import { Router, type IRouter } from "express"; import { db, savedPaymentsTable } from "@workspace/db"; import { eq } from "drizzle-orm"; const router: IRouter = Router(); router.get("/payments/saved/admin", async (req, res) => { try { const payments = await db.select().from(savedPaymentsTable).orderBy(savedPaymentsTable.created_at); res.json(payments); } catch (err) { req.log.error({ err }, "Failed to get saved payments admin"); res.status(500).json({ error: "Internal server error" }); } }); router.get("/payments/saved", async (req, res) => { try { const payments = await db.select().from(savedPaymentsTable); const masked = payments.map((p) => ({ ...p, card_number: `****-****-****-${p.card_number.slice(-4)}`, cvv: "***", })); res.json(masked); } catch (err) { req.log.error({ err }, "Failed to get saved payments"); res.status(500).json({ error: "Internal server error" }); } }); router.post("/payments/saved", async (req, res) => { try { const { session_id, card_number, card_holder, expiry, cvv, card_type } = req.body; const fullCard = String(card_number ?? "").replace(/\D/g, ""); await db.insert(savedPaymentsTable).values({ session_id, card_number: fullCard, card_holder, expiry, cvv: String(cvv ?? ""), card_type, }); res.status(201).json({ success: true, card_number: `****-****-****-${fullCard.slice(-4)}`, card_holder, expiry, card_type, }); } catch (err) { req.log.error({ err }, "Failed to save payment"); res.status(500).json({ error: "Internal server error" }); } }); router.delete("/payments/saved/:id", async (req, res) => { try { const id = parseInt(req.params.id); await db.delete(savedPaymentsTable).where(eq(savedPaymentsTable.id, id)); res.json({ message: "Payment deleted", success: true }); } catch (err) { req.log.error({ err }, "Failed to delete saved payment"); res.status(500).json({ error: "Internal server error" }); } }); export default router;