astuto · riggraz · May 3, 2024 · Apr 19, 2024 · Apr 19, 2024 · Apr 19, 2024
diff --git a/Gemfile b/Gemfile
@@ -47,6 +47,12 @@ gem 'rack-attack', '6.7.0'
 # Slugs
 gem 'friendly_id', '5.5.1'
 
+# Billing
+gem 'stripe', '11.2.0'
+
+# CORS
+gem 'rack-cors', '2.0.2'
+
 group :development, :test do
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -174,6 +174,8 @@ GEM
     rack (2.2.8.1)
     rack-attack (6.7.0)
       rack (>= 1.0, < 4)
+    rack-cors (2.0.2)
+      rack (>= 2.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
     rails (6.1.7.7)
@@ -252,6 +254,7 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
+    stripe (11.2.0)
     thor (1.3.1)
     tilt (2.0.10)
     timeout (0.4.1)
@@ -299,13 +302,15 @@ DEPENDENCIES
   puma (= 5.6.8)
   pundit (= 2.2.0)
   rack-attack (= 6.7.0)
+  rack-cors (= 2.0.2)
   rails (= 6.1.7.7)
   rake (= 12.3.3)
   react-rails (= 2.6.2)
   rspec-rails (= 4.0.2)
   selenium-webdriver (= 4.1.0)
   spring (= 2.1.1)
   spring-watcher-listen (= 2.0.1)
+  stripe (= 11.2.0)
   turbolinks (= 5.2.1)
   tzinfo-data
   web-console (>= 3.3.0)

diff --git a/app/assets/stylesheets/application.sass.scss b/app/assets/stylesheets/application.sass.scss
@@ -20,6 +20,7 @@
 @import 'components/LikeButton';
 @import 'components/Post';
 @import 'components/Roadmap';
+@import 'components/Billing';
 
   /* Site Settings Components */
   @import 'components/SiteSettings';

diff --git a/app/assets/stylesheets/common/_custom_texts.scss b/app/assets/stylesheets/common/_custom_texts.scss
@@ -30,7 +30,8 @@
 .smallMutedText {
   @extend
     .mutedText,
-    .m-0;
+    .mt-1,
+    .mb-0;
 
   font-size: smaller;
 }

diff --git a/app/assets/stylesheets/common/_index.scss b/app/assets/stylesheets/common/_index.scss
@@ -236,8 +236,14 @@ body {
 }
 
 .link {
+  color: var(--astuto-black);
+  text-decoration: underline;
   cursor: pointer;
-  &:hover { text-decoration: underline; }
+
+  &:hover {
+    color: var(--astuto-black);
+    text-decoration: underline;
+  }
 }
 
 .actionLink {
@@ -301,4 +307,12 @@ body {
 
   a { color: var(--astuto-grey); }
   a:hover { text-decoration: underline; }
+}
+
+.noActiveSubscriptionBanner {
+  @extend
+    .alert,
+    .alert-warning,
+    .text-center,
+    .m-0;
 }
diff --git a/app/assets/stylesheets/components/Billing.scss b/app/assets/stylesheets/components/Billing.scss
@@ -0,0 +1,122 @@
+.billingContainer {
+  max-width: 640px;
+  margin: 0 auto;
+
+  h2 { @extend .mb-4; }
+
+  .billingStatusBadge {
+    @extend
+      .badge,
+      .badgeLight,
+      .p-2,
+      .ml-1,
+      .mr-1;
+
+    width: fit-content;
+    text-transform: uppercase;
+  }
+
+  .billingStatusBadgeExpired {
+    color: white;
+    background-color: $danger;
+  }
+
+  .pricingTable {
+    @extend
+      .d-flex,
+      .flex-column,
+      .mt-4,
+      .mb-4;
+
+    h3 { text-align: center; }
+
+    .pricingPlansNav {
+      @extend
+        .nav,
+        .nav-pills,
+        .align-self-center,
+        .px-2,
+        .py-1,
+        .mt-2;
+
+      .yearlyPlanDiscount {
+        @extend .ml-2;
+        color: red;
+      }
+
+      background-color: var(--astuto-grey-light);
+      border-radius: 0.5rem;
+
+      li.nav-item {
+        width: 130px;
+      }
+
+      a {
+        @extend
+          .px-3,
+          .py-1;
+
+        color: var(--astuto-black);
+        cursor: pointer;
+        text-align: center;
+
+        &::first-letter { text-transform: uppercase; }
+      }
+
+      a.nav-link.active {
+        color: var(--astuto-black);
+        background-color: white;
+        box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+      }
+    }
+
+    .pricingTableColumn {
+      @extend
+        .card,
+        .my-2,
+        .p-4;
+
+      width: 100%;
+      max-width: 400px;
+      margin: 0 auto;
+
+      .priceContainer {
+        @extend
+          .d-flex,
+          .justify-content-between;
+
+        .price {
+          .amount { font-size: 36px; }
+        }
+        .priceYearly {
+          @extend .align-self-end;
+
+          .amount { font-size: 26px; }
+        }
+
+        .price, .priceYearly {
+          .amount { font-weight: 700; }
+          .currency { text-transform: uppercase; }
+        }
+      }
+    }
+  }
+
+  .checkoutContainer {
+    @extend .mt-4;
+
+    a { display: block; text-align: center; }
+
+    #checkout { @extend .my-2; }
+  }
+
+  .billingUsefulLinks {
+    @extend
+      .d-flex,  
+      .mt-4;
+
+    margin: 0 auto;
+
+    a { @extend .mx-2; }
+  }
+}
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -35,6 +35,7 @@ def load_tenant_data
       # Load tenant data
       @tenant = Current.tenant_or_raise!
       @tenant_setting = TenantSetting.first_or_create
+      @tenant_billing = TenantBilling.first_or_create
       @boards = Board.select(:id, :name, :slug).order(order: :asc)
 
       # Setup locale
@@ -48,6 +49,14 @@ def load_oauths
         .order(created_at: :asc)
     end
 
+    def check_tenant_subscription
+      return if Current.tenant.tenant_billing.has_active_subscription?
+
+      render json: {
+        error: 'Your subscription has expired. Please renew it to continue using the service.'
+      }, status: :forbidden
+    end
+
   private
 
     def user_not_authorized

diff --git a/app/controllers/billing_controller.rb b/app/controllers/billing_controller.rb
@@ -0,0 +1,115 @@
+require 'stripe'
+
+class BillingController < ApplicationController
+  before_action :check_multi_tenancy
+  before_action :authenticate_owner, only: [:request_billing_page, :return]
+  skip_before_action :verify_authenticity_token, only: [:create_checkout_session, :webhook]
+
+  def request_billing_page
+    tb = Current.tenant.tenant_billing
+    tenant_id = tb.slug
+    auth_token = tb.generate_auth_token
+
+    redirect_to billing_url(tenant_id: tenant_id, auth_token: auth_token)
+  end
+
+  def index
+    return unless params[:tenant_id] and params[:auth_token]
+
+    tb = TenantBilling.unscoped.find_by(slug: params[:tenant_id])
+    Current.tenant = tb.tenant
+
+    if (user_signed_in? && current_user.owner?) || (tb.auth_token == params[:auth_token])
+      # needed because ApplicationController#load_tenant_data is not called for this action
+      @tenant = tb.tenant
+      @tenant_setting = @tenant.tenant_setting
+      @tenant_billing = tb
+      @boards = Board.select(:id, :name, :slug).order(order: :asc)
+      I18n.locale = @tenant.locale
+
+      owner = User.find_by(role: "owner")
+      sign_in owner
+      tb.invalidate_auth_token
+
+      @page_title = t('billing.title')
+      @prices = Stripe::Price.list({limit: 2}).data
+    else
+      redirect_to get_url_for(method(:root_url))
+    end
+  end
+
+  def return
+    @page_title = t('billing.title')
+
+    session = Stripe::Checkout::Session.retrieve(params[:session_id])
+    Current.tenant.tenant_billing.update!(customer_id: session.customer)
+  end
+
+  def create_checkout_session
+    session = Stripe::Checkout::Session.create({
+      ui_mode: 'embedded',
+      line_items: [{
+        price: params[:price_id],
+        quantity: 1,
+      }],
+      mode: 'subscription',
+      return_url: "#{get_url_for(method(:billing_return_url))}?session_id={CHECKOUT_SESSION_ID}",
+      customer: Current.tenant.tenant_billing.customer_id,
+    })
+
+    render json: { clientSecret: session.client_secret }
+  end
+
+  def session_status
+    session = Stripe::Checkout::Session.retrieve(params[:session_id])
+    render json: { status: session.status, session: session }
+  end
+
+  def webhook
+    event = nil
+
+    # Verify webhook signature and extract the event
+    # See https://stripe.com/docs/webhooks#verify-events for more information.
+    begin
+      sig_header = request.env['HTTP_STRIPE_SIGNATURE']
+      payload = request.body.read
+      event = Stripe::Webhook.construct_event(payload, sig_header, Rails.application.stripe_endpoint_secret)
+    rescue JSON::ParserError => e
+      # Invalid payload
+      return head :bad_request
+    rescue Stripe::SignatureVerificationError => e
+      # Invalid signature
+      return head :bad_request
+    end
+
+    if event['type'] == 'invoice.paid'
+      Current.tenant = get_tenant_from_customer_id(event.data.object.customer)
+
+      subscription_type = event.data.object.lines.data[0].price.lookup_key
+      return head :bad_request unless subscription_type == 'monthly' || subscription_type == 'yearly'
+
+      subscription_duration = subscription_type == 'monthly' ? 1.month : 1.year
+      Current.tenant.tenant_billing.update!(
+        status: 'active',
+        subscription_ends_at: Time.current + subscription_duration
+      )
+    elsif event['type'] == 'customer.subscription.updated'
+      Current.tenant = get_tenant_from_customer_id(event.data.object.customer)
+
+      has_canceled = event.data.object.cancel_at_period_end
+      Current.tenant.tenant_billing.update!(status: has_canceled ? 'canceled' : 'active')
+    end
+
+    return head :ok
+  end
+
+  private
+
+    def check_multi_tenancy
+      redirect_to root_path unless Rails.application.multi_tenancy?
+    end
+
+    def get_tenant_from_customer_id(customer_id)
+      TenantBilling.unscoped.find_by(customer_id: customer_id).tenant
+    end
+end
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
@@ -1,5 +1,6 @@
 class CommentsController < ApplicationController
   before_action :authenticate_user!, only: [:create, :update, :destroy]
+  before_action :check_tenant_subscription, only: [:create, :update, :destroy]
 
   def index
     comments = Comment

diff --git a/app/controllers/follows_controller.rb b/app/controllers/follows_controller.rb
@@ -1,5 +1,6 @@
 class FollowsController < ApplicationController
   before_action :authenticate_user!, only: [:create, :destroy]
+  before_action :check_tenant_subscription, only: [:create, :destroy]
 
   def index
     unless user_signed_in?

diff --git a/app/controllers/likes_controller.rb b/app/controllers/likes_controller.rb
@@ -1,5 +1,6 @@
 class LikesController < ApplicationController
   before_action :authenticate_user!, only: [:create, :destroy]
+  before_action :check_tenant_subscription, only: [:create, :destroy]
 
   def index
     likes = Like

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
@@ -1,5 +1,6 @@
 class PostsController < ApplicationController
   before_action :authenticate_user!, only: [:create, :update, :destroy]
+  before_action :check_tenant_subscription, only: [:create, :update, :destroy]
 
   def index
     start_date = params[:start_date] ? Date.parse(params[:start_date]) : Date.parse('1970-01-01')

diff --git a/app/controllers/tenants_controller.rb b/app/controllers/tenants_controller.rb
@@ -51,6 +51,8 @@ def create
 
       @user.save!
 
+      @tenant.tenant_billing = TenantBilling.create!
+
       CreateWelcomeEntitiesWorkflow.new().run
 
       logger.info { "New tenant registration: #{Current.tenant.inspect}" }
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,7 +30,8 @@ @@
     .smallMutedText {
       @extend
         .mutedText,
-        .m-0;
+        .mt-1,
+        .mb-0;
       font-size: smaller;
     }
@@ Expand Down @@