payment-kit 1.29.1 → 1.29.3

package/api/src/routes/{refunds.ts → hono/refunds.ts}

@@ -1,20 +1,29 @@
+// Phase 3 (express→hono) — hono fork of routes/refunds.ts. Sub-app with
+// routes relative to /api/refunds (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody') ?? {}; res.status(n).json(x) → c.json(x, n).
 /* eslint-disable no-console */
 /* eslint-disable consistent-return */
 import OcapClient from '@ocap/client';
 import { BN, fromTokenToUnit } from '@ocap/util';
 import { ethers } from 'ethers';
-import { Router } from 'express';
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 
-import { getWallet } from '@blocklet/sdk/lib/wallet';
 import { Op } from 'sequelize';
-import { sendErc20ToUser } from '../integrations/ethereum/token';
-import { BNPositiveValidator, createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
-import { wallet } from '../libs/auth';
-import { EVM_CHAIN_TYPES } from '../libs/constants';
-import { authenticate } from '../libs/security';
-import { formatMetadata } from '../libs/util';
+import { sendErc20ToUser } from '../../integrations/ethereum/token';
+import {
+  BNPositiveValidator,
+  createListParamSchema,
+  getOrder,
+  getWhereFromKvQuery,
+  MetadataSchema,
+} from '../../libs/api';
+import { wallet } from '../../libs/auth';
+import { EVM_CHAIN_TYPES } from '../../libs/constants';
+import { authenticate } from '../../middlewares/hono/security';
+import { formatMetadata } from '../../libs/util';
 import {
   Customer,
   Invoice,
@@ -23,12 +32,12 @@ import {
   PaymentMethod,
   Refund,
   Subscription,
-} from '../store/models';
-import logger from '../libs/logger';
-import { getGasPayerExtra } from '../libs/payment';
-import { getRefundAmountSetup } from '../libs/refund';
+} from '../../store/models';
+import logger from '../../libs/logger';
+import { getGasPayerExtra } from '../../libs/payment';
+import { getRefundAmountSetup } from '../../libs/refund';
 
-const router = Router();
+const app = new Hono();
 const authAdmin = authenticate<Invoice>({ component: true, roles: ['owner', 'admin'] });
 const auth = authenticate<Invoice>({
   component: true,
@@ -55,8 +64,8 @@ const paginationSchema = createListParamSchema<{
   subscription_id: Joi.string().empty(''),
   customer_id: Joi.string().empty(''),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, livemode, status, ...query } = await paginationSchema.validateAsync(req.query, {
+app.get('/', auth, async (c) => {
+  const { page, pageSize, livemode, status, ...query } = await paginationSchema.validateAsync(c.req.query(), {
     stripUnknown: false,
     allowUnknown: true,
   });
@@ -75,7 +84,7 @@ router.get('/', auth, async (req, res) => {
   }
 
   if (query.customer_id) {
-    where.customer_id = query.customer_id;
+    where.customer_id = c.get('customer_id') ?? query.customer_id;
   }
 
   if (query.subscription_id) {
@@ -102,7 +111,7 @@ router.get('/', auth, async (req, res) => {
 
   const { rows: list, count } = await Refund.findAndCountAll({
     where,
-    order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
+    order: getOrder(c.req.query(), [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [
@@ -116,7 +125,7 @@ router.get('/', auth, async (req, res) => {
     distinct: true,
   });
 
-  res.json({ count, list, paging: { page, pageSize } });
+  return c.json({ count, list, paging: { page, pageSize } });
 });
 
 const searchSchema = createListParamSchema<{}>({});
@@ -134,35 +143,36 @@ const refundRequestSchema = Joi.object({
   invoice_id: Joi.string().optional(),
   subscription_id: Joi.string().optional(),
 });
-router.post('/', authAdmin, async (req, res) => {
-  const { error } = refundRequestSchema.validate(req.body);
+app.post('/', authAdmin, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const { error } = refundRequestSchema.validate(body);
   if (error) {
-    return res.status(400).json({ error: `Refund request invalid: ${error.message}` });
+    return c.json({ error: `Refund request invalid: ${error.message}` }, 400);
   }
   try {
-    const paymentCurrency = await PaymentCurrency.findByPk(req.body.currency_id);
+    const paymentCurrency = await PaymentCurrency.findByPk(body.currency_id);
     if (!paymentCurrency) {
       throw new Error('payment currency not found');
     }
-    const amount = fromTokenToUnit(req.body.amount, paymentCurrency?.decimal).toString();
+    const amount = fromTokenToUnit(body.amount, paymentCurrency?.decimal).toString();
     const amountBN = new BN(amount);
     const result = await getRefundAmountSetup({
-      paymentIntentId: req.body.payment_intent_id,
+      paymentIntentId: body.payment_intent_id,
     });
     if (amountBN.gt(new BN(result.amount))) {
       throw new Error('refund amount exceeds the available amount');
     }
 
-    const paymentMethod = await PaymentMethod.findByPk(req.body.payment_method_id);
+    const paymentMethod = await PaymentMethod.findByPk(body.payment_method_id);
     if (!paymentMethod) {
-      throw new Error(`payment method not found: ${req.body.payment_method_id}`);
+      throw new Error(`payment method not found: ${body.payment_method_id}`);
     }
     const item = await Refund.create({
-      ...req.body,
+      ...body,
       type: 'refund',
-      livemode: !!req.livemode,
+      livemode: !!c.get('livemode'),
       amount,
-      metadata: formatMetadata(req.body.metadata),
+      metadata: formatMetadata(body.metadata),
       attempt_count: 0,
       attempted: false,
       next_attempt: 0,
@@ -174,25 +184,25 @@ router.post('/', authAdmin, async (req, res) => {
       ending_token_balance: {},
     });
     logger.info('refund created', {
-      ...req.params,
-      ...req.body,
+      ...c.req.param(),
+      ...body,
       result: item.toJSON(),
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
-    res.json(item);
+    return c.json(item);
   } catch (err) {
     logger.error('Create refund failed', {
       error: err.message,
       stack: err.stack,
-      requestBody: req.body,
-      requestedBy: req.user?.did,
+      requestBody: body,
+      requestedBy: c.get('user')?.did,
     });
-    res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.get('/search', auth, async (req, res) => {
-  const { page, pageSize, livemode, q, o } = await searchSchema.validateAsync(req.query, {
+app.get('/search', auth, async (c) => {
+  const { page, pageSize, livemode, q, o } = await searchSchema.validateAsync(c.req.query(), {
     stripUnknown: false,
     allowUnknown: true,
   });
@@ -204,7 +214,7 @@ router.get('/search', auth, async (req, res) => {
 
   const { rows: list, count } = await Refund.findAndCountAll({
     where,
-    order: getOrder(req.query, [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
+    order: getOrder(c.req.query(), [['created_at', o === 'asc' ? 'ASC' : 'DESC']]),
     offset: (page - 1) * pageSize,
     limit: pageSize,
     include: [
@@ -213,7 +223,7 @@ router.get('/search', auth, async (req, res) => {
     ],
   });
 
-  res.json({ count, list, paging: { page, pageSize } });
+  return c.json({ count, list, paging: { page, pageSize } });
 });
 
 // Helper function: Query payment method and currency by contract and chain type
@@ -440,15 +450,16 @@ const syncRefundRequestSchema = Joi.object({
   metadata: MetadataSchema.optional(),
 });
 
-router.post('/sync', authAdmin, async (req: any, res: any) => {
-  const { error } = syncRefundRequestSchema.validate(req.body);
+app.post('/sync', authAdmin, async (c: any) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const { error } = syncRefundRequestSchema.validate(body);
   if (error) {
-    return res.status(400).json({ error: `Refund request invalid: ${error.message}` });
+    return c.json({ error: `Refund request invalid: ${error.message}` }, 400);
   }
 
   // Extract and validate request data
-  const { livemode, amount, destination, contract, chainType, chainApiHost } = req.body;
-  const { description, metadata, orderId, customerName } = req.body;
+  const { livemode, amount, destination, contract, chainType, chainApiHost } = body;
+  const { description, metadata, orderId, customerName } = body;
 
   try {
     // Convert and validate input types
@@ -482,12 +493,12 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
           status: existingRefund.status,
         });
 
-        return res.json(existingRefund);
+        return c.json(existingRefund);
       }
     }
 
-    // Get system DID as default payer (发款方)
-    const systemDid = getWallet().address;
+    // Get system DID as default payer (发款方) — the active tenant's business wallet.
+    const systemDid = wallet.address;
 
     // Create mock customer if customerName is provided, otherwise use "Broker" as default
     const finalCustomerName = customerName || 'Broker';
@@ -568,7 +579,7 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
       destination,
       amount,
       chainType,
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
 
     // Process transfer
@@ -594,7 +605,7 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
       logger.info('Synchronous refund transfer completed', {
         refundId: refund.id,
         txHash,
-        requestedBy: req.user?.did,
+        requestedBy: c.get('user')?.did,
       });
 
       // Reload and enrich refund data
@@ -610,11 +621,11 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
         throw new Error('Refund not found after processing');
       }
 
-      return res.json(updatedRefund.toJSON());
+      return c.json(updatedRefund.toJSON());
     } catch (processError: any) {
       logger.error('Synchronous refund transfer failed', {
         error: processError,
-        requestedBy: req.user?.did,
+        requestedBy: c.get('user')?.did,
       });
       // Handle transfer failure
       await refund.update({
@@ -632,7 +643,7 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
       logger.error('Synchronous refund transfer failed', {
         refundId: refund.id,
         error: processError.message || processError.error?.message,
-        requestedBy: req.user?.did,
+        requestedBy: c.get('user')?.did,
       });
 
       // Reload and enrich failed refund data
@@ -645,24 +656,27 @@ router.post('/sync', authAdmin, async (req: any, res: any) => {
       });
 
       if (failedRefund) {
-        return res.status(400).json({
-          ...failedRefund.toJSON(),
-          error: processError.message || processError.error?.message || 'Refund transfer failed',
-        });
+        return c.json(
+          {
+            ...failedRefund.toJSON(),
+            error: processError.message || processError.error?.message || 'Refund transfer failed',
+          },
+          400
+        );
       }
       throw processError;
     }
   } catch (err: any) {
     logger.error('Create synchronous refund failed', {
       error: err,
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.get('/:id', auth, async (req, res) => {
-  const doc = await Refund.findByPk(req.params.id as string, {
+app.get('/:id', auth, async (c) => {
+  const doc = await Refund.findByPk(c.req.param('id') as string, {
     include: [
       { model: Customer, as: 'customer' },
       { model: PaymentCurrency, as: 'paymentCurrency' },
@@ -676,25 +690,26 @@ router.get('/:id', auth, async (req, res) => {
   if (doc) {
     // @ts-ignore
     const paymentMethod = await PaymentMethod.findByPk(doc.paymentCurrency.payment_method_id);
-    return res.json({ ...doc.toJSON(), paymentMethod: paymentMethod?.toJSON() });
+    return c.json({ ...doc.toJSON(), paymentMethod: paymentMethod?.toJSON() });
   }
 
-  return res.status(404).json(null);
+  return c.json(null, 404);
 });
 
 // eslint-disable-next-line consistent-return
-router.put('/:id', authAdmin, async (req, res) => {
+app.put('/:id', authAdmin, async (c) => {
   try {
-    const doc = await Refund.findByPk(req.params.id as string);
+    const body = c.get('sanitizedBody') ?? {};
+    const doc = await Refund.findByPk(c.req.param('id') as string);
     if (!doc) {
-      return res.status(404).json({ error: 'Refund not found' });
+      return c.json({ error: 'Refund not found' }, 404);
     }
 
-    const raw = pick(req.body, ['metadata']);
+    const raw = pick(body, ['metadata']);
     if (raw.metadata) {
       const { error: metadataError } = MetadataSchema.validate(raw.metadata);
       if (metadataError) {
-        return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
+        return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
       }
       raw.metadata = formatMetadata(raw.metadata);
     }
@@ -703,40 +718,40 @@ router.put('/:id', authAdmin, async (req, res) => {
     logger.info('Refund updated', {
       refundId: doc.id,
       updatedFields: Object.keys(raw),
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
-    res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error('Update refund failed', {
-      refundId: req.params.id,
+      refundId: c.req.param('id'),
       error: err.message,
       stack: err.stack,
-      requestBody: req.body,
-      requestedBy: req.user?.did,
+      requestBody: c.get('sanitizedBody') ?? {},
+      requestedBy: c.get('user')?.did,
     });
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.post('/:id/cancel', authAdmin, async (req, res) => {
-  const doc = await Refund.findByPk(req.params.id as string);
+app.post('/:id/cancel', authAdmin, async (c) => {
+  const doc = await Refund.findByPk(c.req.param('id') as string);
   if (!doc) {
-    return res.status(404).json({ error: 'Refund not found' });
+    return c.json({ error: 'Refund not found' }, 404);
   }
   if (doc.status === 'succeeded') {
-    return res.status(400).json({ error: 'Refund is already succeeded' });
+    return c.json({ error: 'Refund is already succeeded' }, 400);
   }
   try {
     await doc.update({ status: 'canceled' });
-    return res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error('Cancel refund failed', {
-      refundId: req.params.id,
+      refundId: c.req.param('id'),
       error: err.message,
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-export default router;
+export default app;