payment-kit 1.29.0 → 1.29.2

package/api/src/routes/{tax-rates.ts → hono/tax-rates.ts}

@@ -1,14 +1,18 @@
-import { Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/tax-rates.ts. Sub-app with
+// routes relative to /api/tax-rates (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import Joi from 'joi';
 
 import { CustomError } from '@blocklet/error';
 import { literal } from 'sequelize';
-import { authenticate } from '../libs/security';
-import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
-import { formatMetadata } from '../libs/util';
-import { InvoiceItem, TaxRate } from '../store/models';
+import { authenticate } from '../../middlewares/hono/security';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../../libs/api';
+import { formatMetadata } from '../../libs/util';
+import { InvoiceItem, TaxRate } from '../../store/models';
 
-const router = Router();
+const app = new Hono();
 const auth = authenticate({ component: true, roles: ['owner', 'admin'] });
 
 const createTaxRateSchema = Joi.object({
@@ -42,19 +46,18 @@ const listSchema = createListParamSchema<{
 });
 
 // List tax rates
-router.get('/', auth, async (req, res) => {
+app.get('/', auth, async (c) => {
   try {
-    const { error, value: validated } = listSchema.validate(req.query, { stripUnknown: true });
+    const { error, value: validated } = listSchema.validate(c.req.query(), { stripUnknown: true });
     if (error) {
-      res.status(400).json({ error: `Validation error: ${error.message}` });
-      return;
+      return c.json({ error: `Validation error: ${error.message}` }, 400);
     }
 
     const { page, pageSize, ...query } = validated;
     const where = getWhereFromKvQuery(query.q);
 
-    if (typeof req.livemode === 'boolean') {
-      where.livemode = req.livemode;
+    if (typeof c.get('livemode') === 'boolean') {
+      where.livemode = c.get('livemode');
     }
     if (query.country) {
       where.country = query.country;
@@ -68,7 +71,7 @@ router.get('/', auth, async (req, res) => {
 
     const { rows: list, count } = await TaxRate.findAndCountAll({
       where,
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(c.req.query(), [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       attributes: {
@@ -85,39 +88,48 @@ router.get('/', auth, async (req, res) => {
       },
     });
 
-    res.json({ count, list });
+    return c.json({ count, list });
   } catch (error) {
-    res.status(400).json({ error: error?.message });
+    return c.json({ error: (error as any)?.message }, 400);
   }
 });
 
-// Get a specific tax rate
-router.get('/:id', auth, async (req, res) => {
-  const taxRate = await TaxRate.findOne({
-    where: {
-      id: req.params.id,
-      livemode: req.livemode,
-    },
+// Find matching tax rate for a given location and tax code
+// static path registered before /:id so it wins over the param route
+app.post('/match', auth, async (c) => {
+  const schema = Joi.object({
+    country: Joi.string().length(2).uppercase().required(),
+    state: Joi.string().max(50).empty('').optional(),
+    postal_code: Joi.string().max(20).empty('').optional(),
+    tax_code: Joi.string().max(20).empty('').optional(),
   });
 
-  if (!taxRate) {
-    throw new CustomError(404, 'Tax rate not found');
+  const { error, value: data } = schema.validate(c.get('sanitizedBody') ?? {}, { stripUnknown: true });
+  if (error) {
+    return c.json({ error: error.message }, 400);
   }
 
-  res.json(taxRate);
+  const matchedRate = await TaxRate.findMatchingRate({
+    country: data.country,
+    state: data.state,
+    postalCode: data.postal_code,
+    taxCode: data.tax_code,
+    livemode: c.get('livemode'),
+  });
+
+  return c.json(matchedRate);
 });
 
 // Create a new tax rate
-router.post('/', auth, async (req, res) => {
-  const { error, value: data } = createTaxRateSchema.validate(req.body, { stripUnknown: true });
+app.post('/', auth, async (c) => {
+  const { error, value: data } = createTaxRateSchema.validate(c.get('sanitizedBody') ?? {}, { stripUnknown: true });
   if (error) {
-    res.status(400).json({ error: `Validation failed: ${error.message}` });
-    return;
+    return c.json({ error: `Validation failed: ${error.message}` }, 400);
   }
 
   const existingRate = await TaxRate.findOne({
     where: {
-      livemode: req.livemode,
+      livemode: c.get('livemode'),
       country: data.country,
       state: data.state || null,
       postal_code: data.postal_code || null,
@@ -134,25 +146,40 @@ router.post('/', auth, async (req, res) => {
 
   const taxRate = await TaxRate.create({
     ...data,
-    livemode: req.livemode,
+    livemode: c.get('livemode'),
     metadata: formatMetadata(data.metadata),
   });
 
-  res.json(taxRate);
+  return c.json(taxRate);
+});
+
+// Get a specific tax rate
+app.get('/:id', auth, async (c) => {
+  const taxRate = await TaxRate.findOne({
+    where: {
+      id: c.req.param('id'),
+      livemode: c.get('livemode'),
+    },
+  });
+
+  if (!taxRate) {
+    throw new CustomError(404, 'Tax rate not found');
+  }
+
+  return c.json(taxRate);
 });
 
 // Update a tax rate
-router.put('/:id', auth, async (req, res) => {
-  const { error, value: data } = updateTaxRateSchema.validate(req.body, { stripUnknown: true });
+app.put('/:id', auth, async (c) => {
+  const { error, value: data } = updateTaxRateSchema.validate(c.get('sanitizedBody') ?? {}, { stripUnknown: true });
   if (error) {
-    res.status(400).json({ error: `Validation failed: ${error.message}` });
-    return;
+    return c.json({ error: `Validation failed: ${error.message}` }, 400);
   }
 
   const taxRate = await TaxRate.findOne({
     where: {
-      id: req.params.id,
-      livemode: req.livemode,
+      id: c.req.param('id'),
+      livemode: c.get('livemode'),
     },
   });
 
@@ -165,15 +192,15 @@ router.put('/:id', auth, async (req, res) => {
     metadata: data.metadata ? formatMetadata(data.metadata) : taxRate.metadata,
   });
 
-  res.json(taxRate);
+  return c.json(taxRate);
 });
 
 // Delete a tax rate
-router.delete('/:id', auth, async (req, res) => {
+app.delete('/:id', auth, async (c) => {
   const taxRate = await TaxRate.findOne({
     where: {
-      id: req.params.id,
-      livemode: req.livemode,
+      id: c.req.param('id'),
+      livemode: c.get('livemode'),
     },
   });
 
@@ -188,33 +215,7 @@ router.delete('/:id', auth, async (req, res) => {
 
   await taxRate.destroy();
 
-  res.json({ deleted: true, id: req.params.id });
-});
-
-// Find matching tax rate for a given location and tax code
-router.post('/match', auth, async (req, res) => {
-  const schema = Joi.object({
-    country: Joi.string().length(2).uppercase().required(),
-    state: Joi.string().max(50).empty('').optional(),
-    postal_code: Joi.string().max(20).empty('').optional(),
-    tax_code: Joi.string().max(20).empty('').optional(),
-  });
-
-  const { error, value: data } = schema.validate(req.body, { stripUnknown: true });
-  if (error) {
-    res.status(400).json({ error: error.message });
-    return;
-  }
-
-  const matchedRate = await TaxRate.findMatchingRate({
-    country: data.country,
-    state: data.state,
-    postalCode: data.postal_code,
-    taxCode: data.tax_code,
-    livemode: req.livemode,
-  });
-
-  res.json(matchedRate);
+  return c.json({ deleted: true, id: c.req.param('id') });
 });
 
-export default router;
+export default app;

package/api/src/routes/hono/tool.ts

@@ -0,0 +1,69 @@
+// Phase 3 (express→hono) — hono fork of routes/tool.ts. Sub-app with
+// routes relative to /api/tool (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import dayjs from 'dayjs';
+import { Hono } from 'hono';
+import Joi from 'joi';
+
+import { getUrl } from '@blocklet/sdk/lib/component';
+import { joinURL } from 'ufo';
+import { authenticate } from '../../middlewares/hono/security';
+import { formatToShortUrl } from '../../libs/url';
+import { CheckoutSession } from '../../store/models';
+import logger from '../../libs/logger';
+
+const loginAuth = authenticate<CheckoutSession>({ component: false, ensureLogin: true, mine: true });
+
+const app = new Hono();
+
+const shortUrlSchema = Joi.object({
+  url: Joi.string().uri().required(),
+  timeoutMin: Joi.number().optional(),
+  maxVisits: Joi.number().optional(),
+}).unknown(true);
+
+app.get('/short-url', loginAuth, async (c) => {
+  const query = c.req.query();
+  const { error } = shortUrlSchema.validate(query);
+  if (error) {
+    return c.json({ error: 'Invalid parameters', message: error.message }, 400);
+  }
+  const { url, timeoutMin = 60, maxVisits = 5 } = query;
+  const timeoutMinNumber = Number(timeoutMin);
+  const validUntil = dayjs()
+    .add(timeoutMinNumber > 60 ? 60 : timeoutMinNumber, 'minutes')
+    .format('YYYY-MM-DDTHH:mm:ss+00:00');
+
+  const shortUrl = await formatToShortUrl({ url: url as string, validUntil, maxVisits: Number(maxVisits) });
+
+  return c.json({ url: shortUrl });
+});
+
+app.get('/short-connect-url', async (c) => {
+  const query = c.req.query();
+  const { error } = shortUrlSchema.validate(query);
+  if (error) {
+    return c.json({ error: 'Invalid parameters', message: error.message }, 400);
+  }
+
+  const { url, timeoutMin = 60, maxVisits = 5 } = query;
+  const serverUrl = getUrl();
+
+  const allowedEndpoint = joinURL(new URL(serverUrl).origin, '.well-known/service/gen-simple-access-key');
+
+  if (!url?.toString().startsWith(allowedEndpoint)) {
+    logger.error('Client try to generate short connect url from invalid service', { url });
+    return c.json({ error: 'Just support generate short connect url from gen-simple-access-key service' }, 400);
+  }
+
+  const timeoutMinNumber = Number(timeoutMin);
+  const validUntil = dayjs()
+    .add(timeoutMinNumber > 60 ? 60 : timeoutMinNumber, 'minutes')
+    .format('YYYY-MM-DDTHH:mm:ss+00:00');
+
+  const shortUrl = await formatToShortUrl({ url: url as string, validUntil, maxVisits: Number(maxVisits) });
+  return c.json({ url: shortUrl });
+});
+
+export default app;

package/api/src/routes/{usage-records.ts → hono/usage-records.ts}

@@ -1,19 +1,22 @@
-/* eslint-disable consistent-return */
-import { Request, Response, Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/usage-records.ts. Sub-app with
+// routes relative to /api/usage-records (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
+import { Context, Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 import { Op } from 'sequelize';
 
-import { forwardUsageRecordToStripe } from '../integrations/stripe/resource';
-import { createListParamSchema, getOrder } from '../libs/api';
-import dayjs from '../libs/dayjs';
-import { authenticate } from '../libs/security';
-import { usageRecordQueue } from '../queues/usage-record';
-import { Invoice, Price, Subscription, SubscriptionItem, UsageRecord } from '../store/models';
-import logger from '../libs/logger';
-import { getLock } from '../libs/lock';
+import { forwardUsageRecordToStripe } from '../../integrations/stripe/resource';
+import { createListParamSchema, getOrder } from '../../libs/api';
+import dayjs from '../../libs/dayjs';
+import { getLock } from '../../libs/lock';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { usageRecordQueue } from '../../queues/usage-record';
+import { Invoice, Price, Subscription, SubscriptionItem, UsageRecord } from '../../store/models';
 
-const router = Router();
+const app = new Hono();
 const auth = authenticate<UsageRecord>({ component: true, roles: ['owner', 'admin'] });
 
 const UsageReportScheme = Joi.object({
@@ -25,24 +28,25 @@ const UsageReportScheme = Joi.object({
 }).unknown(true);
 
 // @link https://stripe.com/docs/api/usage_records/create
-router.post('/', auth, async (req, res) => {
-  const { error } = UsageReportScheme.validate(req.body);
+app.post('/', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const { error } = UsageReportScheme.validate(body);
   if (error) {
-    return res.status(400).json({ error: error.message });
+    return c.json({ error: error.message }, 400);
   }
-  const raw: Partial<UsageRecord> = pick(req.body, ['timestamp', 'quantity', 'subscription_item_id']);
+  const raw: Partial<UsageRecord> = pick(body, ['timestamp', 'quantity', 'subscription_item_id']);
   const item = await SubscriptionItem.findByPk(raw.subscription_item_id);
   if (!item) {
-    return res.status(400).json({ error: `SubscriptionItem not found: ${raw.subscription_item_id}` });
+    return c.json({ error: `SubscriptionItem not found: ${raw.subscription_item_id}` }, 400);
   }
 
   const subscription = await Subscription.findByPk(item.subscription_id);
   if (!subscription) {
-    return res.status(400).json({ error: `Subscription not found: ${item.subscription_id}` });
+    return c.json({ error: `Subscription not found: ${item.subscription_id}` }, 400);
   }
   if (raw.timestamp) {
     if (raw.timestamp < subscription.current_period_start || raw.timestamp > subscription.current_period_end) {
-      return res.status(400).json({ error: '`timestamp` must be within the current period' });
+      return c.json({ error: '`timestamp` must be within the current period' }, 400);
     }
   }
 
@@ -57,14 +61,14 @@ router.post('/', auth, async (req, res) => {
     logger.info('Usage reporting', {
       subscriptionId: item.subscription_id,
       subscriptionItemId: item.id,
-      body: req.body,
+      body,
     });
 
     let doc = await UsageRecord.findOne({
       where: { timestamp: raw.timestamp, subscription_item_id: raw.subscription_item_id },
     });
 
-    const action = req.body.action || 'increment';
+    const action = body.action || 'increment';
     if (doc) {
       if (doc.billed) {
         logger.info('UsageRecord updated', {
@@ -72,7 +76,7 @@ router.post('/', auth, async (req, res) => {
           timestamp: raw.timestamp,
           newQuantity: raw.quantity,
         });
-        return res.status(400).json({ error: 'UsageRecord is immutable because already billed' });
+        return c.json({ error: 'UsageRecord is immutable because already billed' }, 400);
       }
       if (action === 'increment') {
         await doc.increment('quantity', { by: raw.quantity });
@@ -88,9 +92,10 @@ router.post('/', auth, async (req, res) => {
             subscriptionId: subscription.id,
             action,
           });
-          return res
-            .status(400)
-            .json({ error: 'UsageRecord action must be `increment` for subscriptions with billing_thresholds' });
+          return c.json(
+            { error: 'UsageRecord action must be `increment` for subscriptions with billing_thresholds' },
+            400
+          );
         }
         await doc.update({ quantity: raw.quantity });
         logger.info('UsageRecord updated', {
@@ -101,7 +106,7 @@ router.post('/', auth, async (req, res) => {
         });
       }
     } else {
-      raw.livemode = req.livemode;
+      raw.livemode = c.get('livemode');
       doc = await UsageRecord.create(raw as UsageRecord);
     }
 
@@ -127,10 +132,10 @@ router.post('/', auth, async (req, res) => {
       action,
     });
     await doc.reload();
-    return res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error('Error in usage-records', { error: err });
-    return res.status(400).json({ error: err.message || 'UsageRecord creation failed' });
+    return c.json({ error: (err as any).message || 'UsageRecord creation failed' }, 400);
   } finally {
     lock.release();
   }
@@ -149,21 +154,21 @@ const schema = createListParamSchema<{
   },
   100
 );
-router.get('/summary', auth, async (req, res) => {
-  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+app.get('/summary', auth, async (c) => {
+  const { page, pageSize, ...query } = await schema.validateAsync(c.req.query(), { stripUnknown: true });
 
   try {
     const item = await SubscriptionItem.findByPk(query.subscription_item_id, {
       include: [{ model: Price, as: 'price' }],
     });
     if (!item) {
-      return res.status(400).json({ error: `SubscriptionItem not found: ${query.subscription_item_id}` });
+      return c.json({ error: `SubscriptionItem not found: ${query.subscription_item_id}` }, 400);
     }
 
     const { rows, count } = await Invoice.findAndCountAll({
       where: { subscription_id: item.subscription_id },
       attributes: ['id', 'period_end', 'period_start'],
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(c.req.query(), [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
     });
@@ -190,10 +195,10 @@ router.get('/summary', auth, async (req, res) => {
       })
     );
 
-    res.json({ count, list, paging: { page, pageSize } });
+    return c.json({ count, list, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    res.json({ count: 0, list: [], paging: { page, pageSize } });
+    return c.json({ count: 0, list: [], paging: { page, pageSize } });
   }
 });
 
@@ -207,19 +212,19 @@ const UsageRecordScheme = Joi.object({
 }).unknown(true);
 
 export function createUsageRecordQueryFn(doc?: Subscription) {
-  return async (req: Request, res: Response) => {
-    const { error, value: query } = UsageRecordScheme.validate(req.query, { stripUnknown: true });
+  return async (c: Context) => {
+    const { error, value: query } = UsageRecordScheme.validate(c.req.query(), { stripUnknown: true });
     if (error) {
-      return res.status(400).json({ error: `usage record request query invalid: ${error.message}` });
+      return c.json({ error: `usage record request query invalid: ${error.message}` }, 400);
     }
     try {
       const item = await SubscriptionItem.findByPk(query.subscription_item_id);
       if (!item) {
-        return res.status(400).json({ error: `SubscriptionItem not found: ${query.subscription_item_id}` });
+        return c.json({ error: `SubscriptionItem not found: ${query.subscription_item_id}` }, 400);
       }
       const subscription = doc || (await Subscription.findByPk(item.subscription_id));
       if (!subscription) {
-        return res.status(400).json({ error: `Subscription not found: ${item.subscription_id}` });
+        return c.json({ error: `Subscription not found: ${item.subscription_id}` }, 400);
       }
 
       const { rows: list, count } = await UsageRecord.findAndCountAll({
@@ -233,14 +238,14 @@ export function createUsageRecordQueryFn(doc?: Subscription) {
         order: [['created_at', 'ASC']],
       });
 
-      res.json({ count, list });
+      return c.json({ count, list });
     } catch (err) {
       logger.error(err);
-      res.json({ count: 0, list: [] });
+      return c.json({ count: 0, list: [] });
     }
   };
 }
 
-router.get('/', auth, createUsageRecordQueryFn());
+app.get('/', auth, createUsageRecordQueryFn());
 
-export default router;
+export default app;