From 77d339ae8f1ee1ab3cb2b359f5b6dffc00350fcd Mon Sep 17 00:00:00 2001 From: Hariom Balhara Date: Tue, 1 Nov 2022 04:37:51 +0530 Subject: [PATCH] Without checkout session premium username isnt possbole (#5296) Co-authored-by: Peer Richelsen Co-authored-by: alannnc --- packages/trpc/server/routers/viewer.tsx | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/packages/trpc/server/routers/viewer.tsx b/packages/trpc/server/routers/viewer.tsx index 50ff7be931..c8d08fc435 100644 --- a/packages/trpc/server/routers/viewer.tsx +++ b/packages/trpc/server/routers/viewer.tsx @@ -942,16 +942,22 @@ const loggedInViewerRouter = createProtectedRouter() // Checking the status of payment directly from stripe allows to avoid the situation where the user has got the refund or maybe something else happened asyncly at stripe but our DB thinks it's still paid for // TODO: Test the case where one time payment is refunded. const premiumUsernameCheckoutSessionId = metadata?.checkoutSessionId; - if (premiumUsernameCheckoutSessionId) { - const checkoutSession = await stripe.checkout.sessions.retrieve(premiumUsernameCheckoutSessionId); - const canUserHavePremiumUsername = checkoutSession.payment_status == "paid"; - - if (isPremiumUsername && !canUserHavePremiumUsername) { + if (isPremiumUsername) { + // You can't have premium username without every going to a checkout session + if (!premiumUsernameCheckoutSessionId) { throw new TRPCError({ code: "BAD_REQUEST", message: "You need to pay for premium username", }); } + const checkoutSession = await stripe.checkout.sessions.retrieve(premiumUsernameCheckoutSessionId); + const canUserHavePremiumUsername = checkoutSession.payment_status == "paid"; + if (!canUserHavePremiumUsername) { + throw new TRPCError({ + code: "BAD_REQUEST", + message: "Your last checkout session for premium username is not paid", + }); + } } const updatedUser = await prisma.user.update({