From e31c69c4bb629ce2af16f70980a01d50bcbb112b Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Mon, 1 Apr 2019 01:29:49 -0600
Subject: [PATCH] Add credit card processing API

---
 api/actions/addfunds.php | 59 ++++++++++++++++++++++++++++++++++++++++
 api/apisettings.php      |  8 ++++++
 composer.json            |  3 +-
 composer.lock            | 58 ++++++++++++++++++++++++++++++++++++++-
 settings.template.php    | 13 +++++++--
 5 files changed, 136 insertions(+), 5 deletions(-)
 create mode 100644 api/actions/addfunds.php

diff --git a/api/actions/addfunds.php b/api/actions/addfunds.php
new file mode 100644
index 0000000..0bd560b
--- /dev/null
+++ b/api/actions/addfunds.php
@@ -0,0 +1,59 @@
+<?php
+
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+\Stripe\Stripe::setApiKey($SETTINGS["stripe"]["seckey"]);
+
+$accountid = $database->get("accounts", ["[>]authkeys" => ["accountid"]], "accounts.accountid", ["key" => $VARS["key"]]);
+
+$token = $VARS['token'];
+
+$amount = $VARS["amount"] * 100.00;
+
+try {
+    $charge = \Stripe\Charge::create([
+                'amount' => $amount,
+                'currency' => 'usd',
+                'description' => 'Helping Helena',
+                'statement_descriptor' => "HelpingHelena",
+                'source' => $token
+    ]);
+
+    $stripefees = 30 + ($amount * 0.029);
+    $totalfees = $amount * $SETTINGS["stripe"]["fee"];
+
+    $amountadded = ($amount - max($stripefees, $totalfees)) / 100.0;
+
+    $database->update("accounts", ["balance[+]" => $amountadded], ["accountid" => $accountid]);
+    $database->insert("log", [
+        "datetime" => date("Y-m-d H:i:s"),
+        "accountid" => $accountid,
+        "entry" => "Added funds with card:  $" . ($amount / 100.0) . " charged, $$amountadded added to balance."
+    ]);
+
+    exitWithJson([
+        "status" => "OK",
+        "charged_amount" => $amount / 100.0,
+        "final_amount" => $amountadded
+    ]);
+} catch (\Stripe\Error\Card $e) {
+    $body = $e->getJsonBody();
+    $err = $body['error'];
+    sendJsonResp("We couldn't process your card because it was declined.  Your card issuer or bank sent us this message: " . $err["message"] . "  That's all we know.", "ERROR");
+} catch (\Stripe\Error\RateLimit $e) {
+    sendJsonResp("We couldn't process your card because things are happening too fast.  Please try again in a minute. (Error code: STRIPE_RATELIMIT)", "ERROR");
+} catch (\Stripe\Error\InvalidRequest $e) {
+    sendJsonResp("We couldn't process your card because of a technical issue.  Please try again later. (Error code: STRIPE_INVREQ)", "ERROR");
+} catch (\Stripe\Error\Authentication $e) {
+    sendJsonResp("We can't connect to the card processor.  Please try again later. (Error code: STRIPE_AUTH)", "ERROR");
+} catch (\Stripe\Error\ApiConnection $e) {
+    sendJsonResp("We can't connect to the card processor.  Please try again later. (Error code: STRIPE_NOAPI)", "ERROR");
+} catch (\Stripe\Error\Base $e) {
+    sendJsonResp("An unknown payment error occurred.  Please try again later.", "ERROR");
+} catch (Exception $e) {
+    sendJsonResp("An unknown error occurred.  Please try again later.", "ERROR");
+}
\ No newline at end of file
diff --git a/api/apisettings.php b/api/apisettings.php
index db981c0..d4db106 100644
--- a/api/apisettings.php
+++ b/api/apisettings.php
@@ -92,4 +92,12 @@ $APIS = [
             "longitude" => "/-?[0-9]{2,3}\.[0-9]+/"
         ]
     ],
+    "addfunds" => [
+        "load" => "addfunds.php",
+        "vars" => [
+            "key" => $keyregex,
+            "amount" => "/[0-9]{1,4}(\.[0-9]{2})?/",
+            "token" => "string"
+        ]
+    ],
 ];
diff --git a/composer.json b/composer.json
index c81c0af..8432f01 100644
--- a/composer.json
+++ b/composer.json
@@ -5,7 +5,8 @@
     "require": {
         "catfan/medoo": "^1.5",
         "guzzlehttp/guzzle": "^6.2",
-        "anthonymartin/geo-location": "^1.0"
+        "anthonymartin/geo-location": "^1.0",
+        "stripe/stripe-php": "^6.31"
     },
     "license": "MPL-2.0",
     "authors": [
diff --git a/composer.lock b/composer.lock
index 16e2713..d834ede 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "a4330dce069db4d0d962b670496ca8ef",
+    "content-hash": "8c26e4b05d07380ff9539750fc1ae717",
     "packages": [
         {
             "name": "anthonymartin/geo-location",
@@ -382,6 +382,62 @@
             ],
             "description": "A polyfill for getallheaders.",
             "time": "2016-02-11T07:05:27+00:00"
+        },
+        {
+            "name": "stripe/stripe-php",
+            "version": "v6.31.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/stripe/stripe-php.git",
+                "reference": "19456bcbdde319a4e936e042f65769f0993eb90b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/stripe/stripe-php/zipball/19456bcbdde319a4e936e042f65769f0993eb90b",
+                "reference": "19456bcbdde319a4e936e042f65769f0993eb90b",
+                "shasum": ""
+            },
+            "require": {
+                "ext-curl": "*",
+                "ext-json": "*",
+                "ext-mbstring": "*",
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "php-coveralls/php-coveralls": "1.*",
+                "phpunit/phpunit": "~4.0",
+                "squizlabs/php_codesniffer": "~2.0",
+                "symfony/process": "~2.8"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.0-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Stripe\\": "lib/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Stripe and contributors",
+                    "homepage": "https://github.com/stripe/stripe-php/contributors"
+                }
+            ],
+            "description": "Stripe PHP Library",
+            "homepage": "https://stripe.com/",
+            "keywords": [
+                "api",
+                "payment processing",
+                "stripe"
+            ],
+            "time": "2019-03-25T20:28:43+00:00"
         }
     ],
     "packages-dev": [],
diff --git a/settings.template.php b/settings.template.php
index 1ef4b35..b753f75 100644
--- a/settings.template.php
+++ b/settings.template.php
@@ -19,14 +19,14 @@ $SETTINGS = [
     // See http://medoo.in/api/new for info
     "database" => [
         "type" => "mysql",
-        "name" => "app",
+        "name" => "helpinghelena",
         "server" => "localhost",
-        "user" => "app",
+        "user" => "",
         "password" => "",
         "charset" => "utf8"
     ],
     // Name of the app.
-    "site_title" => "Web App Template",
+    "site_title" => "Helping Helena",
     // Settings for connecting to the AccountHub server.
     "accounthub" => [
         // URL for the API endpoint
@@ -36,6 +36,13 @@ $SETTINGS = [
         // API key
         "key" => "123"
     ],
+    "stripe" => [
+        "pubkey" => "",
+        "seckey" => "",
+        // Decimal percentage fee to take from card transactions.
+        // This includes the Stripe fee.
+        "fee" => 0.07
+    ],
     // List of required user permissions to access this app.
     "permissions" => [
     ],