Put back the POST /stripe/billing route and point it to the same ha…

…ndler.
SkynetLabs · May 25, 2022 · 9c5297f · 9c5297f
1 parent b0d1767
commit 9c5297f
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 4 deletions.
diff --git a/api/routes.go b/api/routes.go
@@ -77,7 +77,9 @@ func (api *API) buildHTTPRoutes() {
 	api.staticRouter.POST("/user/recover/request", api.WithDBSession(api.noAuth(api.userRecoverRequestPOST)))
 	api.staticRouter.POST("/user/recover", api.WithDBSession(api.noAuth(api.userRecoverPOST)))
 
-	api.staticRouter.GET("/stripe/billing", api.WithDBSession(api.withAuth(api.stripeBillingGET, false)))
+	api.staticRouter.GET("/stripe/billing", api.WithDBSession(api.withAuth(api.stripeBillingHANDLER, false)))
+	// `POST /stripe/billing` is deprecated. Please use `GET /stripe/billing`.
+	api.staticRouter.POST("/stripe/billing", api.WithDBSession(api.withAuth(api.stripeBillingHANDLER, false)))
 	api.staticRouter.POST("/stripe/checkout", api.WithDBSession(api.withAuth(api.stripeCheckoutPOST, false)))
 	api.staticRouter.GET("/stripe/prices", api.noAuth(api.stripePricesGET))
 	api.staticRouter.POST("/stripe/webhook", api.WithDBSession(api.noAuth(api.stripeWebhookPOST)))

diff --git a/api/stripe.go b/api/stripe.go
@@ -152,10 +152,10 @@ func (api *API) processStripeSub(ctx context.Context, s *stripe.Subscription) er
 	return err
 }
 
-// stripeBillingGET creates a new billing session for the user and redirects
+// stripeBillingHANDLER creates a new billing session for the user and redirects
 // them to it. If the user does not yet have a Stripe customer, one is
 // registered for them.
-func (api *API) stripeBillingGET(u *database.User, w http.ResponseWriter, req *http.Request, _ httprouter.Params) {
+func (api *API) stripeBillingHANDLER(u *database.User, w http.ResponseWriter, req *http.Request, _ httprouter.Params) {
 	if u.StripeID == "" {
 		id, err := api.stripeCreateCustomer(req.Context(), u)
 		if err != nil {

diff --git a/test/api/stripe_test.go b/test/api/stripe_test.go
@@ -35,7 +35,8 @@ func TestStripe(t *testing.T) {
 	api.StripeTestMode = true
 
 	tests := map[string]func(t *testing.T, at *test.AccountsTester){
-		"post billing":  testStripeBillingGET,
+		"get billing":   testStripeBillingGET,
+		"post billing":  testStripeBillingPOST,
 		"get prices":    testStripePricesGET,
 		"post checkout": testStripeCheckoutPOST,
 	}
@@ -83,6 +84,37 @@ func testStripeBillingGET(t *testing.T, at *test.AccountsTester) {
 	}
 }
 
+// testStripeBillingPOST ensures that we can create a new billing session.
+func testStripeBillingPOST(t *testing.T, at *test.AccountsTester) {
+	name := test.DBNameForTest(t.Name())
+	r, _, err := at.UserPOST(name+"@siasky.net", name+"pass")
+	if err != nil {
+		t.Fatal(err)
+	}
+	c := test.ExtractCookie(r)
+
+	at.SetFollowRedirects(false)
+
+	// Try to start a billing session without valid user auth.
+	at.ClearCredentials()
+	_, s, err := at.StripeBillingPOST()
+	if err == nil || s != http.StatusUnauthorized {
+		t.Fatalf("Expected 401 Unauthorized, got %d %s", s, err)
+	}
+	// Try with a valid user. Expect a temporary redirect error. This is not a
+	// fail case, we expect that to happen. In production we'll follow that
+	// redirect.
+	at.SetCookie(c)
+	h, s, err := at.StripeBillingPOST()
+	if err != nil || s != http.StatusTemporaryRedirect {
+		t.Fatalf("Expected %d and no error, got %d '%s'", http.StatusTemporaryRedirect, s, err)
+	}
+	expectedRedirectPrefix := "https://billing.stripe.com/session/"
+	if !strings.HasPrefix(h.Get("Location"), expectedRedirectPrefix) {
+		t.Fatalf("Expected a redirect link with prefix '%s', got '%s'", expectedRedirectPrefix, h.Get("Location"))
+	}
+}
+
 // testStripeCheckoutPOST ensures that we can create a new checkout session.
 func testStripeCheckoutPOST(t *testing.T, at *test.AccountsTester) {
 	name := test.DBNameForTest(t.Name())

diff --git a/test/tester.go b/test/tester.go
@@ -679,6 +679,17 @@ func (at *AccountsTester) StripeBillingGET() (http.Header, int, error) {
 	return r.Header, r.StatusCode, nil
 }
 
+// StripeBillingPOST performs a `POST /stripe/billing`
+func (at *AccountsTester) StripeBillingPOST() (http.Header, int, error) {
+	r, err := at.Request(http.MethodPost, "/stripe/billing", nil, nil, nil, nil)
+	// We ignore the temporary redirect error because it's the expected
+	// behaviour of this endpoint.
+	if err != nil && !strings.Contains(err.Error(), "307 Temporary Redirect") {
+		return nil, r.StatusCode, err
+	}
+	return r.Header, r.StatusCode, nil
+}
+
 // StripeCheckoutPOST performs a `POST /stripe/checkout`
 func (at *AccountsTester) StripeCheckoutPOST(price string) (string, int, error) {
 	body := struct {