feat(support): Ko-fi end-to-end linking + badges (derive-on-read, no cron)

- Add Ko-fi webhook (/api/webhooks/kofi) with upsert by (provider, external_user_id) • Computes renews_at = timestamp + 1 calendar month + 1 day • Preserves first started_at; stores raw payload; canonicalizes by email when available - Add Ko-fi claim flow • POST /api/support/kofi/claim/start — sends verification email via SMTP • GET /api/support/kofi/claim/verify — finalizes link (sets app_user), redirects to /portal/account • POST /api/support/kofi/unlink — clears app_user on Ko-fi rows - Add derive-on-read membership logic • /lib/memberships.ts — single source of truth for badges & “active” state • /api/support/badges — thin wrapper that returns per-provider badges - Account UI • components/account/SupporterBadges.tsx — renders provider badges (Ko-fi now; extensible) • components/account/ConnectKofi.tsx — “Link Ko-fi” form (email → verify link) • components/account/LinkStatus.tsx — success/error banner on return • app/portal/account/AccountPanel.tsx — integrates badges, link panel, and banner - Config/env • Requires: DIRECTUS_URL, DIRECTUS_TOKEN_ADMIN_SUPPORTER, KOFI_VERIFY_TOKEN • SMTP: SMTP_HOST, SMTP_PORT, SMTP_SECURE, SMTP_USER, SMTP_PASS, EMAIL_FROM • APP_ORIGIN used to build absolute verify URLs - Misc • Fixed import to use @/lib/memberships • No cron required; UI derives active state via status === active && renews_at >= now Refs: beta readiness for Ko-fi supporters
2025-10-19 17:51:04 -04:00 · 2025-10-19 17:51:04 -04:00 · 912cf71bb9
commit 912cf71bb9
parent 3d23bbb3f0
13 changed files with 1156 additions and 22 deletions
--- a/app/api/support/kofi/claim/verify/route.ts
+++ b/app/api/support/kofi/claim/verify/route.ts
@ -0,0 +1,53 @@
+// /app/api/support/kofi/claim/verify/route.ts
+import { NextRequest, NextResponse } from "next/server";
+
+const DIRECTUS = (process.env.DIRECTUS_URL || "").replace(/\/$/, "");
+const BOT_TOKEN = process.env.DIRECTUS_TOKEN_ADMIN_SUPPORTER!;
+const COLLECTION = "user_memberships";
+
+// Default redirects; can be overridden by env
+const SUCCESS_REDIRECT = process.env.KOFI_LINK_SUCCESS_URL || "/portal/account?linked=kofi&ok=1";
+const FAIL_REDIRECT = process.env.KOFI_LINK_FAIL_URL || "/portal/account?linked=kofi&error=1";
+
+export async function GET(req: NextRequest) {
+    const token = req.nextUrl.searchParams.get("token") || "";
+    const to = (path: string) => NextResponse.redirect(new URL(path, req.url));
+
+    if (!token) return to(FAIL_REDIRECT);
+
+    // Find the claim row by token
+    const filter = encodeURIComponent(JSON.stringify({ claim_token: { _eq: token } }));
+    const res = await fetch(`${DIRECTUS}/items/${COLLECTION}?filter=${filter}&limit=1`, {
+        headers: { Authorization: `Bearer ${BOT_TOKEN}` },
+        cache: "no-store",
+    });
+    if (!res.ok) return to(FAIL_REDIRECT);
+
+    const json = await res.json().catch(() => ({} as any));
+    const rec = json?.data?.[0];
+    if (!rec) return to(FAIL_REDIRECT);
+
+    // Validate expiry and sanity
+    const exp = rec.claim_expires_at ? new Date(rec.claim_expires_at).getTime() : 0;
+    if (!exp || Date.now() > exp) return to(FAIL_REDIRECT);
+    if (!rec.claim_user_id) return to(FAIL_REDIRECT);
+
+    // Finalize: set app_user to claim_user_id; clear claim fields
+    const patch = await fetch(`${DIRECTUS}/items/${COLLECTION}/${rec.id}`, {
+        method: "PATCH",
+        headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${BOT_TOKEN}`,
+        },
+        body: JSON.stringify({
+            app_user: rec.claim_user_id,
+            claim_token: null,
+            claim_expires_at: null,
+            claim_user_id: null,
+            last_event_at: new Date().toISOString(),
+        }),
+    });
+
+    if (!patch.ok) return to(FAIL_REDIRECT);
+    return to(SUCCESS_REDIRECT);
+}