Jennie Robinson Faber
b7279f57d1
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody utility for all API endpoints - Fix critical mass assignment in member creation: raw body no longer passed to new Member(), only validated fields (email, name, circle, contributionTier) are accepted - Apply Zod validation to login, profile patch, event registration, updates, verify-payment, and admin event creation endpoints - Fix logout cookie flags to match login (httpOnly: true, secure conditional on NODE_ENV) - Delete unauthenticated test/debug endpoints (test-connection, test-subscription, test-bot) - Remove sensitive console.log statements from Helcim and member endpoints - Remove unused bcryptjs dependency - Add 10MB file size limit on image uploads - Use runtime config for JWT secret across all endpoints - Add 38 validation tests (117 total, all passing)
59 lines
1.6 KiB
JavaScript
59 lines
1.6 KiB
JavaScript
// Create a new Helcim payment plan
|
|
const HELCIM_API_BASE = 'https://api.helcim.com/v2'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const config = useRuntimeConfig(event)
|
|
const body = await readBody(event)
|
|
|
|
// Validate required fields
|
|
if (!body.name || !body.amount || !body.frequency) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: 'Name, amount, and frequency are required'
|
|
})
|
|
}
|
|
|
|
const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
|
|
|
|
|
|
const response = await fetch(`${HELCIM_API_BASE}/payment-plans`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'accept': 'application/json',
|
|
'content-type': 'application/json',
|
|
'api-token': helcimToken
|
|
},
|
|
body: JSON.stringify({
|
|
planName: body.name,
|
|
planAmount: parseFloat(body.amount),
|
|
planFrequency: body.frequency, // 'monthly', 'weekly', 'biweekly', etc.
|
|
planCurrency: body.currency || 'CAD'
|
|
})
|
|
})
|
|
|
|
if (!response.ok) {
|
|
const errorText = await response.text()
|
|
console.error('Failed to create payment plan:', response.status, errorText)
|
|
|
|
throw createError({
|
|
statusCode: response.status,
|
|
statusMessage: `Failed to create payment plan: ${errorText}`
|
|
})
|
|
}
|
|
|
|
const planData = await response.json()
|
|
|
|
return {
|
|
success: true,
|
|
plan: planData
|
|
}
|
|
|
|
} catch (error) {
|
|
console.error('Error creating Helcim payment plan:', error)
|
|
throw createError({
|
|
statusCode: error.statusCode || 500,
|
|
statusMessage: error.message || 'Failed to create payment plan'
|
|
})
|
|
}
|
|
})
|