payment-kit 1.29.1 → 1.29.3

package/api/src/routes/{donations.ts → hono/donations.ts}

@@ -1,19 +1,26 @@
+// Phase 3 (express→hono) — hono fork of routes/donations.ts. Sub-app with
+// routes relative to /api/donations (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
 import Joi from 'joi';
-import { Router } from 'express';
+import { Hono } from 'hono';
 
 import { BN } from '@ocap/util';
-import { createListParamSchema, getOrder } from '../libs/api';
-import logger from '../libs/logger';
-import { CheckoutSession } from '../store/models/checkout-session';
-import { Customer } from '../store/models/customer';
-import { PaymentLink } from '../store/models/payment-link';
-import { PaymentMethod } from '../store/models/payment-method';
-import { Price } from '../store/models/price';
-import type { DonationSettings } from '../store/models/types';
+import { createListParamSchema, getOrder } from '../../libs/api';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { CheckoutSession } from '../../store/models/checkout-session';
+import { Customer } from '../../store/models/customer';
+import { PaymentLink } from '../../store/models/payment-link';
+import { PaymentMethod } from '../../store/models/payment-method';
+import { Price } from '../../store/models/price';
+import type { DonationSettings } from '../../store/models/types';
 import { createPaymentLink } from './payment-links';
 import { createProductAndPrices } from './products';
 
-const router = Router();
+const app = new Hono();
+
+const auth = authenticate({ component: true, roles: ['owner', 'admin'] });
 
 // FIXME: add more custom validation here for amount
 const donationSchema = Joi.object<DonationSettings>({
@@ -44,12 +51,14 @@ const donationSchema = Joi.object<DonationSettings>({
     summary: Joi.string().optional(),
   }),
 });
+
 // prepare donation payment links
-router.post('/', async (req, res) => {
+app.post('/', auth, async (c) => {
   try {
-    const payload = await donationSchema.validateAsync(req.body, { stripUnknown: true, convert: true });
+    const body = c.get('sanitizedBody') ?? {};
+    const payload = await donationSchema.validateAsync(body, { stripUnknown: true, convert: true });
     const link = await PaymentLink.findOne({
-      where: { 'donation_settings.target': payload.target, livemode: !!req.livemode },
+      where: { 'donation_settings.target': payload.target, livemode: !!c.get('livemode') },
     });
     if (link) {
       await link.update({
@@ -64,21 +73,20 @@ router.post('/', async (req, res) => {
         },
       });
       logger.info('Payment link updated successfully', { linkId: link.id });
-      res.json(link.toJSON());
-      return;
+      return c.json(link.toJSON());
     }
 
     logger.info('No existing payment link found, creating new one');
-    const lookupKey = `${payload.target}-${req.livemode ? 'live' : 'test'}`;
+    const lookupKey = `${payload.target}-${c.get('livemode') ? 'live' : 'test'}`;
     let price = await Price.findByPkOrLookupKey(lookupKey);
     if (!price) {
       logger.info('No existing price found, creating new product and price');
       const result = await createProductAndPrices({
         type: 'service',
-        livemode: !!req.livemode,
+        livemode: !!c.get('livemode'),
         name: payload.title,
         description: payload.description,
-        currency_id: req.baseCurrency.id,
+        currency_id: c.get('baseCurrency').id,
         via: 'donation',
         prices: [
           {
@@ -101,9 +109,9 @@ router.post('/', async (req, res) => {
     }
 
     const result = await createPaymentLink({
-      livemode: !!req.livemode,
-      created_via: req.user?.via,
-      currency_id: req.baseCurrency.id,
+      livemode: !!c.get('livemode'),
+      created_via: c.get('user')?.via,
+      currency_id: c.get('baseCurrency').id,
       name: payload.title,
       submit_type: 'donate',
       line_items: [{ price_id: price.id, quantity: 1 }],
@@ -116,23 +124,24 @@ router.post('/', async (req, res) => {
       },
     });
     logger.info('New payment link created', { linkId: result.id });
-    res.json(result);
+    return c.json(result);
   } catch (err) {
     logger.error('Failed to prepare payment link for donation', err);
-    res.status(400).json({ error: err.message });
+    return c.json({ error: (err as any).message }, 400);
   }
 });
 
 // get donations by target
 const paginationSchema = createListParamSchema<{ target: string }>({ target: Joi.string().required() }, 20);
-router.get('/', async (req, res) => {
+app.get('/', auth, async (c) => {
   try {
-    const { page, pageSize, target } = await paginationSchema.validateAsync(req.query, {
+    const query = c.req.query();
+    const { page, pageSize, target } = await paginationSchema.validateAsync(query, {
       convert: true,
       stripUnknown: true,
     });
     const { rows, count } = await CheckoutSession.findAndCountAll({
-      where: { payment_link_id: target, status: 'complete', livemode: req.livemode },
+      where: { payment_link_id: target, status: 'complete', livemode: c.get('livemode') },
       attributes: [
         'id',
         'customer_id',
@@ -143,30 +152,30 @@ router.get('/', async (req, res) => {
         'created_at',
         'updated_at',
       ],
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(query, [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       include: [{ model: Customer, as: 'customer', attributes: ['id', 'did', 'name', 'metadata'] }],
       limit: pageSize,
     });
 
-    const method = await PaymentMethod.findByPk(req.baseCurrency.payment_method_id);
+    const method = await PaymentMethod.findByPk(c.get('baseCurrency').payment_method_id);
 
     const totalAmount: string = rows
       .map((x) => x.toJSON())
       .reduce((total, x) => total.add(new BN(x.amount_total)), new BN('0'))
       .toString();
 
-    res.json({
+    return c.json({
       supporters: rows,
-      currency: req.baseCurrency,
+      currency: c.get('baseCurrency'),
       method,
       total: count,
       totalAmount,
       paging: { page, pageSize },
     });
   } catch (err) {
-    res.status(400).json({ error: err.message, supporters: [] });
+    return c.json({ error: (err as any).message, supporters: [] }, 400);
   }
 });
 
-export default router;
+export default app;

package/api/src/routes/{entitlements.ts → hono/entitlements.ts}

@@ -1,3 +1,8 @@
+// Phase 3 (express→hono) — hono fork of routes/entitlements.ts. Sub-app with
+// routes relative to /api/entitlements (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+//
 // Cross-channel entitlement query API.
 //
 // Endpoints:
@@ -10,15 +15,15 @@
 //   - Logged-in end users (mobile demo, web SPA): `mine: true` lets them in iff
 //     their DID matches the query's customer_did — enforced in the handler.
 
-import { Router } from 'express';
+import { Hono } from 'hono';
 import Joi from 'joi';
 
-import { checkEntitlement, listEntitlements } from '../libs/entitlement';
-import logger from '../libs/logger';
-import { authenticate } from '../libs/security';
-import { PaymentMethod } from '../store/models';
+import { checkEntitlement, listEntitlements } from '../../libs/entitlement';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { PaymentMethod } from '../../store/models';
 
-const router = Router();
+const app = new Hono();
 // component+owner/admin for cross-blocklet calls; ensureLogin for end users —
 // handler then enforces that non-admin users can only query their own DID.
 const auth = authenticate<PaymentMethod>({ component: true, roles: ['owner', 'admin'], ensureLogin: true });
@@ -35,8 +40,8 @@ function canonicalDid(did: string | undefined | null): string {
   return did.startsWith('did:abt:') ? did.slice('did:abt:'.length) : did;
 }
 
-function isSelf(req: any, customerDid: string): boolean {
-  const a = canonicalDid(req.user?.did);
+function isSelf(userDid: string | undefined, customerDid: string): boolean {
+  const a = canonicalDid(userDid);
   const b = canonicalDid(customerDid);
   return !!a && a === b;
 }
@@ -66,40 +71,38 @@ function parseLivemode(value: string | boolean | undefined, fallback: boolean):
   return fallback;
 }
 
-router.get('/check', auth, async (req, res) => {
+app.get('/check', auth, async (c) => {
   try {
-    const input = await checkQuerySchema.validateAsync(req.query, { stripUnknown: true });
-    if (!isAdminUser((req as any).user?.role) && !isSelf(req, input.customer_did)) {
-      res.status(403).json({ error: 'Cannot query entitlements for other customers' });
-      return;
+    const input = await checkQuerySchema.validateAsync(c.req.query(), { stripUnknown: true });
+    if (!isAdminUser(c.get('user')?.role) && !isSelf(c.get('user')?.did, input.customer_did)) {
+      return c.json({ error: 'Cannot query entitlements for other customers' }, 403);
     }
-    const livemode = parseLivemode(input.livemode, !!req.livemode);
+    const livemode = parseLivemode(input.livemode, !!c.get('livemode'));
     const result = await checkEntitlement({
       customer_did: input.customer_did,
       product_id: input.product_id,
       livemode,
     });
-    res.json(result);
+    return c.json(result);
   } catch (err: any) {
     logger.error('entitlements/check failed', { error: err?.message, stack: err?.stack });
-    res.status(400).json({ error: err?.message ?? 'check failed' });
+    return c.json({ error: err?.message ?? 'check failed' }, 400);
   }
 });
 
-router.get('/list', auth, async (req, res) => {
+app.get('/list', auth, async (c) => {
   try {
-    const input = await listQuerySchema.validateAsync(req.query, { stripUnknown: true });
-    if (!isAdminUser((req as any).user?.role) && !isSelf(req, input.customer_did)) {
-      res.status(403).json({ error: 'Cannot list entitlements for other customers' });
-      return;
+    const input = await listQuerySchema.validateAsync(c.req.query(), { stripUnknown: true });
+    if (!isAdminUser(c.get('user')?.role) && !isSelf(c.get('user')?.did, input.customer_did)) {
+      return c.json({ error: 'Cannot list entitlements for other customers' }, 403);
     }
-    const livemode = parseLivemode(input.livemode, !!req.livemode);
+    const livemode = parseLivemode(input.livemode, !!c.get('livemode'));
     const list = await listEntitlements({ customer_did: input.customer_did, livemode });
-    res.json({ list });
+    return c.json({ list });
   } catch (err: any) {
     logger.error('entitlements/list failed', { error: err?.message, stack: err?.stack });
-    res.status(400).json({ error: err?.message ?? 'list failed' });
+    return c.json({ error: err?.message ?? 'list failed' }, 400);
   }
 });
 
-export default router;
+export default app;

package/api/src/routes/{events.ts → hono/events.ts}

@@ -1,20 +1,42 @@
-import { Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/events.ts. Sub-app with
+// routes relative to /api/events (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import Joi from 'joi';
 import type { WhereOptions } from 'sequelize';
 import { Op } from 'sequelize';
 
-import { createListParamSchema, getOrder } from '../libs/api';
-import { authenticate } from '../libs/security';
-import { Event } from '../store/models/event';
-import { blocklet } from '../libs/auth';
-import logger from '../libs/logger';
-import { addWebhookJob } from '../queues/webhook';
-import { WebhookEndpoint } from '../store/models/webhook-endpoint';
-import { Subscription } from '../store/models/subscription';
-
-const router = Router();
+import { createListParamSchema, getOrder } from '../../libs/api';
+import { context } from '../../libs/context';
+import { authenticate } from '../../middlewares/hono/security';
+import { TENANT_MISMATCH, TenantError, resolveRowTenant } from '../../libs/tenant';
+import { Event } from '../../store/models/event';
+import { blocklet } from '../../libs/auth';
+import logger from '../../libs/logger';
+import { addWebhookJob } from '../../queues/webhook';
+import { WebhookEndpoint } from '../../store/models/webhook-endpoint';
+import { Subscription } from '../../store/models/subscription';
+
+const app = new Hono();
 const auth = authenticate<Event>({ component: true, roles: ['owner', 'admin'] });
 
+// Phase 4 (W1-3): manual retry endpoints are tenant-guarded — the caller's
+// tenant context must match the event's tenant or the request dies with 4xx
+// before any attempt is scheduled. Exported for unit tests.
+export function assertEventTenantAccessible(event: { instance_did?: string | null }): void {
+  const callerTenant = context.getInstanceDid(); // throws TENANT_CONTEXT_MISSING in multi mode without context
+  const eventTenant = resolveRowTenant(event);
+  if (callerTenant !== eventTenant) {
+    throw new TenantError(TENANT_MISMATCH, 'event belongs to another tenant');
+  }
+}
+
+function tenantErrorStatus(err: any): number | null {
+  if (err instanceof TenantError) return err.code === TENANT_MISMATCH ? 403 : 401;
+  return null;
+}
+
 const schema = createListParamSchema<{
   type?: string;
   object_id?: string;
@@ -22,42 +44,6 @@ const schema = createListParamSchema<{
   type: Joi.string().empty(''),
   object_id: Joi.string().empty(''),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
-  const where: WhereOptions<Event> = {};
-
-  if (query.type) {
-    where.type = query.type
-      .split(',')
-      .map((x) => x.trim())
-      .filter(Boolean);
-  }
-  if (query.object_id) {
-    where.object_id = query.object_id
-      .split(',')
-      .map((x) => x.trim())
-      .filter(Boolean);
-  }
-  if (typeof query.livemode === 'boolean') {
-    where.livemode = query.livemode;
-  }
-
-  try {
-    const { rows: list, count } = await Event.findAndCountAll({
-      where,
-      attributes: { exclude: ['data', 'request'] },
-      order: getOrder(req.query, [['created_at', 'DESC']]),
-      offset: (page - 1) * pageSize,
-      limit: pageSize,
-      include: [],
-    });
-
-    res.json({ count, list, paging: { page, pageSize } });
-  } catch (err) {
-    logger.error(err);
-    res.json({ count: 0, list: [], paging: { page, pageSize } });
-  }
-});
 
 const retryWebhooksSchema = createListParamSchema<{
   eventType?: string;
@@ -77,14 +63,17 @@ const retryWebhooksSchema = createListParamSchema<{
   latestOnly: Joi.boolean().optional(),
 });
 
-router.get('/retry-webhooks', auth, async (req, res) => {
+// static route before /:id
+app.get('/retry-webhooks', auth, async (c) => {
   try {
     const { eventType, objectType, objectId, objectIds, eventIds, subscriptionStatus, latestOnly } =
-      await retryWebhooksSchema.validateAsync(req.query, {
+      await retryWebhooksSchema.validateAsync(c.req.query(), {
         stripUnknown: true,
       });
 
-    const where: WhereOptions<Event> = { livemode: req.livemode };
+    // scope the whole batch to the caller's tenant (fail-closed in multi mode)
+    const where: WhereOptions<Event> = { livemode: c.get('livemode') };
+    (where as any).instance_did = context.getInstanceDid();
     let targetObjectIds: string[] = [];
 
     // Handle subscription status filter
@@ -92,13 +81,13 @@ router.get('/retry-webhooks', auth, async (req, res) => {
       const subscriptions = await Subscription.findAll({
         where: {
           status: subscriptionStatus,
-          livemode: req.livemode,
+          livemode: c.get('livemode'),
         },
         attributes: ['id'],
       });
 
       if (subscriptions.length === 0) {
-        return res.json({
+        return c.json({
           message: `No subscriptions found with status: ${subscriptionStatus}`,
           scheduled: 0,
           eventsProcessed: 0,
@@ -147,7 +136,7 @@ router.get('/retry-webhooks', auth, async (req, res) => {
     });
 
     if (events.length === 0) {
-      return res.json({
+      return c.json({
         message: 'No events found matching the criteria',
         scheduled: 0,
         eventsProcessed: 0,
@@ -167,11 +156,11 @@ router.get('/retry-webhooks', auth, async (req, res) => {
     }
 
     const webhooks = await WebhookEndpoint.findAll({
-      where: { status: 'enabled', livemode: req.livemode },
+      where: { status: 'enabled', livemode: c.get('livemode'), instance_did: context.getInstanceDid() },
     });
 
     if (webhooks.length === 0) {
-      return res.json({
+      return c.json({
         message: 'No enabled webhook endpoints found',
         scheduled: 0,
         eventsProcessed: events.length,
@@ -199,21 +188,62 @@ router.get('/retry-webhooks', auth, async (req, res) => {
       criteria: { eventType, objectType, objectId, subscriptionStatus, latestOnly },
     });
 
-    return res.json({
+    return c.json({
       message: `Successfully scheduled ${scheduled} webhooks for retry across ${events.length} events`,
       scheduled,
       eventsProcessed: events.length,
     });
   } catch (err: any) {
+    const status = tenantErrorStatus(err);
+    if (status) {
+      return c.json({ error: err.message, code: err.code }, status as any);
+    }
     logger.error('Failed to batch retry webhooks', err);
-    return res.status(500).json({ error: `Failed to retry webhooks: ${err.message}` });
+    return c.json({ error: `Failed to retry webhooks: ${err.message}` }, 500);
   }
 });
 
-router.get('/:id', auth, async (req, res) => {
+app.get('/', auth, async (c) => {
+  const { page, pageSize, ...query } = await schema.validateAsync(c.req.query(), { stripUnknown: true });
+  const where: WhereOptions<Event> = {};
+
+  if (query.type) {
+    where.type = query.type
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
+  }
+  if (query.object_id) {
+    where.object_id = query.object_id
+      .split(',')
+      .map((x) => x.trim())
+      .filter(Boolean);
+  }
+  if (typeof query.livemode === 'boolean') {
+    where.livemode = query.livemode;
+  }
+
+  try {
+    const { rows: list, count } = await Event.findAndCountAll({
+      where,
+      attributes: { exclude: ['data', 'request'] },
+      order: getOrder(c.req.query(), [['created_at', 'DESC']]),
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
+      include: [],
+    });
+
+    return c.json({ count, list, paging: { page, pageSize } });
+  } catch (err) {
+    logger.error(err);
+    return c.json({ count: 0, list: [], paging: { page, pageSize } });
+  }
+});
+
+app.get('/:id', auth, async (c) => {
   try {
     const doc = await Event.findOne({
-      where: { id: req.params.id },
+      where: { id: c.req.param('id') },
       include: [],
     });
 
@@ -221,34 +251,36 @@ router.get('/:id', auth, async (req, res) => {
       const requestedBy = doc.request?.requested_by || 'system';
       const { user } = await blocklet.getUser(requestedBy as string);
       if (user) {
-        return res.json({ ...doc.toJSON(), requestInfo: user });
+        return c.json({ ...doc.toJSON(), requestInfo: user });
       }
-      return res.json(doc);
+      return c.json(doc);
     }
-    return res.status(404).json(null);
+    return c.json(null, 404);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: `Failed to get event: ${err.message}` });
+    return c.json({ error: `Failed to get event: ${(err as any).message}` }, 400);
   }
 });
 
-router.post('/:id/retry-webhooks', auth, async (req, res) => {
+app.post('/:id/retry-webhooks', auth, async (c) => {
   try {
     const event = await Event.findOne({
-      where: { id: req.params.id },
+      where: { id: c.req.param('id') },
     });
 
     if (!event) {
-      return res.status(404).json({ error: 'Event not found' });
+      return c.json({ error: 'Event not found' }, 404);
     }
 
+    assertEventTenantAccessible(event);
+
     const webhooks = await WebhookEndpoint.findAll({
-      where: { status: 'enabled', livemode: event.livemode },
+      where: { status: 'enabled', livemode: event.livemode, instance_did: resolveRowTenant(event) },
     });
     const eventWebhooks = webhooks.filter((webhook) => webhook.enabled_events.includes(event.type));
 
     if (eventWebhooks.length === 0) {
-      return res.json({ message: 'No enabled webhook endpoints found for this event type', scheduled: 0 });
+      return c.json({ message: 'No enabled webhook endpoints found for this event type', scheduled: 0 });
     }
 
     let scheduled = 0;
@@ -262,15 +294,19 @@ router.post('/:id/retry-webhooks', auth, async (req, res) => {
       }
     }
 
-    return res.json({
+    return c.json({
       message: `Successfully scheduled ${scheduled} webhooks for retry`,
       scheduled,
       total: eventWebhooks.length,
     });
   } catch (err: any) {
+    const status = tenantErrorStatus(err);
+    if (status) {
+      return c.json({ error: err.message, code: err.code }, status as any);
+    }
     logger.error('Failed to retry webhooks for event', err);
-    return res.status(500).json({ error: `Failed to retry webhooks: ${err.message}` });
+    return c.json({ error: `Failed to retry webhooks: ${err.message}` }, 500);
   }
 });
 
-export default router;
+export default app;