Build hitpay app

Adding hitpay functions to hitpay app

Added all features except refund

Fixed the issue of the price on booking confirm page being 1/100

Fixed eslint errors

Removed debugger

Made hitpay setup updatable

Fixed the issue of hitpay app being in connected status after clicking on cancel on setup page

Changed help email and added channel=api_cal to payment request

Changed hitpay setup page title to HitPay | Cal.com

Replaced description images

Disabled the decimal places for non zero currency on event page

Enable sandbox and prod for hitpay on setup

Added env vars - NEXT_PUBLIC_API_HITPAY_PRODUCTION, NEXT_PUBLIC_API_HITPAY_SANDBOX

Made apiKey and saltKey hide similar to hitpay api key on setup page

Removed __t

Updated description images

Revert specific files to previous version

Add README to hitpay app

Arrange some code

Updated reference_number and some constants

packages/app-store/_pages/setup/_getServerSideProps.tsx

@@ -5,6 +5,7 @@ export const AppSetupPageMap = {
   make: import("../../make/pages/setup/_getServerSideProps"),
   zapier: import("../../zapier/pages/setup/_getServerSideProps"),
   stripe: import("../../stripepayment/pages/setup/_getServerSideProps"),
+  hitpay: import("../../hitpay/pages/setup/_getServerSideProps"),
 };
 
 export const getServerSideProps = async (ctx: GetServerSidePropsContext) => {

packages/app-store/_pages/setup/index.tsx

@@ -16,6 +16,7 @@ export const AppSetupMap = {
   sendgrid: dynamic(() => import("../../sendgrid/pages/setup")),
   stripe: dynamic(() => import("../../stripepayment/pages/setup")),
   paypal: dynamic(() => import("../../paypal/pages/setup")),
+  hitpay: dynamic(() => import("../../hitpay/pages/setup")),
 };
 
 export const AppSetupPage = (props: { slug: string }) => {

packages/app-store/apps.browser.generated.tsx

@@ -27,6 +27,7 @@ export const EventTypeAddonMap = {
   ga4: dynamic(() => import("./ga4/components/EventTypeAppCardInterface")),
   giphy: dynamic(() => import("./giphy/components/EventTypeAppCardInterface")),
   gtm: dynamic(() => import("./gtm/components/EventTypeAppCardInterface")),
+  hitpay: dynamic(() => import("./hitpay/components/EventTypeAppCardInterface")),
   hubspot: dynamic(() => import("./hubspot/components/EventTypeAppCardInterface")),
   matomo: dynamic(() => import("./matomo/components/EventTypeAppCardInterface")),
   metapixel: dynamic(() => import("./metapixel/components/EventTypeAppCardInterface")),
@@ -56,6 +57,7 @@ export const EventTypeSettingsMap = {
   ga4: dynamic(() => import("./ga4/components/EventTypeAppSettingsInterface")),
   giphy: dynamic(() => import("./giphy/components/EventTypeAppSettingsInterface")),
   gtm: dynamic(() => import("./gtm/components/EventTypeAppSettingsInterface")),
+  hitpay: dynamic(() => import("./hitpay/components/EventTypeAppSettingsInterface")),
   metapixel: dynamic(() => import("./metapixel/components/EventTypeAppSettingsInterface")),
   paypal: dynamic(() => import("./paypal/components/EventTypeAppSettingsInterface")),
   plausible: dynamic(() => import("./plausible/components/EventTypeAppSettingsInterface")),

packages/app-store/apps.keys-schemas.generated.ts

@@ -14,6 +14,7 @@ import { appKeysSchema as giphy_zod_ts } from "./giphy/zod";
 import { appKeysSchema as googlecalendar_zod_ts } from "./googlecalendar/zod";
 import { appKeysSchema as googlevideo_zod_ts } from "./googlevideo/zod";
 import { appKeysSchema as gtm_zod_ts } from "./gtm/zod";
+import { appKeysSchema as hitpay_zod_ts } from "./hitpay/zod";
 import { appKeysSchema as hubspot_zod_ts } from "./hubspot/zod";
 import { appKeysSchema as intercom_zod_ts } from "./intercom/zod";
 import { appKeysSchema as jelly_zod_ts } from "./jelly/zod";
@@ -61,6 +62,7 @@ export const appKeysSchemas = {
   googlecalendar: googlecalendar_zod_ts,
   googlevideo: googlevideo_zod_ts,
   gtm: gtm_zod_ts,
+  hitpay: hitpay_zod_ts,
   hubspot: hubspot_zod_ts,
   intercom: intercom_zod_ts,
   jelly: jelly_zod_ts,

packages/app-store/apps.metadata.generated.ts

@@ -32,6 +32,7 @@ import { metadata as giphy__metadata_ts } from "./giphy/_metadata";
 import { metadata as googlecalendar__metadata_ts } from "./googlecalendar/_metadata";
 import { metadata as googlevideo__metadata_ts } from "./googlevideo/_metadata";
 import gtm_config_json from "./gtm/config.json";
+import hitpay_config_json from "./hitpay/config.json";
 import horizon_workrooms_config_json from "./horizon-workrooms/config.json";
 import { metadata as hubspot__metadata_ts } from "./hubspot/_metadata";
 import { metadata as huddle01video__metadata_ts } from "./huddle01video/_metadata";
@@ -126,6 +127,7 @@ export const appStoreMetadata = {
   googlecalendar: googlecalendar__metadata_ts,
   googlevideo: googlevideo__metadata_ts,
   gtm: gtm_config_json,
+  hitpay: hitpay_config_json,
   "horizon-workrooms": horizon_workrooms_config_json,
   hubspot: hubspot__metadata_ts,
   huddle01video: huddle01video__metadata_ts,

packages/app-store/apps.schemas.generated.ts

@@ -14,6 +14,7 @@ import { appDataSchema as giphy_zod_ts } from "./giphy/zod";
 import { appDataSchema as googlecalendar_zod_ts } from "./googlecalendar/zod";
 import { appDataSchema as googlevideo_zod_ts } from "./googlevideo/zod";
 import { appDataSchema as gtm_zod_ts } from "./gtm/zod";
+import { appDataSchema as hitpay_zod_ts } from "./hitpay/zod";
 import { appDataSchema as hubspot_zod_ts } from "./hubspot/zod";
 import { appDataSchema as intercom_zod_ts } from "./intercom/zod";
 import { appDataSchema as jelly_zod_ts } from "./jelly/zod";
@@ -61,6 +62,7 @@ export const appDataSchemas = {
   googlecalendar: googlecalendar_zod_ts,
   googlevideo: googlevideo_zod_ts,
   gtm: gtm_zod_ts,
+  hitpay: hitpay_zod_ts,
   hubspot: hubspot_zod_ts,
   intercom: intercom_zod_ts,
   jelly: jelly_zod_ts,

packages/app-store/apps.server.generated.ts

@@ -32,6 +32,7 @@ export const apiHandlers = {
   googlecalendar: import("./googlecalendar/api"),
   googlevideo: import("./googlevideo/api"),
   gtm: import("./gtm/api"),
+  hitpay: import("./hitpay/api"),
   "horizon-workrooms": import("./horizon-workrooms/api"),
   hubspot: import("./hubspot/api"),
   huddle01video: import("./huddle01video/api"),

packages/app-store/hitpay/DESCRIPTION.md

@@ -0,0 +1,9 @@
+---
+items:
+  - 1.jpeg
+  - 2.jpeg
+  - 3.jpeg
+  - 4.jpeg
+---
+
+{DESCRIPTION}

packages/app-store/hitpay/LICENSE

@@ -0,0 +1,42 @@
+The Cal.com Commercial License (EE) license (the “EE License”)
+Copyright (c) 2020-present Cal.com, Inc
+
+With regard to the Cal.com Software:
+
+This software and associated documentation files (the "Software") may only be
+used in production, if you (and any entity that you represent) have agreed to,
+and are in compliance with, the Cal.com Subscription Terms available
+at https://cal.com/terms (the “EE Terms”), or other agreements governing
+the use of the Software, as mutually agreed by you and Cal.com, Inc ("Cal.com"),
+and otherwise have a valid Cal.com Commercial License subscription ("EE Subscription")
+for the correct number of hosts as defined in the EE Terms ("Hosts"). Subject to the foregoing sentence,
+you are free to modify this Software and publish patches to the Software. You agree
+that Cal.com and/or its licensors (as applicable) retain all right, title and interest in
+and to all such modifications and/or patches, and all such modifications and/or
+patches may only be used, copied, modified, displayed, distributed, or otherwise
+exploited with a valid EE Subscription for the correct number of hosts.
+Notwithstanding the foregoing, you may copy and modify the Software for development
+and testing purposes, without requiring a subscription. You agree that Cal.com and/or
+its licensors (as applicable) retain all right, title and interest in and to all such
+modifications. You are not granted any other rights beyond what is expressly stated herein.
+Subject to the foregoing, it is forbidden to copy, merge, publish, distribute, sublicense,
+and/or sell the Software.
+
+This EE License applies only to the part of this Software that is not distributed under
+the AGPLv3 license. Any part of this Software distributed under the MIT license or which
+is served client-side as an image, font, cascading stylesheet (CSS), file which produces
+or is compiled, arranged, augmented, or combined into client-side JavaScript, in whole or
+in part, is copyrighted under the AGPLv3 license. The full text of this EE License shall
+be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+For all third party components incorporated into the Cal.com Software, those
+components are licensed under the original license provided by the owner of the
+applicable component.

packages/app-store/hitpay/README.md

@@ -0,0 +1,6 @@
+## Obraining HitPay API key and Salt
+
+1. Create a [HitPay Sandbox](https://dashboard.sandbox.hit-pay.com/) or [HitPay](https://dashboard.hit-pay.com/), if you don't have one.
+2. Sign into your [HitPay Sandbox](https://dashboard.sandbox.hit-pay.com/login/) or [HitPay](https://dashboard.hit-pay.com/login/)
+3. On the left side bar, go to API Keys page by clicking on API Keys.
+4. Under API Keys on the right side screen, copy API Keys and Salt and paste them to API Keys and Salt on the HitPay app setup page respectively, while installing or updating the app.

packages/app-store/hitpay/api/add.ts

@@ -0,0 +1,42 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+
+import prisma from "@calcom/prisma";
+
+import config from "../config.json";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  if (!req.session?.user?.id) {
+    return res.status(401).json({ message: "You must be logged in to do this" });
+  }
+  const appType = config.type;
+  try {
+    const alreadyInstalled = await prisma.credential.findFirst({
+      where: {
+        type: appType,
+        userId: req.session.user.id,
+      },
+    });
+    if (alreadyInstalled) {
+      throw new Error("Already installed");
+    }
+    const installation = await prisma.credential.create({
+      data: {
+        type: appType,
+        key: {},
+        userId: req.session.user.id,
+        appId: "hitpay",
+      },
+    });
+
+    if (!installation) {
+      throw new Error("Unable to create user credential for Alby");
+    }
+  } catch (error: unknown) {
+    if (error instanceof Error) {
+      return res.status(500).json({ message: error.message });
+    }
+    return res.status(500);
+  }
+
+  return res.status(200).json({ url: "/apps/hitpay/setup" });
+}

packages/app-store/hitpay/api/callback.ts

@@ -0,0 +1,74 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import qs from "qs";
+
+import { HttpError as HttpCode } from "@calcom/lib/http-error";
+import prisma from "@calcom/prisma";
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { reference, status } = req.query;
+  if (!reference) {
+    throw new HttpCode({ statusCode: 204, message: "Reference not found" });
+  }
+
+  const payment = await prisma.payment.findFirst({
+    where: {
+      externalId: reference as string,
+    },
+    select: {
+      id: true,
+      amount: true,
+      bookingId: true,
+      booking: {
+        select: {
+          uid: true,
+          user: {
+            select: {
+              email: true,
+              username: true,
+              credentials: {
+                where: {
+                  type: "hitpay_payment",
+                },
+              },
+            },
+          },
+          responses: true,
+          eventType: {
+            select: {
+              slug: true,
+            },
+          },
+        },
+      },
+    },
+  });
+
+  if (!payment) {
+    throw new HttpCode({ statusCode: 204, message: "Payment not found" });
+  }
+  const key = payment.booking?.user?.credentials?.[0].key;
+  if (!key) {
+    throw new HttpCode({ statusCode: 204, message: "Credential not found" });
+  }
+
+  if (!payment.booking || !payment.booking.user || !payment.booking.eventType || !payment.booking.responses) {
+    throw new HttpCode({ statusCode: 204, message: "Booking not correct" });
+  }
+
+  if (status !== "completed") {
+    const url = `/${payment.booking.user.username}/${payment.booking.eventType.slug}`;
+    return res.redirect(url);
+  }
+
+  const queryParams = {
+    "flag.coep": false,
+    isSuccessBookingPage: true,
+    email: (payment.booking.responses as { email: string }).email,
+    eventTypeSlug: payment.booking.eventType.slug,
+  };
+
+  const query = qs.stringify(queryParams);
+  const url = `/booking/${payment.booking.uid}?${query}`;
+
+  return res.redirect(url);
+}

packages/app-store/hitpay/api/index.ts

@@ -0,0 +1,3 @@
+export { default as add } from "./add";
+export { default as callback } from "./callback";
+export { default as webhook } from "./webhook";

packages/app-store/hitpay/api/webhook.ts

@@ -0,0 +1,97 @@
+import { createHmac } from "crypto";
+import type { NextApiRequest, NextApiResponse } from "next";
+
+import { IS_PRODUCTION } from "@calcom/lib/constants";
+import { getErrorFromUnknown } from "@calcom/lib/errors";
+import { HttpError as HttpCode } from "@calcom/lib/http-error";
+import { handlePaymentSuccess } from "@calcom/lib/payment/handlePaymentSuccess";
+import prisma from "@calcom/prisma";
+
+export const config = {
+  api: {
+    bodyParser: false,
+  },
+};
+
+interface WebhookReturn {
+  payment_id: string;
+  payment_request_id: string;
+  phone: string;
+  amount: string;
+  currency: string;
+  status: string;
+  reference_number: string;
+  hmac: string;
+}
+
+type ExcludedWebhookReturn = Omit<WebhookReturn, "hmac">;
+
+function generateSignatureArray<T>(secret: string, vals: T) {
+  const source: string[] = [];
+  Object.keys(vals as { [K: string]: string })
+    .sort()
+    .forEach((key) => {
+      source.push(`${key}${(vals as { [K: string]: string })[key]}`);
+    });
+  const payload = source.join("");
+  const hmac = createHmac("sha256", secret);
+  const signed = hmac.update(payload, "utf-8").digest("hex");
+  return signed;
+}
+
+export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+  try {
+    if (req.method !== "POST") {
+      throw new HttpCode({ statusCode: 405, message: "Method Not Allowed" });
+    }
+    const obj: WebhookReturn = req.body as WebhookReturn;
+    const excluded = { ...obj } as Partial<WebhookReturn>;
+    delete excluded.hmac;
+
+    const payment = await prisma.payment.findFirst({
+      where: {
+        externalId: obj.payment_request_id,
+      },
+      select: {
+        id: true,
+        amount: true,
+        bookingId: true,
+        booking: {
+          select: {
+            user: {
+              select: {
+                credentials: {
+                  where: {
+                    type: "hitpay_payment",
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+    });
+
+    if (!payment) {
+      throw new HttpCode({ statusCode: 204, message: "Payment not found" });
+    }
+    const key = payment.booking?.user?.credentials?.[0].key;
+    if (!key) {
+      throw new HttpCode({ statusCode: 204, message: "Credentials not found" });
+    }
+    const { salt_key } = key as { salt_key: string };
+    const signed = generateSignatureArray(salt_key, excluded as ExcludedWebhookReturn);
+    if (signed !== obj.hmac) {
+      throw new HttpCode({ statusCode: 400, message: "Bad Request" });
+    }
+
+    return await handlePaymentSuccess(payment.id, payment.bookingId);
+  } catch (_err) {
+    const err = getErrorFromUnknown(_err);
+    console.error(`Webhook Error: ${err.message}`);
+    return res.status(200).send({
+      message: err.message,
+      stack: IS_PRODUCTION ? undefined : err.stack,
+    });
+  }
+}