Refactor Stripe webhook to use dedicated email and purchase storage functions

Author: racecn

astro/src/pages/api/stripe-webhook.ts

@@ -1,7 +1,7 @@
 import type { APIRoute } from 'astro';
 import Stripe from 'stripe';
-import fs from 'fs/promises';
-import path from 'path';
+import { storePurchaseData } from '@lib/purchase-storage';
+import { sendConfirmationEmail } from '@lib/email';
 
 const stripe = new Stripe(import.meta.env.STRIPE_SECRET_KEY);
 const endpointSecret = import.meta.env.STRIPE_WEBHOOK_SECRET;
@@ -64,57 +64,17 @@ async function handleSuccessfulPayment(session: Stripe.Checkout.Session) {
 
   // Send confirmation email with secure purchase code
   try {
-    const emailResponse = await fetch('/api/send-confirmation-email', {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        email: metadata.email,
-        purchaseCode: metadata.purchaseCode,
-        organization: metadata.organization,
-        kitType: metadata.kitType,
-        theme: metadata.theme,
-      }),
+    await sendConfirmationEmail({
+      email: metadata.email,
+      purchaseCode: metadata.purchaseCode,
+      organization: metadata.organization,
+      theme: metadata.theme,
     });
-
-    if (!emailResponse.ok) {
-      console.error('Failed to send confirmation email');
-    } else {
-      console.log('Confirmation email sent successfully');
-    }
+    console.log('Confirmation email sent successfully');
   } catch (error) {
     console.error('Error sending confirmation email:', error);
   }
 }
 
 // Export for use in save-purchase-data
 export { handleSuccessfulPayment };
-
-async function storePurchaseData(purchaseData: any) {
-  try {
-    // TODO: For user accounts/login system, also store purchase by email:
-    // - Link purchase codes to customer email addresses
-    // - Store in database: { email, purchaseCode, productId, purchaseDate }
-    // - Enable "view all my purchases" functionality
-    
-    // TODO?: For Google OAuth integration:
-    // - Add optional account linking after purchase
-    // - Store OAuth user ID with purchase data
-    // - Allow login to see purchase history
-    
-    // Create local storage directory if it doesn't exist
-    const storageDir = path.join(process.cwd(), '..', 'local-dev', 'purchases');
-    await fs.mkdir(storageDir, { recursive: true });
-
-    // Store purchase data as JSON file
-    const filename = `${purchaseData.purchaseCode}.json`;
-    const filepath = path.join(storageDir, filename);
-    
-    await fs.writeFile(filepath, JSON.stringify(purchaseData, null, 2));
-    // Purchase data stored successfully
-  } catch (error) {
-    console.error('Error storing purchase data:', error);
-    throw error;
-  }
-}

astro/src/pages/api/verify-purchase.ts

@@ -1,17 +1,7 @@
 import type { APIRoute } from 'astro';
-import fs from 'fs/promises';
-import path from 'path';
 import { createSession, getCookieHeader, getAllSessions } from 'src/lib/session-store';
 import type { PurchaseSession } from 'src/lib/session-store';
-
-interface PurchaseRecord {
-  purchaseCode: string;
-  email: string;
-  theme?: string;
-  kitType?: string;
-  organization?: string;
-  [key: string]: unknown;
-}
+import { getPurchaseData } from '@lib/purchase-storage';
 
 const GENERIC_ERROR_MESSAGE = 'Invalid purchase code or email address';
 
@@ -66,40 +56,6 @@ async function readBody(request: Request): Promise<{ purchaseCode?: string; emai
   return {};
 }
 
-function getCandidatePurchaseDirs(): string[] {
-  const env = import.meta.env as Record<string, string | undefined>;
-  const candidates = [
-    env.PURCHASES_DATA_DIR,
-    process.env.PURCHASES_DATA_DIR,
-    path.resolve(process.cwd(), '..', 'local-dev', 'purchases'),
-    path.resolve(process.cwd(), 'local-dev', 'purchases')
-  ];
-  return [...new Set(candidates.filter(Boolean) as string[])];
-}
-
-async function loadPurchase(purchaseCode: string): Promise<PurchaseRecord | null> {
-  const candidates = getCandidatePurchaseDirs();
-  const filename = `${purchaseCode}.json`;
-
-  for (const dir of candidates) {
-    const filePath = path.join(dir, filename);
-    try {
-      const fileContents = await fs.readFile(filePath, 'utf-8');
-      const parsed = JSON.parse(fileContents) as PurchaseRecord;
-      return parsed;
-    } catch (error: any) {
-      if (error?.code === 'ENOENT') {
-        continue;
-      }
-
-      console.error('[verify-purchase] Failed to read purchase file', { filePath, error });
-      throw error;
-    }
-  }
-
-  return null;
-}
-
 async function verifyAndCreateSession(options: {
   purchaseCode?: string | null;
   email?: string | null;
@@ -121,7 +77,7 @@ async function verifyAndCreateSession(options: {
   }
 
   try {
-    const purchase = await loadPurchase(normalisedCode);
+    const purchase = await getPurchaseData(normalisedCode);
 
     if (!purchase) {
       return jsonResponse({ error: GENERIC_ERROR_MESSAGE }, 404);

astro/src/test/api/stripe-webhook.test.ts

@@ -1,12 +1,9 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
-import fs from 'fs/promises';
+import { storePurchaseData } from '@lib/purchase-storage';
 
-// Mock fs module
-vi.mock('fs/promises', () => ({
-  default: {
-    mkdir: vi.fn(),
-    writeFile: vi.fn(),
-  },
+// Mock purchase storage
+vi.mock('@lib/purchase-storage', () => ({
+  storePurchaseData: vi.fn().mockResolvedValue(undefined),
 }));
 
 // Mock Stripe
@@ -27,10 +24,6 @@ describe('stripe-webhook API', () => {
   beforeEach(() => {
     vi.clearAllMocks();
 
-    // Mock successful file operations
-    (fs.mkdir as any).mockResolvedValue(undefined);
-    (fs.writeFile as any).mockResolvedValue(undefined);
-    
     // Mock successful email sending
     (global.fetch as any).mockResolvedValue({
       ok: true,
@@ -83,9 +76,11 @@ describe('stripe-webhook API', () => {
     expect(responseText).toBe('Webhook handled successfully');
 
     // Verify purchase data was stored
-    expect(fs.writeFile).toHaveBeenCalledWith(
-      expect.stringMatching(/ESC-12345678\.json$/),
-      expect.stringContaining('"purchaseCode":"ESC-12345678"')
+    expect(storePurchaseData).toHaveBeenCalledWith(
+      expect.objectContaining({
+        purchaseCode: 'ESC-12345678',
+        sessionId: 'cs_test_session123',
+      })
     );
   });
 
@@ -186,13 +181,13 @@ describe('stripe-webhook API', () => {
     expect(responseText).toBe('Webhook handled successfully');
 
     // Should not store any purchase data for unhandled events
-    expect(fs.writeFile).not.toHaveBeenCalled();
+    expect(storePurchaseData).not.toHaveBeenCalled();
   });
 
   it('should handle file system errors gracefully', async () => {
     const { POST } = await import('../../pages/api/stripe-webhook');
 
-    (fs.mkdir as any).mockRejectedValue(new Error('Permission denied'));
+    (storePurchaseData as any).mockRejectedValueOnce(new Error('Permission denied'));
 
     const mockEvent = {
       type: 'checkout.session.completed',
@@ -277,7 +272,7 @@ describe('stripe-webhook API', () => {
     expect(response.status).toBe(200);
 
     // Purchase data should still be stored
-    expect(fs.writeFile).toHaveBeenCalled();
+    expect(storePurchaseData).toHaveBeenCalled();
   });
 
   it('should store complete purchase data with all metadata', async () => {
@@ -316,13 +311,14 @@ describe('stripe-webhook API', () => {
     await POST({ request: mockRequest } as any);
 
     // Verify all data is included
-    expect(fs.writeFile).toHaveBeenCalledWith(
-      expect.stringMatching(/ESC-12345678\.json$/),
-      expect.stringMatching(/"purchaseCode":"ESC-12345678"/)
+    expect(storePurchaseData).toHaveBeenCalledWith(
+      expect.objectContaining({
+        purchaseCode: 'ESC-12345678',
+      })
     );
 
-    const writeCall = (fs.writeFile as any).mock.calls[0];
-    const savedData = JSON.parse(writeCall[1]);
+    const storeCall = (storePurchaseData as any).mock.calls[0];
+    const savedData = storeCall[0];
 
     expect(savedData).toMatchObject({
       sessionId: 'cs_test_session123',