payment-kit 1.29.0 → 1.29.2

package/api/src/routes/{prices.ts → hono/prices.ts}

@@ -1,22 +1,27 @@
+// Phase 3 (express→hono) — hono fork of routes/prices.ts. Sub-app with
+// routes relative to /api/prices (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
 import { fromTokenToUnit, fromUnitToToken } from '@ocap/util';
-import { Router } from 'express';
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema, getOrder, getWhereFromQuery, MetadataSchema } from '../libs/api';
-import { getExchangeRateService } from '../libs/exchange-rate';
-import { getExchangeRateSymbol, hasTokenAddress } from '../libs/exchange-rate/token-address-mapping';
-import logger from '../libs/logger';
-import { authenticate } from '../libs/security';
-import { canUpsell } from '../libs/session';
-import { PaymentCurrency } from '../store/models/payment-currency';
-import { Price } from '../store/models/price';
-import { Product } from '../store/models/product';
-import { checkCurrencySupportRecurring } from '../libs/product';
-import { ChainType, Meter, PaymentMethod } from '../store/models';
-
-const router = Router();
+import { createListParamSchema, getOrder, getWhereFromQuery, MetadataSchema } from '../../libs/api';
+import { allowChangeLockedPrice } from '../../libs/env';
+import { getExchangeRateService } from '../../libs/exchange-rate';
+import { getExchangeRateSymbol, hasTokenAddress } from '../../libs/exchange-rate/token-address-mapping';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { canUpsell } from '../../libs/session';
+import { PaymentCurrency } from '../../store/models/payment-currency';
+import { Price } from '../../store/models/price';
+import { Product } from '../../store/models/product';
+import { checkCurrencySupportRecurring } from '../../libs/product';
+import { ChainType, Meter, PaymentMethod } from '../../store/models';
+
+const app = new Hono();
 
 const auth = authenticate<Price>({ component: true, roles: ['owner', 'admin'] });
 
@@ -147,139 +152,84 @@ const paginationSchema = createListParamSchema<{
   product_id: Joi.string().empty(''),
   lookup_key: Joi.string().empty(''),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, active, livemode, ...query } = await paginationSchema.validateAsync(req.query, {
+
+// search prices — static route, registered before /:id to avoid shadowing
+const searchSchema = createListParamSchema<{
+  query: string;
+}>({
+  query: Joi.string(),
+});
+app.get('/search', auth, async (c) => {
+  const query = c.req.query();
+  const {
+    page,
+    pageSize,
+    query: searchQuery,
+    livemode,
+  } = await searchSchema.validateAsync(query, {
     stripUnknown: false,
     allowUnknown: true,
   });
-  const where: WhereOptions<Price> = {};
 
-  if (typeof active === 'boolean') {
-    where.active = active;
-  }
+  const where = getWhereFromQuery(searchQuery);
   if (typeof livemode === 'boolean') {
     where.livemode = livemode;
   }
-  ['type', 'currency_id', 'product_id', 'lookup_key'].forEach((key: string) => {
-    // @ts-ignore
-    if (query[key]) {
-      // @ts-ignore
-      where[key] = query[key].split(',').map((x: string) => x.trim()).filter(Boolean); // prettier-ignore
-    }
-  });
-
-  Object.keys(query)
-    .filter((x) => x.startsWith('recurring.'))
-    .forEach((key: string) => {
-      // @ts-ignore
-      where[key] = query[key];
-    });
-
   const { rows, count } = await Price.findAndCountAll({
     where,
     attributes: ['id'],
-    order: getOrder(req.query, [['created_at', 'DESC']]),
+    order: getOrder(query, [['created_at', 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
   });
 
-  res.json({ count, list: await Promise.all(rows.map((x) => getExpandedPrice(x.id))), paging: { page, pageSize } });
+  return c.json({ count, list: await Promise.all(rows.map((x) => getExpandedPrice(x.id))) });
 });
 
-// search prices
-const searchSchema = createListParamSchema<{
-  query: string;
-}>({
-  query: Joi.string(),
-});
-router.get('/search', auth, async (req, res) => {
-  const { page, pageSize, query, livemode } = await searchSchema.validateAsync(req.query, {
+app.get('/', auth, async (c) => {
+  const query = c.req.query();
+  const { page, pageSize, active, livemode, ...rest } = await paginationSchema.validateAsync(query, {
     stripUnknown: false,
     allowUnknown: true,
   });
+  const where: WhereOptions<Price> = {};
 
-  const where = getWhereFromQuery(query);
+  if (typeof active === 'boolean') {
+    where.active = active;
+  }
   if (typeof livemode === 'boolean') {
     where.livemode = livemode;
   }
+  ['type', 'currency_id', 'product_id', 'lookup_key'].forEach((key: string) => {
+    // @ts-ignore
+    if (rest[key]) {
+      // @ts-ignore
+      where[key] = rest[key].split(',').map((x: string) => x.trim()).filter(Boolean); // prettier-ignore
+    }
+  });
+
+  Object.keys(rest)
+    .filter((x) => x.startsWith('recurring.'))
+    .forEach((key: string) => {
+      // @ts-ignore
+      where[key] = rest[key];
+    });
+
   const { rows, count } = await Price.findAndCountAll({
     where,
     attributes: ['id'],
-    order: getOrder(req.query, [['created_at', 'DESC']]),
+    order: getOrder(query, [['created_at', 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
   });
 
-  res.json({ count, list: await Promise.all(rows.map((x) => getExpandedPrice(x.id))) });
+  return c.json({
+    count,
+    list: await Promise.all(rows.map((x) => getExpandedPrice(x.id))),
+    paging: { page, pageSize },
+  });
 });
 
-export async function createPrice(payload: any) {
-  const raw: Price & { model: 'string' } = payload;
-  raw.active = true;
-  raw.locked = false;
-  raw.livemode = !!payload.livemode;
-  raw.currency_id = payload.currency_id;
-
-  if (!raw.product_id) {
-    throw new Error('product_id is required to create a price');
-  }
-
-  if (!raw.unit_amount) {
-    throw new Error('price unit_amount is required');
-  }
-
-  const product = await Product.findByPk(raw.product_id);
-  if (!product) {
-    throw new Error(`product ${raw.product_id} not found for price`);
-  }
-
-  if (product.type === 'credit') {
-    const creditConfig = raw.metadata.credit_config;
-    if (!creditConfig) {
-      throw new Error('credit_config is required');
-    }
-    const { error, value: creditConfigValue } = CreditConfigSchema.validate(creditConfig);
-    if (error) {
-      throw new Error(`credit_config is invalid: ${error.message}`);
-    }
-    raw.metadata.credit_config = creditConfigValue;
-  }
-
-  const currencies = await PaymentCurrency.findAll({ where: { active: true } });
-  const currency = currencies.find((x) => x.id === raw.currency_id);
-  if (!currency) {
-    throw new Error(`currency used in price or not active: ${raw.currency_id}`);
-  }
-
-  if (Array.isArray(raw.currency_options) === false) {
-    raw.currency_options = [];
-  }
-  if (raw.currency_options.some((x) => x.currency_id === raw.currency_id) === false) {
-    raw.currency_options.unshift({
-      currency_id: raw.currency_id,
-      unit_amount: raw.unit_amount,
-      tiers: null,
-      custom_unit_amount: null,
-    });
-  }
-
-  raw.currency_options = Price.formatCurrencies(raw.currency_options, currencies);
-  raw.unit_amount = fromTokenToUnit(raw.unit_amount, currency.decimal).toString();
-  const isRecurring = payload.type === 'recurring';
-  const { notSupportCurrencies, validate } = await checkCurrencySupportRecurring(
-    (raw.currency_options || [])?.map((x) => x.currency_id).filter(Boolean),
-    isRecurring
-  );
-  if (!validate) {
-    throw new Error(`currency ${notSupportCurrencies.map((x) => x.name).join(', ')} does not support recurring`);
-  }
-  if (isRecurring && raw.recurring && !raw.recurring.usage_type) {
-    raw.recurring.usage_type = 'licensed';
-  }
-  const price = await Price.insert(raw);
-  return getExpandedPrice(price.id as string);
-}
-
 const priceQuantitySchema = Joi.object({
   quantity_available: Joi.number().integer().min(0).optional().default(0),
   quantity_limit_per_checkout: Joi.number().integer().min(0).optional().default(0),
@@ -302,69 +252,58 @@ const priceAmountSchema = Joi.object({
 // FIXME: @wangshijun use schema validation
 // create price
 // eslint-disable-next-line consistent-return
-router.post('/', auth, async (req, res) => {
+app.post('/', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const { error } = priceQuantitySchema.validate(
-      pick(req.body, ['quantity_available', 'quantity_limit_per_checkout'])
-    );
+    const { error } = priceQuantitySchema.validate(pick(body, ['quantity_available', 'quantity_limit_per_checkout']));
     if (error) {
-      return res.status(400).json({ error: `Price create request invalid: ${error.message}` });
+      return c.json({ error: `Price create request invalid: ${error.message}` }, 400);
     }
     const { error: priceAmountError } = priceAmountSchema.validate(
-      pick(req.body, ['currency_options', 'unit_amount', 'nickname', 'lookup_key'])
+      pick(body, ['currency_options', 'unit_amount', 'nickname', 'lookup_key'])
     );
     if (priceAmountError) {
-      return res.status(400).json({ error: `Price create request invalid: ${priceAmountError.message}` });
+      return c.json({ error: `Price create request invalid: ${priceAmountError.message}` }, 400);
     }
-    if (req.body.metadata) {
-      const { error: metadataError } = MetadataSchema.validate(req.body.metadata);
+    if ((body as any).metadata) {
+      const { error: metadataError } = MetadataSchema.validate((body as any).metadata);
       if (metadataError) {
-        return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
+        return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
       }
     }
 
-    if (req.body.pricing_type === 'dynamic') {
-      const currencyIds = req.body.currency_options?.map((x: any) => x.currency_id).filter(Boolean) || [];
-      if (req.body.currency_id) {
-        currencyIds.push(req.body.currency_id);
+    if ((body as any).pricing_type === 'dynamic') {
+      const currencyIds = (body as any).currency_options?.map((x: any) => x.currency_id).filter(Boolean) || [];
+      if ((body as any).currency_id) {
+        currencyIds.push((body as any).currency_id);
       }
       const validationError = await validateDynamicPricingCurrencies(currencyIds);
       if (validationError) {
-        return res.status(400).json({ error: validationError });
+        return c.json({ error: validationError }, 400);
       }
     }
 
     const result = await createPrice({
-      ...req.body,
-      livemode: !!req.livemode,
-      currency_id: req.body.currency_id || req.baseCurrency.id,
-      created_via: req.user?.via as string,
+      ...(body as any),
+      livemode: !!c.get('livemode'),
+      currency_id: (body as any).currency_id || c.get('baseCurrency').id,
+      created_via: c.get('user')?.via as string,
       quantity_sold: 0,
     });
 
-    logger.info(`Price created: ${result?.id}`, { priceId: result?.id, requestedBy: req.user?.did });
-    res.json(result);
+    logger.info(`Price created: ${result?.id}`, { priceId: result?.id, requestedBy: c.get('user')?.did });
+    return c.json(result);
   } catch (err) {
-    logger.error('Error creating price', { error: err.message, request: req.body });
-    res.status(400).json({ error: err.message });
+    logger.error('Error creating price', { error: (err as any).message, request: body });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
-// get price detail
-router.get('/:id', auth, async (req, res) => {
-  const doc = await getExpandedPrice(req.params.id as string);
-  if (doc) {
-    res.json(doc);
-  } else {
-    res.status(404).json(null);
-  }
-});
-
-// get price used status
-router.get('/:id/used', auth, async (req, res) => {
-  const price = await Price.findByPkOrLookupKey(req.params.id as string);
+// get price used status — static sub-path, registered before /:id
+app.get('/:id/used', auth, async (c) => {
+  const price = await Price.findByPkOrLookupKey(c.req.param('id') as string);
   if (!price) {
-    return res.status(404).json({ error: 'Price not found' });
+    return c.json({ error: 'Price not found' }, 404);
   }
 
   const used = await price.isUsed(true);
@@ -372,11 +311,11 @@ router.get('/:id/used', auth, async (req, res) => {
     await price.update({ locked: false });
   }
 
-  return res.json({ used });
+  return c.json({ used });
 });
 
-router.get('/:id/upsell', auth, async (req, res) => {
-  const price = await Price.findByPkOrLookupKey(req.params.id as string, {
+app.get('/:id/upsell', auth, async (c) => {
+  const price = await Price.findByPkOrLookupKey(c.req.param('id') as string, {
     include: [{ model: PaymentCurrency, as: 'currency' }],
   });
 
@@ -386,55 +325,67 @@ router.get('/:id/upsell', auth, async (req, res) => {
       include: [{ model: PaymentCurrency, as: 'currency' }],
     });
     const upsells = prices.filter((x) => canUpsell(price, x));
-    res.json(upsells);
-  } else {
-    res.json(null);
+    return c.json(upsells);
+  }
+  return c.json(null);
+});
+
+// get price detail
+app.get('/:id', auth, async (c) => {
+  const doc = await getExpandedPrice(c.req.param('id') as string);
+  if (doc) {
+    return c.json(doc);
   }
+  return c.json(null, 404);
 });
 
 // update price
 // FIXME: upsell validate https://stripe.com/docs/payments/checkout/upsells
-router.put('/:id', auth, async (req, res) => {
+app.put('/:id', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   const quantityKeys = ['quantity_available', 'quantity_limit_per_checkout'];
-  const { error } = priceQuantitySchema.validate(pick(req.body, quantityKeys));
+  const { error } = priceQuantitySchema.validate(pick(body, quantityKeys));
   if (error) {
-    return res.status(400).json({ error: `Price update request invalid: ${error.message}` });
+    return c.json({ error: `Price update request invalid: ${error.message}` }, 400);
   }
 
   const { error: priceAmountError } = priceAmountSchema.validate(
-    pick(req.body, ['currency_options', 'unit_amount', 'nickname', 'lookup_key'])
+    pick(body, ['currency_options', 'unit_amount', 'nickname', 'lookup_key'])
   );
   if (priceAmountError) {
-    return res.status(400).json({ error: `Price update request invalid: ${priceAmountError.message}` });
+    return c.json({ error: `Price update request invalid: ${priceAmountError.message}` }, 400);
   }
-  const doc = await Price.findByPkOrLookupKey(req.params.id as string);
+  const doc = await Price.findByPkOrLookupKey(c.req.param('id') as string);
 
   if (!doc) {
-    return res.status(404).json({ error: 'price not found' });
+    return c.json({ error: 'price not found' }, 404);
   }
 
   const product = await Product.findByPk(doc.product_id);
   if (!product) {
-    return res.status(404).json({ error: 'product not found' });
+    return c.json({ error: 'product not found' }, 404);
   }
 
   if (doc.active === false) {
-    return res.status(403).json({ error: 'price archived' });
+    return c.json({ error: 'price archived' }, 403);
   }
 
-  if (Number(req.body.quantity_available) > 0 && Number(req.body.quantity_available) < Number(doc.quantity_sold)) {
+  if (
+    Number((body as any).quantity_available) > 0 &&
+    Number((body as any).quantity_available) < Number(doc.quantity_sold)
+  ) {
     // 可售数量不得小于已售数量
-    return res.status(400).json({ error: 'the available quantity cannot be less than the quantity sold' });
+    return c.json({ error: 'the available quantity cannot be less than the quantity sold' }, 400);
   }
 
-  const locked = doc.locked && process.env.PAYMENT_CHANGE_LOCKED_PRICE !== '1';
-  const { error: metadataError } = MetadataSchema.validate(req.body.metadata);
+  const locked = doc.locked && !allowChangeLockedPrice();
+  const { error: metadataError } = MetadataSchema.validate((body as any).metadata);
   if (metadataError) {
-    return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
+    return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
   }
   const updates: Partial<Price> = Price.formatBeforeSave(
     pick(
-      req.body,
+      body,
       locked
         ? ['nickname', 'description', 'metadata', 'upsell', 'lookup_key', ...quantityKeys]
         : [
@@ -465,7 +416,7 @@ router.put('/:id', auth, async (req, res) => {
   if (updates.lookup_key) {
     const exist = await Price.findOne({ where: { lookup_key: updates.lookup_key } });
     if (exist && exist.id !== doc.id) {
-      return res.status(400).json({ error: `lookup_key ${updates.lookup_key} already used by ${exist.id}` });
+      return c.json({ error: `lookup_key ${updates.lookup_key} already used by ${exist.id}` }, 400);
     }
   }
 
@@ -473,11 +424,11 @@ router.put('/:id', auth, async (req, res) => {
     // Merge with existing credit_config if not provided
     const creditConfig = updates.metadata.credit_config || doc.metadata?.credit_config;
     if (!creditConfig) {
-      return res.status(400).json({ error: 'credit_config is required' });
+      return c.json({ error: 'credit_config is required' }, 400);
     }
     const { error: creditConfigError, value: creditConfigValue } = CreditConfigSchema.validate(creditConfig);
     if (creditConfigError) {
-      return res.status(400).json({ error: `credit_config is invalid: ${creditConfigError.message}` });
+      return c.json({ error: `credit_config is invalid: ${creditConfigError.message}` }, 400);
     }
     updates.metadata.credit_config = creditConfigValue;
   }
@@ -486,9 +437,10 @@ router.put('/:id', auth, async (req, res) => {
   const currency =
     currencies.find((x) => x.id === updates?.currency_id || '') || currencies.find((x) => x.id === doc.currency_id);
   if (!currency) {
-    return res
-      .status(400)
-      .json({ error: `currency used in price not found or not active: ${updates?.currency_id || doc.currency_id}` });
+    return c.json(
+      { error: `currency used in price not found or not active: ${updates?.currency_id || doc.currency_id}` },
+      400
+    );
   }
   if (updates.unit_amount) {
     updates.unit_amount = fromTokenToUnit(updates.unit_amount, currency.decimal).toString();
@@ -519,9 +471,10 @@ router.put('/:id', auth, async (req, res) => {
     isRecurring
   );
   if (!validate) {
-    return res
-      .status(400)
-      .json({ error: `currency ${notSupportCurrencies.map((x) => x.name).join(', ')} does not support recurring` });
+    return c.json(
+      { error: `currency ${notSupportCurrencies.map((x) => x.name).join(', ')} does not support recurring` },
+      400
+    );
   }
 
   const pricingType = updates.pricing_type || doc.pricing_type;
@@ -532,112 +485,182 @@ router.put('/:id', auth, async (req, res) => {
       currencyIds.length ? currencyIds : [updates.currency_id || doc.currency_id]
     );
     if (validationError) {
-      return res.status(400).json({ error: validationError });
+      return c.json({ error: validationError }, 400);
     }
   }
 
   try {
     await doc.update(Price.formatBeforeSave(updates));
-    logger.info(`Price updated: ${req.params.id}`, { priceId: req.params.id, updates, requestedBy: req.user?.did });
-    return res.json(await getExpandedPrice(req.params.id as string));
+    logger.info(`Price updated: ${c.req.param('id')}`, {
+      priceId: c.req.param('id'),
+      updates,
+      requestedBy: c.get('user')?.did,
+    });
+    return c.json(await getExpandedPrice(c.req.param('id') as string));
   } catch (err) {
-    logger.error('Error updating price', { error: err.message, request: req.body });
-    return res.status(400).json({ error: err.message });
+    logger.error('Error updating price', { error: (err as any).message, request: body });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
 // archive
-router.put('/:id/archive', auth, async (req, res) => {
-  const price = await Price.findByPkOrLookupKey(req.params.id as string);
+app.put('/:id/archive', auth, async (c) => {
+  const price = await Price.findByPkOrLookupKey(c.req.param('id') as string);
 
   if (!price) {
-    return res.status(404).json({ error: 'price not found' });
+    return c.json({ error: 'price not found' }, 404);
   }
 
   if (price.active === false) {
-    return res.status(403).json({ error: 'price already archived' });
+    return c.json({ error: 'price already archived' }, 403);
   }
 
   if (price.locked) {
-    return res.status(403).json({ error: 'price locked' });
+    return c.json({ error: 'price locked' }, 403);
   }
 
   await price.update({ active: false });
 
-  logger.info(`Price archived: ${req.params.id}`, { priceId: req.params.id, requestedBy: req.user?.did });
-  return res.json(await getExpandedPrice(req.params.id as string));
-});
-
-// delete price
-router.delete('/:id', auth, async (req, res) => {
-  try {
-    const price = await Price.findByPkOrLookupKey(req.params.id as string);
-
-    if (!price) {
-      return res.status(404).json({ error: 'Can not delete none existing price' });
-    }
-
-    if (price.locked) {
-      return res.status(403).json({ error: 'Can not delete locked price' });
-    }
-
-    if (await price.isUsed(true)) {
-      return res.status(403).json({ error: 'Can not delete price used by other resources' });
-    }
-
-    await price.destroy();
-    return res.json(price);
-  } catch (err) {
-    logger.error('delete price error', err);
-    return res.status(400).json({ error: err.message });
-  }
+  logger.info(`Price archived: ${c.req.param('id')}`, { priceId: c.req.param('id'), requestedBy: c.get('user')?.did });
+  return c.json(await getExpandedPrice(c.req.param('id') as string));
 });
 
 const priceInventorySchema = Joi.object({
   quantity: Joi.number().integer().min(0).required(),
   action: Joi.string().valid('decrement', 'increment').required(),
 });
-router.put('/:id/inventory', auth, async (req, res) => {
+app.put('/:id/inventory', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
   try {
-    const { error } = priceInventorySchema.validate(req.body);
+    const { error } = priceInventorySchema.validate(body);
     if (error) {
-      return res.status(400).json({ error: `Price inventory update request invalid: ${error.message}` });
+      return c.json({ error: `Price inventory update request invalid: ${error.message}` }, 400);
     }
-    const price = await Price.findByPkOrLookupKey(req.params.id as string);
+    const price = await Price.findByPkOrLookupKey(c.req.param('id') as string);
     if (!price) {
-      return res.status(404).json({ error: 'price not found' });
+      return c.json({ error: 'price not found' }, 404);
     }
-    const quantity = Number(req.body.quantity);
+    const quantity = Number((body as any).quantity);
     const limitPerCheckQuantity = price.quantity_limit_per_checkout;
     if (limitPerCheckQuantity > 0 && quantity > limitPerCheckQuantity) {
-      return res
-        .status(400)
-        .json({ error: `quantity ${quantity} exceeds limit per checkout ${limitPerCheckQuantity}` });
+      return c.json({ error: `quantity ${quantity} exceeds limit per checkout ${limitPerCheckQuantity}` }, 400);
     }
 
-    if (req.body.action === 'decrement') {
+    if ((body as any).action === 'decrement') {
       if (quantity > price.quantity_sold) {
-        return res.status(400).json({ error: 'decrementing quantity exceeds sold quantity' });
+        return c.json({ error: 'decrementing quantity exceeds sold quantity' }, 400);
       }
-      await price.decrement('quantity_sold', { by: req.body.quantity });
+      await price.decrement('quantity_sold', { by: (body as any).quantity });
     }
-    if (req.body.action === 'increment') {
+    if ((body as any).action === 'increment') {
       if (price.quantity_available > 0 && price.quantity_sold + quantity > price.quantity_available) {
-        return res.status(400).json({ error: 'incrementing sold quantity exceeds available quantity' });
+        return c.json({ error: 'incrementing sold quantity exceeds available quantity' }, 400);
       }
-      await price.increment('quantity_sold', { by: req.body.quantity });
+      await price.increment('quantity_sold', { by: (body as any).quantity });
     }
-    logger.info(`Price inventory updated: ${req.params.id}`, {
-      priceId: req.params.id,
-      action: req.body.action,
-      quantity: req.body.quantity,
-      requestedBy: req.user?.did,
+    logger.info(`Price inventory updated: ${c.req.param('id')}`, {
+      priceId: c.req.param('id'),
+      action: (body as any).action,
+      quantity: (body as any).quantity,
+      requestedBy: c.get('user')?.did,
     });
-    return res.json(await getExpandedPrice(req.params.id as string));
+    return c.json(await getExpandedPrice(c.req.param('id') as string));
   } catch (err) {
     logger.error('update price inventory error', err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
-export default router;
+// delete price
+app.delete('/:id', auth, async (c) => {
+  try {
+    const price = await Price.findByPkOrLookupKey(c.req.param('id') as string);
+
+    if (!price) {
+      return c.json({ error: 'Can not delete none existing price' }, 404);
+    }
+
+    if (price.locked) {
+      return c.json({ error: 'Can not delete locked price' }, 403);
+    }
+
+    if (await price.isUsed(true)) {
+      return c.json({ error: 'Can not delete price used by other resources' }, 403);
+    }
+
+    await price.destroy();
+    return c.json(price);
+  } catch (err) {
+    logger.error('delete price error', err);
+    return c.json({ error: (err as any).message }, 400);
+  }
+});
+
+export async function createPrice(payload: any) {
+  const raw: Price & { model: 'string' } = payload;
+  raw.active = true;
+  raw.locked = false;
+  raw.livemode = !!payload.livemode;
+  raw.currency_id = payload.currency_id;
+
+  if (!raw.product_id) {
+    throw new Error('product_id is required to create a price');
+  }
+
+  if (!raw.unit_amount) {
+    throw new Error('price unit_amount is required');
+  }
+
+  const product = await Product.findByPk(raw.product_id);
+  if (!product) {
+    throw new Error(`product ${raw.product_id} not found for price`);
+  }
+
+  if (product.type === 'credit') {
+    const creditConfig = raw.metadata.credit_config;
+    if (!creditConfig) {
+      throw new Error('credit_config is required');
+    }
+    const { error, value: creditConfigValue } = CreditConfigSchema.validate(creditConfig);
+    if (error) {
+      throw new Error(`credit_config is invalid: ${error.message}`);
+    }
+    raw.metadata.credit_config = creditConfigValue;
+  }
+
+  const currencies = await PaymentCurrency.findAll({ where: { active: true } });
+  const currency = currencies.find((x) => x.id === raw.currency_id);
+  if (!currency) {
+    throw new Error(`currency used in price or not active: ${raw.currency_id}`);
+  }
+
+  if (Array.isArray(raw.currency_options) === false) {
+    raw.currency_options = [];
+  }
+  if (raw.currency_options.some((x) => x.currency_id === raw.currency_id) === false) {
+    raw.currency_options.unshift({
+      currency_id: raw.currency_id,
+      unit_amount: raw.unit_amount,
+      tiers: null,
+      custom_unit_amount: null,
+    });
+  }
+
+  raw.currency_options = Price.formatCurrencies(raw.currency_options, currencies);
+  raw.unit_amount = fromTokenToUnit(raw.unit_amount, currency.decimal).toString();
+  const isRecurring = payload.type === 'recurring';
+  const { notSupportCurrencies, validate } = await checkCurrencySupportRecurring(
+    (raw.currency_options || [])?.map((x) => x.currency_id).filter(Boolean),
+    isRecurring
+  );
+  if (!validate) {
+    throw new Error(`currency ${notSupportCurrencies.map((x) => x.name).join(', ')} does not support recurring`);
+  }
+  if (isRecurring && raw.recurring && !raw.recurring.usage_type) {
+    raw.recurring.usage_type = 'licensed';
+  }
+  const price = await Price.insert(raw);
+  return getExpandedPrice(price.id as string);
+}
+
+export default app;