jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: use private helcimApiToken for all server-side Helcim API calls

Browse source
This commit is contained in:
Jennie Robinson Faber 2026-04-04 13:37:34 +01:00
parent ccd1d0783a
commit d31b5b4dac
53 changed files with 1755 additions and 572 deletions
Download patch file Download diff file Expand all files Collapse all files

12
server/api/helcim/initialize-payment.post.js
View file

@ -5,16 +5,16 @@ const HELCIM_API_BASE = "https://api.helcim.com/v2";
export default defineEventHandler(async (event) => {
try {
await requireAuth(event);
const config = useRuntimeConfig(event);
const body = await validateBody(event, helcimInitializePaymentSchema);
const helcimToken =
config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN;
// Determine payment type based on whether this is for a subscription or one-time payment
// Event ticket purchases can be made without authentication
const isEventTicket = body.metadata?.type === "event_ticket";
if (!isEventTicket) {
await requireAuth(event);
}
const helcimToken = config.helcimApiToken;
const amount = body.amount || 0;
// For event tickets with amount > 0, we do a purchase