admin/podcastdistributiona
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
51c541ad2209f60b42550637843f2b57154ee777
podcastdistributiona/app/(app)/billing/actions.ts
T
Leon Serfaty 51c541ad22 Security & robustness hardening pass 
Cross-cutting input-validation, isolation, and DoS-resistance fixes across
the app, API, billing, queue, and infra layers.

- Runtime validation (zod) for client-supplied admin actions (role/plan/
  limits), series generation index, and all pg-boss queue payloads
- Auth: require email verification before sign-in; reject weak/placeholder/
  short BETTER_AUTH_SECRET in production
- Billing: sanitize Stripe/PayPal errors (log server-side, generic to client);
  race-safe subscription upsert; only count "processed" webhook events as
  handled; verify org membership in getEffectivePlan to block plan escalation
- Series generation: reserve usage up front and refund on failure; bill the
  owning org, not the caller's active org
- Injection defenses: HTML-escape user fields in emails, strip CR/LF from
  subject/recipient, validate ElevenLabs voiceId before URL interpolation
- Media routes: stream off disk instead of buffering whole files; rate-limit
  anonymous public audio/cover endpoints by client IP
2026-06-20 20:59:03 -04:00

120 lines
4.0 KiB
TypeScript
Raw Blame History

"use server";
import { revalidatePath } from "next/cache";
import { getServerSession } from "@/lib/auth/guards";
import { prisma } from "@/lib/db";
import {
stripe,
createStripeCheckout,
createStripePortal,
isStripeConfigured,
} from "@/lib/billing/stripe";
import {
createPaypalSubscription,
cancelPaypalSubscription,
isPaypalConfigured,
} from "@/lib/billing/paypal";
import { paypalPlanId, type BillingInterval } from "@/lib/billing/catalog";
import { getActiveSubscription } from "@/lib/billing/subscription";
import type { PlanKey } from "@/lib/billing/plans";
type ActionResult = { ok: true; url?: string } | { ok: false; error: string };
// Billing calls hit upstream providers (Stripe/PayPal) whose error messages can
// contain sensitive/verbose detail. Log the real error server-side, but return a
// single generic message to the client so nothing upstream leaks to end users.
function errMsg(e: unknown): string {
console.error("[billing] action failed", e);
return "Something went wrong with billing. Please try again.";
}
export async function startStripeCheckoutAction(
plan: PlanKey,
interval: BillingInterval
): Promise<ActionResult> {
const session = await getServerSession();
if (!session) return { ok: false, error: "Please sign in." };
if (!isStripeConfigured()) return { ok: false, error: "Card payments aren't configured yet." };
const user = await prisma.user.findUnique({
where: { id: session.user.id },
select: { id: true, email: true, name: true, stripeCustomerId: true },
});
if (!user) return { ok: false, error: "Account not found." };
try {
const url = await createStripeCheckout({
user,
plan,
interval,
subjectId: user.id,
subjectType: "user",
});
return { ok: true, url };
} catch (e) {
return { ok: false, error: errMsg(e) };
}
}
export async function startPaypalCheckoutAction(plan: PlanKey): Promise<ActionResult> {
const session = await getServerSession();
if (!session) return { ok: false, error: "Please sign in." };
if (!isPaypalConfigured()) return { ok: false, error: "PayPal isn't configured yet." };
const planId = paypalPlanId(plan);
if (!planId) return { ok: false, error: "PayPal plan isn't configured for this tier." };
try {
const { approveUrl } = await createPaypalSubscription({
planId,
custom: { subjectId: session.user.id, subjectType: "user", plan },
});
return { ok: true, url: approveUrl };
} catch (e) {
return { ok: false, error: errMsg(e) };
}
}
export async function openStripePortalAction(): Promise<ActionResult> {
const session = await getServerSession();
if (!session) return { ok: false, error: "Please sign in." };
const user = await prisma.user.findUnique({
where: { id: session.user.id },
select: { stripeCustomerId: true },
});
if (!user?.stripeCustomerId) return { ok: false, error: "No billing account yet." };
try {
const url = await createStripePortal(user.stripeCustomerId);
return { ok: true, url };
} catch (e) {
return { ok: false, error: errMsg(e) };
}
}
export async function cancelSubscriptionAction(): Promise<ActionResult> {
const session = await getServerSession();
if (!session) return { ok: false, error: "Please sign in." };
const sub = await getActiveSubscription(session.user.id);
if (!sub) return { ok: false, error: "No active subscription." };
try {
if (sub.provider === "paypal" && sub.paypalSubscriptionId) {
await cancelPaypalSubscription(sub.paypalSubscriptionId);
await prisma.subscription.update({
where: { id: sub.id },
data: { status: "canceled", cancelAtPeriodEnd: true },
});
} else if (sub.provider === "stripe" && sub.stripeSubscriptionId) {
await stripe().subscriptions.update(sub.stripeSubscriptionId, { cancel_at_period_end: true });
await prisma.subscription.update({
where: { id: sub.id },
data: { cancelAtPeriodEnd: true },
});
}
revalidatePath("/billing");
return { ok: true };
} catch (e) {
return { ok: false, error: errMsg(e) };
}
}
Reference in New Issue View Git Blame Copy Permalink