add createCheckout backed by recaptcha and honeypot#23
Conversation
✅ Deploy Preview for mongoose-js ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
Adds a new createCheckout server action (exposed as a Netlify function) that creates an embedded Stripe Checkout session, gated by a honeypot field and Google reCAPTCHA verification.
Changes:
- Added a
recaptchaintegration to verify tokens via Google’ssiteverifyendpoint. - Added
src/actions/createCheckout.jsto validate input, enforce honeypot + reCAPTCHA, and create an embedded Stripe subscription checkout session. - Added
netlify/functions/createCheckout.jswrapper to expose the action as a Netlify function.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
src/integrations/recaptcha.js |
New reCAPTCHA verification helper used to gate checkout creation. |
src/actions/createCheckout.js |
New action implementing honeypot + reCAPTCHA checks and creating a Stripe Checkout session. |
netlify/functions/createCheckout.js |
Netlify function entrypoint for the new action. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 804eed1b77
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const session = await stripe.client.checkout.sessions.create({ | ||
| ui_mode: 'embedded', | ||
| mode: 'subscription', | ||
| customer_email: email, | ||
| line_items: [{ price: priceId, quantity: 1 }], |
There was a problem hiding this comment.
stripeWebhook can only attach a successful checkout to an existing workspace when data.object.client_reference_id is present; otherwise it always creates a new workspace. This checkout creation payload never sets client_reference_id, so any purchase initiated for an existing workspace will be processed as a brand-new workspace instead of an upgrade, leading to duplicate workspaces and the original workspace remaining unsubscribed.
Useful? React with 👍 / 👎.
No description provided.