Merge pull request #49 from jcreek/48-stripe-customer-creation-could-do-with-some-improved-security

refactor(#48): Improve security by moving create customer functionality to not be exposed in an endpoint
This commit is contained in:
Olly
2024-10-24 00:29:44 +01:00
committed by GitHub
2 changed files with 9 additions and 25 deletions
@@ -1,16 +0,0 @@
import { json } from '@sveltejs/kit';
import type { RequestHandler } from './$types';
import { upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
export const GET: RequestHandler = async ({ url, locals: { safeGetSession } }) => {
const stripeCustomerId = url.searchParams.get('stripeCustomerId');
const { session } = await safeGetSession();
if (!session || !stripeCustomerId) {
return json({ error: 'Unauthorized' }, { status: 401 });
}
await upsertCustomerToSupabase(session?.user.id, stripeCustomerId);
return json({ message: 'Customer created' });
};
+9 -9
View File
@@ -1,8 +1,10 @@
import { redirect } from '@sveltejs/kit';
import Stripe from 'stripe';
import { getProductById } from '$lib/utils/supabase/admin';
import { getProductById, upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
export const load = async ({ fetch, locals: { safeGetSession } }) => {
const { session } = await safeGetSession();
export const load = async ({ fetch }) => {
const response = await fetch('/api/checkout/status');
if (!response.ok) {
console.error('Failed to fetch checkout status');
@@ -24,13 +26,11 @@ export const load = async ({ fetch }) => {
lineItem.productDescription = product.description ?? '';
}
// Save the stripe customer id in the customers table
const stripeCustomerId = checkoutSession.customer as string;
const createCustomerResponse = await fetch(
'/api/checkout/create-customer?stripeCustomerId=' + stripeCustomerId
);
if (!createCustomerResponse.ok) {
console.error('Failed to create customer');
if (session?.user.id) {
const stripeCustomerId = checkoutSession.customer as string;
await upsertCustomerToSupabase(session.user.id, stripeCustomerId);
} else {
console.error('User ID is undefined');
}
return {