Skip to content

(SP 1) [Backend] Block checkout when PAYMENTS_ENABLED=false to preven…#279

Merged
ViktorSvertoka merged 1 commit into
developfrom
lso/feat/shop-design
Feb 5, 2026
Merged

(SP 1) [Backend] Block checkout when PAYMENTS_ENABLED=false to preven…#279
ViktorSvertoka merged 1 commit into
developfrom
lso/feat/shop-design

Conversation

@liudmylasovetovs
Copy link
Copy Markdown
Collaborator

@liudmylasovetovs liudmylasovetovs commented Feb 5, 2026
edited by coderabbitai Bot
Loading

Description

This PR closes a payments-off edge case where POST /api/shop/checkout could still create and reserve orders when PAYMENTS_ENABLED=false, resulting in inconsistent payment_provider='none' + payment_status='paid' orders and stock being reserved without a real payment flow.

The checkout route now fail-closes early when payments are disabled, returning a 503 PAYMENTS_DISABLED response before any order/inventory writes occur.

Related Issue

Issue: #<issue_number>

Changes

  • Added an early guard in app/api/shop/checkout/route.ts to block checkout when isPaymentsEnabled() is false.
  • Prevented creation of paid/none orders and inventory reservations when the payment system is intentionally disabled.
  • Added structured logging for the blocked path (checkout_payments_disabled) to make the behavior observable in logs.

Database Changes (if applicable)

  • Schema migration required
  • Seed data updated
  • Breaking changes to existing queries
  • Transaction-safe migration
  • Migration tested locally on Neon

How Has This Been Tested?

  • Tested locally
  • Verified in development environment
  • Checked responsive layout (if UI-related)
  • Tested accessibility (keyboard / screen reader)

Steps:

  • Set PAYMENTS_ENABLED=false and called POST /api/shop/checkout with a valid payload and Idempotency-Key.
  • Confirmed response is 503 with code PAYMENTS_DISABLED.
  • Confirmed no new rows are inserted into orders, order_items, or inventory_moves.

Screenshots (if applicable)

N/A

Checklist

Before submitting

  • Code has been self-reviewed
  • No TypeScript or console errors
  • Code follows project conventions
  • Scope is limited to this feature/fix
  • No unrelated refactors included
  • English used in code, commits, and docs
  • New dependencies discussed with team
  • Database migration tested locally (if applicable)
  • GitHub Projects card moved to In Review

Reviewers

Summary by CodeRabbit

  • Refactor
    • Streamlined checkout payment validation flow for improved reliability and reduced error handling complexity.

@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Feb 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
devlovers-net Ready Ready Preview, Comment Feb 5, 2026 8:35pm

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Feb 5, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The checkout route is refactored to validate that payments are enabled before order creation, returning an early 503 error response. This eliminates subsequent complex error-handling branches that previously re-checked payment state and processed multiple conditional paths based on post-creation payment status.

Changes

Cohort / File(s) Summary
Checkout Route Simplification
frontend/app/api/shop/checkout/route.ts		 Adds early validation for payments enabled before order creation and removes post-order-creation payment status checks, eliminating multiple conditional error paths (CHECKOUT_FAILED, PAYMENTS_DISABLED, ORDER_STATE_INVALID) and associated error responses.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

  • AM1007
  • ViktorSvertoka

Poem

🐰 A payment check hops to the front,
No more backflips, no more stunt!
Sixty lines of branching freed,
Clean checkout flow, a rabbit's creed.
Early gates keep chaos at bay,
Simpler paths to save the day! 🥕

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: adding a guard to block checkout when PAYMENTS_ENABLED is false, which matches the primary objective of the PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch lso/feat/shop-design

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Feb 5, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e5950c8625

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread frontend/app/api/shop/checkout/route.ts
@ViktorSvertoka ViktorSvertoka changed the base branch from main to develop February 5, 2026 20:54
@ViktorSvertoka ViktorSvertoka merged commit 168b5b9 into develop Feb 5, 2026
7 checks passed
@ViktorSvertoka ViktorSvertoka deleted the lso/feat/shop-design branch February 5, 2026 20:54
This was referenced Feb 5, 2026
Merged
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Mar 24, 2026
Merged
20 tasks
@coderabbitai coderabbitai Bot mentioned this pull request Apr 4, 2026
Merged
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@ViktorSvertoka ViktorSvertoka Awaiting requested review from ViktorSvertoka ViktorSvertoka is a code owner

@AM1007 AM1007 Awaiting requested review from AM1007 AM1007 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liudmylasovetovs @ViktorSvertoka