firefrost-gaming/firefrost-services
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add CORS support for Stripe checkout endpoint

Browse Source 
Added CORS middleware to allow website (firefrostgaming.com) to call
Trinity Console's /stripe/create-checkout-session endpoint.

WHAT WAS DONE:
- Installed cors package (npm install cors)
- Added cors import to src/index.js
- Configured CORS middleware for /stripe/create-checkout-session route
- Restricted to POST method only from firefrostgaming.com origin
- Positioned after body parsers, before session middleware

WHY:
- Gemini consultation verdict: Option 2 (JavaScript checkout) required
- Prevents double-click danger (users creating multiple checkout sessions)
- Enables instant button disable + loading state for better UX
- Industry standard for payment flows per Stripe documentation

FILES MODIFIED:
- services/arbiter-3.0/package.json (+cors dependency)
- services/arbiter-3.0/package-lock.json (dependency tree)
- services/arbiter-3.0/src/index.js (CORS middleware, 8 lines added)

RELATED TASKS:
- Soft launch blocker: Website subscribe button integration
- Next step: Update subscribe.njk with JavaScript checkout handler

Signed-off-by: Claude (Chronicler #57) <claude@firefrostgaming.com>
This commit is contained in:
Claude (Chronicler #57)
2026-04-03 15:57:34 +00:00
parent 4da6e21126
commit 7567fef7d1
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
services/arbiter-3.0/package.json
View File

@@ -10,6 +10,7 @@
"dependencies": {
"body-parser": "^1.20.2",
"cookie-parser": "^1.4.7",
"cors": "^2.8.6",
"csurf": "^1.11.0",
"discord.js": "^14.14.1",
"dotenv": "^16.4.5",

8
services/arbiter-3.0/src/index.js
View File

@@ -5,6 +5,7 @@ const passport = require('passport');
const DiscordStrategy = require('passport-discord').Strategy;
const { Client, GatewayIntentBits, REST, Routes } = require('discord.js');
const csrf = require('csurf');
const cors = require('cors');
const authRoutes = require('./routes/auth');
const adminRoutes = require('./routes/admin');
@@ -45,6 +46,13 @@ app.use('/stripe/webhook', stripeRoutes);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// CORS configuration - Allow Stripe checkout requests from website
app.use('/stripe/create-checkout-session', cors({
origin: 'https://firefrostgaming.com',
methods: ['POST'],
credentials: false
}));
// Make Discord client accessible to routes
app.locals.client = client;