validated(); $user = $request->user(); $tenant = $user?->tenant; if (! $tenant) { throw ValidationException::withMessages(['tenant' => 'Tenant context missing.']); } $package = Package::findOrFail((int) $data['package_id']); $session = $this->sessions->createOrResume($user, $package, array_merge( CheckoutRequestContext::fromRequest($request), [ 'tenant' => $tenant, 'locale' => $data['locale'] ?? null, ] )); $this->sessions->selectProvider($session, CheckoutSession::PROVIDER_PAYPAL); $now = now(); $session->forceFill([ 'accepted_terms_at' => $now, 'accepted_privacy_at' => $now, 'accepted_withdrawal_notice_at' => $now, 'digital_content_waiver_at' => null, 'legal_version' => $this->resolveLegalVersion(), ])->save(); $couponCode = Str::upper(trim((string) ($data['coupon_code'] ?? ''))); if ($couponCode !== '') { $preview = $this->coupons->preview($couponCode, $package, $tenant); $this->sessions->applyCoupon($session, $preview['coupon'], $preview['pricing']); } $successUrl = $data['return_url'] ?? null; $cancelUrl = $data['cancel_url'] ?? $successUrl; $paypalReturnUrl = route('paypal.return', absolute: true); try { $order = $this->orders->createOrder($session, $package, [ 'return_url' => $paypalReturnUrl, 'cancel_url' => $paypalReturnUrl, 'locale' => $data['locale'] ?? $session->locale, 'request_id' => $session->id, ]); } catch (PayPalException $exception) { Log::warning('PayPal order creation failed', [ 'session_id' => $session->id, 'message' => $exception->getMessage(), 'status' => $exception->status(), 'context' => $exception->context(), ]); throw ValidationException::withMessages([ 'paypal' => __('marketing.packages.paypal_checkout_failed', [], app()->getLocale()) ?: 'Unable to create PayPal checkout.', ]); } $orderId = $order['id'] ?? null; if (! is_string($orderId) || $orderId === '') { throw ValidationException::withMessages([ 'paypal' => 'PayPal order ID missing.', ]); } $approveUrl = $this->orders->resolveApproveUrl($order); $session->forceFill([ 'paypal_order_id' => $orderId, 'provider_metadata' => array_merge($session->provider_metadata ?? [], array_filter([ 'paypal_order_id' => $orderId, 'paypal_status' => $order['status'] ?? null, 'paypal_approve_url' => $approveUrl, 'paypal_success_url' => $successUrl, 'paypal_cancel_url' => $cancelUrl, 'paypal_created_at' => now()->toIso8601String(), ])), ])->save(); $this->sessions->markRequiresCustomerAction($session, 'paypal_approval'); return response()->json([ 'order_id' => $orderId, 'approve_url' => $approveUrl, 'status' => $order['status'] ?? null, 'checkout_session_id' => $session->id, ]); } public function capture(PayPalCaptureRequest $request): JsonResponse { $data = $request->validated(); $session = CheckoutSession::findOrFail($data['checkout_session_id']); $orderId = (string) $data['order_id']; if ($session->status === CheckoutSession::STATUS_COMPLETED) { return response()->json([ 'status' => $session->status, 'completed_at' => optional($session->completed_at)->toIso8601String(), 'checkout_session_id' => $session->id, ]); } if ($session->provider !== CheckoutSession::PROVIDER_PAYPAL) { $this->sessions->selectProvider($session, CheckoutSession::PROVIDER_PAYPAL); } try { $capture = $this->orders->captureOrder($orderId, [ 'request_id' => $session->id, ]); } catch (PayPalException $exception) { Log::warning('PayPal capture failed', [ 'session_id' => $session->id, 'order_id' => $orderId, 'message' => $exception->getMessage(), 'status' => $exception->status(), 'context' => $exception->context(), ]); $this->sessions->markFailed($session, 'paypal_capture_failed'); return response()->json([ 'status' => CheckoutSession::STATUS_FAILED, 'checkout_session_id' => $session->id, ], 422); } $status = strtoupper((string) ($capture['status'] ?? '')); $captureId = $this->orders->resolveCaptureId($capture); $totals = $this->orders->resolveTotals($capture); $session->forceFill([ 'paypal_order_id' => $orderId, 'paypal_capture_id' => $captureId, 'provider_metadata' => array_merge($session->provider_metadata ?? [], array_filter([ 'paypal_order_id' => $orderId, 'paypal_capture_id' => $captureId, 'paypal_status' => $status ?: null, 'paypal_totals' => $totals !== [] ? $totals : null, 'paypal_captured_at' => now()->toIso8601String(), ])), ])->save(); if ($status === 'COMPLETED') { $this->sessions->markProcessing($session, [ 'paypal_status' => $status, 'paypal_capture_id' => $captureId, ]); $this->assignment->finalise($session, [ 'source' => 'paypal_capture', 'provider' => CheckoutSession::PROVIDER_PAYPAL, 'provider_reference' => $captureId ?? $orderId, 'payload' => $capture, ]); $this->sessions->markCompleted($session, now()); return response()->json([ 'status' => CheckoutSession::STATUS_COMPLETED, 'completed_at' => optional($session->completed_at)->toIso8601String(), 'checkout_session_id' => $session->id, ]); } if (in_array($status, ['PAYER_ACTION_REQUIRED', 'PENDING'], true)) { $this->sessions->markRequiresCustomerAction($session, 'paypal_pending'); return response()->json([ 'status' => CheckoutSession::STATUS_REQUIRES_CUSTOMER_ACTION, 'checkout_session_id' => $session->id, ], 202); } $this->sessions->markFailed($session, 'paypal_'.$status); return response()->json([ 'status' => CheckoutSession::STATUS_FAILED, 'checkout_session_id' => $session->id, ], 422); } protected function resolveLegalVersion(): string { return config('app.legal_version', now()->toDateString()); } }