secretKey = $secretKey ?? self::config('STRIPE_SECRET_KEY'); if ($this->secretKey === '') { throw new RuntimeException('StripeClient: STRIPE_SECRET_KEY not configured.'); } } public static function config(string $key): string { static $fileConfig = null; if ($fileConfig === null) { $path = '/etc/bnl/stripe.php'; $fileConfig = is_readable($path) ? (require $path) : []; if (!is_array($fileConfig)) { $fileConfig = []; } } $envValue = getenv($key); if ($envValue !== false && $envValue !== '') { return $envValue; } return (string)($fileConfig[$key] ?? ''); } public static function canonicalSku(string $sku): string { return PricingCatalog::canonicalSku($sku); } public static function isSubscriptionSku(string $sku): bool { return PricingCatalog::isSubscriptionSku($sku); } public static function isTopupSku(string $sku): bool { return PricingCatalog::isTopupSku($sku); } /** @return list */ public static function subscriptionSkus(): array { return PricingCatalog::subscriptionSkus(); } /** @return list */ public static function topupSkus(): array { return PricingCatalog::topupSkus(); } public static function priceId(string $sku): string { $canonical = PricingCatalog::canonicalSku($sku); $key = PricingCatalog::stripePriceKey($canonical); $id = $key ? self::config($key) : ''; if ($id === '') { $legacy = [ 'topup_100' => 'STRIPE_PRICE_TOPUP_S', 'topup_300' => 'STRIPE_PRICE_TOPUP_M', 'topup_1000' => 'STRIPE_PRICE_TOPUP_L', ]; $legacyKey = $legacy[$canonical] ?? null; $id = $legacyKey ? self::config($legacyKey) : ''; } if ($id === '') { throw new InvalidArgumentException("Unknown Stripe SKU or missing price ID: {$sku}"); } return $id; } public static function topupCredits(string $sku): int { return PricingCatalog::topupCredits($sku); } public static function tierForPrice(string $priceId): ?string { foreach (PricingCatalog::subscriptionSkus() as $tier) { $configuredPriceId = ''; $key = PricingCatalog::stripePriceKey($tier); if ($key !== null) { $configuredPriceId = self::config($key); } if ($configuredPriceId !== '' && hash_equals($configuredPriceId, $priceId)) { return $tier; } } return null; } public function createCheckoutSession(array $params): array { return $this->request('POST', '/checkout/sessions', $params); } public function createPortalSession(string $customerId, string $returnUrl): array { return $this->request('POST', '/billing_portal/sessions', [ 'customer' => $customerId, 'return_url' => $returnUrl, ]); } public function getSubscription(string $subscriptionId): array { return $this->request('GET', '/subscriptions/' . urlencode($subscriptionId)); } public function ensureCustomer(string $email, ?int $userId = null): string { $found = $this->request('GET', '/customers', ['email' => $email, 'limit' => 1]); if (!empty($found['data'][0]['id'])) { return (string)$found['data'][0]['id']; } $params = ['email' => $email]; if ($userId !== null) { $params['metadata'] = ['user_id' => (string)$userId]; } $created = $this->request('POST', '/customers', $params); return (string)($created['id'] ?? ''); } public static function verifyWebhookSignature(string $payload, string $sigHeader, string $secret, int $toleranceSeconds = 300): bool { if ($secret === '' || $sigHeader === '') { return false; } $parts = []; foreach (explode(',', $sigHeader) as $pair) { $kv = explode('=', $pair, 2); if (count($kv) === 2) { $parts[trim($kv[0])][] = trim($kv[1]); } } $timestamp = isset($parts['t'][0]) ? (int)$parts['t'][0] : 0; $sigs = $parts['v1'] ?? []; if ($timestamp === 0 || empty($sigs)) { return false; } if (abs(time() - $timestamp) > $toleranceSeconds) { return false; } $signedPayload = $timestamp . '.' . $payload; $expected = hash_hmac('sha256', $signedPayload, $secret); foreach ($sigs as $sig) { if (hash_equals($expected, $sig)) { return true; } } return false; } public function request(string $method, string $path, array $params = []): array { $url = self::API_BASE . $path; $method = strtoupper($method); $headers = [ 'Authorization: Bearer ' . $this->secretKey, 'Stripe-Version: 2026-02-25.clover', ]; $ch = curl_init(); $body = ''; if ($method === 'GET' && !empty($params)) { $url .= '?' . self::flattenFormParams($params); } elseif (!empty($params)) { $body = self::flattenFormParams($params); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; } curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, self::TIMEOUT); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); if ($body !== '') { curl_setopt($ch, CURLOPT_POSTFIELDS, $body); } $raw = curl_exec($ch); $errno = curl_errno($ch); $status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE); curl_close($ch); if ($errno !== 0 || $raw === false) { throw new RuntimeException('Stripe curl error: ' . curl_strerror($errno)); } $decoded = json_decode((string)$raw, true); if (!is_array($decoded)) { throw new RuntimeException('Stripe response was not JSON: ' . substr((string)$raw, 0, 200)); } if ($status >= 400) { $msg = $decoded['error']['message'] ?? 'Unknown Stripe error'; $code = $decoded['error']['code'] ?? 'unknown'; throw new RuntimeException("Stripe API error ({$status}/{$code}): {$msg}"); } return $decoded; } private static function flattenFormParams(array $params, string $prefix = ''): string { $pairs = []; foreach ($params as $key => $value) { $name = $prefix === '' ? (string)$key : $prefix . '[' . $key . ']'; if (is_array($value)) { $pairs[] = self::flattenFormParams($value, $name); } elseif (is_bool($value)) { $pairs[] = rawurlencode($name) . '=' . ($value ? 'true' : 'false'); } elseif ($value !== null) { $pairs[] = rawurlencode($name) . '=' . rawurlencode((string)$value); } } return implode('&', $pairs); } }