feat: implement payment gateway

Author: Bulletdev

app/controllers/concerns/internal_service_authenticatable.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module InternalServiceAuthenticatable
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :authenticate_internal_service!
+  end
+
+  private
+
+  def authenticate_internal_service!
+    token    = request.headers['Authorization']&.delete_prefix('Bearer ')
+    expected = ENV.fetch('INTERNAL_JWT_SECRET', nil)
+
+    return if expected.present? && token.present? &&
+              ActiveSupport::SecurityUtils.secure_compare(token, expected)
+
+    render json: { error: 'unauthorized' }, status: :unauthorized
+  end
+end

app/controllers/internal/organizations_controller.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Internal
+  class OrganizationsController < ActionController::API
+    include InternalServiceAuthenticatable
+
+    ALLOWED_TIERS = Constants::Organization::TIERS
+    ALLOWED_PLANS = Constants::Organization::SUBSCRIPTION_PLANS
+    ALLOWED_STATUSES = Constants::Organization::SUBSCRIPTION_STATUSES
+
+    def update_tier
+      user = User.find_by(id: params[:user_id])
+      return render json: { error: 'user not found' }, status: :not_found unless user
+
+      org = user.organization
+      return render json: { error: 'organization not found' }, status: :not_found unless org
+
+      tier   = params[:tier].to_s
+      plan   = params[:subscription_plan].to_s
+      status = params[:subscription_status].to_s
+
+      unless ALLOWED_TIERS.include?(tier)
+        return render json: { error: "invalid tier: #{tier}" }, status: :unprocessable_entity
+      end
+
+      unless ALLOWED_PLANS.include?(plan)
+        return render json: { error: "invalid subscription_plan: #{plan}" }, status: :unprocessable_entity
+      end
+
+      unless ALLOWED_STATUSES.include?(status)
+        return render json: { error: "invalid subscription_status: #{status}" }, status: :unprocessable_entity
+      end
+
+      org.update!(tier: tier, subscription_plan: plan, subscription_status: status)
+
+      render json: {
+        data: {
+          id: org.id,
+          tier: org.tier,
+          subscription_plan: org.subscription_plan,
+          subscription_status: org.subscription_status
+        }
+      }
+    rescue ActiveRecord::RecordInvalid => e
+      render json: { error: e.message }, status: :unprocessable_entity
+    end
+  end
+end

config/routes.rb

@@ -516,6 +516,9 @@
     namespace :api do
       get 'inhouse_queues/active', to: '/inhouses/controllers/internal/inhouse_queues#active'
     end
+
+    # Called by ProPay TierSyncJob when a subscription is activated or cancelled.
+    patch 'organizations/by_user/:user_id/tier', to: 'organizations#update_tier'
   end
 
   require 'sidekiq/web'

spec/requests/internal/organizations_spec.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Internal Organizations', type: :request do
+  let(:organization) { create(:organization, tier: 'tier_3_amateur', subscription_plan: 'free', subscription_status: 'trial') }
+  let(:user)         { create(:user, organization: organization) }
+  let(:secret)       { ENV.fetch('INTERNAL_JWT_SECRET', 'test_internal_secret') }
+  let(:auth_headers) { { 'Authorization' => "Bearer #{secret}", 'Content-Type' => 'application/json' } }
+
+  describe 'PATCH /internal/organizations/by_user/:user_id/tier' do
+    context 'without Authorization header' do
+      it 'returns 401' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: { 'Content-Type' => 'application/json' }
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'with wrong secret' do
+      it 'returns 401' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: auth_headers.merge('Authorization' => 'Bearer wrong_secret')
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when user does not exist' do
+      it 'returns 404' do
+        patch '/internal/organizations/by_user/99999999/tier',
+              params: { tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: auth_headers
+
+        expect(response).to have_http_status(:not_found)
+        expect(json_response[:error]).to eq('user not found')
+      end
+    end
+
+    context 'with invalid tier' do
+      it 'returns 422' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_9_invalid', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: auth_headers
+
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(json_response[:error]).to include('invalid tier')
+      end
+    end
+
+    context 'on subscription activation (pro_monthly)' do
+      it 'upgrades the organization to tier_2_semi_pro' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: auth_headers
+
+        expect(response).to have_http_status(:ok)
+
+        org = organization.reload
+        expect(org.tier).to eq('tier_2_semi_pro')
+        expect(org.subscription_plan).to eq('semi_pro')
+        expect(org.subscription_status).to eq('active')
+      end
+
+      it 'returns the updated organization data' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active' }.to_json,
+              headers: auth_headers
+
+        data = json_response[:data]
+        expect(data[:id]).to eq(organization.id)
+        expect(data[:tier]).to eq('tier_2_semi_pro')
+        expect(data[:subscription_status]).to eq('active')
+      end
+    end
+
+    context 'on subscription cancellation' do
+      before do
+        organization.update!(tier: 'tier_2_semi_pro', subscription_plan: 'semi_pro', subscription_status: 'active')
+      end
+
+      it 'downgrades the organization to tier_3_amateur' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_3_amateur', subscription_plan: 'free', subscription_status: 'cancelled' }.to_json,
+              headers: auth_headers
+
+        expect(response).to have_http_status(:ok)
+
+        org = organization.reload
+        expect(org.tier).to eq('tier_3_amateur')
+        expect(org.subscription_plan).to eq('free')
+        expect(org.subscription_status).to eq('cancelled')
+      end
+    end
+
+    context 'on enterprise activation' do
+      it 'upgrades the organization to tier_1_professional' do
+        patch "/internal/organizations/by_user/#{user.id}/tier",
+              params: { tier: 'tier_1_professional', subscription_plan: 'enterprise', subscription_status: 'active' }.to_json,
+              headers: auth_headers
+
+        expect(response).to have_http_status(:ok)
+        expect(organization.reload.tier).to eq('tier_1_professional')
+      end
+    end
+  end
+end