cay/dok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tzktz

Browse Source
This commit is contained in:
cay 2026-04-11 15:28:32 +01:00
parent b60929c63b
commit ed5d27b1b7
2 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app.js
View File

@ -105,6 +105,14 @@ app.use(
app.set("view engine", "ejs"); app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views")); app.set("views", path.join(__dirname, "views"));
const shopRoutes = require("./routes/shop.route");
/* ========================
WICHTIG: Shop/Webhook VOR express.json()
registrieren Stripe braucht raw body!
======================== */
app.use("/api", shopRoutes);
app.use(express.json()); app.use(express.json());
app.use(express.urlencoded({ extended: true })); app.use(express.urlencoded({ extended: true }));
app.use(express.static(path.join(__dirname, "public"))); app.use(express.static(path.join(__dirname, "public")));

22
routes/shop.route.js
View File

@ -51,7 +51,7 @@ router.post("/shop/checkout", requireLogin, async (req, res) => {
try { try {
const session = await stripe.checkout.sessions.create({ const session = await stripe.checkout.sessions.create({
payment_method_types: ["card"], payment_method_types: ["card", "paypal"],
line_items: [{ line_items: [{
price_data: { price_data: {
currency: "eur", currency: "eur",
@ -108,19 +108,29 @@ router.post(
} }
if (event.type === "checkout.session.completed") { if (event.type === "checkout.session.completed") {
const session = event.data.object; const session = event.data.object;
const userId = parseInt(session.metadata.userId); const userId = parseInt(session.metadata.userId);
const gems = parseInt(session.metadata.gems); const gems = parseInt(session.metadata.gems);
const packageId = session.metadata.packageId; const packageId = session.metadata.packageId;
try { try {
/* Gems gutschreiben */ /* ── Idempotenz: bereits verarbeitet? ── */
const [[existing]] = await db.query(
"SELECT id FROM shop_purchases WHERE stripe_session_id = ?",
[session.id]
);
if (existing) {
console.log(`⚠️ Webhook bereits verarbeitet (ignoriert): ${session.id}`);
return res.json({ received: true });
}
/* ── Gems gutschreiben ── */
await db.query( await db.query(
"UPDATE account_currency SET gems = gems + ? WHERE account_id = ?", "UPDATE account_currency SET gems = gems + ? WHERE account_id = ?",
[gems, userId] [gems, userId]
); );
/* Kauf protokollieren */ /* ── Kauf protokollieren ── */
await db.query( await db.query(
`INSERT INTO shop_purchases `INSERT INTO shop_purchases
(user_id, package_id, gems, stripe_session_id, created_at) (user_id, package_id, gems, stripe_session_id, created_at)