npm - payment-kit - Versions diffs - 1.13.154 → 1.13.156 - Mend

payment-kit 1.13.154 → 1.13.156

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/api/src/routes/subscriptions.ts +28 -18
package/blocklet.yml +1 -1
package/package.json +4 -4
package/src/pages/admin/index.tsx +9 -1

package/api/src/routes/subscriptions.ts CHANGED Viewed

@@ -255,25 +255,31 @@ router.put('/:id/cancel', authPortal, async (req, res) => {
     updates.cancelation_details = { reason: 'cancellation_requested', feedback, comment };
     updates.canceled_at = now;
     await addSubscriptionJob(subscription, 'cancel', true, updates.cancel_at);
-  } else if (at === 'now') {
-    updates.status = 'canceled';
-    updates.cancel_at = now;
-    updates.canceled_at = now;
-    await addSubscriptionJob(subscription, 'cancel', true, updates.cancel_at);
-  } else if (at === 'current_period_end') {
-    updates.cancel_at_period_end = true;
-    updates.cancel_at = subscription.current_period_end;
-    updates.canceled_at = now;
-    await addSubscriptionJob(subscription, 'cancel', true, updates.cancel_at);
   } else {
-    updates.cancel_at = dayjs(time).unix();
-    updates.canceled_at = now;
-    await addSubscriptionJob(
-      subscription,
-      'cancel',
-      updates.cancel_at < subscription.current_period_end,
-      updates.cancel_at
-    );
+    if (['owner', 'admin'].includes(req.user?.role as string) === false) {
+      return res.status(403).json({ error: 'Not authorized to perform this action' });
+    }
+    if (at === 'now') {
+      updates.status = 'canceled';
+      updates.cancel_at = now;
+      updates.canceled_at = now;
+      await addSubscriptionJob(subscription, 'cancel', true, updates.cancel_at);
+    } else if (at === 'current_period_end') {
+      updates.cancel_at_period_end = true;
+      updates.cancel_at = subscription.current_period_end;
+      updates.canceled_at = now;
+      await addSubscriptionJob(subscription, 'cancel', true, updates.cancel_at);
+    } else {
+      updates.cancel_at = dayjs(time).unix();
+      updates.canceled_at = now;
+      await addSubscriptionJob(
+        subscription,
+        'cancel',
+        updates.cancel_at < subscription.current_period_end,
+        updates.cancel_at
+      );
+    }
   }
   if (subscription.payment_details?.stripe?.subscription_id) {
@@ -302,6 +308,10 @@ router.put('/:id/cancel', authPortal, async (req, res) => {
   // trigger refund
   if (updates.cancel_at < subscription.current_period_end && refund !== 'none') {
+    if (['owner', 'admin'].includes(req.user?.role as string) === false) {
+      return res.status(403).json({ error: 'Not authorized to perform this action' });
+    }
     const result = await getSubscriptionRefundSetup(subscription, updates.cancel_at);
     if (result.unused !== '0') {
       const item = await Refund.create({

package/blocklet.yml CHANGED Viewed

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.13.154
+version: 1.13.156
 logo: logo.png
 files:
   - dist

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.13.154",
+  "version": "1.13.156",
   "scripts": {
     "dev": "cross-env COMPONENT_STORE_URL=https://test.store.blocklet.dev blocklet dev --open",
     "eject": "vite eject",
@@ -50,7 +50,7 @@
     "@arcblock/jwt": "^1.18.110",
     "@arcblock/ux": "^2.9.29",
     "@blocklet/logger": "1.16.23",
-    "@blocklet/payment-react": "1.13.154",
+    "@blocklet/payment-react": "1.13.156",
     "@blocklet/sdk": "1.16.23",
     "@blocklet/ui-react": "^2.9.29",
     "@blocklet/uploader": "^0.0.73",
@@ -110,7 +110,7 @@
   "devDependencies": {
     "@abtnode/types": "1.16.23",
     "@arcblock/eslint-config-ts": "^0.2.4",
-    "@blocklet/payment-types": "1.13.154",
+    "@blocklet/payment-types": "1.13.156",
     "@types/cookie-parser": "^1.4.6",
     "@types/cors": "^2.8.17",
     "@types/dotenv-flow": "^3.3.3",
@@ -149,5 +149,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "a8afe51b21c4155ae14468c619dde09bfbda168d"
+  "gitHead": "88f9908f07e00a0958472c9399f427d96d91b2c4"
 }

package/src/pages/admin/index.tsx CHANGED Viewed

@@ -1,7 +1,7 @@
 import { useLocaleContext } from '@arcblock/ux/lib/Locale/context';
 import { PaymentProvider, Switch, usePaymentContext } from '@blocklet/payment-react';
 import { Box, Chip, Stack } from '@mui/material';
-import React, { Suspense, isValidElement, startTransition } from 'react';
+import React, { Suspense, isValidElement, startTransition, useEffect } from 'react';
 import { useNavigate, useParams } from 'react-router-dom';
 import Layout from '../../components/layout/admin';
@@ -107,7 +107,15 @@ function Admin() {
 }
 export default function WrappedAdmin() {
+  const navigate = useNavigate();
   const { session, connectApi } = useSessionContext();
+  useEffect(() => {
+    if (session.user && ['owner', 'admin'].includes(session.user.role) === false) {
+      navigate('/customer');
+    }
+  }, [session.user]);
   return (
     <PaymentProvider session={session} connect={connectApi}>
       <Admin />