Introduce AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_METADATA_MARKER_VALUE

louischan-oursky · louischan-oursky · commit 59c0693ec489 · 2025-06-20T15:27:10.000+08:00
diff --git a/.env.example b/.env.example
@@ -11,6 +11,10 @@ AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_CANCEL_URL=https://www.authgear.com/paymen
 AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_PRICE_ID=price_foobar
 AUTHGEAR_ONCE_STRIPE_WEBHOOK_SIGNING_SECRET=whsec_foobar
 
+# The value of a metadata attached to the created checkout session.
+# It is used to distinguish between other checkout sessions that ARE NOT created by this server.
+AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_METADATA_MARKER_VALUE=authgear-once-license-server-local
+
 # SMTP related cnfigurations.
 AUTHGEAR_ONCE_SMTP_HOST=smtp.example.com
 AUTHGEAR_ONCE_SMTP_PORT=587
diff --git a/cmd/cli/main.go b/cmd/cli/main.go
@@ -129,6 +129,7 @@ type Dependencies struct {
 	StripeCheckoutSessionCancelURL                      string
 	StripeCheckoutSessionPriceID                        string
 	StripeWebhookSigningSecret                          string
+	StripeCheckoutSessionMetadataMarkerValue            string
 	AUTHGEAR_ONCE_PUBLIC_URL_SCHEME                     string
 	AUTHGEAR_ONCE_ONCE_COMMAND_DOWNLOAD_URL_GO_TEMPLATE string
 	AUTHGEAR_ONCE_ONCE_COMMAND_IMAGE_OVERRIDE           string
@@ -291,9 +292,10 @@ func Handler_v1_stripe_checkout(w http.ResponseWriter, r *http.Request) {
 	stripeClient := deps.StripeClient
 
 	checkoutSession, err := pkgstripe.NewCheckoutSession(ctx, stripeClient, &pkgstripe.CheckoutSessionParams{
-		SuccessURL: deps.StripeCheckoutSessionSuccessURL,
-		CancelURL:  deps.StripeCheckoutSessionCancelURL,
-		PriceID:    deps.StripeCheckoutSessionPriceID,
+		MarkerValue: deps.StripeCheckoutSessionMetadataMarkerValue,
+		SuccessURL:  deps.StripeCheckoutSessionSuccessURL,
+		CancelURL:   deps.StripeCheckoutSessionCancelURL,
+		PriceID:     deps.StripeCheckoutSessionPriceID,
 	})
 	if err != nil {
 		slogging.Error(ctx, logger, "failed to create checkout session",
@@ -315,7 +317,7 @@ func Handler_v1_stripe_webhook(w http.ResponseWriter, r *http.Request) {
 
 	e, err := pkgstripe.ConstructEvent(ctx, deps.StripeClient, r, pkgstripe.ConstructEventOptions{
 		SigningSecret: deps.StripeWebhookSigningSecret,
-		PriceID:       deps.StripeCheckoutSessionPriceID,
+		MarkerValue:   deps.StripeCheckoutSessionMetadataMarkerValue,
 	})
 	if err != nil {
 		if errors.Is(err, pkgstripe.ErrUnknownEvent) {
@@ -421,15 +423,16 @@ func main() {
 	})
 
 	dependencies := Dependencies{
-		HTTPClient:                      &http.Client{},
-		StripeClient:                    stripeClient,
-		SMTPDialer:                      smtpDialer,
-		SMTPSender:                      os.Getenv("AUTHGEAR_ONCE_SMTP_SENDER"),
-		StripeCheckoutSessionSuccessURL: os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_SUCCESS_URL"),
-		StripeCheckoutSessionCancelURL:  os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_CANCEL_URL"),
-		StripeCheckoutSessionPriceID:    os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_PRICE_ID"),
-		StripeWebhookSigningSecret:      os.Getenv("AUTHGEAR_ONCE_STRIPE_WEBHOOK_SIGNING_SECRET"),
-		AUTHGEAR_ONCE_PUBLIC_URL_SCHEME: os.Getenv("AUTHGEAR_ONCE_PUBLIC_URL_SCHEME"),
+		HTTPClient:                               &http.Client{},
+		StripeClient:                             stripeClient,
+		SMTPDialer:                               smtpDialer,
+		SMTPSender:                               os.Getenv("AUTHGEAR_ONCE_SMTP_SENDER"),
+		StripeCheckoutSessionSuccessURL:          os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_SUCCESS_URL"),
+		StripeCheckoutSessionCancelURL:           os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_CANCEL_URL"),
+		StripeCheckoutSessionPriceID:             os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_PRICE_ID"),
+		StripeWebhookSigningSecret:               os.Getenv("AUTHGEAR_ONCE_STRIPE_WEBHOOK_SIGNING_SECRET"),
+		StripeCheckoutSessionMetadataMarkerValue: os.Getenv("AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_METADATA_MARKER_VALUE"),
+		AUTHGEAR_ONCE_PUBLIC_URL_SCHEME:          os.Getenv("AUTHGEAR_ONCE_PUBLIC_URL_SCHEME"),
 		AUTHGEAR_ONCE_ONCE_COMMAND_DOWNLOAD_URL_GO_TEMPLATE: os.Getenv("AUTHGEAR_ONCE_ONCE_COMMAND_DOWNLOAD_URL_GO_TEMPLATE"),
 		AUTHGEAR_ONCE_ONCE_COMMAND_IMAGE_OVERRIDE:           os.Getenv("AUTHGEAR_ONCE_ONCE_COMMAND_IMAGE_OVERRIDE"),
 		KeygenConfig: keygen.KeygenConfig{
@@ -451,6 +454,11 @@ func main() {
 
 	ctx = slogging.WithLogger(ctx, logger)
 
+	if dependencies.StripeCheckoutSessionMetadataMarkerValue == "" {
+		slogging.Error(ctx, logger, "AUTHGEAR_ONCE_STRIPE_CHECKOUT_SESSION_METADATA_MARKER_VALUE must be set")
+		os.Exit(1)
+	}
+
 	if err := rootCmd.ExecuteContext(ctx); err != nil {
 		slogging.Error(ctx, logger, "root command completed with error",
 			"error", err)
diff --git a/pkg/stripe/checkout.go b/pkg/stripe/checkout.go
@@ -7,10 +7,13 @@ import (
 	"github.com/stripe/stripe-go/v82/client"
 )
 
+const MetadataKeyMarker = "authgear_once_license_server"
+
 type CheckoutSessionParams struct {
-	SuccessURL string
-	CancelURL  string
-	PriceID    string
+	MarkerValue string
+	SuccessURL  string
+	CancelURL   string
+	PriceID     string
 }
 
 func NewCheckoutSession(ctx context.Context, client *client.API, params *CheckoutSessionParams) (*stripe.CheckoutSession, error) {
@@ -29,6 +32,9 @@ func NewCheckoutSession(ctx context.Context, client *client.API, params *Checkou
 				Quantity: stripe.Int64(1),
 			},
 		},
+		Metadata: map[string]string{
+			MetadataKeyMarker: params.MarkerValue,
+		},
 	}
 
 	sess, err := client.CheckoutSessions.New(sessParams)
diff --git a/pkg/stripe/webhook.go b/pkg/stripe/webhook.go
@@ -16,7 +16,7 @@ var ErrUnknownEvent = errors.New("pkgstripe: unknown event")
 
 type ConstructEventOptions struct {
 	SigningSecret string
-	PriceID       string
+	MarkerValue   string
 }
 
 func ConstructEvent(ctx context.Context, client *client.API, r *http.Request, opts ConstructEventOptions) (*stripe.Event, error) {
@@ -45,10 +45,9 @@ func ConstructEvent(ctx context.Context, client *client.API, r *http.Request, op
 		return nil, err
 	}
 
-	for _, lineItem := range checkoutSession.LineItems.Data {
-		if lineItem.Price.ID == opts.PriceID {
-			return &e, nil
-		}
+	marker := checkoutSession.Metadata[MetadataKeyMarker]
+	if marker == opts.MarkerValue {
+		return &e, nil
 	}
 
 	return &e, ErrUnknownEvent

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ var ErrUnknownEvent = errors.New("pkgstripe: unknown event")`
`16`	`16`
`17`	`17`	`type ConstructEventOptions struct {`
`18`	`18`	`SigningSecret string`
`19`		`- PriceID string`
	`19`	`+ MarkerValue string`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`func ConstructEvent(ctx context.Context, client client.API, r http.Request, opts ConstructEventOptions) (*stripe.Event, error) {`
`@@ -45,10 +45,9 @@ func ConstructEvent(ctx context.Context, client client.API, r http.Request, op`
`45`	`45`	`return nil, err`
`46`	`46`	`}`
`47`	`47`
`48`		`- for _, lineItem := range checkoutSession.LineItems.Data {`
`49`		`- if lineItem.Price.ID == opts.PriceID {`
`50`		`- return &e, nil`
`51`		`- }`
	`48`	`+ marker := checkoutSession.Metadata[MetadataKeyMarker]`
	`49`	`+ if marker == opts.MarkerValue {`
	`50`	`+ return &e, nil`
`52`	`51`	`}`
`53`	`52`
`54`	`53`	`return &e, ErrUnknownEvent`