payment-kit 1.29.1 → 1.29.2

package/api/src/routes/{invoices.ts → hono/invoices.ts}

@@ -1,29 +1,33 @@
 /* eslint-disable @typescript-eslint/naming-convention */
+// Phase 3 (express→hono) — hono fork of routes/invoices.ts. Sub-app with
+// routes relative to /api/invoices (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
 import { isValid } from '@arcblock/did';
-import { Router } from 'express';
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 import { Op } from 'sequelize';
 
 import { BN, fromUnitToToken } from '@ocap/util';
-import { syncStripeInvoice } from '../integrations/stripe/handlers/invoice';
-import { syncStripePayment } from '../integrations/stripe/handlers/payment-intent';
-import { ensureStripeCustomer, ensureStripeSetupIntentForInvoicePayment } from '../integrations/stripe/resource';
-import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
-import { authenticate } from '../libs/security';
-import { expandLineItems } from '../libs/session';
-import { formatMetadata, getBlockletJson, getUserOrAppInfo } from '../libs/util';
-import dayjs from '../libs/dayjs';
-import { Customer } from '../store/models/customer';
-import { Invoice } from '../store/models/invoice';
-import { InvoiceItem } from '../store/models/invoice-item';
-import { PaymentCurrency } from '../store/models/payment-currency';
-import { PaymentIntent } from '../store/models/payment-intent';
-import { PaymentMethod } from '../store/models/payment-method';
-import { Price } from '../store/models/price';
-import { Product } from '../store/models/product';
-import { Subscription } from '../store/models/subscription';
-import { getReturnStakeInvoices, getStakingInvoices, retryUncollectibleInvoices } from '../libs/invoice';
+import { syncStripeInvoice } from '../../integrations/stripe/handlers/invoice';
+import { syncStripePayment } from '../../integrations/stripe/handlers/payment-intent';
+import { ensureStripeCustomer, ensureStripeSetupIntentForInvoicePayment } from '../../integrations/stripe/resource';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../../libs/api';
+import { authenticate } from '../../middlewares/hono/security';
+import { expandLineItems } from '../../libs/session';
+import { formatMetadata, getBlockletJson, getUserOrAppInfo } from '../../libs/util';
+import dayjs from '../../libs/dayjs';
+import { Customer } from '../../store/models/customer';
+import { Invoice } from '../../store/models/invoice';
+import { InvoiceItem } from '../../store/models/invoice-item';
+import { PaymentCurrency } from '../../store/models/payment-currency';
+import { PaymentIntent } from '../../store/models/payment-intent';
+import { PaymentMethod } from '../../store/models/payment-method';
+import { Price } from '../../store/models/price';
+import { Product } from '../../store/models/product';
+import { Subscription } from '../../store/models/subscription';
+import { getReturnStakeInvoices, getStakingInvoices, retryUncollectibleInvoices } from '../../libs/invoice';
 import {
   CheckoutSession,
   PaymentLink,
@@ -34,12 +38,12 @@ import {
   CreditGrant,
   TaxRate,
   PriceQuote,
-} from '../store/models';
-import { mergePaginate, defaultTimeOrderBy, getCachedOrFetch, DataSource } from '../libs/pagination';
-import logger from '../libs/logger';
-import { returnOverdraftProtectionQueue, returnStakeQueue } from '../queues/subscription';
-import { checkRemainingStake } from '../libs/subscription';
-import { getExchangeRateService } from '../libs/exchange-rate';
+} from '../../store/models';
+import { mergePaginate, defaultTimeOrderBy, getCachedOrFetch, DataSource } from '../../libs/pagination';
+import logger from '../../libs/logger';
+import { returnOverdraftProtectionQueue, returnStakeQueue } from '../../queues/subscription';
+import { checkRemainingStake } from '../../libs/subscription';
+import { getExchangeRateService } from '../../libs/exchange-rate';
 
 // Simple format amount helper for backend
 function formatAmountForDisplay(amount: string, decimal: number, symbol: string): string {
@@ -47,7 +51,7 @@ function formatAmountForDisplay(amount: string, decimal: number, symbol: string)
   return `${parseFloat(tokenValue).toFixed(Math.min(decimal, 6))} ${symbol}`;
 }
 
-const router = Router();
+const app = new Hono();
 const authAdmin = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'] });
 const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true, embed: true });
 const authPortal = authenticate<Invoice>({
@@ -235,7 +239,7 @@ const attachQuoteMetadataToLines = (lines: any[] | undefined, quotesById: Map<st
   });
 };
 
-router.get('/', authMine, async (req, res) => {
+app.get('/', authMine, async (c) => {
   try {
     // eslint-disable-next-line @typescript-eslint/naming-convention
     const {
@@ -249,7 +253,7 @@ router.get('/', authMine, async (req, res) => {
       include_overdraft_protection = true,
       include_quote = false,
       ...query
-    } = await schema.validateAsync(req.query, {
+    } = await schema.validateAsync(c.req.query(), {
       stripUnknown: false,
       allowUnknown: true,
     });
@@ -270,8 +274,8 @@ router.get('/', authMine, async (req, res) => {
     if (ignore_zero) {
       where.subtotal = { [Op.ne]: '0' };
     }
-    if (query.customer_id) {
-      where.customer_id = query.customer_id;
+    if (c.get('customer_id') ?? query.customer_id) {
+      where.customer_id = c.get('customer_id') ?? query.customer_id;
     }
     if (query.currency_id) {
       where.currency_id = query.currency_id;
@@ -281,8 +285,7 @@ router.get('/', authMine, async (req, res) => {
       if (customer) {
         where.customer_id = customer.id;
       } else {
-        res.json({ count: 0, list: [], paging: { page, pageSize } });
-        return;
+        return c.json({ count: 0, list: [], paging: { page, pageSize } });
       }
     }
     if (query.subscription_id) {
@@ -333,7 +336,7 @@ router.get('/', authMine, async (req, res) => {
         }),
         Invoice.findAll({
           where,
-          order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
+          order: getOrder(c.req.query(), [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
           limit: pageSize,
           offset: (page - 1) * pageSize,
           subQuery: false,
@@ -375,12 +378,11 @@ router.get('/', authMine, async (req, res) => {
         }),
       ]);
 
-      res.json({
+      return c.json({
         count,
         list,
         paging: { page, pageSize },
       });
-      return;
     }
 
     const sources: DataSource<Invoice>[] = [];
@@ -393,7 +395,7 @@ router.get('/', authMine, async (req, res) => {
       fetch: async (limit: number, offset: number = 0) => {
         const result = await Invoice.findAll({
           where,
-          order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
+          order: getOrder(c.req.query(), [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
           limit,
           offset,
           include: [
@@ -541,7 +543,7 @@ router.get('/', authMine, async (req, res) => {
       defaultTimeOrderBy(query.o === 'asc' ? 'asc' : 'desc')
     );
 
-    res.json({
+    return c.json({
       count: result.total,
       list: result.data,
       paging: result.paging,
@@ -549,15 +551,15 @@ router.get('/', authMine, async (req, res) => {
   } catch (err) {
     logger.error('Failed to fetch invoices', {
       error: err,
-      page: req.query.page,
-      pageSize: req.query.pageSize,
-      include_staking: req.query.include_staking,
-      subscription_id: req.query.subscription_id,
+      page: c.req.query('page'),
+      pageSize: c.req.query('pageSize'),
+      include_staking: c.req.query('include_staking'),
+      subscription_id: c.req.query('subscription_id'),
     });
-    res.json({
+    return c.json({
       count: 0,
       list: [],
-      paging: { page: Number(req.query.page || 1), pageSize: Number(req.query.pageSize || 10) },
+      paging: { page: Number(c.req.query('page') || 1), pageSize: Number(c.req.query('pageSize') || 10) },
     });
   }
 });
@@ -574,16 +576,17 @@ const rechargeSchema = createListParamSchema<{
   recharge_address: Joi.string().empty(''),
 });
 
-router.get('/recharge', authMine, async (req, res) => {
-  const { page, pageSize, ...query } = await rechargeSchema.validateAsync(req.query, {
+// Static path — registered before /:id so hono matches it first.
+app.get('/recharge', authMine, async (c) => {
+  const { page, pageSize, ...query } = await rechargeSchema.validateAsync(c.req.query(), {
     stripUnknown: false,
     allowUnknown: true,
   });
   const where = getWhereFromKvQuery(query.q);
-  if (query.customer_id) {
-    const customer = await Customer.findByPkOrDid(query.customer_id);
+  if (c.get('customer_id') ?? query.customer_id) {
+    const customer = await Customer.findByPkOrDid(c.get('customer_id') ?? query.customer_id);
     if (!customer) {
-      return res.status(404).json({ error: 'Customer not found' });
+      return c.json({ error: 'Customer not found' }, 404);
     }
     where.customer_id = customer.id;
   }
@@ -603,23 +606,24 @@ router.get('/recharge', authMine, async (req, res) => {
       },
       offset: (page - 1) * pageSize,
       limit: pageSize,
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(c.req.query(), [['created_at', 'DESC']]),
       include: [
         { model: PaymentCurrency, as: 'paymentCurrency' },
         { model: PaymentMethod, as: 'paymentMethod' },
       ],
     });
 
-    return res.json({ count, list: invoices, paging: { page, pageSize } });
+    return c.json({ count, list: invoices, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
 const searchSchema = createListParamSchema<{}>({});
-router.get('/search', authMine, async (req, res) => {
-  const { page, pageSize, livemode, q, o } = await searchSchema.validateAsync(req.query, {
+// Static path — registered before /:id so hono matches it first.
+app.get('/search', authMine, async (c) => {
+  const { page, pageSize, livemode, q, o } = await searchSchema.validateAsync(c.req.query(), {
     stripUnknown: false,
     allowUnknown: true,
   });
@@ -631,7 +635,7 @@ router.get('/search', authMine, async (req, res) => {
 
   const { rows: list, count } = await Invoice.findAndCountAll({
     where,
-    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
+    order: getOrder(c.req.query(), [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     distinct: true,
@@ -641,7 +645,7 @@ router.get('/search', authMine, async (req, res) => {
     ],
   });
 
-  res.json({ count, list, paging: { page, pageSize } });
+  return c.json({ count, list, paging: { page, pageSize } });
 });
 
 const retryUncollectibleSchema = Joi.object({
@@ -664,14 +668,15 @@ const retryUncollectibleSchema = Joi.object({
     .optional(),
   currencyId: Joi.string().trim().allow('').optional(),
 });
-router.get('/retry-uncollectible', authAdmin, async (req, res) => {
+// Static path — registered before /:id so hono matches it first.
+app.get('/retry-uncollectible', authAdmin, async (c) => {
   try {
-    const { error, value } = retryUncollectibleSchema.validate(req.query, {
+    const { error, value } = retryUncollectibleSchema.validate(c.req.query(), {
       stripUnknown: true,
     });
 
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
 
     const { customerId, subscriptionId, invoiceId, invoiceIds, currencyId } = value;
@@ -684,60 +689,64 @@ router.get('/retry-uncollectible', authAdmin, async (req, res) => {
       currencyId,
     });
 
-    return res.json(result);
+    return c.json(result);
   } catch (error) {
     logger.error('Failed to retry uncollectible invoices', { error });
-    return res.status(500).json({
-      error: 'Failed to retry uncollectible invoices',
-      message: error.message,
-    });
+    return c.json(
+      {
+        error: 'Failed to retry uncollectible invoices',
+        message: error.message,
+      },
+      500
+    );
   }
 });
 
-router.get('/:id/return-stake', authAdmin, async (req, res) => {
-  const doc = await Invoice.findByPk(req.params.id as string);
+// Static path /:id/return-stake — registered before plain /:id so hono matches it first.
+app.get('/:id/return-stake', authAdmin, async (c) => {
+  const doc = await Invoice.findByPk(c.req.param('id') as string);
   if (!doc) {
-    return res.status(404).json({ error: 'Invoice not found' });
+    return c.json({ error: 'Invoice not found' }, 404);
   }
   if (!['stake', 'stake_overdraft_protection'].includes(doc.billing_reason)) {
-    return res.status(400).json({ error: 'Invoice is not a stake invoice' });
+    return c.json({ error: 'Invoice is not a stake invoice' }, 400);
   }
   const paymentCurrency = await PaymentCurrency.findByPk(doc.currency_id);
   if (!paymentCurrency) {
-    return res.status(400).json({ error: 'Payment currency not found' });
+    return c.json({ error: 'Payment currency not found' }, 400);
   }
   const paymentMethod = await PaymentMethod.findByPk(doc.default_payment_method_id);
   if (!paymentMethod) {
-    return res.status(400).json({ error: 'Payment method not found' });
+    return c.json({ error: 'Payment method not found' }, 400);
   }
   const stakingAddress = doc.metadata?.payment_details?.arcblock?.address;
   if (!stakingAddress) {
-    return res.status(400).json({ error: 'Staking address not found' });
+    return c.json({ error: 'Staking address not found' }, 400);
   }
   const { staked } = await checkRemainingStake(paymentMethod, paymentCurrency, stakingAddress, '0');
-  return res.json(staked);
+  return c.json(staked);
 });
-router.post('/:id/return-stake', authAdmin, async (req, res) => {
-  const doc = await Invoice.findByPk(req.params.id as string);
+app.post('/:id/return-stake', authAdmin, async (c) => {
+  const doc = await Invoice.findByPk(c.req.param('id') as string);
   if (!doc) {
-    return res.status(404).json({ error: 'Invoice not found' });
+    return c.json({ error: 'Invoice not found' }, 404);
   }
   if (!['stake', 'stake_overdraft_protection'].includes(doc.billing_reason)) {
-    return res.status(400).json({ error: 'Invoice is not a stake invoice' });
+    return c.json({ error: 'Invoice is not a stake invoice' }, 400);
   }
   if (doc.status !== 'paid') {
-    return res.status(400).json({ error: 'Invoice is not paid' });
+    return c.json({ error: 'Invoice is not paid' }, 400);
   }
   const paymentMethod = await PaymentMethod.findByPk(doc.default_payment_method_id);
   if (!paymentMethod) {
-    return res.status(400).json({ error: 'Payment method not found' });
+    return c.json({ error: 'Payment method not found' }, 400);
   }
   if (paymentMethod.type !== 'arcblock') {
-    return res.status(400).json({ error: 'Can only return stake for arcblock payment method' });
+    return c.json({ error: 'Can only return stake for arcblock payment method' }, 400);
   }
   const subscription = await Subscription.findByPk(doc.subscription_id);
   if (!subscription) {
-    return res.status(400).json({ error: 'Subscription not found' });
+    return c.json({ error: 'Subscription not found' }, 400);
   }
   try {
     if (doc.billing_reason === 'stake') {
@@ -749,26 +758,146 @@ router.post('/:id/return-stake', authAdmin, async (req, res) => {
           paymentCurrencyId: doc.currency_id,
         },
       });
-      return res.json({ success: true, subscriptionId: subscription.id });
+      return c.json({ success: true, subscriptionId: subscription.id });
     }
     if (doc.billing_reason === 'stake_overdraft_protection' && subscription.status === 'canceled') {
       await returnOverdraftProtectionQueue.pushAndWait({
         id: `return-overdraft-protection-${subscription.id}`,
         job: { subscriptionId: subscription.id },
       });
-      return res.json({ success: true, subscriptionId: subscription.id });
+      return c.json({ success: true, subscriptionId: subscription.id });
     }
-    return res.json({ success: false, error: 'Subscription is not canceled' });
+    return c.json({ success: false, error: 'Subscription is not canceled' });
   } catch (error) {
     logger.error('Failed to return stake', { error, subscriptionId: subscription.id, invoiceId: doc.id });
-    return res.status(400).json({ error: 'Failed to return stake' });
+    return c.json({ error: 'Failed to return stake' }, 400);
+  }
+});
+
+// Static path /:id/payment-options — registered before plain /:id so hono matches it first.
+app.get('/:id/payment-options', authPortal, async (c) => {
+  try {
+    const invoice = await Invoice.findByPk(c.req.param('id'), {
+      include: [
+        { model: InvoiceItem, as: 'lines' },
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+      ],
+    });
+
+    if (!invoice) {
+      return c.json({ error: 'Invoice not found' }, 404);
+    }
+
+    // Get all available currencies for this invoice's products
+    const invoiceItems = (invoice as any).lines || [];
+    const priceIds = invoiceItems.map((item: any) => item.price_id).filter(Boolean);
+
+    // Get all unique product IDs from prices
+    const prices = await Price.findAll({
+      where: { id: priceIds },
+      include: [{ model: PaymentCurrency, as: 'currencies' }],
+    });
+
+    // Collect all unique currencies
+    const currencyMap = new Map<string, any>();
+    const currentCurrencyId = invoice.currency_id;
+
+    // Add current currency first
+    const { paymentCurrency } = invoice as any;
+    if (paymentCurrency) {
+      const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+      currencyMap.set(paymentCurrency.id, {
+        ...paymentCurrency.toJSON(),
+        method: paymentMethod?.toJSON(),
+      });
+    }
+
+    // Add other available currencies from prices
+    for (const price of prices) {
+      const priceCurrencies = (price as any).currencies || [];
+      for (const currency of priceCurrencies) {
+        if (!currencyMap.has(currency.id)) {
+          // eslint-disable-next-line no-await-in-loop
+          const paymentMethod = await PaymentMethod.findByPk(currency.payment_method_id);
+          currencyMap.set(currency.id, {
+            ...currency.toJSON(),
+            method: paymentMethod?.toJSON(),
+          });
+        }
+      }
+    }
+
+    // Calculate estimated amounts for each currency
+    const exchangeRateService = getExchangeRateService();
+    const options = [];
+
+    for (const [currencyId, currency] of currencyMap) {
+      let estimatedAmount = '';
+      const isCurrentMethod = currencyId === currentCurrencyId;
+
+      // For current method, use the invoice amount
+      if (isCurrentMethod) {
+        estimatedAmount = formatAmountForDisplay(invoice.amount_due, currency.decimal, currency.symbol);
+      } else {
+        // For other methods, calculate based on USD base amount and current exchange rate
+        try {
+          // Get USD total from line items
+          let usdTotal = 0;
+          for (const item of invoiceItems) {
+            const itemPrice = prices.find((p) => p.id === item.price_id);
+            if (itemPrice?.base_amount) {
+              usdTotal += parseFloat(itemPrice.base_amount) * item.quantity;
+            }
+          }
+
+          if (usdTotal > 0) {
+            // Get exchange rate for this currency
+            const rateSymbol =
+              currency.method?.type === 'arcblock' ? 'ABT' : `${currency.symbol}@${currency.method?.type}`;
+            // eslint-disable-next-line no-await-in-loop
+            const rateResult = await exchangeRateService.getRate(rateSymbol);
+            const rate = parseFloat(rateResult.rate);
+
+            if (rate > 0) {
+              const tokenAmount = usdTotal / rate;
+              const tokenAmountInUnits = Math.floor(tokenAmount * 10 ** currency.decimal);
+              estimatedAmount = `≈ ${formatAmountForDisplay(tokenAmountInUnits.toString(), currency.decimal, currency.symbol)}`;
+            }
+          }
+        } catch (error) {
+          logger.warn('Failed to calculate estimated amount for currency', {
+            currencyId,
+            error: (error as Error).message,
+          });
+          estimatedAmount = '—';
+        }
+      }
+
+      options.push({
+        currency,
+        estimatedAmount,
+        isCurrentMethod,
+      });
+    }
+
+    // Sort: current method first, then by symbol
+    options.sort((a, b) => {
+      if (a.isCurrentMethod) return -1;
+      if (b.isCurrentMethod) return 1;
+      return a.currency.symbol.localeCompare(b.currency.symbol);
+    });
+
+    return c.json({ options });
+  } catch (err: any) {
+    logger.error('Failed to get payment options for invoice', { error: err, invoiceId: c.req.param('id') });
+    return c.json({ error: `Failed to get payment options: ${err.message}` }, 500);
   }
 });
 
-router.get('/:id', authPortal, async (req, res) => {
+app.get('/:id', authPortal, async (c) => {
   try {
     const doc = (await Invoice.findOne({
-      where: { id: req.params.id },
+      where: { id: c.req.param('id') },
       include: [
         { model: PaymentCurrency, as: 'paymentCurrency' },
         { model: PaymentMethod, as: 'paymentMethod' },
@@ -791,7 +920,7 @@ router.get('/:id', authPortal, async (req, res) => {
     })) as TInvoiceExpanded | null;
 
     if (doc) {
-      const shouldSync = req.query.sync === 'true' || !!req.query.forceSync;
+      const shouldSync = c.req.query('sync') === 'true' || !!c.req.query('forceSync');
       // Sync Stripe invoice when sync=true query parameter is present
       if (doc.metadata?.stripe_id && doc.status !== 'paid') {
         // @ts-ignore
@@ -953,7 +1082,7 @@ router.get('/:id', authPortal, async (req, res) => {
         const relatedInvoice = await Invoice.findByPk(doc.metadata.invoice_id || doc.metadata.prev_invoice_id, {
           attributes: ['id', 'number', 'status', 'billing_reason'],
         });
-        return res.json({
+        return c.json({
           ...json,
           discountDetails,
           relatedInvoice,
@@ -963,7 +1092,7 @@ router.get('/:id', authPortal, async (req, res) => {
           quotes,
         });
       }
-      return res.json({
+      return c.json({
         ...json,
         discountDetails,
         relatedCreditGrants,
@@ -972,146 +1101,25 @@ router.get('/:id', authPortal, async (req, res) => {
         quotes,
       });
     }
-    return res.status(404).json(null);
+    return c.json(null, 404);
   } catch (err) {
     logger.error(err);
-    return res.status(500).json({ error: `Failed to get invoice: ${err.message}` });
-  }
-});
-
-/**
- * Get available payment options for an invoice with estimated prices
- * Used when user wants to switch payment method after price change
- */
-router.get('/:id/payment-options', authPortal, async (req, res) => {
-  try {
-    const invoice = await Invoice.findByPk(req.params.id, {
-      include: [
-        { model: InvoiceItem, as: 'lines' },
-        { model: PaymentCurrency, as: 'paymentCurrency' },
-      ],
-    });
-
-    if (!invoice) {
-      return res.status(404).json({ error: 'Invoice not found' });
-    }
-
-    // Get all available currencies for this invoice's products
-    const invoiceItems = (invoice as any).lines || [];
-    const priceIds = invoiceItems.map((item: any) => item.price_id).filter(Boolean);
-
-    // Get all unique product IDs from prices
-    const prices = await Price.findAll({
-      where: { id: priceIds },
-      include: [{ model: PaymentCurrency, as: 'currencies' }],
-    });
-
-    // Collect all unique currencies
-    const currencyMap = new Map<string, any>();
-    const currentCurrencyId = invoice.currency_id;
-
-    // Add current currency first
-    const { paymentCurrency } = invoice as any;
-    if (paymentCurrency) {
-      const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
-      currencyMap.set(paymentCurrency.id, {
-        ...paymentCurrency.toJSON(),
-        method: paymentMethod?.toJSON(),
-      });
-    }
-
-    // Add other available currencies from prices
-    for (const price of prices) {
-      const priceCurrencies = (price as any).currencies || [];
-      for (const currency of priceCurrencies) {
-        if (!currencyMap.has(currency.id)) {
-          // eslint-disable-next-line no-await-in-loop
-          const paymentMethod = await PaymentMethod.findByPk(currency.payment_method_id);
-          currencyMap.set(currency.id, {
-            ...currency.toJSON(),
-            method: paymentMethod?.toJSON(),
-          });
-        }
-      }
-    }
-
-    // Calculate estimated amounts for each currency
-    const exchangeRateService = getExchangeRateService();
-    const options = [];
-
-    for (const [currencyId, currency] of currencyMap) {
-      let estimatedAmount = '';
-      const isCurrentMethod = currencyId === currentCurrencyId;
-
-      // For current method, use the invoice amount
-      if (isCurrentMethod) {
-        estimatedAmount = formatAmountForDisplay(invoice.amount_due, currency.decimal, currency.symbol);
-      } else {
-        // For other methods, calculate based on USD base amount and current exchange rate
-        try {
-          // Get USD total from line items
-          let usdTotal = 0;
-          for (const item of invoiceItems) {
-            const itemPrice = prices.find((p) => p.id === item.price_id);
-            if (itemPrice?.base_amount) {
-              usdTotal += parseFloat(itemPrice.base_amount) * item.quantity;
-            }
-          }
-
-          if (usdTotal > 0) {
-            // Get exchange rate for this currency
-            const rateSymbol =
-              currency.method?.type === 'arcblock' ? 'ABT' : `${currency.symbol}@${currency.method?.type}`;
-            // eslint-disable-next-line no-await-in-loop
-            const rateResult = await exchangeRateService.getRate(rateSymbol);
-            const rate = parseFloat(rateResult.rate);
-
-            if (rate > 0) {
-              const tokenAmount = usdTotal / rate;
-              const tokenAmountInUnits = Math.floor(tokenAmount * 10 ** currency.decimal);
-              estimatedAmount = `≈ ${formatAmountForDisplay(tokenAmountInUnits.toString(), currency.decimal, currency.symbol)}`;
-            }
-          }
-        } catch (error) {
-          logger.warn('Failed to calculate estimated amount for currency', {
-            currencyId,
-            error: (error as Error).message,
-          });
-          estimatedAmount = '—';
-        }
-      }
-
-      options.push({
-        currency,
-        estimatedAmount,
-        isCurrentMethod,
-      });
-    }
-
-    // Sort: current method first, then by symbol
-    options.sort((a, b) => {
-      if (a.isCurrentMethod) return -1;
-      if (b.isCurrentMethod) return 1;
-      return a.currency.symbol.localeCompare(b.currency.symbol);
-    });
-
-    return res.json({ options });
-  } catch (err: any) {
-    logger.error('Failed to get payment options for invoice', { error: err, invoiceId: req.params.id });
-    return res.status(500).json({ error: `Failed to get payment options: ${err.message}` });
+    return c.json({ error: `Failed to get invoice: ${err.message}` }, 500);
   }
 });
 
-router.post('/pay-stripe', authPortal, async (req, res) => {
+// Static path — registered before PUT /:id so hono matches it first.
+app.post('/pay-stripe', authPortal, async (c) => {
   try {
-    const { invoice_ids, subscription_id, customer_id, currency_id } = req.body;
+    const body = c.get('sanitizedBody') ?? {};
+    const { invoice_ids, subscription_id, customer_id, currency_id } = body as any;
 
     if (!currency_id) {
-      return res.status(400).json({ error: 'currency_id is required' });
+      return c.json({ error: 'currency_id is required' }, 400);
     }
 
     if (!invoice_ids && !subscription_id && !customer_id) {
-      return res.status(400).json({ error: 'Must provide invoice_ids, subscription_id, or customer_id' });
+      return c.json({ error: 'Must provide invoice_ids, subscription_id, or customer_id' }, 400);
     }
 
     let invoices: Invoice[];
@@ -1132,7 +1140,7 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
       });
 
       if (invoices.length === 0) {
-        return res.status(404).json({ error: 'No payable invoices found' });
+        return c.json({ error: 'No payable invoices found' }, 404);
       }
 
       // @ts-ignore
@@ -1144,7 +1152,7 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
       });
 
       if (!subscription) {
-        return res.status(404).json({ error: 'Subscription not found' });
+        return c.json({ error: 'Subscription not found' }, 404);
       }
 
       // @ts-ignore
@@ -1165,7 +1173,7 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
     } else {
       customer = await Customer.findByPkOrDid(customer_id!);
       if (!customer) {
-        return res.status(404).json({ error: 'Customer not found' });
+        return c.json({ error: 'Customer not found' }, 404);
       }
 
       invoices = await Invoice.findAll({
@@ -1181,22 +1189,22 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
       });
 
       if (invoices.length === 0) {
-        return res.status(404).json({ error: 'No payable invoices found' });
+        return c.json({ error: 'No payable invoices found' }, 404);
       }
 
       paymentMethod = await PaymentMethod.findByPk(invoices[0]!.default_payment_method_id);
     }
 
     if (!customer) {
-      return res.status(404).json({ error: 'Customer not found' });
+      return c.json({ error: 'Customer not found' }, 404);
     }
 
     if (!paymentMethod || paymentMethod.type !== 'stripe') {
-      return res.status(400).json({ error: 'Not using Stripe payment method' });
+      return c.json({ error: 'Not using Stripe payment method' }, 400);
     }
 
     if (invoices.length === 0) {
-      return res.status(400).json({ error: 'No payable invoices found' });
+      return c.json({ error: 'No payable invoices found' }, 400);
     }
 
     await ensureStripeCustomer(customer, paymentMethod);
@@ -1205,7 +1213,7 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
 
     const paymentCurrency = await PaymentCurrency.findByPk(currency_id);
     if (!paymentCurrency) {
-      return res.status(404).json({ error: `Payment currency ${currency_id} not found` });
+      return c.json({ error: `Payment currency ${currency_id} not found` }, 404);
     }
     const totalAmount = invoices.reduce((sum, invoice) => {
       const amount = invoice.amount_remaining || '0';
@@ -1220,7 +1228,7 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
 
     const setupIntent = await ensureStripeSetupIntentForInvoicePayment(customer, paymentMethod, metadata);
 
-    return res.json({
+    return c.json({
       client_secret: setupIntent.client_secret,
       publishable_key: settings.stripe?.publishable_key,
       setup_intent_id: setupIntent.id,
@@ -1232,53 +1240,54 @@ router.post('/pay-stripe', authPortal, async (req, res) => {
   } catch (err) {
     logger.error('Failed to create setup intent for stripe payment', {
       error: err,
-      body: req.body,
+      body: c.get('sanitizedBody'),
     });
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
 // eslint-disable-next-line consistent-return
-router.put('/:id', authAdmin, async (req, res) => {
+app.put('/:id', authAdmin, async (c) => {
   try {
-    const doc = await Invoice.findByPk(req.params.id as string);
+    const doc = await Invoice.findByPk(c.req.param('id') as string);
     if (!doc) {
-      return res.status(404).json({ error: 'Invoice not found' });
+      return c.json({ error: 'Invoice not found' }, 404);
     }
 
-    const raw = pick(req.body, ['metadata']);
+    const body = c.get('sanitizedBody') ?? {};
+    const raw = pick(body, ['metadata']);
     if (raw.metadata) {
       const { error } = MetadataSchema.validate(raw.metadata);
       if (error) {
-        return res.status(400).json({ error: error.message });
+        return c.json({ error: error.message }, 400);
       }
       raw.metadata = formatMetadata(raw.metadata);
     }
 
     await doc.update(raw);
-    res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error(err);
-    res.json(null);
+    return c.json(null);
   }
 });
 
-router.post('/:id/void', authAdmin, async (req, res) => {
-  const invoice = await Invoice.findByPk(req.params.id as string);
+app.post('/:id/void', authAdmin, async (c) => {
+  const invoice = await Invoice.findByPk(c.req.param('id') as string);
   if (!invoice) {
-    return res.status(404).json({ error: 'Invoice not found' });
+    return c.json({ error: 'Invoice not found' }, 404);
   }
   if (['paid', 'void', 'draft'].includes(invoice.status)) {
-    return res.status(400).json({ error: 'Can not void this invoice' });
+    return c.json({ error: 'Can not void this invoice' }, 400);
   }
   const paymentMethod = await PaymentMethod.findByPk(invoice.default_payment_method_id);
   if (!paymentMethod) {
-    return res.status(400).json({ error: 'Payment method not found' });
+    return c.json({ error: 'Payment method not found' }, 400);
   }
   if (invoice.subscription_id) {
     const subscription = await Subscription.findByPk(invoice.subscription_id);
     if (subscription && !subscription.isImmutable()) {
-      return res.status(400).json({ error: 'Subscription is not immutable, can not void invoice' });
+      return c.json({ error: 'Subscription is not immutable, can not void invoice' }, 400);
     }
   }
   try {
@@ -1303,11 +1312,11 @@ router.post('/:id/void', authAdmin, async (req, res) => {
         voided_at: dayjs().unix(),
       },
     });
-    return res.json(invoice);
+    return c.json(invoice);
   } catch (error) {
     logger.error('Failed to void invoice', { error, invoiceId: invoice.id });
-    return res.status(400).json({ error: 'Failed to void invoice' });
+    return c.json({ error: 'Failed to void invoice' }, 400);
   }
 });
 
-export default router;
+export default app;