Make patterns puchasable with stripe (#1313)

## Description:
Patterns now show how much each skin costs and can be purchased

* Refactored logic out of TerritoryPatternsModal and into Cosmetics.ts
* Role gated cosmetics are not shown if you don't have the role. This is
to prevent people trying to get roles just for the cosmetics.
* Added purchasable cosmetics.
* On purchase the backend adds the flare to the player account

<img width="1197" alt="Screenshot 2025-07-01 at 11 45 52 AM"
src="https://github.com/user-attachments/assets/b4b4b7ea-f5f4-4c61-9ced-b608f75aa9d7"
/>

## Please complete the following:

- [x] I have added screenshots for all UI updates
- [x] I process any text displayed to the user through translateText()
and I've added it to the en.json file
- [x] I have added relevant tests to the test directory
- [x] I confirm I have thoroughly tested these changes and take full
responsibility for any bugs introduced
- [x] I understand that submitting code with bugs that could have been
caught through manual testing blocks releases and new features for all
contributors

## Please put your Discord username so you can be contacted if a bug or
regression is found:

evan

Author: evanpelle

package-lock.json

@@ -96,6 +96,7 @@
     "@opentelemetry/sdk-node": "^0.200.0",
     "@opentelemetry/semantic-conventions": "^1.32.0",
     "@opentelemetry/winston-transport": "^0.11.0",
+    "@stripe/stripe-js": "^7.4.0",
     "@types/express": "^4.17.21",
     "@types/google-protobuf": "^3.15.12",
     "@types/hammerjs": "^2.0.45",

package.json

@@ -496,9 +496,10 @@
   },
   "territory_patterns": {
     "title": "Select Territory Pattern",
+    "purchase": "Purchase",
     "blocked": {
       "login": "You must be logged in to access this pattern.",
-      "role": "This pattern requires the {role} role."
+      "purchase": "Purchase this pattern to unlock it."
     },
     "pattern": {
       "default": "Default",

resources/lang/en.json

@@ -0,0 +1,145 @@
+import { UserMeResponse } from "../core/ApiSchemas";
+import { COSMETICS } from "../core/CosmeticSchemas";
+import { getApiBase, getAuthHeader } from "./jwt";
+import { translateText } from "./Utils";
+
+interface StripeProduct {
+  id: string;
+  object: "product";
+  active: boolean;
+  created: number;
+  description: string | null;
+  images: string[];
+  livemode: boolean;
+  metadata: Record<string, string>;
+  name: string;
+  shippable: boolean | null;
+  type: "good" | "service";
+  updated: number;
+  url: string | null;
+  price: string;
+  price_id: string;
+}
+
+export interface Pattern {
+  name: string;
+  key: string;
+  roleGroup?: string;
+  price?: string;
+  priceId?: string;
+  lockedReason?: string;
+  notShown?: boolean;
+}
+
+export async function patterns(
+  userMe: UserMeResponse | null,
+): Promise<Pattern[]> {
+  const patterns: Pattern[] = Object.entries(COSMETICS.patterns).map(
+    ([key, patternData]) => {
+      return {
+        name: patternData.name,
+        key,
+        roleGroup: patternData.role_group,
+      };
+    },
+  );
+
+  const products = await listAllProducts();
+  patterns.forEach((pattern) => {
+    addRestrictions(pattern, userMe, products);
+  });
+  return patterns;
+}
+
+function addRestrictions(
+  pattern: Pattern,
+  userMe: UserMeResponse | null,
+  products: Map<string, StripeProduct>,
+) {
+  if (userMe === null) {
+    if (products.has(`pattern:${pattern.name}`)) {
+      // Purchasable (flare-gated) patterns are shown as disabled
+      pattern.lockedReason = translateText("territory_patterns.blocked.login");
+    } else {
+      // Role-gated patterns are not shown
+      pattern.notShown = true;
+    }
+    return;
+  }
+  const flares = userMe.player.flares ?? [];
+  if (
+    flares.includes("pattern:*") ||
+    flares.includes(`pattern:${pattern.name}`)
+  ) {
+    // Pattern is unlocked by flare
+    return;
+  }
+
+  const roles = userMe.player.roles ?? [];
+  if (roles.some((role) => role === pattern.roleGroup)) {
+    // Pattern is unlocked by role
+    return;
+  }
+
+  const product = products.get(`pattern:${pattern.name}`);
+  if (product) {
+    pattern.price = product.price;
+    pattern.priceId = product.price_id;
+    pattern.lockedReason = translateText("territory_patterns.blocked.purchase");
+    return;
+  }
+
+  // Pattern is locked by role group and not purchasable, don't show it.
+  pattern.notShown = true;
+}
+
+export async function handlePurchase(priceId: string) {
+  try {
+    const response = await fetch(
+      `${getApiBase()}/stripe/create-checkout-session`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          authorization: getAuthHeader(),
+        },
+        body: JSON.stringify({
+          priceId: priceId,
+          successUrl: `${window.location.href}purchase-success`,
+          cancelUrl: `${window.location.href}purchase-cancel`,
+        }),
+      },
+    );
+
+    if (!response.ok) {
+      throw new Error(`HTTP error! status: ${response.status}`);
+    }
+
+    const { url } = await response.json();
+
+    // Redirect to Stripe checkout
+    window.location.href = url;
+  } catch (error) {
+    console.error("Purchase error:", error);
+    alert("Something went wrong. Please try again later.");
+  }
+}
+
+// Returns a map of flare -> product
+export async function listAllProducts(): Promise<Map<string, StripeProduct>> {
+  try {
+    const response = await fetch(`${getApiBase()}/stripe/products`);
+    if (!response.ok) {
+      throw new Error(`HTTP error! status: ${response.status}`);
+    }
+    const products = (await response.json()) as StripeProduct[];
+    const productMap = new Map<string, StripeProduct>();
+    products.forEach((product) => {
+      productMap.set(product.metadata.flare, product);
+    });
+    return productMap;
+  } catch (error) {
+    console.error("Failed to fetch products:", error);
+    return new Map();
+  }
+}

src/client/Cosmetics.ts

@@ -207,6 +207,7 @@ class Client {
       loginDiscordButton.translationKey = "main.login_discord";
       loginDiscordButton.addEventListener("click", discordLogin);
       logoutDiscordButton.hidden = true;
+      territoryModal.onUserMe(null);
     } else {
       // JWT appears to be valid
       loginDiscordButton.disable = true;
@@ -215,12 +216,12 @@ class Client {
       logoutDiscordButton.addEventListener("click", () => {
         // Log out
         logOut();
+        territoryModal.onUserMe(null);
         loginDiscordButton.disable = false;
         loginDiscordButton.translationKey = "main.login_discord";
         loginDiscordButton.hidden = false;
         loginDiscordButton.addEventListener("click", discordLogin);
         logoutDiscordButton.hidden = true;
-        territoryModal.onLogout();
       });
       // Look up the discord user object.
       // TODO: Add caching
@@ -231,6 +232,7 @@ class Client {
           loginDiscordButton.translationKey = "main.login_discord";
           loginDiscordButton.addEventListener("click", discordLogin);
           logoutDiscordButton.hidden = true;
+          territoryModal.onUserMe(null);
           return;
         }
         console.log(