Merge branch 'dev' into main

Author: gustavotoyota

apps/app-server/package.json

@@ -29,6 +29,7 @@
     "fastify-raw-body": "^4.2.2",
     "http-status-codes": "^2.3.0",
     "ioredis": "npm:@deepnotes/ioredis@^5.3.1",
+    "jws": "^4.0.0",
     "knex": "2.3.0",
     "libsodium-wrappers-sumo": "^0.7.13",
     "lodash": "^4.17.21",
@@ -46,6 +47,7 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
+    "@types/jws": "^3.2.8",
     "@types/libsodium-wrappers-sumo": "^0.7.7",
     "@types/lodash": "^4.14.200",
     "@types/ws": "8.5.3",

apps/app-server/src/env.d.ts

@@ -53,5 +53,8 @@ declare namespace NodeJS {
     STRIPE_WEBHOOK_SECRET: string;
     STRIPE_MONTHLY_PRICE_ID: string;
     STRIPE_YEARLY_PRICE_ID: string;
+
+    REVENUECAT_PUBLIC_APPLE_API_KEY: string;
+    REVENUECAT_WEBHOOK_SECRET: string;
   }
 }

apps/app-server/src/fastify/app-store-webhook.ts

@@ -0,0 +1,114 @@
+import { mainLogger } from '@stdlib/misc';
+import type Fastify from 'fastify';
+import jws from 'jws';
+import { createContext } from 'src/trpc/context';
+import type { InferProcedureOpts } from 'src/trpc/helpers';
+import { publicProcedure } from 'src/trpc/helpers';
+import { z } from 'zod';
+
+interface responseBodyV2DecodedPayload {
+  /* A unique identifier for the notification. Use this value to identify a duplicate notification. */
+
+  notificationUUID: string;
+
+  /*
+    The in-app purchase event for which the App Store sends this version 2 notification.
+
+    Possible values:
+    - CONSUMPTION_REQUEST
+    - DID_CHANGE_RENEWAL_PREF
+    - DID_CHANGE_RENEWAL_STATUS
+    - DID_FAIL_TO_RENEW
+    - DID_RENEW
+    - EXPIRED
+    - GRACE_PERIOD_EXPIRED
+    - OFFER_REDEEMED
+    - PRICE_INCREASE
+    - REFUND
+    - REFUND_DECLINED
+    - REFUND_REVERSED
+    - RENEWAL_EXTENDED
+    - RENEWAL_EXTENSION
+    - REVOKE
+    - SUBSCRIBED
+    - TEST
+  */
+
+  notificationType: 'SUBSCRIBED' | 'EXPIRED';
+
+  /* The object that contains the app metadata and signed renewal and transaction information. */
+
+  data: {
+    /* 
+      The unique identifier of the app that the notification applies to.
+      This property is available for apps that users download from the App Store.
+      It isn’t present in the sandbox environment.
+    */
+
+    appAppleId: string;
+
+    /* The server environment that the notification applies to, either sandbox or production. */
+
+    environment: 'Sandbox' | 'Production';
+
+    /* Transaction information signed by the App Store, in JSON Web Signature (JWS) format. */
+
+    signedTransactionInfo: string;
+  };
+}
+
+interface JWSTransactionDecodedPayload {
+  appAccountToken: string;
+
+  bundleId: string;
+
+  environment: 'Sandbox' | 'Production';
+
+  productId: string;
+
+  type:
+    | 'Auto-Renewable Subscription'
+    | 'Non-Consumable'
+    | 'Consumable'
+    | 'Non-Renewing Subscription';
+
+  transactionReason: 'PURCHASE' | 'RENEWAL';
+}
+
+const _webhookLogger = mainLogger.sub('app-store-webhook');
+
+const baseProcedure = publicProcedure.input(
+  z.object({
+    signedPayload: z.string(),
+  }),
+);
+
+export function registerAppStoreWebhook(fastify: ReturnType<typeof Fastify>) {
+  fastify.post('/app-store/webhook', {
+    handler: async (req, res) => {
+      const ctx = createContext({ req, res });
+
+      return await webhook({ ctx, input: req.body as any });
+    },
+  });
+}
+
+export async function webhook({
+  input,
+}: InferProcedureOpts<typeof baseProcedure>) {
+  _webhookLogger.info('Signed payload: %o', input);
+
+  const decodedPayloadSignature = jws.decode(input.signedPayload);
+  const decodedPayload =
+    decodedPayloadSignature.payload as responseBodyV2DecodedPayload;
+
+  _webhookLogger.info('Decoded payload: %o', decodedPayload);
+
+  const decodedTransactionSignature = jws.decode(
+    decodedPayload.data.signedTransactionInfo,
+  );
+  const decodedTransaction =
+    decodedTransactionSignature.payload as JWSTransactionDecodedPayload;
+
+  _webhookLogger.info('Decoded transaction: %o', decodedTransaction);
+}

apps/app-server/src/fastify/revenuecat-webhook.ts

@@ -0,0 +1,90 @@
+import { mainLogger } from '@stdlib/misc';
+import type Fastify from 'fastify';
+import { createContext } from 'src/trpc/context';
+import type { InferProcedureOpts } from 'src/trpc/helpers';
+import { publicProcedure } from 'src/trpc/helpers';
+import { z } from 'zod';
+
+const _webhookLogger = mainLogger.sub('app-store-webhook');
+
+const baseProcedure = publicProcedure.input(
+  z.object({
+    api_version: z.string(),
+    event: z.object({
+      type: z.string(),
+
+      app_user_id: z.string(),
+
+      transferred_from: z.string().array().optional(),
+      transferred_to: z.string().array().optional(),
+    }),
+  }),
+);
+
+export function registerRevenueCatWebhook(fastify: ReturnType<typeof Fastify>) {
+  fastify.post('/revenuecat/webhook', {
+    handler: async (req, res) => {
+      const ctx = createContext({ req, res });
+
+      return await webhook({ ctx, input: req.body as any });
+    },
+  });
+}
+
+export async function webhook({
+  ctx,
+  input,
+}: InferProcedureOpts<typeof baseProcedure>) {
+  if (
+    ctx.req.headers['authorization'] !==
+    `Bearer ${process.env.REVENUECAT_WEBHOOK_SECRET}`
+  ) {
+    throw new Error('Unauthorized');
+  }
+
+  await ctx.dataAbstraction.transaction(async (dtrx) => {
+    switch (input.event.type) {
+      case 'INITIAL_PURCHASE':
+      case 'RENEWAL':
+        await ctx.dataAbstraction.patch(
+          'user',
+          input.event.app_user_id,
+          { plan: 'pro' },
+          { dtrx },
+        );
+
+        break;
+      case 'TRANSFER':
+        await Promise.all([
+          ...(input.event.transferred_from ?? []).map((userId) =>
+            ctx.dataAbstraction.patch(
+              'user',
+              userId,
+              { plan: 'basic' },
+              { dtrx },
+            ),
+          ),
+
+          ...(input.event.transferred_to ?? []).map((userId) =>
+            ctx.dataAbstraction.patch(
+              'user',
+              userId,
+              { plan: 'pro' },
+              { dtrx },
+            ),
+          ),
+        ]);
+
+        break;
+      case 'EXPIRATION':
+        await ctx.dataAbstraction.patch(
+          'user',
+          input.event.app_user_id,
+          { plan: 'basic' },
+          { dtrx },
+        );
+
+        break;
+    }
+  });
+}

apps/app-server/src/fastify/server.ts

@@ -21,6 +21,7 @@ import { registerUsersChangePassword } from 'src/websocket/users/account/change-
 import { registerUsersChangeEmailFinish } from 'src/websocket/users/account/email-change/finish';
 import { registerUsersRotateKeys } from 'src/websocket/users/account/rotate-keys';
 
+import { registerRevenueCatWebhook } from './revenuecat-webhook';
 import { registerStripeWebhook } from './stripe-webhook';
 
 export const fastify = once(async () => {
@@ -86,6 +87,7 @@ export const fastify = once(async () => {
   // Fastify endpoints
 
   registerStripeWebhook(fastify);
+  registerRevenueCatWebhook(fastify);
 
   // Websocket endpoints
 

apps/app-server/src/fastify/stripe-webhook.ts

@@ -1,6 +1,5 @@
 import { TRPCError } from '@trpc/server';
 import type Fastify from 'fastify';
-import { once } from 'lodash';
 import { dataAbstraction } from 'src/data/data-abstraction';
 import { createContext } from 'src/trpc/context';
 import type { InferProcedureOpts } from 'src/trpc/helpers';
@@ -9,8 +8,6 @@ import type Stripe from 'stripe';
 
 const baseProcedure = publicProcedure;
 
-export const webhookProcedure = once(() => baseProcedure.mutation(webhook));
-
 export function registerStripeWebhook(fastify: ReturnType<typeof Fastify>) {
   fastify.post('/stripe/webhook', {
     config: {

apps/client/package.json

@@ -2,7 +2,7 @@
   "name": "@deepnotes/client",
   "description": "DeepNotes",
   "homepage": "https://deepnotes.app",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "author": "Gustavo Toyota <[email protected]>",
   "dependencies": {
     "@_ueberdosis/prosemirror-tables": "~1.1.3",

apps/client/public/whitepaper/key-hierarchy.webp

@@ -12,6 +12,7 @@ dependencies {
     implementation project(':capacitor-app')
     implementation project(':capacitor-clipboard')
     implementation project(':capacitor-splash-screen')
+    implementation project(':revenuecat-purchases-capacitor')
 
 }
 

apps/client/src-capacitor/android/app/capacitor.build.gradle

@@ -10,5 +10,9 @@
 	{
 		"pkg": "@capacitor/splash-screen",
 		"classpath": "com.capacitorjs.plugins.splashscreen.SplashScreenPlugin"
+	},
+	{
+		"pkg": "@revenuecat/purchases-capacitor",
+		"classpath": "com.revenuecat.purchases.capacitor.PurchasesPlugin"
 	}
 ]

apps/client/src-capacitor/android/app/src/main/assets/capacitor.plugins.json

@@ -10,3 +10,6 @@ project(':capacitor-clipboard').projectDir = new File('../../../../node_modules/
 
 include ':capacitor-splash-screen'
 project(':capacitor-splash-screen').projectDir = new File('../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/splash-screen/android')
+
+include ':revenuecat-purchases-capacitor'
+project(':revenuecat-purchases-capacitor').projectDir = new File('../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@revenuecat/purchases-capacitor/android')

apps/client/src-capacitor/android/capacitor.settings.gradle

@@ -359,7 +359,7 @@
 				INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.productivity";
 				IPHONEOS_DEPLOYMENT_TARGET = 13.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 1.0.8;
+				MARKETING_VERSION = 1.0.17;
 				OTHER_SWIFT_FLAGS = "$(inherited) \"-D\" \"COCOAPODS\" \"-DDEBUG\"";
 				PRODUCT_BUNDLE_IDENTIFIER = app.deepnotes;
 				PRODUCT_NAME = "$(TARGET_NAME)";
@@ -386,7 +386,7 @@
 				INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.productivity";
 				IPHONEOS_DEPLOYMENT_TARGET = 13.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 1.0.8;
+				MARKETING_VERSION = 1.0.17;
 				PRODUCT_BUNDLE_IDENTIFIER = app.deepnotes;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE_SPECIFIER = "";

apps/client/src-capacitor/ios/App/App.xcodeproj/project.pbxproj

@@ -14,6 +14,7 @@ def capacitor_pods
   pod 'CapacitorApp', :path => '../../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/app'
   pod 'CapacitorClipboard', :path => '../../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/clipboard'
   pod 'CapacitorSplashScreen', :path => '../../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@capacitor/splash-screen'
+  pod 'RevenuecatPurchasesCapacitor', :path => '../../../../../node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@revenuecat/purchases-capacitor'
 end
 
 target 'App' do

apps/client/src-capacitor/ios/App/Podfile

@@ -10,7 +10,8 @@
     "@capacitor/clipboard": "^5.0.6",
     "@capacitor/core": "^5.5.1",
     "@capacitor/ios": "^5.5.1",
-    "@capacitor/splash-screen": "^5.0.6"
+    "@capacitor/splash-screen": "^5.0.6",
+    "@revenuecat/purchases-capacitor": "^7.1.1"
   },
   "private": true
 }

apps/client/src-capacitor/package.json

@@ -69,13 +69,21 @@ export interface IPageRegion {
 }
 
 export function getIslandRoot(region: PageRegion): PageRegion {
-  if (
-    region.type === 'page' ||
-    (!region.react.container.spatial && region.react.container.overflow)
-  ) {
+  if (region.type === 'page') {
     return region;
   } else {
-    return region.react.region.react.islandRoot;
+    const parentRegion =
+      region?.type === 'note' ? region.react.region : undefined;
+
+    if (
+      parentRegion?.type === 'note' &&
+      !parentRegion.react.container.spatial &&
+      parentRegion.react.container.overflow
+    ) {
+      return parentRegion;
+    } else {
+      return region.react.region.react.islandRoot;
+    }
   }
 }
 

apps/client/src/code/pages/page/regions/region.ts

@@ -65,5 +65,8 @@ declare namespace NodeJS {
     STRIPE_WEBHOOK_SECRET: string;
     STRIPE_MONTHLY_PRICE_ID: string;
     STRIPE_YEARLY_PRICE_ID: string;
+
+    REVENUECAT_PUBLIC_APPLE_API_KEY: string;
+    REVENUECAT_WEBHOOK_SECRET: string;
   }
 }

apps/client/src/env.d.ts

@@ -41,7 +41,6 @@
           <div class="footer-header">Product</div>
 
           <router-link
-            v-if="!($q.platform.is.capacitor && $q.platform.is.ios)"
             :to="{ name: 'pricing' }"
             class="footer-item"
           >

apps/client/src/layouts/HomeLayout/Footer.vue

@@ -80,7 +80,6 @@
           <Gap style="width: 32px" />
 
           <DeepBtn
-            v-if="!($q.platform.is.capacitor && $q.platform.is.ios)"
             label="Pricing"
             flat
             class="toolbar-btn"

apps/client/src/layouts/HomeLayout/Header/Header.vue

@@ -64,7 +64,6 @@
 
           <template v-if="uiStore().width < BREAKPOINT_LG_MIN">
             <q-item
-              v-if="!($q.platform.is.capacitor && $q.platform.is.ios)"
               clickable
               :to="{ name: 'pricing' }"
             >