payment-kit 1.29.1 → 1.29.3

package/api/src/routes/{settings.ts → hono/settings.ts}

@@ -1,21 +1,26 @@
-import { Router } from 'express';
+// Phase 3 (express→hono) — hono fork of routes/settings.ts. Sub-app with
+// routes relative to /api/settings (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
+import { Hono } from 'hono';
 import pick from 'lodash/pick';
 import { Op, type WhereOptions } from 'sequelize';
 
 import Joi from 'joi';
 import merge from 'lodash/merge';
-import { PaymentCurrency } from '../store/models/payment-currency';
-import { PaymentMethod } from '../store/models/payment-method';
-import { authenticate } from '../libs/security';
-import { Setting } from '../store/models';
-import logger from '../libs/logger';
-import { createListParamSchema, getOrder, getWhereFromKvQuery } from '../libs/api';
+import { PaymentCurrency } from '../../store/models/payment-currency';
+import { PaymentMethod } from '../../store/models/payment-method';
+import { authenticate } from '../../middlewares/hono/security';
+import { Setting } from '../../store/models';
+import logger from '../../libs/logger';
+import { createListParamSchema, getOrder, getWhereFromKvQuery } from '../../libs/api';
 
-const router = Router();
+const app = new Hono();
 const authAdmin = authenticate<Setting>({ component: true, roles: ['owner', 'admin'] });
-router.get('/', async (req, res) => {
+
+app.get('/', async (c) => {
   const attributes = ['id', 'name', 'symbol', 'decimal', 'logo', 'payment_method_id', 'maximum_precision', 'type'];
-  const where: WhereOptions<PaymentMethod> = { livemode: req.livemode, active: true };
+  const where: WhereOptions<PaymentMethod> = { livemode: c.get('livemode'), active: true };
 
   const methods = await PaymentMethod.findAll({
     where,
@@ -30,13 +35,13 @@ router.get('/', async (req, res) => {
     method.payment_currencies = method.payment_currencies?.map((x) => pick(x, attributes));
   });
 
-  res.json({
+  return c.json({
     paymentMethods: methods.map((x) => ({
       ...pick(x, ['id', 'name', 'type', 'logo', 'payment_currencies', 'default_currency_id', 'maximum_precision']),
       api_host: x.settings?.arcblock?.api_host,
     })),
     baseCurrency: await PaymentCurrency.findOne({
-      where: { is_base_currency: true, livemode: req.livemode },
+      where: { is_base_currency: true, livemode: c.get('livemode') },
       attributes,
     }),
   });
@@ -54,10 +59,10 @@ const donateListSchema = createListParamSchema<{
   componentDid: Joi.string().empty(''),
 });
 
-router.get('/donate', async (req, res) => {
+app.get('/donate', async (c) => {
   try {
     const { page, pageSize, mountLocation, description, componentDid, ...query } = await donateListSchema.validateAsync(
-      req.query,
+      c.req.query(),
       { stripUnknown: false, allowUnknown: true }
     );
 
@@ -81,34 +86,34 @@ router.get('/donate', async (req, res) => {
 
     const { rows: list, count } = await Setting.findAndCountAll({
       where,
-      order: getOrder(req.query, [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
+      order: getOrder(c.req.query(), [['created_at', query.o === 'asc' ? 'ASC' : 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       distinct: true,
     });
 
-    return res.json({ count, list, paging: { page, pageSize } });
+    return c.json({ count, list, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.get('/donate/:mountLocationOrId', async (req, res) => {
+app.get('/donate/:mountLocationOrId', async (c) => {
   try {
-    if (!req.params.mountLocationOrId) {
-      return res.status(400).json({ error: 'mountLocation is required' });
+    if (!c.req.param('mountLocationOrId')) {
+      return c.json({ error: 'mountLocation is required' }, 400);
     }
     const settings = await Setting.findOne({
       where: {
         type: 'donate',
-        [Op.or]: [{ mount_location: req.params.mountLocationOrId }, { id: req.params.mountLocationOrId }],
+        [Op.or]: [{ mount_location: c.req.param('mountLocationOrId') }, { id: c.req.param('mountLocationOrId') }],
       },
     });
-    return res.json(settings);
+    return c.json(settings);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
@@ -121,13 +126,15 @@ const SettingSchema = Joi.object({
   livemode: Joi.boolean().optional(),
   componentDid: Joi.string().optional(),
 }).unknown(true);
-router.post('/', async (req, res) => {
+
+app.post('/', async (c) => {
   try {
-    const { error } = SettingSchema.validate(req.body);
+    const body = c.get('sanitizedBody') ?? {};
+    const { error } = SettingSchema.validate(body);
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
-    const { type, mountLocation, settings = {}, active = true, description, livemode = true, componentDid } = req.body;
+    const { type, mountLocation, settings = {}, active = true, description, livemode = true, componentDid } = body;
     const raw = {
       type,
       mount_location: mountLocation,
@@ -163,7 +170,7 @@ router.post('/', async (req, res) => {
 
         const { error: amountError } = amountSchema.validate(settings.amount);
         if (amountError) {
-          return res.status(400).json({ error: amountError.message });
+          return c.json({ error: amountError.message }, 400);
         }
       }
 
@@ -180,7 +187,7 @@ router.post('/', async (req, res) => {
       });
       const { error: notificationError, value: notificationSettings } = notificationSchema.validate(settings);
       if (notificationError) {
-        return res.status(400).json({ error: notificationError.message });
+        return c.json({ error: notificationError.message }, 400);
       }
       raw.settings = notificationSettings;
     }
@@ -196,13 +203,13 @@ router.post('/', async (req, res) => {
           component_did: componentDid,
         });
       }
-      return res.json(exist);
+      return c.json(exist);
     }
     const doc = await Setting.create(raw);
-    return res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
@@ -211,13 +218,15 @@ const UpdateSettingSchema = Joi.object({
   active: Joi.boolean().optional(),
   description: Joi.string().optional(),
 }).unknown(true);
-router.put('/:mountLocationOrId', authAdmin, async (req, res) => {
+
+app.put('/:mountLocationOrId', authAdmin, async (c) => {
   try {
-    const { error } = UpdateSettingSchema.validate(req.body);
+    const body = c.get('sanitizedBody') ?? {};
+    const { error } = UpdateSettingSchema.validate(body);
     if (error) {
-      return res.status(400).json({ error: error.message });
+      return c.json({ error: error.message }, 400);
     }
-    const { settings = {}, active = true, description } = req.body;
+    const { settings = {}, active = true, description } = body;
     const raw: {
       active: boolean;
       settings: Record<string, any>;
@@ -233,16 +242,16 @@ router.put('/:mountLocationOrId', authAdmin, async (req, res) => {
       where: {
         [Op.or]: [
           {
-            id: req.params.mountLocationOrId,
+            id: c.req.param('mountLocationOrId'),
           },
           {
-            mount_location: req.params.mountLocationOrId,
+            mount_location: c.req.param('mountLocationOrId'),
           },
         ],
       },
     });
     if (!setting) {
-      return res.status(404).json({ error: 'Setting not found' });
+      return c.json({ error: 'Setting not found' }, 404);
     }
     raw.settings = merge({}, setting.settings, settings);
     if (setting.type === 'donate') {
@@ -259,7 +268,7 @@ router.put('/:mountLocationOrId', authAdmin, async (req, res) => {
 
         const { error: amountError } = amountSchema.validate(settings.amount);
         if (amountError) {
-          return res.status(400).json({ error: amountError.message });
+          return c.json({ error: amountError.message }, 400);
         }
         raw.settings.amount = settings.amount;
       }
@@ -272,62 +281,62 @@ router.put('/:mountLocationOrId', authAdmin, async (req, res) => {
       });
       const { error: notificationError, value: notificationSettings } = notificationSchema.validate(settings);
       if (notificationError) {
-        return res.status(400).json({ error: notificationError.message });
+        return c.json({ error: notificationError.message }, 400);
       }
       raw.settings = notificationSettings;
     }
     const doc = await setting.update(raw);
-    return res.json(doc);
+    return c.json(doc);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.delete('/:mountLocationOrId', authAdmin, async (req, res) => {
+app.delete('/:mountLocationOrId', authAdmin, async (c) => {
   try {
     const setting = await Setting.findOne({
       where: {
         [Op.or]: [
           {
-            id: req.params.mountLocationOrId,
+            id: c.req.param('mountLocationOrId'),
           },
           {
-            mount_location: req.params.mountLocationOrId,
+            mount_location: c.req.param('mountLocationOrId'),
           },
         ],
       },
     });
     if (!setting) {
-      return res.status(404).json({ error: `Setting ${req.params.mountLocationOrId} not found` });
+      return c.json({ error: `Setting ${c.req.param('mountLocationOrId')} not found` }, 404);
     }
     await setting.destroy();
-    return res.json({ message: `Setting ${req.params.mountLocationOrId} deleted` });
+    return c.json({ message: `Setting ${c.req.param('mountLocationOrId')} deleted` });
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-router.get('/:mountLocationOrId', authAdmin, async (req, res) => {
+app.get('/:mountLocationOrId', authAdmin, async (c) => {
   try {
     const setting = await Setting.findOne({
       where: {
         [Op.or]: [
           {
-            id: req.params.mountLocationOrId,
+            id: c.req.param('mountLocationOrId'),
           },
           {
-            mount_location: req.params.mountLocationOrId,
+            mount_location: c.req.param('mountLocationOrId'),
           },
         ],
       },
     });
-    return res.json(setting);
+    return c.json(setting);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: err.message });
+    return c.json({ error: err.message }, 400);
   }
 });
 
-export default router;
+export default app;

package/api/src/routes/{subscription-items.ts → hono/subscription-items.ts}

@@ -1,25 +1,30 @@
+// Phase 3 (express→hono) — hono fork of routes/subscription-items.ts. Sub-app with
+// routes relative to /api/subscription-items (mounted via mountResourceGroup). The
+// business logic is unchanged; only the express plumbing becomes hono:
+//   req.body → c.get('sanitizedBody'); res.status(n).json(x) → c.json(x, n).
 import dayjs from 'dayjs';
-import { Router } from 'express';
+import { Hono } from 'hono';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 import type { WhereOptions } from 'sequelize';
 
-import { createListParamSchema, getOrder, MetadataSchema } from '../libs/api';
-import { authenticate } from '../libs/security';
-import { expandLineItems } from '../libs/session';
-import { formatMetadata } from '../libs/util';
-import { Price, Product, Subscription, SubscriptionItem, UsageRecord } from '../store/models';
-import { forwardUsageRecordToStripe } from '../integrations/stripe/resource';
-import { usageRecordQueue } from '../queues/usage-record';
-import logger from '../libs/logger';
+import { createListParamSchema, getOrder, MetadataSchema } from '../../libs/api';
+import { authenticate } from '../../middlewares/hono/security';
+import { expandLineItems } from '../../libs/session';
+import { formatMetadata } from '../../libs/util';
+import { Price, Product, Subscription, SubscriptionItem, UsageRecord } from '../../store/models';
+import { forwardUsageRecordToStripe } from '../../integrations/stripe/resource';
+import { usageRecordQueue } from '../../queues/usage-record';
+import logger from '../../libs/logger';
 
-const router = Router();
+const app = new Hono();
 const auth = authenticate<SubscriptionItem>({ component: true, roles: ['owner', 'admin'] });
 
 // FIXME: handle payment_behavior, proration_behavior
 // @link https://stripe.com/docs/api/subscription_items/create
-router.post('/', auth, async (req, res) => {
-  const raw: Partial<SubscriptionItem> = pick(req.body, [
+app.post('/', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const raw: Partial<SubscriptionItem> = pick(body, [
     'subscription_id',
     'price_id',
     'quantity',
@@ -30,14 +35,14 @@ router.post('/', auth, async (req, res) => {
     where: { price_id: raw.price_id, subscription_id: raw.subscription_id },
   });
   if (exist) {
-    return res.status(400).json({ error: `SubscriptionItem already exist: ${exist.id}` });
+    return c.json({ error: `SubscriptionItem already exist: ${exist.id}` }, 400);
   }
 
-  raw.livemode = req.livemode;
+  raw.livemode = c.get('livemode');
   if (raw.metadata) {
     const { error: metadataError } = MetadataSchema.validate(raw.metadata);
     if (metadataError) {
-      return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
+      return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
     }
     raw.metadata = formatMetadata(raw.metadata);
   }
@@ -48,9 +53,9 @@ router.post('/', auth, async (req, res) => {
     subscriptionId: doc.subscription_id,
     priceId: doc.price_id,
     quantity: doc.quantity,
-    requestedBy: req.user?.did,
+    requestedBy: c.get('user')?.did,
   });
-  return res.json(doc);
+  return c.json(doc);
 });
 
 // @link https://stripe.com/docs/api/subscription_items/list
@@ -61,8 +66,8 @@ const schema = createListParamSchema<{
   subscription_id: Joi.string(),
   price_id: Joi.string(),
 });
-router.get('/', auth, async (req, res) => {
-  const { page, pageSize, ...query } = await schema.validateAsync(req.query, { stripUnknown: true });
+app.get('/', auth, async (c) => {
+  const { page, pageSize, ...query } = await schema.validateAsync(c.req.query(), { stripUnknown: true });
   const where: WhereOptions<SubscriptionItem> = {};
 
   if (query.subscription_id) {
@@ -80,7 +85,7 @@ router.get('/', auth, async (req, res) => {
   try {
     const { rows, count } = await SubscriptionItem.findAndCountAll({
       where,
-      order: getOrder(req.query, [['created_at', 'DESC']]),
+      order: getOrder(c.req.query(), [['created_at', 'DESC']]),
       offset: (page - 1) * pageSize,
       limit: pageSize,
       include: [],
@@ -101,45 +106,45 @@ router.get('/', auth, async (req, res) => {
       // @ts-ignore
       expandLineItems(list, Array.from(productMap.values()), pricesJson);
     }
-    res.json({ count, list, paging: { page, pageSize } });
+    return c.json({ count, list, paging: { page, pageSize } });
   } catch (err) {
     logger.error(err);
-    res.json({ count: 0, list: [], paging: { page, pageSize } });
+    return c.json({ count: 0, list: [], paging: { page, pageSize } });
   }
 });
 
 // @link https://stripe.com/docs/api/subscription_items/retrieve
-router.get('/:id', auth, async (req, res) => {
+app.get('/:id', auth, async (c) => {
   try {
     const doc = await SubscriptionItem.findOne({
-      where: { id: req.params.id },
+      where: { id: c.req.param('id') },
       include: [{ model: Price, as: 'price' }],
     });
     if (doc) {
-      res.json(doc);
-    } else {
-      res.status(404).json(null);
+      return c.json(doc);
     }
+    return c.json(null, 404);
   } catch (err) {
     logger.error(err);
-    res.status(500).json({ error: `Failed to get subscription item: ${err.message}` });
+    return c.json({ error: `Failed to get subscription item: ${(err as any).message}` }, 500);
   }
 });
 
-router.put('/:id', auth, async (req, res) => {
-  const doc = await SubscriptionItem.findByPk(req.params.id);
+app.put('/:id', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const doc = await SubscriptionItem.findByPk(c.req.param('id'));
 
   if (!doc) {
-    return res.status(404).json({ error: `SubscriptionItem not found: ${req.params.id}` });
+    return c.json({ error: `SubscriptionItem not found: ${c.req.param('id')}` }, 404);
   }
 
-  const updates: Partial<SubscriptionItem> = pick(req.body, ['price_id', 'quantity', 'billing_thresholds', 'metadata']);
+  const updates: Partial<SubscriptionItem> = pick(body, ['price_id', 'quantity', 'billing_thresholds', 'metadata']);
   if (updates.price_id) {
     const exist = await SubscriptionItem.findOne({
       where: { price_id: updates.price_id, subscription_id: doc.subscription_id },
     });
     if (exist) {
-      return res.status(400).json({ error: `SubscriptionItem already exist: ${exist.id}` });
+      return c.json({ error: `SubscriptionItem already exist: ${exist.id}` }, 400);
     }
 
     if (!updates.quantity) {
@@ -150,7 +155,7 @@ router.put('/:id', auth, async (req, res) => {
   if (updates.metadata) {
     const { error: metadataError } = MetadataSchema.validate(updates.metadata);
     if (metadataError) {
-      return res.status(400).json({ error: `metadata invalid: ${metadataError.message}` });
+      return c.json({ error: `metadata invalid: ${metadataError.message}` }, 400);
     }
     updates.metadata = formatMetadata(updates.metadata);
   }
@@ -160,21 +165,22 @@ router.put('/:id', auth, async (req, res) => {
     id: doc.id,
     subscriptionId: doc.subscription_id,
     updatedFields: Object.keys(updates),
-    requestedBy: req.user?.did,
+    requestedBy: c.get('user')?.did,
   });
-  return res.json(doc);
+  return c.json(doc);
 });
 
 // TODO: handle proration_behavior
 // @link https://stripe.com/docs/api/subscription_items/delete
-router.delete('/:id', auth, async (req, res) => {
-  const doc = await SubscriptionItem.findByPk(req.params.id);
+app.delete('/:id', auth, async (c) => {
+  const body = c.get('sanitizedBody') ?? {};
+  const doc = await SubscriptionItem.findByPk(c.req.param('id'));
 
   if (!doc) {
-    return res.status(404).json({ error: 'subscription item not found' });
+    return c.json({ error: 'subscription item not found' }, 404);
   }
 
-  if (req.body.clear_usage) {
+  if (body.clear_usage) {
     const price = await Price.findByPk(doc.price_id);
     if (price?.recurring?.usage_type === 'metered') {
       await UsageRecord.destroy({ where: { subscription_item_id: doc.id } });
@@ -185,41 +191,42 @@ router.delete('/:id', auth, async (req, res) => {
   logger.info('SubscriptionItem deleted', {
     id: doc.id,
     subscriptionId: doc.subscription_id,
-    clearUsage: req.body.clear_usage,
-    requestedBy: req.user?.did,
+    clearUsage: body.clear_usage,
+    requestedBy: c.get('user')?.did,
   });
-  return res.json(doc);
+  return c.json(doc);
 });
 
-router.post('/:id/add-usage-quantity', auth, async (req, res) => {
-  const { livemode } = req;
+app.post('/:id/add-usage-quantity', auth, async (c) => {
+  const livemode = c.get('livemode');
   if (livemode) {
-    return res.status(403).json({ error: 'add usage quantity not allowed in livemode' });
+    return c.json({ error: 'add usage quantity not allowed in livemode' }, 403);
   }
 
-  const quantity = Number(req.body.quantity);
+  const body = c.get('sanitizedBody') ?? {};
+  const quantity = Number(body.quantity);
   if (quantity <= 0) {
-    return res.status(400).json({ error: 'quantity must be positive' });
+    return c.json({ error: 'quantity must be positive' }, 400);
   }
 
   try {
-    const subscriptionItem = await SubscriptionItem.findByPk(req.params.id);
+    const subscriptionItem = await SubscriptionItem.findByPk(c.req.param('id'));
     if (!subscriptionItem) {
-      return res.status(404).json({ error: `SubscriptionItem(${req.params.id}) item not found` });
+      return c.json({ error: `SubscriptionItem(${c.req.param('id')}) item not found` }, 404);
     }
     const subscription = await Subscription.findByPk(subscriptionItem.subscription_id);
     if (!subscription) {
-      return res.status(400).json({ error: `Subscription not found: ${subscriptionItem.subscription_id}` });
+      return c.json({ error: `Subscription not found: ${subscriptionItem.subscription_id}` }, 400);
     }
 
     if (subscription.isImmutable()) {
-      return res.status(400).json({ error: `subscription(${subscription.id}) is immutable` });
+      return c.json({ error: `subscription(${subscription.id}) is immutable` }, 400);
     }
 
     const now = dayjs().unix();
 
     if (now < subscription.current_period_start || now > subscription.current_period_end) {
-      return res.status(400).json({ error: 'timestamp must be within the current period' });
+      return c.json({ error: 'timestamp must be within the current period' }, 400);
     }
 
     const usageRecord = await UsageRecord.create({
@@ -234,7 +241,7 @@ router.post('/:id/add-usage-quantity', auth, async (req, res) => {
       subscriptionId: subscription.id,
       quantity,
       timestamp: now,
-      requestedBy: req.user?.did,
+      requestedBy: c.get('user')?.did,
     });
 
     if (subscription.billing_thresholds?.amount_gte) {
@@ -260,11 +267,11 @@ router.post('/:id/add-usage-quantity', auth, async (req, res) => {
       action: 'increment',
     });
 
-    return res.json(usageRecord);
+    return c.json(usageRecord);
   } catch (err) {
     logger.error(err);
-    return res.status(400).json({ error: `Failed to add usage quantity: ${err.message}` });
+    return c.json({ error: `Failed to add usage quantity: ${(err as any).message}` }, 400);
   }
 });
 
-export default router;
+export default app;