secretKey = $secretKey ?? self::config('STRIPE_SECRET_KEY'); if ($this->secretKey === '') { throw new RuntimeException('StripeClient: STRIPE_SECRET_KEY not configured.'); } } /** Load a Stripe config value from /etc/bnl/stripe.php OR env. */ public static function config(string $key): string { static $fileConfig = null; if ($fileConfig === null) { $path = '/etc/bnl/stripe.php'; $fileConfig = is_readable($path) ? (require $path) : []; if (!is_array($fileConfig)) { $fileConfig = []; } } $envValue = getenv($key); if ($envValue !== false && $envValue !== '') { return $envValue; } return (string)($fileConfig[$key] ?? ''); } /** Map an internal SKU to a Stripe price ID. */ public static function priceId(string $sku): string { static $map = null; if ($map === null) { $map = [ 'topup_s' => self::config('STRIPE_PRICE_TOPUP_S'), 'topup_m' => self::config('STRIPE_PRICE_TOPUP_M'), 'topup_l' => self::config('STRIPE_PRICE_TOPUP_L'), 'plus' => self::config('STRIPE_PRICE_PLUS_NOK'), 'pro' => self::config('STRIPE_PRICE_PRO_NOK'), ]; } $id = $map[$sku] ?? ''; if ($id === '') { throw new InvalidArgumentException("Unknown Stripe SKU: {$sku}"); } return $id; } /** Topup credit grants — must match values shown on pricing.php. */ public static function topupCredits(string $sku): int { return match ($sku) { 'topup_s' => 30, 'topup_m' => 100, 'topup_l' => 300, default => 0, }; } /** Map a Stripe price ID back to the internal subscription tier (plus/pro). */ public static function tierForPrice(string $priceId): ?string { $map = [ 'plus' => self::config('STRIPE_PRICE_PLUS_NOK'), 'pro' => self::config('STRIPE_PRICE_PRO_NOK'), ]; foreach ($map as $tier => $configuredPriceId) { if ($configuredPriceId !== '' && hash_equals($configuredPriceId, $priceId)) { return (string)$tier; } } return null; } /** * Create a Checkout Session. * * @param array $params Stripe parameters (flat form-encoded — see request() docs). */ public function createCheckoutSession(array $params): array { return $this->request('POST', '/checkout/sessions', $params); } /** Create a Customer Portal session for self-serve subscription management. */ public function createPortalSession(string $customerId, string $returnUrl): array { return $this->request('POST', '/billing_portal/sessions', [ 'customer' => $customerId, 'return_url' => $returnUrl, ]); } /** Retrieve a subscription. */ public function getSubscription(string $subscriptionId): array { return $this->request('GET', '/subscriptions/' . urlencode($subscriptionId)); } /** Find-or-create a Stripe customer for a given email. */ public function ensureCustomer(string $email, ?int $userId = null): string { $found = $this->request('GET', '/customers', ['email' => $email, 'limit' => 1]); if (!empty($found['data'][0]['id'])) { return (string)$found['data'][0]['id']; } $params = ['email' => $email]; if ($userId !== null) { $params['metadata'] = ['user_id' => (string)$userId]; } $created = $this->request('POST', '/customers', $params); return (string)($created['id'] ?? ''); } /** * Verify a Stripe webhook signature. * Stripe-Signature header format: t=,v1=[,v1=...] */ public static function verifyWebhookSignature(string $payload, string $sigHeader, string $secret, int $toleranceSeconds = 300): bool { if ($secret === '' || $sigHeader === '') { return false; } $parts = []; foreach (explode(',', $sigHeader) as $pair) { $kv = explode('=', $pair, 2); if (count($kv) === 2) { $parts[trim($kv[0])][] = trim($kv[1]); } } $timestamp = isset($parts['t'][0]) ? (int)$parts['t'][0] : 0; $sigs = $parts['v1'] ?? []; if ($timestamp === 0 || empty($sigs)) { return false; } if (abs(time() - $timestamp) > $toleranceSeconds) { return false; } $signedPayload = $timestamp . '.' . $payload; $expected = hash_hmac('sha256', $signedPayload, $secret); foreach ($sigs as $sig) { if (hash_equals($expected, $sig)) { return true; } } return false; } /** * Low-level HTTP request to Stripe API. Returns decoded JSON or throws on error. * Stripe uses form-encoded bodies even for nested params (foo[bar]=baz). */ public function request(string $method, string $path, array $params = []): array { $url = self::API_BASE . $path; $method = strtoupper($method); $headers = [ 'Authorization: Bearer ' . $this->secretKey, 'Stripe-Version: 2026-02-25.clover', ]; $ch = curl_init(); $body = ''; if ($method === 'GET' && !empty($params)) { $url .= '?' . self::flattenFormParams($params); } elseif (!empty($params)) { $body = self::flattenFormParams($params); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; } curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, self::TIMEOUT); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); if ($body !== '') { curl_setopt($ch, CURLOPT_POSTFIELDS, $body); } $raw = curl_exec($ch); $errno = curl_errno($ch); $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); curl_close($ch); if ($errno !== 0 || $raw === false) { throw new RuntimeException('Stripe curl error: ' . curl_strerror($errno)); } $decoded = json_decode((string)$raw, true); if (!is_array($decoded)) { throw new RuntimeException('Stripe response was not JSON: ' . substr((string)$raw, 0, 200)); } if ($status >= 400) { $msg = $decoded['error']['message'] ?? 'Unknown Stripe error'; $code = $decoded['error']['code'] ?? 'unknown'; throw new RuntimeException("Stripe API error ({$status}/{$code}): {$msg}"); } return $decoded; } /** Flatten nested arrays into Stripe's form-encoding scheme (foo[bar]=baz). */ private static function flattenFormParams(array $params, string $prefix = ''): string { $pairs = []; foreach ($params as $key => $value) { $name = $prefix === '' ? (string)$key : $prefix . '[' . $key . ']'; if (is_array($value)) { $pairs[] = self::flattenFormParams($value, $name); } elseif (is_bool($value)) { $pairs[] = rawurlencode($name) . '=' . ($value ? 'true' : 'false'); } elseif ($value !== null) { $pairs[] = rawurlencode($name) . '=' . rawurlencode((string)$value); } } return implode('&', $pairs); } }