptionID pgtype.Text) (OrgBillingState, error)

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package stripebilling contains the Stripe-specific edge of the billing

+// system. Local subscription state stays in internal/billing; this package

+// owns hosted Checkout, Billing Portal, seat quantity updates, and webhook

+// signature verification.

+package stripebilling

+

+import (

+	"context"

+	"errors"

+	"fmt"

+	"strconv"

+	"strings"

+

+	stripeapi "github.com/stripe/stripe-go/v85"

+	"github.com/stripe/stripe-go/v85/webhook"

+)

+

+const (

+	MetadataOrgID   = "shithub_org_id"

+	MetadataOrgSlug = "shithub_org_slug"

+)

+

+var (

+	ErrSecretKeyRequired     = errors.New("stripe billing: secret key is required")

+	ErrWebhookSecretRequired = errors.New("stripe billing: webhook secret is required")

+	ErrTeamPriceRequired     = errors.New("stripe billing: team price id is required")

+	ErrCustomerIDRequired    = errors.New("stripe billing: customer id is required")

+	ErrSubscriptionItemID    = errors.New("stripe billing: subscription item id is required")

+	ErrURLRequired           = errors.New("stripe billing: redirect url is required")

+)

+

+type Config struct {

+	SecretKey     string

+	WebhookSecret string

+	TeamPriceID   string

+	AutomaticTax  bool

+}

+

+type Remote interface {

+	CreateCustomer(context.Context, CustomerInput) (Customer, error)

+	CreateCheckoutSession(context.Context, CheckoutInput) (CheckoutSession, error)

+	CreatePortalSession(context.Context, PortalInput) (PortalSession, error)

+	UpdateSubscriptionItemQuantity(context.Context, SeatQuantityInput) error

+	VerifyWebhook(payload []byte, signatureHeader string) (stripeapi.Event, error)

+}

+

+type Client struct {

+	stripe        *stripeapi.Client

+	webhookSecret string

+	teamPriceID   string

+	automaticTax  bool

+}

+

+type CustomerInput struct {

+	OrgID   int64

+	OrgSlug string

+	OrgName string

+	Email   string

+}

+

+type Customer struct {

+	ID string

+}

+

+type CheckoutInput struct {

+	OrgID      int64

+	OrgSlug    string

+	CustomerID string

+	SeatCount  int64

+	SuccessURL string

+	CancelURL  string

+}

+

+type CheckoutSession struct {

+	ID  string

+	URL string

+}

+

+type PortalInput struct {

+	CustomerID string

+	ReturnURL  string

+}

+

+type PortalSession struct {

+	ID  string

+	URL string

+}

+

+type SeatQuantityInput struct {

+	OrgID              int64

+	SubscriptionItemID string

+	Quantity           int64

+}

+

+func New(cfg Config) (*Client, error) {

+	cfg.SecretKey = strings.TrimSpace(cfg.SecretKey)

+	cfg.WebhookSecret = strings.TrimSpace(cfg.WebhookSecret)

+	cfg.TeamPriceID = strings.TrimSpace(cfg.TeamPriceID)

+	if cfg.SecretKey == "" {

+		return nil, ErrSecretKeyRequired

+	}

+	if cfg.WebhookSecret == "" {

+		return nil, ErrWebhookSecretRequired

+	}

+	if cfg.TeamPriceID == "" {

+		return nil, ErrTeamPriceRequired

+	}

+	return &Client{

+		stripe:        stripeapi.NewClient(cfg.SecretKey),

+		webhookSecret: cfg.WebhookSecret,

+		teamPriceID:   cfg.TeamPriceID,

+		automaticTax:  cfg.AutomaticTax,

+	}, nil

+}

+

+func (c *Client) CreateCustomer(ctx context.Context, in CustomerInput) (Customer, error) {

+	name := strings.TrimSpace(in.OrgName)

+	if name == "" {

+		name = strings.TrimSpace(in.OrgSlug)

+	}

+	params := &stripeapi.CustomerCreateParams{

+		Name:        stripeapi.String(name),

+		Description: stripeapi.String(fmt.Sprintf("shithub organization %s", strings.TrimSpace(in.OrgSlug))),

+		Metadata:    orgMetadata(in.OrgID, in.OrgSlug),

+	}

+	if email := strings.TrimSpace(in.Email); email != "" {

+		params.Email = stripeapi.String(email)

+	}

+	params.SetIdempotencyKey(idempotencyKey("customer", in.OrgID, "v1"))

+	customer, err := c.stripe.V1Customers.Create(ctx, params)

+	if err != nil {

+		return Customer{}, err

+	}

+	return Customer{ID: customer.ID}, nil

+}

+

+func (c *Client) CreateCheckoutSession(ctx context.Context, in CheckoutInput) (CheckoutSession, error) {

+	in.CustomerID = strings.TrimSpace(in.CustomerID)

+	if in.CustomerID == "" {

+		return CheckoutSession{}, ErrCustomerIDRequired

+	}

+	in.SuccessURL = strings.TrimSpace(in.SuccessURL)

+	if in.SuccessURL == "" {

+		return CheckoutSession{}, fmt.Errorf("%w: success_url", ErrURLRequired)

+	}

+	in.CancelURL = strings.TrimSpace(in.CancelURL)

+	if in.CancelURL == "" {

+		return CheckoutSession{}, fmt.Errorf("%w: cancel_url", ErrURLRequired)

+	}

+	if in.SeatCount < 1 {

+		in.SeatCount = 1

+	}

+	metadata := orgMetadata(in.OrgID, in.OrgSlug)

+	mode := string(stripeapi.CheckoutSessionModeSubscription)

+	paymentMethodCollection := string(stripeapi.CheckoutSessionPaymentMethodCollectionAlways)

+	billingAddressCollection := string(stripeapi.CheckoutSessionBillingAddressCollectionAuto)

+	params := &stripeapi.CheckoutSessionCreateParams{

+		Mode:                     stripeapi.String(mode),

+		Customer:                 stripeapi.String(in.CustomerID),

+		ClientReferenceID:        stripeapi.String(strconv.FormatInt(in.OrgID, 10)),

+		SuccessURL:               stripeapi.String(in.SuccessURL),

+		CancelURL:                stripeapi.String(in.CancelURL),

+		PaymentMethodCollection:  stripeapi.String(paymentMethodCollection),

+		BillingAddressCollection: stripeapi.String(billingAddressCollection),

+		LineItems: []*stripeapi.CheckoutSessionCreateLineItemParams{{

+			Price:    stripeapi.String(c.teamPriceID),

+			Quantity: stripeapi.Int64(in.SeatCount),

+		}},

+		Metadata: metadata,

+		SubscriptionData: &stripeapi.CheckoutSessionCreateSubscriptionDataParams{

+			Metadata: metadata,

+		},

+	}

+	if c.automaticTax {

+		params.AutomaticTax = &stripeapi.CheckoutSessionCreateAutomaticTaxParams{

+			Enabled: stripeapi.Bool(true),

+		}

+	}

+	params.SetIdempotencyKey(idempotencyKey("checkout", in.OrgID, "team", strconv.FormatInt(in.SeatCount, 10)))

+	session, err := c.stripe.V1CheckoutSessions.Create(ctx, params)

+	if err != nil {

+		return CheckoutSession{}, err

+	}

+	return CheckoutSession{ID: session.ID, URL: session.URL}, nil

+}

+

+func (c *Client) CreatePortalSession(ctx context.Context, in PortalInput) (PortalSession, error) {

+	in.CustomerID = strings.TrimSpace(in.CustomerID)

+	if in.CustomerID == "" {

+		return PortalSession{}, ErrCustomerIDRequired

+	}

+	in.ReturnURL = strings.TrimSpace(in.ReturnURL)

+	if in.ReturnURL == "" {

+		return PortalSession{}, fmt.Errorf("%w: portal_return_url", ErrURLRequired)

+	}

+	params := &stripeapi.BillingPortalSessionCreateParams{

+		Customer:  stripeapi.String(in.CustomerID),

+		ReturnURL: stripeapi.String(in.ReturnURL),

+	}

+	session, err := c.stripe.V1BillingPortalSessions.Create(ctx, params)

+	if err != nil {

+		return PortalSession{}, err

+	}

+	return PortalSession{ID: session.ID, URL: session.URL}, nil

+}

+

+func (c *Client) UpdateSubscriptionItemQuantity(ctx context.Context, in SeatQuantityInput) error {

+	in.SubscriptionItemID = strings.TrimSpace(in.SubscriptionItemID)

+	if in.SubscriptionItemID == "" {

+		return ErrSubscriptionItemID

+	}

+	if in.Quantity < 1 {

+		in.Quantity = 1

+	}

+	params := &stripeapi.SubscriptionItemUpdateParams{

+		Quantity: stripeapi.Int64(in.Quantity),

+	}

+	params.SetIdempotencyKey(idempotencyKey("seat-sync", in.OrgID, in.SubscriptionItemID, strconv.FormatInt(in.Quantity, 10)))

+	_, err := c.stripe.V1SubscriptionItems.Update(ctx, in.SubscriptionItemID, params)

+	return err

+}

+

+func (c *Client) VerifyWebhook(payload []byte, signatureHeader string) (stripeapi.Event, error) {

+	return webhook.ConstructEvent(payload, signatureHeader, c.webhookSecret)

+}

+

+func orgMetadata(orgID int64, orgSlug string) map[string]string {

+	return map[string]string{

+		MetadataOrgID:   strconv.FormatInt(orgID, 10),

+		MetadataOrgSlug: strings.TrimSpace(orgSlug),

+	}

+}

+

+func idempotencyKey(parts ...any) string {

+	var b strings.Builder

+	b.WriteString("shithub")

+	for _, part := range parts {

+		b.WriteByte(':')

+		b.WriteString(strings.NewReplacer(":", "_", " ", "_", "/", "_").Replace(fmt.Sprint(part)))

+	}

+	return b.String()

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package stripebilling

+

+import (

+	"errors"

+	"fmt"

+	"testing"

+

+	stripeapi "github.com/stripe/stripe-go/v85"

+	"github.com/stripe/stripe-go/v85/webhook"

+)

+

+func TestNewValidatesRequiredConfig(t *testing.T) {

+	t.Parallel()

+	if _, err := New(Config{}); !errors.Is(err, ErrSecretKeyRequired) {

+		t.Fatalf("New without secret key: got %v", err)

+	}

+	if _, err := New(Config{SecretKey: "sk_test_123"}); !errors.Is(err, ErrWebhookSecretRequired) {

+		t.Fatalf("New without webhook secret: got %v", err)

+	}

+	if _, err := New(Config{SecretKey: "sk_test_123", WebhookSecret: "whsec_123"}); !errors.Is(err, ErrTeamPriceRequired) {

+		t.Fatalf("New without price id: got %v", err)

+	}

+}

+

+func TestVerifyWebhookUsesSigningSecret(t *testing.T) {

+	t.Parallel()

+	client, err := New(Config{

+		SecretKey:     "sk_test_123",

+		WebhookSecret: "whsec_test",

+		TeamPriceID:   "price_123",

+	})

+	if err != nil {

+		t.Fatalf("New: %v", err)

+	}

+	payload := []byte(fmt.Sprintf(`{"id":"evt_test","object":"event","api_version":%q,"type":"customer.subscription.updated","data":{"object":{"id":"sub_test","object":"subscription"}}}`, stripeapi.APIVersion))

+	signed := webhook.GenerateTestSignedPayload(&webhook.UnsignedPayload{

+		Payload: payload,

+		Secret:  "whsec_test",

+	})

+	event, err := client.VerifyWebhook(payload, signed.Header)

+	if err != nil {

+		t.Fatalf("VerifyWebhook: %v", err)

+	}

+	if event.ID != "evt_test" || event.Type != "customer.subscription.updated" {

+		t.Fatalf("unexpected event: id=%s type=%s", event.ID, event.Type)

+	}

+	if _, err := client.VerifyWebhook(payload, "t=1,v1=bad"); err == nil {

+		t.Fatalf("VerifyWebhook accepted bad signature")

+	}

+}