jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Zod validation to all API endpoints and remove debug test route

Browse source 
Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.
This commit is contained in:
Jennie Robinson Faber 2026-03-01 17:04:26 +00:00
parent e4813075b7
commit 025c1a180f
38 changed files with 1132 additions and 309 deletions
Download patch file Download diff file Expand all files Collapse all files

18
server/api/helcim/create-plan.post.js
View file

@ -3,16 +3,9 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.name || !body.amount || !body.frequency) {
throw createError({
statusCode: 400,
statusMessage: 'Name, amount, and frequency are required'
})
}
const body = await validateBody(event, helcimCreatePlanSchema)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -38,7 +31,7 @@ export default defineEventHandler(async (event) => {
throw createError({
statusCode: response.status,
statusMessage: `Failed to create payment plan: ${errorText}`
statusMessage: 'Payment plan creation failed'
})
}
@ -50,10 +43,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim payment plan:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create payment plan'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

7
server/api/helcim/customer-code.get.js
View file

@ -61,7 +61,7 @@ export default defineEventHandler(async (event) => {
const errorText = await response.text()
throw createError({
statusCode: response.status,
statusMessage: `Failed to get customer: ${errorText}`
statusMessage: 'Customer lookup failed'
})
}
@ -74,10 +74,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error getting customer code:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to get customer code'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

19
server/api/helcim/customer.post.js
View file

@ -9,15 +9,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB()
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.name || !body.email) {
throw createError({
statusCode: 400,
statusMessage: 'Name and email are required'
})
}
const body = await validateBody(event, helcimCustomerSchema)
// Check if member already exists
const existingMember = await Member.findOne({ email: body.email })
@ -58,7 +50,7 @@ export default defineEventHandler(async (event) => {
console.error('Connection test failed:', testError)
throw createError({
statusCode: 401,
statusMessage: `Helcim API connection failed: ${testError.message}`
statusMessage: 'Payment service unavailable'
})
}
@ -82,7 +74,7 @@ export default defineEventHandler(async (event) => {
console.error('Customer creation failed:', customerResponse.status, errorText)
throw createError({
statusCode: customerResponse.status,
statusMessage: `Failed to create customer: ${errorText}`
statusMessage: 'Customer creation failed'
})
}
@ -133,10 +125,11 @@ export default defineEventHandler(async (event) => {
}
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim customer:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create customer'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

7
server/api/helcim/get-or-create-customer.post.js
View file

@ -100,7 +100,7 @@ export default defineEventHandler(async (event) => {
console.error('Failed to create Helcim customer:', createResponse.status, errorText)
throw createError({
statusCode: createResponse.status,
statusMessage: `Failed to create Helcim customer: ${errorText}`
statusMessage: 'Customer creation failed'
})
}
@ -118,10 +118,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error in get-or-create-customer:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to get or create customer'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

9
server/api/helcim/initialize-payment.post.js
View file

@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => {
try {
await requireAuth(event);
const config = useRuntimeConfig(event);
const body = await readBody(event);
const body = await validateBody(event, helcimInitializePaymentSchema);
const helcimToken =
@ -64,7 +64,7 @@ export default defineEventHandler(async (event) => {
);
throw createError({
statusCode: response.status,
statusMessage: `Failed to initialize payment: ${errorText}`,
statusMessage: 'Payment initialization failed',
});
}
@ -76,10 +76,11 @@ export default defineEventHandler(async (event) => {
secretToken: paymentData.secretToken,
};
} catch (error) {
if (error.statusCode) throw error;
console.error("Error initializing HelcimPay:", error);
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || "Failed to initialize payment",
statusCode: 500,
statusMessage: "An unexpected error occurred",
});
}
});

6
server/api/helcim/plans.get.js
View file

@ -3,6 +3,7 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -30,10 +31,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error fetching Helcim payment plans:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to fetch payment plans'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

71
server/api/helcim/subscription.post.js
View file

@ -76,22 +76,7 @@ export default defineEventHandler(async (event) => {
await requireAuth(event)
await connectDB()
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.customerId || !body.contributionTier) {
throw createError({
statusCode: 400,
statusMessage: 'Customer ID and contribution tier are required'
})
}
if (!body.customerCode) {
throw createError({
statusCode: 400,
statusMessage: 'Customer code is required for subscription creation'
})
}
const body = await validateBody(event, helcimSubscriptionSchema)
// Check if payment is required
if (!requiresPayment(body.contributionTier)) {
@ -112,7 +97,14 @@ export default defineEventHandler(async (event) => {
return {
success: true,
subscription: null,
member
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
}
}
}
@ -152,7 +144,14 @@ export default defineEventHandler(async (event) => {
status: 'needs_plan_setup',
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: `Payment successful but recurring plan needs to be set up in Helcim for the ${body.contributionTier} tier`
}
}
@ -222,17 +221,23 @@ export default defineEventHandler(async (event) => {
subscription: {
subscriptionId: 'manual-' + Date.now(),
status: 'needs_setup',
error: errorText,
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: 'Payment successful but recurring subscription needs manual setup'
}
}
throw createError({
statusCode: subscriptionResponse.status,
statusMessage: `Failed to create subscription: ${errorText}`
statusMessage: 'Subscription creation failed'
})
}
@ -267,7 +272,14 @@ export default defineEventHandler(async (event) => {
status: subscription.status,
nextBillingDate: subscription.nextBillingDate
},
member
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
}
}
} catch (fetchError) {
console.error('Error during subscription creation:', fetchError)
@ -294,18 +306,25 @@ export default defineEventHandler(async (event) => {
subscription: {
subscriptionId: 'manual-' + Date.now(),
status: 'needs_setup',
error: fetchError.message,
nextBillingDate: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)
},
member,
member: {
id: member._id,
email: member.email,
name: member.name,
circle: member.circle,
contributionTier: member.contributionTier,
status: member.status
},
warning: 'Payment successful but recurring subscription needs manual setup'
}
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error creating Helcim subscription:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to create subscription'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

6
server/api/helcim/subscriptions.get.js
View file

@ -3,6 +3,7 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
export default defineEventHandler(async (event) => {
try {
await requireAdmin(event)
const config = useRuntimeConfig(event)
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -30,10 +31,11 @@ export default defineEventHandler(async (event) => {
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error fetching Helcim subscriptions:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to fetch subscriptions'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})

25
server/api/helcim/update-billing.post.js
View file

@ -7,25 +7,9 @@ export default defineEventHandler(async (event) => {
try {
await requireAuth(event)
const config = useRuntimeConfig(event)
const body = await readBody(event)
// Validate required fields
if (!body.customerId || !body.billingAddress) {
throw createError({
statusCode: 400,
statusMessage: 'Customer ID and billing address are required'
})
}
const body = await validateBody(event, helcimUpdateBillingSchema)
const { billingAddress } = body
// Validate billing address fields
if (!billingAddress.street || !billingAddress.city || !billingAddress.country || !billingAddress.postalCode) {
throw createError({
statusCode: 400,
statusMessage: 'Complete billing address is required'
})
}
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
@ -54,7 +38,7 @@ export default defineEventHandler(async (event) => {
console.error('Billing address update failed:', response.status, errorText)
throw createError({
statusCode: response.status,
statusMessage: `Failed to update billing address: ${errorText}`
statusMessage: 'Billing update failed'
})
}
@ -65,10 +49,11 @@ export default defineEventHandler(async (event) => {
customer: customerData
}
} catch (error) {
if (error.statusCode) throw error
console.error('Error updating billing address:', error)
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || 'Failed to update billing address'
statusCode: 500,
statusMessage: 'An unexpected error occurred'
})
}
})