payment-kit 1.29.0 → 1.29.2

package/api/src/routes/{checkout-sessions.ts → hono/checkout-sessions.ts}

@@ -1,9 +1,11 @@
+// Phase 3 (express→hono) — hono fork of routes/checkout-sessions.ts. Sub-app with
+// routes relative to /api/checkout-sessions (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
 /* eslint-disable consistent-return */
 import { isValid } from '@arcblock/did';
 import { getUrl } from '@blocklet/sdk/lib/component';
-import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import { BN, fromTokenToUnit, fromUnitToToken } from '@ocap/util';
-import { NextFunction, Request, Response, Router } from 'express';
 import Joi from 'joi';
 import cloneDeep from 'lodash/cloneDeep';
 import merge from 'lodash/merge';
@@ -13,22 +15,25 @@ import sortBy from 'lodash/sortBy';
 import uniq from 'lodash/uniq';
 import type { WhereOptions } from 'sequelize';
 import { Op } from 'sequelize';
+import type { MiddlewareHandler } from 'hono';
+import { Hono } from 'hono';
 
 import { CustomError, formatError, getStatusFromError } from '@blocklet/error';
 import pAll from 'p-all';
 import { withQuery } from 'ufo';
-import { MetadataSchema } from '../libs/api';
-import { checkPassportForPaymentLink } from '../integrations/blocklet/passport';
-import dayjs from '../libs/dayjs';
-import logger from '../libs/logger';
-import { trimDecimals } from '../libs/math-utils';
-import { authenticate } from '../libs/security';
+import { paymentRateVolatilityThreshold, updateDataConcurrency, stopAcceptingOrders } from '../../libs/env';
+import { MetadataSchema } from '../../libs/api';
+import { checkPassportForPaymentLink } from '../../integrations/blocklet/passport';
+import dayjs from '../../libs/dayjs';
+import logger from '../../libs/logger';
+import { trimDecimals } from '../../libs/math-utils';
+import { authenticate } from '../../middlewares/hono/security';
 import {
   buildSlippageSnapshot,
   DEFAULT_SLIPPAGE_PERCENT,
   isRateBelowMinAcceptableRate,
   normalizeSlippageConfigFromMetadata,
-} from '../libs/slippage';
+} from '../../libs/slippage';
 import {
   canPayWithDelegation,
   canUpsell,
@@ -54,8 +59,8 @@ import {
   processCheckoutSessionDiscounts,
   getCheckoutSessionAmounts,
   enrichCheckoutSessionWithQuotes,
-} from '../libs/session';
-import { getDaysUntilCancel, getDaysUntilDue, getSubscriptionTrialSetup } from '../libs/subscription';
+} from '../../libs/session';
+import { getDaysUntilCancel, getDaysUntilDue, getSubscriptionTrialSetup } from '../../libs/subscription';
 import {
   CHECKOUT_SESSION_TTL,
   formatAmountPrecisionLimit,
@@ -65,7 +70,7 @@ import {
   getUserOrAppInfo,
   hasObjectChanged,
   isUserInBlocklist,
-} from '../libs/util';
+} from '../../libs/util';
 import {
   PaymentBeneficiary,
   SetupIntent,
@@ -80,54 +85,54 @@ import {
   Coupon,
   PromotionCode,
   Discount,
-} from '../store/models';
-import type { ChainType } from '../store/models/types';
-import { CheckoutSession } from '../store/models/checkout-session';
-import { Customer } from '../store/models/customer';
-import { PaymentCurrency } from '../store/models/payment-currency';
-import { PaymentIntent } from '../store/models/payment-intent';
-import { PaymentLink } from '../store/models/payment-link';
-import { PaymentMethod } from '../store/models/payment-method';
-import { Price } from '../store/models/price';
-import { PriceQuote } from '../store/models/price-quote';
-import { Product } from '../store/models/product';
+} from '../../store/models';
+import type { ChainType } from '../../store/models/types';
+import { CheckoutSession } from '../../store/models/checkout-session';
+import { Customer } from '../../store/models/customer';
+import { PaymentCurrency } from '../../store/models/payment-currency';
+import { PaymentIntent } from '../../store/models/payment-intent';
+import { PaymentLink } from '../../store/models/payment-link';
+import { PaymentMethod } from '../../store/models/payment-method';
+import { Price } from '../../store/models/price';
+import { PriceQuote } from '../../store/models/price-quote';
+import { Product } from '../../store/models/product';
 import {
   ensureStripePaymentIntent,
   ensureStripeSetupIntentForCheckoutSession,
   ensureStripeSubscription,
-} from '../integrations/stripe/resource';
-import { handleStripePaymentSucceed } from '../integrations/stripe/handlers/payment-intent';
-import { paymentQueue } from '../queues/payment';
-import { invoiceQueue } from '../queues/invoice';
-import { ensureInvoiceForCheckout, ensureInvoicesForSubscriptions } from './connect/shared';
+} from '../../integrations/stripe/resource';
+import { handleStripePaymentSucceed } from '../../integrations/stripe/handlers/payment-intent';
+import { paymentQueue } from '../../queues/payment';
+import { invoiceQueue } from '../../queues/invoice';
+import { ensureInvoiceForCheckout, ensureInvoicesForSubscriptions } from '../connect/shared';
 import {
   isCreditGrantSufficientForPayment,
   isCreditSufficientForPayment,
   isDelegationSufficientForPayment,
   SufficientForPaymentResult,
-} from '../libs/payment';
-import { handleStripeSubscriptionSucceed } from '../integrations/stripe/handlers/subscription';
-import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../libs/constants';
-import { blocklet } from '../libs/auth';
-import { addSubscriptionJob } from '../queues/subscription';
-import { updateDataConcurrency, stopAcceptingOrders } from '../libs/env';
+} from '../../libs/payment';
+import { handleStripeSubscriptionSucceed } from '../../integrations/stripe/handlers/subscription';
+import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../../libs/constants';
+import { blocklet } from '../../libs/auth';
+import { addSubscriptionJob } from '../../queues/subscription';
 import {
   expandLineItemsWithCouponInfo,
   expandDiscountsWithDetails,
   checkPromotionCodeEligibility,
   createDiscountRecordsForCheckout,
   updateSubscriptionDiscountReferences,
-} from '../libs/discount/coupon';
-import { rollbackDiscountUsageForCheckoutSession, applyDiscountsToLineItems } from '../libs/discount/discount';
-import { formatToShortUrl } from '../libs/url';
-import { destroyExistingInvoice } from '../libs/invoice';
-import { getApproveFunction } from '../integrations/ethereum/contract';
-import { getQuoteService } from '../libs/quote-service';
-import { getExchangeRateService } from '../libs/exchange-rate/service';
-import { getExchangeRateSymbol } from '../libs/exchange-rate/token-address-mapping';
-import { sequelize } from '../store/sequelize';
-
-const router = Router();
+} from '../../libs/discount/coupon';
+import { rollbackDiscountUsageForCheckoutSession, applyDiscountsToLineItems } from '../../libs/discount/discount';
+import { formatToShortUrl } from '../../libs/url';
+import { destroyExistingInvoice } from '../../libs/invoice';
+import { getApproveFunction } from '../../integrations/ethereum/contract';
+import { getQuoteService } from '../../libs/quote-service';
+import { getExchangeRateService } from '../../libs/exchange-rate/service';
+import { getExchangeRateSymbol } from '../../libs/exchange-rate/token-address-mapping';
+import { sequelize } from '../../store/sequelize';
+import { sessionMiddleware } from '../../middlewares/hono/session';
+
+const app = new Hono();
 
 const user = sessionMiddleware({ accessKey: true });
 const auth = authenticate<CheckoutSession>({ component: true, roles: ['owner', 'admin'] });
@@ -137,7 +142,7 @@ const exchangeRateService = getExchangeRateService();
 const DEFAULT_RATE_VOLATILITY_THRESHOLD = 0.1;
 
 const getRateVolatilityThreshold = () => {
-  const raw = Number(process.env.PAYMENT_RATE_VOLATILITY_THRESHOLD || DEFAULT_RATE_VOLATILITY_THRESHOLD);
+  const raw = Number(paymentRateVolatilityThreshold() || DEFAULT_RATE_VOLATILITY_THRESHOLD);
   if (!Number.isFinite(raw) || raw <= 0) {
     return DEFAULT_RATE_VOLATILITY_THRESHOLD;
   }
@@ -249,7 +254,7 @@ export async function validateInventory(line_items: LineItem[], includePendingQu
       throw new Error(`Can not exceed available quantity for price: ${priceId}`);
     }
   });
-  await pAll(checks, { concurrency: updateDataConcurrency });
+  await pAll(checks, { concurrency: updateDataConcurrency() });
 }
 
 export async function validatePaymentSettings(paymentMethodId: string, paymentCurrencyId: string) {
@@ -875,22 +880,22 @@ export const formatCheckoutSession = async (payload: any, throwOnEmptyItems = tr
   });
 };
 
-export async function ensureCheckoutSessionOpen(req: Request, res: Response, next: NextFunction) {
-  const doc = await CheckoutSession.findByPk(req.params.id);
+// Hono MiddlewareHandler version of ensureCheckoutSessionOpen
+export const ensureCheckoutSessionOpen: MiddlewareHandler = async (c, next) => {
+  const id = c.req.param('id');
+  const doc = await CheckoutSession.findByPk(id);
   if (!doc) {
-    return res.status(404).json({ code: 'CHECKOUT_NOT_FOUND', error: 'Checkout session not found' });
+    return c.json({ code: 'CHECKOUT_NOT_FOUND', error: 'Checkout session not found' }, 404);
   }
   if (doc.status === 'complete') {
-    return res.status(403).json({ code: 'CHECKOUT_COMPLETED', error: 'Checkout session completed' });
+    return c.json({ code: 'CHECKOUT_COMPLETED', error: 'Checkout session completed' }, 403);
   }
   if (doc.status === 'expired') {
-    return res.status(403).json({ code: 'CHECKOUT_EXPIRED', error: 'Checkout session already expired' });
+    return c.json({ code: 'CHECKOUT_EXPIRED', error: 'Checkout session already expired' }, 403);
   }
-
-  req.doc = doc;
-
-  next();
-}
+  c.set('doc', doc);
+  await next();
+};
 
 const getBeneficiaryName = async (beneficiary: PaymentBeneficiary) => {
   if (!beneficiary) return '';
@@ -1008,7 +1013,7 @@ async function processSubscriptionFastCheckout({
         });
         return amount;
       }),
-      { concurrency: updateDataConcurrency }
+      { concurrency: updateDataConcurrency() }
     );
     const totalAmount = subscriptionAmounts
       .reduce((sum: BN, amt: string) => sum.add(new BN(amt)), new BN('0'))
@@ -1056,7 +1061,7 @@ async function processSubscriptionFastCheckout({
             payment_details: { [paymentMethod.type]: { payer: customer.did } },
           });
         }),
-        { concurrency: updateDataConcurrency }
+        { concurrency: updateDataConcurrency() }
       );
       if (paymentCurrency.isCredit()) {
         // skip invoice creation for credit subscriptions
@@ -1079,7 +1084,7 @@ async function processSubscriptionFastCheckout({
             });
             await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
           }),
-          { concurrency: updateDataConcurrency }
+          { concurrency: updateDataConcurrency() }
         );
         return {
           success: true,
@@ -1102,14 +1107,14 @@ async function processSubscriptionFastCheckout({
             return invoiceQueue.push({ id: invoice.id, job: { invoiceId: invoice.id, retryOnError: false } });
           }
         }),
-        { concurrency: updateDataConcurrency }
+        { concurrency: updateDataConcurrency() }
       );
       // Add subscription cycle jobs
       await pAll(
         subscriptions.map((sub) => async () => {
           await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
         }),
-        { concurrency: updateDataConcurrency }
+        { concurrency: updateDataConcurrency() }
       );
 
       logger.info('Created and queued invoices for fast checkout with subscriptions', {
@@ -1146,21 +1151,22 @@ async function processSubscriptionFastCheckout({
 }
 
 // create checkout session
-router.post('/', authLogin, async (req, res) => {
+app.post('/', authLogin, async (c) => {
   try {
-    const raw: Partial<CheckoutSession> = await formatCheckoutSession(req.body);
-    raw.livemode = !!req.livemode;
-    raw.created_via = req.user?.via as string;
+    const body = c.get('sanitizedBody') ?? {};
+    const raw: Partial<CheckoutSession> = await formatCheckoutSession(body);
+    raw.livemode = !!c.get('livemode');
+    raw.created_via = c.get('user')?.via as string;
 
     // Customer permission validation and createMine handling
-    const { create_mine: createMine } = req.body;
-    const currentUserDid = req.user?.did;
+    const { create_mine: createMine } = body;
+    const currentUserDid = c.get('user')?.did;
 
-    const isAdmin = ['owner', 'admin'].includes(req.user?.role as string);
+    const isAdmin = ['owner', 'admin'].includes(c.get('user')?.role as string);
     // Handle createMine parameter
     if (createMine === true) {
       if (!currentUserDid) {
-        return res.status(400).json({ error: 'User not authenticated, cannot create checkout session for self' });
+        return c.json({ error: 'User not authenticated, cannot create checkout session for self' }, 400);
       }
 
       const currentCustomer = await Customer.findOne({ where: { did: currentUserDid } });
@@ -1173,7 +1179,7 @@ router.post('/', authLogin, async (req, res) => {
         createdBy: currentUserDid,
       };
     } else if (!isAdmin) {
-      return res.status(403).json({ error: 'Not authorized to perform this action' });
+      return c.json({ error: 'Not authorized to perform this action' }, 403);
     }
 
     if (raw.line_items) {
@@ -1181,24 +1187,24 @@ router.post('/', authLogin, async (req, res) => {
         await validateInventory(raw.line_items, true);
       } catch (err) {
         logger.error('validateInventory failed', { error: err, line_items: raw.line_items });
-        return res.status(400).json({ error: err.message });
+        return c.json({ error: err.message }, 400);
       }
     }
 
     // Process discounts before creating checkout session
     let processedDiscounts: any[] = [];
-    if (req.body.discounts && Array.isArray(req.body.discounts)) {
+    if (body.discounts && Array.isArray(body.discounts)) {
       if (!isAdmin) {
-        return res.status(403).json({ error: 'Not allowed to apply discounts' });
+        return c.json({ error: 'Not allowed to apply discounts' }, 403);
       }
       try {
-        processedDiscounts = await processCheckoutSessionDiscounts(raw as any, req.body.discounts);
+        processedDiscounts = await processCheckoutSessionDiscounts(raw as any, body.discounts);
       } catch (discountError) {
         logger.error('Discount processing failed during checkout session creation', {
           error: discountError.message,
-          discounts: req.body.discounts,
+          discounts: body.discounts,
         });
-        return res.status(400).json({ error: discountError.message });
+        return c.json({ error: discountError.message }, 400);
       }
     }
 
@@ -1212,7 +1218,7 @@ router.post('/', authLogin, async (req, res) => {
     try {
       await prefetchQuotesForCheckoutSession(doc as CheckoutSession);
     } catch (error: any) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
 
     let url = getUrl(`/checkout/${doc.submit_type}/${doc.id}`);
@@ -1220,24 +1226,23 @@ router.post('/', authLogin, async (req, res) => {
       url = withQuery(url, getConnectQueryParam({ userDid: currentUserDid }));
     }
 
-    res.json({ ...doc.toJSON(), url });
+    return c.json({ ...doc.toJSON(), url });
   } catch (error) {
-    logger.error('Create checkout session failed', { error: error.message, body: req.body });
-    res.status(500).json({ error: error.message });
+    logger.error('Create checkout session failed', { error: error.message, body: c.get('sanitizedBody') ?? {} });
+    return c.json({ error: error.message }, 500);
   }
 });
 
-export async function startCheckoutSessionFromPaymentLink(id: string, req: Request, res: Response) {
-  const { metadata, needShortUrl = false } = req.body;
+export async function startCheckoutSessionFromPaymentLink(id: string, c: any) {
+  const body = c.get('sanitizedBody') ?? {};
+  const { metadata, needShortUrl = false } = body;
   try {
     const link = await PaymentLink.findByPk(id);
     if (!link) {
-      res.status(400).json({ error: 'Payment link not found, please contact the source of the payment link.' });
-      return;
+      return c.json({ error: 'Payment link not found, please contact the source of the payment link.' }, 400);
     }
     if (!link.active) {
-      res.status(400).json({ error: 'Payment link archived, we can not create new checkout session.' });
-      return;
+      return c.json({ error: 'Payment link archived, we can not create new checkout session.' }, 400);
     }
 
     const items = await Price.expand(link.line_items, { upsell: true });
@@ -1249,10 +1254,9 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
     raw.livemode = link.livemode;
     raw.created_via = 'portal';
     raw.submit_type = link.submit_type;
-    raw.currency_id = link.currency_id || req.baseCurrency.id;
+    raw.currency_id = link.currency_id || c.get('baseCurrency').id;
     if (!raw.currency_id) {
-      res.status(400).json({ error: 'Currency not found in payment link' });
-      return;
+      return c.json({ error: 'Currency not found in payment link' }, 400);
     }
     raw.payment_link_id = link.id;
 
@@ -1271,11 +1275,7 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
     if (link.subscription_data?.billing_threshold_amount) {
       protectedSettings.billing_threshold_amount = getBillingThreshold(link.subscription_data);
     }
-    raw.subscription_data = merge(
-      link.subscription_data,
-      getDataObjectFromQuery(req.query, 'subscription_data'),
-      protectedSettings
-    );
+    raw.subscription_data = merge(link.subscription_data, getDataObjectFromQuery(c.req.query()), protectedSettings);
 
     if (link.after_completion?.hosted_confirmation?.custom_message) {
       raw.payment_intent_data = {
@@ -1317,17 +1317,17 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
       raw.success_url = link.after_completion?.redirect?.url;
     }
 
-    if (req.query.redirect) {
-      raw.success_url = req.query.redirect as string;
-      raw.cancel_url = req.query.redirect as string;
+    if (c.req.query('redirect')) {
+      raw.success_url = c.req.query('redirect') as string;
+      raw.cancel_url = c.req.query('redirect') as string;
     }
 
     try {
-      if (req.query.nft_mint_factory && isValid(req.query.nft_mint_factory as string)) {
+      if (c.req.query('nft_mint_factory') && isValid(c.req.query('nft_mint_factory') as string)) {
         raw.nft_mint_settings = {
           enabled: true,
           behavior: 'per_checkout_session',
-          factory: req.query.nft_mint_factory as string,
+          factory: c.req.query('nft_mint_factory') as string,
         };
         raw.nft_mint_status = 'pending';
         logger.info('use nft_mint_settings from query when checkout from payment link', { v: raw.nft_mint_settings });
@@ -1339,17 +1339,17 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
     }
 
     let doc;
-    if (req.query.preview === '1') {
+    if (c.req.query('preview') === '1') {
       doc = await CheckoutSession.findOne({ where: { payment_link_id: link.id, metadata: { preview: '1' } } });
       if (doc) {
         await doc.update(omit(raw, ['metadata']));
       } else {
         raw.metadata = {
           ...link.metadata,
-          ...getDataObjectFromQuery(req.query),
+          ...getDataObjectFromQuery(c.req.query()),
           ...metadata,
-          days_until_due: getDaysUntilDue(req.query),
-          days_until_cancel: getDaysUntilCancel(req.query),
+          days_until_due: getDaysUntilDue(c.req.query()),
+          days_until_cancel: getDaysUntilCancel(c.req.query()),
           passport: await checkPassportForPaymentLink(link),
           preview: '1',
         };
@@ -1357,10 +1357,10 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
     } else {
       raw.metadata = {
         ...link.metadata,
-        ...getDataObjectFromQuery(req.query),
+        ...getDataObjectFromQuery(c.req.query()),
         ...metadata,
-        days_until_due: getDaysUntilDue(req.query),
-        days_until_cancel: getDaysUntilCancel(req.query),
+        days_until_due: getDaysUntilDue(c.req.query()),
+        days_until_cancel: getDaysUntilCancel(c.req.query()),
         passport: await checkPassportForPaymentLink(link),
       };
     }
@@ -1371,7 +1371,7 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
 
     doc.line_items = items;
 
-    if (req.query.upsell === '1') {
+    if (c.req.query('upsell') === '1') {
       // add upsell to line items
       const updatedItems = cloneDeep(doc.line_items);
       updatedItems.forEach((item: any) => {
@@ -1422,7 +1422,7 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
       paymentUrl = await formatToShortUrl({ url: paymentUrl, validUntil, maxVisits });
     }
 
-    res.json({
+    return c.json({
       paymentUrl,
       checkoutSession: doc.toJSON(),
       quotes, // Include quotes information for frontend
@@ -1431,201 +1431,36 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
       paymentMethods: await getPaymentMethods(doc),
       paymentLink: link,
       paymentIntent: null,
-      customer: req.user ? await Customer.findOne({ where: { did: req.user.did } }) : null,
+      customer: c.get('user') ? await Customer.findOne({ where: { did: c.get('user').did } }) : null,
     });
   } catch (err) {
     logger.error(err);
     if (err instanceof CustomError) {
-      res.status(getStatusFromError(err)).json({ error: formatError(err) });
-    } else {
-      res.status(500).json({ error: err.message });
+      return c.json({ error: formatError(err) }, getStatusFromError(err));
     }
+    return c.json({ error: err.message }, 500);
   }
 }
 
 // start checkout session from payment link
-router.post('/start/:id', user, async (req, res) => {
+app.post('/start/:id', user, (c) => {
   logger.info('Starting checkout session from payment link', {
-    paymentLinkId: req.params.id,
-    userId: req.user?.did,
+    paymentLinkId: c.req.param('id'),
+    userId: c.get('user')?.did,
   });
-  await startCheckoutSessionFromPaymentLink(req.params.id as string, req, res);
-});
-
-// for Node.js SDK
-router.get('/:id', auth, async (req, res) => {
-  const doc = await CheckoutSession.findByPk(req.params.id);
-
-  if (doc) {
-    // @ts-ignore
-    doc.line_items = await Price.expand(doc.line_items, { upsell: true });
-    doc.url = getUrl(`/checkout/${doc.submit_type}/${doc.id}`);
-  }
-
-  if (doc) {
-    res.json(doc?.toJSON());
-  } else {
-    res.status(404).json(null);
-  }
-});
-
-// abort stripe subscription(s) created during an incomplete checkout session
-router.post('/:id/abort-stripe', user, ensureCheckoutSessionOpen, async (req, res) => {
-  try {
-    const checkoutSession = req.doc as CheckoutSession;
-
-    if (checkoutSession.status === 'complete') {
-      return res.status(400).json({ error: 'Checkout session already completed' });
-    }
-
-    // cancel stripe subscriptions if any
-    const canceledSubscriptions: string[] = [];
-    if (['subscription', 'setup'].includes(checkoutSession.mode)) {
-      const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
-      const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
-
-      const cancelOps = subscriptions.map(async (sub) => {
-        const stripeSubId = sub.payment_details?.stripe?.subscription_id;
-        if (!stripeSubId) {
-          return null;
-        }
-        const method = await PaymentMethod.findByPk(sub.default_payment_method_id);
-        if (!method || method.type !== 'stripe') {
-          return null;
-        }
-        const client = method.getStripeClient();
-        try {
-          await client.subscriptions.cancel(stripeSubId);
-          await sub.update({
-            payment_details: omit(sub.payment_details || {}, 'stripe'),
-            payment_settings: {
-              payment_method_options: omit(sub.payment_settings?.payment_method_options || {}, 'stripe'),
-              payment_method_types: sub.payment_settings?.payment_method_types || [],
-            },
-          });
-          canceledSubscriptions.push(sub.id);
-        } catch (err) {
-          logger.error('Failed to cancel stripe subscription for checkout abort', {
-            checkoutSessionId: checkoutSession.id,
-            subscriptionId: sub.id,
-            error: err.message,
-          });
-        }
-        return sub.id;
-      });
-      await Promise.all(cancelOps);
-    }
-
-    // remove related invoice if created
-    try {
-      const existInvoice = await Invoice.findOne({ where: { checkout_session_id: checkoutSession.id } });
-      if (existInvoice) {
-        await destroyExistingInvoice(existInvoice);
-      }
-    } catch (error: any) {
-      logger.error('Failed to destroy invoice on checkout abort', {
-        checkoutSessionId: checkoutSession.id,
-        error: error.message,
-      });
-    }
-    res.json({ checkoutSessionId: checkoutSession.id, canceledSubscriptions });
-  } catch (err: any) {
-    logger.error('Error aborting stripe for checkout session', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
-    });
-    res.status(500).json({ error: err.message });
-  }
-});
-
-// Skip payment method for $0 subscription — user chose "Skip, bind later"
-// Keeps the subscription but sets cancel_at_period_end so it won't renew without a payment method
-router.post('/:id/skip-payment-method', user, ensureCheckoutSessionOpen, async (req, res) => {
-  try {
-    if (!req.user) {
-      return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
-    }
-
-    const checkoutSession = req.doc as CheckoutSession;
-
-    if (!['subscription', 'setup'].includes(checkoutSession.mode)) {
-      return res.status(400).json({ error: 'Skip payment method is only supported for subscriptions' });
-    }
-
-    const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
-    const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
-
-    if (!subscriptions.length) {
-      return res.status(400).json({ error: 'No subscriptions found for this checkout session' });
-    }
-
-    // Cancel Stripe setup intents and activate subscriptions concurrently
-    await Promise.all(
-      subscriptions.map(async (sub) => {
-        const stripeSubId = sub.payment_details?.stripe?.subscription_id;
-        if (stripeSubId) {
-          const method = await PaymentMethod.findByPk(sub.default_payment_method_id);
-          if (method?.type === 'stripe') {
-            const client = method.getStripeClient();
-            try {
-              const stripeSub = await client.subscriptions.retrieve(stripeSubId, {
-                expand: ['pending_setup_intent'],
-              });
-              if (stripeSub.pending_setup_intent && typeof stripeSub.pending_setup_intent !== 'string') {
-                await client.setupIntents.cancel(stripeSub.pending_setup_intent.id);
-              }
-              await client.subscriptions.update(stripeSubId, { cancel_at_period_end: true });
-            } catch (err: any) {
-              logger.error('Failed to update Stripe subscription for skip-payment-method', {
-                checkoutSessionId: checkoutSession.id,
-                subscriptionId: sub.id,
-                stripeSubId,
-                error: err.message,
-              });
-            }
-          }
-        }
-
-        // Activate the local subscription with cancel_at_period_end
-        await sub.update({
-          status: sub.trial_end && sub.trial_end > Date.now() / 1000 ? 'trialing' : 'active',
-          cancel_at_period_end: true,
-        });
-        await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
-      })
-    );
-
-    // Complete the checkout session
-    await checkoutSession.update({
-      status: 'complete',
-      payment_status: 'no_payment_required',
-    });
-
-    return res.json({
-      checkoutSession: { id: checkoutSession.id, status: 'complete' },
-      skipped: true,
-    });
-  } catch (err: any) {
-    logger.error('Error in skip-payment-method', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
-    });
-    res.status(500).json({ error: err.message });
-  }
+  return startCheckoutSessionFromPaymentLink(c.req.param('id') as string, c);
 });
 
-// for checkout page
 // Lightweight status-only endpoint for polling.
 // Returns only status fields — no includes, no joins, single D1 query.
 // Used by waitForCheckoutComplete to minimize D1 load during payment processing.
-router.get('/status/:id', user, async (req, res) => {
-  const doc = await CheckoutSession.findByPk(req.params.id, {
+// Static prefix /status/:id registered before /:id to avoid shadowing.
+app.get('/status/:id', user, async (c) => {
+  const doc = await CheckoutSession.findByPk(c.req.param('id'), {
     attributes: ['id', 'status', 'payment_status', 'payment_intent_id'],
   });
   if (!doc) {
-    return res.status(404).json({ error: 'Checkout session not found' });
+    return c.json({ error: 'Checkout session not found' }, 404);
   }
 
   const piStatus = doc.payment_intent_id
@@ -1634,18 +1469,18 @@ router.get('/status/:id', user, async (req, res) => {
       }).then((pi) => (pi ? { status: pi.status, last_payment_error: pi.last_payment_error } : null))
     : null;
 
-  return res.json({
+  return c.json({
     checkoutSession: { status: doc.status, payment_status: doc.payment_status },
     paymentIntent: piStatus,
   });
 });
 
-router.get('/retrieve/:id', user, async (req, res) => {
-  const doc = await CheckoutSession.findByPk(req.params.id);
+// Static prefix /retrieve/:id registered before /:id to avoid shadowing.
+app.get('/retrieve/:id', user, async (c) => {
+  const doc = await CheckoutSession.findByPk(c.req.param('id'));
 
   if (!doc) {
-    res.status(404).json({ error: 'Checkout session not found, you may have incorrectly copied the link.' });
-    return;
+    return c.json({ error: 'Checkout session not found, you may have incorrectly copied the link.' }, 404);
   }
 
   // Check if subscription status needs updating (conditional write — must happen before reads)
@@ -1705,7 +1540,7 @@ router.get('/retrieve/:id', user, async (req, res) => {
 
   // Handle dynamic pricing: create or reuse quotes
   const isCheckoutConfirmed = doc.payment_status === 'paid' || doc.status === 'complete' || !!doc.subscription_id;
-  const forceRefresh = req.query.forceRefresh === '1' || req.query.forceRefresh === 'true';
+  const forceRefresh = c.req.query('forceRefresh') === '1' || c.req.query('forceRefresh') === 'true';
 
   // Start PaymentIntent fetch early — runs in parallel with quote processing (save ~85ms D1 RTT)
   const paymentIntentPromise = doc.payment_intent_id
@@ -1796,10 +1631,10 @@ router.get('/retrieve/:id', user, async (req, res) => {
   const [paymentMethods, paymentLink, customer] = await Promise.all([
     getPaymentMethods(doc),
     doc.payment_link_id ? PaymentLink.findByPk(doc.payment_link_id) : null,
-    req.user ? Customer.findOne({ where: { did: req.user.did } }) : null,
+    c.get('user') ? Customer.findOne({ where: { did: c.get('user').did } }) : null,
   ]);
 
-  res.json({
+  return c.json({
     checkoutSession: {
       ...doc.toJSON(),
       discounts: enhancedDiscounts,
@@ -1812,12 +1647,69 @@ router.get('/retrieve/:id', user, async (req, res) => {
     paymentLink,
     paymentIntent,
     customer,
-    ...(stopAcceptingOrders ? { stopAcceptingOrders: true } : {}),
+    ...(stopAcceptingOrders() ? { stopAcceptingOrders: true } : {}),
   });
 });
 
-// Fetch latest exchange rate for checkout session (for UI display/monitoring only)
-// Also renews active Quote's expires_at if it's about to expire
+// for Node.js SDK
+// Static prefix /broker-status/:id registered before /:id to avoid shadowing.
+app.get('/broker-status/:id', user, async (c) => {
+  const { needShortUrl = false } = c.req.query();
+  const doc = await CheckoutSession.findByPk(c.req.param('id'));
+
+  if (!doc) {
+    return c.json({
+      checkoutSession: {},
+      paymentLink: null,
+    });
+  }
+
+  // @ts-ignore
+  doc.line_items = await Price.expand(doc.line_items, { upsell: true });
+
+  const hasVendorConfig = doc.line_items?.some((item: any) => !!item?.price?.product?.vendor_config?.length);
+
+  if (!hasVendorConfig || doc.payment_status === 'unpaid' || doc.fulfillment_status === 'cancelled') {
+    return c.json({
+      checkoutSession: {},
+      paymentLink: null,
+    });
+  }
+
+  const paymentUrl = getUrl(`/checkout/pay/${doc.id}`);
+  const paymentLink = needShortUrl
+    ? await formatToShortUrl({
+        url: paymentUrl,
+        validUntil: dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00'),
+        maxVisits: 5,
+      })
+    : paymentUrl;
+
+  return c.json({
+    checkoutSession: {
+      ...doc.toJSON(),
+      line_items: doc.line_items, // Override with expanded line_items (includes price object)
+    },
+    paymentLink,
+  });
+});
+
+// for Node.js SDK
+app.get('/:id', auth, async (c) => {
+  const doc = await CheckoutSession.findByPk(c.req.param('id'));
+
+  if (doc) {
+    // @ts-ignore
+    doc.line_items = await Price.expand(doc.line_items, { upsell: true });
+    doc.url = getUrl(`/checkout/${doc.submit_type}/${doc.id}`);
+  }
+
+  if (doc) {
+    return c.json(doc?.toJSON());
+  }
+  return c.json(null, 404);
+});
+
 /**
  * Exchange Rate Endpoint (Final Freeze Architecture)
  *
@@ -1826,23 +1718,25 @@ router.get('/retrieve/:id', user, async (req, res) => {
  *
  * @see Intent: blocklets/core/ai/intent/20260112-dynamic-price.md
  */
-router.get('/:id/exchange-rate', user, async (req, res) => {
-  const doc = await CheckoutSession.findByPk(req.params.id);
+// Fetch latest exchange rate for checkout session (for UI display/monitoring only)
+// Also renews active Quote's expires_at if it's about to expire
+app.get('/:id/exchange-rate', user, async (c) => {
+  const doc = await CheckoutSession.findByPk(c.req.param('id'));
   if (!doc) {
-    return res.status(404).json({ error: 'Checkout session not found, you may have incorrectly copied the link.' });
+    return c.json({ error: 'Checkout session not found, you may have incorrectly copied the link.' }, 404);
   }
 
-  const currencyId = (req.query.currency_id as string) || doc.currency_id;
+  const currencyId = (c.req.query('currency_id') as string) || doc.currency_id;
   const paymentCurrency = (await PaymentCurrency.findByPk(currencyId, {
     include: [{ model: PaymentMethod, as: 'payment_method' }],
   })) as (PaymentCurrency & { payment_method: PaymentMethod }) | null;
 
   if (!paymentCurrency) {
-    return res.status(400).json({ error: 'Payment currency not found' });
+    return c.json({ error: 'Payment currency not found' }, 400);
   }
 
   if (paymentCurrency.payment_method?.type === 'stripe') {
-    return res.status(400).json({ error: 'Exchange rate is not supported for stripe payments' });
+    return c.json({ error: 'Exchange rate is not supported for stripe payments' }, 400);
   }
 
   const serverNow = Math.floor(Date.now() / 1000);
@@ -1851,7 +1745,7 @@ router.get('/:id/exchange-rate', user, async (req, res) => {
     const rateResult = await fetchCurrentExchangeRate(paymentCurrency, paymentCurrency.payment_method);
 
     // Final Freeze: Only return rate snapshot, no quote data
-    return res.json({
+    return c.json({
       server_now: serverNow,
       rate: rateResult.rate,
       timestamp_ms: rateResult.timestamp_ms,
@@ -1876,55 +1770,14 @@ router.get('/:id/exchange-rate', user, async (req, res) => {
     });
 
     // Return 503 with RATE_UNAVAILABLE code
-    return res.status(503).json({
-      code: 'RATE_UNAVAILABLE',
-      error: error?.message || 'Exchange rate unavailable',
-    });
-  }
-});
-
-// for checkout page
-router.get('/broker-status/:id', user, async (req, res) => {
-  const { needShortUrl = false } = req.query;
-  const doc = await CheckoutSession.findByPk(req.params.id);
-
-  if (!doc) {
-    res.json({
-      checkoutSession: {},
-      paymentLink: null,
-    });
-    return;
-  }
-
-  // @ts-ignore
-  doc.line_items = await Price.expand(doc.line_items, { upsell: true });
-
-  const hasVendorConfig = doc.line_items?.some((item: any) => !!item?.price?.product?.vendor_config?.length);
-
-  if (!hasVendorConfig || doc.payment_status === 'unpaid' || doc.fulfillment_status === 'cancelled') {
-    res.json({
-      checkoutSession: {},
-      paymentLink: null,
-    });
-    return;
+    return c.json(
+      {
+        code: 'RATE_UNAVAILABLE',
+        error: error?.message || 'Exchange rate unavailable',
+      },
+      503
+    );
   }
-
-  const paymentUrl = getUrl(`/checkout/pay/${doc.id}`);
-  const paymentLink = needShortUrl
-    ? await formatToShortUrl({
-        url: paymentUrl,
-        validUntil: dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00'),
-        maxVisits: 5,
-      })
-    : paymentUrl;
-
-  res.json({
-    checkoutSession: {
-      ...doc.toJSON(),
-      line_items: doc.line_items, // Override with expanded line_items (includes price object)
-    },
-    paymentLink,
-  });
 });
 
 async function checkVendorConfig(items: TLineItemExpanded[]) {
@@ -2666,20 +2519,24 @@ async function prefetchQuotesForCheckoutSession(checkoutSession: CheckoutSession
 }
 
 // submit order
-router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/submit', user, ensureCheckoutSessionOpen, async (c) => {
   let consumedQuotes: PriceQuote[] = [];
-  const checkoutSession = req.doc as CheckoutSession;
+  const checkoutSession = c.get('doc') as CheckoutSession;
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    if (!req.user) {
-      return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
+    if (!c.get('user')) {
+      return c.json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' }, 403);
     }
 
     // Check if system is accepting new orders
-    if (stopAcceptingOrders) {
-      return res.status(422).json({
-        code: 'STOP_ACCEPTING_ORDERS',
-        error: 'We are not accepting new orders at this time. Please try again later.',
-      });
+    if (stopAcceptingOrders()) {
+      return c.json(
+        {
+          code: 'STOP_ACCEPTING_ORDERS',
+          error: 'We are not accepting new orders at this time. Please try again later.',
+        },
+        422
+      );
     }
 
     // Idempotency check: If already complete/paid, return existing state
@@ -2695,28 +2552,34 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       const quoteIds = (existingPaymentIntent?.metadata as any)?.quoteIds || [];
       const quotes = quoteIds.length > 0 ? await PriceQuote.findAll({ where: { id: quoteIds } }) : [];
 
-      return res.status(200).json({
-        checkoutSession,
-        paymentIntent: existingPaymentIntent,
-        invoice: existingInvoice,
-        quotes: quotes.map((q) => ({
-          id: q.id,
-          status: q.status,
-          quoted_amount: q.quoted_amount,
-          expires_at: q.expires_at,
-        })),
-        message: 'Checkout session already completed',
-      });
+      return c.json(
+        {
+          checkoutSession,
+          paymentIntent: existingPaymentIntent,
+          invoice: existingInvoice,
+          quotes: quotes.map((q) => ({
+            id: q.id,
+            status: q.status,
+            quoted_amount: q.quoted_amount,
+            expires_at: q.expires_at,
+          })),
+          message: 'Checkout session already completed',
+        },
+        200
+      );
     }
 
-    const hasVendorConfig = await checkVendorConfig(req.doc.line_items);
+    const hasVendorConfig = await checkVendorConfig((c.get('doc') as CheckoutSession).line_items as any);
     if (hasVendorConfig) {
-      const { user: userDetail } = await blocklet.getUser(req.user.did, { enableConnectedAccount: true });
+      const { user: userDetail } = await blocklet.getUser(c.get('user').did, { enableConnectedAccount: true });
       if (!userDetail?.sourceAppPid) {
-        return res.status(403).json({
-          code: 'UNIFIED_APP_REQUIRED',
-          error: 'This action requires a unified account. Please switch accounts and try again.',
-        });
+        return c.json(
+          {
+            code: 'UNIFIED_APP_REQUIRED',
+            error: 'This action requires a unified account. Please switch accounts and try again.',
+          },
+          403
+        );
       }
     }
 
@@ -2729,7 +2592,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           line_items: checkoutSession.line_items,
           checkoutSessionId: checkoutSession.id,
         });
-        return res.status(400).json({ error: err.message });
+        return c.json({ error: (err as any).message }, 400);
       }
     }
     // validate cross sell
@@ -2738,20 +2601,18 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         const result = await getCrossSellItem(checkoutSession);
         // @ts-ignore
         if (result.id) {
-          return res
-            .status(400)
-            .json({ code: 'REQUIRE_CROSS_SELL', error: 'Please select cross sell product to continue' });
+          return c.json({ code: 'REQUIRE_CROSS_SELL', error: 'Please select cross sell product to continue' }, 400);
         }
       }
     }
 
     const { paymentMethod, paymentCurrency } = await validatePaymentSettings(
-      req.body.payment_method,
-      req.body.payment_currency
+      (body as any).payment_method,
+      (body as any).payment_currency
     );
     await checkoutSession.update({
       currency_id: paymentCurrency.id,
-      metadata: { ...checkoutSession.metadata, preferred_locale: req.locale },
+      metadata: { ...checkoutSession.metadata, preferred_locale: c.get('locale') },
     });
 
     const expandedLineItems = await Price.expand(checkoutSession.line_items, { product: true, upsell: true });
@@ -2763,13 +2624,13 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
     const isTrialing = trialSetup.trialInDays > 0 || trialSetup.trialEnd > submitNow;
 
     // Check if using Final Freeze flow (idempotency_key provided)
-    const useFinalFreezeFlow = !!req.body.idempotency_key;
+    const useFinalFreezeFlow = !!(body as any).idempotency_key;
 
     if (useFinalFreezeFlow) {
       // Final Freeze: Create quotes at submit time with dual-layer validation
       logger.info('Using Final Freeze quote creation flow', {
         sessionId: checkoutSession.id,
-        idempotencyKey: req.body.idempotency_key,
+        idempotencyKey: (body as any).idempotency_key,
         isTrialing,
       });
 
@@ -2777,38 +2638,34 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         checkoutSession,
         lineItems: expandedLineItems,
         paymentCurrencyId: paymentCurrency.id,
-        idempotencyKey: req.body.idempotency_key,
-        previewRate: req.body.preview_rate,
-        priceConfirmed: req.body.price_confirmed === true,
+        idempotencyKey: (body as any).idempotency_key,
+        previewRate: (body as any).preview_rate,
+        priceConfirmed: (body as any).price_confirmed === true,
         trialing: isTrialing,
       });
 
       // Handle validation errors (PRICE_UNAVAILABLE, PRICE_UNSTABLE, PRICE_CHANGED, RATE_BELOW_SLIPPAGE_LIMIT)
       if (quoteResult.validationError) {
         const { code, message, changePercent, currentRate, minAcceptableRate } = quoteResult.validationError;
-        // RATE_BELOW_SLIPPAGE_LIMIT: 400 - user needs to update slippage settings
-        // PRICE_CHANGED: 409 - price changed, needs confirmation
-        // PRICE_UNAVAILABLE/PRICE_UNSTABLE: 503 - service temporarily unavailable
         let statusCode = 503;
         if (code === 'RATE_BELOW_SLIPPAGE_LIMIT') {
           statusCode = 400;
         } else if (code === 'PRICE_CHANGED') {
           statusCode = 409;
         }
-        return res.status(statusCode).json({
-          code,
-          error: message,
-          change_percent: changePercent,
-          // Include extra data for PRICE_CHANGED to help frontend display confirmation dialog
-          ...(code === 'PRICE_CHANGED' && {
-            requires_confirmation: true,
-          }),
-          // Include rate info for RATE_BELOW_SLIPPAGE_LIMIT to help frontend display update dialog
-          ...(code === 'RATE_BELOW_SLIPPAGE_LIMIT' && {
-            current_rate: currentRate,
-            min_acceptable_rate: minAcceptableRate,
-          }),
-        });
+        return c.json(
+          {
+            code,
+            error: message,
+            change_percent: changePercent,
+            ...(code === 'PRICE_CHANGED' && { requires_confirmation: true }),
+            ...(code === 'RATE_BELOW_SLIPPAGE_LIMIT' && {
+              current_rate: currentRate,
+              min_acceptable_rate: minAcceptableRate,
+            }),
+          },
+          statusCode as any
+        );
       }
 
       consumedQuotes = quoteResult.consumedQuotes;
@@ -2824,7 +2681,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           checkoutSession,
           lineItems: expandedLineItems,
           paymentCurrencyId: paymentCurrency.id,
-          quotesInput: req.body.quotes,
+          quotesInput: (body as any).quotes,
           strict: true,
         });
         consumedQuotes = quoteResult.consumedQuotes;
@@ -2834,7 +2691,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         }
       } catch (err) {
         if (err instanceof CustomError) {
-          const errCode = getQuoteErrorCode(err) || err.code || 'QUOTE_INVALID';
+          const errCode = getQuoteErrorCode(err) || (err as any).code || 'QUOTE_INVALID';
           if (
             [
               'QUOTE_AMOUNT_MISMATCH',
@@ -2844,41 +2701,34 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
               'QUOTE_LOCK_EXPIRED',
             ].includes(String(errCode))
           ) {
-            return res.status(409).json({ code: String(errCode), error: err.message });
+            return c.json({ code: String(errCode), error: (err as any).message }, 409);
           }
-          return res.status(400).json({ code: String(errCode), error: err.message });
+          return c.json({ code: String(errCode), error: (err as any).message }, 400);
         }
         throw err;
       }
     }
 
-    // Save quote_id and quote_currency_id to CheckoutSession.line_items for future reference
-    // Preserve all existing fields in line_items, but update quote-related fields
-    // Quote data is the single source of truth in PriceQuote table
-    // Also update metadata.slippage with min_acceptable_rate for subscription creation
     const quoteWithMinRate = consumedQuotes.find((q) => q.min_acceptable_rate);
     let updatedMetadata = checkoutSession.metadata;
 
     if (quoteWithMinRate) {
-      // Use min_acceptable_rate from quote
       updatedMetadata = {
         ...(checkoutSession.metadata || {}),
         slippage: {
           ...((checkoutSession.metadata as any)?.slippage || {}),
-          mode: 'rate', // Use 'rate' mode so buildSlippageConfig will include min_acceptable_rate
+          mode: 'rate',
           min_acceptable_rate: quoteWithMinRate.min_acceptable_rate,
           percent: quoteWithMinRate.slippage_percent ?? 0.5,
           updated_at_ms: Date.now(),
         },
       };
     } else {
-      // No quote (e.g., trial period) - calculate min_acceptable_rate from current rate if needed
       const existingSlippage = (checkoutSession.metadata as any)?.slippage;
       const hasDynamicPricing = expandedLineItems.some(
         (item) => ((item.upsell_price || item.price) as any)?.pricing_type === 'dynamic'
       );
 
-      // If dynamic pricing and no min_acceptable_rate yet, calculate from current rate
       if (hasDynamicPricing && existingSlippage && !existingSlippage.min_acceptable_rate) {
         try {
           const rateResult = await fetchCurrentExchangeRate(paymentCurrency, paymentMethod);
@@ -2886,14 +2736,13 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
             const rate = Number(rateResult.rate);
             const percent = existingSlippage.percent ?? DEFAULT_SLIPPAGE_PERCENT;
             if (Number.isFinite(rate) && rate > 0) {
-              // min_rate = rate / (1 + percent/100)
               const minRate = rate / (1 + percent / 100);
               updatedMetadata = {
                 ...(checkoutSession.metadata || {}),
                 slippage: {
                   ...existingSlippage,
                   min_acceptable_rate: minRate.toFixed(8).replace(/\.?0+$/, ''),
-                  base_currency: 'USD', // Exchange rates are always USD-based
+                  base_currency: 'USD',
                   updated_at_ms: Date.now(),
                 },
               };
@@ -2910,7 +2759,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
             sessionId: checkoutSession.id,
             error: error.message,
           });
-          // Continue without min_acceptable_rate - not a fatal error
         }
       }
     }
@@ -2921,16 +2769,12 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         const baseItem = checkoutSession.line_items.find((li: any) => li.price_id === item.price_id);
         const quoteId = (item as any).quote_id || (baseItem as any)?.quote_id;
         const quoteCurrencyId = (item as any).quote_currency_id || (baseItem as any)?.quote_currency_id;
-        const result: any = {
-          ...baseItem, // Preserve all original fields
-        };
+        const result: any = { ...baseItem };
         if (quoteId) {
-          result.quote_id = String(quoteId); // Ensure quote_id is string
-          // Also save quote_currency_id so backend can validate custom_amount against currency
+          result.quote_id = String(quoteId);
           if (quoteCurrencyId) {
             result.quote_currency_id = quoteCurrencyId;
           }
-          // Update custom_amount from the new quote if available
           if ((item as any).custom_amount) {
             result.custom_amount = (item as any).custom_amount;
           }
@@ -2946,16 +2790,16 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       savedMinAcceptableRate: quoteWithMinRate?.min_acceptable_rate,
     });
 
-    let customer = await Customer.findOne({ where: { did: req.user.did } });
+    let customer = await Customer.findOne({ where: { did: c.get('user').did } });
     if (!customer) {
-      const { user: userInfo } = await blocklet.getUser(req.user.did);
+      const { user: userInfo } = await blocklet.getUser(c.get('user').did);
       customer = await Customer.create({
         livemode: !!checkoutSession.livemode,
-        did: req.user.did,
-        name: req.body.customer_name,
-        email: req.body.customer_email || userInfo?.email || '',
-        phone: req.body.customer_phone || userInfo?.phone || '',
-        address: req.body.billing_address || Customer.formatAddressFromUser(userInfo),
+        did: c.get('user').did,
+        name: (body as any).customer_name,
+        email: (body as any).customer_email || userInfo?.email || '',
+        phone: (body as any).customer_phone || userInfo?.phone || '',
+        address: (body as any).billing_address || Customer.formatAddressFromUser(userInfo),
         description: userInfo?.remark || '',
         metadata: {},
         balance: '0',
@@ -2963,7 +2807,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         delinquent: false,
         invoice_prefix: Customer.getInvoicePrefix(),
       });
-      logger.info('customer created on checkout session submit', { did: req.user.did, id: customer.id });
+      logger.info('customer created on checkout session submit', { did: c.get('user').did, id: customer.id });
       try {
         await blocklet.updateUserAddress(
           {
@@ -2972,48 +2816,39 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           },
           {
             headers: {
-              cookie: req.headers.cookie || '',
+              cookie: c.req.header('cookie') || '',
             },
           }
         );
-        logger.info('updateUserAddress success', {
-          did: customer.did,
-        });
+        logger.info('updateUserAddress success', { did: customer.did });
       } catch (err) {
-        logger.error('updateUserAddress failed', {
-          error: err,
-          customerId: customer.id,
-        });
+        logger.error('updateUserAddress failed', { error: err, customerId: customer.id });
       }
     } else {
       const updates: Record<string, any> = {};
       if (checkoutSession.customer_update?.name) {
-        if (req.body.customer_name) {
-          updates.name = req.body.customer_name;
+        if ((body as any).customer_name) {
+          updates.name = (body as any).customer_name;
         }
-        if (req.body.customer_email) {
-          updates.email = req.body.customer_email;
+        if ((body as any).customer_email) {
+          updates.email = (body as any).customer_email;
         }
-        if (req.body.customer_phone) {
-          updates.phone = req.body.customer_phone;
+        if ((body as any).customer_phone) {
+          updates.phone = (body as any).customer_phone;
         }
       }
       if (checkoutSession.customer_update?.address) {
-        updates.address = Customer.formatUpdateAddress(req.body.billing_address, customer);
+        updates.address = Customer.formatUpdateAddress((body as any).billing_address, customer);
       }
       if (!customer.invoice_prefix) {
         updates.invoice_prefix = Customer.getInvoicePrefix();
       }
 
       if (!hasObjectChanged(updates, customer, { deepCompare: ['address'] })) {
-        logger.info('customer update skipped (no changes)', {
-          did: customer.did,
-        });
+        logger.info('customer update skipped (no changes)', { did: customer.did });
       } else {
         await customer.update(updates);
-        logger.info('customer updated', {
-          did: customer.did,
-        });
+        logger.info('customer updated', { did: customer.did });
 
         try {
           await blocklet.updateUserAddress(
@@ -3025,18 +2860,13 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
             },
             {
               headers: {
-                cookie: req.headers.cookie || '',
+                cookie: c.req.header('cookie') || '',
               },
             }
           );
-          logger.info('updateUserAddress success', {
-            did: customer.did,
-          });
+          logger.info('updateUserAddress success', { did: customer.did });
         } catch (err) {
-          logger.error('updateUserAddress failed', {
-            error: err,
-            customerId: customer.id,
-          });
+          logger.error('updateUserAddress failed', { error: err, customerId: customer.id });
         }
       }
     }
@@ -3044,57 +2874,55 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
     // check if customer can make new purchase
     const canMakeNewPurchase = await customer.canMakeNewPurchase(checkoutSession.invoice_id);
     if (!canMakeNewPurchase) {
-      return res.status(403).json({
-        code: 'CUSTOMER_LIMITED',
-        error: 'Customer can not make new purchase, maybe you have unpaid invoices from previous purchases',
-      });
+      return c.json(
+        {
+          code: 'CUSTOMER_LIMITED',
+          error: 'Customer can not make new purchase, maybe you have unpaid invoices from previous purchases',
+        },
+        403
+      );
     }
 
     // check if user is in blocklist
     if (CHARGE_SUPPORTED_CHAIN_TYPES.includes(paymentMethod.type)) {
-      const inBlock = await isUserInBlocklist(req.user.did, paymentMethod);
+      const inBlock = await isUserInBlocklist(c.get('user').did, paymentMethod);
       if (inBlock) {
-        return res
-          .status(403)
-          .json({ code: 'PAYMENT_RESTRICTED', error: 'Unable to process your purchase at this time' });
+        return c.json({ code: 'PAYMENT_RESTRICTED', error: 'Unable to process your purchase at this time' }, 403);
       }
     }
 
-    await checkoutSession.update({ customer_id: customer.id, customer_did: req.user.did });
+    await checkoutSession.update({ customer_id: customer.id, customer_did: c.get('user').did });
 
-    // Verify and recalculate amount with current discounts
     const { lineItems, trialInDays, trialEnd, now } = await calculateAndUpdateAmount(
       checkoutSession,
       paymentCurrency.id,
       true,
-      {
-        lineItemsOverride: lineItemsWithQuotes,
-      }
+      { lineItemsOverride: lineItemsWithQuotes }
     );
 
-    // Validate payment amounts meet minimum requirements
     if (paymentMethod.type === 'stripe') {
       const result = await validatePaymentAmounts(lineItems, paymentCurrency, checkoutSession);
       if (!result.valid) {
-        return res.status(400).json({ error: result.error });
+        return c.json({ error: result.error }, 400);
       }
     }
 
-    // Validate checkout session ownership if it was created for a specific customer
     if (checkoutSession.customer_did && checkoutSession.metadata?.createdBy) {
       const createdByDid = checkoutSession.metadata.createdBy;
-      if (createdByDid !== req.user.did) {
-        return res.status(403).json({
-          error:
-            "It's not allowed to submit checkout sessions created by other users, please create your own checkout session",
-        });
+      if (createdByDid !== c.get('user').did) {
+        return c.json(
+          {
+            error:
+              "It's not allowed to submit checkout sessions created by other users, please create your own checkout session",
+          },
+          403
+        );
       }
     }
 
-    // Validate promotion codes are still valid during submission
     await validatePromotionCodesOnSubmit(checkoutSession, {
       lineItems,
-      customerId: req.user.did,
+      customerId: c.get('user').did,
       amount: checkoutSession.amount_subtotal,
     });
 
@@ -3106,12 +2934,11 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       }
     } catch (err) {
       logger.error('Failed to destroy exist invoice', {
-        error: err.message,
+        error: (err as any).message,
         checkoutSessionId: checkoutSession.id,
       });
     }
 
-    // create or update payment intent
     let paymentIntent: PaymentIntent | null = null;
     if (checkoutSession.mode === 'payment') {
       const result = await createOrUpdatePaymentIntent(
@@ -3126,13 +2953,12 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       );
       paymentIntent = result.paymentIntent;
 
-      // Create discount records for payment mode immediately after payment intent creation
       if (checkoutSession.discounts?.length) {
         try {
           const discountResult = await createDiscountRecordsForCheckout({
             checkoutSession,
             customerId: customer.id,
-            subscriptionIds: [], // No subscriptions for payment mode
+            subscriptionIds: [],
           });
 
           logger.info('Created discount records for checkout session payment', {
@@ -3145,7 +2971,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           logger.error('Failed to create discount records for checkout session payment', {
             checkoutSessionId: checkoutSession.id,
             paymentIntentId: paymentIntent?.id,
-            error: discountError.message,
+            error: (discountError as any).message,
           });
         }
       }
@@ -3156,7 +2982,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       }
     }
 
-    // SetupIntent processing
     let setupIntent: SetupIntent | null = null;
     if (checkoutSession.mode === 'setup' && paymentMethod.type !== 'stripe') {
       if (checkoutSession.setup_intent_id) {
@@ -3165,10 +2990,10 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
 
       if (setupIntent) {
         if (setupIntent.isImmutable()) {
-          return res.status(403).json({ code: 'SETUP_SUCCEEDED', error: 'Checkout session setup completed' });
+          return c.json({ code: 'SETUP_SUCCEEDED', error: 'Checkout session setup completed' }, 403);
         }
         if (setupIntent.status === 'processing') {
-          return res.status(403).json({ code: 'SETUP_PROCESSING', error: 'Checkout session setup processing' });
+          return c.json({ code: 'SETUP_PROCESSING', error: 'Checkout session setup processing' }, 403);
         }
         await setupIntent.update({
           status: 'requires_capture',
@@ -3197,7 +3022,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           metadata: checkoutSession.metadata,
         });
 
-        // persist setup intent id
         await checkoutSession.update({ setup_intent_id: setupIntent.id });
         logger.info('setupIntent created on checkout session submit', {
           session: checkoutSession.id,
@@ -3206,7 +3030,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       }
     }
 
-    // subscription processing
     let subscription: Subscription | null = null;
     let subscriptions: Subscription[] = [];
 
@@ -3245,7 +3068,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         enableSubscriptionGrouping: checkoutSession.enable_subscription_grouping,
       });
 
-      // Create discount records immediately after subscriptions are created
       if (checkoutSession.discounts?.length) {
         try {
           const discountResult = await createDiscountRecordsForCheckout({
@@ -3254,7 +3076,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
             subscriptionIds: subscriptions.map((s) => s.id),
           });
 
-          // Update subscription discount_id references
           if (discountResult.subscriptionsUpdated.length > 0) {
             try {
               const subscriptionUpdateResult = await updateSubscriptionDiscountReferences({
@@ -3270,7 +3091,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
               logger.error('Failed to update subscription discount_id references', {
                 checkoutSessionId: checkoutSession.id,
                 subscriptionsUpdated: discountResult.subscriptionsUpdated,
-                error: subscriptionUpdateError.message,
+                error: (subscriptionUpdateError as any).message,
               });
               throw subscriptionUpdateError;
             }
@@ -3285,16 +3106,16 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         } catch (discountError) {
           logger.error('Failed to create discount records for checkout session', {
             checkoutSessionId: checkoutSession.id,
-            error: discountError.message,
+            error: (discountError as any).message,
           });
-          return res
-            .status(400)
-            .json({ error: 'Failed to create discount records for checkout session, please try again later' });
+          return c.json(
+            { error: 'Failed to create discount records for checkout session, please try again later' },
+            400
+          );
         }
       }
     }
 
-    // Prepare discount configuration
     let discountConfig;
     if (checkoutSession.discounts && checkoutSession.discounts.length > 0) {
       const firstDiscount = checkoutSession.discounts[0];
@@ -3307,7 +3128,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       }
     }
 
-    // Calculate actual current payment amount (excludes future renewals)
     const trialing = trialInDays > 0 || trialEnd > now;
     const { total: currentPaymentTotal } = await getCheckoutAmount(
       lineItems,
@@ -3332,7 +3152,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       },
     };
 
-    // if we can complete purchase with customer balance
     const balance = isCreditSufficientForPayment({
       paymentMethod,
       paymentCurrency,
@@ -3350,7 +3169,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       paymentCurrency.isCredit() ||
       (checkoutSession.mode === 'subscription' && checkoutSession.subscription_data?.no_stake);
     if (isPayment && paymentIntent && canFastPay) {
-      // if we can complete purchase without any wallet interaction
       delegation = await isDelegationSufficientForPayment({
         paymentMethod,
         paymentCurrency,
@@ -3365,7 +3183,6 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         };
       }
     } else if (paymentMethod.type === 'arcblock' && canFastPayForSubscription) {
-      // if we can complete purchase without any wallet interaction
       const result = await processSubscriptionFastCheckout({
         checkoutSession,
         customer,
@@ -3383,12 +3200,9 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         logger.warn(`Fast checkout processing failed: ${result.message}`, {
           checkoutSessionId: checkoutSession.id,
         });
-
         creditSufficient = false;
       } else {
-        delegation = {
-          sufficient: true,
-        };
+        delegation = { sufficient: true };
         canFastPay = true;
         fastPayInfo = {
           type: 'delegation',
@@ -3428,10 +3242,7 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
         const primarySubscription = (subscriptions.find((x) => x.metadata.is_primary_subscription) ||
           subscriptions[0]) as Subscription;
         if (!stripeContext) {
-          stripeContext = {
-            type: 'subscription',
-            stripe_subscriptions: '',
-          };
+          stripeContext = { type: 'subscription', stripe_subscriptions: '' };
         }
         stripeContext.stripe_subscriptions = '';
         await pAll(
@@ -3486,12 +3297,9 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
                 status: stripeSubscription.status,
               };
             }
-            return {
-              stripeSubscription,
-              subscription: sub,
-            };
+            return { stripeSubscription, subscription: sub };
           }),
-          { concurrency: updateDataConcurrency }
+          { concurrency: updateDataConcurrency() }
         );
         if (subscriptions.length > 1) {
           stripeContext.has_multiple_subscriptions = true;
@@ -3514,14 +3322,14 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
     }
 
     logger.info('Checkout session submitted successfully', {
-      sessionId: req.params.id,
+      sessionId: c.req.param('id'),
       paymentIntentId: paymentIntent?.id,
       setupIntentId: setupIntent?.id,
       subscriptionId: subscription?.id,
       customerId: customer?.id,
     });
 
-    return res.json({
+    return c.json({
       paymentIntent,
       setupIntent,
       stripeContext,
@@ -3543,50 +3351,44 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
           quoteService.markAsPaymentFailed(q.id).catch((error) =>
             logger.error('Failed to mark quote as payment failed', {
               quoteId: q.id,
-              sessionId: req.params.id,
-              error: error.message,
+              sessionId: c.req.param('id'),
+              error: (error as any).message,
             })
           )
         )
       );
     }
     if (err instanceof CustomError) {
-      if (err.code === 'RATE_UNAVAILABLE') {
-        return res.status(503).json({ code: err.code, error: err.message });
+      if ((err as any).code === 'RATE_UNAVAILABLE') {
+        return c.json({ code: (err as any).code, error: (err as any).message }, 503);
       }
-      if (['QUOTE_LOCK_EXPIRED'].includes(String(err.code))) {
-        return res.status(409).json({ code: String(err.code), error: err.message });
+      if (['QUOTE_LOCK_EXPIRED'].includes(String((err as any).code))) {
+        return c.json({ code: String((err as any).code), error: (err as any).message }, 409);
       }
     }
     logger.error('Error submitting checkout session', {
-      sessionId: req.params.id,
+      sessionId: c.req.param('id'),
       error: err,
-      stack: err.stack,
+      stack: (err as any).stack,
     });
-    res.status(500).json({ code: err.code, error: err.message });
+    return c.json({ code: (err as any).code, error: (err as any).message }, 500);
   }
 });
 
 // 打赏（不强制登录）
-router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (c) => {
   let consumedQuotes: PriceQuote[] = [];
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
     if (!isDonationCheckoutSession(checkoutSession)) {
-      return res.status(400).json({
-        code: 'INVALID_DONATION',
-        error: 'This endpoint is only for donations',
-      });
+      return c.json({ code: 'INVALID_DONATION', error: 'This endpoint is only for donations' }, 400);
     }
 
     if (checkoutSession.mode !== 'payment') {
-      return res.status(400).json({
-        code: 'INVALID_MODE',
-        error: 'This endpoint is only for payment mode donations',
-      });
+      return c.json({ code: 'INVALID_MODE', error: 'This endpoint is only for payment mode donations' }, 400);
     }
 
-    // validate inventory
     if (checkoutSession.line_items) {
       try {
         await validateInventory(checkoutSession.line_items);
@@ -3596,14 +3398,13 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
           line_items: checkoutSession.line_items,
           checkoutSessionId: checkoutSession.id,
         });
-        return res.status(400).json({ error: err.message });
+        return c.json({ error: (err as any).message }, 400);
       }
     }
 
-    // validate payment settings
     const { paymentMethod, paymentCurrency } = await validatePaymentSettings(
-      req.body.payment_method,
-      req.body.payment_currency
+      (body as any).payment_method,
+      (body as any).payment_currency
     );
     await checkoutSession.update({ currency_id: paymentCurrency.id });
 
@@ -3614,7 +3415,7 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
         checkoutSession,
         lineItems: expandedLineItems,
         paymentCurrencyId: paymentCurrency.id,
-        quotesInput: req.body.quotes,
+        quotesInput: (body as any).quotes,
         strict: true,
       });
       consumedQuotes = quoteResult.consumedQuotes;
@@ -3624,7 +3425,7 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
       }
     } catch (err) {
       if (err instanceof CustomError) {
-        const errCode = String(getQuoteErrorCode(err) || err.code || 'QUOTE_INVALID');
+        const errCode = String(getQuoteErrorCode(err) || (err as any).code || 'QUOTE_INVALID');
         if (
           [
             'QUOTE_AMOUNT_MISMATCH',
@@ -3634,14 +3435,13 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
             'QUOTE_LOCK_EXPIRED',
           ].includes(errCode)
         ) {
-          return res.status(409).json({ code: errCode, error: err.message });
+          return c.json({ code: errCode, error: (err as any).message }, 409);
         }
-        return res.status(400).json({ code: errCode, error: err.message });
+        return c.json({ code: errCode, error: (err as any).message }, 400);
       }
       throw err;
     }
 
-    // calculate amount and update checkout session
     const { lineItems } = await calculateAndUpdateAmount(checkoutSession, paymentCurrency.id, false, {
       lineItemsOverride: lineItemsWithQuotes,
     });
@@ -3661,12 +3461,12 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
       await quoteService.markQuotesAsPaidByInvoice(paymentIntent.invoice_id);
     }
 
-    return res.json({
+    return c.json({
       paymentIntent,
       checkoutSession,
       paymentMethod,
       paymentCurrency,
-      formData: req.body,
+      formData: body,
     });
   } catch (err) {
     if (consumedQuotes.length) {
@@ -3676,45 +3476,49 @@ router.put('/:id/donate-submit', ensureCheckoutSessionOpen, async (req, res) =>
           quoteService.markAsPaymentFailed(q.id).catch((error) =>
             logger.error('Failed to mark quote as payment failed', {
               quoteId: q.id,
-              sessionId: req.params.id,
-              error: error.message,
+              sessionId: c.req.param('id'),
+              error: (error as any).message,
             })
           )
         )
       );
     }
     if (err instanceof CustomError) {
-      if (err.code === 'RATE_UNAVAILABLE') {
-        return res.status(503).json({ code: err.code, error: err.message });
+      if ((err as any).code === 'RATE_UNAVAILABLE') {
+        return c.json({ code: (err as any).code, error: (err as any).message }, 503);
       }
-      if (['QUOTE_LOCK_EXPIRED'].includes(String(err.code))) {
-        return res.status(409).json({ code: String(err.code), error: err.message });
+      if (['QUOTE_LOCK_EXPIRED'].includes(String((err as any).code))) {
+        return c.json({ code: String((err as any).code), error: (err as any).message }, 409);
       }
     }
     logger.error('Error processing donation submission', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(400).json({ code: err.code, error: err.message });
+    return c.json({ code: (err as any).code, error: (err as any).message }, 400);
   }
 });
 
-router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async (c) => {
   let consumedQuotes: PriceQuote[] = [];
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    if (!req.user) {
-      return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
+    if (!c.get('user')) {
+      return c.json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' }, 403);
     }
 
-    if (stopAcceptingOrders) {
-      return res.status(422).json({
-        code: 'STOP_ACCEPTING_ORDERS',
-        error: 'We are not accepting new orders at this time. Please try again later.',
-      });
+    if (stopAcceptingOrders()) {
+      return c.json(
+        {
+          code: 'STOP_ACCEPTING_ORDERS',
+          error: 'We are not accepting new orders at this time. Please try again later.',
+        },
+        422
+      );
     }
 
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
 
     if (checkoutSession.line_items) {
       try {
@@ -3725,56 +3529,57 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
           line_items: checkoutSession.line_items,
           checkoutSessionId: checkoutSession.id,
         });
-        return res.status(400).json({ error: err.message });
+        return c.json({ error: (err as any).message }, 400);
       }
     }
-    // validate cross sell
     if (checkoutSession.cross_sell_behavior === 'required') {
       if (checkoutSession.line_items.some((x) => x.cross_sell) === false) {
         const result = await getCrossSellItem(checkoutSession);
         // @ts-ignore
         if (result.id) {
-          return res
-            .status(400)
-            .json({ code: 'REQUIRE_CROSS_SELL', error: 'Please select cross sell product to continue' });
+          return c.json({ code: 'REQUIRE_CROSS_SELL', error: 'Please select cross sell product to continue' }, 400);
         }
       }
     }
 
-    // Parallel: load currency + customer (independent lookups)
     const [paymentCurrency, customer] = await Promise.all([
       PaymentCurrency.findByPk(checkoutSession.currency_id),
-      Customer.findByPkOrDid(req.user.did),
+      Customer.findByPkOrDid(c.get('user').did),
     ]);
     if (!paymentCurrency) {
-      return res.status(400).json({ error: 'Payment currency not found' });
+      return c.json({ error: 'Payment currency not found' }, 400);
     }
     if (!customer) {
-      return res.status(400).json({ error: '' });
+      return c.json({ error: '' }, 400);
     }
 
     const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
     if (!paymentMethod) {
-      return res.status(400).json({ error: 'Payment method not found' });
+      return c.json({ error: 'Payment method not found' }, 400);
     }
 
-    // Validate checkout session ownership if it was created for a specific customer
     if (checkoutSession.customer_id && checkoutSession.metadata?.createdBy) {
       const createdByDid = checkoutSession.metadata.createdBy;
-      if (createdByDid !== req.user.did) {
-        return res.status(403).json({
-          error:
-            "It's not allowed to submit checkout sessions created by other users, please create your own checkout session",
-        });
+      if (createdByDid !== c.get('user').did) {
+        return c.json(
+          {
+            error:
+              "It's not allowed to submit checkout sessions created by other users, please create your own checkout session",
+          },
+          403
+        );
       }
     }
 
     const canMakeNewPurchase = await customer.canMakeNewPurchase(checkoutSession.invoice_id);
     if (!canMakeNewPurchase) {
-      return res.status(403).json({
-        code: 'CUSTOMER_LIMITED',
-        error: 'Customer can not make new purchase, maybe you have unpaid invoices from previous purchases',
-      });
+      return c.json(
+        {
+          code: 'CUSTOMER_LIMITED',
+          error: 'Customer can not make new purchase, maybe you have unpaid invoices from previous purchases',
+        },
+        403
+      );
     }
 
     const expandedLineItems = await Price.expand(checkoutSession.line_items, { product: true, upsell: true });
@@ -3784,7 +3589,7 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
         checkoutSession,
         lineItems: expandedLineItems,
         paymentCurrencyId: paymentCurrency.id,
-        quotesInput: req.body.quotes,
+        quotesInput: (body as any).quotes,
         strict: true,
       });
       consumedQuotes = quoteResult.consumedQuotes;
@@ -3794,7 +3599,7 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       }
     } catch (err) {
       if (err instanceof CustomError) {
-        const errCode = String(getQuoteErrorCode(err) || err.code || 'QUOTE_INVALID');
+        const errCode = String(getQuoteErrorCode(err) || (err as any).code || 'QUOTE_INVALID');
         if (
           [
             'QUOTE_AMOUNT_MISMATCH',
@@ -3804,9 +3609,9 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
             'QUOTE_LOCK_EXPIRED',
           ].includes(errCode)
         ) {
-          return res.status(409).json({ code: errCode, error: err.message });
+          return c.json({ code: errCode, error: (err as any).message }, 409);
         }
-        return res.status(400).json({ code: errCode, error: err.message });
+        return c.json({ code: errCode, error: (err as any).message }, 400);
       }
       throw err;
     }
@@ -3815,9 +3620,7 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       checkoutSession,
       paymentCurrency.id,
       true,
-      {
-        lineItemsOverride: lineItemsWithQuotes,
-      }
+      { lineItemsOverride: lineItemsWithQuotes }
     );
 
     let paymentIntent: PaymentIntent | null = null;
@@ -3862,15 +3665,12 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       customer,
       amount: fastCheckoutAmount,
     });
-    // Check if this is a credit payment
     const isCredit = paymentCurrency.isCredit();
-
     const isPayment = checkoutSession.mode === 'payment';
     let fastPaid = false;
     let canFastPay = isPayment && (await canPayWithDelegation(paymentIntent?.beneficiaries || [], paymentMethod));
     let delegation: SufficientForPaymentResult | null = null;
 
-    // Handle credit payment directly
     if (isCredit) {
       const result = await isCreditGrantSufficientForPayment({
         paymentMethod,
@@ -3879,15 +3679,16 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
         amount: fastCheckoutAmount,
       });
       if (!result.sufficient) {
-        return res.status(400).json({
-          code: 'CREDIT_INSUFFICIENT',
-          error: result.reason,
-          sufficient: result.sufficient,
-        });
+        return c.json(
+          {
+            code: 'CREDIT_INSUFFICIENT',
+            error: result.reason,
+            sufficient: result.sufficient,
+          },
+          400
+        );
       }
       fastPaid = true;
-      // For credit payments, we use the existing subscription fast checkout flow
-      // but skip the actual payment processing
       if (['setup', 'subscription'].includes(checkoutSession.mode)) {
         const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
         const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
@@ -3928,11 +3729,9 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
             });
             await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
           }),
-          { concurrency: updateDataConcurrency }
+          { concurrency: updateDataConcurrency() }
         );
-        delegation = {
-          sufficient: true,
-        };
+        delegation = { sufficient: true };
         canFastPay = true;
       }
     } else if (isPayment && paymentIntent && canFastPay) {
@@ -3969,7 +3768,6 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
     ) {
       const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
       const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
-      // if we can complete purchase without any wallet interaction
       const result = await processSubscriptionFastCheckout({
         checkoutSession,
         customer,
@@ -3987,13 +3785,11 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
         });
       } else {
         fastPaid = true;
-        delegation = {
-          sufficient: true,
-        };
+        delegation = { sufficient: true };
         canFastPay = true;
       }
     } else if (paymentMethod.type !== 'arcblock') {
-      return res.status(400).json({ error: 'Payment method not supported for fast checkout' });
+      return c.json({ error: 'Payment method not supported for fast checkout' }, 400);
     }
 
     if (paymentIntent?.status === 'succeeded' && paymentIntent?.invoice_id) {
@@ -4001,12 +3797,7 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       await quoteService.markQuotesAsPaidByInvoice(paymentIntent.invoice_id);
     }
 
-    return res.json({
-      paymentIntent,
-      checkoutSession,
-      customer,
-      fastPaid,
-    });
+    return c.json({ paymentIntent, checkoutSession, customer, fastPaid });
   } catch (err) {
     if (consumedQuotes.length) {
       const quoteService = getQuoteService();
@@ -4015,139 +3806,132 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
           quoteService.markAsPaymentFailed(q.id).catch((error) =>
             logger.error('Failed to mark quote as payment failed', {
               quoteId: q.id,
-              sessionId: req.params.id,
-              error: error.message,
+              sessionId: c.req.param('id'),
+              error: (error as any).message,
             })
           )
         )
       );
     }
     if (err instanceof CustomError) {
-      if (err.code === 'RATE_UNAVAILABLE') {
-        return res.status(503).json({ code: err.code, error: err.message });
+      if ((err as any).code === 'RATE_UNAVAILABLE') {
+        return c.json({ code: (err as any).code, error: (err as any).message }, 503);
       }
-      if (['QUOTE_LOCK_EXPIRED'].includes(String(err.code))) {
-        return res.status(409).json({ code: String(err.code), error: err.message });
+      if (['QUOTE_LOCK_EXPIRED'].includes(String((err as any).code))) {
+        return c.json({ code: String((err as any).code), error: (err as any).message }, 409);
       }
     }
     logger.error('Error confirming fast checkout', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(500).json({ code: err.code, error: err.message });
+    return c.json({ code: (err as any).code, error: (err as any).message }, 500);
   }
 });
 
 // upsell
-router.put('/:id/upsell', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/upsell', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    // validate session
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
 
     if (checkoutSession.line_items) {
-      // validate line items
       if (checkoutSession.line_items.length > 1) {
-        return res.status(400).json({ error: 'Upsell not supported for checkoutSession with multiple line items' });
+        return c.json({ error: 'Upsell not supported for checkoutSession with multiple line items' }, 400);
       }
 
-      // validate from and to
-      const [from, to] = await Promise.all([Price.findByPk(req.body.from), Price.findByPk(req.body.to)]);
+      const [from, to] = await Promise.all([Price.findByPk((body as any).from), Price.findByPk((body as any).to)]);
       if (!from) {
-        return res.status(400).json({ error: 'Upsell from price not found' });
+        return c.json({ error: 'Upsell from price not found' }, 400);
       }
       if (!to) {
-        return res.status(400).json({ error: 'Upsell to price not found' });
+        return c.json({ error: 'Upsell to price not found' }, 400);
       }
 
       if (canUpsell(from, to) === false) {
-        return res.status(400).json({ error: `Upsell not possible from ${from} to ${to}` });
+        return c.json({ error: `Upsell not possible from ${from} to ${to}` }, 400);
       }
 
       const index = checkoutSession.line_items.findIndex((x) => x.price_id === from.id);
       if (index === -1) {
-        return res.status(400).json({ error: 'Upsell from not exist in checkoutSession line items' });
+        return c.json({ error: 'Upsell from not exist in checkoutSession line items' }, 400);
       }
 
       const items = cloneDeep(checkoutSession.line_items);
       items[index] = merge(items[index], { upsell_price_id: to.id });
       await checkoutSession.update({ line_items: items });
-      logger.info('CheckoutSession updated on upsell', { id: req.params.id, from: from.id, to: to.id });
+      logger.info('CheckoutSession updated on upsell', { id: c.req.param('id'), from: from.id, to: to.id });
 
-      // recalculate amount
       await checkoutSession.update(await getCheckoutSessionAmounts(checkoutSession));
     }
 
     const items = await Price.expand(checkoutSession.line_items, { upsell: true });
-    res.json({ ...checkoutSession.toJSON(), line_items: items });
+    return c.json({ ...checkoutSession.toJSON(), line_items: items });
   } catch (err) {
     logger.error(err);
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
-router.put('/:id/downsell', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/downsell', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    // validate session
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
 
-    // validate from
-    const from = await Price.findByPk(req.body.from);
+    const from = await Price.findByPk((body as any).from);
     if (!from) {
-      return res.status(400).json({ error: 'Upsell from price not found' });
+      return c.json({ error: 'Upsell from price not found' }, 400);
     }
 
     if (checkoutSession.line_items) {
       const index = checkoutSession.line_items.findIndex((x) => x.upsell_price_id === from.id);
       if (index === -1) {
-        return res.status(400).json({ error: 'Upsell not configured for checkout session' });
+        return c.json({ error: 'Upsell not configured for checkout session' }, 400);
       }
 
       const items = cloneDeep(checkoutSession.line_items);
       items[index] = merge(items[index], { upsell_price_id: '' });
       await checkoutSession.update({ line_items: items });
-      logger.info('CheckoutSession updated on downsell', { id: req.params.id, from: from.id });
+      logger.info('CheckoutSession updated on downsell', { id: c.req.param('id'), from: from.id });
 
-      // recalculate amount
       await checkoutSession.update(await getCheckoutSessionAmounts(checkoutSession));
     }
 
     const items = await Price.expand(checkoutSession.line_items, { upsell: true });
     logger.info('Checkout session updated after downsell', {
-      sessionId: req.params.id,
+      sessionId: c.req.param('id'),
       fromPriceId: from.id,
       newAmount: checkoutSession.amount_total,
     });
-    res.json({ ...checkoutSession.toJSON(), line_items: items });
+    return c.json({ ...checkoutSession.toJSON(), line_items: items });
   } catch (err) {
     logger.error('Error processing downsell', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
 // adjust quantity
-router.put('/:id/adjust-quantity', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/adjust-quantity', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const { itemId, quantity, currency_id: currencyIdInput } = req.body;
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const { itemId, quantity, currency_id: currencyIdInput } = body as any;
     if (!checkoutSession.line_items) {
-      return res.status(400).json({ error: 'Line items not found' });
+      return c.json({ error: 'Line items not found' }, 400);
     }
 
     const item = checkoutSession.line_items.find((x) => x.price_id === itemId);
     if (!item) {
-      return res.status(400).json({ error: 'Item not found' });
+      return c.json({ error: 'Item not found' }, 400);
     }
 
-    // Final Freeze: When adjusting quantity, clear all quote-related fields
-    // Quote will be created only at Submit time
     const items = cloneDeep(checkoutSession.line_items).map((lineItem: any) => {
       const cleaned = { ...lineItem };
-      // Clear quote-related fields - price will be calculated by frontend using live rate
       delete cleaned.quote_id;
       delete cleaned.quoted_amount;
       delete cleaned.custom_amount;
@@ -4166,18 +3950,15 @@ router.put('/:id/adjust-quantity', user, ensureCheckoutSessionOpen, async (req,
     }
     await validateInventory(items, true);
 
-    // Build update payload - clear quote_locked_at since we're in preview mode
     const updatePayload: { line_items: any; currency_id?: string; metadata?: any } = { line_items: items };
     if (currencyIdInput && currencyIdInput !== checkoutSession.currency_id) {
       updatePayload.currency_id = currencyIdInput;
     }
-    // Clear quote lock since quantity changed
     if (checkoutSession.metadata?.quote_locked_at) {
       updatePayload.metadata = { ...checkoutSession.metadata, quote_locked_at: undefined };
     }
     await checkoutSession.update(updatePayload);
 
-    // Also clear quote_locked_at on payment intent if exists
     if (checkoutSession.payment_intent_id) {
       const paymentIntent = await PaymentIntent.findByPk(checkoutSession.payment_intent_id);
       if (paymentIntent?.quote_locked_at) {
@@ -4185,7 +3966,6 @@ router.put('/:id/adjust-quantity', user, ensureCheckoutSessionOpen, async (req,
       }
     }
 
-    // Expand line items for response (no quote enrichment needed - frontend uses live rate)
     const lineItems = await Price.expand(checkoutSession.line_items, { upsell: true });
 
     logger.info('Adjusted quantity and cleared quote data', {
@@ -4194,76 +3974,77 @@ router.put('/:id/adjust-quantity', user, ensureCheckoutSessionOpen, async (req,
       quantity,
     });
 
-    res.json({ ...checkoutSession.toJSON(), line_items: lineItems, quotes: {}, rateUnavailable: false });
+    return c.json({ ...checkoutSession.toJSON(), line_items: lineItems, quotes: {}, rateUnavailable: false });
   } catch (err) {
     logger.error(err);
-    res.status(400).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
-// eslint-disable-next-line consistent-return
-router.put('/:id/expire', auth, ensureCheckoutSessionOpen, async (req, res) => {
-  const doc = req.doc as CheckoutSession;
+
+app.put('/:id/expire', auth, ensureCheckoutSessionOpen, async (c) => {
+  const doc = c.get('doc') as CheckoutSession;
 
   if (doc.status === 'complete') {
-    return res.status(400).json({ error: 'Cannot expire checkout session that is already completed' });
+    return c.json({ error: 'Cannot expire checkout session that is already completed' }, 400);
   }
   if (doc.status === 'expired') {
-    return res.status(400).json({ error: 'Cannot expire checkout session that is already expired' });
+    return c.json({ error: 'Cannot expire checkout session that is already expired' }, 400);
   }
   if (doc.payment_status === 'paid') {
-    return res.status(400).json({ error: 'Cannot expire checkout session that is already paid' });
+    return c.json({ error: 'Cannot expire checkout session that is already paid' }, 400);
   }
 
   await doc.update({ status: 'expired', expires_at: dayjs().unix() });
   logger.info('Checkout session expired', {
-    sessionId: req.params.id,
-    userId: req.user?.did,
+    sessionId: c.req.param('id'),
+    userId: c.get('user')?.did,
     expiresAt: doc.expires_at,
   });
 
-  res.json(doc);
+  return c.json(doc);
 });
 
 // Return the expanded price to cross-sell-to for the checkout session
-router.get('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.get('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (c) => {
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const skipError = req.query.skipError === 'true';
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const skipError = c.req.query('skipError') === 'true';
     const result = await getCrossSellItem(checkoutSession);
 
-    if (skipError && result.error) {
-      return res.status(200).json(result);
+    if (skipError && (result as any).error) {
+      return c.json(result, 200);
     }
-    return res.status(result.error ? 400 : 200).json(result);
+    return c.json(result, (result as any).error ? 400 : 200);
   } catch (err) {
     logger.error(err);
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
-router.put('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    if (!req.body.to) {
-      return res.status(400).json({ error: 'Cross sell item is required' });
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    if (!(body as any).to) {
+      return c.json({ error: 'Cross sell item is required' }, 400);
     }
 
     const result = await getCrossSellItem(checkoutSession);
     // @ts-ignore
     if (result.error) {
-      return res.status(400).json(result);
+      return c.json(result, 400);
     }
 
     // @ts-ignore
     const to = result as TPriceExpanded;
-    if (to.id !== req.body.to) {
-      return res.status(400).json({ error: 'Cross sell item does not match' });
+    if (to.id !== (body as any).to) {
+      return c.json({ error: 'Cross sell item does not match' }, 400);
     }
 
     if (checkoutSession.line_items) {
       const index = checkoutSession.line_items.findIndex((x) => x.upsell_price_id === to.id);
       if (index > -1) {
-        return res.status(400).json({ error: 'Cross sell item already exist' });
+        return c.json({ error: 'Cross sell item already exist' }, 400);
       }
 
       const items = cloneDeep(checkoutSession.line_items);
@@ -4273,74 +4054,70 @@ router.put('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (req, res)
         cross_sell: true,
       });
       await checkoutSession.update({ line_items: items });
-      logger.info('CheckoutSession updated on add cross-sell', { id: req.params.id, crossSell: to.id });
+      logger.info('CheckoutSession updated on add cross-sell', { id: c.req.param('id'), crossSell: to.id });
 
-      // recalculate amount
       await checkoutSession.update(await getCheckoutSessionAmounts(checkoutSession));
     }
 
     const items = await Price.expand(checkoutSession.line_items, { upsell: true });
-    res.json({ ...checkoutSession.toJSON(), line_items: items });
+    return c.json({ ...checkoutSession.toJSON(), line_items: items });
   } catch (err) {
     logger.error(err);
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
-router.delete('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.delete('/:id/cross-sell', user, ensureCheckoutSessionOpen, async (c) => {
   try {
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
     if (checkoutSession.line_items) {
       const index = checkoutSession.line_items.findIndex((x) => x.cross_sell);
       if (index === -1) {
-        return res.status(400).json({ error: 'Cross sell item not exist' });
+        return c.json({ error: 'Cross sell item not exist' }, 400);
       }
 
       const items = cloneDeep(checkoutSession.line_items);
       items.splice(index, 1);
       await checkoutSession.update({ line_items: items });
-      logger.info('CheckoutSession updated on remove cross-sell', { id: req.params.id });
+      logger.info('CheckoutSession updated on remove cross-sell', { id: c.req.param('id') });
 
-      // recalculate amount
       await checkoutSession.update(await getCheckoutSessionAmounts(checkoutSession));
     }
 
     const items = await Price.expand(checkoutSession.line_items, { upsell: true });
-    res.json({ ...checkoutSession.toJSON(), line_items: items });
+    return c.json({ ...checkoutSession.toJSON(), line_items: items });
   } catch (err) {
     logger.error(err);
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
 // Apply promotion code discount (preview only - doesn't create actual discount record)
-router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const { promotion_code: promotionCode, currency_id: currencyId } = req.body;
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const { promotion_code: promotionCode, currency_id: currencyId } = body as any;
 
     if (!promotionCode) {
-      return res.status(400).json({ error: 'Promotion code is required' });
+      return c.json({ error: 'Promotion code is required' }, 400);
     }
 
-    if (!req.user) {
-      return res.status(403).json({ error: 'Authentication required' });
+    if (!c.get('user')) {
+      return c.json({ error: 'Authentication required' }, 403);
     }
 
-    // Find customer by DID (may not exist yet for new users who haven't submitted)
-    const customer = await Customer.findOne({ where: { did: req.user.did } });
-    // Use customer.id if exists, otherwise fall back to DID for promo validation
-    const customerId = customer?.id || req.user.did;
+    const customer = await Customer.findOne({ where: { did: c.get('user').did } });
+    const customerId = customer?.id || c.get('user').did;
 
-    // Get currency
     const curCurrencyId = currencyId || checkoutSession.currency_id;
     if (!curCurrencyId) {
-      return res.status(400).json({ error: 'Currency not found in checkout session' });
+      return c.json({ error: 'Currency not found in checkout session' }, 400);
     }
 
     const currency = await PaymentCurrency.findByPk(curCurrencyId);
     if (!currency) {
-      return res.status(400).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 400);
     }
 
     const foundPromotionCode = (await PromotionCode.findOne({
@@ -4355,57 +4132,46 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
     })) as PromotionCode & { coupon: Coupon };
 
     if (!foundPromotionCode || !foundPromotionCode.active) {
-      return res.status(400).json({ error: 'Promotion code not found or inactive' });
+      return c.json({ error: 'Promotion code not found or inactive' }, 400);
     }
 
-    // Validate subscription grouping + repeating coupon combination
     if (checkoutSession.enable_subscription_grouping) {
       if (foundPromotionCode?.coupon?.duration === 'repeating') {
-        return res.status(400).json({
-          error:
-            'Repeating coupons cannot be used with subscription grouping. This limitation ensures proper discount management across multiple subscriptions in a single purchase.',
-        });
+        return c.json(
+          {
+            error:
+              'Repeating coupons cannot be used with subscription grouping. This limitation ensures proper discount management across multiple subscriptions in a single purchase.',
+          },
+          400
+        );
       }
     }
 
     const checkoutItems = checkoutSession.line_items || [];
-    // Get line items with quote data for accurate discount calculation
     const expandedItems = await Price.expand(checkoutSession.line_items || [], { product: true, upsell: true });
 
-    // Enrich line items with quote data for dynamic pricing
-    // This ensures discount calculation uses the same amounts as the actual payment
-    const quoteResult = await enrichCheckoutSessionWithQuotes(
-      checkoutSession,
-      expandedItems,
-      curCurrencyId,
-      { skipGeneration: true } // Don't generate new quotes, just use existing ones
-    );
+    const quoteResult = await enrichCheckoutSessionWithQuotes(checkoutSession, expandedItems, curCurrencyId, {
+      skipGeneration: true,
+    });
     const itemsWithQuotes = quoteResult.lineItems;
 
-    // Calculate trial status for discount application (same logic as in calculateAndUpdateAmount)
     const now = dayjs().unix();
     const trialSetup = getSubscriptionTrialSetup(checkoutSession.subscription_data as any, currency.id);
     const isTrialing = trialSetup.trialInDays > 0 || trialSetup.trialEnd > now;
 
-    // Apply discount using our new function
     const discountResult = await applyDiscountsToLineItems({
       lineItems: itemsWithQuotes,
       promotionCodeId: foundPromotionCode.id,
       couponId: foundPromotionCode.coupon_id,
       customerId,
       currency,
-      billingContext: {
-        trialing: isTrialing,
-      },
+      billingContext: { trialing: isTrialing },
     });
 
     if (!discountResult.discountSummary.appliedCoupon) {
-      return res
-        .status(400)
-        .json({ error: discountResult.notValidReason || 'Promotion code cannot be applied to this order' });
+      return c.json({ error: discountResult.notValidReason || 'Promotion code cannot be applied to this order' }, 400);
     }
 
-    // Create discount configuration for checkout session
     const coupon = await Coupon.findByPk(foundPromotionCode.coupon_id);
     const discountConfig = {
       promotion_code: foundPromotionCode.id,
@@ -4415,7 +4181,6 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
       verification_data: { code: promotionCode },
     };
 
-    // Update checkout session with discount preview (without detailed coupon info in line_items)
     await checkoutSession.update({
       discounts: [discountConfig],
       currency_id: curCurrencyId,
@@ -4427,8 +4192,8 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
           discount_amounts: item.discount_amounts,
         };
       }),
-      amount_subtotal: checkoutSession.amount_total, // Original amount
-      amount_total: discountResult.discountSummary.finalTotal, // Discounted amount
+      amount_subtotal: checkoutSession.amount_total,
+      amount_total: discountResult.discountSummary.finalTotal,
       total_details: {
         ...checkoutSession.total_details,
         amount_discount: discountResult.discountSummary.totalDiscountAmount,
@@ -4439,7 +4204,6 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
       },
     });
 
-    // Create enhanced line items with complete coupon information for response
     const enhancedLineItemsWithCoupon = await expandLineItemsWithCouponInfo(
       discountResult.enhancedLineItems,
       [discountConfig],
@@ -4454,10 +4218,9 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
       finalAmount: discountResult.discountSummary.finalTotal,
     });
 
-    // Expand discounts with complete details for response
     const enhancedDiscounts = await expandDiscountsWithDetails([discountConfig]);
 
-    res.json({
+    return c.json({
       ...checkoutSession.toJSON(),
       line_items: enhancedLineItemsWithCoupon,
       discounts: enhancedDiscounts,
@@ -4465,36 +4228,35 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
     });
   } catch (err) {
     logger.error('Error applying promotion code', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(400).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
 // Recalculate promotion code discount when currency changes
-router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const { currency_id: newCurrencyId } = req.body;
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const { currency_id: newCurrencyId } = body as any;
 
     if (!newCurrencyId) {
-      return res.status(400).json({ error: 'Currency ID is required' });
+      return c.json({ error: 'Currency ID is required' }, 400);
     }
 
-    if (!req.user) {
-      return res.status(403).json({ error: 'Authentication required' });
+    if (!c.get('user')) {
+      return c.json({ error: 'Authentication required' }, 403);
     }
 
-    // Try recovering discounts from confirmed records before deciding there is nothing to recalculate.
     if (!checkoutSession.discounts?.length) {
       await recoverDiscountConfigFromRecords(checkoutSession);
     }
 
-    // Check if there are existing discounts to recalculate
     if (!checkoutSession.discounts?.length) {
-      return res.json({
+      return c.json({
         ...checkoutSession.toJSON(),
         discounts: [],
         discount_applied: false,
@@ -4502,49 +4264,42 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       });
     }
 
-    // Get new currency
     const currency = await PaymentCurrency.findByPk(newCurrencyId);
     if (!currency) {
-      return res.status(400).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 400);
     }
 
     const checkoutItems = checkoutSession.line_items || [];
-    // Get line items - no need for quote data since frontend calculates discount amounts
     const expandedItems = await Price.expand(checkoutSession.line_items || [], { product: true, upsell: true });
     const supportedCurrencyIds = getSupportedPaymentCurrencies(expandedItems as any[]);
     if (!supportedCurrencyIds.includes(newCurrencyId)) {
-      return res.status(400).json({ error: 'Currency not supported for this checkout session' });
+      return c.json({ error: 'Currency not supported for this checkout session' }, 400);
     }
 
-    // Get the first discount (assuming only one promotion code at a time)
     const existingDiscount = checkoutSession.discounts[0];
     if (!existingDiscount) {
-      return res.status(400).json({ error: 'No discount found' });
+      return c.json({ error: 'No discount found' }, 400);
     }
 
     const promotionCodeId = existingDiscount.promotion_code;
     const couponId = existingDiscount.coupon;
 
     if (!promotionCodeId || !couponId) {
-      return res.status(400).json({ error: 'Invalid discount configuration' });
+      return c.json({ error: 'Invalid discount configuration' }, 400);
     }
 
-    // Validate promotion code and coupon still exist and are active
     const [foundPromotionCode, coupon] = await Promise.all([
       PromotionCode.findByPk(promotionCodeId),
       Coupon.findByPk(couponId),
     ]);
 
     if (!foundPromotionCode) {
-      return res.status(400).json({ error: 'Promotion code not found' });
+      return c.json({ error: 'Promotion code not found' }, 400);
     }
     if (!coupon) {
-      return res.status(400).json({ error: 'Coupon not found' });
+      return c.json({ error: 'Coupon not found' }, 400);
     }
 
-    // Re-submit scenario: discount-status queue may have deactivated the promo/coupon
-    // because this session's own usage pushed it past max_redemptions.
-    // Exclude current session's confirmed discount records before checking active/valid.
     const currentSessionUsage = await Discount.count({
       where: {
         checkout_session_id: checkoutSession.id,
@@ -4554,25 +4309,21 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
     });
 
     if (!foundPromotionCode.active && currentSessionUsage === 0) {
-      return res.status(400).json({ error: 'Promotion code no longer active' });
+      return c.json({ error: 'Promotion code no longer active' }, 400);
     }
 
     if (!coupon.valid && currentSessionUsage === 0) {
-      return res.status(400).json({ error: 'Coupon no longer valid' });
+      return c.json({ error: 'Coupon no longer valid' }, 400);
     }
 
-    // Check if coupon can be applied with the new currency (for fixed amount coupons)
     const canApplyWithCurrency =
-      coupon.percent_off > 0 || // Percentage discounts always work
-      coupon.currency_id === currency.id || // Same currency
-      coupon.currency_options?.[currency.id]?.amount_off; // Has currency option
+      coupon.percent_off > 0 ||
+      coupon.currency_id === currency.id ||
+      coupon.currency_options?.[currency.id]?.amount_off;
 
     if (!canApplyWithCurrency) {
-      // Rollback previously confirmed discount usage/records for this open checkout session.
-      // This resets coupon/promotion counters when discount becomes inapplicable.
       await rollbackDiscountUsageForCheckoutSession(checkoutSession.id);
 
-      // Remove discount if it can't be applied with new currency
       await checkoutSession.update({
         discounts: [],
         line_items: expandedItems.map((item) => {
@@ -4596,7 +4347,7 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
         promotionCode: foundPromotionCode.code,
       });
 
-      return res.json({
+      return c.json({
         ...checkoutSession.toJSON(),
         line_items: expandedItems,
         discounts: [],
@@ -4605,7 +4356,6 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       });
     }
 
-    // Mark which items are discountable based on coupon product restrictions
     const enhancedLineItems = expandedItems.map((item) => {
       const isDiscountable =
         !coupon.applies_to?.products?.length ||
@@ -4615,20 +4365,17 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       return {
         ...cur,
         discountable: isDiscountable,
-        discount_amounts: [], // Frontend will calculate actual amounts
+        discount_amounts: [],
       };
     });
 
-    // Create updated discount configuration - NO discount_amount, frontend calculates it
     const discountConfig = {
       promotion_code: promotionCodeId,
       coupon: couponId,
-      // discount_amount removed - frontend calculates based on live exchange rate
       verification_method: existingDiscount.verification_method,
       verification_data: existingDiscount.verification_data,
     };
 
-    // Update checkout session with discountable flags only
     await checkoutSession.update({
       discounts: [discountConfig],
       line_items: enhancedLineItems,
@@ -4642,13 +4389,10 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       promotionCode: foundPromotionCode.code,
     });
 
-    // Expand discounts with complete details for response (coupon_details for frontend calculation)
     const enhancedDiscounts = await expandDiscountsWithDetails([discountConfig]);
-
-    // Expand line items for response
     const responseItems = await Price.expand(enhancedLineItems, { product: true, upsell: true });
 
-    res.json({
+    return c.json({
       ...checkoutSession.toJSON(),
       line_items: responseItems,
       discounts: enhancedDiscounts,
@@ -4657,50 +4401,43 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
     });
   } catch (err) {
     logger.error('Error recalculating promotion code', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(400).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
 // Remove promotion code discount (remove preview)
-router.delete('/:id/remove-promotion', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.delete('/:id/remove-promotion', user, ensureCheckoutSessionOpen, async (c) => {
   try {
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
 
     if (checkoutSession.status !== 'open') {
-      return res.status(400).json({ error: 'Checkout session is not open' });
+      return c.json({ error: 'Checkout session is not open' }, 400);
     }
 
-    // Get currency
     const currency = await PaymentCurrency.findByPk(checkoutSession.currency_id);
     if (!currency) {
-      return res.status(400).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 400);
     }
 
-    // Get original line items without discount information
     const originalItems = await Price.expand(checkoutSession.line_items || [], { product: true, upsell: true });
 
-    // Calculate trial status for accurate original amount calculation
     const now = dayjs().unix();
     const trialSetup = getSubscriptionTrialSetup(checkoutSession.subscription_data as any, currency.id);
     const isTrialing = trialSetup.trialInDays > 0 || trialSetup.trialEnd > now;
 
     await rollbackDiscountUsageForCheckoutSession(checkoutSession.id);
-    // Calculate original amounts without any discounts
     const originalResult = await applyDiscountsToLineItems({
       lineItems: originalItems,
-      couponId: 'dummy', // Won't be found, so no discount applied
+      couponId: 'dummy',
       customerId: 'dummy',
       currency,
-      billingContext: {
-        trialing: isTrialing,
-      },
+      billingContext: { trialing: isTrialing },
     });
 
-    // Update checkout session to remove discount
     await checkoutSession.update({
       discounts: [],
       line_items: originalResult.enhancedLineItems.map((item: TLineItemExpanded) => ({
@@ -4722,22 +4459,20 @@ router.delete('/:id/remove-promotion', user, ensureCheckoutSessionOpen, async (r
       },
     });
 
-    logger.info('Promotion code removed from checkout session', {
-      sessionId: checkoutSession.id,
-    });
+    logger.info('Promotion code removed from checkout session', { sessionId: checkoutSession.id });
 
-    res.json({
+    return c.json({
       ...checkoutSession.toJSON(),
       line_items: originalResult.enhancedLineItems,
       discount_applied: false,
     });
   } catch (err) {
     logger.error('Error removing promotion code', {
-      sessionId: req.params.id,
-      error: err.message,
-      stack: err.stack,
+      sessionId: c.req.param('id'),
+      error: (err as any).message,
+      stack: (err as any).stack,
     });
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
@@ -4751,46 +4486,45 @@ const amountSchema = Joi.object({
     }),
   priceId: Joi.string().required(),
 });
+
 // change payment amount
-router.put('/:id/amount', ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/amount', ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const { error, value } = amountSchema.validate(req.body, {
-      stripUnknown: true,
-    });
+    const { error, value } = amountSchema.validate(body, { stripUnknown: true });
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
 
     const { amount, priceId } = value;
-    const checkoutSession = req.doc as CheckoutSession;
+    const checkoutSession = c.get('doc') as CheckoutSession;
     const items = await Price.expand(checkoutSession.line_items);
     const item = items.find((x) => x.price_id === priceId);
     if (!item) {
-      return res.status(400).json({ error: 'LineItem not in checkout session' });
+      return c.json({ error: 'LineItem not in checkout session' }, 400);
     }
     if (!item.price.custom_unit_amount) {
-      return res.status(400).json({ error: 'PriceItem not customizable for checkout session' });
+      return c.json({ error: 'PriceItem not customizable for checkout session' }, 400);
     }
 
-    // validate amount on donation settings
     if (checkoutSession.payment_link_id) {
       const link = await PaymentLink.findByPk(checkoutSession.payment_link_id);
       if (!checkoutSession.currency_id) {
-        return res.status(400).json({ error: 'Currency not found in checkout session' });
+        return c.json({ error: 'Currency not found in checkout session' }, 400);
       }
       const currency = await PaymentCurrency.findByPk(checkoutSession.currency_id);
       if (!currency) {
-        return res.status(404).json({ error: 'Currency not found' });
+        return c.json({ error: 'Currency not found' }, 404);
       }
       if (link?.donation_settings?.amount && currency) {
         const input = Number(fromUnitToToken(amount, currency.decimal));
         const { minimum, maximum, presets, custom } = link.donation_settings.amount;
         if (custom) {
           if (input < Number(minimum)) {
-            return res.status(400).json({ error: 'Custom amount should not be smaller than minimum' });
+            return c.json({ error: 'Custom amount should not be smaller than minimum' }, 400);
           }
           if (input > Number(maximum)) {
-            return res.status(400).json({ error: 'Custom amount should not be smaller than maximum' });
+            return c.json({ error: 'Custom amount should not be smaller than maximum' }, 400);
           }
           const precisionError = formatAmountPrecisionLimit(
             input.toString(),
@@ -4798,45 +4532,43 @@ router.put('/:id/amount', ensureCheckoutSessionOpen, async (req, res) => {
             'Custom amount'
           );
           if (precisionError) {
-            return res.status(400).json({ error: precisionError });
+            return c.json({ error: precisionError }, 400);
           }
-        } else if (presets?.some((x) => Number(x) === input) === false) {
-          return res.status(400).json({ error: 'Custom amount must be one of the presets' });
+        } else if (presets?.some((x: any) => Number(x) === input) === false) {
+          return c.json({ error: 'Custom amount must be one of the presets' }, 400);
         }
       }
     } else {
       const { minimum, maximum } = item.price.custom_unit_amount;
       if (new BN(amount).lt(new BN(minimum))) {
-        return res.status(400).json({ error: 'Custom amount should not be smaller than minimum' });
+        return c.json({ error: 'Custom amount should not be smaller than minimum' }, 400);
       }
       if (new BN(amount).gt(new BN(maximum))) {
-        return res.status(400).json({ error: 'Custom amount should not be smaller than maximum' });
+        return c.json({ error: 'Custom amount should not be smaller than maximum' }, 400);
       }
     }
 
-    // update line items
     const newItems = cloneDeep(checkoutSession.line_items);
     const newItem = newItems.find((x) => x.price_id === priceId);
     if (newItem) {
       newItem.custom_amount = amount;
     }
     await checkoutSession.update({ line_items: newItems.map((x) => omit(x, ['price'])) as LineItem[] });
-    logger.info('CheckoutSession updated on amount', { id: req.params.id, amount, priceId });
+    logger.info('CheckoutSession updated on amount', { id: c.req.param('id'), amount, priceId });
 
-    // recalculate amount
     await checkoutSession.update(await getCheckoutSessionAmounts(checkoutSession));
 
-    return res.json({ ...checkoutSession.toJSON(), line_items: await Price.expand(newItems) });
+    return c.json({ ...checkoutSession.toJSON(), line_items: await Price.expand(newItems) });
   } catch (err) {
     logger.error(err);
     if (err instanceof CustomError) {
-      return res.status(getStatusFromError(err)).json({ error: formatError(err) });
+      return c.json({ error: formatError(err) }, getStatusFromError(err) as any);
     }
-    return res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
-const schema = Joi.object<{
+const listSchema = Joi.object<{
   page: number;
   pageSize: number;
   status?: string;
@@ -4861,8 +4593,10 @@ const schema = Joi.object<{
   subscription_id: Joi.string().empty(''),
   livemode: Joi.boolean().empty(''),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, livemode, ...query } = await schema.validateAsync(req.query, {
+
+app.get('/', auth, async (c) => {
+  const query = c.req.query();
+  const { page, pageSize, livemode, ...rest } = await listSchema.validateAsync(query, {
     stripUnknown: false,
     allowUnknown: true,
   });
@@ -4870,41 +4604,40 @@ router.get('/', auth, async (req, res) => {
 
   ['status', 'payment_status', 'nft_mint_status'].forEach((key) => {
     // @ts-ignore
-    if (query[key]) {
+    if (rest[key]) {
       // @ts-ignore
-      where[key] = query[key].split(',').map((x: string) => x.trim()).filter(Boolean); // prettier-ignore
+      where[key] = rest[key].split(',').map((x: string) => x.trim()).filter(Boolean); // prettier-ignore
     }
   });
-  if (query.customer_id) {
-    where.customer_id = query.customer_id;
+  if (rest.customer_id) {
+    where.customer_id = rest.customer_id;
   }
-  if (query.payment_intent_id) {
-    where.payment_intent_id = query.payment_intent_id;
+  if (rest.payment_intent_id) {
+    where.payment_intent_id = rest.payment_intent_id;
   }
-  if (query.payment_link_id) {
-    where.payment_link_id = query.payment_link_id;
+  if (rest.payment_link_id) {
+    where.payment_link_id = rest.payment_link_id;
   }
-  if (query.subscription_id) {
-    where.subscription_id = query.subscription_id;
+  if (rest.subscription_id) {
+    where.subscription_id = rest.subscription_id;
   }
-  if (query.customer_did && isValid(query.customer_did)) {
-    const customer = await Customer.findOne({ where: { did: query.customer_did } });
+  if (rest.customer_did && isValid(rest.customer_did)) {
+    const customer = await Customer.findOne({ where: { did: rest.customer_did } });
     if (customer) {
       where.customer_id = customer.id;
     } else {
-      res.json({ count: 0, list: [] });
-      return;
+      return c.json({ count: 0, list: [] });
     }
   }
   if (typeof livemode === 'boolean') {
     where.livemode = livemode;
   }
 
-  Object.keys(query)
+  Object.keys(rest)
     .filter((x) => x.startsWith('metadata.'))
     .forEach((key: string) => {
       // @ts-ignore
-      where[key] = query[key];
+      where[key] = rest[key];
     });
 
   try {
@@ -4931,7 +4664,7 @@ router.get('/', auth, async (req, res) => {
       });
     });
 
-    const condition = { where: { livemode: !!req.livemode } };
+    const condition = { where: { livemode: !!c.get('livemode') } };
     const products =
       productIds.size > 0
         ? (await Product.findAll({ ...condition, where: { ...condition.where, id: Array.from(productIds) } })).map(
@@ -4951,25 +4684,26 @@ router.get('/', auth, async (req, res) => {
       x.url = getUrl(`/checkout/${x.submit_type}/${x.id}`);
     });
 
-    res.json({ count, list: docs });
+    return c.json({ count, list: docs });
   } catch (err) {
     logger.error(err);
-    res.json({ count: 0, list: [] });
+    return c.json({ count: 0, list: [] });
   }
 });
 
-router.put('/:id', auth, async (req, res) => {
-  const doc = await CheckoutSession.findByPk(req.params.id);
+app.put('/:id', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const doc = await CheckoutSession.findByPk(c.req.param('id'));
 
   if (!doc) {
-    return res.status(404).json({ error: 'CheckoutSession not found' });
+    return c.json({ error: 'CheckoutSession not found' }, 404);
   }
 
-  const raw = pick(req.body, ['metadata']);
+  const raw = pick(body as any, ['metadata']);
   if (raw.metadata) {
     const { error: metadataError } = MetadataSchema.validate(raw.metadata);
     if (metadataError) {
-      return res.status(400).json({ error: metadataError });
+      return c.json({ error: metadataError }, 400);
     }
     raw.metadata = formatMetadata(raw.metadata);
   }
@@ -4979,18 +4713,18 @@ router.put('/:id', auth, async (req, res) => {
     sessionId: doc.id,
     updatedFields: Object.keys(raw),
   });
-  res.json(doc);
+  return c.json(doc);
 });
 
-router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const { slippage_percent: slippagePercent } = req.body;
-    const rawConfig = req.body?.slippage_config || req.body?.slippage || null;
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const { slippage_percent: slippagePercent } = body as any;
+    const rawConfig = (body as any)?.slippage_config || (body as any)?.slippage || null;
 
     const normalizePercent = (value: any) => {
       const normalized = typeof value === 'string' ? Number(value) : value;
-      // Only validate that it's a non-negative finite number, no upper limit
       if (!Number.isFinite(normalized) || normalized < 0) {
         return null;
       }
@@ -5002,12 +4736,10 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
       const mode = rawConfig.mode === 'rate' ? 'rate' : 'percent';
       const minRate = rawConfig.min_acceptable_rate ?? rawConfig.minAcceptableRate;
 
-      // For rate mode, min_acceptable_rate is required; percent is derived
       if (mode === 'rate') {
         if (minRate === undefined || minRate === null || minRate === '') {
-          return res.status(400).json({ error: 'min_acceptable_rate is required for rate mode' });
+          return c.json({ error: 'min_acceptable_rate is required for rate mode' }, 400);
         }
-        // Accept any non-negative percent value for rate mode (calculated from rate)
         const percent = normalizePercent(rawConfig.percent);
         const baseCurrency = rawConfig.base_currency ?? rawConfig.baseCurrency;
         config = {
@@ -5018,16 +4750,14 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
           updated_at_ms: Date.now(),
         };
       } else {
-        // Percent mode: validate percent
         const percent = normalizePercent(rawConfig.percent);
         if (percent === null) {
-          return res.status(400).json({ error: 'slippage_percent must be a non-negative number' });
+          return c.json({ error: 'slippage_percent must be a non-negative number' }, 400);
         }
         const baseCurrency = rawConfig.base_currency ?? rawConfig.baseCurrency;
         config = {
           mode,
           percent,
-          // Also save min_acceptable_rate if provided (calculated by frontend from current rate)
           ...(minRate ? { min_acceptable_rate: String(minRate) } : {}),
           ...(baseCurrency ? { base_currency: String(baseCurrency) } : {}),
           updated_at_ms: Date.now(),
@@ -5036,7 +4766,7 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
     } else if (slippagePercent !== undefined && slippagePercent !== null) {
       const slippageValue = normalizePercent(slippagePercent);
       if (slippageValue === null) {
-        return res.status(400).json({ error: 'slippage_percent must be a non-negative number' });
+        return c.json({ error: 'slippage_percent must be a non-negative number' }, 400);
       }
       config = {
         mode: 'percent',
@@ -5044,7 +4774,7 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
         updated_at_ms: Date.now(),
       };
     } else {
-      return res.status(400).json({ error: 'slippage config is required' });
+      return c.json({ error: 'slippage config is required' }, 400);
     }
 
     const nextMetadata = {
@@ -5057,14 +4787,12 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
       slippageConfig: config,
     });
 
-    // Final Freeze: Don't create Quotes during Preview (slippage change)
-    // Slippage is applied at Submit time when Quote is created
     const items = await Price.expand(checkoutSession.line_items, { upsell: true });
     const enriched = await enrichCheckoutSessionWithQuotes(checkoutSession, items, checkoutSession.currency_id, {
-      skipGeneration: true, // Final Freeze: Don't create quotes during Preview
+      skipGeneration: true,
     });
 
-    res.json({
+    return c.json({
       ...checkoutSession.toJSON(),
       line_items: enriched.lineItems,
       quotes: enriched.quotes,
@@ -5073,13 +4801,13 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
     });
   } catch (err) {
     logger.error('Error updating checkout session slippage', {
-      sessionId: req.params.id,
+      sessionId: c.req.param('id'),
       error: err,
     });
     if (err instanceof CustomError) {
-      return res.status(getStatusFromError(err)).json({ code: err.code, error: err.message });
+      return c.json({ code: (err as any).code, error: (err as any).message }, getStatusFromError(err) as any);
     }
-    res.status(500).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 500);
   }
 });
 
@@ -5089,19 +4817,19 @@ router.put('/:id/slippage', user, ensureCheckoutSessionOpen, async (req, res) =>
  * because quotes are currency-specific (e.g., TBA quote amount with 18 decimals
  * cannot be used for USD with 2 decimals)
  */
-router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req, res) => {
+app.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const checkoutSession = req.doc as CheckoutSession;
-    const { currency_id: newCurrencyId } = req.body;
+    const checkoutSession = c.get('doc') as CheckoutSession;
+    const { currency_id: newCurrencyId } = body as any;
 
     if (!newCurrencyId) {
-      return res.status(400).json({ error: 'currency_id is required' });
+      return c.json({ error: 'currency_id is required' }, 400);
     }
 
-    // Validate the new currency exists
     const newCurrency = await PaymentCurrency.findByPk(newCurrencyId);
     if (!newCurrency) {
-      return res.status(400).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 400);
     }
 
     const expandedItemsForSupportCheck = await Price.expand(checkoutSession.line_items || [], {
@@ -5110,14 +4838,13 @@ router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req,
     });
     const supportedCurrencyIds = getSupportedPaymentCurrencies(expandedItemsForSupportCheck as any[]);
     if (!supportedCurrencyIds.includes(newCurrencyId)) {
-      return res.status(400).json({ error: 'Currency not supported for this checkout session' });
+      return c.json({ error: 'Currency not supported for this checkout session' }, 400);
     }
 
     const oldCurrencyId = checkoutSession.currency_id;
     const currencyChanged = oldCurrencyId && oldCurrencyId !== newCurrencyId;
 
     if (currencyChanged) {
-      // Clear quote-related fields from line_items
       const cleanedLineItems = checkoutSession.line_items.map((item: any) => {
         const {
           quote_id: quoteId,
@@ -5129,11 +4856,9 @@ router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req,
         return rest;
       });
 
-      // Clear discount amounts - they will be recalculated by recalculate-promotion
-      // This prevents showing stale values (e.g., ABT units when switching to USD)
       const cleanedDiscounts = checkoutSession.discounts?.map((discount: any) => ({
         ...discount,
-        discount_amount: null, // Will be recalculated
+        discount_amount: null,
       }));
 
       await checkoutSession.update({
@@ -5142,7 +4867,7 @@ router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req,
         discounts: cleanedDiscounts,
         total_details: {
           ...checkoutSession.total_details,
-          amount_discount: '0', // Clear until recalculated
+          amount_discount: '0',
         },
       });
 
@@ -5152,31 +4877,173 @@ router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req,
         newCurrencyId,
       });
     } else {
-      // Just update the currency_id if it's the same (first time setting)
-      await checkoutSession.update({
-        currency_id: newCurrencyId,
-      });
+      await checkoutSession.update({ currency_id: newCurrencyId });
     }
 
-    // Reload and expand line items
     await checkoutSession.reload();
     const expandedLineItems = await Price.expand(checkoutSession.line_items, { product: true, upsell: true });
 
-    res.json({
+    return c.json({
       ...checkoutSession.toJSON(),
       line_items: expandedLineItems,
       currency_changed: currencyChanged,
     });
   } catch (err) {
     logger.error('Error switching checkout session currency', {
-      sessionId: req.params.id,
+      sessionId: c.req.param('id'),
       error: err,
     });
     if (err instanceof CustomError) {
-      return res.status(getStatusFromError(err)).json({ code: err.code, error: err.message });
+      return c.json({ code: (err as any).code, error: (err as any).message }, getStatusFromError(err) as any);
+    }
+    return c.json({ error: (err as any).message }, 500);
+  }
+});
+
+// [restored — missed in the bulk conversion, caught by the route-count check]
+app.post('/:id/abort-stripe', user, ensureCheckoutSessionOpen, async (c) => {
+  try {
+    const checkoutSession = c.get('doc') as CheckoutSession;
+
+    if (checkoutSession.status === 'complete') {
+      return c.json({ error: 'Checkout session already completed' }, 400);
+    }
+
+    // cancel stripe subscriptions if any
+    const canceledSubscriptions: string[] = [];
+    if (['subscription', 'setup'].includes(checkoutSession.mode)) {
+      const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
+      const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
+
+      const cancelOps = subscriptions.map(async (sub) => {
+        const stripeSubId = sub.payment_details?.stripe?.subscription_id;
+        if (!stripeSubId) {
+          return null;
+        }
+        const method = await PaymentMethod.findByPk(sub.default_payment_method_id);
+        if (!method || method.type !== 'stripe') {
+          return null;
+        }
+        const client = method.getStripeClient();
+        try {
+          await client.subscriptions.cancel(stripeSubId);
+          await sub.update({
+            payment_details: omit(sub.payment_details || {}, 'stripe'),
+            payment_settings: {
+              payment_method_options: omit(sub.payment_settings?.payment_method_options || {}, 'stripe'),
+              payment_method_types: sub.payment_settings?.payment_method_types || [],
+            },
+          });
+          canceledSubscriptions.push(sub.id);
+        } catch (err: any) {
+          logger.error('Failed to cancel stripe subscription for checkout abort', {
+            checkoutSessionId: checkoutSession.id,
+            subscriptionId: sub.id,
+            error: err.message,
+          });
+        }
+        return sub.id;
+      });
+      await Promise.all(cancelOps);
+    }
+
+    // remove related invoice if created
+    try {
+      const existInvoice = await Invoice.findOne({ where: { checkout_session_id: checkoutSession.id } });
+      if (existInvoice) {
+        await destroyExistingInvoice(existInvoice);
+      }
+    } catch (error: any) {
+      logger.error('Failed to destroy invoice on checkout abort', {
+        checkoutSessionId: checkoutSession.id,
+        error: error.message,
+      });
     }
-    res.status(500).json({ error: err.message });
+    return c.json({ checkoutSessionId: checkoutSession.id, canceledSubscriptions });
+  } catch (err: any) {
+    logger.error('Error aborting stripe for checkout session', {
+      sessionId: c.req.param('id'),
+      error: err.message,
+      stack: err.stack,
+    });
+    return c.json({ error: err.message }, 500);
+  }
+});
+
+// Skip payment method for $0 subscription — user chose "Skip, bind later"
+app.post('/:id/skip-payment-method', user, ensureCheckoutSessionOpen, async (c) => {
+  try {
+    if (!c.get('user')) {
+      return c.json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' }, 403);
+    }
+
+    const checkoutSession = c.get('doc') as CheckoutSession;
+
+    if (!['subscription', 'setup'].includes(checkoutSession.mode)) {
+      return c.json({ error: 'Skip payment method is only supported for subscriptions' }, 400);
+    }
+
+    const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
+    const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
+
+    if (!subscriptions.length) {
+      return c.json({ error: 'No subscriptions found for this checkout session' }, 400);
+    }
+
+    // Cancel Stripe setup intents and activate subscriptions concurrently
+    await Promise.all(
+      subscriptions.map(async (sub) => {
+        const stripeSubId = sub.payment_details?.stripe?.subscription_id;
+        if (stripeSubId) {
+          const method = await PaymentMethod.findByPk(sub.default_payment_method_id);
+          if (method?.type === 'stripe') {
+            const client = method.getStripeClient();
+            try {
+              const stripeSub = await client.subscriptions.retrieve(stripeSubId, {
+                expand: ['pending_setup_intent'],
+              });
+              if (stripeSub.pending_setup_intent && typeof stripeSub.pending_setup_intent !== 'string') {
+                await client.setupIntents.cancel(stripeSub.pending_setup_intent.id);
+              }
+              await client.subscriptions.update(stripeSubId, { cancel_at_period_end: true });
+            } catch (err: any) {
+              logger.error('Failed to update Stripe subscription for skip-payment-method', {
+                checkoutSessionId: checkoutSession.id,
+                subscriptionId: sub.id,
+                stripeSubId,
+                error: err.message,
+              });
+            }
+          }
+        }
+
+        // Activate the local subscription with cancel_at_period_end
+        await sub.update({
+          status: sub.trial_end && sub.trial_end > Date.now() / 1000 ? 'trialing' : 'active',
+          cancel_at_period_end: true,
+        });
+        await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
+      })
+    );
+
+    // Complete the checkout session
+    await checkoutSession.update({
+      status: 'complete',
+      payment_status: 'no_payment_required',
+    });
+
+    return c.json({
+      checkoutSession: { id: checkoutSession.id, status: 'complete' },
+      skipped: true,
+    });
+  } catch (err: any) {
+    logger.error('Error in skip-payment-method', {
+      sessionId: c.req.param('id'),
+      error: err.message,
+      stack: err.stack,
+    });
+    return c.json({ error: err.message }, 500);
   }
 });
 
-export default router;
+export default app;