payment-kit 1.18.20 → 1.18.22

package/api/src/integrations/blocklet/user.ts

@@ -21,6 +21,7 @@ const handleUserUpdate = async ({ user }: { user: any }) => {
       email: user.email,
       phone: user.phone,
       last_sync_at: now,
+      address: Customer.formatAddressFromUser(user),
     });
     logger.info(`customer info updated: ${customer.did}`);
   }

package/api/src/libs/api.ts

@@ -2,6 +2,7 @@ import { BN, fromTokenToUnit } from '@ocap/util';
 import Joi from 'joi';
 import { Op } from 'sequelize';
 import SqlWhereParser from 'sql-where-parser';
+import type { OrderDirection, OrderInput, OrderItem } from '../store/models';
 
 const parser = new SqlWhereParser();
 
@@ -109,36 +110,191 @@ export const getWhereFromKvQuery = (query?: string) => {
   return out;
 };
 
+export function normalizeOrder(
+  order: OrderInput | undefined,
+  defaultOrder: OrderItem[] = [['created_at', 'DESC']]
+): OrderItem[] {
+  if (!order) return defaultOrder;
+
+  let normalizedOrder: OrderItem[];
+
+  if (typeof order === 'string') {
+    const [field, direction] = order.split(':');
+    normalizedOrder = [[field || '', (direction?.toUpperCase() as OrderDirection) || 'ASC']];
+  } else if (Array.isArray(order)) {
+    if (order.length === 0) return defaultOrder;
+
+    if (Array.isArray(order[0])) {
+      normalizedOrder = order.map(([field, direction]) => [
+        field || '',
+        (direction?.toUpperCase() as OrderDirection) || 'ASC',
+      ]);
+    } else {
+      normalizedOrder = order.map((item) => {
+        const [field, direction] = (item as string).split(':');
+        return [field || '', (direction?.toUpperCase() as OrderDirection) || 'ASC'];
+      });
+    }
+  } else {
+    return defaultOrder;
+  }
+
+  // merge default order with normalized order
+  const orderFields = new Set(normalizedOrder.map(([field]) => field));
+  const remainingDefaultOrders = defaultOrder.filter(([field]) => !orderFields.has(field));
+
+  return [...normalizedOrder, ...remainingDefaultOrders];
+}
+
+export function getOrder(query: Record<string, any>, defaultOrder?: OrderItem[]): OrderItem[] {
+  if (query.order) {
+    return normalizeOrder(query.order, defaultOrder);
+  }
+
+  if (query.o) {
+    const direction = query.o.toUpperCase() as OrderDirection;
+    return defaultOrder?.map(([field]) => [field, direction]) || [['created_at', direction]];
+  }
+
+  return defaultOrder || [['created_at', 'DESC']];
+}
+
+const fieldRegex = /^[\w.]+$/i;
+const directionRegex = /(asc|desc)$/i;
+
+const ORDER_ERROR_MESSAGES = {
+  FIELD_PATTERN: 'Field name can only contain letters, numbers, dots and underscores',
+  DIRECTION_PATTERN: 'Direction must be either "asc" or "desc"',
+  SEPARATOR: 'Must use ":" to separate field and direction',
+  TUPLE_LENGTH: 'Each tuple must contain exactly 2 elements',
+  ARRAY_TYPE: 'Each item must be an array',
+  INVALID_FORMAT:
+    'Invalid order format. Must be one of:\n' +
+    '- Single field: "field:direction"\n' +
+    '- Multiple fields: ["field1:asc", "field2:desc"]\n' +
+    '- Tuple format: [["field1", "ASC"], ["field2", "DESC"]]\n' +
+    'where field contains only letters, numbers, dots and underscores, ' +
+    'and direction is either "asc" or "desc" (case insensitive)',
+};
+
+const validateField = (field: any): boolean => typeof field === 'string' && fieldRegex.test(field);
+
+const validateDirection = (direction: any): boolean => typeof direction === 'string' && directionRegex.test(direction);
+
+// Function to validate the order parameter
+export const validateOrderInput = (value: any, helpers: any) => {
+  // If it does not exist or is null, skip validation
+  if (value == null) return value;
+
+  // String format: "field:direction"
+  if (typeof value === 'string') {
+    const parts = value.split(':');
+
+    if (parts.length !== 2) {
+      return helpers.message(ORDER_ERROR_MESSAGES.SEPARATOR);
+    }
+
+    const [field, direction] = parts;
+
+    if (!validateField(field)) {
+      return helpers.message(ORDER_ERROR_MESSAGES.FIELD_PATTERN);
+    }
+
+    if (!validateDirection(direction)) {
+      return helpers.message(ORDER_ERROR_MESSAGES.DIRECTION_PATTERN);
+    }
+
+    return value;
+  }
+
+  // Array format
+  if (Array.isArray(value)) {
+    // Empty array, return directly
+    if (value.length === 0) return value;
+
+    // String array format
+    if (typeof value[0] === 'string') {
+      const invalidItem = value.find((item) => typeof item !== 'string');
+      if (invalidItem !== undefined) {
+        return helpers.message(ORDER_ERROR_MESSAGES.INVALID_FORMAT);
+      }
+
+      for (const item of value) {
+        const parts = item.split(':');
+
+        if (parts.length !== 2) {
+          return helpers.message(ORDER_ERROR_MESSAGES.SEPARATOR);
+        }
+
+        const [field, direction] = parts;
+
+        if (!validateField(field)) {
+          return helpers.message(ORDER_ERROR_MESSAGES.FIELD_PATTERN);
+        }
+
+        if (!validateDirection(direction)) {
+          return helpers.message(ORDER_ERROR_MESSAGES.DIRECTION_PATTERN);
+        }
+      }
+
+      return value;
+    }
+
+    // Multiple tuples format
+    if (Array.isArray(value[0])) {
+      for (const tuple of value) {
+        if (!Array.isArray(tuple)) {
+          return helpers.message(ORDER_ERROR_MESSAGES.ARRAY_TYPE);
+        }
+
+        if (tuple.length !== 2) {
+          return helpers.message(ORDER_ERROR_MESSAGES.TUPLE_LENGTH);
+        }
+
+        const [field, direction] = tuple;
+
+        if (!validateField(field)) {
+          return helpers.message(ORDER_ERROR_MESSAGES.FIELD_PATTERN);
+        }
+
+        if (!validateDirection(direction)) {
+          return helpers.message(ORDER_ERROR_MESSAGES.DIRECTION_PATTERN);
+        }
+      }
+
+      return value;
+    }
+  }
+  return helpers.message(ORDER_ERROR_MESSAGES.INVALID_FORMAT);
+};
+
 export function createListParamSchema<T>(schema: any, pageSize: number = 20) {
-  return Joi.object<T & { page: number; pageSize: number; livemode?: boolean; q?: string; o?: string }>({
-    // prettier-ignore
+  return Joi.object<
+    T & {
+      page: number;
+      pageSize: number;
+      livemode?: boolean;
+      q?: string;
+      o?: string;
+      order?: OrderInput;
+    }
+  >({
     page: Joi.number()
       .integer()
       .default(1)
-      .custom((value) => {
-        if (value < 1) {
-          return 1;
-        }
-        return value;
-      }, 'page should be valid'),
-
+      .custom((value) => (value < 1 ? 1 : value), 'page should be valid'),
     pageSize: Joi.number()
       .integer()
       .default(pageSize)
       .custom((value) => {
-        if (value > 100) {
-          return 100;
-        }
-        if (value < 1) {
-          return 1;
-        }
+        if (value > 100) return 100;
+        if (value < 1) return 1;
         return value;
       }, 'pageSize should be valid'),
-
     livemode: Joi.boolean().empty(''),
-    q: Joi.string().empty(''), // query
-    o: Joi.string().empty(''), // order
-
+    q: Joi.string().empty(''),
+    o: Joi.string().valid('asc', 'desc').insensitive().empty(''),
+    order: Joi.any().custom(validateOrderInput).optional(),
     ...schema,
   });
 }

package/api/src/queues/payment.ts

@@ -125,8 +125,8 @@ export const handlePaymentSucceed = async (
               did: user.did,
               name: user.fullName,
               email: user.email,
-              phone: '',
-              address: {},
+              phone: user.phone,
+              address: Customer.formatAddressFromUser(user),
               description: user.remark,
               metadata: {},
               balance: '0',

package/api/src/routes/checkout-sessions.ts

@@ -76,6 +76,7 @@ import { ensureInvoiceForCheckout } from './connect/shared';
 import { isCreditSufficientForPayment, isDelegationSufficientForPayment } from '../libs/payment';
 import { handleStripeSubscriptionSucceed } from '../integrations/stripe/handlers/subscription';
 import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../libs/constants';
+import { blocklet } from '../libs/auth';
 
 const router = Router();
 
@@ -838,14 +839,15 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
 
     let customer = await Customer.findOne({ where: { did: req.user.did } });
     if (!customer) {
+      const { user: userInfo } = await blocklet.getUser(req.user.did);
       customer = await Customer.create({
         livemode: !!checkoutSession.livemode,
         did: req.user.did,
         name: req.body.customer_name,
-        email: req.body.customer_email,
-        phone: req.body.customer_phone,
-        address: req.body.billing_address,
-        description: '',
+        email: req.body.customer_email || userInfo?.email || '',
+        phone: req.body.customer_phone || userInfo?.phone || '',
+        address: req.body.billing_address || Customer.formatAddressFromUser(userInfo),
+        description: userInfo?.remark || '',
         metadata: {},
         balance: '0',
         next_invoice_sequence: 1,
@@ -853,6 +855,20 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         invoice_prefix: Customer.getInvoicePrefix(),
       });
       logger.info('customer created on checkout session submit', { did: req.user.did, id: customer.id });
+      try {
+        await blocklet.updateUserAddress({
+          did: customer.did,
+          address: Customer.formatAddressFromCustomer(customer),
+        });
+        logger.info('updateUserAddress success', {
+          did: customer.did,
+        });
+      } catch (err) {
+        logger.error('updateUserAddress failed', {
+          error: err,
+          customerId: customer.id,
+        });
+      }
     } else {
       const updates: Record<string, string> = {};
       if (checkoutSession.customer_update?.name) {
@@ -868,6 +884,22 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       }
 
       await customer.update(updates);
+      try {
+        await blocklet.updateUserAddress({
+          did: customer.did,
+          address: Customer.formatAddressFromCustomer(customer),
+          // @ts-ignore
+          phone: customer.phone,
+        });
+        logger.info('updateUserAddress success', {
+          did: customer.did,
+        });
+      } catch (err) {
+        logger.error('updateUserAddress failed', {
+          error: err,
+          customerId: customer.id,
+        });
+      }
     }
 
     // check if customer can make new purchase

package/api/src/routes/connect/shared.ts

@@ -117,6 +117,7 @@ export async function ensurePaymentIntent(checkoutSessionId: string, userDid?: s
           metadata: { fromDonation: true },
           livemode: checkoutSession.livemode,
           phone: user.phone,
+          address: Customer.formatAddressFromUser(user),
           delinquent: false,
           balance: '0',
           next_invoice_sequence: 1,

package/api/src/routes/customers.ts

@@ -7,7 +7,7 @@ import isEmail from 'validator/es/lib/isEmail';
 import { Op } from 'sequelize';
 import { BN } from '@ocap/util';
 import { getStakeSummaryByDid, getTokenSummaryByDid, getTokenByAddress } from '../integrations/arcblock/stake';
-import { createListParamSchema, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
 import { authenticate } from '../libs/security';
 import { formatMetadata } from '../libs/util';
 import { Customer } from '../store/models/customer';
@@ -52,7 +52,7 @@ router.get('/', auth, async (req, res) => {
   try {
     const { rows: list, count } = await Customer.findAndCountAll({
       where,
-      order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+      order: getOrder(query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],
@@ -83,7 +83,7 @@ router.get('/search', auth, async (req, res) => {
   }
   const { rows: list, count } = await Customer.findAndCountAll({
     where,
-    order: [['created_at', o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [],
@@ -115,7 +115,7 @@ router.get('/me', sessionMiddleware(), async (req, res) => {
           name: user.fullName,
           email: user.email,
           phone: user.phone,
-          address: {},
+          address: Customer.formatAddressFromUser(user),
           description: user.remark,
           metadata: {},
           balance: '0',
@@ -169,7 +169,7 @@ router.get('/me', sessionMiddleware(), async (req, res) => {
 });
 
 // get overdue invoices
-router.get('/:id/overdue/invoices', auth, async (req, res) => {
+router.get('/:id/overdue/invoices', sessionMiddleware(), async (req, res) => {
   if (!req.user) {
     return res.status(403).json({ error: 'Unauthorized' });
   }

package/api/src/routes/donations.ts

@@ -2,7 +2,7 @@ import { Joi } from '@arcblock/validator';
 import { Router } from 'express';
 
 import { BN } from '@ocap/util';
-import { createListParamSchema } from '../libs/api';
+import { createListParamSchema, getOrder } from '../libs/api';
 import logger from '../libs/logger';
 import { CheckoutSession } from '../store/models/checkout-session';
 import { Customer } from '../store/models/customer';
@@ -143,7 +143,7 @@ router.get('/', async (req, res) => {
         'created_at',
         'updated_at',
       ],
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       include: [{ model: Customer, as: 'customer', attributes: ['id', 'did', 'name', 'metadata'] }],
       limit: pageSize,

package/api/src/routes/events.ts

@@ -2,7 +2,7 @@ import { Router } from 'express';
 import Joi from 'joi';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema } from '../libs/api';
+import { createListParamSchema, getOrder } from '../libs/api';
 import { authenticate } from '../libs/security';
 import { Event } from '../store/models/event';
 import { blocklet } from '../libs/auth';
@@ -42,7 +42,7 @@ router.get('/', auth, async (req, res) => {
     const { rows: list, count } = await Event.findAndCountAll({
       where,
       attributes: { exclude: ['data', 'request'] },
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],

package/api/src/routes/invoices.ts

@@ -8,7 +8,7 @@ import { Op } from 'sequelize';
 import { BN } from '@ocap/util';
 import { syncStripeInvoice } from '../integrations/stripe/handlers/invoice';
 import { syncStripePayment } from '../integrations/stripe/handlers/payment-intent';
-import { createListParamSchema, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
 import { authenticate } from '../libs/security';
 import { expandLineItems } from '../libs/session';
 import { formatMetadata, getBlockletJson, getUserOrAppInfo } from '../libs/util';
@@ -136,7 +136,7 @@ router.get('/', authMine, async (req, res) => {
   try {
     const { rows: list, count } = await Invoice.findAndCountAll({
       where,
-      order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+      order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [
@@ -212,7 +212,7 @@ router.get('/recharge', authMine, async (req, res) => {
       },
       offset: (page - 1) * pageSize,
       limit: pageSize,
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       include: [
         { model: PaymentCurrency, as: 'paymentCurrency' },
         { model: PaymentMethod, as: 'paymentMethod' },
@@ -240,7 +240,7 @@ router.get('/search', authMine, async (req, res) => {
 
   const { rows: list, count } = await Invoice.findAndCountAll({
     where,
-    order: [['created_at', o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     distinct: true,

package/api/src/routes/payment-intents.ts

@@ -9,6 +9,7 @@ import { syncStripePayment } from '../integrations/stripe/handlers/payment-inten
 import {
   BNPositiveValidator,
   createListParamSchema,
+  getOrder,
   getWhereFromKvQuery,
   getWhereFromQuery,
   MetadataSchema,
@@ -111,7 +112,7 @@ router.get('/', authMine, async (req, res) => {
   try {
     const { rows: list, count } = await PaymentIntent.findAndCountAll({
       where,
-      order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+      order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [
@@ -147,7 +148,7 @@ router.get('/search', authMine, async (req, res) => {
 
   const { rows: list, count } = await PaymentIntent.findAndCountAll({
     where,
-    order: [['created_at', o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [

package/api/src/routes/payment-links.ts

@@ -4,7 +4,7 @@ import pick from 'lodash/pick';
 import { Op } from 'sequelize';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, MetadataSchema } from '../libs/api';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { isLineItemAligned } from '../libs/session';
@@ -239,7 +239,7 @@ router.get('/', auth, async (req, res) => {
   try {
     const { rows: list, count } = await PaymentLink.findAndCountAll({
       where,
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],

package/api/src/routes/payment-stats.ts

@@ -5,7 +5,7 @@ import { joinURL } from 'ufo';
 
 import { getPaymentStat } from '../crons/payment-stat';
 import { getTokenSummaryByDid } from '../integrations/arcblock/stake';
-import { createListParamSchema } from '../libs/api';
+import { createListParamSchema, getOrder } from '../libs/api';
 import { ethWallet, wallet } from '../libs/auth';
 import dayjs from '../libs/dayjs';
 import { authenticate } from '../libs/security';
@@ -56,7 +56,7 @@ router.get('/', auth, async (req, res) => {
   try {
     const { rows: list, count } = await PaymentStat.findAndCountAll({
       where,
-      order: [['created_at', 'ASC']],
+      order: getOrder(req.query, [['created_at', 'ASC']]),
       include: [],
     });
 

package/api/src/routes/payouts.ts

@@ -4,7 +4,7 @@ import Joi from 'joi';
 import pick from 'lodash/pick';
 
 import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
-import { createListParamSchema, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
 import { authenticate } from '../libs/security';
 import { formatMetadata } from '../libs/util';
 import { Customer } from '../store/models/customer';
@@ -90,7 +90,7 @@ router.get('/', authMine, async (req, res) => {
   try {
     const { rows: list, count } = await Payout.findAndCountAll({
       where,
-      order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+      order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [
@@ -146,7 +146,7 @@ router.get('/mine', sessionMiddleware(), async (req, res) => {
 
     const { rows: list, count } = await Payout.findAndCountAll({
       where,
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [

package/api/src/routes/prices.ts

@@ -4,7 +4,7 @@ import Joi from 'joi';
 import pick from 'lodash/pick';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema, getWhereFromQuery, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, getWhereFromQuery, MetadataSchema } from '../libs/api';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { canUpsell } from '../libs/session';
@@ -88,7 +88,7 @@ router.get('/', auth, async (req, res) => {
   const { rows, count } = await Price.findAndCountAll({
     where,
     attributes: ['id'],
-    order: [['created_at', 'DESC']],
+    order: getOrder(req.query, [['created_at', 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
   });
@@ -115,7 +115,7 @@ router.get('/search', auth, async (req, res) => {
   const { rows, count } = await Price.findAndCountAll({
     where,
     attributes: ['id'],
-    order: [['created_at', 'DESC']],
+    order: getOrder(req.query, [['created_at', 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
   });

package/api/src/routes/pricing-table.ts

@@ -8,7 +8,7 @@ import uniq from 'lodash/uniq';
 import type { WhereOptions } from 'sequelize';
 
 import { checkPassportForPricingTable } from '../integrations/blocklet/passport';
-import { createListParamSchema, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, MetadataSchema } from '../libs/api';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { getBillingThreshold, getMinStakeAmount, isLineItemCurrencyAligned } from '../libs/session';
@@ -107,7 +107,7 @@ router.get('/', auth, async (req, res) => {
   try {
     const { rows: list, count } = await PricingTable.findAndCountAll({
       where,
-      order: [['created_at', 'DESC']],
+      order: getOrder(req.query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],

package/api/src/routes/products.ts

@@ -5,7 +5,7 @@ import cloneDeep from 'lodash/cloneDeep';
 import pick from 'lodash/pick';
 import { Op } from 'sequelize';
 
-import { createListParamSchema, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';
 import { formatMetadata } from '../libs/util';
@@ -257,7 +257,7 @@ router.get('/', auth, async (req, res) => {
 
   const { rows: list, count } = await Product.findAndCountAll({
     where,
-    order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [{ model: Price, as: 'prices' }],
@@ -286,7 +286,7 @@ router.get('/search', auth, async (req, res) => {
 
   const { rows: list, count } = await Product.findAndCountAll({
     where,
-    order: [['created_at', 'DESC']],
+    order: getOrder(req.query, [['created_at', 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [{ model: Price, as: 'prices', separate: true }],

package/api/src/routes/refunds.ts

@@ -5,7 +5,7 @@ import Joi from 'joi';
 import pick from 'lodash/pick';
 
 import { BN, fromTokenToUnit } from '@ocap/util';
-import { BNPositiveValidator, createListParamSchema, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
+import { BNPositiveValidator, createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
 import { authenticate } from '../libs/security';
 import { formatMetadata } from '../libs/util';
 import {
@@ -94,7 +94,7 @@ router.get('/', auth, async (req, res) => {
 
   const { rows: list, count } = await Refund.findAndCountAll({
     where,
-    order: [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [
@@ -196,7 +196,7 @@ router.get('/search', auth, async (req, res) => {
 
   const { rows: list, count } = await Refund.findAndCountAll({
     where,
-    order: [['created_at', o === 'asc' ? 'ASC' : 'DESC']],
+    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [