src/Api/Billing/Controllers/BaseProviderController.cs

using Bit.Core;
using Bit.Core.AdminConsole.Entities.Provider;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Billing.Extensions;
using Bit.Core.Context;
using Bit.Core.Models.Api;
using Bit.Core.Services;
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;

namespace Bit.Api.Billing.Controllers;

public abstract class BaseProviderController(
    ICurrentContext currentContext,
    IFeatureService featureService,
    ILogger<BaseProviderController> logger,
    IProviderRepository providerRepository,
    IUserService userService) : Controller
{
    protected readonly IUserService UserService = userService;

    protected static NotFound<ErrorResponseModel> NotFoundResponse() =>
        TypedResults.NotFound(new ErrorResponseModel("Resource not found."));

    protected static JsonHttpResult<ErrorResponseModel> ServerErrorResponse(string errorMessage) =>
        TypedResults.Json(
            new ErrorResponseModel(errorMessage),
            statusCode: StatusCodes.Status500InternalServerError);

    protected static JsonHttpResult<ErrorResponseModel> UnauthorizedResponse() =>
        TypedResults.Json(
            new ErrorResponseModel("Unauthorized."),
            statusCode: StatusCodes.Status401Unauthorized);

    protected Task<(Provider, IResult)> TryGetBillableProviderForAdminOperation(
        Guid providerId) => TryGetBillableProviderAsync(providerId, currentContext.ProviderProviderAdmin);

    protected Task<(Provider, IResult)> TryGetBillableProviderForServiceUserOperation(
        Guid providerId) => TryGetBillableProviderAsync(providerId, currentContext.ProviderUser);

    private async Task<(Provider, IResult)> TryGetBillableProviderAsync(
        Guid providerId,
        Func<Guid, bool> checkAuthorization)
    {
        if (!featureService.IsEnabled(FeatureFlagKeys.EnableConsolidatedBilling))
        {
            logger.LogError(
                "Cannot run Consolidated Billing operation for provider ({ProviderID}) while feature flag is disabled",
                providerId);

            return (null, NotFoundResponse());
        }

        var provider = await providerRepository.GetByIdAsync(providerId);

        if (provider == null)
        {
            logger.LogError(
                "Cannot find provider ({ProviderID}) for Consolidated Billing operation",
                providerId);

            return (null, NotFoundResponse());
        }

        if (!checkAuthorization(providerId))
        {
            var user = await UserService.GetUserByPrincipalAsync(User);

            logger.LogError(
                "User ({UserID}) is not authorized to perform Consolidated Billing operation for provider ({ProviderID})",
                user?.Id, providerId);

            return (null, UnauthorizedResponse());
        }

        if (!provider.IsBillable())
        {
            logger.LogError(
                "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is not billable",
                providerId);

            return (null, UnauthorizedResponse());
        }

        if (provider.IsStripeEnabled())
        {
            return (provider, null);
        }

        logger.LogError(
            "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is missing Stripe configuration",
            providerId);

        return (null, ServerErrorResponse("Something went wrong with your request. Please contact support."));
    }
}
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								using Bit.Core;
 								using Bit.Core.AdminConsole.Entities.Provider;
 								using Bit.Core.AdminConsole.Repositories;
 								using Bit.Core.Billing.Extensions;
 								using Bit.Core.Context;
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								using Bit.Core.Models.Api;
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								using Bit.Core.Services;
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								using Microsoft.AspNetCore.Http.HttpResults;
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								using Microsoft.AspNetCore.Mvc;
 								namespace Bit.Api.Billing.Controllers;
 								public abstract class BaseProviderController(
 								    ICurrentContext currentContext,
 								    IFeatureService featureService,
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								    ILogger<BaseProviderController> logger,
 								    IProviderRepository providerRepository,
 								    IUserService userService) : Controller
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								{
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								    protected readonly IUserService UserService = userService;
 								    protected static NotFound<ErrorResponseModel> NotFoundResponse() =>
 								        TypedResults.NotFound(new ErrorResponseModel("Resource not found."));
 								    protected static JsonHttpResult<ErrorResponseModel> ServerErrorResponse(string errorMessage) =>
 								        TypedResults.Json(
 								            new ErrorResponseModel(errorMessage),
 								            statusCode: StatusCodes.Status500InternalServerError);
 								    protected static JsonHttpResult<ErrorResponseModel> UnauthorizedResponse() =>
 								        TypedResults.Json(
 								            new ErrorResponseModel("Unauthorized."),
 								            statusCode: StatusCodes.Status401Unauthorized);
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								    protected Task<(Provider, IResult)> TryGetBillableProviderForAdminOperation(
 								        Guid providerId) => TryGetBillableProviderAsync(providerId, currentContext.ProviderProviderAdmin);
 								    protected Task<(Provider, IResult)> TryGetBillableProviderForServiceUserOperation(
 								        Guid providerId) => TryGetBillableProviderAsync(providerId, currentContext.ProviderUser);
 								    private async Task<(Provider, IResult)> TryGetBillableProviderAsync(
 								        Guid providerId,
 								        Func<Guid, bool> checkAuthorization)
 								    {
 								        if (!featureService.IsEnabled(FeatureFlagKeys.EnableConsolidatedBilling))
 								        {
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								            logger.LogError(
 								                "Cannot run Consolidated Billing operation for provider ({ProviderID}) while feature flag is disabled",
 								                providerId);
 								            return (null, NotFoundResponse());
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								        }
 								        var provider = await providerRepository.GetByIdAsync(providerId);
 								        if (provider == null)
 								        {
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								            logger.LogError(
 								                "Cannot find provider ({ProviderID}) for Consolidated Billing operation",
 								                providerId);
 								            return (null, NotFoundResponse());
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								        }
 								        if (!checkAuthorization(providerId))
 								        {
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								            var user = await UserService.GetUserByPrincipalAsync(User);
 								            logger.LogError(
 								                "User ({UserID}) is not authorized to perform Consolidated Billing operation for provider ({ProviderID})",
 								                user?.Id, providerId);
 								            return (null, UnauthorizedResponse());
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								        }
 								        if (!provider.IsBillable())
 								        {
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								            logger.LogError(
 								                "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is not billable",
 								                providerId);
 								            return (null, UnauthorizedResponse());
 								        }
 								        if (provider.IsStripeEnabled())
 								        {
 								            return (provider, null);
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								        }
-												[AC-2888] Improve consolidated billing error handling (#4548)

* Fix error handling in provider setup process

This update ensures that when 'enable-consolidated-billing' is on, any exception thrown during the Stripe customer or subscription setup process for the provider will block the remainder of the setup process so the provider does not enter an invalid state

* Refactor the way BillingException is thrown

Made it simpler to just use the exception constructor and also ensured it was added to the exception handling middleware so it could provide a simple response to the client

* Handle all Stripe exceptions in exception handling middleware

* Fixed error response output for billing's provider controllers

* Cleaned up billing owned provider controllers

Changes were made based on feature updates by product and stuff that's no longer needed. No need to expose sensitive endpoints when they're not being used.

* Reafctored get invoices

Removed unnecssarily bloated method from SubscriberService

* Updated error handling for generating the client invoice report

* Moved get provider subscription to controller

This is only used once and the service layer doesn't seem like the correct choice anymore when thinking about error handling with retrieval

* Handled bad request for update tax information

* Split out Stripe configuration from unauthorization

* Run dotnet format

* Addison's feedback
											
										
										
											2024-07-31 09:26:44 -04:00
+								        logger.LogError(
 								            "Cannot run Consolidated Billing operation for provider ({ProviderID}) that is missing Stripe configuration",
 								            providerId);
 								        return (null, ServerErrorResponse("Something went wrong with your request. Please contact support."));
-												[AC-2774] Consolidated issues for Consolidated Billing (#4201)

* Add BaseProviderController, update some endpoints to ServiceUser permissions

* Prevent service user from scaling provider seats above seat minimum

* Expand invoice response to include DueDate
											
										
										
											2024-06-24 11:15:47 -04:00
+								    }
 								}