re-added premium tier checking and moved token validation after user input validation

BrandonPatten · BrandonPatten · commit 8a0c7e9691d4 · 2025-07-23T15:33:22.000-07:00
diff --git a/src/signup/index.js b/src/signup/index.js
@@ -45,6 +45,19 @@ exports.handler = async (event, context) => {
 
     const { email, walletAddress, tier = 'free', turnstileToken } = body;
 
+    // Validate inputs
+    const validationError = validateParams({ email, walletAddress }, ['email', 'walletAddress']);
+    if (validationError) {
+      return formatResponse(
+        validationError.statusCode,
+        {
+          error: validationError.error,
+          message: validationError.error
+        },
+        process.env.CORS_ORIGIN
+      );
+    }
+
     // Validate Turnstile token for free tier
     if (tier.toLowerCase() === 'free') {
       if (!turnstileToken) {
@@ -83,19 +96,6 @@ exports.handler = async (event, context) => {
       });
     }
 
-    // Validate inputs
-    const validationError = validateParams({ email, walletAddress }, ['email', 'walletAddress']);
-    if (validationError) {
-      return formatResponse(
-        validationError.statusCode,
-        {
-          error: validationError.error,
-          message: validationError.error
-        },
-        process.env.CORS_ORIGIN
-      );
-    }
-
     if (!validateEmail(email)) {
       return formatResponse(
         400,
@@ -128,30 +128,53 @@ exports.handler = async (event, context) => {
       );
     }
 
-    // For Free tier, create and send API key immediately
-    const clientIP = getClientIP(event);
-    const user = await createUserWithApiKey(normalizedEmail, normalizedWallet, 'free', clientIP);
+    if (tier.toLowerCase() === 'premium') {
+      // For Premium tier, redirect to payment flow
+      const clientIP = getClientIP(event);
+
+      // Log premium tier signup initiation
+      console.log('Premium tier signup initiated:', {
+        email: normalizedEmail,
+        walletAddress: normalizedWallet,
+        tier: 'premium',
+        clientIP: clientIP
+      });
 
-    // Log successful user account creation
-    console.log('User account created successfully:', {
-      email: normalizedEmail,
-      walletAddress: normalizedWallet,
-      tier: 'free',
-      clientIP: clientIP
-    });
+      return formatResponse(
+        200,
+        {
+          message: 'Redirect to payment flow',
+          redirectUrl: `${process.env.PAYMENT_URL}?email=${encodeURIComponent(normalizedEmail)}&wallet=${encodeURIComponent(normalizedWallet)}`
+        },
+        process.env.CORS_ORIGIN
+      );
+    }
+    else {
+      // For Free tier, create and send API key immediately
+      const clientIP = getClientIP(event);
+      const user = await createUserWithApiKey(normalizedEmail, normalizedWallet, 'free', clientIP);
+
+      // Log successful user account creation
+      console.log('User account created successfully:', {
+        email: normalizedEmail,
+        walletAddress: normalizedWallet,
+        tier: 'free',
+        clientIP: clientIP
+      });
 
-    // Send welcome email with API key
-    await sendWelcomeEmail(normalizedEmail, user.apiKey);
+      // Send welcome email with API key
+      await sendWelcomeEmail(normalizedEmail, user.apiKey);
 
-    // Return success response
-    return formatResponse(
-      200,
-      {
-        message: 'API key created successfully',
-        apiKey: user.apiKey
-      },
-      process.env.CORS_ORIGIN
-    );
+      // Return success response
+      return formatResponse(
+        200,
+        {
+          message: 'API key created successfully',
+          apiKey: user.apiKey
+        },
+        process.env.CORS_ORIGIN
+      );
+    }
   }
   catch (error) {
     console.error('Error processing signup:', error);
diff --git a/test/signup.test.js b/test/signup.test.js
@@ -111,6 +111,27 @@ describe('Signup Lambda Function', () => {
     expect(email.sendWelcomeEmail).toHaveBeenCalledWith('test@example.com', 'test-api-key');
   });
 
+  it('should redirect to payment flow for premium tier', async () => {
+    const event = {
+      httpMethod: 'POST',
+      body: JSON.stringify({
+        email: 'test@example.com',
+        walletAddress: '0x1234567890abcdef1234567890abcdef12345678',
+        tier: 'premium'
+      })
+    };
+
+    const response = await handler(event);
+    const body = JSON.parse(response.body);
+
+    expect(response.statusCode).toBe(200);
+    expect(body.message).toBe('Redirect to payment flow');
+    expect(body.redirectUrl).toBeDefined();
+
+    // Should not create API key or send email for premium tier
+    expect(apiKey.createUserWithApiKey).not.toHaveBeenCalled();
+    expect(email.sendWelcomeEmail).not.toHaveBeenCalled();
+  });
 
   it('should return 400 for invalid email', async () => {
     const event = {
@@ -265,4 +286,26 @@ describe('Signup Lambda Function', () => {
     expect(body.error).toBe('Missing verification');
     expect(body.field).toBe('turnstile');
   });
+
+  it('should validate parameters before checking turnstile token', async () => {
+    const event = {
+      httpMethod: 'POST',
+      body: JSON.stringify({
+        email: 'test@example.com',
+        // walletAddress is missing
+        tier: 'free',
+        turnstileToken: 'valid-token'
+      })
+    };
+
+    const response = await handler(event);
+    const body = JSON.parse(response.body);
+
+    expect(response.statusCode).toBe(400);
+    expect(body.error).toBe('Missing parameter: walletAddress');
+    
+    // Verify turnstile verification was not called since params failed first
+    const TurnstileVerificationInstance = new TurnstileVerification();
+    expect(TurnstileVerificationInstance.verifyToken).not.toHaveBeenCalled();
+  });
 });
