payment-kit 1.29.1 → 1.29.3

package/api/src/routes/{customers.ts → hono/customers.ts}

@@ -1,18 +1,32 @@
-import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
-import { Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/customers.ts. Sub-app with
+// routes relative to /api/customers (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
-import isEmail from 'validator/es/lib/isEmail';
+// Use the CommonJS build (`lib`), not the ESM `es` build: `es/lib/isEmail.js`
+// uses extensionless relative imports (`./util/assertString`) that Node ESM
+// strict resolution rejects with ERR_MODULE_NOT_FOUND when payment-core is
+// embedded in a Node host like arc. The `lib` build is plain CJS and resolves
+// everywhere. Same default export.
+import isEmail from 'validator/lib/isEmail';
 
 import { Op, type WhereOptions } from 'sequelize';
 import { BN } from '@ocap/util';
-import { getStakeSummaryByDid, getTokenSummaryByDid, getTokenByAddress } from '../integrations/arcblock/stake';
-import { createListParamSchema, getOrder, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
-import { authenticate } from '../libs/security';
-import { formatMetadata } from '../libs/util';
-import { Customer } from '../store/models/customer';
-import { blocklet } from '../libs/auth';
-import logger from '../libs/logger';
+import { getStakeSummaryByDid, getTokenSummaryByDid, getTokenByAddress } from '../../integrations/arcblock/stake';
+import {
+  createListParamSchema,
+  getOrder,
+  getWhereFromKvQuery,
+  getWhereFromQuery,
+  MetadataSchema,
+} from '../../libs/api';
+import { authenticate } from '../../middlewares/hono/security';
+import { formatMetadata } from '../../libs/util';
+import { Customer } from '../../store/models/customer';
+import { blocklet } from '../../libs/auth';
+import logger from '../../libs/logger';
 import {
   Invoice,
   PaymentCurrency,
@@ -21,14 +35,13 @@ import {
   Product,
   Subscription,
   SubscriptionItem,
-} from '../store/models';
-import { getSubscriptionPaymentAddress, calculateRecommendedRechargeAmount } from '../libs/subscription';
-import { expandLineItems } from '../libs/session';
-import { handleNotificationPreferenceChange } from '../queues/notification';
-import { getEndpointAndSpaceDid } from '../libs/did-space';
-import { spaceQueue } from '../queues/space';
-
-const router = Router();
+} from '../../store/models';
+import { getSubscriptionPaymentAddress, calculateRecommendedRechargeAmount } from '../../libs/subscription';
+import { expandLineItems } from '../../libs/session';
+import { handleNotificationPreferenceChange } from '../../queues/notification';
+import { sessionMiddleware } from '../../middlewares/hono/session';
+
+const app = new Hono();
 const auth = authenticate<Customer>({ component: true, roles: ['owner', 'admin'] });
 const authPortal = authenticate<Customer>({
   component: true,
@@ -42,8 +55,8 @@ const authPortal = authenticate<Customer>({
 });
 
 const schema = createListParamSchema<{ did?: string }>({ did: Joi.string().empty('') });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+app.get('/', auth, async (c) => {
+  const { page, pageSize, ...query } = await schema.validateAsync(c.req.query(), { stripUnknown: true });
   const where = getWhereFromKvQuery(query.q);
 
   if (query.did) {
@@ -59,21 +72,23 @@ router.get('/', auth, async (req, res) => {
       include: [],
     });
 
-    res.json({ count, list, paging: { page, pageSize } });
+    return c.json({ count, list, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    res.json({ count: 0, list: [], paging: { page, pageSize } });
+    return c.json({ count: 0, list: [], paging: { page, pageSize } });
   }
 });
 
 // search customers
+// Static path — registered before /:id so hono matches it first.
 const searchSchema = createListParamSchema<{
   query: string;
 }>({
   query: Joi.string(),
 });
-router.get('/search', auth, async (req, res) => {
-  const { page, pageSize, query, livemode, q, o } = await searchSchema.validateAsync(req.query, {
+app.get('/search', auth, async (c) => {
+  const rawQuery = c.req.query();
+  const { page, pageSize, query, livemode, q, o } = await searchSchema.validateAsync(rawQuery, {
     stripUnknown: false,
     allowUnknown: true,
   });
@@ -84,35 +99,35 @@ router.get('/search', auth, async (req, res) => {
   }
   const { rows: list, count } = await Customer.findAndCountAll({
     where,
-    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
+    order: getOrder(rawQuery, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [],
   });
 
-  res.json({ count, list, paging: { page, pageSize } });
+  return c.json({ count, list, paging: { page, pageSize } });
 });
 
-// eslint-disable-next-line consistent-return
-router.get('/me', sessionMiddleware({ accessKey: true }), async (req, res) => {
-  if (!req.user) {
-    return res.status(403).json({ error: 'Unauthorized' });
+// Static path — registered before /:id so hono matches it first.
+app.get('/me', sessionMiddleware({ accessKey: true }), async (c) => {
+  if (!c.get('user')) {
+    return c.json({ error: 'Unauthorized' }, 403);
   }
 
   try {
-    let doc = await Customer.findByPkOrDid(req.user.did as string);
-    const livemode = req.query.livemode ? !!req?.livemode : !!doc?.livemode;
+    let doc = await Customer.findByPkOrDid(c.get('user').did as string);
+    const livemode = c.req.query('livemode') ? !!c.get('livemode') : !!doc?.livemode;
     if (!doc) {
-      if (req.query.fallback) {
-        const result = await blocklet.getUser(req.user.did);
-        return res.json({ ...result.user, address: Customer.formatAddressFromUser(result.user), livemode });
+      if (c.req.query('fallback')) {
+        const result = await blocklet.getUser(c.get('user').did);
+        return c.json({ ...result.user, address: Customer.formatAddressFromUser(result.user), livemode });
       }
-      if (req.query.create) {
+      if (c.req.query('create')) {
         // create customer
-        const { user } = await blocklet.getUser(req.user.did);
+        const { user } = await blocklet.getUser(c.get('user').did);
         const customer = await Customer.create({
           livemode: true,
-          did: req.user.did,
+          did: c.get('user').did,
           name: user.fullName,
           email: user.email,
           phone: user.phone,
@@ -130,11 +145,11 @@ router.get('/me', sessionMiddleware({ accessKey: true }), async (req, res) => {
         });
         doc = customer;
       } else {
-        return res.json({ error: 'Customer not found' });
+        return c.json({ error: 'Customer not found' });
       }
     }
-    if (req.query.skipSummary) {
-      return res.json({ ...doc.toJSON(), livemode });
+    if (c.req.query('skipSummary')) {
+      return c.json({ ...doc.toJSON(), livemode });
     }
     try {
       const [summary, stake, token] = await Promise.all([
@@ -142,11 +157,11 @@ router.get('/me', sessionMiddleware({ accessKey: true }), async (req, res) => {
         getStakeSummaryByDid(doc.did, livemode),
         getTokenSummaryByDid(doc.did, livemode),
       ]);
-      res.json({ ...doc.toJSON(), summary: { ...summary, stake, token }, livemode });
+      return c.json({ ...doc.toJSON(), summary: { ...summary, stake, token }, livemode });
     } catch (summaryErr) {
       logger.error('get customer summary failed', summaryErr);
-      if (req.query.skipError) {
-        return res.json({
+      if (c.req.query('skipError')) {
+        return c.json({
           ...doc.toJSON(),
           summary: { stake: {}, token: {} },
           livemode,
@@ -158,147 +173,42 @@ router.get('/me', sessionMiddleware({ accessKey: true }), async (req, res) => {
     }
   } catch (err) {
     logger.error('get customer failed', err);
-    if (req.query.skipError) {
-      return res.json({
+    if (c.req.query('skipError')) {
+      return c.json({
         error: `Failed to get customer: ${err.message}`,
-        did: req.user?.did,
-        name: req.user?.fullName,
+        did: c.get('user')?.did,
+        name: c.get('user')?.fullName,
         address: {},
-        livemode: !!req.query.livemode,
+        livemode: !!c.req.query('livemode'),
         summary: { stake: {}, token: {} },
       });
     }
-    return res.status(500).json({ error: `Failed to get customer: ${err.message}` });
+    return c.json({ error: `Failed to get customer: ${err.message}` }, 500);
   }
 });
 
-router.post('/sync-to-space', sessionMiddleware(), async (req, res) => {
-  if (!req.user) {
-    return res.status(403).json({ error: 'Unauthorized' });
+// Static path — registered before /:id so hono matches it first.
+app.get('/recharge', sessionMiddleware({ accessKey: true }), async (c) => {
+  if (!c.get('user')) {
+    return c.json({ error: 'Unauthorized' }, 403);
   }
-  try {
-    const userDid = req.user.did;
-    const jobId = `space-${userDid}`;
-    const { endpoint } = await getEndpointAndSpaceDid(userDid);
-    if (endpoint) {
-      const mainTask = await spaceQueue.get(jobId);
-      if (mainTask) {
-        return res.json({
-          success: true,
-          message: 'Billing data sync already in progress',
-        });
-      }
-      spaceQueue.push({
-        id: jobId,
-        job: {
-          type: 'customer',
-          data: {
-            id: userDid,
-          },
-        },
-        delay: 60, // delay 1min
-      });
-      logger.info('Queued billing sync to DID Space for user:', { did: req.user.did });
-
-      return res.json({
-        success: true,
-        message: 'Billing data sync will start soon',
-      });
-    }
-    return res.json({
-      success: false,
-      message: 'No endpoint found for the user',
-    });
-  } catch (error) {
-    return res.json({
-      success: false,
-      message: error.message,
-    });
+  if (!c.req.query('currencyId')) {
+    return c.json({ error: 'Currency ID is required' }, 400);
   }
-});
-
-// get overdue invoices
-router.get('/:id/overdue/invoices', authPortal, async (req, res) => {
   try {
-    const doc = await Customer.findByPkOrDid(req.params.id as string);
-    if (!doc) {
-      return res.status(404).json({ error: 'Customer not found' });
-    }
-    const where: WhereOptions<Invoice> = {
-      customer_id: doc.id,
-      status: ['uncollectible'],
-      amount_remaining: { [Op.gt]: '0' },
-    };
-    if (typeof req.livemode === 'boolean') {
-      where.livemode = !!req.livemode;
-    }
-    const { rows: invoices, count } = await Invoice.findAndCountAll({
-      where,
-      include: [
-        { model: PaymentCurrency, as: 'paymentCurrency' },
-        { model: PaymentMethod, as: 'paymentMethod' },
-      ],
-    });
-    if (count === 0) {
-      return res.json({
-        summary: null,
-        invoices: [],
-        subscriptionCount: 0,
-      });
-    }
-    const summary: Record<string, { amount: string; currency: PaymentCurrency; method: PaymentMethod }> = {};
-    invoices.forEach((invoice) => {
-      const key = invoice.currency_id;
-      if (!summary[key]) {
-        summary[key] = {
-          amount: '0',
-          // @ts-ignore
-          currency: invoice.paymentCurrency,
-          // @ts-ignore
-          method: invoice.paymentMethod,
-        };
-      }
-      if (invoice && summary[key]) {
-        // @ts-ignore
-        summary[key].amount = new BN(summary[key]?.amount || '0')
-          .add(new BN(invoice.amount_remaining || '0'))
-          .toString();
-      }
-    });
-    const subscriptionCount = new Set(invoices.map((x) => x.subscription_id)).size;
-    return res.json({
-      summary,
-      invoices,
-      subscriptionCount,
-      customer: doc,
-    });
-  } catch (err) {
-    logger.error(err);
-    return res.status(500).json({ error: `Failed to get overdue invoices: ${err.message}` });
-  }
-});
-
-router.get('/recharge', sessionMiddleware({ accessKey: true }), async (req, res) => {
-  if (!req.user) {
-    return res.status(403).json({ error: 'Unauthorized' });
-  }
-  if (!req.query.currencyId) {
-    return res.status(400).json({ error: 'Currency ID is required' });
-  }
-  try {
-    const customer = await Customer.findByPkOrDid(req.user.did as string);
+    const customer = await Customer.findByPkOrDid(c.get('user').did as string);
     if (!customer) {
-      return res.status(404).json({ error: 'Customer not found' });
+      return c.json({ error: 'Customer not found' }, 404);
     }
 
-    const paymentCurrency = await PaymentCurrency.findByPk(req.query.currencyId as string);
+    const paymentCurrency = await PaymentCurrency.findByPk(c.req.query('currencyId') as string);
     if (!paymentCurrency) {
-      return res.status(404).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 404);
     }
 
     const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
     if (!paymentMethod) {
-      return res.status(404).json({ error: 'Payment method not found' });
+      return c.json({ error: 'Payment method not found' }, 404);
     }
 
     let subscriptions = await Subscription.findAll({
@@ -338,7 +248,7 @@ router.get('/recharge', sessionMiddleware({ accessKey: true }), async (req, res)
     // Calculate recommended recharge cycle and amount
     const recommendedRecharge = calculateRecommendedRechargeAmount(relatedSubscriptions, paymentCurrency.id);
 
-    return res.json({
+    return c.json({
       currency: {
         ...paymentCurrency.toJSON(),
         paymentMethod,
@@ -348,79 +258,142 @@ router.get('/recharge', sessionMiddleware({ accessKey: true }), async (req, res)
     });
   } catch (err) {
     logger.error('Error getting balance recharge info', err);
-    return res.status(500).json({ error: err.message });
+    return c.json({ error: err.message }, 500);
   }
 });
 
 // get address token
-router.get('/payer-token', sessionMiddleware({ accessKey: true }), async (req, res) => {
-  if (!req.user) {
-    return res.status(403).json({ error: 'Unauthorized' });
+// Static path — registered before /:id so hono matches it first.
+app.get('/payer-token', sessionMiddleware({ accessKey: true }), async (c) => {
+  if (!c.get('user')) {
+    return c.json({ error: 'Unauthorized' }, 403);
   }
-  if (!req.query.currencyId) {
-    return res.status(400).json({ error: 'Currency ID is required' });
+  if (!c.req.query('currencyId')) {
+    return c.json({ error: 'Currency ID is required' }, 400);
   }
   try {
-    let paymentAddress = req.query.payerAddress as string;
+    let paymentAddress = c.req.query('payerAddress') as string;
     let customer: Customer | null = null;
     if (!paymentAddress) {
-      customer = await Customer.findByPkOrDid(req.user.did as string);
+      customer = await Customer.findByPkOrDid(c.get('user').did as string);
       if (!customer) {
-        return res.status(404).json({ error: 'Customer not found' });
+        return c.json({ error: 'Customer not found' }, 404);
       }
       paymentAddress = customer.did;
     }
 
-    const paymentCurrency = await PaymentCurrency.findByPk(req.query.currencyId as string);
+    const paymentCurrency = await PaymentCurrency.findByPk(c.req.query('currencyId') as string);
     if (!paymentCurrency) {
-      return res.status(404).json({ error: 'Currency not found' });
+      return c.json({ error: 'Currency not found' }, 404);
     }
 
     const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
     if (!paymentMethod) {
-      return res.status(404).json({ error: 'Payment method not found' });
+      return c.json({ error: 'Payment method not found' }, 404);
     }
 
     if (!['arcblock', 'ethereum', 'base'].includes(paymentMethod.type)) {
-      return res.status(400).json({ error: `Payment method not supported: ${paymentMethod.type}` });
+      return c.json({ error: `Payment method not supported: ${paymentMethod.type}` }, 400);
     }
 
     if (!paymentAddress) {
-      return res.status(400).json({ error: `Payment address not found for customer: ${customer?.id}` });
+      return c.json({ error: `Payment address not found for customer: ${customer?.id}` }, 400);
     }
 
     const token = await getTokenByAddress(paymentAddress, paymentMethod, paymentCurrency);
-    return res.json({ token, paymentAddress });
+    return c.json({ token, paymentAddress });
   } catch (err) {
     logger.error('Error getting customer payer token', err);
-    return res.status(500).json({ error: err.message });
+    return c.json({ error: err.message }, 500);
+  }
+});
+
+// get overdue invoices — /:id/overdue/invoices registered before plain /:id
+app.get('/:id/overdue/invoices', authPortal, async (c) => {
+  try {
+    const doc = await Customer.findByPkOrDid(c.req.param('id') as string);
+    if (!doc) {
+      return c.json({ error: 'Customer not found' }, 404);
+    }
+    const where: WhereOptions<Invoice> = {
+      customer_id: doc.id,
+      status: ['uncollectible'],
+      amount_remaining: { [Op.gt]: '0' },
+    };
+    if (typeof c.get('livemode') === 'boolean') {
+      where.livemode = !!c.get('livemode');
+    }
+    const { rows: invoices, count } = await Invoice.findAndCountAll({
+      where,
+      include: [
+        { model: PaymentCurrency, as: 'paymentCurrency' },
+        { model: PaymentMethod, as: 'paymentMethod' },
+      ],
+    });
+    if (count === 0) {
+      return c.json({
+        summary: null,
+        invoices: [],
+        subscriptionCount: 0,
+      });
+    }
+    const summary: Record<string, { amount: string; currency: PaymentCurrency; method: PaymentMethod }> = {};
+    invoices.forEach((invoice) => {
+      const key = invoice.currency_id;
+      if (!summary[key]) {
+        summary[key] = {
+          amount: '0',
+          // @ts-ignore
+          currency: invoice.paymentCurrency,
+          // @ts-ignore
+          method: invoice.paymentMethod,
+        };
+      }
+      if (invoice && summary[key]) {
+        // @ts-ignore
+        summary[key].amount = new BN(summary[key]?.amount || '0')
+          .add(new BN(invoice.amount_remaining || '0'))
+          .toString();
+      }
+    });
+    const subscriptionCount = new Set(invoices.map((x) => x.subscription_id)).size;
+    return c.json({
+      summary,
+      invoices,
+      subscriptionCount,
+      customer: doc,
+    });
+  } catch (err) {
+    logger.error(err);
+    return c.json({ error: `Failed to get overdue invoices: ${err.message}` }, 500);
   }
 });
 
-router.get('/:id', auth, async (req, res) => {
-  if (!req.params.id) {
-    return res.status(400).json({ error: 'Customer ID is required' });
+app.get('/:id', auth, async (c) => {
+  if (!c.req.param('id')) {
+    return c.json({ error: 'Customer ID is required' }, 400);
   }
   try {
-    const doc = await Customer.findByPkOrDid(req.params.id as string);
+    const doc = await Customer.findByPkOrDid(c.req.param('id') as string);
     if (doc) {
-      return res.json(doc);
+      return c.json(doc);
     }
-    if (req.body.create) {
-      if (!req.user) {
-        return res.status(403).json({ error: 'Unauthorized' });
+    const body = c.get('sanitizedBody') ?? {};
+    if (body.create) {
+      if (!c.get('user')) {
+        return c.json({ error: 'Unauthorized' }, 403);
       }
-      if (req.params.id.startsWith('cus_')) {
-        return res.status(404).json({ error: 'Customer not found' });
+      if (c.req.param('id').startsWith('cus_')) {
+        return c.json({ error: 'Customer not found' }, 404);
       }
-      const { user } = await blocklet.getUser(req.params.id);
+      const { user } = await blocklet.getUser(c.req.param('id'));
       if (!user) {
-        return res.status(404).json({ error: 'User not found' });
+        return c.json({ error: 'User not found' }, 404);
       }
       const customer = await Customer.create({
         livemode: true,
-        did: user?.did || req.params.id,
-        name: user?.fullName ?? req.params.id,
+        did: user?.did || c.req.param('id'),
+        name: user?.fullName ?? c.req.param('id'),
         email: user?.email ?? '',
         phone: user?.phone ?? '',
         address: Customer.formatAddressFromUser(user),
@@ -435,21 +408,20 @@ router.get('/:id', auth, async (req, res) => {
         customerId: customer.id,
         did: customer.did,
       });
-      return res.json(customer);
+      return c.json(customer);
     }
-    return res.status(404).json(null);
+    return c.json(null, 404);
   } catch (err) {
     logger.error(err);
-    return res.status(500).json({ error: `Failed to get customer: ${err.message}` });
+    return c.json({ error: `Failed to get customer: ${err.message}` }, 500);
   }
 });
 
-router.get('/:id/summary', auth, async (req, res) => {
+app.get('/:id/summary', auth, async (c) => {
   try {
-    const doc = await Customer.findByPkOrDid(req.params.id as string);
+    const doc = await Customer.findByPkOrDid(c.req.param('id') as string);
     if (!doc) {
-      res.status(404).json({ error: 'Customer not found' });
-      return;
+      return c.json({ error: 'Customer not found' }, 404);
     }
 
     const [summary, stake, token] = await Promise.all([
@@ -457,10 +429,10 @@ router.get('/:id/summary', auth, async (req, res) => {
       getStakeSummaryByDid(doc.did, doc.livemode),
       getTokenSummaryByDid(doc.did, doc.livemode),
     ]);
-    res.json({ ...summary, stake, token });
+    return c.json({ ...summary, stake, token });
   } catch (err) {
     logger.error(err);
-    res.json(null);
+    return c.json(null);
   }
 });
 
@@ -484,20 +456,22 @@ const updatePreferenceSchema = Joi.object({
   }).optional(),
 }).unknown(false);
 
-router.put('/preference', sessionMiddleware({ accessKey: true }), async (req, res) => {
+// Static path — registered before PUT /:id so hono matches it first.
+app.put('/preference', sessionMiddleware({ accessKey: true }), async (c) => {
   try {
-    if (!req.user) {
-      return res.status(403).json({ error: 'Unauthorized' });
+    if (!c.get('user')) {
+      return c.json({ error: 'Unauthorized' }, 403);
     }
 
-    const doc = await Customer.findByPkOrDid(req.user.did as string);
+    const doc = await Customer.findByPkOrDid(c.get('user').did as string);
     if (!doc) {
-      return res.status(404).json({ error: 'Customer not found' });
+      return c.json({ error: 'Customer not found' }, 404);
     }
 
-    const { error, value } = updatePreferenceSchema.validate(req.body);
+    const body = c.get('sanitizedBody') ?? {};
+    const { error, value } = updatePreferenceSchema.validate(body);
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
 
     // Get old preference before update
@@ -514,10 +488,10 @@ router.put('/preference', sessionMiddleware({ accessKey: true }), async (req, re
       await handleNotificationPreferenceChange(doc.id, value.notification);
     }
 
-    return res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error('Failed to update customer preference', err);
-    return res.status(400).json({ error: `Failed to update preference: ${err.message}` });
+    return c.json({ error: `Failed to update preference: ${err.message}` }, 400);
   }
 });
 
@@ -542,29 +516,30 @@ const updateCustomerSchema = Joi.object({
     postal_code: Joi.string().max(20).empty(''),
   }).empty(''),
 }).unknown(true);
-// eslint-disable-next-line consistent-return
-router.put('/:id', authPortal, async (req, res) => {
+
+app.put('/:id', authPortal, async (c) => {
   try {
-    const doc = await Customer.findByPkOrDid(req.params.id as string);
+    const doc = await Customer.findByPkOrDid(c.req.param('id') as string);
     if (!doc) {
-      return res.status(404).json({ error: 'Customer not found' });
+      return c.json({ error: 'Customer not found' }, 404);
     }
 
-    const raw = pick(req.body, ['metadata', 'name', 'email', 'phone', 'address']);
+    const body = c.get('sanitizedBody') ?? {};
+    const raw = pick(body, ['metadata', 'name', 'email', 'phone', 'address']);
     const { error } = updateCustomerSchema.validate(raw);
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
     if (raw.metadata) {
       raw.metadata = formatMetadata(raw.metadata);
     }
 
     await doc.update(raw);
-    res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error(err);
-    res.json(null);
+    return c.json(null);
   }
 });
 
-export default router;
+export default app;