payment-kit 1.29.1 → 1.29.2

package/api/src/routes/{promotion-codes.ts → hono/promotion-codes.ts}

@@ -1,17 +1,21 @@
 /* eslint-disable @typescript-eslint/naming-convention, @typescript-eslint/require-await */
-import { Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/promotion-codes.ts. Sub-app with
+// routes relative to /api/promotion-codes (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 
-import { createIdGenerator, formatMetadata } from '../libs/util';
+import { createIdGenerator, formatMetadata } from '../../libs/util';
 
-import { authenticate } from '../libs/security';
-import { PromotionCode, Coupon, PaymentCurrency } from '../store/models';
-import { getRedemptionData } from '../libs/discount/redemption';
-import { createListParamSchema, MetadataSchema } from '../libs/api';
-import logger from '../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { PromotionCode, Coupon, PaymentCurrency } from '../../store/models';
+import { getRedemptionData } from '../../libs/discount/redemption';
+import { createListParamSchema, MetadataSchema } from '../../libs/api';
+import logger from '../../libs/logger';
 
-const router = Router();
+const app = new Hono();
 const authAdmin = authenticate({ component: true, roles: ['owner', 'admin'] });
 
 // Get expanded promotion code with all related information
@@ -90,7 +94,7 @@ export async function createPromotionCode(payload: any) {
  * POST /api/promotion-codes
  * Create a new promotion code
  */
-router.post('/', authAdmin, async (req, res) => {
+app.post('/', authAdmin, async (c) => {
   try {
     const schema = Joi.object({
       coupon_id: Joi.string().required(),
@@ -131,34 +135,38 @@ router.post('/', authAdmin, async (req, res) => {
       metadata: Joi.object().optional(),
     });
 
-    const { error, value } = schema.validate(req.body);
+    const body = c.get('sanitizedBody') ?? {};
+    const { error, value } = schema.validate(body);
     if (error) {
-      return res.status(400).json({
-        error: 'Invalid request',
-        details: error.details?.[0]?.message || 'Validation error',
-      });
+      return c.json(
+        {
+          error: 'Invalid request',
+          details: error.details?.[0]?.message || 'Validation error',
+        },
+        400
+      );
     }
 
     const promotionCode = await createPromotionCode({
       ...value,
-      livemode: req.livemode,
-      created_via: req.user?.via || 'api',
+      livemode: c.get('livemode'),
+      created_via: c.get('user')?.via || 'api',
     });
 
     logger.info('Promotion code created', {
       promotionCodeId: promotionCode.id,
       code: promotionCode.code,
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
 
     const doc = await getExpandedPromotionCode(promotionCode.id as string);
-    return res.json(doc);
+    return c.json(doc);
   } catch (error) {
     logger.error('Error creating promotion code', {
-      error: error.message,
-      body: req.body,
+      error: (error as any).message,
+      body: c.get('sanitizedBody') ?? {},
     });
-    return res.status(400).json({ error: error.message });
+    return c.json({ error: (error as any).message }, 400);
   }
 });
 
@@ -166,7 +174,7 @@ router.post('/', authAdmin, async (req, res) => {
  * GET /api/promotion-codes
  * List all promotion codes with pagination
  */
-router.get('/', authAdmin, async (req, res) => {
+app.get('/', authAdmin, async (c) => {
   const schema = Joi.object({
     page: Joi.number().integer().positive().default(1),
     pageSize: Joi.number().integer().positive().max(100).default(20),
@@ -174,19 +182,22 @@ router.get('/', authAdmin, async (req, res) => {
     active: Joi.boolean().optional(),
   });
 
-  const { error, value } = schema.validate(req.query, {
+  const { error, value } = schema.validate(c.req.query(), {
     stripUnknown: false,
     allowUnknown: true,
   });
   if (error) {
-    return res.status(400).json({
-      error: 'Invalid request',
-      details: error.details?.[0]?.message || 'Validation error',
-    });
+    return c.json(
+      {
+        error: 'Invalid request',
+        details: error.details?.[0]?.message || 'Validation error',
+      },
+      400
+    );
   }
 
   const { page, pageSize, coupon_id, active } = value;
-  const where: any = { livemode: req.livemode };
+  const where: any = { livemode: c.get('livemode') };
 
   if (coupon_id) {
     where.coupon_id = coupon_id;
@@ -204,32 +215,155 @@ router.get('/', authAdmin, async (req, res) => {
     order: [['created_at', 'DESC']],
   });
 
-  return res.json({
+  return c.json({
     count,
     list: rows.map((promotionCode) => promotionCode.toJSON()),
     paging: { page, pageSize },
   });
 });
 
+/**
+ * GET /api/promotion-codes/by-code/:code
+ * Get promotion code details by code (admin only)
+ * Registered before /:id so the static segment wins.
+ */
+app.get('/by-code/:code', authAdmin, async (c) => {
+  const code = c.req.param('code');
+  if (!code) {
+    return c.json({ error: 'Code parameter is required' }, 400);
+  }
+
+  const promotionCode = await PromotionCode.findByCode(code.toLowerCase());
+
+  if (!promotionCode) {
+    return c.json({ error: 'Promotion code not found' }, 404);
+  }
+  const doc = await getExpandedPromotionCode(promotionCode.id as string);
+
+  return c.json(doc);
+});
+
+/**
+ * GET /api/promotion-codes/:id/used
+ * Check if a promotion code is being used
+ * Registered before /:id to avoid shadowing by the generic handler.
+ */
+app.get('/:id/used', authAdmin, async (c) => {
+  const promotionCode = await PromotionCode.findOne({
+    where: { id: c.req.param('id'), livemode: c.get('livemode') },
+  });
+
+  if (!promotionCode) {
+    return c.json({ error: 'Promotion code not found' }, 404);
+  }
+
+  const used = await promotionCode.isUsed();
+  if (!used) {
+    await promotionCode.update({ locked: false });
+  }
+
+  return c.json({ used });
+});
+
+// Create redemptions pagination schema for promotion codes
+const promotionCodeRedemptionsSchema = createListParamSchema<{
+  type?: string;
+}>({
+  type: Joi.string().valid('customer', 'subscription').optional(),
+});
+
+/**
+ * GET /api/promotion-codes/:id/redemptions
+ * Get active redemptions for a promotion code with detailed admin analytics
+ * Registered before /:id to avoid shadowing by the generic handler.
+ */
+app.get('/:id/redemptions', authAdmin, async (c) => {
+  try {
+    const promotionCodeId = c.req.param('id') as string;
+
+    const { page, pageSize, type } = await promotionCodeRedemptionsSchema.validateAsync(c.req.query(), {
+      stripUnknown: false,
+      allowUnknown: true,
+    });
+
+    const promotionCode = await PromotionCode.findByPk(promotionCodeId);
+    if (!promotionCode) {
+      return c.json({ error: 'Promotion code not found' }, 404);
+    }
+
+    const result = await getRedemptionData(
+      { promotion_code_id: promotionCodeId },
+      { page, pageSize, type: type as 'customer' | 'subscription' | undefined },
+      promotionCode,
+      'promotion_code'
+    );
+
+    return c.json(result);
+  } catch (error: any) {
+    logger.error('Error getting promotion code redemptions', {
+      error: error.message,
+      stack: error.stack,
+      promotionCodeId: c.req.param('id'),
+    });
+    return c.json({ error: error.message }, 500);
+  }
+});
+
 /**
  * GET /api/promotion-codes/:id
  * Get promotion code details by ID (admin only)
  */
-router.get('/:id', authAdmin, async (req, res) => {
-  const promotionCode = await getExpandedPromotionCode(req.params.id as string);
+app.get('/:id', authAdmin, async (c) => {
+  const promotionCode = await getExpandedPromotionCode(c.req.param('id') as string);
 
   if (!promotionCode) {
-    return res.status(404).json({ error: 'Promotion code not found' });
+    return c.json({ error: 'Promotion code not found' }, 404);
   }
 
-  return res.json(promotionCode);
+  return c.json(promotionCode);
+});
+
+/**
+ * PUT /api/promotion-codes/:id/archive
+ * Archive a promotion code (set active to false, making it unusable)
+ * Registered before PUT /:id so the static sub-path wins.
+ */
+app.put('/:id/archive', authAdmin, async (c) => {
+  try {
+    const promotionCode = await PromotionCode.findOne({
+      where: { id: c.req.param('id'), livemode: c.get('livemode') },
+    });
+
+    if (!promotionCode) {
+      return c.json({ error: 'Promotion code not found' }, 404);
+    }
+
+    if (!promotionCode.active) {
+      return c.json({ error: 'Promotion code is already archived' }, 400);
+    }
+
+    // Archive the promotion code by setting active to false
+    await promotionCode.update({ active: false });
+
+    logger.info('Promotion code archived', {
+      promotionCodeId: c.req.param('id'),
+      requestedBy: c.get('user')?.did,
+    });
+    return c.json(promotionCode);
+  } catch (error) {
+    logger.error('Error archiving promotion code', {
+      error: (error as any).message,
+      id: c.req.param('id'),
+    });
+    return c.json({ error: (error as any).message }, 400);
+  }
 });
 
 /**
  * PUT /api/promotion-codes/:id
  * Update a promotion code (limited fields can be updated)
  */
-router.put('/:id', authAdmin, async (req, res) => {
+app.put('/:id', authAdmin, async (c) => {
   try {
     const schema = Joi.object({
       description: Joi.string().empty('').max(250).optional(),
@@ -252,30 +386,34 @@ router.put('/:id', authAdmin, async (req, res) => {
       metadata: MetadataSchema,
     });
 
-    const { error, value } = schema.validate(req.body, {
+    const body = c.get('sanitizedBody') ?? {};
+    const { error, value } = schema.validate(body, {
       stripUnknown: true,
     });
     if (error) {
-      return res.status(400).json({
-        error: 'Invalid request',
-        details: error.details?.[0]?.message || 'Validation error',
-      });
+      return c.json(
+        {
+          error: 'Invalid request',
+          details: error.details?.[0]?.message || 'Validation error',
+        },
+        400
+      );
     }
 
     const promotionCode = await PromotionCode.findOne({
-      where: { id: req.params.id },
+      where: { id: c.req.param('id') },
     });
 
     if (!promotionCode) {
-      return res.status(404).json({ error: 'Promotion code not found' });
+      return c.json({ error: 'Promotion code not found' }, 404);
     }
 
     if (promotionCode.locked) {
-      return res.status(403).json({ error: 'Promotion code is locked and cannot be modified' });
+      return c.json({ error: 'Promotion code is locked and cannot be modified' }, 403);
     }
 
     if (!promotionCode.active) {
-      return res.status(403).json({ error: 'Promotion code is invalid and cannot be modified' });
+      return c.json({ error: 'Promotion code is invalid and cannot be modified' }, 403);
     }
 
     // Format restrictions currency_options if provided
@@ -290,9 +428,12 @@ router.put('/:id', authAdmin, async (req, res) => {
       await promotionCode.update({ locked: true });
       const allowedUpdates = pick(value, ['metadata']);
       if (Object.keys(allowedUpdates).length === 0) {
-        return res.status(403).json({
-          error: 'Promotion code is being used. Only metadata can be updated.',
-        });
+        return c.json(
+          {
+            error: 'Promotion code is being used. Only metadata can be updated.',
+          },
+          403
+        );
       }
       await promotionCode.update(PromotionCode.formatBeforeSave(allowedUpdates));
     } else {
@@ -300,55 +441,20 @@ router.put('/:id', authAdmin, async (req, res) => {
     }
 
     logger.info('Promotion code updated', {
-      promotionCodeId: req.params.id,
+      promotionCodeId: c.req.param('id'),
       updatedFields: Object.keys(value),
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
 
-    const doc = await getExpandedPromotionCode(req.params.id as string);
-    return res.json(doc);
+    const doc = await getExpandedPromotionCode(c.req.param('id') as string);
+    return c.json(doc);
   } catch (error) {
     logger.error('Error updating promotion code', {
-      error: error.message,
-      id: req.params.id,
-      body: req.body,
-    });
-    return res.status(400).json({ error: error.message });
-  }
-});
-
-/**
- * PUT /api/promotion-codes/:id/archive
- * Archive a promotion code (set active to false, making it unusable)
- */
-router.put('/:id/archive', authAdmin, async (req, res) => {
-  try {
-    const promotionCode = await PromotionCode.findOne({
-      where: { id: req.params.id, livemode: req.livemode },
-    });
-
-    if (!promotionCode) {
-      return res.status(404).json({ error: 'Promotion code not found' });
-    }
-
-    if (!promotionCode.active) {
-      return res.status(400).json({ error: 'Promotion code is already archived' });
-    }
-
-    // Archive the promotion code by setting active to false
-    await promotionCode.update({ active: false });
-
-    logger.info('Promotion code archived', {
-      promotionCodeId: req.params.id,
-      requestedBy: req.user?.did,
+      error: (error as any).message,
+      id: c.req.param('id'),
+      body: c.get('sanitizedBody') ?? {},
     });
-    return res.json(promotionCode);
-  } catch (error) {
-    logger.error('Error archiving promotion code', {
-      error: error.message,
-      id: req.params.id,
-    });
-    return res.status(400).json({ error: error.message });
+    return c.json({ error: (error as any).message }, 400);
   }
 });
 
@@ -356,127 +462,43 @@ router.put('/:id/archive', authAdmin, async (req, res) => {
  * DELETE /api/promotion-codes/:id
  * Delete a promotion code (mark as inactive if used, otherwise hard delete)
  */
-router.delete('/:id', authAdmin, async (req, res) => {
+app.delete('/:id', authAdmin, async (c) => {
   try {
     const promotionCode = await PromotionCode.findOne({
-      where: { id: req.params.id, livemode: req.livemode },
+      where: { id: c.req.param('id'), livemode: c.get('livemode') },
     });
 
     if (!promotionCode) {
-      return res.status(404).json({ error: 'Promotion code not found' });
+      return c.json({ error: 'Promotion code not found' }, 404);
     }
 
     if (promotionCode.locked) {
-      return res.status(403).json({ error: 'Promotion code is locked and cannot be deleted' });
+      return c.json({ error: 'Promotion code is locked and cannot be deleted' }, 403);
     }
 
     // Check if promotion code is being used
     if (await promotionCode.isUsed()) {
       // Mark as inactive instead of deleting
       await promotionCode.update({ locked: true });
-      return res.status(403).json({ error: 'Promotion code is locked and cannot be deleted' });
+      return c.json({ error: 'Promotion code is locked and cannot be deleted' }, 403);
     }
 
     // Hard delete if not used
     await promotionCode.destroy();
 
     logger.info('Promotion code deleted', {
-      promotionCodeId: req.params.id,
-      requestedBy: req.user?.did,
+      promotionCodeId: c.req.param('id'),
+      requestedBy: c.get('user')?.did,
     });
 
-    return res.json(promotionCode);
+    return c.json(promotionCode);
   } catch (error) {
     logger.error('Error deleting promotion code', {
-      error: error.message,
-      id: req.params.id,
-    });
-    return res.status(400).json({ error: error.message });
-  }
-});
-
-/**
- * GET /api/promotion-codes/:id/used
- * Check if a promotion code is being used
- */
-router.get('/:id/used', authAdmin, async (req, res) => {
-  const promotionCode = await PromotionCode.findOne({
-    where: { id: req.params.id, livemode: req.livemode },
-  });
-
-  if (!promotionCode) {
-    return res.status(404).json({ error: 'Promotion code not found' });
-  }
-
-  const used = await promotionCode.isUsed();
-  if (!used) {
-    await promotionCode.update({ locked: false });
-  }
-
-  return res.json({ used });
-});
-
-/**
- * GET /api/promotion-codes/by-code/:code
- * Get promotion code details by code (admin only)
- */
-router.get('/by-code/:code', authAdmin, async (req, res) => {
-  const { code } = req.params;
-  if (!code) {
-    return res.status(400).json({ error: 'Code parameter is required' });
-  }
-
-  const promotionCode = await PromotionCode.findByCode(code.toLowerCase());
-
-  if (!promotionCode) {
-    return res.status(404).json({ error: 'Promotion code not found' });
-  }
-  const doc = await getExpandedPromotionCode(promotionCode.id as string);
-
-  return res.json(doc);
-});
-
-// Create redemptions pagination schema for promotion codes
-const promotionCodeRedemptionsSchema = createListParamSchema<{
-  type?: string;
-}>({
-  type: Joi.string().valid('customer', 'subscription').optional(),
-});
-
-/**
- * GET /api/promotion-codes/:id/redemptions
- * Get active redemptions for a promotion code with detailed admin analytics
- */
-router.get('/:id/redemptions', authAdmin, async (req, res) => {
-  try {
-    const promotionCodeId = req.params.id as string;
-
-    const { page, pageSize, type } = await promotionCodeRedemptionsSchema.validateAsync(req.query, {
-      stripUnknown: false,
-      allowUnknown: true,
-    });
-
-    const promotionCode = await PromotionCode.findByPk(promotionCodeId);
-    if (!promotionCode) {
-      return res.status(404).json({ error: 'Promotion code not found' });
-    }
-
-    const result = await getRedemptionData(
-      { promotion_code_id: promotionCodeId },
-      { page, pageSize, type: type as 'customer' | 'subscription' | undefined },
-      promotionCode,
-      'promotion_code'
-    );
-
-    return res.json(result);
-  } catch (error: any) {
-    logger.error('Error getting promotion code redemptions', {
-      error: error.message,
-      stack: error.stack,
-      promotionCodeId: req.params.id,
+      error: (error as any).message,
+      id: c.req.param('id'),
     });
-    return res.status(500).json({ error: error.message });
+    return c.json({ error: (error as any).message }, 400);
   }
 });
 
-export default router;
+export default app;

package/api/src/routes/hono/redirect.ts

@@ -0,0 +1,24 @@
+// Phase 3 (express→hono) — hono fork of routes/redirect.ts. Sub-app with
+// routes relative to /api/redirect (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   res.redirect(u) → return c.redirect(u).
+import qs from 'querystring';
+
+import { getUrl } from '@blocklet/sdk/lib/component';
+import { Hono } from 'hono';
+
+const app = new Hono();
+
+app.get('/checkout/:entryId', (c) => {
+  const entryId = c.req.param('entryId');
+  if (entryId.startsWith('plink_')) {
+    return c.redirect(getUrl(`/checkout/pay/${entryId}?${qs.stringify(c.req.query() as any)}`));
+  }
+  if (entryId.startsWith('prctbl_')) {
+    return c.redirect(getUrl(`/checkout/pricing-table/${entryId}?${qs.stringify(c.req.query() as any)}`));
+  }
+
+  return c.redirect(getUrl('/'));
+});
+
+export default app;