import { json, PLANS, paypalAccessToken, paypalBase, verifyFirebaseUser, updateFirestoreProfile } from './_utils.js'; export async function onRequestPost({ request, env }){ try{ const user = await verifyFirebaseUser(request); const body = await request.json().catch(()=>({})); const orderID = body.orderID; if(!orderID) return json({ error: 'Missing orderID' }, 400); const token = await paypalAccessToken(env); const res = await fetch(`${paypalBase(env)}/v2/checkout/orders/${encodeURIComponent(orderID)}/capture`, { method: 'POST', headers: { 'authorization': `Bearer ${token}`, 'content-type': 'application/json', 'prefer': 'return=representation' } }); const data = await res.json().catch(()=>({})); if(!res.ok) return json({ error: data.message || data.error || 'PayPal capture failed', details: data }, 500); const pu = data.purchase_units?.[0] || {}; const custom = String(pu.custom_id || ''); const [uid, planKey] = custom.split(':'); if(uid !== user.uid) return json({ error: 'Order does not belong to this account' }, 403); if(!PLANS[planKey]) return json({ error: 'Invalid plan in order' }, 400); const capture = pu.payments?.captures?.[0] || {}; const status = String(capture.status || data.status || '').toUpperCase(); if(status !== 'COMPLETED') return json({ error: `Payment not completed: ${status}` }, 400); await updateFirestoreProfile(env, user.uid, { email: user.email, plan: planKey, status: 'active', paymentProvider: 'paypal', paymentStatus: 'paid', paypalOrderId: orderID, paypalCaptureId: capture.id || '', activatedPlan: planKey, lastPaymentAt: new Date().toISOString() }); return json({ ok: true, plan: planKey, orderID, captureID: capture.id || '' }); }catch(e){ return json({ error: e.message || String(e) }, 500); } }