Jennie Robinson Faber
9b79ae6bf4
After commit 90acc35 issued the cookie for $0 signups too, the "payment"
framing was wrong — there's no payment in a $0 signup. The cookie is
about bridging the gap between signup-form submit and email verify, not
about payment specifically.
Changes:
- setPaymentBridgeCookie → setSignupBridgeCookie
- getPaymentBridgeMember → getSignupBridgeMember
- Cookie wire name payment-bridge → signup-bridge
- JWT scope payment_bridge → signup_bridge
Touches both /api/helcim/subscription (signup activation) and
/api/helcim/initialize-payment (paid Helcim checkout) which both consume
the cookie. In-flight signup sessions started before this lands will
need to re-submit the form (cookie name mismatch); cutover hasn't
happened yet, so the only impact is local dev sessions.
194 lines
No EOL
6.6 KiB
JavaScript
194 lines
No EOL
6.6 KiB
JavaScript
// Create a Helcim subscription
|
|
import { getHelcimPlanId, requiresPayment } from '../../config/contributions.js'
|
|
import Member from '../../models/member.js'
|
|
import { connectDB } from '../../utils/mongoose.js'
|
|
import { getSlackService } from '../../utils/slack.ts'
|
|
import { requireAuth, getSignupBridgeMember } from '../../utils/auth.js'
|
|
import { createHelcimSubscription, generateIdempotencyKey, listHelcimCustomerTransactions } from '../../utils/helcim.js'
|
|
import { sendWelcomeEmail } from '../../utils/resend.js'
|
|
import { upsertPaymentFromHelcim } from '../../utils/payments.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
// Membership signup completes subscription before email verify; allow the
|
|
// signup-bridge cookie set by /api/helcim/customer to satisfy auth here.
|
|
const bridgeMember = await getSignupBridgeMember(event)
|
|
if (!bridgeMember) {
|
|
await requireAuth(event)
|
|
}
|
|
await connectDB()
|
|
const body = await validateBody(event, helcimSubscriptionSchema)
|
|
|
|
// Check if payment is required
|
|
if (!requiresPayment(body.contributionAmount)) {
|
|
// For free tier, atomically capture pre-update status alongside the write.
|
|
// Welcome email only fires on pending_payment → active transitions, not
|
|
// on tier upgrades (active → active).
|
|
const preMember = await Member.findOneAndUpdate(
|
|
{ helcimCustomerId: body.customerId },
|
|
{
|
|
status: 'active',
|
|
contributionAmount: body.contributionAmount,
|
|
subscriptionStartDate: new Date()
|
|
},
|
|
{ new: false, projection: { status: 1 } }
|
|
)
|
|
const isFirstActivation = preMember?.status === 'pending_payment'
|
|
const member = await Member.findById(preMember._id)
|
|
|
|
logActivity(member._id, 'subscription_created', { amount: body.contributionAmount })
|
|
|
|
await autoFlagPreExistingSlackAccess(member)
|
|
try {
|
|
const slackService = getSlackService()
|
|
if (slackService) {
|
|
await slackService.notifyNewMember(
|
|
member.name,
|
|
member.email,
|
|
member.circle,
|
|
member.contributionAmount,
|
|
'manual_invitation_required'
|
|
)
|
|
}
|
|
} catch (err) {
|
|
console.error('[slack] notifyNewMember failed:', err)
|
|
}
|
|
if (isFirstActivation) await sendWelcomeEmail(member)
|
|
|
|
return {
|
|
success: true,
|
|
subscription: null,
|
|
member: {
|
|
id: member._id,
|
|
email: member.email,
|
|
name: member.name,
|
|
circle: member.circle,
|
|
contributionAmount: member.contributionAmount,
|
|
status: member.status
|
|
}
|
|
}
|
|
}
|
|
|
|
// Validate card token is provided
|
|
if (!body.cardToken) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Payment information is required for a paid contribution'
|
|
})
|
|
}
|
|
|
|
const cadence = body.cadence
|
|
const paymentPlanId = getHelcimPlanId(cadence)
|
|
const recurringAmount = cadence === 'annual'
|
|
? body.contributionAmount * 12
|
|
: body.contributionAmount
|
|
|
|
if (!paymentPlanId) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: cadence === 'annual'
|
|
? 'Annual plan id not configured'
|
|
: 'Monthly plan id not configured',
|
|
})
|
|
}
|
|
|
|
const idempotencyKey = generateIdempotencyKey()
|
|
|
|
const subscriptionPayload = {
|
|
dateActivated: new Date().toISOString().split('T')[0],
|
|
paymentPlanId: parseInt(paymentPlanId),
|
|
customerCode: body.customerCode,
|
|
recurringAmount,
|
|
paymentMethod: 'card',
|
|
}
|
|
|
|
const subscriptionData = await createHelcimSubscription(subscriptionPayload, idempotencyKey)
|
|
|
|
// Extract the first subscription from the response array
|
|
const subscription = subscriptionData.data?.[0]
|
|
if (!subscription) {
|
|
throw createError({ statusCode: 500, statusMessage: 'Subscription creation failed' })
|
|
}
|
|
|
|
const rawNextBilling = subscription.dateBilling || subscription.nextBillingDate || null
|
|
const nextBillingDate = rawNextBilling ? new Date(rawNextBilling) : null
|
|
|
|
// Atomically capture pre-update status alongside the write so we can
|
|
// detect the pending_payment → active transition without a separate read
|
|
// (which would race with concurrent webhooks/double-clicks).
|
|
const preMember = await Member.findOneAndUpdate(
|
|
{ helcimCustomerId: body.customerId },
|
|
{ $set: {
|
|
contributionAmount: body.contributionAmount,
|
|
helcimSubscriptionId: subscription.id,
|
|
helcimCustomerId: body.customerId,
|
|
paymentMethod: 'card',
|
|
billingCadence: cadence,
|
|
subscriptionStartDate: new Date(),
|
|
status: 'active',
|
|
...(nextBillingDate && !Number.isNaN(nextBillingDate.getTime())
|
|
? { nextBillingDate }
|
|
: {}),
|
|
} },
|
|
{ new: false, runValidators: false, projection: { status: 1 } }
|
|
)
|
|
const isFirstActivation = preMember?.status === 'pending_payment'
|
|
const member = await Member.findById(preMember._id)
|
|
|
|
logActivity(member._id, 'subscription_created', { amount: body.contributionAmount })
|
|
|
|
try {
|
|
const txs = await listHelcimCustomerTransactions(body.customerCode)
|
|
const latestPaid = txs.find((t) => t.status === 'paid')
|
|
if (latestPaid) {
|
|
await upsertPaymentFromHelcim(member, latestPaid, {
|
|
paymentType: cadence,
|
|
sendConfirmation: true
|
|
})
|
|
}
|
|
} catch (err) {
|
|
console.error('[payments] initial charge log failed, will be picked up by reconciliation:', err?.message || err)
|
|
}
|
|
|
|
await autoFlagPreExistingSlackAccess(member)
|
|
try {
|
|
const slackService = getSlackService()
|
|
if (slackService) {
|
|
await slackService.notifyNewMember(
|
|
member.name,
|
|
member.email,
|
|
member.circle,
|
|
member.contributionAmount,
|
|
'manual_invitation_required'
|
|
)
|
|
}
|
|
} catch (err) {
|
|
console.error('[slack] notifyNewMember failed:', err)
|
|
}
|
|
if (isFirstActivation) await sendWelcomeEmail(member)
|
|
|
|
return {
|
|
success: true,
|
|
subscription: {
|
|
subscriptionId: subscription.id,
|
|
status: subscription.status,
|
|
nextBillingDate: rawNextBilling
|
|
},
|
|
member: {
|
|
id: member._id,
|
|
email: member.email,
|
|
name: member.name,
|
|
circle: member.circle,
|
|
contributionAmount: member.contributionAmount,
|
|
status: member.status
|
|
}
|
|
}
|
|
} catch (error) {
|
|
if (error.statusCode) throw error
|
|
console.error('Error creating Helcim subscription:', error)
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: 'An unexpected error occurred'
|
|
})
|
|
}
|
|
}) |