atomic logging in stripe module

Author: devksingh4

src/api/functions/stripe.ts

@@ -98,3 +98,16 @@ export const createCheckoutSession = async ({
   }
   return session.url;
 };
+
+export const deactivateStripeLink = async ({
+  linkId,
+  stripeApiKey,
+}: {
+  linkId: string;
+  stripeApiKey: string;
+}): Promise<void> => {
+  const stripe = new Stripe(stripeApiKey);
+  await stripe.paymentLinks.update(linkId, {
+    active: false,
+  });
+};

src/api/routes/stripe.ts

@@ -2,19 +2,26 @@ import {
   PutItemCommand,
   QueryCommand,
   ScanCommand,
+  TransactWriteItemsCommand,
+  TransactWriteItemsCommandInput,
 } from "@aws-sdk/client-dynamodb";
 import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
 import { withRoles, withTags } from "api/components/index.js";
-import { createAuditLogEntry } from "api/functions/auditLog.js";
+import {
+  buildAuditLogTransactPut,
+  createAuditLogEntry,
+} from "api/functions/auditLog.js";
 import {
   createStripeLink,
+  deactivateStripeLink,
   StripeLinkCreateParams,
 } from "api/functions/stripe.js";
 import { getSecretValue } from "api/plugins/auth.js";
 import { genericConfig } from "common/config.js";
 import {
   BaseError,
   DatabaseFetchError,
+  DatabaseInsertError,
   InternalServerError,
   UnauthenticatedError,
 } from "common/errors/index.js";
@@ -123,32 +130,53 @@ const stripeRoutes: FastifyPluginAsync = async (fastify, _options) => {
       const { url, linkId, priceId, productId } =
         await createStripeLink(payload);
       const invoiceId = request.body.invoiceId;
-      const dynamoCommand = new PutItemCommand({
-        TableName: genericConfig.StripeLinksDynamoTableName,
-        Item: marshall({
-          userId: request.username,
-          linkId,
-          priceId,
-          productId,
-          invoiceId,
-          url,
-          amount: request.body.invoiceAmountUsd,
-          active: true,
-          createdAt: new Date().toISOString(),
-        }),
-      });
-      const itemPromise = fastify.dynamoClient.send(dynamoCommand);
-      const logPromise = createAuditLogEntry({
-        dynamoClient: fastify.dynamoClient,
+      const logStatement = buildAuditLogTransactPut({
         entry: {
           module: Modules.STRIPE,
           actor: request.username,
           target: `Link ${linkId} | Invoice ${invoiceId}`,
           message: "Created Stripe payment link",
         },
       });
-      await itemPromise;
-      await logPromise;
+      const dynamoCommand = new TransactWriteItemsCommand({
+        TransactItems: [
+          logStatement,
+          {
+            Put: {
+              TableName: genericConfig.StripeLinksDynamoTableName,
+              Item: marshall({
+                userId: request.username,
+                linkId,
+                priceId,
+                productId,
+                invoiceId,
+                url,
+                amount: request.body.invoiceAmountUsd,
+                active: true,
+                createdAt: new Date().toISOString(),
+              }),
+            },
+          },
+        ],
+      });
+      try {
+        await fastify.dynamoClient.send(dynamoCommand);
+      } catch (e) {
+        await deactivateStripeLink({
+          stripeApiKey: secretApiConfig.stripe_secret_key as string,
+          linkId,
+        });
+        fastify.log.info(
+          `Deactivated Stripe link ${linkId} due to error in writing to database.`,
+        );
+        if (e instanceof BaseError) {
+          throw e;
+        }
+        fastify.log.error(e);
+        throw new DatabaseInsertError({
+          message: "Could not write Stripe link to database.",
+        });
+      }
       reply.status(201).send({ id: linkId, link: url });
     },
   );

tests/unit/stripe.test.ts

@@ -11,11 +11,13 @@ import {
   PutItemCommand,
   QueryCommand,
   ScanCommand,
+  TransactWriteItemsCommand,
 } from "@aws-sdk/client-dynamodb";
 import supertest from "supertest";
 import { createJwt } from "./auth.test.js";
 import { v4 as uuidv4 } from "uuid";
 import { marshall } from "@aws-sdk/util-dynamodb";
+import { genericConfig } from "../../src/common/config.js";
 
 const smMock = mockClient(SecretsManagerClient);
 const ddbMock = mockClient(DynamoDBClient);
@@ -136,25 +138,26 @@ describe("Test Stripe link creation", async () => {
     expect(smMock.calls().length).toEqual(0);
   });
   test("POST happy path", async () => {
-    ddbMock.on(PutItemCommand).resolves({});
+    const invoicePayload = {
+      invoiceId: "ACM102",
+      invoiceAmountUsd: 51,
+      contactName: "Infra User",
+      contactEmail: "[email protected]",
+    };
+    ddbMock.on(TransactWriteItemsCommand).resolvesOnce({}).rejects();
     const testJwt = createJwt();
     await app.ready();
 
     const response = await supertest(app.server)
       .post("/api/v1/stripe/paymentLinks")
       .set("authorization", `Bearer ${testJwt}`)
-      .send({
-        invoiceId: "ACM102",
-        invoiceAmountUsd: 51,
-        contactName: "Infra User",
-        contactEmail: "[email protected]",
-      });
+      .send(invoicePayload);
     expect(response.statusCode).toBe(201);
     expect(response.body).toStrictEqual({
       id: linkId,
       link: `https://buy.stripe.com/${linkId}`,
     });
-    expect(ddbMock.calls().length).toEqual(2); // 1 for the audit log
+    expect(ddbMock.calls().length).toEqual(1);
     expect(smMock.calls().length).toEqual(1);
   });
   test("Unauthenticated GET access (missing token)", async () => {