mirror of
https://github.com/jcreek/SvelteKitSaasBoilerplate.git
synced 2026-07-15 12:03:49 +00:00
refactor(#48): Improve security by moving create customer functionality to not be exposed in an endpoint
This commit is contained in:
@@ -1,8 +1,10 @@
|
||||
import { redirect } from '@sveltejs/kit';
|
||||
import Stripe from 'stripe';
|
||||
import { getProductById } from '$lib/utils/supabase/admin';
|
||||
import { getProductById, upsertCustomerToSupabase } from '$lib/utils/supabase/admin';
|
||||
|
||||
export const load = async ({ fetch, locals: { safeGetSession } }) => {
|
||||
const { session } = await safeGetSession();
|
||||
|
||||
export const load = async ({ fetch }) => {
|
||||
const response = await fetch('/api/checkout/status');
|
||||
if (!response.ok) {
|
||||
console.error('Failed to fetch checkout status');
|
||||
@@ -24,13 +26,11 @@ export const load = async ({ fetch }) => {
|
||||
lineItem.productDescription = product.description ?? '';
|
||||
}
|
||||
|
||||
// Save the stripe customer id in the customers table
|
||||
const stripeCustomerId = checkoutSession.customer as string;
|
||||
const createCustomerResponse = await fetch(
|
||||
'/api/checkout/create-customer?stripeCustomerId=' + stripeCustomerId
|
||||
);
|
||||
if (!createCustomerResponse.ok) {
|
||||
console.error('Failed to create customer');
|
||||
if (session?.user.id) {
|
||||
const stripeCustomerId = checkoutSession.customer as string;
|
||||
await upsertCustomerToSupabase(session.user.id, stripeCustomerId);
|
||||
} else {
|
||||
console.error('User ID is undefined');
|
||||
}
|
||||
|
||||
return {
|
||||
|
||||
Reference in New Issue
Block a user