Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web security audit fixes

Browse Source
This commit is contained in:
Michael Freno
2026-06-02 10:30:42 -04:00
parent 36b087ae92
commit ab0d4857db
26 changed files with 1527 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
web/src/server/api/routers/billing.test.ts
View File

@@ -224,7 +224,7 @@ describe("billing.createCheckoutSession", () => {
const api = createCaller(makeUser());
const result = await api.createCheckoutSession({
priceId: "price_basic",
returnUrl: "https://example.com/return",
returnUrl: "https://app.kordant.com/return",
}) as { clientSecret: string; sessionId: string };
expect(result.clientSecret).toBe("cs_123_secret");
@@ -240,7 +240,7 @@ describe("billing.createCheckoutSession", () => {
const api = createCaller(makeUser());
await api.createCheckoutSession({
priceId: "price_plus",
returnUrl: "https://example.com/return",
returnUrl: "https://app.kordant.com/return",
});
expect(mockChangeSubscriptionTier).toHaveBeenCalledWith("sub_stripe_1", "price_plus");
@@ -257,7 +257,7 @@ describe("billing.createTrialSubscription", () => {
const api = createCaller(makeUser());
const result = await api.createTrialSubscription({
returnUrl: "https://example.com/return",
returnUrl: "https://app.kordant.com/return",
});
expect(result.sessionId).toBe("session_trial");
@@ -270,7 +270,7 @@ describe("billing.createTrialSubscription", () => {
const api = createCaller(makeUser());
await expect(api.createTrialSubscription({
returnUrl: "https://example.com/return",
returnUrl: "https://app.kordant.com/return",
})).rejects.toThrow(TRPCError);
});
});
@@ -304,7 +304,7 @@ describe("billing.createPortalSession", () => {
const api = createCaller(makeUser());
const result = await api.createPortalSession({
returnUrl: "https://example.com/return",
returnUrl: "https://app.kordant.com/return",
});
expect(result.url).toBe("https://billing.stripe.com/portal/session_456");
@@ -312,7 +312,7 @@ describe("billing.createPortalSession", () => {
it("throws NOT_FOUND when user has no stripeCustomerId", async () => {
const api = createCaller(makeUser({ stripeCustomerId: null }));
await expect(api.createPortalSession({ returnUrl: "https://example.com/return" })).rejects.toThrow(TRPCError);
await expect(api.createPortalSession({ returnUrl: "https://app.kordant.com/return" })).rejects.toThrow(TRPCError);
});
});