fix-stripe
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinese/fix-stripe
/fix-stripe
Fix the highest priority Stripe integration issue.
修复优先级最高的Stripe集成问题。
What This Does
功能说明
- Invoke to audit Stripe integration
/check-stripe - Identify highest priority issue
- Fix that one issue
- Verify the fix
- Report what was done
This is a fixer. It fixes one issue at a time. Run again for next issue. Use for full lifecycle.
/stripe- 调用审核Stripe集成情况
/check-stripe - 识别优先级最高的问题
- 修复该问题
- 验证修复效果
- 报告处理内容
这是一个修复工具,每次仅修复一个问题。如需处理下一个问题,请再次运行。使用进行全生命周期管理。
/stripeProcess
操作流程
1. Run Primitive
1. 运行基础工具
Invoke skill to get prioritized findings.
/check-stripe调用工具获取按优先级排序的问题清单。
/check-stripe2. Fix Priority Order
2. 修复优先级顺序
Fix in this order:
- P0: Missing webhook secret, hardcoded keys
- P1: Webhook verification, customer portal, subscription checks
- P2: Idempotency, error handling
- P3: Advanced features
按以下顺序修复:
- P0:缺失Webhook密钥、硬编码密钥
- P1:Webhook验证、客户门户、订阅检查
- P2:幂等性、错误处理
- P3:高级功能
3. Execute Fix
3. 执行修复
Missing webhook secret (P0):
Add to :
.env.localSTRIPE_WEBHOOK_SECRET=whsec_...Get from Stripe Dashboard or CLI:
bash
stripe listen --print-secretHardcoded keys (P0):
Replace hardcoded keys with environment variables:
typescript
// Before
const stripe = new Stripe('sk_test_...', { apiVersion: '2024-12-18.acacia' });
// After
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, { apiVersion: '2024-12-18.acacia' });Webhook verification missing (P1):
Update webhook handler:
typescript
export async function POST(req: Request) {
const body = await req.text();
const signature = req.headers.get('stripe-signature')!;
let event: Stripe.Event;
try {
event = stripe.webhooks.constructEvent(
body,
signature,
process.env.STRIPE_WEBHOOK_SECRET!
);
} catch (err) {
return new Response('Webhook signature verification failed', { status: 400 });
}
// Handle event...
}No customer portal (P1):
Add billing portal endpoint:
typescript
// app/api/stripe/portal/route.ts
export async function POST(req: Request) {
const { customerId } = await req.json();
const session = await stripe.billingPortal.sessions.create({
customer: customerId,
return_url: `${process.env.NEXT_PUBLIC_APP_URL}/settings`,
});
return Response.json({ url: session.url });
}Subscription status not checked (P1):
Add subscription check middleware:
typescript
async function requireActiveSubscription(userId: string) {
const subscription = await getSubscription(userId);
if (!subscription || subscription.status !== 'active') {
throw new Error('Active subscription required');
}
}缺失Webhook密钥(P0):
添加至:
.env.localSTRIPE_WEBHOOK_SECRET=whsec_...可从Stripe控制台或CLI获取:
bash
stripe listen --print-secret硬编码密钥(P0):
将硬编码密钥替换为环境变量:
typescript
// Before
const stripe = new Stripe('sk_test_...', { apiVersion: '2024-12-18.acacia' });
// After
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!, { apiVersion: '2024-12-18.acacia' });缺少Webhook验证(P1):
更新Webhook处理器:
typescript
export async function POST(req: Request) {
const body = await req.text();
const signature = req.headers.get('stripe-signature')!;
let event: Stripe.Event;
try {
event = stripe.webhooks.constructEvent(
body,
signature,
process.env.STRIPE_WEBHOOK_SECRET!
);
} catch (err) {
return new Response('Webhook signature verification failed', { status: 400 });
}
// Handle event...
}无客户门户(P1):
添加账单门户端点:
typescript
// app/api/stripe/portal/route.ts
export async function POST(req: Request) {
const { customerId } = await req.json();
const session = await stripe.billingPortal.sessions.create({
customer: customerId,
return_url: `${process.env.NEXT_PUBLIC_APP_URL}/settings`,
});
return Response.json({ url: session.url });
}未检查订阅状态(P1):
添加订阅检查中间件:
typescript
async function requireActiveSubscription(userId: string) {
const subscription = await getSubscription(userId);
if (!subscription || subscription.status !== 'active') {
throw new Error('Active subscription required');
}
}4. Verify
4. 验证修复
After fix:
bash
undefined修复完成后:
bash
undefinedTest webhook verification
测试Webhook验证
stripe trigger checkout.session.completed
stripe trigger checkout.session.completed
Check portal works
检查门户功能是否正常
curl -X POST http://localhost:3000/api/stripe/portal
-H "Content-Type: application/json"
-d '{"customerId": "cus_test"}'
-H "Content-Type: application/json"
-d '{"customerId": "cus_test"}'
undefinedcurl -X POST http://localhost:3000/api/stripe/portal
-H "Content-Type: application/json"
-d '{"customerId": "cus_test"}'
-H "Content-Type: application/json"
-d '{"customerId": "cus_test"}'
undefined5. Report
5. 生成报告
Fixed: [P0] Webhook signature not verified
Updated: app/api/webhooks/stripe/route.ts
- Added signature verification with constructEvent()
- Added error handling for invalid signatures
Verified: stripe trigger checkout.session.completed → verified
Next highest priority: [P1] No customer portal
Run /fix-stripe again to continue.Fixed: [P0] Webhook signature not verified
Updated: app/api/webhooks/stripe/route.ts
- Added signature verification with constructEvent()
- Added error handling for invalid signatures
Verified: stripe trigger checkout.session.completed → verified
Next highest priority: [P1] No customer portal
Run /fix-stripe again to continue.Branching
分支管理
Before making changes:
bash
git checkout -b fix/stripe-$(date +%Y%m%d)进行修改前:
bash
git checkout -b fix/stripe-$(date +%Y%m%d)Single-Issue Focus
单问题聚焦
Payment integrations are critical. Fix one thing at a time:
- Test each change thoroughly
- Easy to rollback specific fixes
- Clear audit trail for PCI
Run repeatedly to work through the backlog.
/fix-stripe支付集成至关重要,每次仅修复一个问题:
- 对每项修改进行全面测试
- 可轻松回滚特定修复
- 为PCI合规提供清晰的审计轨迹
重复运行以逐步处理所有问题。
/fix-stripeRelated
相关工具
- - The primitive (audit only)
/check-stripe - - Create issues without fixing
/log-stripe-issues - - Full Stripe lifecycle
/stripe - - Webhook diagnostics
/stripe-health
- - 基础工具(仅审核)
/check-stripe - - 仅创建问题不修复
/log-stripe-issues - - 完整Stripe生命周期管理
/stripe - - Webhook诊断工具
/stripe-health