// Verify payment token from HelcimPay.js import { requireAuth } from '../../utils/auth.js' const HELCIM_API_BASE = 'https://api.helcim.com/v2' export default defineEventHandler(async (event) => { try { await requireAuth(event) const config = useRuntimeConfig(event) const body = await readBody(event) // Validate required fields if (!body.cardToken || !body.customerId) { throw createError({ statusCode: 400, statusMessage: 'Card token and customer ID are required' }) } const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN if (!helcimToken) { throw createError({ statusCode: 500, statusMessage: 'Helcim API token not configured' }) } // Verify the card token by fetching the customer's cards from Helcim const response = await fetch(`${HELCIM_API_BASE}/customers/${body.customerId}/cards`, { method: 'GET', headers: { 'accept': 'application/json', 'api-token': helcimToken } }) if (!response.ok) { const errorText = await response.text() console.error('Payment verification failed:', response.status, errorText) throw createError({ statusCode: 502, statusMessage: 'Payment verification failed with Helcim' }) } const cards = await response.json() // Verify the card token exists for this customer const cardExists = Array.isArray(cards) && cards.some(card => card.cardToken === body.cardToken || card.id ) if (!cardExists && Array.isArray(cards) && cards.length === 0) { throw createError({ statusCode: 400, statusMessage: 'No payment method found for this customer' }) } return { success: true, cardToken: body.cardToken, message: 'Payment verified with Helcim' } } catch (error) { console.error('Error verifying payment:', error) throw createError({ statusCode: error.statusCode || 500, statusMessage: error.statusMessage || 'Failed to verify payment' }) } })