implemented payment with stripe

.github/workflows/deploy.yaml

@@ -54,5 +54,14 @@ jobs:
 
       DB_PASSWORD_PROD: ${{ secrets.PROD_DB_PASSWORD }}
       REDIS_PASSWORD_PROD: ${{ secrets.PROD_REDIS_PASSWORD }}
+      JWT_SECRET_PROD: ${{ secrets.PROD_JWT_SECRET }}
+      ORDER_SERVICE_KEY_PROD: ${{ secrets.PROD_ORDER_SERVICE_KEY }}
+      STRIPE_SECRET_KEY_PROD: ${{ secrets.PROD_STRIPE_SECRET_KEY }}
+      STRIPE_WEBHOOK_SECRET_PROD: ${{ secrets.PROD_STRIPE_WEBHOOK_SECRET }}
+
       DB_PASSWORD_DEV: ${{ secrets.DEV_DB_PASSWORD }}
-      REDIS_PASSWORD_DEV: ${{ secrets.DEV_REDIS_PASSWORD }}
+      REDIS_PASSWORD_DEV: ${{ secrets.DEV_REDIS_PASSWORD }}
+      JWT_SECRET_DEV: ${{ secrets.DEV_JWT_SECRET }}
+      ORDER_SERVICE_KEY_DEV: ${{ secrets.DEV_ORDER_SERVICE_KEY }}
+      STRIPE_SECRET_KEY_DEV: ${{ secrets.DEV_STRIPE_SECRET_KEY }}
+      STRIPE_WEBHOOK_SECRET_DEV: ${{ secrets.DEV_STRIPE_WEBHOOK_SECRET }}

app/Http/Controllers/CheckoutController.php

@@ -0,0 +1,82 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Http;
+use Stripe\StripeClient;
+
+class CheckoutController extends Controller
+{
+    private function userId(Request $request): int
+    {
+        return (int) $request->attributes->get('user_id');
+    }
+
+    public function create(Request $request)
+    {
+        $data = $request->validate([
+            'order_id' => ['required', 'integer', 'min:1'],
+        ]);
+
+        $orderId = (int) $data['order_id'];
+
+        // 1) Fetch order from order-service as the user (so ownership is enforced)
+        $ordersBase = rtrim((string) config('services.orders.base_url'), '/'); // http://web/api/orders
+        $orderUrl = $ordersBase . '/items/' . $orderId;
+
+        $authHeader = (string) $request->header('Authorization'); // reuse same user token
+        $orderResp = Http::acceptJson()
+            ->withHeaders(['Authorization' => $authHeader])
+            ->get($orderUrl);
+
+        if (!$orderResp->successful()) {
+            return response()->json(['message' => 'Order not found'], 404);
+        }
+
+        $order = $orderResp->json('data');
+        if (!$order || !isset($order['id'], $order['total_price'], $order['status'])) {
+            return response()->json(['message' => 'Invalid order response'], 500);
+        }
+
+        if ((string) $order['status'] === 'paid') {
+            return response()->json(['message' => 'Order already paid'], 422);
+        }
+
+        $amount = (int) $order['total_price']; // cents
+        if ($amount <= 0) {
+            return response()->json(['message' => 'Invalid order amount'], 422);
+        }
+
+        // 2) Create Stripe Checkout Session
+        $stripe = new StripeClient((string) config('services.stripe.secret'));
+
+        $frontend = rtrim((string) config('services.frontend.base_url'), '/'); // http://app.localhost
+        $currency = (string) config('services.stripe.currency');
+
+        $session = $stripe->checkout->sessions->create([
+            'mode' => 'payment',
+            'success_url' => $frontend . '/checkout/success?order_id=' . $orderId . '&session_id={CHECKOUT_SESSION_ID}',
+            'cancel_url' => $frontend . '/checkout/cancel?order_id=' . $orderId,
+            'line_items' => [[
+                'quantity' => 1,
+                'price_data' => [
+                    'currency' => $currency,
+                    'unit_amount' => $amount,
+                    'product_data' => [
+                        'name' => 'Order #' . $orderId,
+                    ],
+                ],
+            ]],
+            'metadata' => [
+                'order_id' => (string) $orderId,
+                'user_id' => (string) $this->userId($request),
+            ],
+        ]);
+
+        return response()->json([
+            'url' => $session->url,
+            'session_id' => $session->id,
+        ]);
+    }
+}

app/Http/Controllers/StripeWebhookController.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Http;
+use Stripe\Webhook;
+
+class StripeWebhookController extends Controller
+{
+    public function handle(Request $request)
+    {
+        $payload = $request->getContent();
+        $sigHeader = (string) $request->header('Stripe-Signature', '');
+        $secret = (string) config('services.stripe.webhook_secret');
+
+        try {
+            $event = Webhook::constructEvent($payload, $sigHeader, $secret);
+        } catch (\Throwable $e) {
+            return response()->json(['message' => 'Invalid signature'], 400);
+        }
+
+        if ($event->type === 'checkout.session.completed') {
+            $session = $event->data->object;
+
+            $orderId = $session->metadata->order_id ?? null;
+
+            if ($orderId) {
+                $ordersBase = rtrim((string) config('services.orders.base_url'), '/'); // http://web/api/orders
+                $serviceKey = (string) config('services.orders.service_key');
+
+                $markPaidUrl = $ordersBase . '/internal/items/' . $orderId . '/mark-paid';
+
+                Http::acceptJson()
+                    ->withHeaders(['X-Service-Key' => $serviceKey])
+                    ->post($markPaidUrl);
+            }
+        }
+
+        return response()->json(['received' => true]);
+    }
+}

app/Http/Middleware/JwtAuth.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Services\JwtService;
+use Closure;
+use Illuminate\Http\Request;
+
+class JwtAuth
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $authHeader = (string) $request->header('Authorization', '');
+
+        if (!str_starts_with($authHeader, 'Bearer ')) {
+            return response()->json(['message' => 'Missing Bearer token'], 401);
+        }
+
+        $token = trim(substr($authHeader, 7));
+
+        try {
+            $claims = app(JwtService::class)->decode($token);
+            $userId = $claims['sub'] ?? null;
+
+            if (!$userId) {
+                return response()->json(['message' => 'Invalid token'], 401);
+            }
+
+            $request->attributes->set('user_id', (int) $userId);
+
+            return $next($request);
+        } catch (\Throwable) {
+            return response()->json(['message' => 'Invalid or expired token'], 401);
+        }
+    }
+}

app/Services/JwtService.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Services;
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+class JwtService
+{
+    public function decode(string $token): array
+    {
+        $secret = (string) config('jwt.secret');
+        if ($secret === '') {
+            throw new \RuntimeException('JWT_SECRET not configured.');
+        }
+
+        $decoded = JWT::decode($token, new Key($secret, 'HS256'));
+        return (array) $decoded;
+    }
+}

bootstrap/app.php

@@ -12,7 +12,9 @@
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware): void {
-        //
+        $middleware->alias([
+            'jwt' => \App\Http\Middleware\JwtAuth::class,
+        ]);
     })
     ->withExceptions(function (Exceptions $exceptions): void {
         //

composer.json

@@ -7,8 +7,10 @@
     "license": "MIT",
     "require": {
         "php": "^8.2",
+        "firebase/php-jwt": "^7.0",
         "laravel/framework": "^12.0",
-        "laravel/tinker": "^2.10.1"
+        "laravel/tinker": "^2.10.1",
+        "stripe/stripe-php": "^19.2"
     },
     "require-dev": {
         "fakerphp/faker": "^1.23",

config/jwt.php

@@ -0,0 +1,4 @@
+<?php
+return [
+    'secret' => env('JWT_SECRET'),
+];