[payment project] create an api for handling membership payment confirmation

[adarshm11]

the process of verifying who has paid for sce membership is very inefficient. we can fix this by making a lot of the requirements automated using clark. let's help by creating an api that can query which members have applied and paid for membership.

game plan

refer to #1965 and #1966 for the other components that will be relevant to this api. our goal is to provide an api that will be called when users try to confirm their membership payment on their profile, and will query the mongodb collection of payments.

here's what the mongodb schema MIGHT look like (may not be exactly the same):

userId: the id of the user making the payment request -> will be null until the user is verified
confirmationCode: the randomly generated code that the user has to input to verify
amount: the amount of money they paid as part of their application
status: an enum indicating whether the payment was "Pending", "Completed", or "Rejected"
venmo details: an object dictating the transaction ID, payer name, and other details

• set up a file in /api/main_endpoints/routes, let's call it MembershipPayment.js. then set up an express.js api; you can refer to OfficeAccessCard.js in the same directory to see how to set up the file.
• let's create a route called /verifyMembership. this will be a POST route that takes in the confirmation code from the frontend.
• the route needs to do routine checks on permissions and request body. we need to make sure that the user is authenticated and that the POST request body is what we expect. you can refer to the /delete route in OfficeAccessCard.js to see how to check these things.
• next, we need to check the database to see if the document we're looking for actually exists. this will require a query of the MembershipPayments collection to see if a document exists with confirmationCode field being equal to the confirmation code of the user that made the request. we also need to specify in the query that the status of the payment is "pending", so that we can avoid multiple people trying to use the same code.
  • if we cannot find such a document, we should return a 404 not found error to the user
  • database query functions should be defined in /api/util directory and imported into your api file
• if we find the document, then we need to update the membership payment document. let's set the status field to be "completed", and the userId field to be the _id of the user who made the request (we can use decoded.token._id to get this).
• we also need to update the user's membership state:

if (amount >= 30) {
  member for a year
} else if (amount >= 20) {
  member for a semester
} else {
  no membership
}

• if we reach the else case, their membership payment is rejected. in this case, we don't update their membership state, but we need to set the payment's status enum to "rejected". for updating membership state, you can refer to /api/main_endpoints/models/User.js to see how membership dates are stored.
• finally, we can return a response to the user with a 200 OK status code (successful) or a 400 bad request status code (unsuccessful). and of course, if we catch an error anywhere in this route, we return a 500 internal server error code.

feel free to use as much creative freedom as you'd like, as long as this is functional and meets the above constraints reasonably well we will be good to go 😁