feature/fitlien-add-cors (#8 )

Reviewed-on: #8 Co-authored-by: DhanshCOSQ <dhanshas@cosq.net> Co-committed-by: DhanshCOSQ <dhanshas@cosq.net>
Added cors createCashfreeOrder (#7 )
2025-04-07 21:05:55 +05:30 · 2025-04-07 21:05:38 +05:30
3 changed files with 267 additions and 243 deletions
--- a/functions/package-lock.json
+++ b/functions/package-lock.json
@ -10,6 +10,7 @@
      "dependencies": {
        "@types/node-fetch": "^2.6.12",
        "axios": "^1.8.4",
        "cors": "^2.8.5",
        "firebase-admin": "^12.6.0",
        "firebase-functions": "^6.0.1",
        "form-data": "^4.0.1",
--- a/functions/package.json
+++ b/functions/package.json
@ -17,6 +17,7 @@
  "dependencies": {
    "@types/node-fetch": "^2.6.12",
    "axios": "^1.8.4",
    "cors": "^2.8.5",
    "firebase-admin": "^12.6.0",
    "firebase-functions": "^6.0.1",
    "form-data": "^4.0.1",
--- a/functions/src/index.ts
+++ b/functions/src/index.ts
@ -8,6 +8,7 @@ import * as os from 'os';
 import * as path from 'path';
 import * as fs from 'fs';
 import * as https from 'https';
 import cors from 'cors';
 import axios from "axios";
 import { getStorage } from 'firebase-admin/storage';
 const formData = require('form-data');
@ -19,150 +20,164 @@ const twilio = require('twilio');
 if (!admin.apps.length) {
  admin.initializeApp();
 }
 const corsHandler = cors({ origin: true });
 export const sendEmailWithAttachment = onRequest({
  region: '#{SERVICES_RGN}#'
 }, async (request: Request, response: express.Response) => {
-  try {
+  return corsHandler(request, response, async () => {
-    const { toAddress, subject, message, fileUrl, fileName } = request.body;
+    try {
      const { toAddress, subject, message, fileUrl, fileName } = request.body;
-    if (!toAddress || !subject || !message || !fileUrl) {
+      if (!toAddress || !subject || !message || !fileUrl) {
-      response.status(400).json({
+        response.status(400).json({
-        error: 'Missing required fields (toAddress, subject, message, fileUrl)'
+          error: 'Missing required fields (toAddress, subject, message, fileUrl)'
      });
      return;
    }
    const tempFilePath = path.join(os.tmpdir(), fileName || 'attachment.pdf');
    await new Promise<void>((resolve, reject) => {
      const file = fs.createWriteStream(tempFilePath);
      https.get(fileUrl, (res) => {
        res.pipe(file);
        file.on('finish', () => {
          file.close();
          resolve();
        });
-      }).on('error', (err) => {
+        return;
        fs.unlink(tempFilePath, () => { });
        reject(err);
      });
    });
    const mailgun = new Mailgun(formData);
    const client = mailgun.client({ username: 'api', key: process.env.MAILGUN_API_KEY });
    const options = {
      wordwrap: 130,
    };
    const textMessage = convert(message, options);
    const fileBuffer = fs.readFileSync(tempFilePath);
    const attachmentFilename = fileName || path.basename(fileUrl.split('?')[0]);
    const data = {
      from: process.env.MAILGUN_FROM_ADDRESS,
      to: toAddress,
      subject: subject,
      text: textMessage,
      html: message,
      attachment: {
        data: fileBuffer,
        filename: attachmentFilename,
        contentType: 'application/pdf',
      }
-    };
+      const tempFilePath = path.join(os.tmpdir(), fileName || 'attachment.pdf');
      await new Promise<void>((resolve, reject) => {
        const file = fs.createWriteStream(tempFilePath);
        https.get(fileUrl, (res) => {
          res.pipe(file);
          file.on('finish', () => {
            file.close();
            resolve();
          });
        }).on('error', (err) => {
          fs.unlink(tempFilePath, () => { });
          reject(err);
        });
      });
-    const result = await client.messages.create(process.env.MAILGUN_SERVER, data);
+      const mailgun = new Mailgun(formData);
-    fs.unlinkSync(tempFilePath);
+      const client = mailgun.client({ username: 'api', key: process.env.MAILGUN_API_KEY });
-    logger.info('Email with attachment from URL sent successfully');
+      const options = {
-    response.json({ success: true, result });
+        wordwrap: 130,
-  } catch (error) {
+      };
-    logger.error('Error sending email with attachment from URL:', error);
+      const textMessage = convert(message, options);
-    response.status(500).json({ success: false, error: error instanceof Error ? error.message : String(error) });
+      const fileBuffer = fs.readFileSync(tempFilePath);
-  }
+      const attachmentFilename = fileName || path.basename(fileUrl.split('?')[0]);
      const data = {
        from: process.env.MAILGUN_FROM_ADDRESS,
        to: toAddress,
        subject: subject,
        text: textMessage,
        html: message,
        attachment: {
          data: fileBuffer,
          filename: attachmentFilename,
          contentType: 'application/pdf',
        }
      };
      const result = await client.messages.create(process.env.MAILGUN_SERVER, data);
      fs.unlinkSync(tempFilePath);
      logger.info('Email with attachment from URL sent successfully');
      response.json({ success: true, result });
    } catch (error) {
      logger.error('Error sending email with attachment from URL:', error);
      response.status(500).json({ success: false, error: error instanceof Error ? error.message : String(error) });
    }
  });
 });
 export const accessFile = onRequest({
  region: '#{SERVICES_RGN}#'
 }, async (request: Request, response: express.Response) => {
-  try {
+  return corsHandler(request, response, async () => {
-    const filePath = request.query.path as string;
+
-    if (!filePath) {
+    try {
-      response.status(400).send('File path is required');
+      const filePath = request.query.path as string;
-      return;
+      if (!filePath) {
        response.status(400).send('File path is required');
        return;
      }
      const expirationMs = 60 * 60 * 1000;
      const bucket = getStorage().bucket();
      const file = bucket.file(filePath);
      const [exists] = await file.exists();
      if (!exists) {
        response.status(404).send('File not found');
        return;
      }
      const [signedUrl] = await file.getSignedUrl({
        action: 'read',
        expires: Date.now() + expirationMs,
        responseDisposition: `attachment; filename="${path.basename(filePath)}"`,
      });
      response.redirect(signedUrl);
      logger.info(`File access redirect for ${filePath}`);
    } catch (error) {
      logger.error('Error accessing file:', error);
      response.status(500).send('Error accessing file');
    }
-
+  });
    const expirationMs = 60 * 60 * 1000;
    const bucket = getStorage().bucket();
    const file = bucket.file(filePath);
    const [exists] = await file.exists();
    if (!exists) {
      response.status(404).send('File not found');
      return;
    }
    const [signedUrl] = await file.getSignedUrl({
      action: 'read',
      expires: Date.now() + expirationMs,
      responseDisposition: `attachment; filename="${path.basename(filePath)}"`,
    });
    response.redirect(signedUrl);
    logger.info(`File access redirect for ${filePath}`);
  } catch (error) {
    logger.error('Error accessing file:', error);
    response.status(500).send('Error accessing file');
  }
 });
 export const sendEmailMessage = onRequest({
  region: '#{SERVICES_RGN}#'
 }, (request: Request, response: express.Response) => {
-  const mailgun = new Mailgun(formData);
+  return corsHandler(request, response, async () => {
  const mailGunClient = mailgun.client({ username: 'api', key: process.env.MAILGUN_API_KEY });
-  const toAddress = request.body.toAddress;
+    const mailgun = new Mailgun(formData);
-  const subject = request.body.subject;
+    const mailGunClient = mailgun.client({ username: 'api', key: process.env.MAILGUN_API_KEY });
  const message = request.body.message;
  const options = {
    wordwrap: 130,
  };
-  const textMessage = convert(message, options);
+    const toAddress = request.body.toAddress;
-  mailGunClient.messages.create(process.env.MAILGUN_SERVER, {
+    const subject = request.body.subject;
-    from: process.env.MAILGUN_FROM_ADDRESS,
+    const message = request.body.message;
-    to: toAddress,
+    const options = {
-    subject: subject,
+      wordwrap: 130,
-    text: textMessage,
+    };
-    html: message
+
-  }).then((res: any) => {
+    const textMessage = convert(message, options);
-    logger.info(res);
+    mailGunClient.messages.create(process.env.MAILGUN_SERVER, {
-    response.send(res);
+      from: process.env.MAILGUN_FROM_ADDRESS,
-  }).catch((err: any) => {
+      to: toAddress,
-    logger.error(err);
+      subject: subject,
-    response.send(err);
+      text: textMessage,
      html: message
    }).then((res: any) => {
      logger.info(res);
      response.send(res);
    }).catch((err: any) => {
      logger.error(err);
      response.send(err);
    });
  });
 });
 export const sendSMSMessage = onRequest({
  region: '#{SERVICES_RGN}#'
 }, (request: Request, response: express.Response) => {
-  const client = twilio(process.env.TWILIO_ACCOUNT_SID, process.env.TWILIO_AUTH_TOKEN);
+  return corsHandler(request, response, async () => {
-  const { to, body } = request.body;
+
-  client.messages
+    const client = twilio(process.env.TWILIO_ACCOUNT_SID, process.env.TWILIO_AUTH_TOKEN);
-    .create({
+    const { to, body } = request.body;
-      body: body,
+    client.messages
-      from: process.env.TWILIO_PHONE_NUMBER,
+      .create({
-      to: to
+        body: body,
-    })
+        from: process.env.TWILIO_PHONE_NUMBER,
-    .then((message: any) => {
+        to: to
-      logger.info('SMS sent successfully:', message.sid);
+      })
-      response.json({ success: true, messageId: message.sid });
+      .then((message: any) => {
-    })
+        logger.info('SMS sent successfully:', message.sid);
-    .catch((error: any) => {
+        response.json({ success: true, messageId: message.sid });
-      logger.error('Error sending SMS:', error);
+      })
-      response.status(500).json({ success: false, error: error.message });
+      .catch((error: any) => {
-    });
+        logger.error('Error sending SMS:', error);
        response.status(500).json({ success: false, error: error.message });
      });
  });
 });
 interface Invitation {
@ -176,6 +191,7 @@ export const notifyInvitation = onDocumentCreated({
  document: 'notifications/{notificationId}',
  region: '#{SERVICES_RGN}#'
 }, async (event: any) => {
  const invitation = event.data?.data() as Invitation;
  const invitationId = event.params.invitationId;
@ -245,146 +261,152 @@ export const notifyInvitation = onDocumentCreated({
 export const createCashfreeOrder = onRequest({
  region: '#{SERVICES_RGN}#'
 }, async (request: Request, response: express.Response) => {
  try {
    const authHeader = request.headers.authorization;
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
      response.status(401).json({ error: 'Unauthorized' });
      return;
    }
-    const idToken = authHeader.split('Bearer ')[1];
+  return corsHandler(request, response, async () => {
-    const decodedToken = await admin.auth().verifyIdToken(idToken);
+    try {
-    const uid = decodedToken.uid;
+      const authHeader = request.headers.authorization;
-
+      if (!authHeader || !authHeader.startsWith('Bearer ')) {
-    const {
+        response.status(401).json({ error: 'Unauthorized' });
-      amount,
+        return;
      customerName,
      customerEmail,
      customerPhone,
      productInfo
    } = request.body;
    if (!amount || !customerEmail || !customerPhone) {
      response.status(400).json({ error: 'Missing required fields' });
      return;
    }
    const clientId = process.env.CASHFREE_CLIENT_ID;
    const clientSecret = process.env.CASHFREE_CLIENT_SECRET;
    const isTest = true;
    const apiUrl = isTest
      ? 'https://sandbox.cashfree.com/pg/orders'
      : 'https://api.cashfree.com/pg/orders';
    const orderId = `order_${Date.now()}_${uid.substring(0, 6)}`;
    const cashfreeResponse = await axios.post(
      apiUrl,
      {
        order_id: orderId,
        order_amount: amount,
        order_currency: 'INR',
        customer_details: {
          customer_id: uid,
          customer_name: customerName || 'Fitlien User',
          customer_email: customerEmail,
          customer_phone: customerPhone
        },
        order_meta: {
          return_url: `https://fitlien.com/payment/status?order_id={order_id}`,
          // notify_url: `https://$filien.web.app/verifyCashfreePayment`
        },
        order_note: productInfo || 'Fitlien Membership'
      },
      {
        headers: {
          'x-api-version': '2022-09-01',
          'x-client-id': clientId,
          'x-client-secret': clientSecret,
          'Content-Type': 'application/json'
        }
      }
    );
-    await admin.firestore().collection('payment_orders').doc(orderId).set({
+      const idToken = authHeader.split('Bearer ')[1];
-      userId: uid,
+      const decodedToken = await admin.auth().verifyIdToken(idToken);
-      amount: amount,
+      const uid = decodedToken.uid;
      customerEmail: customerEmail,
      customerPhone: customerPhone,
      orderStatus: 'CREATED',
      paymentGateway: 'Cashfree',
      createdAt: new Date(),
      ...cashfreeResponse.data
    });
-    response.json({
+      const {
-      order_id: cashfreeResponse.data.order_id,
+        amount,
-      payment_session_id: cashfreeResponse.data.payment_session_id
+        customerName,
-    });
+        customerEmail,
        customerPhone,
        productInfo
      } = request.body;
-    logger.info(`Cashfree order created: ${orderId}`);
+      if (!amount || !customerEmail || !customerPhone) {
-  } catch (error: any) {
+        response.status(400).json({ error: 'Missing required fields' });
-    logger.error('Cashfree order creation error:', error);
+        return;
-    response.status(500).json({
+      }
-      error: 'Failed to create payment order',
+
-      details: error.response?.data || error.message
+      const clientId = process.env.CASHFREE_CLIENT_ID;
-    });
+      const clientSecret = process.env.CASHFREE_CLIENT_SECRET;
-  }
+      const isTest = true;
      const apiUrl = isTest
        ? 'https://sandbox.cashfree.com/pg/orders'
        : 'https://api.cashfree.com/pg/orders';
      const orderId = `order_${Date.now()}_${uid.substring(0, 6)}`;
      const cashfreeResponse = await axios.post(
        apiUrl,
        {
          order_id: orderId,
          order_amount: amount,
          order_currency: 'INR',
          customer_details: {
            customer_id: uid,
            customer_name: customerName || 'Fitlien User',
            customer_email: customerEmail,
            customer_phone: customerPhone
          },
          order_meta: {
            return_url: `https://fitlien.com/payment/status?order_id={order_id}`,
            // notify_url: `https://$filien.web.app/verifyCashfreePayment`
          },
          order_note: productInfo || 'Fitlien Membership'
        },
        {
          headers: {
            'x-api-version': '2022-09-01',
            'x-client-id': clientId,
            'x-client-secret': clientSecret,
            'Content-Type': 'application/json'
          }
        }
      );
      await admin.firestore().collection('payment_orders').doc(orderId).set({
        userId: uid,
        amount: amount,
        customerEmail: customerEmail,
        customerPhone: customerPhone,
        orderStatus: 'CREATED',
        paymentGateway: 'Cashfree',
        createdAt: new Date(),
        ...cashfreeResponse.data
      });
      response.json({
        order_id: cashfreeResponse.data.order_id,
        payment_session_id: cashfreeResponse.data.payment_session_id
      });
      logger.info(`Cashfree order created: ${orderId}`);
    } catch (error: any) {
      logger.error('Cashfree order creation error:', error);
      response.status(500).json({
        error: 'Failed to create payment order',
        details: error.response?.data || error.message
      });
    }
  });
 });
 export const verifyCashfreePayment = onRequest({
  region: '#{SERVICES_RGN}#'
 }, async (request: Request, response: express.Response) => {
-  try {
+  return corsHandler(request, response, async () => {
    const orderId = request.body.order_id || request.query.order_id;
-    if (!orderId) {
+    try {
-      response.status(400).json({ error: 'Order ID is required' });
+      const orderId = request.body.order_id || request.query.order_id;
      return;
    }
-    const clientId = process.env.CASHFREE_CLIENT_ID;
+      if (!orderId) {
-    const clientSecret = process.env.CASHFREE_CLIENT_SECRET;
+        response.status(400).json({ error: 'Order ID is required' });
-    const isTest = process.env.CASHFREE_ENVIRONMENT !== 'production';
+        return;
    const apiUrl = isTest
      ? `https://sandbox.cashfree.com/pg/orders/${orderId}`
      : `https://api.cashfree.com/pg/orders/${orderId}`;
    const cashfreeResponse = await axios.get(
      apiUrl,
      {
        headers: {
          'x-api-version': '2022-09-01',
          'x-client-id': clientId,
          'x-client-secret': clientSecret
        }
      }
    );
-    await admin.firestore().collection('payment_orders').doc(orderId).update({
+      const clientId = process.env.CASHFREE_CLIENT_ID;
-      orderStatus: cashfreeResponse.data.order_status,
+      const clientSecret = process.env.CASHFREE_CLIENT_SECRET;
-      paymentDetails: cashfreeResponse.data,
+      const isTest = process.env.CASHFREE_ENVIRONMENT !== 'production';
      updatedAt: new Date()
    });
-    if (request.headers['x-webhook-source'] === 'cashfree') {
+      const apiUrl = isTest
-      response.status(200).send('OK');
+        ? `https://sandbox.cashfree.com/pg/orders/${orderId}`
-      return;
+        : `https://api.cashfree.com/pg/orders/${orderId}`;
      const cashfreeResponse = await axios.get(
        apiUrl,
        {
          headers: {
            'x-api-version': '2022-09-01',
            'x-client-id': clientId,
            'x-client-secret': clientSecret
          }
        }
      );
      await admin.firestore().collection('payment_orders').doc(orderId).update({
        orderStatus: cashfreeResponse.data.order_status,
        paymentDetails: cashfreeResponse.data,
        updatedAt: new Date()
      });
      if (request.headers['x-webhook-source'] === 'cashfree') {
        response.status(200).send('OK');
        return;
      }
      response.json({
        status: cashfreeResponse.data.order_status,
        paymentDetails: cashfreeResponse.data
      });
      logger.info(`Cashfree payment verified: ${orderId}`);
    } catch (error: any) {
      logger.error('Cashfree payment verification error:', error);
      response.status(500).json({
        error: 'Failed to verify payment status',
        details: error.response?.data || error.message
      });
    }
-
+  });
    response.json({
      status: cashfreeResponse.data.order_status,
      paymentDetails: cashfreeResponse.data
    });
    logger.info(`Cashfree payment verified: ${orderId}`);
  } catch (error: any) {
    logger.error('Cashfree payment verification error:', error);
    response.status(500).json({
      error: 'Failed to verify payment status',
      details: error.response?.data || error.message
    });
  }
 });