mirror of
https://github.com/jcreek/SvelteKitSaasBoilerplate.git
synced 2026-07-13 02:53:50 +00:00
refactor(#48): Improve security by moving create customer functionality to not be exposed in an endpoint
This commit is contained in:
@@ -1,16 +0,0 @@
|
||||
import { json } from '@sveltejs/kit';
|
||||
import type { RequestHandler } from './$types';
|
||||
import { upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
|
||||
|
||||
export const GET: RequestHandler = async ({ url, locals: { safeGetSession } }) => {
|
||||
const stripeCustomerId = url.searchParams.get('stripeCustomerId');
|
||||
const { session } = await safeGetSession();
|
||||
|
||||
if (!session || !stripeCustomerId) {
|
||||
return json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
await upsertCustomerToSupabase(session?.user.id, stripeCustomerId);
|
||||
|
||||
return json({ message: 'Customer created' });
|
||||
};
|
||||
@@ -1,8 +1,10 @@
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import Stripe from 'stripe';
|
||||
import { getProductById } from '$lib/utils/supabase/admin';
|
||||
import { getProductById, upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
|
||||
|
||||
export const load = async ({ fetch, locals: { safeGetSession } }) => {
|
||||
const { session } = await safeGetSession();
|
||||
|
||||
export const load = async ({ fetch }) => {
|
||||
const response = await fetch('/api/checkout/status');
|
||||
if (!response.ok) {
|
||||
console.error('Failed to fetch checkout status');
|
||||
@@ -24,13 +26,11 @@ export const load = async ({ fetch }) => {
|
||||
lineItem.productDescription = product.description ?? '';
|
||||
}
|
||||
|
||||
// Save the stripe customer id in the customers table
|
||||
const stripeCustomerId = checkoutSession.customer as string;
|
||||
const createCustomerResponse = await fetch(
|
||||
'/api/checkout/create-customer?stripeCustomerId=' + stripeCustomerId
|
||||
);
|
||||
if (!createCustomerResponse.ok) {
|
||||
console.error('Failed to create customer');
|
||||
if (session?.user.id) {
|
||||
const stripeCustomerId = checkoutSession.customer as string;
|
||||
await upsertCustomerToSupabase(session.user.id, stripeCustomerId);
|
||||
} else {
|
||||
console.error('User ID is undefined');
|
||||
}
|
||||
|
||||
return {
|
||||
|
||||
Reference in New Issue
Block a user