@better-auth/stripe 1.5.0-beta.1 → 1.5.0-beta.10

package/src/metadata.ts

@@ -0,0 +1,94 @@
+import { defu } from "defu";
+import type Stripe from "stripe";
+
+/**
+ * Internal metadata fields for Stripe Customer.
+ */
+type CustomerInternalMetadata =
+	| { customerType: "user"; userId: string }
+	| { customerType: "organization"; organizationId: string };
+
+/**
+ * Internal metadata fields for Stripe Subscription/Checkout.
+ */
+type SubscriptionInternalMetadata = {
+	userId: string;
+	subscriptionId: string;
+	referenceId: string;
+};
+
+/**
+ * Customer metadata - set internal fields and extract typed fields.
+ */
+export const customerMetadata = {
+	/**
+	 * Internal metadata keys for type-safe access.
+	 */
+	keys: {
+		userId: "userId",
+		organizationId: "organizationId",
+		customerType: "customerType",
+	} as const,
+
+	/**
+	 * Create metadata with internal fields that cannot be overridden by user metadata.
+	 * Uses `defu` which prioritizes the first argument.
+	 */
+	set(
+		internalFields: CustomerInternalMetadata,
+		...userMetadata: (Stripe.Emptyable<Stripe.MetadataParam> | undefined)[]
+	): Stripe.MetadataParam {
+		return defu(internalFields, ...userMetadata.filter(Boolean));
+	},
+
+	/**
+	 * Extract internal fields from Stripe metadata.
+	 * Provides type-safe access to internal metadata keys.
+	 */
+	get(metadata: Stripe.Metadata | null | undefined) {
+		return {
+			userId: metadata?.userId,
+			organizationId: metadata?.organizationId,
+			customerType: metadata?.customerType as
+				| CustomerInternalMetadata["customerType"]
+				| undefined,
+		};
+	},
+};
+
+/**
+ * Subscription/Checkout metadata - set internal fields and extract typed fields.
+ */
+export const subscriptionMetadata = {
+	/**
+	 * Internal metadata keys for type-safe access.
+	 */
+	keys: {
+		userId: "userId",
+		subscriptionId: "subscriptionId",
+		referenceId: "referenceId",
+	} as const,
+
+	/**
+	 * Create metadata with internal fields that cannot be overridden by user metadata.
+	 * Uses `defu` which prioritizes the first argument.
+	 */
+	set(
+		internalFields: SubscriptionInternalMetadata,
+		...userMetadata: (Stripe.Emptyable<Stripe.MetadataParam> | undefined)[]
+	): Stripe.MetadataParam {
+		return defu(internalFields, ...userMetadata.filter(Boolean));
+	},
+
+	/**
+	 * Extract internal fields from Stripe metadata.
+	 * Provides type-safe access to internal metadata keys.
+	 */
+	get(metadata: Stripe.Metadata | null | undefined) {
+		return {
+			userId: metadata?.userId,
+			subscriptionId: metadata?.subscriptionId,
+			referenceId: metadata?.referenceId,
+		};
+	},
+};

package/src/middleware.ts

@@ -1,58 +1,104 @@
 import { createAuthMiddleware } from "@better-auth/core/api";
-import { logger } from "better-auth";
-import { APIError } from "better-auth/api";
-import type { SubscriptionOptions } from "./types";
+import { APIError } from "@better-auth/core/error";
+import { sessionMiddleware } from "better-auth/api";
+import { STRIPE_ERROR_CODES } from "./error-codes";
+import type {
+	AuthorizeReferenceAction,
+	CustomerType,
+	StripeCtxSession,
+	SubscriptionOptions,
+} from "./types";
+
+export const stripeSessionMiddleware = createAuthMiddleware(
+	{
+		use: [sessionMiddleware],
+	},
+	async (ctx) => {
+		const session = ctx.context.session as StripeCtxSession;
+		return {
+			session,
+		};
+	},
+);
 
 export const referenceMiddleware = (
 	subscriptionOptions: SubscriptionOptions,
-	action:
-		| "upgrade-subscription"
-		| "list-subscription"
-		| "cancel-subscription"
-		| "restore-subscription"
-		| "billing-portal",
+	action: AuthorizeReferenceAction,
 ) =>
 	createAuthMiddleware(async (ctx) => {
-		const session = ctx.context.session;
-		if (!session) {
-			throw new APIError("UNAUTHORIZED");
+		const ctxSession = ctx.context.session as StripeCtxSession;
+		if (!ctxSession) {
+			throw APIError.from("UNAUTHORIZED", STRIPE_ERROR_CODES.UNAUTHORIZED);
+		}
+
+		const customerType: CustomerType =
+			ctx.body?.customerType || ctx.query?.customerType;
+		const explicitReferenceId = ctx.body?.referenceId || ctx.query?.referenceId;
+
+		if (customerType === "organization") {
+			// Organization subscriptions always require authorizeReference
+			if (!subscriptionOptions.authorizeReference) {
+				ctx.context.logger.error(
+					`Organization subscriptions require authorizeReference to be defined in your stripe plugin config.`,
+				);
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.ORGANIZATION_SUBSCRIPTION_NOT_ENABLED,
+				);
+			}
+
+			const referenceId =
+				explicitReferenceId || ctxSession.session.activeOrganizationId;
+			if (!referenceId) {
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.ORGANIZATION_REFERENCE_ID_REQUIRED,
+				);
+			}
+			const isAuthorized = await subscriptionOptions.authorizeReference(
+				{
+					user: ctxSession.user,
+					session: ctxSession.session,
+					referenceId,
+					action,
+				},
+				ctx,
+			);
+			if (!isAuthorized) {
+				throw APIError.from("UNAUTHORIZED", STRIPE_ERROR_CODES.UNAUTHORIZED);
+			}
+			return;
 		}
-		const referenceId =
-			ctx.body?.referenceId || ctx.query?.referenceId || session.user.id;
-
-		if (
-			referenceId !== session.user.id &&
-			!subscriptionOptions.authorizeReference
-		) {
-			logger.error(
+
+		// User subscriptions - pass if no explicit referenceId
+		if (!explicitReferenceId) {
+			return;
+		}
+
+		// Pass if referenceId is user id
+		if (explicitReferenceId === ctxSession.user.id) {
+			return;
+		}
+
+		if (!subscriptionOptions.authorizeReference) {
+			ctx.context.logger.error(
 				`Passing referenceId into a subscription action isn't allowed if subscription.authorizeReference isn't defined in your stripe plugin config.`,
 			);
-			throw new APIError("BAD_REQUEST", {
-				message:
-					"Reference id is not allowed. Read server logs for more details.",
-			});
+			throw APIError.from(
+				"BAD_REQUEST",
+				STRIPE_ERROR_CODES.REFERENCE_ID_NOT_ALLOWED,
+			);
 		}
-		/**
-		 * if referenceId is the same as the active session user's id
-		 */
-		const sameReference =
-			ctx.query?.referenceId === session.user.id ||
-			ctx.body?.referenceId === session.user.id;
-		const isAuthorized =
-			ctx.body?.referenceId || ctx.query?.referenceId
-				? (await subscriptionOptions.authorizeReference?.(
-						{
-							user: session.user,
-							session: session.session,
-							referenceId,
-							action,
-						},
-						ctx,
-					)) || sameReference
-				: true;
+		const isAuthorized = await subscriptionOptions.authorizeReference(
+			{
+				user: ctxSession.user,
+				session: ctxSession.session,
+				referenceId: explicitReferenceId,
+				action,
+			},
+			ctx,
+		);
 		if (!isAuthorized) {
-			throw new APIError("UNAUTHORIZED", {
-				message: "Unauthorized",
-			});
+			throw APIError.from("UNAUTHORIZED", STRIPE_ERROR_CODES.UNAUTHORIZED);
 		}
 	});