Add Stripe payment integration for donations

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

main.go

@@ -8,6 +8,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"html/template"
+	"io"
 	"log"
 	"net/http"
 	"os"
@@ -15,6 +16,9 @@ import (
 	"strings"
 
 	_ "github.com/lib/pq"
+	"github.com/stripe/stripe-go/v76"
+	"github.com/stripe/stripe-go/v76/checkout/session"
+	"github.com/stripe/stripe-go/v76/webhook"
 	"google.golang.org/api/idtoken"
 )
 
@@ -52,9 +56,13 @@ func init() {
 }
 
 func main() {
+	stripe.Key = os.Getenv("STRIPE_SECRET_KEY")
+
 	http.HandleFunc("/", handleStatic)
 	http.HandleFunc("/auth/google/callback", handleGoogleCallback)
 	http.HandleFunc("/api/rsvp/", handleRSVP)
+	http.HandleFunc("/api/donate/", handleDonate)
+	http.HandleFunc("/api/stripe/webhook", handleStripeWebhook)
 
 	log.Println("server starting on :8080")
 	log.Fatal(http.ListenAndServe(":8080", nil))
@@ -174,23 +182,18 @@ func handleRSVP(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
 		var numPeople int
-		var totalPeople int
-		err := db.QueryRow("SELECT num_people FROM rsvps WHERE event_id = $1 AND google_username = $2", eventID, email).Scan(&numPeople)
+		var donation float64
+		err := db.QueryRow("SELECT num_people, donation FROM rsvps WHERE event_id = $1 AND google_username = $2", eventID, email).Scan(&numPeople, &donation)
 		if err == sql.ErrNoRows {
 			numPeople = 0
+			donation = 0
 		} else if err != nil {
 			log.Println("[ERROR] failed to query rsvp:", err)
 			http.Error(w, "database error", http.StatusInternalServerError)
 			return
 		}
-		err = db.QueryRow("SELECT COALESCE(SUM(num_people), 0) FROM rsvps WHERE event_id = $1", eventID).Scan(&totalPeople)
-		if err != nil {
-			log.Println("[ERROR] failed to query total:", err)
-			http.Error(w, "database error", http.StatusInternalServerError)
-			return
-		}
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(map[string]int{"numPeople": numPeople, "totalPeople": totalPeople})
+		json.NewEncoder(w).Encode(map[string]any{"numPeople": numPeople, "donation": donation})
 
 	case http.MethodPost:
 		var req struct {
@@ -209,12 +212,115 @@ func handleRSVP(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "database error", http.StatusInternalServerError)
 			return
 		}
-		var totalPeople int
-		db.QueryRow("SELECT COALESCE(SUM(num_people), 0) FROM rsvps WHERE event_id = $1", eventID).Scan(&totalPeople)
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(map[string]int{"numPeople": req.NumPeople, "totalPeople": totalPeople})
+		json.NewEncoder(w).Encode(map[string]int{"numPeople": req.NumPeople})
 
 	default:
 		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
 	}
 }
+
+func handleDonate(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	eventID := strings.TrimPrefix(r.URL.Path, "/api/donate/")
+	if eventID == "" {
+		http.Error(w, "missing event id", http.StatusBadRequest)
+		return
+	}
+
+	token := r.Header.Get("Authorization")
+	email, ok := verifyToken(strings.TrimPrefix(token, "Bearer "))
+	if !ok {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	var req struct {
+		Amount int64 `json:"amount"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "invalid json", http.StatusBadRequest)
+		return
+	}
+
+	if req.Amount < 100 {
+		http.Error(w, "minimum donation is $1", http.StatusBadRequest)
+		return
+	}
+
+	params := &stripe.CheckoutSessionParams{
+		Mode: stripe.String(string(stripe.CheckoutSessionModePayment)),
+		LineItems: []*stripe.CheckoutSessionLineItemParams{
+			{
+				PriceData: &stripe.CheckoutSessionLineItemPriceDataParams{
+					Currency: stripe.String("usd"),
+					ProductData: &stripe.CheckoutSessionLineItemPriceDataProductDataParams{
+						Name: stripe.String("Donation - Applause for a Cause"),
+					},
+					UnitAmount: stripe.Int64(req.Amount),
+				},
+				Quantity: stripe.Int64(1),
+			},
+		},
+		SuccessURL: stripe.String(os.Getenv("BASE_URL") + "/" + eventID + ".html?donated=1"),
+		CancelURL:  stripe.String(os.Getenv("BASE_URL") + "/" + eventID + ".html"),
+		Metadata: map[string]string{
+			"event_id": eventID,
+			"email":    email,
+		},
+	}
+
+	s, err := session.New(params)
+	if err != nil {
+		log.Println("[ERROR] failed to create checkout session:", err)
+		http.Error(w, "failed to create checkout session", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]string{"url": s.URL})
+}
+
+func handleStripeWebhook(w http.ResponseWriter, r *http.Request) {
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		http.Error(w, "failed to read body", http.StatusBadRequest)
+		return
+	}
+
+	event, err := webhook.ConstructEvent(body, r.Header.Get("Stripe-Signature"), os.Getenv("STRIPE_WEBHOOK_SECRET"))
+	if err != nil {
+		log.Println("[ERROR] failed to verify webhook:", err)
+		http.Error(w, "invalid signature", http.StatusBadRequest)
+		return
+	}
+
+	if event.Type == "checkout.session.completed" {
+		var sess stripe.CheckoutSession
+		if err := json.Unmarshal(event.Data.Raw, &sess); err != nil {
+			log.Println("[ERROR] failed to parse session:", err)
+			http.Error(w, "failed to parse session", http.StatusBadRequest)
+			return
+		}
+
+		eventID := sess.Metadata["event_id"]
+		email := sess.Metadata["email"]
+		amount := float64(sess.AmountTotal) / 100
+
+		_, err := db.Exec(`
+			UPDATE rsvps SET donation = donation + $3
+			WHERE event_id = $1 AND google_username = $2
+		`, eventID, email, amount)
+		if err != nil {
+			log.Println("[ERROR] failed to update donation:", err)
+		} else {
+			log.Printf("recorded donation of $%.2f from %s for %s", amount, email, eventID)
+		}
+	}
+
+	w.WriteHeader(http.StatusOK)
+}