npm - payment-kit - Versions diffs - 1.29.1 → 1.29.3 - Mend

payment-kit 1.29.1 → 1.29.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (343) hide show

package/api/dev.ts +41 -2
package/api/hono.d.ts +42 -0
package/api/node-sqlite.d.ts +12 -0
package/api/src/bootstrap.ts +47 -0
package/api/src/crons/base.ts +3 -3
package/api/src/crons/currency.ts +1 -1
package/api/src/crons/index.ts +41 -37
package/api/src/crons/metering-subscription-detection.ts +1 -1
package/api/src/crons/overdue-detection.ts +2 -2
package/api/src/crons/retry-pending-events.ts +6 -0
package/api/src/crons/tenant-fanout.ts +82 -0
package/api/src/host-node/did-connect-runtime-node.ts +33 -0
package/api/src/host-node/serve-static-arc.ts +68 -0
package/api/src/host-node/serve-static.ts +41 -0
package/api/src/index.ts +22 -161
package/api/src/integrations/app-store/client.ts +3 -4
package/api/src/integrations/app-store/handlers/subscription.ts +7 -7
package/api/src/integrations/app-store/signed-data-verifier.ts +3 -2
package/api/src/integrations/arcblock/token.ts +21 -7
package/api/src/integrations/google-play/handlers/subscription.ts +6 -6
package/api/src/integrations/google-play/handlers/voided.ts +2 -2
package/api/src/integrations/google-play/verify.ts +3 -2
package/api/src/integrations/iap-reconcile.ts +3 -5
package/api/src/integrations/stripe/handlers/invoice.ts +2 -2
package/api/src/integrations/stripe/handlers/subscription.ts +3 -3
package/api/src/libs/archive/query.ts +19 -0
package/api/src/libs/audit.ts +61 -4
package/api/src/libs/auth.ts +247 -47
package/api/src/libs/context.ts +89 -1
package/api/src/libs/currency.ts +2 -2
package/api/src/libs/dayjs.ts +8 -2
package/api/src/libs/did-connect/runtime-did-connect-js.ts +88 -0
package/api/src/libs/did-connect/tenant-identity.ts +221 -0
package/api/src/libs/drivers/auth-storage.ts +118 -0
package/api/src/libs/drivers/cron.ts +264 -0
package/api/src/libs/drivers/db.ts +170 -0
package/api/src/libs/drivers/identity.ts +142 -0
package/api/src/libs/drivers/index.ts +40 -0
package/api/src/libs/drivers/locks.ts +226 -0
package/api/src/libs/drivers/migrate-runner.ts +70 -0
package/api/src/libs/drivers/queue.ts +104 -0
package/api/src/libs/drivers/secrets.ts +194 -0
package/api/src/libs/env.ts +170 -54
package/api/src/libs/exchange-rate/service.ts +7 -6
package/api/src/libs/http-fetch-adapter.ts +60 -0
package/api/src/libs/invoice.ts +1 -1
package/api/src/libs/lock.ts +51 -47
package/api/src/libs/logger.ts +48 -8
package/api/src/libs/notification/index.ts +1 -1
package/api/src/libs/notification/template/customer-credit-low-balance.ts +2 -1
package/api/src/libs/notification/template/customer-revenue-succeeded.ts +1 -1
package/api/src/libs/notification/template/customer-reward-succeeded.ts +1 -1
package/api/src/libs/overdraft-protection.ts +1 -1
package/api/src/libs/payout.ts +1 -1
package/api/src/libs/queue/index.ts +271 -52
package/api/src/libs/queue/runtime.ts +175 -0
package/api/src/libs/resource.ts +3 -3
package/api/src/libs/secrets.ts +38 -0
package/api/src/libs/session.ts +3 -2
package/api/src/libs/subscription.ts +5 -5
package/api/src/libs/tenant.ts +92 -0
package/api/src/libs/url.ts +3 -3
package/api/src/libs/util.ts +21 -13
package/api/src/middlewares/hono/cdn.ts +63 -0
package/api/src/middlewares/hono/context.ts +80 -0
package/api/src/middlewares/hono/csrf.ts +83 -0
package/api/src/middlewares/hono/fallback.ts +194 -0
package/api/src/middlewares/hono/pipeline.ts +73 -0
package/api/src/middlewares/hono/resource-mount.ts +42 -0
package/api/src/middlewares/hono/resource.ts +63 -0
package/api/src/middlewares/hono/security.ts +209 -0
package/api/src/middlewares/hono/session.ts +114 -0
package/api/src/middlewares/hono/xss.ts +61 -0
package/api/src/queues/auto-recharge.ts +12 -10
package/api/src/queues/checkout-session.ts +38 -21
package/api/src/queues/credit-consume.ts +40 -36
package/api/src/queues/credit-grant.ts +25 -18
package/api/src/queues/credit-reconciliation.ts +7 -5
package/api/src/queues/discount-status.ts +9 -6
package/api/src/queues/event.ts +41 -11
package/api/src/queues/exchange-rate-health.ts +49 -30
package/api/src/queues/invoice.ts +18 -15
package/api/src/queues/notification.ts +14 -7
package/api/src/queues/payment.ts +64 -37
package/api/src/queues/payout.ts +37 -21
package/api/src/queues/refund.ts +36 -18
package/api/src/queues/subscription.ts +83 -53
package/api/src/queues/token-transfer.ts +15 -10
package/api/src/queues/usage-record.ts +8 -5
package/api/src/queues/vendors/commission.ts +7 -5
package/api/src/queues/vendors/fulfillment-coordinator.ts +17 -13
package/api/src/queues/vendors/fulfillment.ts +4 -2
package/api/src/queues/vendors/return-processor.ts +5 -3
package/api/src/queues/vendors/return-scanner.ts +5 -4
package/api/src/queues/vendors/status-check.ts +10 -7
package/api/src/queues/webhook.ts +60 -32
package/api/src/routes/connect/shared.ts +1 -2
package/api/src/routes/connect/subscribe.ts +3 -3
package/api/src/routes/{archive.ts → hono/archive.ts} +69 -64
package/api/src/routes/{auto-recharge-configs.ts → hono/auto-recharge-configs.ts} +39 -28
package/api/src/routes/{checkout-sessions.ts → hono/checkout-sessions.ts} +790 -923
package/api/src/routes/{coupons.ts → hono/coupons.ts} +93 -76
package/api/src/routes/{credit-grants.ts → hono/credit-grants.ts} +140 -126
package/api/src/routes/hono/credit-tokens.ts +43 -0
package/api/src/routes/{credit-transactions.ts → hono/credit-transactions.ts} +37 -29
package/api/src/routes/{customers.ts → hono/customers.ts} +199 -224
package/api/src/routes/{donations.ts → hono/donations.ts} +41 -32
package/api/src/routes/{entitlements.ts → hono/entitlements.ts} +28 -25
package/api/src/routes/{events.ts → hono/events.ts} +107 -71
package/api/src/routes/{exchange-rate-providers.ts → hono/exchange-rate-providers.ts} +138 -126
package/api/src/routes/hono/exchange-rates.ts +77 -0
package/api/src/routes/hono/index.ts +115 -0
package/api/src/routes/{integrations → hono/integrations}/app-store.ts +68 -48
package/api/src/routes/{integrations → hono/integrations}/google-play.ts +78 -58
package/api/src/routes/hono/integrations/stripe.ts +74 -0
package/api/src/routes/{invoices.ts → hono/invoices.ts} +253 -244
package/api/src/routes/{meter-events.ts → hono/meter-events.ts} +120 -110
package/api/src/routes/hono/meters.ts +288 -0
package/api/src/routes/hono/passports.ts +73 -0
package/api/src/routes/{payment-currencies.ts → hono/payment-currencies.ts} +219 -197
package/api/src/routes/{payment-intents.ts → hono/payment-intents.ts} +136 -132
package/api/src/routes/{payment-links.ts → hono/payment-links.ts} +145 -128
package/api/src/routes/{payment-methods.ts → hono/payment-methods.ts} +125 -93
package/api/src/routes/{payment-stats.ts → hono/payment-stats.ts} +30 -25
package/api/src/routes/{payouts.ts → hono/payouts.ts} +55 -47
package/api/src/routes/{prices.ts → hono/prices.ts} +265 -242
package/api/src/routes/{pricing-table.ts → hono/pricing-table.ts} +94 -87
package/api/src/routes/{products.ts → hono/products.ts} +172 -159
package/api/src/routes/{promotion-codes.ts → hono/promotion-codes.ts} +207 -185
package/api/src/routes/hono/redirect.ts +24 -0
package/api/src/routes/{refunds.ts → hono/refunds.ts} +98 -83
package/api/src/routes/{settings.ts → hono/settings.ts} +64 -55
package/api/src/routes/{subscription-items.ts → hono/subscription-items.ts} +64 -57
package/api/src/routes/{subscriptions.ts → hono/subscriptions.ts} +475 -528
package/api/src/routes/{tax-rates.ts → hono/tax-rates.ts} +71 -70
package/api/src/routes/hono/tool.ts +69 -0
package/api/src/routes/{usage-records.ts → hono/usage-records.ts} +47 -42
package/api/src/routes/{vendor.ts → hono/vendor.ts} +315 -167
package/api/src/routes/{webhook-attempts.ts → hono/webhook-attempts.ts} +17 -13
package/api/src/routes/hono/webhook-endpoints.ts +126 -0
package/api/src/service.ts +814 -0
package/api/src/store/migrations/20230911-seeding.ts +2 -1
package/api/src/store/migrations/20260609-remove-did-space-jobs.ts +23 -0
package/api/src/store/migrations/20260610-tenant-columns.ts +40 -0
package/api/src/store/migrations/20260611-tenant-backfill.ts +33 -0
package/api/src/store/models/auto-recharge-config.ts +22 -10
package/api/src/store/models/checkout-session.ts +15 -14
package/api/src/store/models/coupon.ts +29 -20
package/api/src/store/models/credit-grant.ts +38 -29
package/api/src/store/models/credit-transaction.ts +32 -21
package/api/src/store/models/customer.ts +19 -17
package/api/src/store/models/discount.ts +11 -2
package/api/src/store/models/entitlement-grant.ts +21 -9
package/api/src/store/models/entitlement-product.ts +21 -9
package/api/src/store/models/entitlement.ts +19 -10
package/api/src/store/models/event.ts +18 -9
package/api/src/store/models/exchange-rate-provider.ts +17 -4
package/api/src/store/models/invoice-item.ts +18 -9
package/api/src/store/models/invoice.ts +16 -8
package/api/src/store/models/meter-event.ts +27 -9
package/api/src/store/models/meter.ts +31 -22
package/api/src/store/models/payment-currency.ts +25 -8
package/api/src/store/models/payment-intent.ts +15 -6
package/api/src/store/models/payment-link.ts +15 -6
package/api/src/store/models/payment-method.ts +38 -22
package/api/src/store/models/payment-stat.ts +18 -9
package/api/src/store/models/payout.ts +15 -6
package/api/src/store/models/price-quote.ts +17 -8
package/api/src/store/models/price.ts +24 -12
package/api/src/store/models/pricing-table.ts +29 -20
package/api/src/store/models/product-vendor.ts +20 -10
package/api/src/store/models/product.ts +15 -6
package/api/src/store/models/promotion-code.ts +14 -6
package/api/src/store/models/refund.ts +15 -6
package/api/src/store/models/revenue-snapshot.ts +21 -9
package/api/src/store/models/setting.ts +18 -9
package/api/src/store/models/setup-intent.ts +36 -27
package/api/src/store/models/subscription-item.ts +21 -9
package/api/src/store/models/subscription-schedule.ts +21 -9
package/api/src/store/models/subscription.ts +21 -10
package/api/src/store/models/tax-rate.ts +29 -21
package/api/src/store/models/usage-record.ts +11 -2
package/api/src/store/models/webhook-attempt.ts +18 -9
package/api/src/store/models/webhook-endpoint.ts +18 -9
package/api/src/store/scoped-core.ts +55 -0
package/api/src/store/scoped.ts +247 -0
package/api/src/store/sequelize.ts +82 -23
package/api/src/store/sql-migrations.ts +20 -0
package/api/src/store/tenant-backfill.ts +260 -0
package/api/src/store/tenant-model.ts +124 -0
package/api/src/store/tenant-tables.ts +50 -0
package/api/tests/bootstrap/bootstrap.spec.ts +162 -0
package/api/tests/crons/tenant-fanout.spec.ts +158 -0
package/api/tests/embedded/embedded-multi-mode-d3.spec.ts +257 -0
package/api/tests/fixtures/bare-query-violation.ts +13 -0
package/api/tests/fixtures/core-env-violation.ts +10 -0
package/api/tests/fixtures/host-read-violation.ts +19 -0
package/api/tests/fixtures/tenants.ts +4 -0
package/api/tests/integrations/iap-tenant.spec.ts +284 -0
package/api/tests/libs/archive-query.spec.ts +26 -0
package/api/tests/libs/audit-tenant.spec.ts +153 -0
package/api/tests/libs/context.spec.ts +204 -0
package/api/tests/libs/core-config.spec.ts +115 -0
package/api/tests/libs/cron-driver-d2.spec.ts +237 -0
package/api/tests/libs/crons-conservation-d2.spec.ts +52 -0
package/api/tests/libs/did-connect-runtime-js.spec.ts +98 -0
package/api/tests/libs/did-connect-tenant-identity.spec.ts +159 -0
package/api/tests/libs/lock-tenant.spec.ts +66 -0
package/api/tests/libs/scoped.spec.ts +222 -0
package/api/tests/libs/secrets-facade.spec.ts +52 -0
package/api/tests/libs/service-host.spec.ts +37 -0
package/api/tests/libs/tenancy-slot-authority.spec.ts +209 -0
package/api/tests/libs/tenant-middleware.spec.ts +42 -0
package/api/tests/libs/tenant-scanner.spec.ts +120 -0
package/api/tests/middlewares/hono/cdn.spec.ts +70 -0
package/api/tests/middlewares/hono/context.spec.ts +113 -0
package/api/tests/middlewares/hono/csrf.spec.ts +136 -0
package/api/tests/middlewares/hono/fallback.spec.ts +67 -0
package/api/tests/middlewares/hono/pipeline.spec.ts +47 -0
package/api/tests/middlewares/hono/security.spec.ts +181 -0
package/api/tests/middlewares/hono/session.spec.ts +42 -0
package/api/tests/middlewares/hono/xss.spec.ts +81 -0
package/api/tests/models/tenant-backfill.spec.ts +287 -0
package/api/tests/models/tenant-columns-model.spec.ts +46 -0
package/api/tests/models/tenant-columns.spec.ts +161 -0
package/api/tests/queues/credit-consume-batch.spec.ts +8 -1
package/api/tests/queues/credit-consume.spec.ts +8 -1
package/api/tests/queues/event-tenant.spec.ts +292 -0
package/api/tests/queues/exchange-rate-health-tenant-d6.spec.ts +62 -0
package/api/tests/queues/queue-parity.spec.ts +249 -0
package/api/tests/queues/queue-runtime-surface.spec.ts +277 -0
package/api/tests/queues/queue-teardown-d2.spec.ts +127 -0
package/api/tests/queues/tenant-matrix-a.spec.ts +245 -0
package/api/tests/queues/tenant-matrix-b.spec.ts +168 -0
package/api/tests/routes/connect/hono-attach.spec.ts +107 -0
package/api/tests/service/collapse.spec.ts +96 -0
package/api/tests/service/didconnect-storage-slot.spec.ts +60 -0
package/api/tests/service/fail-closed-http.spec.ts +79 -0
package/api/tests/service/static-arc-handler.spec.ts +101 -0
package/api/tests/service/static-externalized.spec.ts +48 -0
package/api/tests/store/tenant-crosscut.spec.ts +202 -0
package/api/tests/store/tenant-model-spike.spec.ts +177 -0
package/api/tests/store/tenant-model.spec.ts +162 -0
package/api/tests/store/tenant-residual.spec.ts +196 -0
package/api/third.d.ts +4 -0
package/blocklet.yml +1 -1
package/cloudflare/MIGRATION-RUNBOOK.md +3 -8
package/cloudflare/README.md +34 -27
package/cloudflare/STAGING-MIGRATION-GUIDE.md +3 -15
package/cloudflare/build.ts +33 -13
package/cloudflare/cf-adapter.ts +419 -0
package/cloudflare/did-connect-runtime.ts +96 -0
package/cloudflare/did-connect-token-storage.ts +151 -0
package/cloudflare/esbuild-cf-config.cjs +407 -0
package/cloudflare/migrations/0006_tenant_columns.sql +46 -0
package/cloudflare/migrations/0007_tenant_backfill_indexes.sql +65 -0
package/cloudflare/migrations/0008_schema_parity.sql +16 -0
package/cloudflare/migrations/0009_remove_did_space_jobs.sql +5 -0
package/cloudflare/queue-runtime-mode.ts +13 -0
package/cloudflare/run-build.js +33 -403
package/cloudflare/scripts/cf-package-import-probe.mjs +90 -0
package/cloudflare/scripts/didconnect-mock-smoke.mjs +140 -0
package/cloudflare/shims/blocklet-sdk/asset-host-transformer.ts +20 -0
package/cloudflare/shims/blocklet-sdk/config.ts +8 -1
package/cloudflare/shims/blocklet-sdk/login.ts +12 -0
package/cloudflare/shims/blocklet-sdk/service-api.ts +14 -0
package/cloudflare/shims/blocklet-sdk/session.ts +4 -2
package/cloudflare/shims/blocklet-sdk/util-constants.ts +8 -0
package/cloudflare/shims/blocklet-sdk/wallet-authenticator.ts +16 -1
package/cloudflare/shims/blocklet-sdk/wallet-handler.ts +18 -3
package/cloudflare/shims/cron.ts +38 -158
package/cloudflare/shims/events.ts +124 -0
package/cloudflare/shims/fastq.ts +15 -1
package/cloudflare/shims/nedb-storage.ts +16 -8
package/cloudflare/shims/xss.ts +8 -0
package/cloudflare/tenant-middleware.ts +36 -0
package/cloudflare/tests/cf-adapter.spec.ts +244 -0
package/cloudflare/tests/did-connect-token-storage.spec.ts +105 -0
package/cloudflare/tests/tenant-middleware.spec.ts +160 -0
package/cloudflare/tests/worker-handler-gate.spec.ts +69 -0
package/cloudflare/vite.config.ts +53 -45
package/cloudflare/worker.ts +261 -448
package/cloudflare/wrangler.json +0 -6
package/cloudflare/wrangler.jsonc +0 -6
package/cloudflare/wrangler.local-e2e.jsonc +25 -0
package/cloudflare/wrangler.staging.json +0 -6
package/jest.config.js +3 -1
package/package.json +33 -38
package/scripts/bootstrap-inject.ts +166 -0
package/scripts/core-env-whitelist.json +1 -0
package/scripts/e2e-12b-runtime.ts +149 -0
package/scripts/e2e-core-config.ts +125 -0
package/scripts/e2e-d1-tenancy.ts +116 -0
package/scripts/e2e-d2-cron-queue.ts +139 -0
package/scripts/e2e-d3-embedded-multi.ts +171 -0
package/scripts/e2e-hono-s2.ts +125 -0
package/scripts/e2e-hono-s3e.ts +135 -0
package/scripts/e2e-hono-s4.ts +114 -0
package/scripts/e2e-migration-contract.ts +100 -0
package/scripts/e2e-s0.ts +61 -0
package/scripts/e2e-s1.ts +107 -0
package/scripts/e2e-s2.ts +178 -0
package/scripts/e2e-s3.ts +110 -0
package/scripts/e2e-s4.ts +191 -0
package/scripts/e2e-s5.ts +139 -0
package/scripts/e2e-s6.ts +127 -0
package/scripts/e2e-tenant-model.ts +119 -0
package/scripts/e2e-tenant-worker.ts +199 -0
package/scripts/gen-sql-migrations.js +46 -0
package/scripts/phase8-codemod.js +219 -0
package/scripts/phase9a-env-getters-codemod.js +82 -0
package/scripts/scan-core-env.js +109 -0
package/scripts/scan-tenant-queries.js +235 -0
package/scripts/schema-drift-guard.ts +210 -0
package/scripts/tenant-scan-whitelist.json +1 -0
package/src/app.tsx +2 -1
package/src/env.d.ts +13 -1
package/src/libs/service-host.ts +13 -0
package/tsconfig.json +1 -1
package/vite.arc.config.ts +159 -0
package/api/src/libs/did-space.ts +0 -235
package/api/src/libs/middleware.ts +0 -50
package/api/src/libs/security.ts +0 -192
package/api/src/queues/space.ts +0 -662
package/api/src/routes/credit-tokens.ts +0 -38
package/api/src/routes/exchange-rates.ts +0 -87
package/api/src/routes/index.ts +0 -142
package/api/src/routes/integrations/stripe.ts +0 -61
package/api/src/routes/meters.ts +0 -274
package/api/src/routes/passports.ts +0 -68
package/api/src/routes/redirect.ts +0 -20
package/api/src/routes/tool.ts +0 -65
package/api/src/routes/webhook-endpoints.ts +0 -126
package/api/tests/routes/credit-grants.spec.ts +0 -1261
package/cloudflare/did-connect-auth.ts +0 -527
package/cloudflare/shims/did-space-js.ts +0 -17
package/cloudflare/shims/did-space.ts +0 -11
package/cloudflare/shims/express-compat/index.ts +0 -80
package/cloudflare/shims/express-compat/types.ts +0 -41
package/cloudflare/shims/lock.ts +0 -115
package/cloudflare/shims/queue.ts +0 -611
package/cloudflare/tests/shims/queue-delayed-persist.spec.ts +0 -87
package/cloudflare/tests/shims/queue-scheduled.spec.ts +0 -186

package/api/src/routes/hono/meters.ts ADDED Viewed

@@ -0,0 +1,288 @@
+// Phase 3 (express→hono) — hono fork of routes/meters.ts. Sub-app with
+// routes relative to /api/meters (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
+import Joi from 'joi';
+import pick from 'lodash/pick';
+import { Op } from 'sequelize';
+import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../../libs/api';
+import logger from '../../libs/logger';
+import { authenticate } from '../../middlewares/hono/security';
+import { formatMetadata } from '../../libs/util';
+import { Meter, PaymentCurrency, PaymentMethod } from '../../store/models';
+const app = new Hono();
+const auth = authenticate<Meter>({ component: true, roles: ['owner', 'admin'] });
+const meterSchema = Joi.object({
+  name: Joi.string().max(64).required(),
+  event_name: Joi.string().max(64).required(),
+  aggregation_method: Joi.string().valid('sum', 'count', 'last').default('sum'),
+  unit: Joi.string().max(32).required(),
+  currency_id: Joi.string().max(40).optional(),
+  decimal: Joi.number().integer().min(2).max(18).default(10),
+  description: Joi.string().max(255).allow('').optional(),
+  metadata: MetadataSchema,
+  component_did: Joi.string().max(40).optional(),
+  token: Joi.object({
+    tokenFactoryAddress: Joi.string().required(),
+  }).optional(),
+}).unknown(true);
+const updateMeterSchema = Joi.object({
+  name: Joi.string().max(64).optional(),
+  description: Joi.string().max(255).allow('').optional(),
+  status: Joi.string().valid('active', 'inactive').optional(),
+});
+const listSchema = createListParamSchema<{ event_name?: string }>({
+  event_name: Joi.string().empty(''),
+});
+app.get('/', auth, async (c) => {
+  try {
+    const { page, pageSize, ...query } = await listSchema.validateAsync(c.req.query(), { stripUnknown: true });
+    const where = getWhereFromKvQuery(query.q);
+    if (typeof query.livemode === 'boolean') {
+      where.livemode = query.livemode;
+    }
+    if (query.event_name) {
+      where.event_name = query.event_name;
+    }
+    const { rows: list, count } = await Meter.findAndCountAll({
+      where,
+      order: getOrder(query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
+      offset: (page - 1) * pageSize,
+      limit: pageSize,
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    return c.json({ count, list, paging: { page, pageSize } });
+  } catch (err) {
+    logger.error('Error listing meters', err);
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+app.post('/', auth, async (c) => {
+  try {
+    const body = c.get('sanitizedBody') ?? {};
+    const { error } = meterSchema.validate(body);
+    if (error) {
+      return c.json({ error: `Meter create request invalid: ${error.message}` }, 400);
+    }
+    const existing = await Meter.findOne({
+      where: { event_name: (body as any).event_name },
+    });
+    if (existing) {
+      return c.json({ error: `Meter with event_name "${(body as any).event_name}" already exists` }, 409);
+    }
+    if (['count', 'last'].includes((body as any).aggregation_method)) {
+      return c.json({ error: 'Aggregation method is not supported' }, 400);
+    }
+    const needArcblockMethod = (body as any).token?.tokenFactoryAddress || !(body as any).currency_id;
+    const arcblockMethod = needArcblockMethod
+      ? await PaymentMethod.findOne({ where: { livemode: !!c.get('livemode'), type: 'arcblock' } })
+      : null;
+    if (needArcblockMethod && !arcblockMethod) {
+      throw new Error('ArcBlock payment method not found');
+    }
+    let tokenConfig: Record<string, any> | undefined;
+    if ((body as any).token?.tokenFactoryAddress) {
+      const client = arcblockMethod!.getOcapClient();
+      const { state: tokenFactoryState } = await client.getTokenFactoryState({
+        address: (body as any).token.tokenFactoryAddress,
+      });
+      if (!tokenFactoryState) {
+        return c.json({ error: 'Token factory not found on chain' }, 400);
+      }
+      tokenConfig = {
+        address: tokenFactoryState.token.address,
+        symbol: tokenFactoryState.token.symbol,
+        name: tokenFactoryState.token.name,
+        decimal: tokenFactoryState.token.decimal,
+        token_factory_address: tokenFactoryState.address,
+      };
+    }
+    const meterData = {
+      ...pick(body as any, [
+        'name',
+        'event_name',
+        'aggregation_method',
+        'unit',
+        'currency_id',
+        'description',
+        'metadata',
+      ]),
+      livemode: !!c.get('livemode'),
+      created_via: c.get('user')?.via || 'api',
+      status: (body as any).status || 'active',
+      metadata: formatMetadata((body as any).metadata),
+    };
+    if (!meterData.currency_id) {
+      const paymentCurrency = await PaymentCurrency.createForMeter(meterData, arcblockMethod!.id, tokenConfig, {
+        decimal: (body as any).decimal,
+      });
+      meterData.currency_id = paymentCurrency.id;
+    }
+    const meter = await Meter.create(meterData);
+    const result = await Meter.findByPk(meter.id, {
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    logger.info('Meter created', { meterId: meter.id, eventName: meter.event_name });
+    return c.json(result);
+  } catch (err) {
+    logger.error('create meter failed', { error: (err as any)?.message, request: c.get('sanitizedBody') ?? {} });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+// Public endpoint: only returns safe fields, no auth required
+const PUBLIC_METER_FIELDS = ['id', 'name', 'event_name', 'status', 'unit', 'description', 'currency_id'] as const;
+app.get('/public/:id', async (c) => {
+  try {
+    const meter = await Meter.findOne({
+      where: {
+        [Op.or]: [{ id: c.req.param('id') }, { event_name: c.req.param('id') }],
+      },
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    if (!meter) {
+      return c.json({ error: 'Meter not found' }, 404);
+    }
+    return c.json({
+      ...pick(meter.toJSON(), PUBLIC_METER_FIELDS),
+      paymentCurrency: (meter as any).paymentCurrency
+        ? pick((meter as any).paymentCurrency.toJSON(), ['id', 'name', 'symbol', 'decimal', 'logo', 'type'])
+        : null,
+    });
+  } catch (err) {
+    logger.error('get public meter failed', { error: (err as any)?.message, meterId: c.req.param('id') });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+app.get('/:id', auth, async (c) => {
+  try {
+    const meter = await Meter.findOne({
+      where: {
+        [Op.or]: [{ id: c.req.param('id') }, { event_name: c.req.param('id') }],
+      },
+      include: [{ model: PaymentCurrency.scope('withRechargeConfig'), as: 'paymentCurrency' }],
+    });
+    if (!meter) {
+      return c.json({ error: 'Meter not found' }, 404);
+    }
+    return c.json(meter);
+  } catch (err) {
+    logger.error('get meter failed', { error: (err as any)?.message, meterId: c.req.param('id') });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+app.put('/:id', auth, async (c) => {
+  try {
+    const body = c.get('sanitizedBody') ?? {};
+    const { error } = updateMeterSchema.validate(pick(body as any, ['name', 'description', 'status']));
+    if (error) {
+      return c.json({ error: `Meter update request invalid: ${error.message}` }, 400);
+    }
+    const meter = await Meter.findByPk(c.req.param('id'), {
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    if (!meter) {
+      return c.json({ error: 'Meter not found' }, 404);
+    }
+    const updateData: any = {
+      ...pick(body as any, ['name', 'description', 'status']),
+      unit: (body as any).unit || meter.unit,
+      updated_by: c.get('user')?.did,
+    };
+    if ((body as any).metadata) {
+      const { error: metadataError } = MetadataSchema.validate((body as any).metadata);
+      if (metadataError) {
+        return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
+      }
+      updateData.metadata = formatMetadata((body as any).metadata);
+    }
+    await meter.update(updateData);
+    return c.json(meter);
+  } catch (err) {
+    logger.error('update meter failed', { error: (err as any)?.message, meterId: c.req.param('id') });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+app.put('/:id/activate', auth, async (c) => {
+  try {
+    const meter = await Meter.findByPk(c.req.param('id'), {
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    if (!meter) {
+      return c.json({ error: 'Meter not found' }, 404);
+    }
+    if (meter.status === 'active') {
+      return c.json({ error: 'Meter is already active' }, 400);
+    }
+    await meter.update({
+      status: 'active',
+      updated_by: c.get('user')?.did,
+    });
+    return c.json(meter);
+  } catch (err) {
+    logger.error('activate meter failed', { error: (err as any)?.message, meterId: c.req.param('id') });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+app.put('/:id/deactivate', auth, async (c) => {
+  try {
+    const meter = await Meter.findByPk(c.req.param('id'), {
+      include: [{ model: PaymentCurrency, as: 'paymentCurrency' }],
+    });
+    if (!meter) {
+      return c.json({ error: 'Meter not found' }, 404);
+    }
+    if (meter.status === 'inactive') {
+      return c.json({ error: 'Meter is already inactive' }, 400);
+    }
+    await meter.update({
+      status: 'inactive',
+      updated_by: c.get('user')?.did,
+    });
+    return c.json(meter);
+  } catch (err) {
+    logger.error('deactivate meter failed', { error: (err as any)?.message, meterId: c.req.param('id') });
+    return c.json({ error: (err as any)?.message }, 400);
+  }
+});
+export default app;

package/api/src/routes/hono/passports.ts ADDED Viewed

@@ -0,0 +1,73 @@
+// Phase 3 (express→hono) — hono fork of routes/passports.ts. Sub-app with
+// routes relative to /api/passports (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
+import { updatePassportExtra } from '../../integrations/blocklet/passport';
+import { blocklet } from '../../libs/auth';
+import { authenticate } from '../../middlewares/hono/security';
+import { PaymentLink, PricingTable, Product } from '../../store/models';
+const app = new Hono();
+const auth = authenticate<any>({ component: false, roles: ['owner', 'admin'] });
+app.get('/', auth, async (c) => {
+  const result = await blocklet.getRoles();
+  return c.json(result.roles);
+});
+app.put('/assign', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const { name, id } = body as any;
+  if (!id) {
+    return c.json({ message: 'payment entry or product id is required' }, 400);
+  }
+  if (!name) {
+    return c.json({ message: 'passport name is required' }, 400);
+  }
+  if (id.startsWith('plink_')) {
+    const doc = await PaymentLink.findByPk(id);
+    if (!doc?.active) {
+      return c.json({ message: 'payment link is not active' }, 400);
+    }
+    const result = await updatePassportExtra(name, { acquire: { pay: id } });
+    return c.json(result);
+  }
+  if (id.startsWith('prctbl_')) {
+    const doc = await PricingTable.findByPk(id);
+    if (!doc?.active) {
+      return c.json({ message: 'pricing table is not active' }, 400);
+    }
+    const result = await updatePassportExtra(name, { acquire: { pay: id } });
+    return c.json(result);
+  }
+  if (id.startsWith('prod_')) {
+    const doc = await Product.findByPk(id);
+    if (!doc?.active) {
+      return c.json({ message: 'product is not active' }, 400);
+    }
+    await doc.update({ metadata: { ...doc.metadata, passport: name } });
+    const result = await updatePassportExtra(name, { payment: { product: id } });
+    return c.json(result);
+  }
+  return c.json({ message: 'pay link is not support' }, 400);
+});
+app.delete('/assign/:name', auth, async (c) => {
+  const result = await updatePassportExtra(c.req.param('name') as string, {
+    payment: { product: '' },
+    acquire: { pay: '' },
+  });
+  return c.json(result);
+});
+export default app;