bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(platform-service): remove BILLING_INTERNAL_KEY guard from server.ts

Browse Source 
- Billing routes (subscriptions, usage, plans, licenses) now registered directly
- No more X-Internal-Key header check — JWT-based productId auth is sufficient
- BILLING_INTERNAL_KEY removed from config schema and AKV secret resolution
- 166 tests pass, tsc clean
This commit is contained in:
saravanakumardb1 2026-02-15 14:30:30 -08:00
parent 60617ab050
commit c0830e3dec
2 changed files with 4 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
services/platform-service/src/lib/config.ts
View File

@ -22,7 +22,6 @@ const envSchema = z.object({
STRIPE_WEBHOOK_SECRET: z.string().optional(), STRIPE_WEBHOOK_SECRET: z.string().optional(),
STRIPE_PRICE_PRO: z.string().optional(), STRIPE_PRICE_PRO: z.string().optional(),
STRIPE_PRICE_ENTERPRISE: z.string().optional(), STRIPE_PRICE_ENTERPRISE: z.string().optional(),
BILLING_INTERNAL_KEY: z.string().optional(),
BACKEND_URL: z.string().default('http://localhost:8000'), BACKEND_URL: z.string().default('http://localhost:8000'),
PLAN_LIMITS_JSON: z.string().optional(), PLAN_LIMITS_JSON: z.string().optional(),
USAGE_WARN_THRESHOLD: z.coerce.number().default(0.8), USAGE_WARN_THRESHOLD: z.coerce.number().default(0.8),

18
services/platform-service/src/server.ts
View File

@ -16,7 +16,6 @@ await resolveKeyVaultSecrets([
LYSNR_SECRETS.JWT_SECRET, LYSNR_SECRETS.JWT_SECRET,
LYSNR_SECRETS.STRIPE_SECRET_KEY, LYSNR_SECRETS.STRIPE_SECRET_KEY,
LYSNR_SECRETS.STRIPE_WEBHOOK_SECRET, LYSNR_SECRETS.STRIPE_WEBHOOK_SECRET,
LYSNR_SECRETS.BILLING_INTERNAL_KEY,
LYSNR_SECRETS.AZURE_BLOB_CONNECTION_STRING, LYSNR_SECRETS.AZURE_BLOB_CONNECTION_STRING,
LYSNR_SECRETS.AZURE_BLOB_ACCOUNT_KEY, LYSNR_SECRETS.AZURE_BLOB_ACCOUNT_KEY,
]); ]);
@ -93,27 +92,10 @@ await app.register(invitationRoutes, { prefix: '/api' });
await app.register(referralRoutes, { prefix: '/api' }); await app.register(referralRoutes, { prefix: '/api' });
await app.register(promoRoutes, { prefix: '/api' }); await app.register(promoRoutes, { prefix: '/api' });
// Billing modules (merged from billing-service) // Billing modules (merged from billing-service)
// Scoped with internal key auth guard when BILLING_INTERNAL_KEY is set (Gap 3)
const BILLING_KEY = config.BILLING_INTERNAL_KEY;
if (BILLING_KEY) {
await app.register(async billingScope => {
billingScope.addHook('onRequest', async (req, reply) => {
const key = req.headers['x-internal-key'];
if (key !== BILLING_KEY) {
reply.code(401).send({ error: 'Unauthorized — missing or invalid X-Internal-Key' });
}
});
await billingScope.register(subscriptionRoutes, { prefix: '/api' });
await billingScope.register(usageRoutes, { prefix: '/api' });
await billingScope.register(planRoutes, { prefix: '/api' });
await billingScope.register(licenseRoutes, { prefix: '/api' });
});
} else {
await app.register(subscriptionRoutes, { prefix: '/api' }); await app.register(subscriptionRoutes, { prefix: '/api' });
await app.register(usageRoutes, { prefix: '/api' }); await app.register(usageRoutes, { prefix: '/api' });
await app.register(planRoutes, { prefix: '/api' }); await app.register(planRoutes, { prefix: '/api' });
await app.register(licenseRoutes, { prefix: '/api' }); await app.register(licenseRoutes, { prefix: '/api' });
}
// Stripe routes outside billing scope (webhook has its own signature verification) // Stripe routes outside billing scope (webhook has its own signature verification)
await app.register(stripeRoutes, { prefix: '/api' }); await app.register(stripeRoutes, { prefix: '/api' });
// Tracker modules (merged from tracker-service) // Tracker modules (merged from tracker-service)