Without checkout session premium username isnt possbole (#5296)

Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: alannnc <alannnc@gmail.com>
2022-11-01 04:37:51 +05:30 · 2022-11-01 04:37:51 +05:30 · 77d339ae8f
parent ac9b2d0577
commit 77d339ae8f
1 changed files with 11 additions and 5 deletions
--- a/packages/trpc/server/routers/viewer.tsx
+++ b/packages/trpc/server/routers/viewer.tsx
@ -942,16 +942,22 @@ const loggedInViewerRouter = createProtectedRouter()
      // Checking the status of payment directly from stripe allows to avoid the situation where the user has got the refund or maybe something else happened asyncly at stripe but our DB thinks it's still paid for
      // TODO: Test the case where one time payment is refunded.
      const premiumUsernameCheckoutSessionId = metadata?.checkoutSessionId;
-      if (premiumUsernameCheckoutSessionId) {
-        const checkoutSession = await stripe.checkout.sessions.retrieve(premiumUsernameCheckoutSessionId);
-        const canUserHavePremiumUsername = checkoutSession.payment_status == "paid";
-
-        if (isPremiumUsername && !canUserHavePremiumUsername) {
+      if (isPremiumUsername) {
+        // You can't have premium username without every going to a checkout session
+        if (!premiumUsernameCheckoutSessionId) {
          throw new TRPCError({
            code: "BAD_REQUEST",
            message: "You need to pay for premium username",
          });
        }
+        const checkoutSession = await stripe.checkout.sessions.retrieve(premiumUsernameCheckoutSessionId);
+        const canUserHavePremiumUsername = checkoutSession.payment_status == "paid";
+        if (!canUserHavePremiumUsername) {
+          throw new TRPCError({
+            code: "BAD_REQUEST",
+            message: "Your last checkout session for premium username is not paid",
+          });
+        }
      }

      const updatedUser = await prisma.user.update({