Subscription madness.

Author: Katharine

Dockerfile

@@ -4,4 +4,5 @@ RUN apk add --update postgresql-dev
 ADD . /code
 WORKDIR /code
 RUN pip install -r requirements.txt
-CMD ["python", "serve_debug.py"]
+ENV FLASK_APP=auth FLASK_ENV=development
+CMD ["flask", "run", "-h", "0.0.0.0"]

auth/__init__.py

@@ -1,18 +1,20 @@
-from flask import Flask, render_template, g
+from flask import Flask, render_template
 from flask_login import login_required, current_user
 from flask_sslify import SSLify
+from flask_wtf import CSRFProtect
 
-from .models import init_app as init_db
+from .models import init_app as init_db, db
 from .login import init_app as init_login
 from .login.pebble import ensure_pebble, pebble
 from .oauth import init_app as init_oauth
 from .api import init_app as init_api
 from .redis import init_app as init_redis
+from .billing import init_app as init_billing
 
 from .settings import config
 
-
 app = Flask(__name__)
+CSRFProtect(app)
 app.config.update(**config)
 sslify = SSLify(app)
 if not app.debug:
@@ -21,6 +23,7 @@
 init_redis(app)
 init_login(app)
 init_oauth(app)
+init_billing(app)
 init_api(app)
 
 

auth/api.py

@@ -8,7 +8,11 @@
 @api.route('/me')
 @oauth.require_oauth('profile')
 def me():
-    return jsonify(uid=request.oauth.user.id, name=request.oauth.user.name)
+    return jsonify(
+        uid=request.oauth.user.id,
+        name=request.oauth.user.name,
+        is_subscribed=request.oauth.user.has_active_sub,
+    )
 
 
 @api.route('/me/pebble/auth')
@@ -34,3 +38,4 @@ def pebble_dev_portal_me():
 
 def init_app(app, url_prefix='/api/v1'):
     app.register_blueprint(api, url_prefix=url_prefix)
+    app.extensions['csrf'].exempt(api)

auth/billing/__init__.py

@@ -0,0 +1,127 @@
+import datetime
+
+import stripe
+from flask import Blueprint, render_template, request, redirect, url_for
+from flask_login import login_required, current_user
+
+from auth import db
+from auth.models import User
+from auth.settings import config
+
+stripe.api_key = config['STRIPE_SECRET_KEY']
+billing_blueprint = Blueprint("billing", __name__)
+
+
+def format_ts(value, format='%d-%m-%Y'):
+    return datetime.datetime.utcfromtimestamp(value).strftime(format)
+
+
+@billing_blueprint.route('/account')
+@login_required
+def account_info():
+    subscription = None
+    if current_user.stripe_subscription_id:
+        subscription = stripe.Subscription.retrieve(current_user.stripe_subscription_id)
+    return render_template('account-info.html', user=current_user, subscription=subscription)
+
+
+def handle_card_error(e: stripe.error.CardError):
+    return str(e)
+
+
+@billing_blueprint.route('/account/sub/create', methods=['POST'])
+@login_required
+def create_subscription():
+    plan = request.form['plan']
+    customer = None
+    if current_user.stripe_customer_id:
+        customer = stripe.Customer.retrieve(current_user.stripe_customer_id)
+        if not customer.deleted:
+            customer.source = request.form['stripeToken']
+            try:
+                customer.save()
+            except stripe.error.CardError as e:
+                return handle_card_error(e)
+        else:
+            customer = None
+    if customer is None:
+        try:
+            customer = stripe.Customer.create(
+                description=f"{current_user.name or '(no name)'} (#{current_user.id})",
+                email=f"{current_user.email}",
+                source=request.form['stripeToken'],
+                metadata={
+                    'user_id': current_user.id,
+                }
+            )
+        except stripe.error.CardError as e:
+            return handle_card_error(e)
+        current_user.stripe_customer_id = customer.stripe_id
+    start_date = None
+    to_cancel = None
+    if current_user.stripe_subscription_id:
+        sub = stripe.Subscription.retrieve(current_user.stripe_subscription_id)
+        if sub.status != "canceled":
+            # In this case we have an active subscription and are changing the billing
+            # frequency. We need to delete the old item and create a new one.
+            to_cancel = sub
+            start_date = sub.current_period_end
+    try:
+        sub = stripe.Subscription.create(
+            customer=customer.stripe_id,
+            items=[{"plan": plan}],
+            trial_end=start_date,
+        )
+    except stripe.error.CardError as e:
+        return handle_card_error(e)
+    current_user.stripe_subscription_id = sub.stripe_id
+    current_user.subscription_expiry = datetime.datetime.utcfromtimestamp(sub.current_period_end).replace(tzinfo=datetime.timezone.utc) + datetime.timedelta(days=1)
+    db.session.commit()
+    if to_cancel:
+        to_cancel.delete()
+    return redirect(url_for('.account_info'))
+
+
+@billing_blueprint.route('/account/sub/delete', methods=["POST"])
+def cancel_subscription():
+    sub = stripe.Subscription.retrieve(current_user.stripe_subscription_id)
+    sub.delete(at_period_end=True)
+    return redirect(url_for('.account_info'))
+
+
+@billing_blueprint.route('/stripe/event', methods=["POST"])
+def stripe_event():
+    payload = request.data
+    signature = request.headers['Stripe-Signature']
+    try:
+        event = stripe.Webhook.construct_event(payload, signature, config['STRIPE_WEBHOOK_KEY'])
+    except ValueError:
+        return '???', 400
+    except stripe.error.SignatureVerificationError:
+        return 'signature verification failed', 400
+
+    if event.type == "invoice.payment_succeeded":
+        # try and figure out if we care about this.
+        results = []
+        for line in event.data.object.lines.data:
+            if line.subscription:
+                user = User.query.filter_by(stripe_subscription_id=line.subscription).one_or_none()
+                if user is not None:
+                    user.subscription_expiry = datetime.datetime.utcfromtimestamp(line.period.end) + datetime.timedelta(days=1)
+                    db.session.commit()
+                    results.append(f"Set expiry date for user #{user.id} to {user.subscription_expiry}.")
+        return '\n'.join(results)
+    elif event.type == "customer.subscription.deleted":
+        user = User.query.filter_by(stripe_subscription_id=event.data.object.id).one_or_none()
+        if user is not None:
+            user.subscription_expiry = None
+            db.session.commit()
+            return f'Terminated subscription for user #{user.id}.'
+
+    return ''
+
+
+def init_app(app, prefix='/'):
+    app.register_blueprint(billing_blueprint, url_prefix=prefix)
+    app.jinja_env.filters['format_ts'] = format_ts
+    app.extensions['csrf'].exempt(stripe_event)

auth/login/base.py

@@ -88,3 +88,4 @@ def init_app(app):
     login_manager.login_view = 'login.login'
     login_manager.init_app(app)
     auth.init_app(app)
+    app.extensions['csrf'].exempt(login_blueprint)

auth/models.py

@@ -1,3 +1,4 @@
+import datetime
 from flask_sqlalchemy import SQLAlchemy
 from flask_migrate import Migrate
 from flask_login import UserMixin
@@ -6,6 +7,7 @@
 db = SQLAlchemy()
 migrate = Migrate()
 
+
 class User(UserMixin, db.Model):
     __tablename__ = "users"
     id = db.Column(db.Integer, primary_key=True)
@@ -16,6 +18,13 @@ class User(UserMixin, db.Model):
     pebble_token = db.Column(db.String, nullable=True, index=True)
     has_logged_in = db.Column(db.Boolean, nullable=False, server_default='false')
     account_type = db.Column(db.Integer, nullable=False, server_default='0')
+    stripe_customer_id = db.Column(db.String, nullable=True, index=True)
+    stripe_subscription_id = db.Column(db.String, nullable=True, index=True)
+    subscription_expiry = db.Column(db.DateTime, nullable=True)
+
+    @property
+    def has_active_sub(self):
+        return self.subscription_expiry is not None and datetime.datetime.utcnow() <= self.subscription_expiry
 
 
 class UserIdentity(db.Model):

auth/oauth.py

@@ -1,10 +1,12 @@
 from datetime import datetime, timedelta
+import logging
 
-from flask import Blueprint, abort, render_template, request
+from flask import Blueprint, abort, render_template, request, redirect
 from flask_oauthlib.provider import OAuth2Provider
 from oauthlib.common import generate_token as generate_random_token
 from flask_login import current_user, login_required
 
+from auth.login.base import demand_pebble
 from .models import db, IssuedToken, AuthClient, User
 from .redis import client as redis
 import json
@@ -52,6 +54,7 @@ def load_grant(client_id, code):
 @oauth.grantsetter
 def set_grant(client_id, code, request, *args, **kwargs):
     if not current_user.is_authenticated:
+        logging.error("Tried to set a grant for a user who is not logged in!?")
         return None
     grant = Grant(client_id, code['code'], current_user.id, request.scopes, request.redirect_uri)
     redis.setex(grant.key, 100, grant.serialise())

auth/settings.py

@@ -21,6 +21,9 @@
         'consumer_key': environ['FACEBOOK_CONSUMER_KEY'],
         'consumer_secret': environ['FACEBOOK_CONSUMER_SECRET'],
     },
+    'STRIPE_SECRET_KEY': environ['STRIPE_SECRET_KEY'],
+    'STRIPE_PUBLIC_KEY': environ['STRIPE_PUBLIC_KEY'],
+    'STRIPE_WEBHOOK_KEY': environ.get('STRIPE_WEBHOOK_KEY'),
 }
 
 if 'PEBBLE_CONSUMER_KEY' in environ and 'PEBBLE_CONSUMER_SECRET' in environ:

auth/templates/account-info.html

@@ -0,0 +1,118 @@
+{% extends "base.html" %}
+{% block body %}
+    <style>
+        table.actually-a-table {
+            border-collapse: collapse;
+        }
+        table.actually-a-table tr {
+            border-bottom: 1px solid #dbdadb;
+        }
+        table.actually-a-table tr:last-child {
+          border: 0;
+        }
+    </style>
+    <h2>Rebble Account</h2>
+    <table class="actually-a-table">
+        <tr>
+            <td>Account name</td>
+            <td>{% if user.name %}{{ user.name }}{% else %}<em>None</em>{% endif %}</td>
+        </tr>
+        <tr>
+            <td>Email address</td>
+            <td>{{ user.email }}</td>
+        </tr>
+        <tr>
+            <td>Linked pebble account</td>
+            <td>{% if user.pebble_token %}Yes{% else %}No{% endif %}</td>
+        </tr>
+        <tr>
+            <td style="padding-right: 10px;">Voice / Weather subscription</td>
+            <td>
+                {% if subscription %}
+                    {% if subscription.status == 'past_due' %}
+                        <strong>Overdue</strong>,
+                    {% elif subscription.status in ('active', 'trialing') %}
+                        <strong>Active</strong>, auto-renew
+                        {% if subscription.cancel_at_period_end %}
+                            disabled.<br>Subscription ends on {{ subscription.current_period_end | format_ts }}.
+                        {% else %}
+                            enabled.<br>Renews for another {{ subscription.plan.interval }} on {{ subscription.current_period_end | format_ts }}.
+                        {% endif %}
+                    {% else %}
+                        Expired on {{ subscription.ended_at | format_ts }}.
+                    {% endif %}
+                {% else %}
+                    None
+                {% endif %}
+            </td>
+        </tr>
+    </table>
+    <hr>
+    <h3>Rebble Subscriptions</h3>
+    {% if not subscription or subscription.status == 'canceled' or subscription.cancel_at_period_end %}
+    <p>
+        Subscribing to Rebble for just $3/month enables dictation and weather support on your account,
+        and helps us keep the service running for everyone!
+    </p>
+        <p>
+            We see you do not have an active subscription, or your subscription is not set to auto-renew. Want to
+            subscribe? We offer two subscription options:
+        </p>
+        <table style="width: 100%; text-align: center;">
+            <tr>
+                <td style="vertical-align: top;">
+                    Pay $3.00 / month
+                    <form action="{{ url_for('.create_subscription') }}" method="POST">
+                      <script
+                        src="https://checkout.stripe.com/checkout.js" class="stripe-button"
+                        data-key="pk_test_HtWIJSiwQRLunBIXRSpiHk85"
+                        data-email="{{ user.email }}"
+                        data-image="//static.rebble.io/auth/logo-128x128.png"
+                        data-label="Subscribe Monthly"
+                        data-name="Rebble Alliance"
+                        data-allow-remember-me="false"
+                        data-description="Voice / Dictation Subscription"
+                        data-locale="auto"
+                        data-zip-code="true"
+                        data-panel-label="Subscribe Monthly"
+                      >
+                      </script>
+                        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                        <input type="hidden" name="plan" value="plan_D8zMUHWw0uZfN9">
+                    </form>
+                </td>
+                <td style="vertical-align: top;">Annually at $33/year
+                    <form action="{{ url_for('.create_subscription') }}" method="POST">
+                      <script
+                        src="https://checkout.stripe.com/checkout.js" class="stripe-button"
+                        data-key="pk_test_HtWIJSiwQRLunBIXRSpiHk85"
+                        data-email="{{ user.email }}"
+                        data-image="//static.rebble.io/auth/logo-128x128.png"
+                        data-label="Subscribe Annually"
+                        data-allow-remember-me="false"
+                        data-name="Rebble Alliance"
+                        data-description="Voice / Dictation Subscription"
+                        data-locale="auto"
+                        data-zip-code="true"
+                        data-panel-label="Subscribe Annually"
+                        >
+                      </script>
+                        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+                        <input type="hidden" name="plan" value="plan_D8zMJGYcyqz29L">
+                    </form>
+                    (One month free!)</td>
+            </tr>
+        </table>
+        <p>We use Stripe to handle our payments, and we never see or store your payment information.</p>
+    {% else %}
+        <p>
+            You are currently subscribed! If you like, you can cancel your subscription.
+            You will retain your subscription benefits until your subscription lapses, on
+            {{ subscription.current_period_end | format_ts }}.
+        </p>
+            <form action="{{ url_for('.cancel_subscription') }}" method="POST"  style="text-align: center;">
+                <input type="submit" value="Unsubscribe :(" style="font-size: 20px;">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
+            </form>
+    {% endif %}
+{% endblock %}

requirements.txt

@@ -11,6 +11,7 @@ Flask-Migrate==2.1.1
 Flask-OAuthlib==0.9.4
 Flask-SQLAlchemy==2.3.2
 Flask-SSLify==0.1.5
+flask-wtf==0.14.2
 idna==2.6
 itsdangerous==0.24
 Jinja2==2.10
@@ -30,3 +31,4 @@ SQLAlchemy==1.2.2
 stripe==1.82.2
 urllib3==1.22
 Werkzeug==0.14.1
+WTForms==2.2.1