@better-auth/stripe 1.4.10-beta.1 → 1.4.11-beta.1

package/dist/index.mjs

@@ -1,13 +1,37 @@
-import { t as STRIPE_ERROR_CODES$1 } from "./error-codes-qqooUh6R.mjs";
-import { defineErrorCodes } from "@better-auth/core/utils";
+import { APIError, HIDE_METADATA } from "better-auth";
 import { defu } from "defu";
+import { defineErrorCodes } from "@better-auth/core/utils";
 import { createAuthEndpoint, createAuthMiddleware } from "@better-auth/core/api";
-import { APIError } from "@better-auth/core/error";
-import { HIDE_METADATA, logger } from "better-auth";
 import { APIError as APIError$1, getSessionFromCtx, originCheck, sessionMiddleware } from "better-auth/api";
 import * as z from "zod/v4";
 import { mergeSchema } from "better-auth/db";
 
+//#region src/error-codes.ts
+const STRIPE_ERROR_CODES = defineErrorCodes({
+	UNAUTHORIZED: "Unauthorized access",
+	INVALID_REQUEST_BODY: "Invalid request body",
+	SUBSCRIPTION_NOT_FOUND: "Subscription not found",
+	SUBSCRIPTION_PLAN_NOT_FOUND: "Subscription plan not found",
+	ALREADY_SUBSCRIBED_PLAN: "You're already subscribed to this plan",
+	REFERENCE_ID_NOT_ALLOWED: "Reference id is not allowed",
+	CUSTOMER_NOT_FOUND: "Stripe customer not found for this user",
+	UNABLE_TO_CREATE_CUSTOMER: "Unable to create customer",
+	UNABLE_TO_CREATE_BILLING_PORTAL: "Unable to create billing portal session",
+	STRIPE_SIGNATURE_NOT_FOUND: "Stripe signature not found",
+	STRIPE_WEBHOOK_SECRET_NOT_FOUND: "Stripe webhook secret not found",
+	STRIPE_WEBHOOK_ERROR: "Stripe webhook error",
+	FAILED_TO_CONSTRUCT_STRIPE_EVENT: "Failed to construct Stripe event",
+	FAILED_TO_FETCH_PLANS: "Failed to fetch plans",
+	EMAIL_VERIFICATION_REQUIRED: "Email verification is required before you can subscribe to a plan",
+	SUBSCRIPTION_NOT_ACTIVE: "Subscription is not active",
+	SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION: "Subscription is not scheduled for cancellation",
+	ORGANIZATION_NOT_FOUND: "Organization not found",
+	ORGANIZATION_SUBSCRIPTION_NOT_ENABLED: "Organization subscription is not enabled",
+	ORGANIZATION_HAS_ACTIVE_SUBSCRIPTION: "Cannot delete organization with active subscription",
+	ORGANIZATION_REFERENCE_ID_REQUIRED: "Reference ID is required. Provide referenceId or set activeOrganizationId in session"
+});
+
+//#endregion
 //#region src/utils.ts
 async function getPlans(subscriptionOptions) {
 	if (subscriptionOptions?.enabled) return typeof subscriptionOptions.plans === "function" ? await subscriptionOptions.plans() : subscriptionOptions.plans;
@@ -19,21 +43,86 @@ async function getPlanByPriceInfo(options, priceId, priceLookupKey) {
 async function getPlanByName(options, name) {
 	return await getPlans(options.subscription).then((res) => res?.find((plan) => plan.name.toLowerCase() === name.toLowerCase()));
 }
+/**
+* Checks if a subscription is in an available state (active or trialing)
+*/
+function isActiveOrTrialing(sub) {
+	return sub.status === "active" || sub.status === "trialing";
+}
+/**
+* Check if a subscription is scheduled to be canceled (DB subscription object)
+*/
+function isPendingCancel(sub) {
+	return !!(sub.cancelAtPeriodEnd || sub.cancelAt);
+}
+/**
+* Check if a Stripe subscription is scheduled to be canceled (Stripe API response)
+*/
+function isStripePendingCancel(stripeSub) {
+	return !!(stripeSub.cancel_at_period_end || stripeSub.cancel_at);
+}
+/**
+* Escapes a value for use in Stripe search queries.
+* Stripe search query uses double quotes for string values,
+* and double quotes within the value need to be escaped with backslash.
+*
+* @see https://docs.stripe.com/search#search-query-language
+*/
+function escapeStripeSearchValue(value) {
+	return value.replace(/"/g, "\\\"");
+}
 
 //#endregion
 //#region src/hooks.ts
+/**
+* Find organization or user by stripeCustomerId.
+* @internal
+*/
+async function findReferenceByStripeCustomerId(ctx, options, stripeCustomerId) {
+	if (options.organization?.enabled) {
+		const org = await ctx.context.adapter.findOne({
+			model: "organization",
+			where: [{
+				field: "stripeCustomerId",
+				value: stripeCustomerId
+			}]
+		});
+		if (org) return {
+			customerType: "organization",
+			referenceId: org.id
+		};
+	}
+	const user$1 = await ctx.context.adapter.findOne({
+		model: "user",
+		where: [{
+			field: "stripeCustomerId",
+			value: stripeCustomerId
+		}]
+	});
+	if (user$1) return {
+		customerType: "user",
+		referenceId: user$1.id
+	};
+	return null;
+}
 async function onCheckoutSessionCompleted(ctx, options, event) {
 	try {
 		const client = options.stripeClient;
 		const checkoutSession = event.data.object;
 		if (checkoutSession.mode === "setup" || !options.subscription?.enabled) return;
 		const subscription = await client.subscriptions.retrieve(checkoutSession.subscription);
-		const priceId = subscription.items.data[0]?.price.id;
-		const plan = await getPlanByPriceInfo(options, priceId, subscription.items.data[0]?.price.lookup_key || null);
+		const subscriptionItem = subscription.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(`Stripe webhook warning: Subscription ${subscription.id} has no items`);
+			return;
+		}
+		const priceId = subscriptionItem.price.id;
+		const priceLookupKey = subscriptionItem.price.lookup_key;
+		const plan = await getPlanByPriceInfo(options, priceId, priceLookupKey);
 		if (plan) {
 			const referenceId = checkoutSession?.client_reference_id || checkoutSession?.metadata?.referenceId;
 			const subscriptionId = checkoutSession?.metadata?.subscriptionId;
-			const seats = subscription.items.data[0].quantity;
+			const seats = subscriptionItem.quantity;
 			if (referenceId && subscriptionId) {
 				const trial = subscription.trial_start && subscription.trial_end ? {
 					trialStart: /* @__PURE__ */ new Date(subscription.trial_start * 1e3),
@@ -45,9 +134,13 @@ async function onCheckoutSessionCompleted(ctx, options, event) {
 						plan: plan.name.toLowerCase(),
 						status: subscription.status,
 						updatedAt: /* @__PURE__ */ new Date(),
-						periodStart: /* @__PURE__ */ new Date(subscription.items.data[0].current_period_start * 1e3),
-						periodEnd: /* @__PURE__ */ new Date(subscription.items.data[0].current_period_end * 1e3),
+						periodStart: /* @__PURE__ */ new Date(subscriptionItem.current_period_start * 1e3),
+						periodEnd: /* @__PURE__ */ new Date(subscriptionItem.current_period_end * 1e3),
 						stripeSubscriptionId: checkoutSession.subscription,
+						cancelAtPeriodEnd: subscription.cancel_at_period_end,
+						cancelAt: subscription.cancel_at ? /* @__PURE__ */ new Date(subscription.cancel_at * 1e3) : null,
+						canceledAt: subscription.canceled_at ? /* @__PURE__ */ new Date(subscription.canceled_at * 1e3) : null,
+						endedAt: subscription.ended_at ? /* @__PURE__ */ new Date(subscription.ended_at * 1e3) : null,
 						seats,
 						...trial
 					},
@@ -74,15 +167,95 @@ async function onCheckoutSessionCompleted(ctx, options, event) {
 			}
 		}
 	} catch (e) {
-		logger.error(`Stripe webhook failed. Error: ${e.message}`);
+		ctx.context.logger.error(`Stripe webhook failed. Error: ${e.message}`);
+	}
+}
+async function onSubscriptionCreated(ctx, options, event) {
+	try {
+		if (!options.subscription?.enabled) return;
+		const subscriptionCreated = event.data.object;
+		const stripeCustomerId = subscriptionCreated.customer?.toString();
+		if (!stripeCustomerId) {
+			ctx.context.logger.warn(`Stripe webhook warning: customer.subscription.created event received without customer ID`);
+			return;
+		}
+		const subscriptionId = subscriptionCreated.metadata?.subscriptionId;
+		const existingSubscription = await ctx.context.adapter.findOne({
+			model: "subscription",
+			where: subscriptionId ? [{
+				field: "id",
+				value: subscriptionId
+			}] : [{
+				field: "stripeSubscriptionId",
+				value: subscriptionCreated.id
+			}]
+		});
+		if (existingSubscription) {
+			ctx.context.logger.info(`Stripe webhook: Subscription already exists in database (id: ${existingSubscription.id}), skipping creation`);
+			return;
+		}
+		const reference = await findReferenceByStripeCustomerId(ctx, options, stripeCustomerId);
+		if (!reference) {
+			ctx.context.logger.warn(`Stripe webhook warning: No user or organization found with stripeCustomerId: ${stripeCustomerId}`);
+			return;
+		}
+		const { referenceId, customerType } = reference;
+		const subscriptionItem = subscriptionCreated.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(`Stripe webhook warning: Subscription ${subscriptionCreated.id} has no items`);
+			return;
+		}
+		const priceId = subscriptionItem.price.id;
+		const plan = await getPlanByPriceInfo(options, priceId, subscriptionItem.price.lookup_key || null);
+		if (!plan) {
+			ctx.context.logger.warn(`Stripe webhook warning: No matching plan found for priceId: ${priceId}`);
+			return;
+		}
+		const seats = subscriptionItem.quantity;
+		const periodStart = /* @__PURE__ */ new Date(subscriptionItem.current_period_start * 1e3);
+		const periodEnd = /* @__PURE__ */ new Date(subscriptionItem.current_period_end * 1e3);
+		const trial = subscriptionCreated.trial_start && subscriptionCreated.trial_end ? {
+			trialStart: /* @__PURE__ */ new Date(subscriptionCreated.trial_start * 1e3),
+			trialEnd: /* @__PURE__ */ new Date(subscriptionCreated.trial_end * 1e3)
+		} : {};
+		const newSubscription = await ctx.context.adapter.create({
+			model: "subscription",
+			data: {
+				referenceId,
+				stripeCustomerId,
+				stripeSubscriptionId: subscriptionCreated.id,
+				status: subscriptionCreated.status,
+				plan: plan.name.toLowerCase(),
+				periodStart,
+				periodEnd,
+				seats,
+				...plan.limits ? { limits: plan.limits } : {},
+				...trial
+			}
+		});
+		ctx.context.logger.info(`Stripe webhook: Created subscription ${subscriptionCreated.id} for ${customerType} ${referenceId} from dashboard`);
+		await options.subscription.onSubscriptionCreated?.({
+			event,
+			subscription: newSubscription,
+			stripeSubscription: subscriptionCreated,
+			plan
+		});
+	} catch (error) {
+		ctx.context.logger.error(`Stripe webhook failed. Error: ${error}`);
 	}
 }
 async function onSubscriptionUpdated(ctx, options, event) {
 	try {
 		if (!options.subscription?.enabled) return;
 		const subscriptionUpdated = event.data.object;
-		const priceId = subscriptionUpdated.items.data[0].price.id;
-		const plan = await getPlanByPriceInfo(options, priceId, subscriptionUpdated.items.data[0].price.lookup_key || null);
+		const subscriptionItem = subscriptionUpdated.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(`Stripe webhook warning: Subscription ${subscriptionUpdated.id} has no items`);
+			return;
+		}
+		const priceId = subscriptionItem.price.id;
+		const priceLookupKey = subscriptionItem.price.lookup_key;
+		const plan = await getPlanByPriceInfo(options, priceId, priceLookupKey);
 		const subscriptionId = subscriptionUpdated.metadata?.subscriptionId;
 		const customerId = subscriptionUpdated.customer?.toString();
 		let subscription = await ctx.context.adapter.findOne({
@@ -104,15 +277,14 @@ async function onSubscriptionUpdated(ctx, options, event) {
 				}]
 			});
 			if (subs.length > 1) {
-				const activeSub = subs.find((sub) => sub.status === "active" || sub.status === "trialing");
+				const activeSub = subs.find((sub) => isActiveOrTrialing(sub));
 				if (!activeSub) {
-					logger.warn(`Stripe webhook error: Multiple subscriptions found for customerId: ${customerId} and no active subscription is found`);
+					ctx.context.logger.warn(`Stripe webhook error: Multiple subscriptions found for customerId: ${customerId} and no active subscription is found`);
 					return;
 				}
 				subscription = activeSub;
 			} else subscription = subs[0];
 		}
-		const seats = subscriptionUpdated.items.data[0].quantity;
 		const updatedSubscription = await ctx.context.adapter.update({
 			model: "subscription",
 			update: {
@@ -122,10 +294,13 @@ async function onSubscriptionUpdated(ctx, options, event) {
 				} : {},
 				updatedAt: /* @__PURE__ */ new Date(),
 				status: subscriptionUpdated.status,
-				periodStart: /* @__PURE__ */ new Date(subscriptionUpdated.items.data[0].current_period_start * 1e3),
-				periodEnd: /* @__PURE__ */ new Date(subscriptionUpdated.items.data[0].current_period_end * 1e3),
+				periodStart: /* @__PURE__ */ new Date(subscriptionItem.current_period_start * 1e3),
+				periodEnd: /* @__PURE__ */ new Date(subscriptionItem.current_period_end * 1e3),
 				cancelAtPeriodEnd: subscriptionUpdated.cancel_at_period_end,
-				seats,
+				cancelAt: subscriptionUpdated.cancel_at ? /* @__PURE__ */ new Date(subscriptionUpdated.cancel_at * 1e3) : null,
+				canceledAt: subscriptionUpdated.canceled_at ? /* @__PURE__ */ new Date(subscriptionUpdated.canceled_at * 1e3) : null,
+				endedAt: subscriptionUpdated.ended_at ? /* @__PURE__ */ new Date(subscriptionUpdated.ended_at * 1e3) : null,
+				seats: subscriptionItem.quantity,
 				stripeSubscriptionId: subscriptionUpdated.id
 			},
 			where: [{
@@ -133,7 +308,7 @@ async function onSubscriptionUpdated(ctx, options, event) {
 				value: subscription.id
 			}]
 		});
-		if (subscriptionUpdated.status === "active" && subscriptionUpdated.cancel_at_period_end && !subscription.cancelAtPeriodEnd) await options.subscription.onSubscriptionCancel?.({
+		if (subscriptionUpdated.status === "active" && isStripePendingCancel(subscriptionUpdated) && !isPendingCancel(subscription)) await options.subscription.onSubscriptionCancel?.({
 			subscription,
 			cancellationDetails: subscriptionUpdated.cancellation_details || void 0,
 			stripeSubscription: subscriptionUpdated,
@@ -148,7 +323,7 @@ async function onSubscriptionUpdated(ctx, options, event) {
 			if (subscriptionUpdated.status === "incomplete_expired" && subscription.status === "trialing" && plan.freeTrial?.onTrialExpired) await plan.freeTrial.onTrialExpired(subscription, ctx);
 		}
 	} catch (error) {
-		logger.error(`Stripe webhook failed. Error: ${error}`);
+		ctx.context.logger.error(`Stripe webhook failed. Error: ${error}`);
 	}
 }
 async function onSubscriptionDeleted(ctx, options, event) {
@@ -172,7 +347,11 @@ async function onSubscriptionDeleted(ctx, options, event) {
 				}],
 				update: {
 					status: "canceled",
-					updatedAt: /* @__PURE__ */ new Date()
+					updatedAt: /* @__PURE__ */ new Date(),
+					cancelAtPeriodEnd: subscriptionDeleted.cancel_at_period_end,
+					cancelAt: subscriptionDeleted.cancel_at ? /* @__PURE__ */ new Date(subscriptionDeleted.cancel_at * 1e3) : null,
+					canceledAt: subscriptionDeleted.canceled_at ? /* @__PURE__ */ new Date(subscriptionDeleted.canceled_at * 1e3) : null,
+					endedAt: subscriptionDeleted.ended_at ? /* @__PURE__ */ new Date(subscriptionDeleted.ended_at * 1e3) : null
 				}
 			});
 			await options.subscription.onSubscriptionDeleted?.({
@@ -180,41 +359,94 @@ async function onSubscriptionDeleted(ctx, options, event) {
 				stripeSubscription: subscriptionDeleted,
 				subscription
 			});
-		} else logger.warn(`Stripe webhook error: Subscription not found for subscriptionId: ${subscriptionId}`);
+		} else ctx.context.logger.warn(`Stripe webhook error: Subscription not found for subscriptionId: ${subscriptionId}`);
 	} catch (error) {
-		logger.error(`Stripe webhook failed. Error: ${error}`);
+		ctx.context.logger.error(`Stripe webhook failed. Error: ${error}`);
 	}
 }
 
 //#endregion
 //#region src/middleware.ts
+const stripeSessionMiddleware = createAuthMiddleware({ use: [sessionMiddleware] }, async (ctx) => {
+	return { session: ctx.context.session };
+});
 const referenceMiddleware = (subscriptionOptions, action) => createAuthMiddleware(async (ctx) => {
-	const session = ctx.context.session;
-	if (!session) throw new APIError$1("UNAUTHORIZED");
-	const referenceId = ctx.body?.referenceId || ctx.query?.referenceId || session.user.id;
-	if (referenceId !== session.user.id && !subscriptionOptions.authorizeReference) {
-		logger.error(`Passing referenceId into a subscription action isn't allowed if subscription.authorizeReference isn't defined in your stripe plugin config.`);
-		throw new APIError$1("BAD_REQUEST", { message: "Reference id is not allowed. Read server logs for more details." });
+	const ctxSession = ctx.context.session;
+	if (!ctxSession) throw new APIError$1("UNAUTHORIZED", { message: STRIPE_ERROR_CODES.UNAUTHORIZED });
+	const customerType = ctx.body?.customerType || ctx.query?.customerType;
+	const explicitReferenceId = ctx.body?.referenceId || ctx.query?.referenceId;
+	if (customerType === "organization") {
+		if (!subscriptionOptions.authorizeReference) {
+			ctx.context.logger.error(`Organization subscriptions require authorizeReference to be defined in your stripe plugin config.`);
+			throw APIError$1.from("BAD_REQUEST", STRIPE_ERROR_CODES.ORGANIZATION_SUBSCRIPTION_NOT_ENABLED);
+		}
+		const referenceId = explicitReferenceId || ctxSession.session.activeOrganizationId;
+		if (!referenceId) throw APIError$1.from("BAD_REQUEST", STRIPE_ERROR_CODES.ORGANIZATION_REFERENCE_ID_REQUIRED);
+		if (!await subscriptionOptions.authorizeReference({
+			user: ctxSession.user,
+			session: ctxSession.session,
+			referenceId,
+			action
+		}, ctx)) throw APIError$1.from("UNAUTHORIZED", STRIPE_ERROR_CODES.UNAUTHORIZED);
+		return;
 	}
-	/**
-	* if referenceId is the same as the active session user's id
-	*/
-	const sameReference = ctx.query?.referenceId === session.user.id || ctx.body?.referenceId === session.user.id;
-	if (!(ctx.body?.referenceId || ctx.query?.referenceId ? await subscriptionOptions.authorizeReference?.({
-		user: session.user,
-		session: session.session,
-		referenceId,
+	if (!explicitReferenceId) return;
+	if (explicitReferenceId === ctxSession.user.id) return;
+	if (!subscriptionOptions.authorizeReference) {
+		ctx.context.logger.error(`Passing referenceId into a subscription action isn't allowed if subscription.authorizeReference isn't defined in your stripe plugin config.`);
+		throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.REFERENCE_ID_NOT_ALLOWED });
+	}
+	if (!await subscriptionOptions.authorizeReference({
+		user: ctxSession.user,
+		session: ctxSession.session,
+		referenceId: explicitReferenceId,
 		action
-	}, ctx) || sameReference : true)) throw new APIError$1("UNAUTHORIZED", { message: "Unauthorized" });
+	}, ctx)) throw new APIError$1("UNAUTHORIZED", { message: STRIPE_ERROR_CODES.UNAUTHORIZED });
 });
 
 //#endregion
 //#region src/routes.ts
+/**
+* Converts a relative URL to an absolute URL using baseURL.
+* @internal
+*/
+function getUrl(ctx, url) {
+	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) return url;
+	return `${ctx.context.options.baseURL}${url.startsWith("/") ? url : `/${url}`}`;
+}
+/**
+* Resolves a Stripe price ID from a lookup key.
+* @internal
+*/
+async function resolvePriceIdFromLookupKey(stripeClient, lookupKey) {
+	if (!lookupKey) return void 0;
+	return (await stripeClient.prices.list({
+		lookup_keys: [lookupKey],
+		active: true,
+		limit: 1
+	})).data[0]?.id;
+}
+/**
+* Determines the reference ID based on customer type.
+* - `user` (default): uses userId
+* - `organization`: uses activeOrganizationId from session
+* @internal
+*/
+function getReferenceId(ctxSession, customerType, options) {
+	const { user: user$1, session } = ctxSession;
+	if ((customerType || "user") === "organization") {
+		if (!options.organization?.enabled) throw APIError$1.from("BAD_REQUEST", STRIPE_ERROR_CODES.ORGANIZATION_SUBSCRIPTION_NOT_ENABLED);
+		if (!session.activeOrganizationId) throw APIError$1.from("BAD_REQUEST", STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND);
+		return session.activeOrganizationId;
+	}
+	return user$1.id;
+}
 const upgradeSubscriptionBodySchema = z.object({
 	plan: z.string().meta({ description: "The name of the plan to upgrade to. Eg: \"pro\"" }),
 	annual: z.boolean().meta({ description: "Whether to upgrade to an annual plan. Eg: true" }).optional(),
-	referenceId: z.string().meta({ description: "Reference id of the subscription to upgrade. Eg: \"123\"" }).optional(),
+	referenceId: z.string().meta({ description: "Reference ID for the subscription. Eg: \"org_123\"" }).optional(),
 	subscriptionId: z.string().meta({ description: "The Stripe subscription ID to upgrade. Eg: \"sub_1ABC2DEF3GHI4JKL\"" }).optional(),
+	customerType: z.enum(["user", "organization"]).meta({ description: "Customer type for the subscription. Eg: \"user\" or \"organization\"" }).optional(),
 	metadata: z.record(z.string(), z.any()).optional(),
 	seats: z.number().meta({ description: "Number of seats to upgrade to (if applicable). Eg: 1" }).optional(),
 	successUrl: z.string().meta({ description: "Callback URL to redirect back after successful subscription. Eg: \"https://example.com/success\"" }).default("/"),
@@ -245,18 +477,19 @@ const upgradeSubscription = (options) => {
 		body: upgradeSubscriptionBodySchema,
 		metadata: { openapi: { operationId: "upgradeSubscription" } },
 		use: [
-			sessionMiddleware,
+			stripeSessionMiddleware,
+			referenceMiddleware(subscriptionOptions, "upgrade-subscription"),
 			originCheck((c) => {
 				return [c.body.successUrl, c.body.cancelUrl];
-			}),
-			referenceMiddleware(subscriptionOptions, "upgrade-subscription")
+			})
 		]
 	}, async (ctx) => {
 		const { user: user$1, session } = ctx.context.session;
-		if (!user$1.emailVerified && subscriptionOptions.requireEmailVerification) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.EMAIL_VERIFICATION_REQUIRED);
-		const referenceId = ctx.body.referenceId || user$1.id;
+		const customerType = ctx.body.customerType || "user";
+		const referenceId = ctx.body.referenceId || getReferenceId(ctx.context.session, customerType, options);
+		if (!user$1.emailVerified && subscriptionOptions.requireEmailVerification) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.EMAIL_VERIFICATION_REQUIRED });
 		const plan = await getPlanByName(options, ctx.body.plan);
-		if (!plan) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_PLAN_NOT_FOUND);
+		if (!plan) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND });
 		let subscriptionToUpdate = ctx.body.subscriptionId ? await ctx.context.adapter.findOne({
 			model: "subscription",
 			where: [{
@@ -271,49 +504,104 @@ const upgradeSubscription = (options) => {
 			}]
 		}) : null;
 		if (ctx.body.subscriptionId && subscriptionToUpdate && subscriptionToUpdate.referenceId !== referenceId) subscriptionToUpdate = null;
-		if (ctx.body.subscriptionId && !subscriptionToUpdate) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
-		let customerId = subscriptionToUpdate?.stripeCustomerId || user$1.stripeCustomerId;
-		if (!customerId) try {
-			let stripeCustomer = (await client.customers.list({
-				email: user$1.email,
-				limit: 1
-			})).data[0];
-			if (!stripeCustomer) stripeCustomer = await client.customers.create({
-				email: user$1.email,
-				name: user$1.name,
-				metadata: {
-					...ctx.body.metadata,
-					userId: user$1.id
+		if (ctx.body.subscriptionId && !subscriptionToUpdate) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
+		let customerId;
+		if (customerType === "organization") {
+			customerId = subscriptionToUpdate?.stripeCustomerId;
+			if (!customerId) {
+				const org = await ctx.context.adapter.findOne({
+					model: "organization",
+					where: [{
+						field: "id",
+						value: referenceId
+					}]
+				});
+				if (!org) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND });
+				customerId = org.stripeCustomerId;
+				if (!customerId) try {
+					let stripeCustomer = (await client.customers.search({
+						query: `metadata["organizationId"]:"${org.id}"`,
+						limit: 1
+					})).data[0];
+					if (!stripeCustomer) {
+						let extraCreateParams = {};
+						if (options.organization?.getCustomerCreateParams) extraCreateParams = await options.organization.getCustomerCreateParams(org, ctx);
+						const customerParams = defu({
+							name: org.name,
+							metadata: {
+								...ctx.body.metadata,
+								organizationId: org.id,
+								customerType: "organization"
+							}
+						}, extraCreateParams);
+						stripeCustomer = await client.customers.create(customerParams);
+						await options.organization?.onCustomerCreate?.({
+							stripeCustomer,
+							organization: {
+								...org,
+								stripeCustomerId: stripeCustomer.id
+							}
+						}, ctx);
+					}
+					await ctx.context.adapter.update({
+						model: "organization",
+						update: { stripeCustomerId: stripeCustomer.id },
+						where: [{
+							field: "id",
+							value: org.id
+						}]
+					});
+					customerId = stripeCustomer.id;
+				} catch (e) {
+					ctx.context.logger.error(e);
+					throw APIError$1.from("BAD_REQUEST", STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER);
 				}
-			});
-			await ctx.context.adapter.update({
-				model: "user",
-				update: { stripeCustomerId: stripeCustomer.id },
-				where: [{
-					field: "id",
-					value: user$1.id
-				}]
-			});
-			customerId = stripeCustomer.id;
-		} catch (e) {
-			ctx.context.logger.error(e);
-			throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.UNABLE_TO_CREATE_CUSTOMER);
+			}
+		} else {
+			customerId = subscriptionToUpdate?.stripeCustomerId || user$1.stripeCustomerId;
+			if (!customerId) try {
+				let stripeCustomer = (await client.customers.search({
+					query: `email:"${escapeStripeSearchValue(user$1.email)}" AND -metadata["customerType"]:"organization"`,
+					limit: 1
+				})).data[0];
+				if (!stripeCustomer) stripeCustomer = await client.customers.create({
+					email: user$1.email,
+					name: user$1.name,
+					metadata: {
+						...ctx.body.metadata,
+						userId: user$1.id,
+						customerType: "user"
+					}
+				});
+				await ctx.context.adapter.update({
+					model: "user",
+					update: { stripeCustomerId: stripeCustomer.id },
+					where: [{
+						field: "id",
+						value: user$1.id
+					}]
+				});
+				customerId = stripeCustomer.id;
+			} catch (e) {
+				ctx.context.logger.error(e);
+				throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER });
+			}
 		}
 		const subscriptions$1 = subscriptionToUpdate ? [subscriptionToUpdate] : await ctx.context.adapter.findMany({
 			model: "subscription",
 			where: [{
 				field: "referenceId",
-				value: ctx.body.referenceId || user$1.id
+				value: referenceId
 			}]
 		});
-		const activeOrTrialingSubscription = subscriptions$1.find((sub) => sub.status === "active" || sub.status === "trialing");
-		const activeSubscription = (await client.subscriptions.list({ customer: customerId }).then((res) => res.data.filter((sub) => sub.status === "active" || sub.status === "trialing"))).find((sub) => {
+		const activeOrTrialingSubscription = subscriptions$1.find((sub) => isActiveOrTrialing(sub));
+		const activeSubscription = (await client.subscriptions.list({ customer: customerId }).then((res) => res.data.filter((sub) => isActiveOrTrialing(sub)))).find((sub) => {
 			if (subscriptionToUpdate?.stripeSubscriptionId || ctx.body.subscriptionId) return sub.id === subscriptionToUpdate?.stripeSubscriptionId || sub.id === ctx.body.subscriptionId;
 			if (activeOrTrialingSubscription?.stripeSubscriptionId) return sub.id === activeOrTrialingSubscription.stripeSubscriptionId;
 			return false;
 		});
 		const incompleteSubscription = subscriptions$1.find((sub) => sub.status === "incomplete");
-		if (activeOrTrialingSubscription && activeOrTrialingSubscription.status === "active" && activeOrTrialingSubscription.plan === ctx.body.plan && activeOrTrialingSubscription.seats === (ctx.body.seats || 1)) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.ALREADY_SUBSCRIBED_PLAN);
+		if (activeOrTrialingSubscription && activeOrTrialingSubscription.status === "active" && activeOrTrialingSubscription.plan === ctx.body.plan && activeOrTrialingSubscription.seats === (ctx.body.seats || 1)) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.ALREADY_SUBSCRIBED_PLAN });
 		if (activeSubscription && customerId) {
 			let dbSubscription = await ctx.context.adapter.findOne({
 				model: "subscription",
@@ -371,7 +659,7 @@ const upgradeSubscription = (options) => {
 			});
 			return ctx.json({
 				url,
-				redirect: true
+				redirect: !ctx.body.disableRedirect
 			});
 		}
 		let subscription = activeOrTrialingSubscription || incompleteSubscription;
@@ -399,7 +687,7 @@ const upgradeSubscription = (options) => {
 		});
 		if (!subscription) {
 			ctx.context.logger.error("Subscription ID not found");
-			throw new APIError("INTERNAL_SERVER_ERROR");
+			throw new APIError$1("NOT_FOUND", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
 		}
 		const params = await subscriptionOptions.getCheckoutSessionParams?.({
 			user: user$1,
@@ -407,7 +695,13 @@ const upgradeSubscription = (options) => {
 			plan,
 			subscription
 		}, ctx.request, ctx);
-		const freeTrial = !subscriptions$1.some((s) => {
+		const freeTrial = !(await ctx.context.adapter.findMany({
+			model: "subscription",
+			where: [{
+				field: "referenceId",
+				value: referenceId
+			}]
+		})).some((s) => {
 			return !!(s.trialStart || s.trialEnd) || s.status === "trialing";
 		}) && plan.freeTrial ? { trial_period_days: plan.freeTrial.days } : void 0;
 		let priceIdToUse = void 0;
@@ -421,26 +715,36 @@ const upgradeSubscription = (options) => {
 		const checkoutSession = await client.checkout.sessions.create({
 			...customerId ? {
 				customer: customerId,
-				customer_update: {
+				customer_update: customerType !== "user" ? { address: "auto" } : {
 					name: "auto",
 					address: "auto"
 				}
-			} : { customer_email: session.user.email },
+			} : { customer_email: user$1.email },
 			success_url: getUrl(ctx, `${ctx.context.baseURL}/subscription/success?callbackURL=${encodeURIComponent(ctx.body.successUrl)}&subscriptionId=${encodeURIComponent(subscription.id)}`),
 			cancel_url: getUrl(ctx, ctx.body.cancelUrl),
 			line_items: [{
 				price: priceIdToUse,
 				quantity: ctx.body.seats || 1
 			}],
-			subscription_data: { ...freeTrial },
+			subscription_data: {
+				...freeTrial,
+				metadata: {
+					...ctx.body.metadata,
+					...params?.params?.subscription_data?.metadata,
+					userId: user$1.id,
+					subscriptionId: subscription.id,
+					referenceId
+				}
+			},
 			mode: "subscription",
 			client_reference_id: referenceId,
 			...params?.params,
 			metadata: {
+				...ctx.body.metadata,
+				...params?.params?.metadata,
 				userId: user$1.id,
 				subscriptionId: subscription.id,
-				referenceId,
-				...params?.params?.metadata
+				referenceId
 			}
 		}, params?.options).catch(async (e) => {
 			throw ctx.error("BAD_REQUEST", {
@@ -477,17 +781,19 @@ const cancelSubscriptionCallback = (options) => {
 					value: subscriptionId
 				}]
 			});
-			if (!subscription || subscription.cancelAtPeriodEnd || subscription.status === "canceled") throw ctx.redirect(getUrl(ctx, callbackURL));
+			if (!subscription || subscription.status === "canceled" || isPendingCancel(subscription)) throw ctx.redirect(getUrl(ctx, callbackURL));
 			const currentSubscription = (await client.subscriptions.list({
 				customer: user$1.stripeCustomerId,
 				status: "active"
 			})).data.find((sub) => sub.id === subscription.stripeSubscriptionId);
-			if (currentSubscription?.cancel_at_period_end === true) {
+			if (currentSubscription && isStripePendingCancel(currentSubscription) && !isPendingCancel(subscription)) {
 				await ctx.context.adapter.update({
 					model: "subscription",
 					update: {
 						status: currentSubscription?.status,
-						cancelAtPeriodEnd: true
+						cancelAtPeriodEnd: currentSubscription?.cancel_at_period_end || false,
+						cancelAt: currentSubscription?.cancel_at ? /* @__PURE__ */ new Date(currentSubscription.cancel_at * 1e3) : null,
+						canceledAt: currentSubscription?.canceled_at ? /* @__PURE__ */ new Date(currentSubscription.canceled_at * 1e3) : null
 					},
 					where: [{
 						field: "id",
@@ -510,7 +816,9 @@ const cancelSubscriptionCallback = (options) => {
 const cancelSubscriptionBodySchema = z.object({
 	referenceId: z.string().meta({ description: "Reference id of the subscription to cancel. Eg: '123'" }).optional(),
 	subscriptionId: z.string().meta({ description: "The Stripe subscription ID to cancel. Eg: 'sub_1ABC2DEF3GHI4JKL'" }).optional(),
-	returnUrl: z.string().meta({ description: "URL to take customers to when they click on the billing portal's link to return to your website. Eg: \"/account\"" })
+	customerType: z.enum(["user", "organization"]).meta({ description: "Customer type for the subscription. Eg: \"user\" or \"organization\"" }).optional(),
+	returnUrl: z.string().meta({ description: "URL to take customers to when they click on the billing portal's link to return to your website. Eg: \"/account\"" }),
+	disableRedirect: z.boolean().meta({ description: "Disable redirect after successful subscription cancellation. Eg: true" }).default(false)
 });
 /**
 * ### Endpoint
@@ -535,12 +843,13 @@ const cancelSubscription = (options) => {
 		body: cancelSubscriptionBodySchema,
 		metadata: { openapi: { operationId: "cancelSubscription" } },
 		use: [
-			sessionMiddleware,
-			originCheck((ctx) => ctx.body.returnUrl),
-			referenceMiddleware(subscriptionOptions, "cancel-subscription")
+			stripeSessionMiddleware,
+			referenceMiddleware(subscriptionOptions, "cancel-subscription"),
+			originCheck((ctx) => ctx.body.returnUrl)
 		]
 	}, async (ctx) => {
-		const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+		const customerType = ctx.body.customerType || "user";
+		const referenceId = ctx.body.referenceId || getReferenceId(ctx.context.session, customerType, options);
 		let subscription = ctx.body.subscriptionId ? await ctx.context.adapter.findOne({
 			model: "subscription",
 			where: [{
@@ -553,10 +862,10 @@ const cancelSubscription = (options) => {
 				field: "referenceId",
 				value: referenceId
 			}]
-		}).then((subs) => subs.find((sub) => sub.status === "active" || sub.status === "trialing"));
+		}).then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 		if (ctx.body.subscriptionId && subscription && subscription.referenceId !== referenceId) subscription = void 0;
-		if (!subscription || !subscription.stripeCustomerId) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
-		const activeSubscriptions = await client.subscriptions.list({ customer: subscription.stripeCustomerId }).then((res) => res.data.filter((sub) => sub.status === "active" || sub.status === "trialing"));
+		if (!subscription || !subscription.stripeCustomerId) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
+		const activeSubscriptions = await client.subscriptions.list({ customer: subscription.stripeCustomerId }).then((res) => res.data.filter((sub) => isActiveOrTrialing(sub)));
 		if (!activeSubscriptions.length) {
 			/**
 			* If the subscription is not found, we need to delete the subscription
@@ -569,10 +878,10 @@ const cancelSubscription = (options) => {
 					value: referenceId
 				}]
 			});
-			throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
+			throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
 		}
 		const activeSubscription = activeSubscriptions.find((sub) => sub.id === subscription.stripeSubscriptionId);
-		if (!activeSubscription) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
+		if (!activeSubscription) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
 		const { url } = await client.billingPortal.sessions.create({
 			customer: subscription.stripeCustomerId,
 			return_url: getUrl(ctx, `${ctx.context.baseURL}/subscription/cancel/callback?callbackURL=${encodeURIComponent(ctx.body?.returnUrl || "/")}&subscriptionId=${encodeURIComponent(subscription.id)}`),
@@ -581,34 +890,42 @@ const cancelSubscription = (options) => {
 				subscription_cancel: { subscription: activeSubscription.id }
 			}
 		}).catch(async (e) => {
-			if (e.message.includes("already set to be cancel")) {
+			if (e.message?.includes("already set to be canceled")) {
 				/**
-				* in-case we missed the event from stripe, we set it manually
+				* in-case we missed the event from stripe, we sync the actual state
 				* this is a rare case and should not happen
 				*/
-				if (!subscription.cancelAtPeriodEnd) await ctx.context.adapter.updateMany({
-					model: "subscription",
-					update: { cancelAtPeriodEnd: true },
-					where: [{
-						field: "referenceId",
-						value: referenceId
-					}]
-				});
+				if (!isPendingCancel(subscription)) {
+					const stripeSub = await client.subscriptions.retrieve(activeSubscription.id);
+					await ctx.context.adapter.update({
+						model: "subscription",
+						update: {
+							cancelAtPeriodEnd: stripeSub.cancel_at_period_end,
+							cancelAt: stripeSub.cancel_at ? /* @__PURE__ */ new Date(stripeSub.cancel_at * 1e3) : null,
+							canceledAt: stripeSub.canceled_at ? /* @__PURE__ */ new Date(stripeSub.canceled_at * 1e3) : null
+						},
+						where: [{
+							field: "id",
+							value: subscription.id
+						}]
+					});
+				}
 			}
 			throw ctx.error("BAD_REQUEST", {
 				message: e.message,
 				code: e.code
 			});
 		});
-		return {
+		return ctx.json({
 			url,
-			redirect: true
-		};
+			redirect: !ctx.body.disableRedirect
+		});
 	});
 };
 const restoreSubscriptionBodySchema = z.object({
 	referenceId: z.string().meta({ description: "Reference id of the subscription to restore. Eg: '123'" }).optional(),
-	subscriptionId: z.string().meta({ description: "The Stripe subscription ID to restore. Eg: 'sub_1ABC2DEF3GHI4JKL'" }).optional()
+	subscriptionId: z.string().meta({ description: "The Stripe subscription ID to restore. Eg: 'sub_1ABC2DEF3GHI4JKL'" }).optional(),
+	customerType: z.enum(["user", "organization"]).meta({ description: "Customer type for the subscription. Eg: \"user\" or \"organization\"" }).optional()
 });
 const restoreSubscription = (options) => {
 	const client = options.stripeClient;
@@ -617,9 +934,10 @@ const restoreSubscription = (options) => {
 		method: "POST",
 		body: restoreSubscriptionBodySchema,
 		metadata: { openapi: { operationId: "restoreSubscription" } },
-		use: [sessionMiddleware, referenceMiddleware(subscriptionOptions, "restore-subscription")]
+		use: [stripeSessionMiddleware, referenceMiddleware(subscriptionOptions, "restore-subscription")]
 	}, async (ctx) => {
-		const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+		const customerType = ctx.body.customerType || "user";
+		const referenceId = ctx.body.referenceId || getReferenceId(ctx.context.session, customerType, options);
 		let subscription = ctx.body.subscriptionId ? await ctx.context.adapter.findOne({
 			model: "subscription",
 			where: [{
@@ -632,34 +950,42 @@ const restoreSubscription = (options) => {
 				field: "referenceId",
 				value: referenceId
 			}]
-		}).then((subs) => subs.find((sub) => sub.status === "active" || sub.status === "trialing"));
+		}).then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 		if (ctx.body.subscriptionId && subscription && subscription.referenceId !== referenceId) subscription = void 0;
-		if (!subscription || !subscription.stripeCustomerId) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
-		if (subscription.status != "active" && subscription.status != "trialing") throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_ACTIVE);
-		if (!subscription.cancelAtPeriodEnd) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION);
-		const activeSubscription = await client.subscriptions.list({ customer: subscription.stripeCustomerId }).then((res) => res.data.filter((sub) => sub.status === "active" || sub.status === "trialing")[0]);
-		if (!activeSubscription) throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.SUBSCRIPTION_NOT_FOUND);
-		try {
-			const newSub = await client.subscriptions.update(activeSubscription.id, { cancel_at_period_end: false });
-			await ctx.context.adapter.update({
-				model: "subscription",
-				update: {
-					cancelAtPeriodEnd: false,
-					updatedAt: /* @__PURE__ */ new Date()
-				},
-				where: [{
-					field: "id",
-					value: subscription.id
-				}]
+		if (!subscription || !subscription.stripeCustomerId) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
+		if (!isActiveOrTrialing(subscription)) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE });
+		if (!isPendingCancel(subscription)) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION });
+		const activeSubscription = await client.subscriptions.list({ customer: subscription.stripeCustomerId }).then((res) => res.data.filter((sub) => isActiveOrTrialing(sub))[0]);
+		if (!activeSubscription) throw ctx.error("BAD_REQUEST", { message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND });
+		const updateParams = {};
+		if (activeSubscription.cancel_at) updateParams.cancel_at = "";
+		else if (activeSubscription.cancel_at_period_end) updateParams.cancel_at_period_end = false;
+		const newSub = await client.subscriptions.update(activeSubscription.id, updateParams).catch((e) => {
+			throw ctx.error("BAD_REQUEST", {
+				message: e.message,
+				code: e.code
 			});
-			return ctx.json(newSub);
-		} catch (error) {
-			ctx.context.logger.error("Error restoring subscription", error);
-			throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES$1.UNABLE_TO_CREATE_CUSTOMER);
-		}
+		});
+		await ctx.context.adapter.update({
+			model: "subscription",
+			update: {
+				cancelAtPeriodEnd: false,
+				cancelAt: null,
+				canceledAt: null,
+				updatedAt: /* @__PURE__ */ new Date()
+			},
+			where: [{
+				field: "id",
+				value: subscription.id
+			}]
+		});
+		return ctx.json(newSub);
 	});
 };
-const listActiveSubscriptionsQuerySchema = z.optional(z.object({ referenceId: z.string().meta({ description: "Reference id of the subscription to list. Eg: '123'" }).optional() }));
+const listActiveSubscriptionsQuerySchema = z.optional(z.object({
+	referenceId: z.string().meta({ description: "Reference id of the subscription to list. Eg: '123'" }).optional(),
+	customerType: z.enum(["user", "organization"]).meta({ description: "Customer type for the subscription. Eg: \"user\" or \"organization\"" }).optional()
+}));
 /**
 * ### Endpoint
 *
@@ -681,13 +1007,15 @@ const listActiveSubscriptions = (options) => {
 		method: "GET",
 		query: listActiveSubscriptionsQuerySchema,
 		metadata: { openapi: { operationId: "listActiveSubscriptions" } },
-		use: [sessionMiddleware, referenceMiddleware(subscriptionOptions, "list-subscription")]
+		use: [stripeSessionMiddleware, referenceMiddleware(subscriptionOptions, "list-subscription")]
 	}, async (ctx) => {
+		const customerType = ctx.query?.customerType || "user";
+		const referenceId = ctx.query?.referenceId || getReferenceId(ctx.context.session, customerType, options);
 		const subscriptions$1 = await ctx.context.adapter.findMany({
 			model: "subscription",
 			where: [{
 				field: "referenceId",
-				value: ctx.query?.referenceId || ctx.context.session.user.id
+				value: referenceId
 			}]
 		});
 		if (!subscriptions$1.length) return [];
@@ -700,9 +1028,7 @@ const listActiveSubscriptions = (options) => {
 				limits: plan?.limits,
 				priceId: plan?.priceId
 			};
-		}).filter((sub) => {
-			return sub.status === "active" || sub.status === "trialing";
-		});
+		}).filter((sub) => isActiveOrTrialing(sub));
 		return ctx.json(subs);
 	});
 };
@@ -716,10 +1042,9 @@ const subscriptionSuccess = (options) => {
 		use: [originCheck((ctx) => ctx.query.callbackURL)]
 	}, async (ctx) => {
 		if (!ctx.query || !ctx.query.callbackURL || !ctx.query.subscriptionId) throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
+		const { callbackURL, subscriptionId } = ctx.query;
 		const session = await getSessionFromCtx(ctx);
 		if (!session) throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
-		const { user: user$1 } = session;
-		const { callbackURL, subscriptionId } = ctx.query;
 		const subscription = await ctx.context.adapter.findOne({
 			model: "subscription",
 			where: [{
@@ -727,38 +1052,53 @@ const subscriptionSuccess = (options) => {
 				value: subscriptionId
 			}]
 		});
-		if (subscription?.status === "active" || subscription?.status === "trialing") return ctx.redirect(getUrl(ctx, callbackURL));
-		const customerId = subscription?.stripeCustomerId || user$1.stripeCustomerId;
-		if (customerId) try {
-			const stripeSubscription = await client.subscriptions.list({
-				customer: customerId,
-				status: "active"
-			}).then((res) => res.data[0]);
-			if (stripeSubscription) {
-				const plan = await getPlanByPriceInfo(options, stripeSubscription.items.data[0]?.price.id, stripeSubscription.items.data[0]?.price.lookup_key);
-				if (plan && subscription) await ctx.context.adapter.update({
-					model: "subscription",
-					update: {
-						status: stripeSubscription.status,
-						seats: stripeSubscription.items.data[0]?.quantity || 1,
-						plan: plan.name.toLowerCase(),
-						periodEnd: /* @__PURE__ */ new Date(stripeSubscription.items.data[0]?.current_period_end * 1e3),
-						periodStart: /* @__PURE__ */ new Date(stripeSubscription.items.data[0]?.current_period_start * 1e3),
-						stripeSubscriptionId: stripeSubscription.id,
-						...stripeSubscription.trial_start && stripeSubscription.trial_end ? {
-							trialStart: /* @__PURE__ */ new Date(stripeSubscription.trial_start * 1e3),
-							trialEnd: /* @__PURE__ */ new Date(stripeSubscription.trial_end * 1e3)
-						} : {}
-					},
-					where: [{
-						field: "id",
-						value: subscription.id
-					}]
-				});
-			}
-		} catch (error) {
+		if (!subscription) {
+			ctx.context.logger.warn(`Subscription record not found for subscriptionId: ${subscriptionId}`);
+			throw ctx.redirect(getUrl(ctx, callbackURL));
+		}
+		if (isActiveOrTrialing(subscription)) throw ctx.redirect(getUrl(ctx, callbackURL));
+		const customerId = subscription.stripeCustomerId || session.user.stripeCustomerId;
+		if (!customerId) throw ctx.redirect(getUrl(ctx, callbackURL));
+		const stripeSubscription = await client.subscriptions.list({
+			customer: customerId,
+			status: "active"
+		}).then((res) => res.data[0]).catch((error) => {
 			ctx.context.logger.error("Error fetching subscription from Stripe", error);
+			throw ctx.redirect(getUrl(ctx, callbackURL));
+		});
+		if (!stripeSubscription) throw ctx.redirect(getUrl(ctx, callbackURL));
+		const subscriptionItem = stripeSubscription.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(`No subscription items found for Stripe subscription ${stripeSubscription.id}`);
+			throw ctx.redirect(getUrl(ctx, callbackURL));
 		}
+		const plan = await getPlanByPriceInfo(options, subscriptionItem.price.id, subscriptionItem.price.lookup_key);
+		if (!plan) {
+			ctx.context.logger.warn(`Plan not found for price ${subscriptionItem.price.id}`);
+			throw ctx.redirect(getUrl(ctx, callbackURL));
+		}
+		await ctx.context.adapter.update({
+			model: "subscription",
+			update: {
+				status: stripeSubscription.status,
+				seats: subscriptionItem.quantity || 1,
+				plan: plan.name.toLowerCase(),
+				periodEnd: /* @__PURE__ */ new Date(subscriptionItem.current_period_end * 1e3),
+				periodStart: /* @__PURE__ */ new Date(subscriptionItem.current_period_start * 1e3),
+				stripeSubscriptionId: stripeSubscription.id,
+				cancelAtPeriodEnd: stripeSubscription.cancel_at_period_end,
+				cancelAt: stripeSubscription.cancel_at ? /* @__PURE__ */ new Date(stripeSubscription.cancel_at * 1e3) : null,
+				canceledAt: stripeSubscription.canceled_at ? /* @__PURE__ */ new Date(stripeSubscription.canceled_at * 1e3) : null,
+				...stripeSubscription.trial_start && stripeSubscription.trial_end ? {
+					trialStart: /* @__PURE__ */ new Date(stripeSubscription.trial_start * 1e3),
+					trialEnd: /* @__PURE__ */ new Date(stripeSubscription.trial_end * 1e3)
+				} : {}
+			},
+			where: [{
+				field: "id",
+				value: subscription.id
+			}]
+		});
 		throw ctx.redirect(getUrl(ctx, callbackURL));
 	});
 };
@@ -767,7 +1107,9 @@ const createBillingPortalBodySchema = z.object({
 		return typeof localization === "string";
 	}).optional(),
 	referenceId: z.string().optional(),
-	returnUrl: z.string().default("/")
+	customerType: z.enum(["user", "organization"]).meta({ description: "Customer type for the subscription. Eg: \"user\" or \"organization\"" }).optional(),
+	returnUrl: z.string().default("/"),
+	disableRedirect: z.boolean().meta({ description: "Disable redirect after creating billing portal session. Eg: true" }).default(false)
 });
 const createBillingPortal = (options) => {
 	const client = options.stripeClient;
@@ -777,22 +1119,41 @@ const createBillingPortal = (options) => {
 		body: createBillingPortalBodySchema,
 		metadata: { openapi: { operationId: "createBillingPortal" } },
 		use: [
-			sessionMiddleware,
-			originCheck((ctx) => ctx.body.returnUrl),
-			referenceMiddleware(subscriptionOptions, "billing-portal")
+			stripeSessionMiddleware,
+			referenceMiddleware(subscriptionOptions, "billing-portal"),
+			originCheck((ctx) => ctx.body.returnUrl)
 		]
 	}, async (ctx) => {
 		const { user: user$1 } = ctx.context.session;
-		const referenceId = ctx.body.referenceId || user$1.id;
-		let customerId = user$1.stripeCustomerId;
-		if (!customerId) customerId = (await ctx.context.adapter.findMany({
-			model: "subscription",
-			where: [{
-				field: "referenceId",
-				value: referenceId
-			}]
-		}).then((subs) => subs.find((sub) => sub.status === "active" || sub.status === "trialing")))?.stripeCustomerId;
-		if (!customerId) throw new APIError("BAD_REQUEST", { message: "No Stripe customer found for this user" });
+		const customerType = ctx.body.customerType || "user";
+		const referenceId = ctx.body.referenceId || getReferenceId(ctx.context.session, customerType, options);
+		let customerId;
+		if (customerType === "organization") {
+			customerId = (await ctx.context.adapter.findOne({
+				model: "organization",
+				where: [{
+					field: "id",
+					value: referenceId
+				}]
+			}))?.stripeCustomerId;
+			if (!customerId) customerId = (await ctx.context.adapter.findMany({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: referenceId
+				}]
+			}).then((subs) => subs.find((sub) => isActiveOrTrialing(sub))))?.stripeCustomerId;
+		} else {
+			customerId = user$1.stripeCustomerId;
+			if (!customerId) customerId = (await ctx.context.adapter.findMany({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: referenceId
+				}]
+			}).then((subs) => subs.find((sub) => isActiveOrTrialing(sub))))?.stripeCustomerId;
+		}
+		if (!customerId) throw new APIError$1("NOT_FOUND", { message: STRIPE_ERROR_CODES.CUSTOMER_NOT_FOUND });
 		try {
 			const { url } = await client.billingPortal.sessions.create({
 				locale: ctx.body.locale,
@@ -801,11 +1162,11 @@ const createBillingPortal = (options) => {
 			});
 			return ctx.json({
 				url,
-				redirect: true
+				redirect: !ctx.body.disableRedirect
 			});
 		} catch (error) {
 			ctx.context.logger.error("Error creating billing portal session", error);
-			throw new APIError("BAD_REQUEST", { message: error.message });
+			throw new APIError$1("INTERNAL_SERVER_ERROR", { message: STRIPE_ERROR_CODES.UNABLE_TO_CREATE_BILLING_PORTAL });
 		}
 	});
 };
@@ -820,26 +1181,31 @@ const stripeWebhook = (options) => {
 		cloneRequest: true,
 		disableBody: true
 	}, async (ctx) => {
-		if (!ctx.request?.body) throw new APIError("INTERNAL_SERVER_ERROR");
-		const buf = await ctx.request.text();
+		if (!ctx.request?.body) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.INVALID_REQUEST_BODY });
 		const sig = ctx.request.headers.get("stripe-signature");
+		if (!sig) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.STRIPE_SIGNATURE_NOT_FOUND });
 		const webhookSecret = options.stripeWebhookSecret;
+		if (!webhookSecret) throw new APIError$1("INTERNAL_SERVER_ERROR", { message: STRIPE_ERROR_CODES.STRIPE_WEBHOOK_SECRET_NOT_FOUND });
+		const payload = await ctx.request.text();
 		let event;
 		try {
-			if (!sig || !webhookSecret) throw new APIError("BAD_REQUEST", { message: "Stripe webhook secret not found" });
-			if (typeof client.webhooks.constructEventAsync === "function") event = await client.webhooks.constructEventAsync(buf, sig, webhookSecret);
-			else event = client.webhooks.constructEvent(buf, sig, webhookSecret);
+			if (typeof client.webhooks.constructEventAsync === "function") event = await client.webhooks.constructEventAsync(payload, sig, webhookSecret);
+			else event = client.webhooks.constructEvent(payload, sig, webhookSecret);
 		} catch (err) {
 			ctx.context.logger.error(`${err.message}`);
-			throw new APIError("BAD_REQUEST", { message: `Webhook Error: ${err.message}` });
+			throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT });
 		}
-		if (!event) throw new APIError("BAD_REQUEST", { message: "Failed to construct event" });
+		if (!event) throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT });
 		try {
 			switch (event.type) {
 				case "checkout.session.completed":
 					await onCheckoutSessionCompleted(ctx, options, event);
 					await options.onEvent?.(event);
 					break;
+				case "customer.subscription.created":
+					await onSubscriptionCreated(ctx, options, event);
+					await options.onEvent?.(event);
+					break;
 				case "customer.subscription.updated":
 					await onSubscriptionUpdated(ctx, options, event);
 					await options.onEvent?.(event);
@@ -854,23 +1220,11 @@ const stripeWebhook = (options) => {
 			}
 		} catch (e) {
 			ctx.context.logger.error(`Stripe webhook failed. Error: ${e.message}`);
-			throw new APIError("BAD_REQUEST", { message: "Webhook error: See server logs for more information." });
+			throw new APIError$1("BAD_REQUEST", { message: STRIPE_ERROR_CODES.STRIPE_WEBHOOK_ERROR });
 		}
 		return ctx.json({ success: true });
 	});
 };
-const getUrl = (ctx, url) => {
-	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) return url;
-	return `${ctx.context.options.baseURL}${url.startsWith("/") ? url : `/${url}`}`;
-};
-async function resolvePriceIdFromLookupKey(stripeClient, lookupKey) {
-	if (!lookupKey) return void 0;
-	return (await stripeClient.prices.list({
-		lookup_keys: [lookupKey],
-		active: true,
-		limit: 1
-	})).data[0]?.id;
-}
 
 //#endregion
 //#region src/schema.ts
@@ -916,6 +1270,18 @@ const subscriptions = { subscription: { fields: {
 		required: false,
 		defaultValue: false
 	},
+	cancelAt: {
+		type: "date",
+		required: false
+	},
+	canceledAt: {
+		type: "date",
+		required: false
+	},
+	endedAt: {
+		type: "date",
+		required: false
+	},
 	seats: {
 		type: "number",
 		required: false
@@ -925,6 +1291,10 @@ const user = { user: { fields: { stripeCustomerId: {
 	type: "string",
 	required: false
 } } } };
+const organization = { organization: { fields: { stripeCustomerId: {
+	type: "string",
+	required: false
+} } } };
 const getSchema = (options) => {
 	let baseSchema = {};
 	if (options.subscription?.enabled) baseSchema = {
@@ -932,6 +1302,10 @@ const getSchema = (options) => {
 		...user
 	};
 	else baseSchema = { ...user };
+	if (options.organization?.enabled) baseSchema = {
+		...baseSchema,
+		...organization
+	};
 	if (options.schema && !options.subscription?.enabled && "subscription" in options.schema) {
 		const { subscription: _subscription, ...restSchema } = options.schema;
 		return mergeSchema(baseSchema, restSchema);
@@ -941,16 +1315,6 @@ const getSchema = (options) => {
 
 //#endregion
 //#region src/index.ts
-const STRIPE_ERROR_CODES = defineErrorCodes({
-	SUBSCRIPTION_NOT_FOUND: "Subscription not found",
-	SUBSCRIPTION_PLAN_NOT_FOUND: "Subscription plan not found",
-	ALREADY_SUBSCRIBED_PLAN: "You're already subscribed to this plan",
-	UNABLE_TO_CREATE_CUSTOMER: "Unable to create customer",
-	FAILED_TO_FETCH_PLANS: "Failed to fetch plans",
-	EMAIL_VERIFICATION_REQUIRED: "Email verification is required before you can subscribe to a plan",
-	SUBSCRIPTION_NOT_ACTIVE: "Subscription is not active",
-	SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION: "Subscription is not scheduled for cancellation"
-});
 const stripe = (options) => {
 	const client = options.stripeClient;
 	const subscriptionEndpoints = {
@@ -969,13 +1333,70 @@ const stripe = (options) => {
 			...options.subscription?.enabled ? subscriptionEndpoints : {}
 		},
 		init(ctx) {
+			if (options.organization?.enabled) {
+				const orgPlugin = ctx.getPlugin("organization");
+				if (!orgPlugin) {
+					ctx.logger.error(`Organization plugin not found`);
+					return;
+				}
+				const existingHooks = orgPlugin.options.organizationHooks ?? {};
+				/**
+				* Sync organization name to Stripe customer
+				*/
+				const afterUpdateStripeOrg = async (data) => {
+					const { organization: organization$1 } = data;
+					if (!organization$1?.stripeCustomerId) return;
+					try {
+						const stripeCustomer = await client.customers.retrieve(organization$1.stripeCustomerId);
+						if (stripeCustomer.deleted) {
+							ctx.logger.warn(`Stripe customer ${organization$1.stripeCustomerId} was deleted`);
+							return;
+						}
+						if (organization$1.name !== stripeCustomer.name) {
+							await client.customers.update(organization$1.stripeCustomerId, { name: organization$1.name });
+							ctx.logger.info(`Synced organization name to Stripe: "${stripeCustomer.name}" → "${organization$1.name}"`);
+						}
+					} catch (e) {
+						ctx.logger.error(`Failed to sync organization to Stripe: ${e.message}`);
+					}
+				};
+				/**
+				* Block deletion if organization has active subscriptions
+				*/
+				const beforeDeleteStripeOrg = async (data) => {
+					const { organization: organization$1 } = data;
+					if (!organization$1.stripeCustomerId) return;
+					try {
+						const subscriptions$1 = await client.subscriptions.list({
+							customer: organization$1.stripeCustomerId,
+							status: "all",
+							limit: 100
+						});
+						for (const sub of subscriptions$1.data) if (sub.status !== "canceled" && sub.status !== "incomplete" && sub.status !== "incomplete_expired") throw APIError.from("BAD_REQUEST", STRIPE_ERROR_CODES.ORGANIZATION_HAS_ACTIVE_SUBSCRIPTION);
+					} catch (error) {
+						if (error instanceof APIError) throw error;
+						ctx.logger.error(`Failed to check organization subscriptions: ${error.message}`);
+						throw error;
+					}
+				};
+				orgPlugin.options.organizationHooks = {
+					...existingHooks,
+					afterUpdateOrganization: existingHooks.afterUpdateOrganization ? async (data) => {
+						await existingHooks.afterUpdateOrganization(data);
+						await afterUpdateStripeOrg(data);
+					} : afterUpdateStripeOrg,
+					beforeDeleteOrganization: existingHooks.beforeDeleteOrganization ? async (data) => {
+						await existingHooks.beforeDeleteOrganization(data);
+						await beforeDeleteStripeOrg(data);
+					} : beforeDeleteStripeOrg
+				};
+			}
 			return { options: { databaseHooks: { user: {
 				create: { async after(user$1, ctx$1) {
-					if (!ctx$1 || !options.createCustomerOnSignUp) return;
+					if (!ctx$1 || !options.createCustomerOnSignUp || user$1.stripeCustomerId) return;
 					try {
-						if (user$1.stripeCustomerId) return;
-						let stripeCustomer = (await client.customers.list({
-							email: user$1.email,
+						let stripeCustomer = (await client.customers.search({
+							query: `email:"${escapeStripeSearchValue(user$1.email)}" AND -metadata["customerType"]:"organization"`,
 							limit: 1
 						})).data[0];
 						if (stripeCustomer) {
@@ -995,7 +1416,10 @@ const stripe = (options) => {
 						const params = defu({
 							email: user$1.email,
 							name: user$1.name,
-							metadata: { userId: user$1.id }
+							metadata: {
+								userId: user$1.id,
+								customerType: "user"
+							}
 						}, extraCreateParams);
 						stripeCustomer = await client.customers.create(params);
 						await ctx$1.context.internalAdapter.updateUser(user$1.id, { stripeCustomerId: stripeCustomer.id });
@@ -1012,17 +1436,15 @@ const stripe = (options) => {
 					}
 				} },
 				update: { async after(user$1, ctx$1) {
-					if (!ctx$1) return;
+					if (!ctx$1 || !user$1.stripeCustomerId) return;
 					try {
-						const userWithStripe = user$1;
-						if (!userWithStripe.stripeCustomerId) return;
-						const stripeCustomer = await client.customers.retrieve(userWithStripe.stripeCustomerId);
+						const stripeCustomer = await client.customers.retrieve(user$1.stripeCustomerId);
 						if (stripeCustomer.deleted) {
-							ctx$1.context.logger.warn(`Stripe customer ${userWithStripe.stripeCustomerId} was deleted, cannot update email`);
+							ctx$1.context.logger.warn(`Stripe customer ${user$1.stripeCustomerId} was deleted, cannot update email`);
 							return;
 						}
 						if (stripeCustomer.email !== user$1.email) {
-							await client.customers.update(userWithStripe.stripeCustomerId, { email: user$1.email });
+							await client.customers.update(user$1.stripeCustomerId, { email: user$1.email });
 							ctx$1.context.logger.info(`Updated Stripe customer email from ${stripeCustomer.email} to ${user$1.email}`);
 						}
 					} catch (e) {