refactor(#48): Improve security by moving create customer functionality to not be exposed in an endpoint

This commit is contained in:
Josh Creek
2024-10-22 20:01:49 +01:00
parent eb979add7d
commit 24a70f123a
2 changed files with 9 additions and 25 deletions
+9 -9
View File
@@ -1,8 +1,10 @@
import { redirect } from '@sveltejs/kit';
import Stripe from 'stripe';
import { getProductById } from '$lib/utils/supabase/admin';
import { getProductById, upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
export const load = async ({ fetch, locals: { safeGetSession } }) => {
const { session } = await safeGetSession();
export const load = async ({ fetch }) => {
const response = await fetch('/api/checkout/status');
if (!response.ok) {
console.error('Failed to fetch checkout status');
@@ -24,13 +26,11 @@ export const load = async ({ fetch }) => {
lineItem.productDescription = product.description ?? '';
}
// Save the stripe customer id in the customers table
const stripeCustomerId = checkoutSession.customer as string;
const createCustomerResponse = await fetch(
'/api/checkout/create-customer?stripeCustomerId=' + stripeCustomerId
);
if (!createCustomerResponse.ok) {
console.error('Failed to create customer');
if (session?.user.id) {
const stripeCustomerId = checkoutSession.customer as string;
await upsertCustomerToSupabase(session.user.id, stripeCustomerId);
} else {
console.error('User ID is undefined');
}
return {