bharos · bharos · May 14, 2025 · May 14, 2025 · May 16, 2025 · May 23, 2025
diff --git a/docs/automated-webhook-verification.md b/docs/automated-webhook-verification.md
@@ -0,0 +1,89 @@
+# Automated Donation Verification with Every.org Webhooks
+
+This document explains how the automated webhook verification works and how to test it.
+
+## How It Works
+
+When a user makes a donation through your Every.org integration, the verification happens automatically:
+
+1. User clicks "Donate" in the Stash app
+2. A donation intent is created in your database with a unique reference
+3. User is redirected to Every.org to complete the donation
+4. After successful donation, Every.org sends a webhook to your endpoint
+5. Your webhook handler:
+   - Verifies the webhook signature
+   - Finds the donation reference in your database
+   - Awards premium access and tokens to the user
+   - No manual verification needed!
+
+## The Manual Verification Fallback
+
+The manual verification form (DonationVerification.js) is only needed in rare cases:
+- If the webhook fails to reach your server
+- If the user donates directly on Every.org without using your donation link
+- During development/testing without an actual webhook
+
+## Testing the Webhook Flow
+
+To test the automated webhook flow:
+
+1. **Start your development server**
+   ```bash
+   npm run dev
+   ```
+
+2. **Create a test donation intent**
+   ```bash
+   # Replace USER_ID with an actual user ID from your database
+   node scripts/create-test-donation.js USER_ID
+   ```
+   This will output a donation reference like `stash-12345678-abc123`.
+
+3. **Simulate a webhook from Every.org**
+   ```bash
+   # Use the reference from step 2
+   node scripts/test-webhook.js stash-12345678-abc123
+   ```
+
+4. **Check the database for updates**
+   ```bash
+   # Open the Supabase dashboard to check:
+   # - donation_intents (status should be 'completed')
+   # - user_tokens (should have premium_until updated)
+   # - token_transactions (should have new transaction for donation bonus)
+   ```
+
+## Production Webhook Configuration
+
+For production, make sure:
+
+1. Your webhook endpoint is publicly accessible
+2. You've enabled strict signature validation (uncommented in every-org.js)
+3. All required environment variables are set:
+   ```
+   EVERY_ORG_API_KEY=your_api_key
+   EVERY_ORG_WEBHOOK_SECRET=your_webhook_secret
+   EVERY_ORG_WEBHOOK_TOKEN=e71db07a8ecdea69eea81bf0
+   ```
+4. You've registered your webhook URL in the Every.org Partners portal:
+   ```
+   https://your-production-domain.com/api/webhooks/every-org
+   ```
+
+## Common Issues and Solutions
+
+- **Webhook not being received**: Check network/firewall settings
+- **Signature validation fails**: Ensure webhook secret matches in your code and Every.org dashboard
+- **Donation reference not found**: The donation intent might not exist in your database
+- **User not getting premium**: Check webhook handler logs for errors
+
+## Monitoring Webhook Performance
+
+To ensure webhooks are working properly:
+
+1. Log all incoming webhooks with timestamps
+2. Implement health checks to verify webhook processing
+3. Set up alerts for failed webhook processing
+4. Track metrics on webhook success rate and response time
+
+With proper setup, users should automatically receive their premium access and tokens within seconds of completing a donation, with no manual verification needed!
diff --git a/docs/every-org-donation-readme.md b/docs/every-org-donation-readme.md
@@ -0,0 +1,170 @@
+# Every.org Donation Integration for Stash App
+
+This integration connects Stash with Every.org to provide users with premium access benefits in exchange for donations to non-profit organizations, while complying with H1B visa restrictions.
+
+## Features
+
+- Users can donate $10+ to any nonprofit on Every.org
+- Donation benefits:
+  - $10+ donation: 30 days of premium access
+  - All donations: 300 coins base + 30 coins for each dollar above $10
+- Full donation tracking and history
+- Secure webhook handling with signature verification
+- Success and cancel pages with status checking
+- Mobile-responsive donation UI
+- Fallback to verified nonprofits for reliability
+
+## Architecture
+
+The donation flow consists of the following components:
+
+1. **Frontend Components**:
+   - `DonationComponent.js` - Main UI for selecting a charity and donation amount
+   - `ContentPaywall.js` - Integrated donation option in the content paywall
+   - Success/cancel pages for post-donation flows
+
+2. **API Endpoints**:
+   - `/api/donations/create.js` - Creates a donation intent and redirects to Every.org checkout
+   - `/api/donations/status.js` - Checks the status of a donation
+   - `/api/webhooks/every-org.js` - Processes webhooks from Every.org when donations complete
+
+3. **Database Tables**:
+   - **donation_intents**: Tracks initiated donations (pending status)
+   - **donation_records**: Stores completed donations
+   - **user_tokens**: Manages premium membership status
+   - **token_transactions**: Records bonus tokens awarded from donations
+
+### API Endpoints
+
+- **/api/donations/create**: Initiates donation and redirects to Every.org checkout
+- **/api/donations/status**: Checks status of a donation by reference
+- **/api/webhooks/every-org**: Processes webhooks from Every.org
+- **/api/donations**: Retrieves donation history for current user
+
+### Frontend Components
+
+- **DonationComponent.js**: Main donation UI with charity selection and amount input
+- **ContentPaywall.js**: Updated with donation tab alongside post and premium options
+- **Success/Cancel Pages**: Handle post-donation user experience
+
+## Donation Flow
+
+### 1. Initiating a Donation
+
+The donation flow begins when a user selects a non-profit and an amount in the DonationComponent:
+
+1. The frontend calls `/api/donations/create` with:
+   - Selected non-profit's ID
+   - Donation amount
+   - User's authentication token
+
+2. The server:
+   - Validates the user and inputs
+   - Creates a donation intent record in the database
+   - Calls Every.org's API to create a checkout URL
+   - Returns the checkout URL to the client
+
+3. The client redirects the user to the Every.org checkout page
+
+### 2. Donation Completion
+
+After completing the donation on Every.org:
+
+1. Every.org redirects the user back to Stash's success page `/donation/success?ref=[reference]`
+2. Every.org also sends a webhook notification to `/api/webhooks/every-org`
+
+### 3. Webhook Processing
+
+When the webhook is received:
+
+1. The server validates the webhook signature
+2. Finds the corresponding donation intent in the database
+3. Updates the user's premium membership status based on the donation amount
+4. Awards bonus tokens to the user (50 base + 10 per dollar donated)
+5. Creates a donation record in the `donation_records` table
+6. Records the token transaction in `token_transactions`
+7. Updates the donation intent status to "completed"
+
+## Testing
+
+For testing the donation integration, these scripts are available:
+
+- `scripts/test-everyorg-api.js` - Tests basic API connectivity
+- `scripts/list-nonprofits.js` - Lists valid non-profits from Every.org
+- `scripts/test-donation-creation.js` - Tests donation checkout creation
+- `scripts/test-webhook.js` - Simulates a webhook from Every.org
+- `scripts/create-test-donation.js` - Creates a complete test donation flow
+
+Before production deployment:
+1. Test with sandbox API credentials
+2. Verify premium days are correctly awarded
+3. Check token awards are processed
+4. Test both success and failure flows
+5. Verify webhook signature verification
+
+## Known Valid Nonprofits
+
+The following nonprofit IDs are confirmed to work with Every.org:
+
+- wildlife-conservation-network
+- doctors-without-borders-usa
+- against-malaria-foundation-usa
+- givedirectly
+- electronic-frontier-foundation
+- code-for-america
+- wikimedia-foundation
+- khan-academy
+- water-org
+- direct-relief
+
+## Troubleshooting
+
+### Common Issues:
+
+1. **"Not found" error from Every.org API**:
+   - Ensure you're using a valid nonprofit ID from the verified list above
+   - If issues persist, the API will fall back to a known working nonprofit
+
+2. **Webhook not processing**:
+   - Check webhook signature verification is properly configured
+   - Temporarily disable signature verification during testing
+   - Use the `test-webhook.js` script to simulate webhook events
+
+3. **Missing premium access after donation**:
+   - Check if the webhook was properly received and processed
+   - Verify the database records in `donation_records` and `user_tokens`
+   - Use the `create-test-donation.js` script to manually test the flow
+
+## Compliance
+
+This integration complies with H1B visa restrictions on monetization:
+- All funds go directly to nonprofits
+- Stash does not receive any financial compensation
+- Premium access is provided as a gift in exchange for charitable donations
+- Using an established donation platform (Every.org) to process payments
+
+See `docs/every-org-setup.md` for detailed setup and configuration instructions.
+
+## Testing Scripts
+
+For testing and debugging the donation flow, several scripts are available in the `scripts/` directory:
+
+```bash
+# Test basic API connectivity to Every.org
+node scripts/test-everyorg-api.js
+
+# List valid nonprofits from Every.org
+node scripts/list-nonprofits.js
+
+# Test donation checkout URL creation
+node scripts/test-donation-creation.js
+
+# Run a complete donation test with a specific user ID
+node scripts/full-donation-test.js <user-id>
+
+# Simulate a donation webhook from Every.org
+node scripts/test-webhook.js <donation-reference>
+
+# Create a test donation record directly in the database
+node scripts/create-test-donation.js <user-id>
+```
diff --git a/docs/every-org-integration-report.md b/docs/every-org-integration-report.md
@@ -0,0 +1,58 @@
+# Every.org Integration Completion Report
+
+## Overview
+
+The Every.org donation integration for Stash has been successfully implemented, allowing users to donate to non-profit organizations through Every.org and receive premium membership benefits in return, all while complying with H1B visa restrictions.
+
+## Implementation Status
+
+### Database Integration
+- ✅ Created donation_intents table to track initiated donations
+- ✅ Created donation_records table to store completed donations
+- ✅ Added appropriate indexes for performance
+- ✅ Set up triggers for updated_at timestamp maintenance
+
+### API Endpoints
+- ✅ Created /api/donations/create.js for donation initiation
+- ✅ Implemented /api/donations/status.js for status checking
+- ✅ Developed /api/webhooks/every-org.js for webhook processing
+- ✅ Added proper error handling for all endpoints
+- ✅ Implemented fallback to known working nonprofits
+
+### Frontend Components
+- ✅ Created DonationComponent with charity selection and amounts
+- ✅ Updated ContentPaywall to include donation option
+- ✅ Developed success/cancel pages for post-donation experience
+- ✅ Added compact UI for mobile devices
+
+### Testing Tools
+- ✅ Created test-everyorg-api.js for basic API connectivity
+- ✅ Implemented list-nonprofits.js for charity validation
+- ✅ Built test-donation-creation.js for checkout testing
+- ✅ Developed test-webhook.js to simulate donation completion
+- ✅ Added full-donation-test.js for end-to-end flow testing
+- ✅ Created check-test-data.js for database verification
+
+### Documentation
+- ✅ Wrote comprehensive every-org-donation-readme.md
+- ✅ Updated every-org-setup.md with detailed configuration
+- ✅ Added troubleshooting section for common issues
+
+## Next Steps
+
+### Production Preparation
+1. Replace sandbox API keys with live keys
+2. Configure real webhook secret
+3. Ensure SSL/TLS is enabled for all webhook endpoints
+4. Set up monitoring for webhook events
+5. Configure error reporting for failed donations
+
+### Future Enhancements
+1. Add donation history page for users
+2. Implement donation receipts/confirmation emails
+3. Add optional recurring donations
+4. Develop more advanced nonprofit search features
+
+## Conclusion
+
+The Every.org donation integration is complete and ready for testing in the staging environment. All major functionality has been implemented, and the donation flow has been tested end-to-end. The integration complies with H1B visa restrictions while providing users with a valuable way to support nonprofits and receive premium benefits in return.