From b02ee5f74b0cdaf31f16e4b53546023e0ffc26ad Mon Sep 17 00:00:00 2001 From: Jun-te Kim Date: Sun, 18 Jan 2026 15:51:43 +0000 Subject: [PATCH] use app url --- .../app/api/stripe/callback/route.ts | 63 +++++++++---------- 1 file changed, 28 insertions(+), 35 deletions(-) diff --git a/stripe_to_invoice/app/api/stripe/callback/route.ts b/stripe_to_invoice/app/api/stripe/callback/route.ts index e73565f..d4f6d79 100644 --- a/stripe_to_invoice/app/api/stripe/callback/route.ts +++ b/stripe_to_invoice/app/api/stripe/callback/route.ts @@ -1,26 +1,24 @@ import { cookies } from "next/headers"; import { NextRequest, NextResponse } from "next/server"; -import { db } from "@/lib/db"; -import { stripeAccounts } from "@/lib/schema/stripeAccounts"; -import { eq } from "drizzle-orm"; type StripeOAuthResponse = { - stripe_user_id: string; // acct_... + access_token: string; + refresh_token: string; + stripe_user_id: string; + scope: string; }; export async function GET(req: NextRequest) { const cookieStore = await cookies(); const session = cookieStore.get("session"); - // 🔒 Must be logged in + // Safety: user must still be logged in if (!session) { return NextResponse.redirect( new URL("/login", process.env.NEXT_PUBLIC_BASE_URL) ); } - const userId = session.value; - const { searchParams } = new URL(req.url); const code = searchParams.get("code"); const error = searchParams.get("error"); @@ -28,10 +26,7 @@ export async function GET(req: NextRequest) { if (error) { console.error("Stripe OAuth error:", error); return NextResponse.redirect( - new URL( - "/connect/stripe?error=oauth_failed", - process.env.NEXT_PUBLIC_BASE_URL - ) + new URL("/connect/stripe?error=oauth_failed", process.env.NEXT_PUBLIC_BASE_URL) ); } @@ -42,7 +37,7 @@ export async function GET(req: NextRequest) { ); } - // 🔁 Exchange OAuth code + // Exchange code for access token const tokenRes = await fetch("https://connect.stripe.com/oauth/token", { method: "POST", headers: { @@ -60,36 +55,34 @@ export async function GET(req: NextRequest) { console.error("Stripe token exchange failed:", text); return NextResponse.redirect( - new URL( - "/connect/stripe?error=token_exchange_failed", - process.env.NEXT_PUBLIC_BASE_URL - ) + new URL("/connect/stripe?error=token_exchange_failed", process.env.NEXT_PUBLIC_BASE_URL) ); } const data = (await tokenRes.json()) as StripeOAuthResponse; - // ✅ Persist Stripe account → user (UPSERT) - await db - .insert(stripeAccounts) - .values({ - userId, - stripeAccountId: data.stripe_user_id, - }) - .onConflictDoUpdate({ - target: stripeAccounts.userId, - set: { - stripeAccountId: data.stripe_user_id, - }, + /** + * TODO (NEXT STEP): + * - Encrypt tokens + * - Persist to DB against the current user + * + * Required fields: + * - data.stripe_user_id (acct_...) + * - data.access_token + * - data.refresh_token + * - mode: "test" + */ + + console.log("Stripe OAuth success", { + stripe_account_id: data.stripe_user_id, + scope: data.scope, + has_access_token: Boolean(data.access_token), + has_refresh_token: Boolean(data.refresh_token), + access_token_preview: data.access_token?.slice(0, 8) + "...", }); - console.log("Stripe connected", { - userId, - stripeAccountId: data.stripe_user_id, - }); - - // ✅ Success redirect + // MVP success redirect return NextResponse.redirect( - new URL("/connect/stripe/success", process.env.NEXT_PUBLIC_BASE_URL) + new URL("/connect/stripe/success", process.env.APP_URL) ); }