@better-auth/stripe 1.4.10-beta.1 → 1.4.11-beta.1

package/src/routes.ts

@@ -1,29 +1,101 @@
 import { createAuthEndpoint } from "@better-auth/core/api";
-import { APIError } from "@better-auth/core/error";
-import type { GenericEndpointContext } from "better-auth";
+import type { GenericEndpointContext, User } from "better-auth";
 import { HIDE_METADATA } from "better-auth";
-import {
-	getSessionFromCtx,
-	originCheck,
-	sessionMiddleware,
-} from "better-auth/api";
+import { APIError, getSessionFromCtx, originCheck } from "better-auth/api";
+import type { Organization } from "better-auth/plugins/organization";
+import { defu } from "defu";
 import type Stripe from "stripe";
 import type { Stripe as StripeType } from "stripe";
 import * as z from "zod/v4";
 import { STRIPE_ERROR_CODES } from "./error-codes";
 import {
 	onCheckoutSessionCompleted,
+	onSubscriptionCreated,
 	onSubscriptionDeleted,
 	onSubscriptionUpdated,
 } from "./hooks";
-import { referenceMiddleware } from "./middleware";
+import { referenceMiddleware, stripeSessionMiddleware } from "./middleware";
 import type {
-	InputSubscription,
+	CustomerType,
+	StripeCtxSession,
 	StripeOptions,
 	Subscription,
 	SubscriptionOptions,
+	WithStripeCustomerId,
 } from "./types";
-import { getPlanByName, getPlanByPriceInfo, getPlans } from "./utils";
+import {
+	escapeStripeSearchValue,
+	getPlanByName,
+	getPlanByPriceInfo,
+	getPlans,
+	isActiveOrTrialing,
+	isPendingCancel,
+	isStripePendingCancel,
+} from "./utils";
+
+/**
+ * Converts a relative URL to an absolute URL using baseURL.
+ * @internal
+ */
+function getUrl(ctx: GenericEndpointContext, url: string) {
+	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) {
+		return url;
+	}
+	return `${ctx.context.options.baseURL}${
+		url.startsWith("/") ? url : `/${url}`
+	}`;
+}
+
+/**
+ * Resolves a Stripe price ID from a lookup key.
+ * @internal
+ */
+async function resolvePriceIdFromLookupKey(
+	stripeClient: Stripe,
+	lookupKey: string,
+): Promise<string | undefined> {
+	if (!lookupKey) return undefined;
+	const prices = await stripeClient.prices.list({
+		lookup_keys: [lookupKey],
+		active: true,
+		limit: 1,
+	});
+	return prices.data[0]?.id;
+}
+
+/**
+ * Determines the reference ID based on customer type.
+ * - `user` (default): uses userId
+ * - `organization`: uses activeOrganizationId from session
+ * @internal
+ */
+function getReferenceId(
+	ctxSession: StripeCtxSession,
+	customerType: CustomerType | undefined,
+	options: StripeOptions,
+): string {
+	const { user, session } = ctxSession;
+	const type = customerType || "user";
+
+	if (type === "organization") {
+		if (!options.organization?.enabled) {
+			throw APIError.from(
+				"BAD_REQUEST",
+				STRIPE_ERROR_CODES.ORGANIZATION_SUBSCRIPTION_NOT_ENABLED,
+			);
+		}
+
+		if (!session.activeOrganizationId) {
+			throw APIError.from(
+				"BAD_REQUEST",
+				STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND,
+			);
+		}
+		return session.activeOrganizationId;
+	}
+
+	return user.id;
+}
 
 const upgradeSubscriptionBodySchema = z.object({
 	/**
@@ -42,14 +114,14 @@ const upgradeSubscriptionBodySchema = z.object({
 		})
 		.optional(),
 	/**
-	 * Reference id of the subscription to upgrade
-	 * This is used to identify the subscription to upgrade
-	 * If not provided, the user's id will be used
+	 * Reference ID for the subscription based on customerType:
+	 * - `user`: defaults to `user.id`
+	 * - `organization`: defaults to `session.activeOrganizationId`
 	 */
 	referenceId: z
 		.string()
 		.meta({
-			description: 'Reference id of the subscription to upgrade. Eg: "123"',
+			description: 'Reference ID for the subscription. Eg: "org_123"',
 		})
 		.optional(),
 	/**
@@ -64,12 +136,23 @@ const upgradeSubscriptionBodySchema = z.object({
 		})
 		.optional(),
 	/**
-	 * Any additional data you want to store in your database
-	 * subscriptions
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription (requires referenceId)
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
+	/**
+	 * Additional metadata to store with the subscription.
 	 */
 	metadata: z.record(z.string(), z.any()).optional(),
 	/**
-	 * If a subscription
+	 * Number of seats for subscriptions.
 	 */
 	seats: z
 		.number()
@@ -148,29 +231,34 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
+				referenceMiddleware(subscriptionOptions, "upgrade-subscription"),
 				originCheck((c) => {
 					return [c.body.successUrl as string, c.body.cancelUrl as string];
 				}),
-				referenceMiddleware(subscriptionOptions, "upgrade-subscription"),
 			],
 		},
 		async (ctx) => {
 			const { user, session } = ctx.context.session;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			if (!user.emailVerified && subscriptionOptions.requireEmailVerification) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.EMAIL_VERIFICATION_REQUIRED,
-				);
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.EMAIL_VERIFICATION_REQUIRED,
+				});
 			}
-			const referenceId = ctx.body.referenceId || user.id;
+
 			const plan = await getPlanByName(options, ctx.body.plan);
 			if (!plan) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND,
-				);
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND,
+				});
 			}
+
+			// Find existing subscription by Stripe ID or reference ID
 			let subscriptionToUpdate = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
 						model: "subscription",
@@ -184,7 +272,12 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				: referenceId
 					? await ctx.context.adapter.findOne<Subscription>({
 							model: "subscription",
-							where: [{ field: "referenceId", value: referenceId }],
+							where: [
+								{
+									field: "referenceId",
+									value: referenceId,
+								},
+							],
 						})
 					: null;
 
@@ -195,59 +288,158 @@ export const upgradeSubscription = (options: StripeOptions) => {
 			) {
 				subscriptionToUpdate = null;
 			}
-
 			if (ctx.body.subscriptionId && !subscriptionToUpdate) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 
-			let customerId =
-				subscriptionToUpdate?.stripeCustomerId || user.stripeCustomerId;
-
-			if (!customerId) {
-				try {
-					// Try to find existing Stripe customer by email
-					const existingCustomers = await client.customers.list({
-						email: user.email,
-						limit: 1,
-					});
-
-					let stripeCustomer = existingCustomers.data[0];
-
-					if (!stripeCustomer) {
-						stripeCustomer = await client.customers.create({
-							email: user.email,
-							name: user.name,
-							metadata: {
-								...ctx.body.metadata,
-								userId: user.id,
-							},
-						});
-					}
-
-					// Update local DB with Stripe customer ID
-					await ctx.context.adapter.update({
-						model: "user",
-						update: {
-							stripeCustomerId: stripeCustomer.id,
-						},
+			// Determine customer id
+			let customerId: string | undefined;
+			if (customerType === "organization") {
+				// Organization subscription - get customer ID from organization
+				customerId = subscriptionToUpdate?.stripeCustomerId;
+				if (!customerId) {
+					const org = await ctx.context.adapter.findOne<
+						Organization & WithStripeCustomerId
+					>({
+						model: "organization",
 						where: [
 							{
 								field: "id",
-								value: user.id,
+								value: referenceId,
 							},
 						],
 					});
+					if (!org) {
+						throw new APIError("BAD_REQUEST", {
+							message: STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND,
+						});
+					}
+					customerId = org.stripeCustomerId;
+
+					// If org doesn't have a customer ID, create one
+					if (!customerId) {
+						try {
+							// First, search for existing organization customer by organizationId
+							const existingOrgCustomers = await client.customers.search({
+								query: `metadata["organizationId"]:"${org.id}"`,
+								limit: 1,
+							});
 
-					customerId = stripeCustomer.id;
-				} catch (e: any) {
-					ctx.context.logger.error(e);
-					throw APIError.from(
-						"BAD_REQUEST",
-						STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
-					);
+							let stripeCustomer = existingOrgCustomers.data[0];
+
+							if (!stripeCustomer) {
+								// Get custom params if provided
+								let extraCreateParams: Partial<StripeType.CustomerCreateParams> =
+									{};
+								if (options.organization?.getCustomerCreateParams) {
+									extraCreateParams =
+										await options.organization.getCustomerCreateParams(
+											org,
+											ctx,
+										);
+								}
+
+								// Create Stripe customer for organization
+								// Email can be set via getCustomerCreateParams or updated in billing portal
+								// Use defu to ensure internal metadata fields are preserved
+								const customerParams: StripeType.CustomerCreateParams = defu(
+									{
+										name: org.name,
+										metadata: {
+											...ctx.body.metadata,
+											organizationId: org.id,
+											customerType: "organization",
+										},
+									},
+									extraCreateParams,
+								);
+								stripeCustomer = await client.customers.create(customerParams);
+
+								// Call onCustomerCreate callback only for newly created customers
+								await options.organization?.onCustomerCreate?.(
+									{
+										stripeCustomer,
+										organization: {
+											...org,
+											stripeCustomerId: stripeCustomer.id,
+										},
+									},
+									ctx,
+								);
+							}
+
+							await ctx.context.adapter.update({
+								model: "organization",
+								update: {
+									stripeCustomerId: stripeCustomer.id,
+								},
+								where: [
+									{
+										field: "id",
+										value: org.id,
+									},
+								],
+							});
+
+							customerId = stripeCustomer.id;
+						} catch (e: any) {
+							ctx.context.logger.error(e);
+							throw APIError.from(
+								"BAD_REQUEST",
+								STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
+							);
+						}
+					}
+				}
+			} else {
+				// User subscription - get customer ID from user
+				customerId =
+					subscriptionToUpdate?.stripeCustomerId || user.stripeCustomerId;
+				if (!customerId) {
+					try {
+						// Try to find existing user Stripe customer by email
+						const existingCustomers = await client.customers.search({
+							query: `email:"${escapeStripeSearchValue(user.email)}" AND -metadata["customerType"]:"organization"`,
+							limit: 1,
+						});
+
+						let stripeCustomer = existingCustomers.data[0];
+
+						if (!stripeCustomer) {
+							stripeCustomer = await client.customers.create({
+								email: user.email,
+								name: user.name,
+								metadata: {
+									...ctx.body.metadata,
+									userId: user.id,
+									customerType: "user",
+								},
+							});
+						}
+
+						// Update local DB with Stripe customer ID
+						await ctx.context.adapter.update({
+							model: "user",
+							update: {
+								stripeCustomerId: stripeCustomer.id,
+							},
+							where: [
+								{
+									field: "id",
+									value: user.id,
+								},
+							],
+						});
+
+						customerId = stripeCustomer.id;
+					} catch (e: any) {
+						ctx.context.logger.error(e);
+						throw new APIError("BAD_REQUEST", {
+							message: STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
+						});
+					}
 				}
 			}
 
@@ -258,24 +450,20 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						where: [
 							{
 								field: "referenceId",
-								value: ctx.body.referenceId || user.id,
+								value: referenceId,
 							},
 						],
 					});
 
-			const activeOrTrialingSubscription = subscriptions.find(
-				(sub) => sub.status === "active" || sub.status === "trialing",
+			const activeOrTrialingSubscription = subscriptions.find((sub) =>
+				isActiveOrTrialing(sub),
 			);
 
 			const activeSubscriptions = await client.subscriptions
 				.list({
 					customer: customerId,
 				})
-				.then((res) =>
-					res.data.filter(
-						(sub) => sub.status === "active" || sub.status === "trialing",
-					),
-				);
+				.then((res) => res.data.filter((sub) => isActiveOrTrialing(sub)));
 
 			const activeSubscription = activeSubscriptions.find((sub) => {
 				// If we have a specific subscription to update, match by ID
@@ -306,10 +494,9 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				activeOrTrialingSubscription.plan === ctx.body.plan &&
 				activeOrTrialingSubscription.seats === (ctx.body.seats || 1)
 			) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.ALREADY_SUBSCRIBED_PLAN,
-				);
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.ALREADY_SUBSCRIBED_PLAN,
+				});
 			}
 
 			if (activeSubscription && customerId) {
@@ -326,7 +513,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 
 				// If no database record exists for this Stripe subscription, update the existing one
 				if (!dbSubscription && activeOrTrialingSubscription) {
-					await ctx.context.adapter.update<InputSubscription>({
+					await ctx.context.adapter.update<Subscription>({
 						model: "subscription",
 						update: {
 							stripeSubscriptionId: activeSubscription.id,
@@ -400,7 +587,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 					});
 				return ctx.json({
 					url,
-					redirect: true,
+					redirect: !ctx.body.disableRedirect,
 				});
 			}
 
@@ -408,7 +595,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				activeOrTrialingSubscription || incompleteSubscription;
 
 			if (incompleteSubscription && !activeOrTrialingSubscription) {
-				const updated = await ctx.context.adapter.update<InputSubscription>({
+				const updated = await ctx.context.adapter.update<Subscription>({
 					model: "subscription",
 					update: {
 						plan: plan.name.toLowerCase(),
@@ -426,10 +613,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 			}
 
 			if (!subscription) {
-				subscription = await ctx.context.adapter.create<
-					InputSubscription,
-					Subscription
-				>({
+				subscription = await ctx.context.adapter.create<Subscription>({
 					model: "subscription",
 					data: {
 						plan: plan.name.toLowerCase(),
@@ -443,7 +627,9 @@ export const upgradeSubscription = (options: StripeOptions) => {
 
 			if (!subscription) {
 				ctx.context.logger.error("Subscription ID not found");
-				throw new APIError("INTERNAL_SERVER_ERROR");
+				throw new APIError("NOT_FOUND", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 
 			const params = await subscriptionOptions.getCheckoutSessionParams?.(
@@ -457,7 +643,13 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				ctx,
 			);
 
-			const hasEverTrialed = subscriptions.some((s) => {
+			const allSubscriptions = await ctx.context.adapter.findMany<Subscription>(
+				{
+					model: "subscription",
+					where: [{ field: "referenceId", value: referenceId }],
+				},
+			);
+			const hasEverTrialed = allSubscriptions.some((s) => {
 				// Check if user has ever had a trial for any plan (not just the same plan)
 				// This prevents users from getting multiple trials by switching plans
 				const hadTrial =
@@ -494,13 +686,13 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						...(customerId
 							? {
 									customer: customerId,
-									customer_update: {
-										name: "auto",
-										address: "auto",
-									},
+									customer_update:
+										customerType !== "user"
+											? ({ address: "auto" } as const)
+											: ({ name: "auto", address: "auto" } as const), // The customer name is automatically set only for users
 								}
 							: {
-									customer_email: session.user.email,
+									customer_email: user.email,
 								}),
 						success_url: getUrl(
 							ctx,
@@ -519,15 +711,23 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						],
 						subscription_data: {
 							...freeTrial,
+							metadata: {
+								...ctx.body.metadata,
+								...params?.params?.subscription_data?.metadata,
+								userId: user.id,
+								subscriptionId: subscription.id,
+								referenceId,
+							},
 						},
 						mode: "subscription",
 						client_reference_id: referenceId,
 						...params?.params,
 						metadata: {
+							...ctx.body.metadata,
+							...params?.params?.metadata,
 							userId: user.id,
 							subscriptionId: subscription.id,
 							referenceId,
-							...params?.params?.metadata,
 						},
 					},
 					params?.options,
@@ -569,9 +769,7 @@ export const cancelSubscriptionCallback = (options: StripeOptions) => {
 			if (!ctx.query || !ctx.query.callbackURL || !ctx.query.subscriptionId) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const session = await getSessionFromCtx<{ stripeCustomerId: string }>(
-				ctx,
-			);
+			const session = await getSessionFromCtx<User & WithStripeCustomerId>(ctx);
 			if (!session) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
@@ -591,8 +789,8 @@ export const cancelSubscriptionCallback = (options: StripeOptions) => {
 					});
 					if (
 						!subscription ||
-						subscription.cancelAtPeriodEnd ||
-						subscription.status === "canceled"
+						subscription.status === "canceled" ||
+						isPendingCancel(subscription)
 					) {
 						throw ctx.redirect(getUrl(ctx, callbackURL));
 					}
@@ -604,12 +802,24 @@ export const cancelSubscriptionCallback = (options: StripeOptions) => {
 					const currentSubscription = stripeSubscription.data.find(
 						(sub) => sub.id === subscription.stripeSubscriptionId,
 					);
-					if (currentSubscription?.cancel_at_period_end === true) {
+
+					const isNewCancellation =
+						currentSubscription &&
+						isStripePendingCancel(currentSubscription) &&
+						!isPendingCancel(subscription);
+					if (isNewCancellation) {
 						await ctx.context.adapter.update({
 							model: "subscription",
 							update: {
 								status: currentSubscription?.status,
-								cancelAtPeriodEnd: true,
+								cancelAtPeriodEnd:
+									currentSubscription?.cancel_at_period_end || false,
+								cancelAt: currentSubscription?.cancel_at
+									? new Date(currentSubscription.cancel_at * 1000)
+									: null,
+								canceledAt: currentSubscription?.canceled_at
+									? new Date(currentSubscription.canceled_at * 1000)
+									: null,
 							},
 							where: [
 								{
@@ -651,10 +861,32 @@ const cancelSubscriptionBodySchema = z.object({
 				"The Stripe subscription ID to cancel. Eg: 'sub_1ABC2DEF3GHI4JKL'",
 		})
 		.optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 	returnUrl: z.string().meta({
 		description:
 			'URL to take customers to when they click on the billing portal\'s link to return to your website. Eg: "/account"',
 	}),
+	/**
+	 * Disable Redirect
+	 */
+	disableRedirect: z
+		.boolean()
+		.meta({
+			description:
+				"Disable redirect after successful subscription cancellation. Eg: true",
+		})
+		.default(false),
 });
 
 /**
@@ -686,13 +918,17 @@ export const cancelSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
-				originCheck((ctx) => ctx.body.returnUrl),
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "cancel-subscription"),
+				originCheck((ctx) => ctx.body.returnUrl),
 			],
 		},
 		async (ctx) => {
-			const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			let subscription = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
 						model: "subscription",
@@ -708,13 +944,7 @@ export const cancelSubscription = (options: StripeOptions) => {
 							model: "subscription",
 							where: [{ field: "referenceId", value: referenceId }],
 						})
-						.then((subs) =>
-							subs.find(
-								(sub) => sub.status === "active" || sub.status === "trialing",
-							),
-						);
-
-			// Ensure the specified subscription belongs to the (validated) referenceId.
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 			if (
 				ctx.body.subscriptionId &&
 				subscription &&
@@ -724,20 +954,15 @@ export const cancelSubscription = (options: StripeOptions) => {
 			}
 
 			if (!subscription || !subscription.stripeCustomerId) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 			const activeSubscriptions = await client.subscriptions
 				.list({
 					customer: subscription.stripeCustomerId,
 				})
-				.then((res) =>
-					res.data.filter(
-						(sub) => sub.status === "active" || sub.status === "trialing",
-					),
-				);
+				.then((res) => res.data.filter((sub) => isActiveOrTrialing(sub)));
 			if (!activeSubscriptions.length) {
 				/**
 				 * If the subscription is not found, we need to delete the subscription
@@ -752,19 +977,17 @@ export const cancelSubscription = (options: StripeOptions) => {
 						},
 					],
 				});
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 			const activeSubscription = activeSubscriptions.find(
 				(sub) => sub.id === subscription.stripeSubscriptionId,
 			);
 			if (!activeSubscription) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 			const { url } = await client.billingPortal.sessions
 				.create({
@@ -785,21 +1008,30 @@ export const cancelSubscription = (options: StripeOptions) => {
 					},
 				})
 				.catch(async (e) => {
-					if (e.message.includes("already set to be cancel")) {
+					if (e.message?.includes("already set to be canceled")) {
 						/**
-						 * in-case we missed the event from stripe, we set it manually
+						 * in-case we missed the event from stripe, we sync the actual state
 						 * this is a rare case and should not happen
 						 */
-						if (!subscription.cancelAtPeriodEnd) {
-							await ctx.context.adapter.updateMany({
+						if (!isPendingCancel(subscription)) {
+							const stripeSub = await client.subscriptions.retrieve(
+								activeSubscription.id,
+							);
+							await ctx.context.adapter.update({
 								model: "subscription",
 								update: {
-									cancelAtPeriodEnd: true,
+									cancelAtPeriodEnd: stripeSub.cancel_at_period_end,
+									cancelAt: stripeSub.cancel_at
+										? new Date(stripeSub.cancel_at * 1000)
+										: null,
+									canceledAt: stripeSub.canceled_at
+										? new Date(stripeSub.canceled_at * 1000)
+										: null,
 								},
 								where: [
 									{
-										field: "referenceId",
-										value: referenceId,
+										field: "id",
+										value: subscription.id,
 									},
 								],
 							});
@@ -810,10 +1042,10 @@ export const cancelSubscription = (options: StripeOptions) => {
 						code: e.code,
 					});
 				});
-			return {
+			return ctx.json({
 				url,
-				redirect: true,
-			};
+				redirect: !ctx.body.disableRedirect,
+			});
 		},
 	);
 };
@@ -832,6 +1064,18 @@ const restoreSubscriptionBodySchema = z.object({
 				"The Stripe subscription ID to restore. Eg: 'sub_1ABC2DEF3GHI4JKL'",
 		})
 		.optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 });
 
 export const restoreSubscription = (options: StripeOptions) => {
@@ -848,12 +1092,15 @@ export const restoreSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "restore-subscription"),
 			],
 		},
 		async (ctx) => {
-			const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
 
 			let subscription = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
@@ -875,11 +1122,7 @@ export const restoreSubscription = (options: StripeOptions) => {
 								},
 							],
 						})
-						.then((subs) =>
-							subs.find(
-								(sub) => sub.status === "active" || sub.status === "trialing",
-							),
-						);
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 			if (
 				ctx.body.subscriptionId &&
 				subscription &&
@@ -888,74 +1131,68 @@ export const restoreSubscription = (options: StripeOptions) => {
 				subscription = undefined;
 			}
 			if (!subscription || !subscription.stripeCustomerId) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
-			if (
-				subscription.status != "active" &&
-				subscription.status != "trialing"
-			) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE,
-				);
+			if (!isActiveOrTrialing(subscription)) {
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE,
+				});
 			}
-			if (!subscription.cancelAtPeriodEnd) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION,
-				);
+			if (!isPendingCancel(subscription)) {
+				throw ctx.error("BAD_REQUEST", {
+					message:
+						STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION,
+				});
 			}
 
 			const activeSubscription = await client.subscriptions
 				.list({
 					customer: subscription.stripeCustomerId,
 				})
-				.then(
-					(res) =>
-						res.data.filter(
-							(sub) => sub.status === "active" || sub.status === "trialing",
-						)[0],
-				);
+				.then((res) => res.data.filter((sub) => isActiveOrTrialing(sub))[0]);
 			if (!activeSubscription) {
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
-				);
+				throw ctx.error("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				});
 			}
 
-			try {
-				const newSub = await client.subscriptions.update(
-					activeSubscription.id,
-					{
-						cancel_at_period_end: false,
-					},
-				);
+			// Clear scheduled cancellation based on Stripe subscription state
+			// Note: Stripe doesn't accept both `cancel_at` and `cancel_at_period_end` simultaneously
+			const updateParams: Stripe.SubscriptionUpdateParams = {};
+			if (activeSubscription.cancel_at) {
+				updateParams.cancel_at = "";
+			} else if (activeSubscription.cancel_at_period_end) {
+				updateParams.cancel_at_period_end = false;
+			}
 
-				await ctx.context.adapter.update({
-					model: "subscription",
-					update: {
-						cancelAtPeriodEnd: false,
-						updatedAt: new Date(),
-					},
-					where: [
-						{
-							field: "id",
-							value: subscription.id,
-						},
-					],
+			const newSub = await client.subscriptions
+				.update(activeSubscription.id, updateParams)
+				.catch((e) => {
+					throw ctx.error("BAD_REQUEST", {
+						message: e.message,
+						code: e.code,
+					});
 				});
 
-				return ctx.json(newSub);
-			} catch (error) {
-				ctx.context.logger.error("Error restoring subscription", error);
-				throw APIError.from(
-					"BAD_REQUEST",
-					STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
-				);
-			}
+			await ctx.context.adapter.update({
+				model: "subscription",
+				update: {
+					cancelAtPeriodEnd: false,
+					cancelAt: null,
+					canceledAt: null,
+					updatedAt: new Date(),
+				},
+				where: [
+					{
+						field: "id",
+						value: subscription.id,
+					},
+				],
+			});
+
+			return ctx.json(newSub);
 		},
 	);
 };
@@ -968,6 +1205,18 @@ const listActiveSubscriptionsQuerySchema = z.optional(
 				description: "Reference id of the subscription to list. Eg: '123'",
 			})
 			.optional(),
+		/**
+		 * Customer type for the subscription.
+		 * - `user`: User owns the subscription (default)
+		 * - `organization`: Organization owns the subscription
+		 */
+		customerType: z
+			.enum(["user", "organization"])
+			.meta({
+				description:
+					'Customer type for the subscription. Eg: "user" or "organization"',
+			})
+			.optional(),
 	}),
 );
 /**
@@ -998,17 +1247,22 @@ export const listActiveSubscriptions = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "list-subscription"),
 			],
 		},
 		async (ctx) => {
+			const customerType = ctx.query?.customerType || "user";
+			const referenceId =
+				ctx.query?.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			const subscriptions = await ctx.context.adapter.findMany<Subscription>({
 				model: "subscription",
 				where: [
 					{
 						field: "referenceId",
-						value: ctx.query?.referenceId || ctx.context.session.user.id,
+						value: referenceId,
 					},
 				],
 			});
@@ -1030,9 +1284,7 @@ export const listActiveSubscriptions = (options: StripeOptions) => {
 						priceId: plan?.priceId,
 					};
 				})
-				.filter((sub) => {
-					return sub.status === "active" || sub.status === "trialing";
-				});
+				.filter((sub) => isActiveOrTrialing(sub));
 			return ctx.json(subs);
 		},
 	);
@@ -1058,14 +1310,12 @@ export const subscriptionSuccess = (options: StripeOptions) => {
 			if (!ctx.query || !ctx.query.callbackURL || !ctx.query.subscriptionId) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const session = await getSessionFromCtx<{ stripeCustomerId: string }>(
-				ctx,
-			);
+			const { callbackURL, subscriptionId } = ctx.query;
+
+			const session = await getSessionFromCtx<User & WithStripeCustomerId>(ctx);
 			if (!session) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const { user } = session;
-			const { callbackURL, subscriptionId } = ctx.query;
 
 			const subscription = await ctx.context.adapter.findOne<Subscription>({
 				model: "subscription",
@@ -1076,74 +1326,89 @@ export const subscriptionSuccess = (options: StripeOptions) => {
 					},
 				],
 			});
-
-			if (
-				subscription?.status === "active" ||
-				subscription?.status === "trialing"
-			) {
-				return ctx.redirect(getUrl(ctx, callbackURL));
+			if (!subscription) {
+				ctx.context.logger.warn(
+					`Subscription record not found for subscriptionId: ${subscriptionId}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
 			}
-			const customerId =
-				subscription?.stripeCustomerId || user.stripeCustomerId;
 
-			if (customerId) {
-				try {
-					const stripeSubscription = await client.subscriptions
-						.list({
-							customer: customerId,
-							status: "active",
-						})
-						.then((res) => res.data[0]);
+			// Already active or trialing, no need to update
+			if (isActiveOrTrialing(subscription)) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
 
-					if (stripeSubscription) {
-						const plan = await getPlanByPriceInfo(
-							options,
-							stripeSubscription.items.data[0]?.price.id!,
-							stripeSubscription.items.data[0]?.price.lookup_key!,
-						);
+			const customerId =
+				subscription.stripeCustomerId || session.user.stripeCustomerId;
+			if (!customerId) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
 
-						if (plan && subscription) {
-							await ctx.context.adapter.update({
-								model: "subscription",
-								update: {
-									status: stripeSubscription.status,
-									seats: stripeSubscription.items.data[0]?.quantity || 1,
-									plan: plan.name.toLowerCase(),
-									periodEnd: new Date(
-										stripeSubscription.items.data[0]?.current_period_end! *
-											1000,
-									),
-									periodStart: new Date(
-										stripeSubscription.items.data[0]?.current_period_start! *
-											1000,
-									),
-									stripeSubscriptionId: stripeSubscription.id,
-									...(stripeSubscription.trial_start &&
-									stripeSubscription.trial_end
-										? {
-												trialStart: new Date(
-													stripeSubscription.trial_start * 1000,
-												),
-												trialEnd: new Date(stripeSubscription.trial_end * 1000),
-											}
-										: {}),
-								},
-								where: [
-									{
-										field: "id",
-										value: subscription.id,
-									},
-								],
-							});
-						}
-					}
-				} catch (error) {
+			const stripeSubscription = await client.subscriptions
+				.list({ customer: customerId, status: "active" })
+				.then((res) => res.data[0])
+				.catch((error) => {
 					ctx.context.logger.error(
 						"Error fetching subscription from Stripe",
 						error,
 					);
-				}
+					throw ctx.redirect(getUrl(ctx, callbackURL));
+				});
+			if (!stripeSubscription) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
 			}
+
+			const subscriptionItem = stripeSubscription.items.data[0];
+			if (!subscriptionItem) {
+				ctx.context.logger.warn(
+					`No subscription items found for Stripe subscription ${stripeSubscription.id}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
+
+			const plan = await getPlanByPriceInfo(
+				options,
+				subscriptionItem.price.id,
+				subscriptionItem.price.lookup_key,
+			);
+			if (!plan) {
+				ctx.context.logger.warn(
+					`Plan not found for price ${subscriptionItem.price.id}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
+
+			await ctx.context.adapter.update({
+				model: "subscription",
+				update: {
+					status: stripeSubscription.status,
+					seats: subscriptionItem.quantity || 1,
+					plan: plan.name.toLowerCase(),
+					periodEnd: new Date(subscriptionItem.current_period_end * 1000),
+					periodStart: new Date(subscriptionItem.current_period_start * 1000),
+					stripeSubscriptionId: stripeSubscription.id,
+					cancelAtPeriodEnd: stripeSubscription.cancel_at_period_end,
+					cancelAt: stripeSubscription.cancel_at
+						? new Date(stripeSubscription.cancel_at * 1000)
+						: null,
+					canceledAt: stripeSubscription.canceled_at
+						? new Date(stripeSubscription.canceled_at * 1000)
+						: null,
+					...(stripeSubscription.trial_start && stripeSubscription.trial_end
+						? {
+								trialStart: new Date(stripeSubscription.trial_start * 1000),
+								trialEnd: new Date(stripeSubscription.trial_end * 1000),
+							}
+						: {}),
+				},
+				where: [
+					{
+						field: "id",
+						value: subscription.id,
+					},
+				],
+			});
+
 			throw ctx.redirect(getUrl(ctx, callbackURL));
 		},
 	);
@@ -1156,7 +1421,29 @@ const createBillingPortalBodySchema = z.object({
 		})
 		.optional(),
 	referenceId: z.string().optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 	returnUrl: z.string().default("/"),
+	/**
+	 * Disable Redirect
+	 */
+	disableRedirect: z
+		.boolean()
+		.meta({
+			description:
+				"Disable redirect after creating billing portal session. Eg: true",
+		})
+		.default(false),
 });
 
 export const createBillingPortal = (options: StripeOptions) => {
@@ -1173,40 +1460,62 @@ export const createBillingPortal = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
-				originCheck((ctx) => ctx.body.returnUrl),
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "billing-portal"),
+				originCheck((ctx) => ctx.body.returnUrl),
 			],
 		},
 		async (ctx) => {
 			const { user } = ctx.context.session;
-			const referenceId = ctx.body.referenceId || user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
 
-			let customerId = user.stripeCustomerId;
+			let customerId: string | undefined;
 
-			if (!customerId) {
-				const subscription = await ctx.context.adapter
-					.findMany<Subscription>({
-						model: "subscription",
-						where: [
-							{
-								field: "referenceId",
-								value: referenceId,
-							},
-						],
-					})
-					.then((subs) =>
-						subs.find(
-							(sub) => sub.status === "active" || sub.status === "trialing",
-						),
-					);
+			if (customerType === "organization") {
+				// Organization billing portal - get customer ID from organization
+				const org = await ctx.context.adapter.findOne<
+					Organization & WithStripeCustomerId
+				>({
+					model: "organization",
+					where: [{ field: "id", value: referenceId }],
+				});
+				customerId = org?.stripeCustomerId;
 
-				customerId = subscription?.stripeCustomerId;
-			}
+				if (!customerId) {
+					// Fallback to subscription's stripeCustomerId
+					const subscription = await ctx.context.adapter
+						.findMany<Subscription>({
+							model: "subscription",
+							where: [{ field: "referenceId", value: referenceId }],
+						})
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
+					customerId = subscription?.stripeCustomerId;
+				}
+			} else {
+				// User billing portal
+				customerId = user.stripeCustomerId;
+				if (!customerId) {
+					const subscription = await ctx.context.adapter
+						.findMany<Subscription>({
+							model: "subscription",
+							where: [
+								{
+									field: "referenceId",
+									value: referenceId,
+								},
+							],
+						})
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 
+					customerId = subscription?.stripeCustomerId;
+				}
+			}
 			if (!customerId) {
-				throw new APIError("BAD_REQUEST", {
-					message: "No Stripe customer found for this user",
+				throw new APIError("NOT_FOUND", {
+					message: STRIPE_ERROR_CODES.CUSTOMER_NOT_FOUND,
 				});
 			}
 
@@ -1219,15 +1528,15 @@ export const createBillingPortal = (options: StripeOptions) => {
 
 				return ctx.json({
 					url,
-					redirect: true,
+					redirect: !ctx.body.disableRedirect,
 				});
 			} catch (error: any) {
 				ctx.context.logger.error(
 					"Error creating billing portal session",
 					error,
 				);
-				throw new APIError("BAD_REQUEST", {
-					message: error.message,
+				throw new APIError("INTERNAL_SERVER_ERROR", {
+					message: STRIPE_ERROR_CODES.UNABLE_TO_CREATE_BILLING_PORTAL,
 				});
 			}
 		},
@@ -1247,44 +1556,54 @@ export const stripeWebhook = (options: StripeOptions) => {
 				},
 			},
 			cloneRequest: true,
-			//don't parse the body
-			disableBody: true,
+			disableBody: true, // Don't parse the body
 		},
 		async (ctx) => {
 			if (!ctx.request?.body) {
-				throw new APIError("INTERNAL_SERVER_ERROR");
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.INVALID_REQUEST_BODY,
+				});
 			}
-			const buf = await ctx.request.text();
-			const sig = ctx.request.headers.get("stripe-signature") as string;
+
+			const sig = ctx.request.headers.get("stripe-signature");
+			if (!sig) {
+				throw new APIError("BAD_REQUEST", {
+					message: STRIPE_ERROR_CODES.STRIPE_SIGNATURE_NOT_FOUND,
+				});
+			}
+
 			const webhookSecret = options.stripeWebhookSecret;
+			if (!webhookSecret) {
+				throw new APIError("INTERNAL_SERVER_ERROR", {
+					message: STRIPE_ERROR_CODES.STRIPE_WEBHOOK_SECRET_NOT_FOUND,
+				});
+			}
+
+			const payload = await ctx.request.text();
+
 			let event: Stripe.Event;
 			try {
-				if (!sig || !webhookSecret) {
-					throw new APIError("BAD_REQUEST", {
-						message: "Stripe webhook secret not found",
-					});
-				}
 				// Support both Stripe v18 (constructEvent) and v19+ (constructEventAsync)
 				if (typeof client.webhooks.constructEventAsync === "function") {
 					// Stripe v19+ - use async method
 					event = await client.webhooks.constructEventAsync(
-						buf,
+						payload,
 						sig,
 						webhookSecret,
 					);
 				} else {
 					// Stripe v18 - use sync method
-					event = client.webhooks.constructEvent(buf, sig, webhookSecret);
+					event = client.webhooks.constructEvent(payload, sig, webhookSecret);
 				}
 			} catch (err: any) {
 				ctx.context.logger.error(`${err.message}`);
 				throw new APIError("BAD_REQUEST", {
-					message: `Webhook Error: ${err.message}`,
+					message: STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT,
 				});
 			}
 			if (!event) {
 				throw new APIError("BAD_REQUEST", {
-					message: "Failed to construct event",
+					message: STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT,
 				});
 			}
 			try {
@@ -1293,6 +1612,10 @@ export const stripeWebhook = (options: StripeOptions) => {
 						await onCheckoutSessionCompleted(ctx, options, event);
 						await options.onEvent?.(event);
 						break;
+					case "customer.subscription.created":
+						await onSubscriptionCreated(ctx, options, event);
+						await options.onEvent?.(event);
+						break;
 					case "customer.subscription.updated":
 						await onSubscriptionUpdated(ctx, options, event);
 						await options.onEvent?.(event);
@@ -1308,32 +1631,10 @@ export const stripeWebhook = (options: StripeOptions) => {
 			} catch (e: any) {
 				ctx.context.logger.error(`Stripe webhook failed. Error: ${e.message}`);
 				throw new APIError("BAD_REQUEST", {
-					message: "Webhook error: See server logs for more information.",
+					message: STRIPE_ERROR_CODES.STRIPE_WEBHOOK_ERROR,
 				});
 			}
 			return ctx.json({ success: true });
 		},
 	);
 };
-
-const getUrl = (ctx: GenericEndpointContext, url: string) => {
-	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) {
-		return url;
-	}
-	return `${ctx.context.options.baseURL}${
-		url.startsWith("/") ? url : `/${url}`
-	}`;
-};
-
-async function resolvePriceIdFromLookupKey(
-	stripeClient: Stripe,
-	lookupKey: string,
-): Promise<string | undefined> {
-	if (!lookupKey) return undefined;
-	const prices = await stripeClient.prices.list({
-		lookup_keys: [lookupKey],
-		active: true,
-		limit: 1,
-	});
-	return prices.data[0]?.id;
-}