post([$this, 'handleInitializeCheckout']) ->auth('user') ->rateLimit(5) ->register(); Route::for('helcim/invoices') ->get([$this, 'getInvoices']) ->auth('user') ->rateLimit(10) ->register(); Route::for(Route::pattern('helcim/invoices/{invoice_id}')) ->get([$this, 'getInvoice']) ->auth('user') ->rateLimit(10) ->register(); Route::for('helcim/saved-cards') ->get([$this, 'getSavedCards']) ->auth('user') ->rateLimit(5) ->register(); Route::for('helcim/validate-transaction') ->post([$this, 'validateTransaction']) ->auth('user') ->rateLimit(10) ->register(); } /** * Initialize a HelcimPay.js checkout session. * * Returns checkoutToken for the frontend to call * appendHelcimPayIframe(checkoutToken). */ public function handleInitializeCheckout(WP_REST_Request $request): WP_REST_Response { $data = $request->get_json_params(); $user_id = absint($data['user'] ?? get_current_user_id()); if (empty($data['amount'])) { return $this->validationError(['message' => 'Amount is required']); } try { $helcim = JVB()->connect('helcim'); // Auto-resolve customer ID from logged-in user if (empty($data['customerId']) && $user_id) { $data['customerId'] = $helcim->resolveCustomerId($user_id); } $result = $helcim->initializeCheckout($data); if (!$result['success']) { return $this->error($result['message'] ?? 'Checkout initialization failed'); } return $this->success($result); } catch (Exception $e) { $this->logError('Helcim checkout init failed', ['error' => $e->getMessage()]); return $this->error($e->getMessage()); } } /** * Get invoices for the current user. */ public function getInvoices(WP_REST_Request $request): WP_REST_Response { $user_id = absint($request->get_param('user') ?? get_current_user_id()); if (!$user_id) { return $this->validationError(['message' => 'Not logged in']); } try { $helcim = JVB()->connect('helcim'); $user = get_userdata($user_id); $result = $helcim->handleGetInvoices([ 'email' => $user->user_email, ]); return $this->success($result); } catch (Exception $e) { return $this->error($e->getMessage()); } } /** * Get a single invoice by Helcim invoice ID. */ public function getInvoice(WP_REST_Request $request): WP_REST_Response { $invoiceId = $request->get_param('invoice_id'); if (!$invoiceId) { return $this->validationError(['message' => 'Invoice ID required']); } try { $helcim = JVB()->connect('helcim'); $result = $helcim->handleGetInvoice(['invoiceId' => $invoiceId]); return $this->success($result); } catch (Exception $e) { return $this->error($e->getMessage()); } } /** * Get saved cards for the current user. */ public function getSavedCards(WP_REST_Request $request): WP_REST_Response { $user_id = absint($request->get_param('user') ?? get_current_user_id()); if (!$user_id) { return $this->validationError(['message' => 'Not logged in']); } try { $helcim = JVB()->connect('helcim'); $result = $helcim->handleGetCustomerCards([ 'email' => get_userdata($user_id)->user_email, ]); return $this->success($result); } catch (Exception $e) { return $this->error($e->getMessage()); } } /** * Validate a HelcimPay.js transaction server-side. * * Called after the frontend receives a SUCCESS message event. * Verifies the transaction hash using the secretToken stored * in the user's session/transient. */ public function validateTransaction(WP_REST_Request $request): WP_REST_Response { $data = $request->get_json_params(); if (empty($data['secretToken']) || empty($data['transactionData'])) { return $this->validationError(['message' => 'Missing secretToken or transactionData']); } try { $helcim = JVB()->connect('helcim'); $valid = $helcim->validateTransaction( $data['secretToken'], $data['transactionData'] ); return $this->success([ 'valid' => $valid, ]); } catch (Exception $e) { return $this->error($e->getMessage()); } } }