daveadmin/dobetternorge-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ba9cddf9a1aaef32e65efee722ef5021dbd0c6d7
dobetternorge-tools/includes/StripeClient.php
T
daveadmin ba9cddf9a1 Add monetization spine + Build Your Own Case (Min Sak) 
- Stripe: StripeClient.php, checkout/portal/webhook endpoints, idempotent event handling
- FreeTier: tier-aware credits (free/light/pro/pro_plus), bonus_balance, hourly caps per tier
- pricing.php + billing.php: 4-tier cards, 3 topups, Customer Portal, balance breakdown
- Min Sak: CaseStore.php, AzureDocIntelligence.php, AzureSearchAdmin.php — per-user hybrid RAG
- api/case/: upload, list, delete, ingest-callback (HMAC-auth'd from n8n)
- award-survey-credits: inter-site HMAC endpoint for dobetternorge.no survey bonus
- dashboard.php: tier badge, balance breakdown card, Min Sak CTA, survey CTA
- KorrespondAgent + all 3 other agents: use_my_case toggle wired to dbnToolsCaseContext()
- bootstrap.php: dbnToolsCaseContext(), dbnToolsIntersiteSecret(), dbnToolsCurrentTier()

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-20 20:52:54 +02:00

235 lines
8.1 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/**
* Thin Stripe API wrapper — no SDK, pure curl + HMAC.
*
* Configuration is loaded from /etc/bnl/stripe.php (production) or env vars (local).
* Required keys:
* STRIPE_SECRET_KEY sk_live_... or sk_test_...
* STRIPE_PUBLISHABLE_KEY pk_live_... or pk_test_...
* STRIPE_WEBHOOK_SECRET whsec_...
* STRIPE_PRICE_TOPUP_S / _M / _L
* STRIPE_PRICE_LIGHT / _PRO / _PRO_PLUS
*/
final class StripeClient
{
private const API_BASE = 'https://api.stripe.com/v1';
private const TIMEOUT = 30;
private string $secretKey;
public function __construct(?string $secretKey = null)
{
$this->secretKey = $secretKey ?? self::config('STRIPE_SECRET_KEY');
if ($this->secretKey === '') {
throw new RuntimeException('StripeClient: STRIPE_SECRET_KEY not configured.');
}
}
/** Load a Stripe config value from /etc/bnl/stripe.php OR env. */
public static function config(string $key): string
{
static $fileConfig = null;
if ($fileConfig === null) {
$path = '/etc/bnl/stripe.php';
$fileConfig = is_readable($path) ? (require $path) : [];
if (!is_array($fileConfig)) {
$fileConfig = [];
}
}
$envValue = getenv($key);
if ($envValue !== false && $envValue !== '') {
return $envValue;
}
return (string)($fileConfig[$key] ?? '');
}
/** Map an internal SKU to a Stripe price ID. */
public static function priceId(string $sku): string
{
static $map = null;
if ($map === null) {
$map = [
'topup_s' => self::config('STRIPE_PRICE_TOPUP_S'),
'topup_m' => self::config('STRIPE_PRICE_TOPUP_M'),
'topup_l' => self::config('STRIPE_PRICE_TOPUP_L'),
'light' => self::config('STRIPE_PRICE_LIGHT'),
'pro' => self::config('STRIPE_PRICE_PRO'),
'pro_plus' => self::config('STRIPE_PRICE_PRO_PLUS'),
];
}
$id = $map[$sku] ?? '';
if ($id === '') {
throw new InvalidArgumentException("Unknown Stripe SKU: {$sku}");
}
return $id;
}
/** Topup credit grants — must match values shown on pricing.php. */
public static function topupCredits(string $sku): int
{
return match ($sku) {
'topup_s' => 30,
'topup_m' => 100,
'topup_l' => 300,
default => 0,
};
}
/** Map a Stripe price ID back to the internal subscription tier (light/pro/pro_plus). */
public static function tierForPrice(string $priceId): ?string
{
foreach (['light', 'pro', 'pro_plus'] as $tier) {
if (self::config('STRIPE_PRICE_' . strtoupper($tier)) === $priceId) {
return $tier;
}
}
return null;
}
/**
* Create a Checkout Session.
*
* @param array $params Stripe parameters (flat form-encoded — see request() docs).
*/
public function createCheckoutSession(array $params): array
{
return $this->request('POST', '/checkout/sessions', $params);
}
/** Create a Customer Portal session for self-serve subscription management. */
public function createPortalSession(string $customerId, string $returnUrl): array
{
return $this->request('POST', '/billing_portal/sessions', [
'customer' => $customerId,
'return_url' => $returnUrl,
]);
}
/** Retrieve a subscription. */
public function getSubscription(string $subscriptionId): array
{
return $this->request('GET', '/subscriptions/' . urlencode($subscriptionId));
}
/** Find-or-create a Stripe customer for a given email. */
public function ensureCustomer(string $email, ?int $userId = null): string
{
$found = $this->request('GET', '/customers', ['email' => $email, 'limit' => 1]);
if (!empty($found['data'][0]['id'])) {
return (string)$found['data'][0]['id'];
}
$params = ['email' => $email];
if ($userId !== null) {
$params['metadata'] = ['user_id' => (string)$userId];
}
$created = $this->request('POST', '/customers', $params);
return (string)($created['id'] ?? '');
}
/**
* Verify a Stripe webhook signature.
* Stripe-Signature header format: t=<timestamp>,v1=<signature>[,v1=<signature>...]
*/
public static function verifyWebhookSignature(string $payload, string $sigHeader, string $secret, int $toleranceSeconds = 300): bool
{
if ($secret === '' || $sigHeader === '') {
return false;
}
$parts = [];
foreach (explode(',', $sigHeader) as $pair) {
$kv = explode('=', $pair, 2);
if (count($kv) === 2) {
$parts[trim($kv[0])][] = trim($kv[1]);
}
}
$timestamp = isset($parts['t'][0]) ? (int)$parts['t'][0] : 0;
$sigs = $parts['v1'] ?? [];
if ($timestamp === 0 || empty($sigs)) {
return false;
}
if (abs(time() - $timestamp) > $toleranceSeconds) {
return false;
}
$signedPayload = $timestamp . '.' . $payload;
$expected = hash_hmac('sha256', $signedPayload, $secret);
foreach ($sigs as $sig) {
if (hash_equals($expected, $sig)) {
return true;
}
}
return false;
}
/**
* Low-level HTTP request to Stripe API. Returns decoded JSON or throws on error.
* Stripe uses form-encoded bodies even for nested params (foo[bar]=baz).
*/
public function request(string $method, string $path, array $params = []): array
{
$url = self::API_BASE . $path;
$method = strtoupper($method);
$headers = [
'Authorization: Bearer ' . $this->secretKey,
'Stripe-Version: 2024-10-28.acacia',
];
$ch = curl_init();
$body = '';
if ($method === 'GET' && !empty($params)) {
$url .= '?' . self::flattenFormParams($params);
} elseif (!empty($params)) {
$body = self::flattenFormParams($params);
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
}
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, self::TIMEOUT);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
if ($body !== '') {
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
$raw = curl_exec($ch);
$errno = curl_errno($ch);
$status = (int)curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
curl_close($ch);
if ($errno !== 0 || $raw === false) {
throw new RuntimeException('Stripe curl error: ' . curl_strerror($errno));
}
$decoded = json_decode((string)$raw, true);
if (!is_array($decoded)) {
throw new RuntimeException('Stripe response was not JSON: ' . substr((string)$raw, 0, 200));
}
if ($status >= 400) {
$msg = $decoded['error']['message'] ?? 'Unknown Stripe error';
$code = $decoded['error']['code'] ?? 'unknown';
throw new RuntimeException("Stripe API error ({$status}/{$code}): {$msg}");
}
return $decoded;
}
/** Flatten nested arrays into Stripe's form-encoding scheme (foo[bar]=baz). */
private static function flattenFormParams(array $params, string $prefix = ''): string
{
$pairs = [];
foreach ($params as $key => $value) {
$name = $prefix === '' ? (string)$key : $prefix . '[' . $key . ']';
if (is_array($value)) {
$pairs[] = self::flattenFormParams($value, $name);
} elseif (is_bool($value)) {
$pairs[] = rawurlencode($name) . '=' . ($value ? 'true' : 'false');
} elseif ($value !== null) {
$pairs[] = rawurlencode($name) . '=' . rawurlencode((string)$value);
}
}
return implode('&', $pairs);
}
}
Reference in New Issue View Git Blame Copy Permalink