From 06da80c9f0ed12c27b7fa5652c5b959d46561bdd Mon Sep 17 00:00:00 2001
From: Christel Westerberg <christel.westerberg@scandichotels.com>
Date: Thu, 14 Nov 2024 16:28:41 +0100
Subject: [PATCH] fix: conditionally use user token or service token for
 booking

---
 server/routers/booking/mutation.ts | 148 ++++++++++++++---------------
 1 file changed, 73 insertions(+), 75 deletions(-)

diff --git a/server/routers/booking/mutation.ts b/server/routers/booking/mutation.ts
index 2edbd5bdd..dc3bad0fe 100644
--- a/server/routers/booking/mutation.ts
+++ b/server/routers/booking/mutation.ts
@@ -2,7 +2,7 @@ import { metrics } from "@opentelemetry/api"
 
 import * as api from "@/lib/api"
 import { getVerifiedUser } from "@/server/routers/user/query"
-import { router, serviceProcedure } from "@/server/trpc"
+import { router, safeProtectedServiceProcedure } from "@/server/trpc"
 
 import { getMembership } from "@/utils/user"
 
@@ -35,95 +35,93 @@ async function getMembershipNumber(
 }
 
 export const bookingMutationRouter = router({
-  create: serviceProcedure.input(createBookingInput).mutation(async function ({
-    ctx,
-    input,
-  }) {
-    const { checkInDate, checkOutDate, hotelId } = input
+  create: safeProtectedServiceProcedure
+    .input(createBookingInput)
+    .mutation(async function ({ ctx, input }) {
+      const accessToken = ctx.session?.token.access_token ?? ctx.serviceToken
+      const { checkInDate, checkOutDate, hotelId } = input
 
-    // TODO: add support for user token OR service token in procedure
-    // then we can fetch membership number if user token exists
-    const loggingAttributes = {
-      // membershipNumber: await getMembershipNumber(ctx.session),
-      checkInDate,
-      checkOutDate,
-      hotelId,
-    }
-
-    createBookingCounter.add(1, { hotelId, checkInDate, checkOutDate })
-
-    console.info(
-      "api.booking.create start",
-      JSON.stringify({
-        query: loggingAttributes,
-      })
-    )
-    const headers = {
-      Authorization: `Bearer ${ctx.serviceToken}`,
-    }
-
-    const apiResponse = await api.post(api.endpoints.v1.Booking.bookings, {
-      headers,
-      body: input,
-    })
-
-    if (!apiResponse.ok) {
-      const text = await apiResponse.text()
-      createBookingFailCounter.add(1, {
-        hotelId,
+      const loggingAttributes = {
+        membershipNumber: await getMembershipNumber(ctx.session),
         checkInDate,
         checkOutDate,
-        error_type: "http_error",
-        error: JSON.stringify({
-          status: apiResponse.status,
-        }),
-      })
-      console.error(
-        "api.booking.create error",
+        hotelId,
+      }
+
+      createBookingCounter.add(1, { hotelId, checkInDate, checkOutDate })
+
+      console.info(
+        "api.booking.create start",
         JSON.stringify({
           query: loggingAttributes,
-          error: {
+        })
+      )
+      const headers = {
+        Authorization: `Bearer ${accessToken}`,
+      }
+
+      const apiResponse = await api.post(api.endpoints.v1.Booking.bookings, {
+        headers,
+        body: input,
+      })
+
+      if (!apiResponse.ok) {
+        const text = await apiResponse.text()
+        createBookingFailCounter.add(1, {
+          hotelId,
+          checkInDate,
+          checkOutDate,
+          error_type: "http_error",
+          error: JSON.stringify({
             status: apiResponse.status,
-            statusText: apiResponse.statusText,
-            error: text,
-          },
+          }),
         })
-      )
-      return null
-    }
+        console.error(
+          "api.booking.create error",
+          JSON.stringify({
+            query: loggingAttributes,
+            error: {
+              status: apiResponse.status,
+              statusText: apiResponse.statusText,
+              error: text,
+            },
+          })
+        )
+        return null
+      }
 
-    const apiJson = await apiResponse.json()
-    const verifiedData = createBookingSchema.safeParse(apiJson)
-    if (!verifiedData.success) {
-      createBookingFailCounter.add(1, {
+      const apiJson = await apiResponse.json()
+      const verifiedData = createBookingSchema.safeParse(apiJson)
+      if (!verifiedData.success) {
+        createBookingFailCounter.add(1, {
+          hotelId,
+          checkInDate,
+          checkOutDate,
+          error_type: "validation_error",
+        })
+
+        console.error(
+          "api.booking.create validation error",
+          JSON.stringify({
+            query: loggingAttributes,
+            error: verifiedData.error,
+          })
+        )
+        return null
+      }
+
+      createBookingSuccessCounter.add(1, {
         hotelId,
         checkInDate,
         checkOutDate,
-        error_type: "validation_error",
       })
 
-      console.error(
-        "api.booking.create validation error",
+      console.info(
+        "api.booking.create success",
         JSON.stringify({
           query: loggingAttributes,
-          error: verifiedData.error,
         })
       )
-      return null
-    }
-
-    createBookingSuccessCounter.add(1, {
-      hotelId,
-      checkInDate,
-      checkOutDate,
-    })
-
-    console.info(
-      "api.booking.create success",
-      JSON.stringify({
-        query: loggingAttributes,
-      })
-    )
-    return verifiedData.data
-  }),
+      return verifiedData.data
+    }),
 })