feat: add merchant sessions history endpoint

Kenbak · Kenbak · commit 5430ed1c968b · 2026-03-27T14:12:07.000+05:30
GET /api/merchants/me/sessions returns all sessions for the
authenticated merchant with balance, refund info, and status.
diff --git a/src/api/mod.rs b/src/api/mod.rs
@@ -46,6 +46,7 @@ pub fn configure(cfg: &mut web::ServiceConfig) {
                     .route("/me/delete", web::post().to(delete_account))
                     .route("/me/webhooks", web::get().to(auth::my_webhooks))
                     .route("/me/x402/history", web::get().to(x402::history))
+                    .route("/me/sessions", web::get().to(sessions::history))
             )
             .service(
                 web::scope("/auth")
diff --git a/src/api/sessions.rs b/src/api/sessions.rs
@@ -187,6 +187,61 @@ pub async fn close(
     }
 }
 
+pub async fn history(
+    req: HttpRequest,
+    pool: web::Data<SqlitePool>,
+) -> HttpResponse {
+    let merchant = match crate::api::auth::resolve_session(&req, &pool).await {
+        Some(m) => m,
+        None => {
+            return HttpResponse::Unauthorized().json(serde_json::json!({
+                "error": "Not authenticated"
+            }));
+        }
+    };
+
+    match crate::sessions::list_for_merchant(pool.get_ref(), &merchant.id).await {
+        Ok(sessions) => {
+            let items: Vec<_> = sessions.iter().map(|s| {
+                let balance_used = s.balance_zatoshis - s.balance_remaining;
+                let mut obj = serde_json::json!({
+                    "id": s.id,
+                    "deposit_txid": s.deposit_txid,
+                    "balance_zatoshis": s.balance_zatoshis,
+                    "balance_remaining": s.balance_remaining,
+                    "cost_per_request": s.cost_per_request,
+                    "requests_made": s.requests_made,
+                    "balance_used": balance_used,
+                    "status": s.status,
+                    "expires_at": s.expires_at,
+                    "created_at": s.created_at,
+                    "closed_at": s.closed_at,
+                });
+
+                if let Some(ref addr) = s.refund_address {
+                    if s.balance_remaining > 0 && (s.status == "closed" || s.status == "depleted" || s.status == "expired") {
+                        let refund_zec = s.balance_remaining as f64 / 100_000_000.0;
+                        obj.as_object_mut().unwrap().insert("refund".to_string(), serde_json::json!({
+                            "address": addr,
+                            "amount_zatoshis": s.balance_remaining,
+                            "amount_zec": refund_zec,
+                        }));
+                    }
+                }
+                obj
+            }).collect();
+
+            HttpResponse::Ok().json(serde_json::json!({ "sessions": items }))
+        }
+        Err(e) => {
+            tracing::error!(error = %e, "Failed to list sessions");
+            HttpResponse::InternalServerError().json(serde_json::json!({
+                "error": "Internal error"
+            }))
+        }
+    }
+}
+
 pub async fn validate(
     req: HttpRequest,
     pool: web::Data<SqlitePool>,
diff --git a/src/sessions/mod.rs b/src/sessions/mod.rs
@@ -204,6 +204,33 @@ pub async fn get_summary(pool: &SqlitePool, session_id: &str) -> Result<Option<S
     }))
 }
 
+/// List sessions for a merchant (dashboard view)
+pub async fn list_for_merchant(pool: &SqlitePool, merchant_id: &str) -> Result<Vec<Session>> {
+    let rows = sqlx::query_as::<_, (String, String, String, String, i64, i64, i64, i64, Option<String>, String, String, String, Option<String>)>(
+        "SELECT id, merchant_id, deposit_txid, bearer_token, balance_zatoshis, balance_remaining, cost_per_request, requests_made, refund_address, status, expires_at, created_at, closed_at
+         FROM sessions WHERE merchant_id = ? ORDER BY created_at DESC LIMIT 100"
+    )
+    .bind(merchant_id)
+    .fetch_all(pool)
+    .await?;
+
+    Ok(rows.into_iter().map(|r| Session {
+        id: r.0,
+        merchant_id: r.1,
+        deposit_txid: r.2,
+        bearer_token: r.3,
+        balance_zatoshis: r.4,
+        balance_remaining: r.5,
+        cost_per_request: r.6,
+        requests_made: r.7,
+        refund_address: r.8,
+        status: r.9,
+        expires_at: r.10,
+        created_at: r.11,
+        closed_at: r.12,
+    }).collect())
+}
+
 /// Check if a deposit txid has already been used for a session
 pub async fn txid_already_used(pool: &SqlitePool, txid: &str) -> bool {
     sqlx::query_scalar::<_, i64>(

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ pub fn configure(cfg: &mut web::ServiceConfig) {`
`46`	`46`	`.route("/me/delete", web::post().to(delete_account))`
`47`	`47`	`.route("/me/webhooks", web::get().to(auth::my_webhooks))`
`48`	`48`	`.route("/me/x402/history", web::get().to(x402::history))`
	`49`	`+ .route("/me/sessions", web::get().to(sessions::history))`
`49`	`50`	`)`
`50`	`51`	`.service(`
`51`	`52`	`web::scope("/auth")`