Ramadhan Sjamsani
2c95fd040d
- Backend wraps idn-finlogos npm at /assets/payment-icons/<slug>.svg with
1y immutable cache. Mobile drops bundled SVGs (only placeholder remains)
and fetches via flutter_cache_manager. payment_methods.icon is now a
CSV of slugs; catalog emits icon_urls[]. CARDS tile renders Visa + MC +
JCB side by side.
- Per-method min/max amount bounds (BIGINT, nullable). Picker greys out
out-of-range tiles with subtitle; backend gates with INVALID_PAYMENT_AMOUNT
(422). Defense in depth against stale-catalog clients.
- Xendit channel codes corrected from authoritative docs
(BCA_VA -> BCA_VIRTUAL_ACCOUNT, CREDIT_CARD -> CARDS, ovo -> ovo-new,
shopeepay -> shopee-pay, ...). 18 methods x 5 groups seeded with
Xendit-published per-channel min/max.
- Re-runnable seed (ON CONFLICT DO NOTHING on payment_code + new unique
index on group name). Operator CC edits never clobbered across re-runs.
One-shot reset + inspect scripts under backend/.dev/.
- Customer redirect HTML pages at /payment/return/{success,failure},
brand-styled with "Buka HaloBestie" CTA firing halobestie:// deeplink.
URL scheme registered on Android (intent-filter w/ BROWSABLE on
MainActivity) and iOS (CFBundleURLTypes). Waiting-payment poller still
owns confirmation; deeplink just brings the activity to foreground.
- Control center payment-catalog page: min/max inputs + columns. Other
CC pages restyled with new theme tokens (separate work, bundled here).
169/169 backend tests pass. See requirement/phase5-payment-revamp-2026-05-27.md
for the full revamp doc. Stage 8 (E2E) still pending: webhook URL routing
decision + two client_app follow-ups (legacy /chat/request removal,
extension Custom Tab).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
1.4 KiB
JavaScript
41 lines
1.4 KiB
JavaScript
/**
|
|
* Control-center read-only manifest for the payment-icon picker.
|
|
*
|
|
* GET /internal/payment-icons → { slugs: [...] }
|
|
*
|
|
* The CC payment-method form uses this to populate a dropdown of valid
|
|
* `icon` values, so operators pick from a known list instead of typing free
|
|
* text and risking a 404 on the asset endpoint. Reuses the `config` `read`
|
|
* permission (same scope used by the catalog editor).
|
|
*/
|
|
|
|
import { authenticate, requirePermission } from '../../plugins/auth.js'
|
|
import { getCcUserById } from '../../services/cc-user.service.js'
|
|
import { UserType } from '../../constants.js'
|
|
import { listIconSlugs } from '../../services/payment-icon.service.js'
|
|
|
|
const attachCcUser = async (request, reply) => {
|
|
if (request.auth?.userType !== UserType.CC_USER) {
|
|
return reply.code(403).send({
|
|
success: false,
|
|
error: { code: 'FORBIDDEN', message: 'Not a control center user' },
|
|
})
|
|
}
|
|
const user = await getCcUserById(request.auth.userId)
|
|
if (!user) {
|
|
return reply.code(403).send({
|
|
success: false,
|
|
error: { code: 'FORBIDDEN', message: 'Not a control center user' },
|
|
})
|
|
}
|
|
request.ccUser = user
|
|
}
|
|
|
|
const READ_GUARD = [authenticate, attachCcUser, requirePermission('config', 'read')]
|
|
|
|
export const internalPaymentIconsRoutes = async (app) => {
|
|
app.get('/payment-icons', { preHandler: READ_GUARD }, async (_request, reply) => {
|
|
return reply.send({ success: true, data: { slugs: listIconSlugs() } })
|
|
})
|
|
}
|