fotospiel-app/app/Http/Controllers/PayPalCheckoutController.php

<?php

namespace App\Http\Controllers;

use App\Http\Requests\PayPal\PayPalCaptureRequest;
use App\Http\Requests\PayPal\PayPalCheckoutRequest;
use App\Models\CheckoutSession;
use App\Models\Package;
use App\Services\Checkout\CheckoutAssignmentService;
use App\Services\Checkout\CheckoutSessionService;
use App\Services\Coupons\CouponRedemptionService;
use App\Services\Coupons\CouponService;
use App\Services\PayPal\Exceptions\PayPalException;
use App\Services\PayPal\PayPalOrderService;
use App\Support\CheckoutRequestContext;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

class PayPalCheckoutController extends Controller
{
    public function __construct(
        private readonly PayPalOrderService $orders,
        private readonly CheckoutSessionService $sessions,
        private readonly CheckoutAssignmentService $assignment,
        private readonly CouponService $coupons,
        private readonly CouponRedemptionService $couponRedemptions,
    ) {}

    public function create(PayPalCheckoutRequest $request): JsonResponse
    {
        $data = $request->validated();

        $user = $request->user();
        $tenant = $user?->tenant;

        if (! $tenant) {
            throw ValidationException::withMessages(['tenant' => 'Tenant context missing.']);
        }

        $package = Package::findOrFail((int) $data['package_id']);

        $session = $this->sessions->createOrResume($user, $package, array_merge(
            CheckoutRequestContext::fromRequest($request),
            [
                'tenant' => $tenant,
                'locale' => $data['locale'] ?? null,
            ]
        ));

        $this->sessions->selectProvider($session, CheckoutSession::PROVIDER_PAYPAL);

        $now = now();
        $session->forceFill([
            'accepted_terms_at' => $now,
            'accepted_privacy_at' => $now,
            'accepted_withdrawal_notice_at' => $now,
            'digital_content_waiver_at' => null,
            'legal_version' => $this->resolveLegalVersion(),
        ])->save();

        $couponCode = Str::upper(trim((string) ($data['coupon_code'] ?? '')));

        if ($couponCode !== '') {
            $preview = $this->coupons->preview($couponCode, $package, $tenant, CheckoutSession::PROVIDER_PAYPAL);
            $this->sessions->applyCoupon($session, $preview['coupon'], $preview['pricing']);
        }

        $successUrl = $data['return_url'] ?? null;
        $cancelUrl = $data['cancel_url'] ?? $successUrl;
        $paypalReturnUrl = route('paypal.return', absolute: true);

        try {
            $order = $this->orders->createOrder($session, $package, [
                'return_url' => $paypalReturnUrl,
                'cancel_url' => $paypalReturnUrl,
                'locale' => $data['locale'] ?? $session->locale,
                'request_id' => $session->id,
            ]);
        } catch (PayPalException $exception) {
            Log::warning('PayPal order creation failed', [
                'session_id' => $session->id,
                'message' => $exception->getMessage(),
                'status' => $exception->status(),
                'context' => $exception->context(),
            ]);

            throw ValidationException::withMessages([
                'paypal' => __('marketing.packages.paypal_checkout_failed', [], app()->getLocale())
                    ?: 'Unable to create PayPal checkout.',
            ]);
        }

        $orderId = $order['id'] ?? null;
        if (! is_string($orderId) || $orderId === '') {
            throw ValidationException::withMessages([
                'paypal' => 'PayPal order ID missing.',
            ]);
        }

        $approveUrl = $this->orders->resolveApproveUrl($order);

        $session->forceFill([
            'paypal_order_id' => $orderId,
            'provider_metadata' => array_merge($session->provider_metadata ?? [], array_filter([
                'paypal_order_id' => $orderId,
                'paypal_status' => $order['status'] ?? null,
                'paypal_approve_url' => $approveUrl,
                'paypal_success_url' => $successUrl,
                'paypal_cancel_url' => $cancelUrl,
                'paypal_created_at' => now()->toIso8601String(),
            ])),
        ])->save();

        $this->sessions->markRequiresCustomerAction($session, 'paypal_approval');

        return response()->json([
            'order_id' => $orderId,
            'approve_url' => $approveUrl,
            'status' => $order['status'] ?? null,
            'checkout_session_id' => $session->id,
        ]);
    }

    public function capture(PayPalCaptureRequest $request): JsonResponse
    {
        $data = $request->validated();

        $session = CheckoutSession::findOrFail($data['checkout_session_id']);
        $orderId = (string) $data['order_id'];

        if ($session->status === CheckoutSession::STATUS_COMPLETED) {
            return response()->json([
                'status' => $session->status,
                'completed_at' => optional($session->completed_at)->toIso8601String(),
                'checkout_session_id' => $session->id,
            ]);
        }

        if ($session->provider !== CheckoutSession::PROVIDER_PAYPAL) {
            $this->sessions->selectProvider($session, CheckoutSession::PROVIDER_PAYPAL);
        }

        try {
            $capture = $this->orders->captureOrder($orderId, [
                'request_id' => $session->id,
            ]);
        } catch (PayPalException $exception) {
            Log::warning('PayPal capture failed', [
                'session_id' => $session->id,
                'order_id' => $orderId,
                'message' => $exception->getMessage(),
                'status' => $exception->status(),
                'context' => $exception->context(),
            ]);

            $this->sessions->markFailed($session, 'paypal_capture_failed');
            $this->couponRedemptions->recordFailure($session, 'paypal_capture_failed');

            return response()->json([
                'status' => CheckoutSession::STATUS_FAILED,
                'checkout_session_id' => $session->id,
            ], 422);
        }

        $status = strtoupper((string) ($capture['status'] ?? ''));
        $captureId = $this->orders->resolveCaptureId($capture);
        $totals = $this->orders->resolveTotals($capture);

        $session->forceFill([
            'paypal_order_id' => $orderId,
            'paypal_capture_id' => $captureId,
            'provider_metadata' => array_merge($session->provider_metadata ?? [], array_filter([
                'paypal_order_id' => $orderId,
                'paypal_capture_id' => $captureId,
                'paypal_status' => $status ?: null,
                'paypal_totals' => $totals !== [] ? $totals : null,
                'paypal_captured_at' => now()->toIso8601String(),
            ])),
        ])->save();

        if ($status === 'COMPLETED') {
            $this->sessions->markProcessing($session, [
                'paypal_status' => $status,
                'paypal_capture_id' => $captureId,
            ]);

            $this->assignment->finalise($session, [
                'source' => 'paypal_capture',
                'provider' => CheckoutSession::PROVIDER_PAYPAL,
                'provider_reference' => $captureId ?? $orderId,
                'payload' => $capture,
            ]);

            $this->sessions->markCompleted($session, now());
            $this->couponRedemptions->recordSuccess($session, $capture);

            return response()->json([
                'status' => CheckoutSession::STATUS_COMPLETED,
                'completed_at' => optional($session->completed_at)->toIso8601String(),
                'checkout_session_id' => $session->id,
            ]);
        }

        if (in_array($status, ['PAYER_ACTION_REQUIRED', 'PENDING'], true)) {
            $this->sessions->markRequiresCustomerAction($session, 'paypal_pending');

            return response()->json([
                'status' => CheckoutSession::STATUS_REQUIRES_CUSTOMER_ACTION,
                'checkout_session_id' => $session->id,
            ], 202);
        }

        $this->sessions->markFailed($session, 'paypal_'.$status);
        $this->couponRedemptions->recordFailure($session, 'paypal_'.$status);

        return response()->json([
            'status' => CheckoutSession::STATUS_FAILED,
            'checkout_session_id' => $session->id,
        ], 422);
    }

    protected function resolveLegalVersion(): string
    {
        return config('app.legal_version', now()->toDateString());
    }
}