P0 — recurring + trial + renewal-webhook + self-tier live refresh
Five fixes that were all blocking real-world use of the recurring
+ tier-upgrade features. All deeply related; bundling them into one
commit because they share data flow and would be silly to land
piecemeal.
1. Subscription row created on recurring purchase
issue_license_for_invoice now calls
subscriptions::create_subscription whenever the resolved policy
has is_recurring=1. Previously the licenses row was inserted but
no corresponding subscription, so the renewal worker never picked
it up — buying a recurring policy was silently equivalent to a
one-shot purchase. Idempotent against webhook re-delivery.
2. trial_days actually does something
/v1/purchase short-circuits BEFORE pricing/discount logic when
the chosen policy has is_recurring=1 AND trial_days > 0:
synthesizes a free invoice via repo::create_free_invoice,
issues the license inline with expires_at = now + trial_days,
creates the subscription with next_renewal_at = trial_end so the
renewal worker fires the FIRST paid invoice when the trial ends.
Buyer pays nothing today. Discount codes are deliberately
ignored on trial purchases (free + discount = no-op).
3. Trial license carries the TRIAL flag
In the regular webhook issuance path, is_trial is now set
whenever (policy.is_trial OR (is_recurring AND trial_days > 0)),
so the signed payload's TRIAL bit reflects what the buyer is
actually getting and SDK consumers can render
"trial — N days remaining" correctly.
4. Renewal-pending webhook payload enriched
subscription.renewal_pending now includes buyer_email (looked up
from the license), product_id, policy_id, cycle_start_at,
cycle_end_at, due_at, and is_first_paid_cycle. With these the
operator's webhook receiver has everything it needs to render
"your free trial is ending" vs "your monthly renewal is due"
emails and forward the checkout_url to the buyer. Without this
payload upgrade, renewal invoices were created server-side but
no one knew about them.
5. Self-tier live refresh
New license_self::refresh_self_tier_from_db re-reads the
daemon's own license row from the local DB and rebuilds
state.self_tier with LIVE entitlements (not the immutable
signed-payload entitlements). Without this, an admin Change
Tier on the daemon's own license never propagates — the
running process keeps showing whatever tier was baked in at
key-signing time, even though the DB row says otherwise.
Wired to run:
- Once at boot, immediately after check_at_boot (so any tier
change between two daemon runs takes effect on next start)
- Every hour thereafter (background task in main.rs)
- On demand via POST /v1/admin/self-license/refresh, exposed
for operators who don't want to wait for the next tick
For master Keysat (the one selling licenses) the refresh
query is local. Non-master operators in v0.3+ can extend this
to call upstream `/v1/validate`. For v0.2.x, local-DB-only
resolves your testing case (downgrade yourself, click refresh,
sidebar updates, gate tests work).
6. Buy page CTA reflects trial
When the selected tier has is_recurring=1 and trial_days > 0,
the price card renders "FREE for N days" and the button reads
"Start N-day free trial" instead of "Pay with Bitcoin". Buyer
knows they aren't being charged today.
7. Invoice model gains listed_currency + listed_value
Already in the DB schema (migration 0010); the Rust model just
wasn't reading them. Needed by #1 to set the subscription's
listed_value correctly for fiat-priced recurring policies.
Test count unchanged (77 passing). The recurring-tests-still-pass
proof point isn't the test suite (these are behavioral changes
above the renewal-worker tests' scope) — it's that the renewal
worker tests construct subscriptions explicitly and don't go
through the purchase path that was broken.
This commit is contained in:
Grant
@@ -148,6 +148,93 @@ pub async fn start(
|
||||
conversion.sats
|
||||
};
|
||||
|
||||
// ----- Free-trial shortcut (recurring + trial_days > 0) -----
|
||||
// Before any pricing / discount logic: if the chosen policy is a
|
||||
// recurring subscription with trial_days > 0, the buyer pays
|
||||
// nothing today. We synthesize a settled free invoice, issue the
|
||||
// license inline with expires_at = now + trial_days, and create
|
||||
// the subscription row with next_renewal_at = trial_end so the
|
||||
// renewal worker fires the FIRST paid invoice when the trial
|
||||
// ends. Discount codes are deliberately ignored for trials —
|
||||
// they're already free; layering a discount on a free first
|
||||
// cycle is a no-op that just complicates the audit trail.
|
||||
if let Some(p) = chosen_policy.as_ref() {
|
||||
if p.is_recurring && p.trial_days > 0 {
|
||||
let free_invoice = repo::create_free_invoice(
|
||||
&state.db,
|
||||
&product.id,
|
||||
req.buyer_email.as_deref(),
|
||||
req.buyer_note.as_deref(),
|
||||
Some(p.id.as_str()),
|
||||
)
|
||||
.await?;
|
||||
|
||||
// issue_license_for_invoice handles the recurring branch
|
||||
// (creates the subscription with next_renewal_at = trial_end)
|
||||
// because we now special-case is_recurring + trial_days
|
||||
// inside that function.
|
||||
let license_id = crate::api::webhook::issue_license_for_invoice(
|
||||
&state, &free_invoice,
|
||||
)
|
||||
.await?;
|
||||
|
||||
// Re-derive the signed key.
|
||||
let lic = repo::get_license_by_invoice(&state.db, &free_invoice.id)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
AppError::Internal(anyhow::anyhow!("license vanished after issue"))
|
||||
})?;
|
||||
let flags = if lic.is_trial { FLAG_TRIAL } else { 0 };
|
||||
let expires_at_unix = lic
|
||||
.expires_at
|
||||
.as_deref()
|
||||
.and_then(|s| chrono::DateTime::parse_from_rfc3339(s).ok())
|
||||
.map(|t| t.timestamp())
|
||||
.unwrap_or(0);
|
||||
let payload = LicensePayload {
|
||||
version: KEY_VERSION_V2,
|
||||
flags,
|
||||
product_id: uuid::Uuid::parse_str(&lic.product_id)
|
||||
.map_err(|e| AppError::Internal(anyhow::anyhow!("bad product_id: {e}")))?,
|
||||
license_id: uuid::Uuid::parse_str(&lic.id)
|
||||
.map_err(|e| AppError::Internal(anyhow::anyhow!("bad license_id: {e}")))?,
|
||||
issued_at: chrono::DateTime::parse_from_rfc3339(&lic.issued_at)
|
||||
.map(|t| t.timestamp())
|
||||
.unwrap_or(0),
|
||||
expires_at: expires_at_unix,
|
||||
fingerprint_hash: [0u8; 32],
|
||||
entitlements: lic.entitlements.clone(),
|
||||
};
|
||||
let sig = sign_payload(&state.keypair.signing, &payload);
|
||||
let license_key = encode_key(&payload, &sig);
|
||||
|
||||
let poll_url = format!(
|
||||
"{}/v1/purchase/{}",
|
||||
state.config.public_base_url, free_invoice.id
|
||||
);
|
||||
|
||||
tracing::info!(
|
||||
product_slug = %req.product,
|
||||
policy_slug = %p.slug,
|
||||
trial_days = p.trial_days,
|
||||
license_id = %license_id,
|
||||
"trial license issued — no charge for first cycle"
|
||||
);
|
||||
|
||||
return Ok(Json(StartPurchaseResp {
|
||||
invoice_id: free_invoice.id.clone(),
|
||||
btcpay_invoice_id: free_invoice.btcpay_invoice_id.clone(),
|
||||
checkout_url: String::new(),
|
||||
amount_sats: 0,
|
||||
base_price_sats: base_price,
|
||||
discount_applied_sats: 0,
|
||||
poll_url,
|
||||
license_key: Some(license_key),
|
||||
license_id: Some(license_id),
|
||||
}));
|
||||
}
|
||||
}
|
||||
|
||||
// Resolve and validate the discount code if one was supplied. The
|
||||
// ordering here matters: we must atomically reserve a counter slot
|
||||
// BEFORE we create the BTCPay invoice, so that a code-cap race can't
|
||||
|
||||
Reference in New Issue
Block a user