1
import getAccountId from "lib/account/get-account";
2
import getPayments from "@cocalc/server/purchases/stripe/get-payments";
3
import throttle from "@cocalc/util/api/throttle";
4
import getParams from "lib/api/get-params";
5
import userIsInGroup from "@cocalc/server/accounts/is-in-group";
6

7
// See https://docs.stripe.com/api/payment_intents/list for definition of
8
// all parameters, which are passed in exactly to stripe's api.  In particular,
9
// time is in seconds and is either or string or number depending on how given,
10
// and ending_before, starting_after are NOT times but object id's.
11

12
export default async function handle(req, res) {
13
  try {
14
    res.json(await get(req));
15
  } catch (err) {
16
    res.json({ error: `${err.message}` });
17
    return;
18
  }
19
}
20

21
async function get(req) {
22
  const account_id = await getAccountId(req);
23
  if (account_id == null) {
24
    throw Error("must be signed in");
25
  }
26
  throttle({ account_id, endpoint: "purchases/stripe/get-payments" });
27

28
  const {
29
    user_account_id,
30
    created,
31
    ending_before,
32
    starting_after,
33
    limit,
34
    unfinished,
35
    canceled,
36
  } = getParams(req);
37
  if (user_account_id) {
38
    // This user MUST be an admin:
39
    if (!(await userIsInGroup(account_id, "admin"))) {
40
      throw Error("only admins can get other user's open payments");
41
    }
42
    return await getPayments({
43
      account_id: user_account_id,
44
      created,
45
      ending_before,
46
      starting_after,
47
      limit,
48
      unfinished,
49
      canceled,
50
    });
51
  }
52

53
  return await getPayments({
54
    account_id,
55
    created,
56
    ending_before,
57
    starting_after,
58
    limit,
59
    unfinished,
60
    canceled,
61
  });
62
}
63

64