Post checkout (#22)

* Add post checkout API

* Add template to easily include and setup PaddleJS

* Add template to register post checkout API call

* Add docs for Paddle checkout pages

* Use update_or_create for all subscription signals

* Add redirect url to post checkout

* Make Checkout fields not required

As Checkout is currently intended to be a Transient model the only thing which should stop someone creating an instance quickly is the ID not being unique or valid

Author: pyepye

README.rst

@@ -69,6 +69,24 @@ Add your paddle keys and set the operating mode:
     # can be found at https://vendors.paddle.com/public-key
     DJPADDLE_PUBLIC_KEY = '<your-public-key>'
 
+djpaddle includes ``vendor_id`` template context processor which adds your vendor ID as ``DJPADDLE_VENDOR_ID`` to each template context
+
+.. code-block:: python
+
+    TEMPLATES = [
+    {
+        ...
+        'OPTIONS': {
+            ...
+            'context_processors': [
+                ...
+                'djpaddle.context_processors.vendor_id',
+                ...
+            ]
+        }
+    }
+
+
 Run the commands::
 
     python manage.py migrate
@@ -77,6 +95,67 @@ Run the commands::
     python manage.py djpaddle_sync_plans_from_paddle
 
 
+Paddle Checkout
+---------------
+
+Next to setup a `PaddleJS checkout page <https://developer.paddle.com/guides/how-tos/checkout/paddle-checkout>`_
+
+First load in PaddleJS and initialise it by including the dj-paddle PaddleJS template in your own template to load PaddleJS::
+
+    {% include "djpaddle_paddlejs.html" %}
+
+
+Next add a Paddle product or subscription plan into the page context. Below is an example of how to do this using a class based view where ``plan_id`` is passed through as a value from the URL
+
+.. code-block:: python
+
+    from django.conf import settings
+    from django.views.generic import TemplateView
+
+    from djpaddle.models import Plan
+
+
+    class Checkout(TemplateView):
+        template_name = 'checkout.html'
+
+        def get_context_data(self, **kwargs):
+            context = super().get_context_data(**kwargs)
+
+            context['paddle_plan'] = Plan.objects.get(pk=kwargs['plan_id'])
+            # If you have not added 'djpaddle.context_processors.vendor_id' as a template context processors
+            context['DJPADDLE_VENDOR_ID'] = settings.DJPADDLE_VENDOR_ID
+
+            return context
+
+
+Finally put a ``Buy Now!`` button for the plan subscription you added to the context ::
+
+    <a href="#!" class="paddle_button" data-product="{{ paddle_plan.id }}">Buy Now!</a>
+
+
+You can pass data to Paddle JS by add data attributes to the button. For example to set the users email you can use the ``data-email`` attribute ::
+
+    <a href="#!" class="paddle_button" data-product="{{ paddle_plan.id }}" data-email="{{ user.email }}" >Buy Now!</a>
+
+
+A full list of parameters can be found on the `PaddleJS parameters page <https://developer.paddle.com/webhook-reference/intro>`_
+
+Subscription model
+------------------
+
+You can override the model that subscriptions are attached to using the ``DJPADDLE_SUBSCRIBER_MODEL`` setting. This setting must use the string model reference in the style 'app_label.ModelName'.
+
+The model chosen must have an ``email`` field.
+
+.. code-block:: python
+
+    # Defaults to AUTH_USER_MODEL
+    DJPADDLE_SUBSCRIBER_MODEL = 'myapp.MyModel'
+
+**Warning**: To use this setting you must have already created and ran the initial migration for the app/model before adding ``djpadding`` to ``INSTALLED_APPS``.
+
+
+
 Reporting Security Issues
 -------------------------
 

djpaddle/admin.py

@@ -2,6 +2,8 @@
 
 from . import models
 
+admin.site.register(models.Checkout)
+
 
 class PriceInline(admin.TabularInline):
     model = models.Price

djpaddle/migrations/0002_checkout.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.1a1 on 2020-05-22 23:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('djpaddle', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Checkout',
+            fields=[
+                ('id', models.CharField(max_length=40, primary_key=True, serialize=False)),
+                ('completed', models.NullBooleanField()),
+                ('passthrough', models.TextField(blank=True, null=True)),
+                ('email', models.EmailField(blank=True, max_length=254, null=True)),
+                ('created_at', models.DateTimeField(blank=True, null=True)),
+            ],
+        ),
+    ]

djpaddle/models.py

@@ -187,12 +187,7 @@ def _sanitize_webhook_payload(cls, payload):
         return data
 
     @classmethod
-    def from_subscription_created(cls, payload):
-        data = cls._sanitize_webhook_payload(payload)
-        return cls.objects.get_or_create(**data)
-
-    @classmethod
-    def update_by_payload(cls, payload):
+    def create_or_update_by_payload(cls, payload):
         data = cls._sanitize_webhook_payload(payload)
         pk = data.pop("id")
         return cls.objects.update_or_create(pk=pk, defaults=data)
@@ -201,19 +196,32 @@ def __str__(self):
         return "Subscription <{}:{}>".format(str(self.subscriber), str(self.id))
 
 
+class Checkout(models.Model):
+    """
+    Used to store checkout info from PaddleJS. Transient model which acts as
+    a backup in case the webhook is not recieved straight away
+    """
+
+    id = models.CharField(max_length=40, primary_key=True)
+    completed = models.NullBooleanField()
+    passthrough = models.TextField(null=True, blank=True)
+    email = models.EmailField(null=True, blank=True)
+    created_at = models.DateTimeField(null=True, blank=True)
+
+
 @receiver(signals.subscription_created)
 def on_subscription_created(sender, payload, *args, **kwargs):
-    Subscription.from_subscription_created(payload)
+    Subscription.create_or_update_by_payload(payload)
 
 
 @receiver(signals.subscription_updated)
 def on_subscription_updated(sender, payload, *args, **kwargs):
-    Subscription.update_by_payload(payload)
+    Subscription.create_or_update_by_payload(payload)
 
 
 @receiver(signals.subscription_cancelled)
 def on_subscription_cancelled(sender, payload, *args, **kwargs):
-    Subscription.update_by_payload(payload)
+    Subscription.create_or_update_by_payload(payload)
 
 
 if settings.DJPADDLE_LINK_STALE_SUBSCRIPTIONS:

djpaddle/templates/djpaddle_paddlejs.html

@@ -0,0 +1,9 @@
+<script src="https://cdn.paddle.com/paddle/paddle.js"></script>
+<script type="text/javascript">
+Paddle.Setup({
+    vendor:  {{ DJPADDLE_VENDOR_ID }},
+    {% if debug %}
+    debug: true,
+    {% endif %}
+});
+</script>

djpaddle/templates/djpaddle_post_checkout.html

@@ -0,0 +1,63 @@
+<div id="csrf">{% csrf_token %}</div>
+<script type="text/javascript">
+
+function checkoutComplete(data) {
+    var csrftoken = document.getElementById("csrf").getElementsByTagName("input")[0].value;
+
+    var email = "";
+    if (data.hasOwnProperty("user") && data.user !== null){
+        email = data.user.email;
+    }
+    var postData = {
+        id: data.checkout.id,
+        completed: data.checkout.completed,
+        passthrough: data.checkout.passthrough,
+        email: email,
+        created_at: data.checkout.created_at,
+        redirect_url: data.checkout.redirect_url,
+    };
+    var encodedString = buildFormData(postData);
+
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", "{% url 'djpaddle:post_checkout_api' %}?next={{ djpaddle_checkout_success_redirect }}");
+    xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+    xhr.setRequestHeader("X-CSRFToken", csrftoken);
+    xhr.onreadystatechange = function(){
+        if (xhr.readyState === XMLHttpRequest.DONE) {
+            if (xhr.status === 200) {
+                var jsonResponse = JSON.parse(xhr.responseText);
+                if (jsonResponse.hasOwnProperty("redirect_url")) {
+                    window.location.href = jsonResponse["redirect_url"];
+                }
+            }
+        }
+    }
+    xhr.send(encodedString);
+}
+
+function buildFormData(data) {
+    var encodedString = "";
+    for (var prop in data) {
+        if (data.hasOwnProperty(prop)) {
+            if (encodedString.length > 0) {
+                encodedString += "&";
+            }
+            encodedString += encodeURI(prop + "=" + data[prop]);
+        }
+    }
+    return encodedString;
+}
+
+function addCheckoutCompleteToPaddleButtons() {
+    var paddleButtons = document.getElementsByClassName("paddle_button");
+    for (var k in paddleButtons) {
+        if (paddleButtons.hasOwnProperty(k)) {
+            paddleButtons[k].setAttribute("data-success-callback", "checkoutComplete");
+        }
+    }
+}
+
+document.addEventListener("DOMContentLoaded", function(event) {
+    addCheckoutCompleteToPaddleButtons();
+});
+</script>

djpaddle/urls.py

@@ -6,4 +6,5 @@
 
 urlpatterns = [
     path("webhook/", views.paddle_webhook_view, name="webhook"),
+    path("post-checkout/", views.post_checkout_api_view, name="post_checkout_api"),
 ]

djpaddle/views.py

@@ -1,9 +1,14 @@
-from django.http import HttpResponse, HttpResponseBadRequest
+from distutils.util import strtobool
+
+from django.core.exceptions import ValidationError
+from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View
+from django.views.generic.edit import BaseCreateView
 
 from . import signals
+from .models import Checkout
 from .utils import is_valid_webhook
 
 
@@ -45,16 +50,48 @@ def post(self, request, *args, **kwargs):
         if not is_valid_webhook(payload):
             return HttpResponseBadRequest("webhook validation failed")
 
-        alert_name = payload.get("alert_name", None)
-        if alert_name is None:
+        alert_name = payload.get("alert_name")
+        if not alert_name:
             return HttpResponseBadRequest("'alert_name' missing")
 
         if alert_name in self.SUPPORTED_WEBHOOKS:
-            signal = getattr(signals, alert_name, None)
-            if signal is not None:  # pragma: no cover
+            signal = getattr(signals, alert_name)
+            if signal:  # pragma: no cover
                 signal.send(sender=self.__class__, payload=payload)
 
         return HttpResponse()
 
 
+class PaddlePostCheckoutApiView(BaseCreateView):
+    http_method_names = ["post"]
+
+    def post(self, request, *args, **kwargs):
+        data = request.POST.dict()
+        redirect_url = data.pop("redirect_url") if "redirect_url" in data else ""
+        pk = data.pop("id")
+        if not pk:
+            return HttpResponseBadRequest('Missing "id"')
+        try:
+            data["completed"] = bool(strtobool(data["completed"]))
+        except KeyError:
+            return HttpResponseBadRequest('Missing "completed"')
+
+        try:
+            Checkout.objects.update_or_create(pk=pk, defaults=data)
+        except ValidationError as e:
+            return HttpResponseBadRequest(e)
+
+        next_url = request.GET.get("next")
+        if next_url:
+            next_url = "{0}?checkout={1}".format(next_url, pk)
+            return JsonResponse({"redirect_url": next_url}, status=200)
+
+        if redirect_url:
+            redirect_url = "{0}?checkout={1}".format(redirect_url, pk)
+            return JsonResponse({"redirect_url": redirect_url}, status=200)
+
+        return JsonResponse({}, status=204)
+
+
 paddle_webhook_view = PaddleWebhookView.as_view()
+post_checkout_api_view = PaddlePostCheckoutApiView.as_view()