mirror of
https://github.com/jcreek/SvelteKitSaasBoilerplate.git
synced 2026-07-14 19:43:55 +00:00
Merge pull request #49 from jcreek/48-stripe-customer-creation-could-do-with-some-improved-security
refactor(#48): Improve security by moving create customer functionality to not be exposed in an endpoint
This commit is contained in:
@@ -1,16 +0,0 @@
|
|||||||
import { json } from '@sveltejs/kit';
|
|
||||||
import type { RequestHandler } from './$types';
|
|
||||||
import { upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
|
|
||||||
|
|
||||||
export const GET: RequestHandler = async ({ url, locals: { safeGetSession } }) => {
|
|
||||||
const stripeCustomerId = url.searchParams.get('stripeCustomerId');
|
|
||||||
const { session } = await safeGetSession();
|
|
||||||
|
|
||||||
if (!session || !stripeCustomerId) {
|
|
||||||
return json({ error: 'Unauthorized' }, { status: 401 });
|
|
||||||
}
|
|
||||||
|
|
||||||
await upsertCustomerToSupabase(session?.user.id, stripeCustomerId);
|
|
||||||
|
|
||||||
return json({ message: 'Customer created' });
|
|
||||||
};
|
|
||||||
@@ -1,8 +1,10 @@
|
|||||||
import { redirect } from '@sveltejs/kit';
|
import { redirect } from '@sveltejs/kit';
|
||||||
import Stripe from 'stripe';
|
import Stripe from 'stripe';
|
||||||
import { getProductById } from '$lib/utils/supabase/admin';
|
import { getProductById, upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
|
||||||
|
|
||||||
|
export const load = async ({ fetch, locals: { safeGetSession } }) => {
|
||||||
|
const { session } = await safeGetSession();
|
||||||
|
|
||||||
export const load = async ({ fetch }) => {
|
|
||||||
const response = await fetch('/api/checkout/status');
|
const response = await fetch('/api/checkout/status');
|
||||||
if (!response.ok) {
|
if (!response.ok) {
|
||||||
console.error('Failed to fetch checkout status');
|
console.error('Failed to fetch checkout status');
|
||||||
@@ -24,13 +26,11 @@ export const load = async ({ fetch }) => {
|
|||||||
lineItem.productDescription = product.description ?? '';
|
lineItem.productDescription = product.description ?? '';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save the stripe customer id in the customers table
|
if (session?.user.id) {
|
||||||
const stripeCustomerId = checkoutSession.customer as string;
|
const stripeCustomerId = checkoutSession.customer as string;
|
||||||
const createCustomerResponse = await fetch(
|
await upsertCustomerToSupabase(session.user.id, stripeCustomerId);
|
||||||
'/api/checkout/create-customer?stripeCustomerId=' + stripeCustomerId
|
} else {
|
||||||
);
|
console.error('User ID is undefined');
|
||||||
if (!createCustomerResponse.ok) {
|
|
||||||
console.error('Failed to create customer');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
|||||||
Reference in New Issue
Block a user