gftsjhnret

app.js

@@ -28,7 +28,7 @@ const { registerArenaHandlers } = require("./sockets/arena");
 const { registerChatHandlers } = require("./sockets/chat");
 const boosterRoutes = require("./routes/booster.route");
 const pointsRoutes  = require("./routes/points.route");
-const { router: shopRoutes } = require("./routes/shop.route");
+const shopRoutes    = require("./routes/shop.route");
 
 const compression = require("compression");
 
@@ -71,25 +71,10 @@ app.use(
   }),
 );
 
-/* ========================
-   Stripe Webhook (raw body –
-   muss VOR express.json stehen!)
-======================== */
-const { router: shopRouteWebhook } = require("./routes/shop.route");
-app.use("/api", shopRouteWebhook);
-
-const limiter = rateLimit({
-  windowMs: 15 * 60 * 1000,
-  max: 5000,
-});
-
 app.use(limiter);
 
 /* ========================
    Lösung 2: Session Config
-   maxAge: 24h – Sessions laufen
-   automatisch ab, auch wenn der
-   Browser einfach geschlossen wurde.
 ======================== */
 
 app.use(
@@ -100,7 +85,7 @@ app.use(
     cookie: {
       httpOnly: true,
       secure: process.env.NODE_ENV === "production",
-      maxAge: 1000 * 60 * 60 * 24, // 24 Stunden
+      maxAge: 1000 * 60 * 60 * 24,
     },
   }),
 );
@@ -112,7 +97,14 @@ app.use(
 app.set("view engine", "ejs");
 app.set("views", path.join(__dirname, "views"));
 
-app.use(express.json());
+/* Webhook braucht raw body – alle anderen json */
+app.use((req, res, next) => {
+  if (req.originalUrl === "/api/shop/webhook") {
+    express.raw({ type: "application/json" })(req, res, next);
+  } else {
+    express.json()(req, res, next);
+  }
+});
 app.use(express.urlencoded({ extended: true }));
 app.use(express.static(path.join(__dirname, "public")));
 

routes/shop.route.js

@@ -139,4 +139,4 @@ router.post(
   }
 );
 
-module.exports = { router, PACKAGES };
+module.exports = router;