eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
9ccd309dbcb866a5626c97c9db0d5025829b8c16
worldmonitor/docs/api-commerce.mdx
Sebastien Melki 9ccd309dbc refactor(leads): migrate /api/{contact,register-interest} → LeadsService (#3207) 
New leads/v1 sebuf service with two POST RPCs:
  - SubmitContact    → /api/leads/v1/submit-contact
  - RegisterInterest → /api/leads/v1/register-interest

Handler logic ported 1:1 from api/contact.js + api/register-interest.js:
  - Turnstile verification (desktop sources bypass, preserved)
  - Honeypot (website field) silently accepts without upstream calls
  - Free-email-domain gate on SubmitContact (422 ApiError)
  - validateEmail (disposable/offensive/typo-TLD/MX) on RegisterInterest
  - Convex writes via ConvexHttpClient (contactMessages:submit, registerInterest:register)
  - Resend notification + confirmation emails (HTML templates unchanged)

Shared helpers moved to server/_shared/:
  - turnstile.ts (getClientIp + verifyTurnstile)
  - email-validation.ts (disposable/offensive/MX checks)

Rate limits preserved via ENDPOINT_RATE_POLICIES:
  - submit-contact:    3/hour per IP (was in-memory 3/hr)
  - register-interest: 5/hour per IP (was in-memory 5/hr; desktop
    sources previously capped at 2/hr via shared in-memory map —
    now 5/hr like everyone else, accepting the small regression in
    exchange for Upstash-backed global limiting)

Callers updated:
  - pro-test/src/App.tsx contact form → new submit-contact path
  - src-tauri/sidecar/local-api-server.mjs cloud-fallback rewrites
    /api/register-interest → /api/leads/v1/register-interest when
    proxying; keeps local path for older desktop builds
  - src/services/runtime.ts isKeyFreeApiTarget allows both old and
    new paths through the WORLDMONITOR_API_KEY-optional gate

Tests:
  - tests/contact-handler.test.mjs rewritten to call submitContact
    handler directly; asserts on ValidationError / ApiError
  - tests/email-validation.test.mjs + tests/turnstile.test.mjs
    point at the new server/_shared/ modules

Deleted: api/contact.js, api/register-interest.js, api/_ip-rate-limit.js,
api/_turnstile.js, api/_email-validation.js, api/_turnstile.test.mjs.
Manifest entries removed (58 → 56). Docs updated (api-platform,
api-commerce, usage-rate-limits).

Verified: npm run typecheck + typecheck:api + lint:api-contract
(88 files / 56 entries) + lint:boundaries pass; full test:data
(5852 tests) passes; make generate is zero-diff.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 02:16:52 +03:00

118 lines
4.3 KiB
Plaintext
Raw Blame History

---
title: "Commerce Endpoints"
description: "Checkout, customer portal, product catalog, and referrals. Thin edge proxies over Convex + Dodo Payments."
---
WorldMonitor uses [Dodo Payments](https://dodopayments.com) for PRO subscriptions and [Convex](https://convex.dev) as the source-of-truth for entitlements. These edge endpoints are thin auth proxies — they validate the Clerk JWT, then forward to Convex HTTP actions via `RELAY_SHARED_SECRET`.
## Checkout
### `POST /api/create-checkout`
Creates a Dodo checkout session and returns the hosted-checkout URL.
- **Auth**: Clerk bearer (required)
- **Body**:
```json
{ "productId": "pro-monthly", "returnUrl": "https://www.worldmonitor.app/pro/success" }
```
- **Response**: `{ "checkoutUrl": "https://checkout.dodopayments.com/..." }`
- **returnUrl** is validated against an allowlist on the Convex side.
### `POST /api/customer-portal`
Creates a Dodo customer-portal session for an existing subscriber (update card, cancel, view invoices).
- **Auth**: Clerk bearer + active entitlement
- **Response**: `{ "portalUrl": "..." }`
## Product catalog
### `GET /api/product-catalog`
Returns the tier view-model used by the `/pro` pricing page. Cached in Redis under `product-catalog:v2` for 1 hour; on cache miss, fetches live prices from Dodo Payments and falls back to `_product-fallback-prices.js` if Dodo is unreachable. Response carries an `X-Product-Catalog-Source` header so probes can tell cache hits from live fetches.
**Response** (tiers ordered `free`, `pro`, `api_starter`, `enterprise`):
```json
{
"tiers": [
{
"name": "Free",
"description": "Get started with the essentials",
"features": ["Core dashboard panels", "..."],
"cta": "Get Started",
"href": "https://worldmonitor.app",
"highlighted": false,
"price": 0,
"period": "forever"
},
{
"name": "Pro",
"description": "Full intelligence dashboard",
"features": ["..."],
"highlighted": true,
"monthlyPrice": 20,
"monthlyProductId": "pdt_0Nbtt71uObulf7fGXhQup",
"annualPrice": 180,
"annualProductId": "pdt_0NbttMIfjLWC10jHQWYgJ"
},
{
"name": "API",
"description": "Programmatic access to intelligence data",
"features": ["..."],
"highlighted": false,
"monthlyPrice": 99,
"monthlyProductId": "pdt_0NbttVmG1SERrxhygbbUq",
"annualPrice": 990,
"annualProductId": "pdt_0Nbu2lawHYE3dv2THgSEV"
},
{
"name": "Enterprise",
"description": "Custom solutions for organizations",
"features": ["..."],
"cta": "Contact Sales",
"href": "mailto:enterprise@worldmonitor.app",
"highlighted": false,
"price": null
}
],
"fetchedAt": "2026-04-19T12:00:00Z",
"cachedUntil": "2026-04-19T13:00:00Z",
"priceSource": "dodo"
}
```
Notes:
- Price fields are flat on the tier. Paid tiers expose `monthlyPrice` / `monthlyProductId` and `annualPrice` / `annualProductId`. Free uses `price: 0, period: "forever"`; Enterprise uses `price: null`.
- Prices are dollars (Dodo returns cents; the handler divides by 100). Currency is implicit USD for the published catalog.
### `DELETE /api/product-catalog`
Purges the cached catalog. Requires `Authorization: Bearer $RELAY_SHARED_SECRET`. Internal.
## Referrals
### `GET /api/referral/me`
Returns the caller's deterministic referral code (an 8-char HMAC of the Clerk userId, stable for the life of the account) and a pre-built share URL. Clerk bearer required. The handler also fires a best-effort `ctx.waitUntil` Convex binding so future `/pro?ref=<code>` signups can attribute — this never blocks the response.
```json
{
"code": "a1b2c3d4",
"shareUrl": "https://worldmonitor.app/pro?ref=a1b2c3d4"
}
```
Errors:
- `401 UNAUTHENTICATED` — missing or invalid Clerk JWT.
- `503 service_unavailable` — `BRIEF_URL_SIGNING_SECRET` not configured (the referral-code HMAC reuses that secret).
No `referrals` count or `rewardMonths` is returned today — Dodo's `affonso_referral` attribution doesn't yet flow into Convex, and exposing only the waitlist-side count would mislead.
## Waitlist
### `POST /api/leads/v1/register-interest`
Captures an email into the Convex waitlist table. Turnstile-verified (desktop sources bypass), rate-limited per IP. Part of `LeadsService`; see [Platform endpoints](/api-platform) for the request shape.
Reference in New Issue View Git Blame Copy Permalink