add v2 checkout api

devksingh4 · devksingh4 · commit 3937f50198a6 · 2025-07-12T15:33:01.000-04:00
diff --git a/Makefile b/Makefile
@@ -59,7 +59,7 @@ clean:
 build: src/ cloudformation/
 	yarn -D
 	VITE_BUILD_HASH=$(GIT_HASH) yarn build
-	cd src/api && npx tsx createSwagger.ts
+	cd src/api && npx tsx --experimental-loader=./mockLoader.mjs createSwagger.ts
 	cp -r src/api/resources/ dist/api/resources
 	rm -rf dist/lambda/sqs
 	sam build --template-file cloudformation/main.yml --use-container --parallel
diff --git a/src/api/index.ts b/src/api/index.ts
@@ -59,6 +59,7 @@ import clearSessionRoute from "./routes/clearSession.js";
 import protectedRoute from "./routes/protected.js";
 import eventsPlugin from "./routes/events.js";
 import mobileWalletV2Route from "./routes/v2/mobileWallet.js";
+import membershipV2Plugin from "./routes/v2/membership.js";
 /** END ROUTES */
 
 export const instanceId = randomUUID();
@@ -120,7 +121,7 @@ async function init(prettyPrint: boolean = false, initClients: boolean = true) {
             title: "ACM @ UIUC Core API",
             description:
               "The ACM @ UIUC Core API provides services for managing chapter operations.",
-            version: "1.1.0",
+            version: "2.0.0",
             contact: {
               name: "ACM @ UIUC Infrastructure Team",
               email: "infra@acm.illinois.edu",
@@ -357,6 +358,7 @@ async function init(prettyPrint: boolean = false, initClients: boolean = true) {
   await app.register(
     async (api, _options) => {
       api.register(mobileWalletV2Route, { prefix: "/mobileWallet" });
+      api.register(membershipV2Plugin, { prefix: "/membership" });
     },
     { prefix: "/api/v2" },
   );
diff --git a/src/api/mockLoader.mjs b/src/api/mockLoader.mjs
@@ -0,0 +1,14 @@
+export function resolve(specifier, context, defaultResolve) {
+  // If the import is for a .png file
+  if (specifier.endsWith(".png")) {
+    return {
+      // Short-circuit the import and provide a dummy module
+      shortCircuit: true,
+      // A data URL for a valid, empty JavaScript module
+      url: "data:text/javascript,export default {};",
+    };
+  }
+
+  // Let Node's default loader handle all other files
+  return defaultResolve(specifier, context, defaultResolve);
+}
diff --git a/src/api/package.json b/src/api/package.json
@@ -71,4 +71,4 @@
     "nodemon": "^3.1.10",
     "pino-pretty": "^13.0.0"
   }
-}
+}
diff --git a/src/api/routes/membership.ts b/src/api/routes/membership.ts
@@ -71,139 +71,6 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
       duration: 30,
       rateLimitIdentifier: "membership",
     });
-    fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
-      "/checkout/:netId",
-      {
-        schema: withTags(["Membership"], {
-          params: z.object({ netId: illinoisNetId }),
-          summary:
-            "Create a checkout session to purchase an ACM @ UIUC membership.",
-          response: {
-            200: {
-              description: "Stripe checkout link.",
-              content: {
-                "text/plain": {
-                  schema: z.url().meta({
-                    example:
-                      "https://buy.stripe.com/test_14A00j9Hq9tj9ZfchM3AY0s",
-                  }),
-                },
-              },
-            },
-          },
-        }),
-      },
-      async (request, reply) => {
-        const netId = request.params.netId.toLowerCase();
-        const cacheKey = `membership:${netId}:acmpaid`;
-        const result = await getKey<{ isMember: boolean }>({
-          redisClient: fastify.redisClient,
-          key: cacheKey,
-          logger: request.log,
-        });
-        if (result && result.isMember) {
-          throw new ValidationError({
-            message: `${netId} is already a paid member!`,
-          });
-        }
-        const isDynamoMember = await checkPaidMembershipFromTable(
-          netId,
-          fastify.dynamoClient,
-        );
-        if (isDynamoMember) {
-          await setKey({
-            redisClient: fastify.redisClient,
-            key: cacheKey,
-            data: JSON.stringify({ isMember: true }),
-            expiresIn: MEMBER_CACHE_SECONDS,
-            logger: request.log,
-          });
-          throw new ValidationError({
-            message: `${netId} is already a paid member!`,
-          });
-        }
-        const entraIdToken = await getEntraIdToken({
-          clients: await getAuthorizedClients(),
-          clientId: fastify.environmentConfig.AadValidClientId,
-          secretName: genericConfig.EntraSecretName,
-          logger: request.log,
-        });
-        const paidMemberGroup = fastify.environmentConfig.PaidMemberGroupId;
-        const isAadMember = await checkPaidMembershipFromEntra(
-          netId,
-          entraIdToken,
-          paidMemberGroup,
-        );
-        if (isAadMember) {
-          await setKey({
-            redisClient: fastify.redisClient,
-            key: cacheKey,
-            data: JSON.stringify({ isMember: true }),
-            expiresIn: MEMBER_CACHE_SECONDS,
-            logger: request.log,
-          });
-          reply
-            .header("X-ACM-Data-Source", "aad")
-            .send({ netId, isPaidMember: true });
-          await setPaidMembershipInTable(netId, fastify.dynamoClient);
-          throw new ValidationError({
-            message: `${netId} is already a paid member!`,
-          });
-        }
-        // Once the caller becomes a member, the stripe webhook will handle changing this to true
-        await setKey({
-          redisClient: fastify.redisClient,
-          key: cacheKey,
-          data: JSON.stringify({ isMember: false }),
-          expiresIn: MEMBER_CACHE_SECONDS,
-          logger: request.log,
-        });
-        const secretApiConfig =
-          (await getSecretValue(
-            fastify.secretsManagerClient,
-            genericConfig.ConfigSecretName,
-          )) || {};
-        if (!secretApiConfig) {
-          throw new InternalServerError({
-            message: "Could not connect to Stripe.",
-          });
-        }
-        return reply.status(200).send(
-          await createCheckoutSession({
-            successUrl: "https://acm.illinois.edu/paid",
-            returnUrl: "https://acm.illinois.edu/membership",
-            customerEmail: `${netId}@illinois.edu`,
-            stripeApiKey: secretApiConfig.stripe_secret_key as string,
-            items: [
-              {
-                price: fastify.environmentConfig.PaidMemberPriceId,
-                quantity: 1,
-              },
-            ],
-            customFields: [
-              {
-                key: "firstName",
-                label: {
-                  type: "custom",
-                  custom: "Member First Name",
-                },
-                type: "text",
-              },
-              {
-                key: "lastName",
-                label: {
-                  type: "custom",
-                  custom: "Member Last Name",
-                },
-                type: "text",
-              },
-            ],
-            initiator: "purchase-membership",
-            allowPromotionCodes: true,
-          }),
-        );
-      },
-    );
     fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
       "/:netId",
       {
diff --git a/src/api/routes/v2/membership.ts b/src/api/routes/v2/membership.ts
@@ -0,0 +1,168 @@
+import {
+  checkExternalMembership,
+  checkPaidMembershipFromEntra,
+  checkPaidMembershipFromTable,
+  setPaidMembershipInTable,
+  MEMBER_CACHE_SECONDS,
+  checkPaidMembershipFromRedis,
+} from "api/functions/membership.js";
+import { FastifyPluginAsync } from "fastify";
+import {
+  BaseError,
+  InternalServerError,
+  UnauthenticatedError,
+  ValidationError,
+} from "common/errors/index.js";
+import { getEntraIdToken } from "api/functions/entraId.js";
+import { genericConfig, roleArns } from "common/config.js";
+import { getRoleCredentials } from "api/functions/sts.js";
+import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
+import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
+import rateLimiter from "api/plugins/rateLimiter.js";
+import { createCheckoutSession } from "api/functions/stripe.js";
+import { getSecretValue } from "api/plugins/auth.js";
+import stripe, { Stripe } from "stripe";
+import rawbody from "fastify-raw-body";
+import { FastifyZodOpenApiTypeProvider } from "fastify-zod-openapi";
+import * as z from "zod/v4";
+import {
+  illinoisNetId,
+  notAuthenticatedError,
+  withTags,
+} from "api/components/index.js";
+import { getKey, setKey } from "api/functions/redisCache.js";
+import { verifyUiucIdToken } from "./mobileWallet.js";
+
+function splitOnce(s: string, on: string) {
+  const [first, ...rest] = s.split(on);
+  return [first, rest.length > 0 ? rest.join(on) : null];
+}
+function trim(s: string) {
+  return (s || "").replace(/^\s+|\s+$/g, "");
+}
+
+const membershipV2Plugin: FastifyPluginAsync = async (fastify, _options) => {
+  const limitedRoutes: FastifyPluginAsync = async (fastify) => {
+    await fastify.register(rateLimiter, {
+      limit: 15,
+      duration: 30,
+      rateLimitIdentifier: "membershipV2",
+    });
+    fastify.withTypeProvider<FastifyZodOpenApiTypeProvider>().get(
+      "/checkout",
+      {
+        schema: withTags(["Membership"], {
+          headers: z.object({
+            "x-uiuc-id-token": z.jwt().min(1).meta({
+              description:
+                "An ID token for the user in the UIUC Entra ID tenant.",
+            }),
+          }),
+          summary:
+            "Create a checkout session to purchase an ACM @ UIUC membership.",
+          response: {
+            200: {
+              description: "Stripe checkout link.",
+              content: {
+                "text/plain": {
+                  schema: z.url().meta({
+                    example:
+                      "https://buy.stripe.com/test_14A00j9Hq9tj9ZfchM3AY0s",
+                  }),
+                },
+              },
+            },
+            403: notAuthenticatedError,
+          },
+        }),
+      },
+      async (request, reply) => {
+        const idToken = request.headers["x-uiuc-id-token"];
+        const verifiedData = await verifyUiucIdToken({
+          idToken,
+          redisClient: fastify.redisClient,
+          logger: request.log,
+        });
+        const { preferred_username: upn, email, name } = verifiedData;
+        const netId = upn.replace("@illinois.edu", "");
+        if (netId.includes("@")) {
+          request.log.error(
+            `Found UPN ${upn} which cannot be turned into NetID via simple replacement.`,
+          );
+          throw new ValidationError({
+            message: "ID token could not be parsed.",
+          });
+        }
+        let isPaidMember = await checkPaidMembershipFromRedis(
+          netId,
+          fastify.redisClient,
+          request.log,
+        );
+        if (isPaidMember === null) {
+          isPaidMember = await checkPaidMembershipFromTable(
+            netId,
+            fastify.dynamoClient,
+          );
+        }
+        if (isPaidMember) {
+          throw new ValidationError({
+            message: `${upn} is already a paid member.`,
+          });
+        }
+        let firstName: string = "";
+        let lastName: string = "";
+        if (!name.includes(",")) {
+          const splitted = splitOnce(name, " ");
+          firstName = splitted[0] || "";
+          lastName = splitted[1] || "";
+        }
+        firstName = trim(name.split(",")[1]);
+        lastName = name.split(",")[0];
+
+        return reply.status(200).send(
+          await createCheckoutSession({
+            successUrl: "https://acm.illinois.edu/paid",
+            returnUrl: "https://acm.illinois.edu/membership",
+            customerEmail: upn,
+            stripeApiKey: fastify.secretConfig.stripe_secret_key as string,
+            items: [
+              {
+                price: fastify.environmentConfig.PaidMemberPriceId,
+                quantity: 1,
+              },
+            ],
+            customFields: [
+              {
+                key: "firstName",
+                label: {
+                  type: "custom",
+                  custom: "Member First Name",
+                },
+                type: "text",
+                text: {
+                  default_value: firstName,
+                },
+              },
+              {
+                key: "lastName",
+                label: {
+                  type: "custom",
+                  custom: "Member Last Name",
+                },
+                type: "text",
+                text: {
+                  default_value: lastName,
+                },
+              },
+            ],
+            initiator: "purchase-membership",
+            allowPromotionCodes: true,
+          }),
+        );
+      },
+    );
+  };
+  fastify.register(limitedRoutes);
+};
+
+export default membershipV2Plugin;
diff --git a/src/api/routes/v2/mobileWallet.ts b/src/api/routes/v2/mobileWallet.ts

Original file line number	Diff line number	Diff line change
`@@ -71,4 +71,4 @@`
`71`	`71`	`"nodemon": "^3.1.10",`
`72`	`72`	`"pino-pretty": "^13.0.0"`
`73`	`73`	`}`
`74`		`-}`
	`74`	`+}`