From ad4c73972234e23a1d20bb02629d6c4fc8d1382f Mon Sep 17 00:00:00 2001 From: Yared Yemane Date: Tue, 9 Jun 2026 04:33:14 -0700 Subject: [PATCH] fix: omit payment_url from admin payments list response Use a list-specific DTO so GET /api/v1/admin/payments no longer exposes checkout URLs while get-by-id is unchanged. Co-authored-by: Cursor --- .../web_server/handlers/payments_admin.go | 70 +++++++++++++++++-- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/internal/web_server/handlers/payments_admin.go b/internal/web_server/handlers/payments_admin.go index 7e1659e..93c6871 100644 --- a/internal/web_server/handlers/payments_admin.go +++ b/internal/web_server/handlers/payments_admin.go @@ -37,11 +37,34 @@ type adminPaymentRes struct { UpdatedAt *string `json:"updated_at,omitempty"` } +type adminPaymentListItemRes struct { + ID int64 `json:"id"` + UserID int64 `json:"user_id"` + PlanID *int64 `json:"plan_id,omitempty"` + SubscriptionID *int64 `json:"subscription_id,omitempty"` + SessionID *string `json:"session_id,omitempty"` + TransactionID *string `json:"transaction_id,omitempty"` + Nonce string `json:"nonce"` + Amount float64 `json:"amount"` + Currency string `json:"currency"` + PaymentMethod *string `json:"payment_method,omitempty"` + Status string `json:"status"` + PlanName *string `json:"plan_name,omitempty"` + PlanCategory *string `json:"plan_category,omitempty"` + UserEmail *string `json:"user_email,omitempty"` + UserFirstName *string `json:"user_first_name,omitempty"` + UserLastName *string `json:"user_last_name,omitempty"` + PaidAt *string `json:"paid_at,omitempty"` + ExpiresAt *string `json:"expires_at,omitempty"` + CreatedAt string `json:"created_at"` + UpdatedAt *string `json:"updated_at,omitempty"` +} + type listAdminPaymentsRes struct { - Payments []adminPaymentRes `json:"payments"` - TotalCount int64 `json:"total_count"` - Limit int32 `json:"limit"` - Offset int32 `json:"offset"` + Payments []adminPaymentListItemRes `json:"payments"` + TotalCount int64 `json:"total_count"` + Limit int32 `json:"limit"` + Offset int32 `json:"offset"` } // ListAdminPayments godoc @@ -86,9 +109,9 @@ func (h *Handler) ListAdminPayments(c *fiber.Ctx) error { }) } - out := make([]adminPaymentRes, len(page.Items)) + out := make([]adminPaymentListItemRes, len(page.Items)) for i := range page.Items { - out[i] = adminPaymentToRes(&page.Items[i]) + out[i] = adminPaymentListToRes(&page.Items[i]) } return c.JSON(domain.Response{ @@ -270,6 +293,41 @@ func parseQueryTime(raw string) (time.Time, error) { return time.Time{}, fmt.Errorf("unsupported time format") } +func adminPaymentListToRes(p *domain.Payment) adminPaymentListItemRes { + res := adminPaymentListItemRes{ + ID: p.ID, + UserID: p.UserID, + PlanID: p.PlanID, + SubscriptionID: p.SubscriptionID, + SessionID: p.SessionID, + TransactionID: p.TransactionID, + Nonce: p.Nonce, + Amount: p.Amount, + Currency: p.Currency, + PaymentMethod: p.PaymentMethod, + Status: p.Status, + PlanName: p.PlanName, + PlanCategory: p.PlanCategory, + UserEmail: p.UserEmail, + UserFirstName: p.UserFirstName, + UserLastName: p.UserLastName, + CreatedAt: p.CreatedAt.Format(time.RFC3339), + } + if p.PaidAt != nil { + t := p.PaidAt.Format(time.RFC3339) + res.PaidAt = &t + } + if p.ExpiresAt != nil { + t := p.ExpiresAt.Format(time.RFC3339) + res.ExpiresAt = &t + } + if p.UpdatedAt != nil { + t := p.UpdatedAt.Format(time.RFC3339) + res.UpdatedAt = &t + } + return res +} + func adminPaymentToRes(p *domain.Payment) adminPaymentRes { res := adminPaymentRes{ ID: p.ID,