(req: NextRequest)
| 23 | }) |
| 24 | |
| 25 | export async function POST(req: NextRequest) { |
| 26 | const session = await getServerSession(authOptions) |
| 27 | if (!session?.user?.id || !session?.user?.email) { |
| 28 | return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) |
| 29 | } |
| 30 | const userId = session.user.id |
| 31 | const _userEmail = session.user.email |
| 32 | |
| 33 | let data |
| 34 | try { |
| 35 | data = await req.json() |
| 36 | const validation = buyCreditsSchema.safeParse(data) |
| 37 | if (!validation.success) { |
| 38 | return NextResponse.json( |
| 39 | { error: 'Invalid input', issues: validation.error.issues }, |
| 40 | { status: 400 }, |
| 41 | ) |
| 42 | } |
| 43 | data = validation.data |
| 44 | } catch (error) { |
| 45 | return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 }) |
| 46 | } |
| 47 | |
| 48 | const { credits } = data |
| 49 | |
| 50 | try { |
| 51 | const user = await db.query.user.findFirst({ |
| 52 | where: eq(schema.user.id, userId), |
| 53 | columns: { stripe_customer_id: true, banned: true }, |
| 54 | }) |
| 55 | |
| 56 | if (user?.banned) { |
| 57 | logger.warn({ userId }, 'Banned user attempted to purchase credits') |
| 58 | return NextResponse.json( |
| 59 | { error: 'Your account has been suspended. Please contact support.' }, |
| 60 | { status: 403 }, |
| 61 | ) |
| 62 | } |
| 63 | |
| 64 | if (!user?.stripe_customer_id) { |
| 65 | logger.error( |
| 66 | { userId }, |
| 67 | 'User attempting to buy credits has no Stripe customer ID.', |
| 68 | ) |
| 69 | return NextResponse.json( |
| 70 | { error: 'Stripe customer not found.' }, |
| 71 | { status: 400 }, |
| 72 | ) |
| 73 | } |
| 74 | |
| 75 | const centsPerCredit = 1 |
| 76 | const amountInCents = convertCreditsToUsdCents(credits, centsPerCredit) |
| 77 | |
| 78 | if (amountInCents <= 0) { |
| 79 | logger.error( |
| 80 | { userId, credits, centsPerCredit }, |
| 81 | 'Calculated zero or negative amount in cents for credit purchase.', |
| 82 | ) |
nothing calls this directly
no test coverage detected