payment-kit 1.29.0 → 1.29.2

package/api/src/routes/{payment-links.ts → hono/payment-links.ts}

@@ -1,20 +1,24 @@
+// Phase 3 (express→hono) — hono fork of routes/payment-links.ts. Sub-app with
+// routes relative to /api/payment-links (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import Joi from 'joi';
-import { Router } from 'express';
 import pick from 'lodash/pick';
 import { Op } from 'sequelize';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema, getOrder, MetadataSchema } from '../libs/api';
-import logger from '../libs/logger';
-import { authenticate } from '../libs/security';
-import { isLineItemAligned } from '../libs/session';
-import { formatMetadata } from '../libs/util';
-import { PaymentLink } from '../store/models/payment-link';
-import { Price } from '../store/models/price';
-import { Product } from '../store/models/product';
-import { getDonationBenefits } from '../libs/payment';
-
-const router = Router();
+import { createListParamSchema, getOrder, MetadataSchema } from '../../libs/api';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { isLineItemAligned } from '../../libs/session';
+import { formatMetadata } from '../../libs/util';
+import { PaymentLink } from '../../store/models/payment-link';
+import { Price } from '../../store/models/price';
+import { Product } from '../../store/models/product';
+import { getDonationBenefits } from '../../libs/payment';
+
+const app = new Hono();
 const auth = authenticate<PaymentLink>({ component: true, roles: ['owner', 'admin'] });
 
 const formatBeforeSave = (payload: any) => {
@@ -219,26 +223,59 @@ const PaymentLinkCreateSchema = Joi.object({
     .min(0)
     .optional(),
 }).unknown(true);
-router.post('/', auth, async (req, res) => {
+
+// static route — registered before /:id to avoid shadowing
+app.post('/stash', auth, async (c) => {
+  try {
+    const body = c.get('sanitizedBody') ?? {};
+    const raw: Partial<PaymentLink> = body;
+    raw.id = `plink_${c.get('user')?.did}`;
+    raw.active = true;
+    raw.livemode = !!c.get('livemode');
+    raw.created_via = c.get('user')?.via;
+    raw.currency_id = raw.currency_id || c.get('baseCurrency').id;
+    // Merge existing metadata with preview flag
+    raw.metadata = { ...raw.metadata, preview: '1' };
+
+    let doc = await PaymentLink.findByPk(raw.id);
+    if (doc) {
+      await doc.update({ ...formatBeforeSave(body), livemode: raw.livemode });
+      logger.info('Stashed payment link updated', { id: raw.id, user: c.get('user')?.did });
+    } else {
+      doc = await PaymentLink.create(raw as PaymentLink);
+      logger.info('New stashed payment link created', { id: raw.id, user: c.get('user')?.did });
+    }
+    return c.json(doc);
+  } catch (err) {
+    logger.error('Stash payment link error', { error: err.message, stack: err.stack, body: c.get('sanitizedBody') });
+    return c.json({ error: err.message }, 500);
+  }
+});
+
+app.post('/', auth, async (c) => {
   try {
-    const { error } = PaymentLinkCreateSchema.validate(req.body);
+    const body = c.get('sanitizedBody') ?? {};
+    const { error } = PaymentLinkCreateSchema.validate(body);
     if (error) {
-      logger.warn('Payment link create request invalid', { error: error.message, body: req.body });
-      res.status(400).json({ error: `Payment link create request invalid: ${error.message}` });
-      return;
+      logger.warn('Payment link create request invalid', { error: error.message, body });
+      return c.json({ error: `Payment link create request invalid: ${error.message}` }, 400);
     }
     const result = await createPaymentLink({
-      ...req.body,
-      livemode: !!req.livemode,
-      created_via: req.user?.via,
-      currency_id: req.body.currency_id || req.baseCurrency.id,
-      metadata: formatMetadata(req.body.metadata),
+      ...body,
+      livemode: !!c.get('livemode'),
+      created_via: c.get('user')?.via,
+      currency_id: (body as any).currency_id || c.get('baseCurrency').id,
+      metadata: formatMetadata((body as any).metadata),
     });
-    logger.info('Payment link created successfully', { id: result.id, user: req.user?.did });
-    res.json(result);
+    logger.info('Payment link created successfully', { id: result.id, user: c.get('user')?.did });
+    return c.json(result);
   } catch (err) {
-    logger.error('Create payment link error', { error: err.message, stack: err.stack, body: req.body });
-    res.status(400).json({ error: err.message });
+    logger.error('Create payment link error', {
+      error: err.message,
+      stack: err.stack,
+      body: c.get('sanitizedBody'),
+    });
+    return c.json({ error: err.message }, 400);
   }
 });
 
@@ -247,24 +284,25 @@ const paginationSchema = createListParamSchema<{ active?: boolean; donation?: st
   active: Joi.boolean().empty(''),
   donation: Joi.string().empty(''),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, ...query } = await paginationSchema.validateAsync(req.query, { stripUnknown: true });
+app.get('/', auth, async (c) => {
+  const query = c.req.query();
+  const { page, pageSize, ...q } = await paginationSchema.validateAsync(query, { stripUnknown: true });
   const where: WhereOptions<PaymentLink> = { 'metadata.preview': null };
 
-  if (typeof query.active === 'boolean') {
-    where.active = query.active;
+  if (typeof q.active === 'boolean') {
+    where.active = q.active;
   }
-  if (typeof query.livemode === 'boolean') {
-    where.livemode = query.livemode;
+  if (typeof q.livemode === 'boolean') {
+    where.livemode = q.livemode;
   }
-  if (query.donation === 'hide') {
+  if (q.donation === 'hide') {
     where.submit_type = { [Op.not]: 'donate' };
   }
 
   try {
     const { rows: list, count } = await PaymentLink.findAndCountAll({
       where,
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],
@@ -282,15 +320,32 @@ router.get('/', auth, async (req, res) => {
       });
     });
 
-    res.json({ count, list, paging: { page, pageSize } });
+    return c.json({ count, list, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    res.json({ count: 0, list: [], paging: { page, pageSize } });
+    return c.json({ count: 0, list: [], paging: { page, pageSize } });
   }
 });
 
-router.get('/:id', auth, async (req, res) => {
-  const doc = await PaymentLink.findByPkOrLookupKey(req.params.id || '');
+app.get('/:id/benefits', async (c) => {
+  try {
+    const doc = await PaymentLink.findByPk(c.req.param('id'), {
+      attributes: ['id', 'donation_settings'],
+    });
+    if (!doc) {
+      return c.json({ error: 'payment link not found' }, 404);
+    }
+    const locale = c.req.query('locale') as string;
+    const benefits = await getDonationBenefits(doc, '', locale);
+    return c.json(benefits);
+  } catch (err) {
+    logger.error('Get donation benefits error', { error: err.message, stack: err.stack, id: c.req.param('id') });
+    return c.json({ error: err.message }, 400);
+  }
+});
+
+app.get('/:id', auth, async (c) => {
+  const doc = await PaymentLink.findByPkOrLookupKey(c.req.param('id') || '');
 
   if (doc) {
     // @ts-ignore
@@ -298,10 +353,9 @@ router.get('/:id', auth, async (req, res) => {
   }
 
   if (doc) {
-    res.json(doc);
-  } else {
-    res.status(404).json(null);
+    return c.json(doc);
   }
+  return c.json(null, 404);
 });
 
 const PaymentLinkUpdateSchema = Joi.object({
@@ -351,126 +405,89 @@ const PaymentLinkUpdateSchema = Joi.object({
     .min(0)
     .optional(),
 }).unknown(true);
-// eslint-disable-next-line consistent-return
-router.put('/:id', auth, async (req, res) => {
-  const { error } = PaymentLinkUpdateSchema.validate(req.body);
-  if (error) {
-    logger.warn('Payment link update request invalid', { error: error.message, id: req.params.id, body: req.body });
-    return res.status(400).json({ error: `Payment link update request invalid: ${error.message}` });
-  }
-  const doc = await PaymentLink.findByPk(req.params.id);
+
+// archive — static sub-path, registered before /:id to avoid shadowing
+app.put('/:id/archive', auth, async (c) => {
+  const doc = await PaymentLink.findByPk(c.req.param('id'));
 
   if (!doc) {
-    logger.warn('Payment link not found for update', { id: req.params.id });
-    return res.status(404).json({ error: 'payment link not found' });
+    logger.warn('Payment link not found for archiving', { id: c.req.param('id') });
+    return c.json({ error: 'payment link not found' }, 404);
   }
+
   if (doc.active === false) {
-    logger.warn('Attempt to update archived payment link', { id: req.params.id });
-    return res.status(403).json({ error: 'payment link archived' });
+    logger.warn('Attempt to archive already archived payment link', { id: c.req.param('id') });
+    return c.json({ error: 'payment link already archived' }, 403);
   }
 
   try {
-    await doc.update(formatBeforeSave(Object.assign({}, doc.dataValues, req.body)));
-    logger.info('Payment link updated successfully', { id: req.params.id, user: req.user?.did });
-    res.json(doc);
+    await doc.update({ active: false });
+    logger.info('Payment link archived successfully', { id: c.req.param('id'), user: c.get('user')?.did });
+    return c.json(doc);
   } catch (err) {
-    logger.error('Update payment link error', {
-      error: err.message,
-      stack: err.stack,
-      id: req.params.id,
-      body: req.body,
-    });
-    res.status(500).json({ error: 'Failed to update payment link' });
+    logger.error('Archive payment link error', { error: err.message, stack: err.stack, id: c.req.param('id') });
+    return c.json({ error: 'Failed to archive payment link' }, 500);
   }
 });
 
-// archive
-router.put('/:id/archive', auth, async (req, res) => {
-  const doc = await PaymentLink.findByPk(req.params.id);
+// eslint-disable-next-line consistent-return
+app.put('/:id', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const { error } = PaymentLinkUpdateSchema.validate(body);
+  if (error) {
+    logger.warn('Payment link update request invalid', {
+      error: error.message,
+      id: c.req.param('id'),
+      body,
+    });
+    return c.json({ error: `Payment link update request invalid: ${error.message}` }, 400);
+  }
+  const doc = await PaymentLink.findByPk(c.req.param('id'));
 
   if (!doc) {
-    logger.warn('Payment link not found for archiving', { id: req.params.id });
-    return res.status(404).json({ error: 'payment link not found' });
+    logger.warn('Payment link not found for update', { id: c.req.param('id') });
+    return c.json({ error: 'payment link not found' }, 404);
   }
-
   if (doc.active === false) {
-    logger.warn('Attempt to archive already archived payment link', { id: req.params.id });
-    return res.status(403).json({ error: 'payment link already archived' });
+    logger.warn('Attempt to update archived payment link', { id: c.req.param('id') });
+    return c.json({ error: 'payment link archived' }, 403);
   }
 
   try {
-    await doc.update({ active: false });
-    logger.info('Payment link archived successfully', { id: req.params.id, user: req.user?.did });
-    return res.json(doc);
+    await doc.update(formatBeforeSave(Object.assign({}, doc.dataValues, body)));
+    logger.info('Payment link updated successfully', { id: c.req.param('id'), user: c.get('user')?.did });
+    return c.json(doc);
   } catch (err) {
-    logger.error('Archive payment link error', { error: err.message, stack: err.stack, id: req.params.id });
-    return res.status(500).json({ error: 'Failed to archive payment link' });
+    logger.error('Update payment link error', {
+      error: err.message,
+      stack: err.stack,
+      id: c.req.param('id'),
+      body,
+    });
+    return c.json({ error: 'Failed to update payment link' }, 500);
   }
 });
 
 // delete
-router.delete('/:id', auth, async (req, res) => {
-  const doc = await PaymentLink.findByPk(req.params.id);
+app.delete('/:id', auth, async (c) => {
+  const doc = await PaymentLink.findByPk(c.req.param('id'));
 
   if (!doc) {
-    return res.status(404).json({ error: 'payment link not found' });
+    return c.json({ error: 'payment link not found' }, 404);
   }
 
   if (doc.active === false) {
-    return res.status(403).json({ error: 'payment link archived' });
+    return c.json({ error: 'payment link archived' }, 403);
   }
 
   try {
     await doc.destroy();
-    logger.info('Payment link deleted successfully', { id: req.params.id, user: req.user?.did });
-    return res.json(doc);
-  } catch (err) {
-    logger.error('Delete payment link error', { error: err.message, stack: err.stack, id: req.params.id });
-    return res.status(500).json({ error: 'Failed to delete payment link' });
-  }
-});
-
-router.post('/stash', auth, async (req, res) => {
-  try {
-    const raw: Partial<PaymentLink> = req.body;
-    raw.id = `plink_${req.user?.did}`;
-    raw.active = true;
-    raw.livemode = !!req.livemode;
-    raw.created_via = req.user?.via;
-    raw.currency_id = raw.currency_id || req.baseCurrency.id;
-    // Merge existing metadata with preview flag
-    raw.metadata = { ...raw.metadata, preview: '1' };
-
-    let doc = await PaymentLink.findByPk(raw.id);
-    if (doc) {
-      await doc.update({ ...formatBeforeSave(req.body), livemode: raw.livemode });
-      logger.info('Stashed payment link updated', { id: raw.id, user: req.user?.did });
-    } else {
-      doc = await PaymentLink.create(raw as PaymentLink);
-      logger.info('New stashed payment link created', { id: raw.id, user: req.user?.did });
-    }
-    res.json(doc);
-  } catch (err) {
-    logger.error('Stash payment link error', { error: err.message, stack: err.stack, body: req.body });
-    res.status(500).json({ error: err.message });
-  }
-});
-
-router.get('/:id/benefits', async (req, res) => {
-  try {
-    const doc = await PaymentLink.findByPk(req.params.id, {
-      attributes: ['id', 'donation_settings'],
-    });
-    if (!doc) {
-      return res.status(404).json({ error: 'payment link not found' });
-    }
-    const locale = req.query.locale as string;
-    const benefits = await getDonationBenefits(doc, '', locale);
-    return res.json(benefits);
+    logger.info('Payment link deleted successfully', { id: c.req.param('id'), user: c.get('user')?.did });
+    return c.json(doc);
   } catch (err) {
-    logger.error('Get donation benefits error', { error: err.message, stack: err.stack, id: req.params.id });
-    return res.status(400).json({ error: err.message });
+    logger.error('Delete payment link error', { error: err.message, stack: err.stack, id: c.req.param('id') });
+    return c.json({ error: 'Failed to delete payment link' }, 500);
   }
 });
 
-export default router;
+export default app;