@better-auth/stripe 1.5.0-beta.2 → 1.5.0-beta.3

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@better-auth/stripe",
   "author": "Bereket Engida",
-  "version": "1.5.0-beta.2",
+  "version": "1.5.0-beta.3",
   "type": "module",
   "main": "dist/index.mjs",
   "types": "dist/index.d.mts",
@@ -50,15 +50,15 @@
   },
   "peerDependencies": {
     "stripe": "^18 || ^19 || ^20",
-    "@better-auth/core": "1.5.0-beta.2",
-    "better-auth": "1.5.0-beta.2"
+    "@better-auth/core": "1.5.0-beta.3",
+    "better-auth": "1.5.0-beta.3"
   },
   "devDependencies": {
-    "better-call": "1.1.7",
+    "better-call": "1.1.8",
     "stripe": "^20.0.0",
     "tsdown": "^0.17.2",
-    "@better-auth/core": "1.5.0-beta.2",
-    "better-auth": "1.5.0-beta.2"
+    "@better-auth/core": "1.5.0-beta.3",
+    "better-auth": "1.5.0-beta.3"
   },
   "scripts": {
     "test": "vitest",

package/src/error-codes.ts

@@ -1,14 +1,30 @@
 import { defineErrorCodes } from "@better-auth/core/utils";
 
 export const STRIPE_ERROR_CODES = defineErrorCodes({
+	UNAUTHORIZED: "Unauthorized access",
+	INVALID_REQUEST_BODY: "Invalid request body",
 	SUBSCRIPTION_NOT_FOUND: "Subscription not found",
 	SUBSCRIPTION_PLAN_NOT_FOUND: "Subscription plan not found",
 	ALREADY_SUBSCRIBED_PLAN: "You're already subscribed to this plan",
+	REFERENCE_ID_NOT_ALLOWED: "Reference id is not allowed",
+	CUSTOMER_NOT_FOUND: "Stripe customer not found for this user",
 	UNABLE_TO_CREATE_CUSTOMER: "Unable to create customer",
+	UNABLE_TO_CREATE_BILLING_PORTAL: "Unable to create billing portal session",
+	STRIPE_SIGNATURE_NOT_FOUND: "Stripe signature not found",
+	STRIPE_WEBHOOK_SECRET_NOT_FOUND: "Stripe webhook secret not found",
+	STRIPE_WEBHOOK_ERROR: "Stripe webhook error",
+	FAILED_TO_CONSTRUCT_STRIPE_EVENT: "Failed to construct Stripe event",
 	FAILED_TO_FETCH_PLANS: "Failed to fetch plans",
 	EMAIL_VERIFICATION_REQUIRED:
 		"Email verification is required before you can subscribe to a plan",
 	SUBSCRIPTION_NOT_ACTIVE: "Subscription is not active",
 	SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION:
 		"Subscription is not scheduled for cancellation",
+	ORGANIZATION_NOT_FOUND: "Organization not found",
+	ORGANIZATION_SUBSCRIPTION_NOT_ENABLED:
+		"Organization subscription is not enabled",
+	ORGANIZATION_HAS_ACTIVE_SUBSCRIPTION:
+		"Cannot delete organization with active subscription",
+	ORGANIZATION_REFERENCE_ID_REQUIRED:
+		"Reference ID is required. Provide referenceId or set activeOrganizationId in session",
 });

package/src/hooks.ts

@@ -1,7 +1,8 @@
 import type { GenericEndpointContext } from "@better-auth/core";
 import type { User } from "@better-auth/core/db";
+import type { Organization } from "better-auth/plugins/organization";
 import type Stripe from "stripe";
-import type { InputSubscription, StripeOptions, Subscription } from "./types";
+import type { CustomerType, StripeOptions, Subscription } from "./types";
 import {
 	getPlanByPriceInfo,
 	isActiveOrTrialing,
@@ -9,6 +10,32 @@ import {
 	isStripePendingCancel,
 } from "./utils";
 
+/**
+ * Find organization or user by stripeCustomerId.
+ * @internal
+ */
+async function findReferenceByStripeCustomerId(
+	ctx: GenericEndpointContext,
+	options: StripeOptions,
+	stripeCustomerId: string,
+): Promise<{ customerType: CustomerType; referenceId: string } | null> {
+	if (options.organization?.enabled) {
+		const org = await ctx.context.adapter.findOne<Organization>({
+			model: "organization",
+			where: [{ field: "stripeCustomerId", value: stripeCustomerId }],
+		});
+		if (org) return { customerType: "organization", referenceId: org.id };
+	}
+
+	const user = await ctx.context.adapter.findOne<User>({
+		model: "user",
+		where: [{ field: "stripeCustomerId", value: stripeCustomerId }],
+	});
+	if (user) return { customerType: "user", referenceId: user.id };
+
+	return null;
+}
+
 export async function onCheckoutSessionCompleted(
 	ctx: GenericEndpointContext,
 	options: StripeOptions,
@@ -23,8 +50,16 @@ export async function onCheckoutSessionCompleted(
 		const subscription = await client.subscriptions.retrieve(
 			checkoutSession.subscription as string,
 		);
-		const priceId = subscription.items.data[0]?.price.id;
-		const priceLookupKey = subscription.items.data[0]?.price.lookup_key || null;
+		const subscriptionItem = subscription.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(
+				`Stripe webhook warning: Subscription ${subscription.id} has no items`,
+			);
+			return;
+		}
+
+		const priceId = subscriptionItem.price.id;
+		const priceLookupKey = subscriptionItem.price.lookup_key;
 		const plan = await getPlanByPriceInfo(
 			options,
 			priceId as string,
@@ -35,7 +70,7 @@ export async function onCheckoutSessionCompleted(
 				checkoutSession?.client_reference_id ||
 				checkoutSession?.metadata?.referenceId;
 			const subscriptionId = checkoutSession?.metadata?.subscriptionId;
-			const seats = subscription.items.data[0]!.quantity;
+			const seats = subscriptionItem.quantity;
 			if (referenceId && subscriptionId) {
 				const trial =
 					subscription.trial_start && subscription.trial_end
@@ -45,40 +80,35 @@ export async function onCheckoutSessionCompleted(
 							}
 						: {};
 
-				let dbSubscription =
-					await ctx.context.adapter.update<InputSubscription>({
-						model: "subscription",
-						update: {
-							plan: plan.name.toLowerCase(),
-							status: subscription.status,
-							updatedAt: new Date(),
-							periodStart: new Date(
-								subscription.items.data[0]!.current_period_start * 1000,
-							),
-							periodEnd: new Date(
-								subscription.items.data[0]!.current_period_end * 1000,
-							),
-							stripeSubscriptionId: checkoutSession.subscription as string,
-							cancelAtPeriodEnd: subscription.cancel_at_period_end,
-							cancelAt: subscription.cancel_at
-								? new Date(subscription.cancel_at * 1000)
-								: null,
-							canceledAt: subscription.canceled_at
-								? new Date(subscription.canceled_at * 1000)
-								: null,
-							endedAt: subscription.ended_at
-								? new Date(subscription.ended_at * 1000)
-								: null,
-							seats: seats,
-							...trial,
+				let dbSubscription = await ctx.context.adapter.update<Subscription>({
+					model: "subscription",
+					update: {
+						plan: plan.name.toLowerCase(),
+						status: subscription.status,
+						updatedAt: new Date(),
+						periodStart: new Date(subscriptionItem.current_period_start * 1000),
+						periodEnd: new Date(subscriptionItem.current_period_end * 1000),
+						stripeSubscriptionId: checkoutSession.subscription as string,
+						cancelAtPeriodEnd: subscription.cancel_at_period_end,
+						cancelAt: subscription.cancel_at
+							? new Date(subscription.cancel_at * 1000)
+							: null,
+						canceledAt: subscription.canceled_at
+							? new Date(subscription.canceled_at * 1000)
+							: null,
+						endedAt: subscription.ended_at
+							? new Date(subscription.ended_at * 1000)
+							: null,
+						seats: seats,
+						...trial,
+					},
+					where: [
+						{
+							field: "id",
+							value: subscriptionId,
 						},
-						where: [
-							{
-								field: "id",
-								value: subscriptionId,
-							},
-						],
-					});
+					],
+				});
 
 				if (trial.trialStart && plan.freeTrial?.onTrialStart) {
 					await plan.freeTrial.onTrialStart(dbSubscription as Subscription);
@@ -132,39 +162,34 @@ export async function onSubscriptionCreated(
 		}
 
 		// Check if subscription already exists in database
+		const subscriptionId = subscriptionCreated.metadata?.subscriptionId;
 		const existingSubscription =
 			await ctx.context.adapter.findOne<Subscription>({
 				model: "subscription",
-				where: [
-					{
-						field: "stripeSubscriptionId",
-						value: subscriptionCreated.id,
-					},
-				],
+				where: subscriptionId
+					? [{ field: "id", value: subscriptionId }]
+					: [{ field: "stripeSubscriptionId", value: subscriptionCreated.id }], // Probably won't match since it's not set yet
 			});
 		if (existingSubscription) {
 			ctx.context.logger.info(
-				`Stripe webhook: Subscription ${subscriptionCreated.id} already exists in database, skipping creation`,
+				`Stripe webhook: Subscription already exists in database (id: ${existingSubscription.id}), skipping creation`,
 			);
 			return;
 		}
 
-		// Find user by stripeCustomerId
-		const user = await ctx.context.adapter.findOne<User>({
-			model: "user",
-			where: [
-				{
-					field: "stripeCustomerId",
-					value: stripeCustomerId,
-				},
-			],
-		});
-		if (!user) {
+		// Find reference
+		const reference = await findReferenceByStripeCustomerId(
+			ctx,
+			options,
+			stripeCustomerId,
+		);
+		if (!reference) {
 			ctx.context.logger.warn(
-				`Stripe webhook warning: No user found with stripeCustomerId: ${stripeCustomerId}`,
+				`Stripe webhook warning: No user or organization found with stripeCustomerId: ${stripeCustomerId}`,
 			);
 			return;
 		}
+		const { referenceId, customerType } = reference;
 
 		const subscriptionItem = subscriptionCreated.items.data[0];
 		if (!subscriptionItem) {
@@ -200,8 +225,8 @@ export async function onSubscriptionCreated(
 		const newSubscription = await ctx.context.adapter.create<Subscription>({
 			model: "subscription",
 			data: {
-				referenceId: user.id,
-				stripeCustomerId: stripeCustomerId,
+				referenceId,
+				stripeCustomerId,
 				stripeSubscriptionId: subscriptionCreated.id,
 				status: subscriptionCreated.status,
 				plan: plan.name.toLowerCase(),
@@ -214,10 +239,10 @@ export async function onSubscriptionCreated(
 		});
 
 		ctx.context.logger.info(
-			`Stripe webhook: Created subscription ${subscriptionCreated.id} for user ${user.id} from dashboard`,
+			`Stripe webhook: Created subscription ${subscriptionCreated.id} for ${customerType} ${referenceId} from dashboard`,
 		);
 
-		await options.subscription?.onSubscriptionCreated?.({
+		await options.subscription.onSubscriptionCreated?.({
 			event,
 			subscription: newSubscription,
 			stripeSubscription: subscriptionCreated,
@@ -238,9 +263,16 @@ export async function onSubscriptionUpdated(
 			return;
 		}
 		const subscriptionUpdated = event.data.object as Stripe.Subscription;
-		const priceId = subscriptionUpdated.items.data[0]!.price.id;
-		const priceLookupKey =
-			subscriptionUpdated.items.data[0]!.price.lookup_key || null;
+		const subscriptionItem = subscriptionUpdated.items.data[0];
+		if (!subscriptionItem) {
+			ctx.context.logger.warn(
+				`Stripe webhook warning: Subscription ${subscriptionUpdated.id} has no items`,
+			);
+			return;
+		}
+
+		const priceId = subscriptionItem.price.id;
+		const priceLookupKey = subscriptionItem.price.lookup_key;
 		const plan = await getPlanByPriceInfo(options, priceId, priceLookupKey);
 
 		const subscriptionId = subscriptionUpdated.metadata?.subscriptionId;
@@ -272,7 +304,6 @@ export async function onSubscriptionUpdated(
 			}
 		}
 
-		const seats = subscriptionUpdated.items.data[0]!.quantity;
 		const updatedSubscription = await ctx.context.adapter.update<Subscription>({
 			model: "subscription",
 			update: {
@@ -284,12 +315,8 @@ export async function onSubscriptionUpdated(
 					: {}),
 				updatedAt: new Date(),
 				status: subscriptionUpdated.status,
-				periodStart: new Date(
-					subscriptionUpdated.items.data[0]!.current_period_start * 1000,
-				),
-				periodEnd: new Date(
-					subscriptionUpdated.items.data[0]!.current_period_end * 1000,
-				),
+				periodStart: new Date(subscriptionItem.current_period_start * 1000),
+				periodEnd: new Date(subscriptionItem.current_period_end * 1000),
 				cancelAtPeriodEnd: subscriptionUpdated.cancel_at_period_end,
 				cancelAt: subscriptionUpdated.cancel_at
 					? new Date(subscriptionUpdated.cancel_at * 1000)
@@ -300,7 +327,7 @@ export async function onSubscriptionUpdated(
 				endedAt: subscriptionUpdated.ended_at
 					? new Date(subscriptionUpdated.ended_at * 1000)
 					: null,
-				seats: seats,
+				seats: subscriptionItem.quantity,
 				stripeSubscriptionId: subscriptionUpdated.id,
 			},
 			where: [

package/src/index.ts

@@ -1,7 +1,9 @@
-import { defineErrorCodes } from "@better-auth/core/utils";
-import type { BetterAuthPlugin } from "better-auth";
+import type { BetterAuthPlugin, User } from "better-auth";
+import { APIError } from "better-auth";
+import type { Organization } from "better-auth/plugins/organization";
 import { defu } from "defu";
 import type Stripe from "stripe";
+import { STRIPE_ERROR_CODES } from "./error-codes";
 import {
 	cancelSubscription,
 	cancelSubscriptionCallback,
@@ -18,20 +20,18 @@ import type {
 	StripePlan,
 	Subscription,
 	SubscriptionOptions,
+	WithStripeCustomerId,
 } from "./types";
+import { escapeStripeSearchValue } from "./utils";
 
-const STRIPE_ERROR_CODES = defineErrorCodes({
-	SUBSCRIPTION_NOT_FOUND: "Subscription not found",
-	SUBSCRIPTION_PLAN_NOT_FOUND: "Subscription plan not found",
-	ALREADY_SUBSCRIBED_PLAN: "You're already subscribed to this plan",
-	UNABLE_TO_CREATE_CUSTOMER: "Unable to create customer",
-	FAILED_TO_FETCH_PLANS: "Failed to fetch plans",
-	EMAIL_VERIFICATION_REQUIRED:
-		"Email verification is required before you can subscribe to a plan",
-	SUBSCRIPTION_NOT_ACTIVE: "Subscription is not active",
-	SUBSCRIPTION_NOT_SCHEDULED_FOR_CANCELLATION:
-		"Subscription is not scheduled for cancellation",
-});
+declare module "@better-auth/core" {
+	// biome-ignore lint/correctness/noUnusedVariables: Auth and Context need to be same as declared in the module
+	interface BetterAuthPluginRegistry<Auth, Context> {
+		stripe: {
+			creator: typeof stripe;
+		};
+	}
+}
 
 export const stripe = <O extends StripeOptions>(options: O) => {
 	const client = options.stripeClient;
@@ -59,31 +59,134 @@ export const stripe = <O extends StripeOptions>(options: O) => {
 				: {}),
 		},
 		init(ctx) {
+			if (options.organization?.enabled) {
+				const orgPlugin = ctx.getPlugin("organization");
+				if (!orgPlugin) {
+					ctx.logger.error(`Organization plugin not found`);
+					return;
+				}
+
+				const existingHooks = orgPlugin.options.organizationHooks ?? {};
+
+				/**
+				 * Sync organization name to Stripe customer
+				 */
+				const afterUpdateStripeOrg = async (data: {
+					organization: (Organization & WithStripeCustomerId) | null;
+					user: User;
+				}) => {
+					const { organization } = data;
+					if (!organization?.stripeCustomerId) return;
+
+					try {
+						const stripeCustomer = await client.customers.retrieve(
+							organization.stripeCustomerId,
+						);
+
+						if (stripeCustomer.deleted) {
+							ctx.logger.warn(
+								`Stripe customer ${organization.stripeCustomerId} was deleted`,
+							);
+							return;
+						}
+
+						// Update Stripe customer if name changed
+						if (organization.name !== stripeCustomer.name) {
+							await client.customers.update(organization.stripeCustomerId, {
+								name: organization.name,
+							});
+							ctx.logger.info(
+								`Synced organization name to Stripe: "${stripeCustomer.name}" → "${organization.name}"`,
+							);
+						}
+					} catch (e: any) {
+						ctx.logger.error(
+							`Failed to sync organization to Stripe: ${e.message}`,
+						);
+					}
+				};
+
+				/**
+				 * Block deletion if organization has active subscriptions
+				 */
+				const beforeDeleteStripeOrg = async (data: {
+					organization: Organization & WithStripeCustomerId;
+					user: User;
+				}) => {
+					const { organization } = data;
+					if (!organization.stripeCustomerId) return;
+
+					try {
+						// Check if organization has any active subscriptions
+						const subscriptions = await client.subscriptions.list({
+							customer: organization.stripeCustomerId,
+							status: "all",
+							limit: 100, // 1 ~ 100
+						});
+						for (const sub of subscriptions.data) {
+							if (
+								sub.status !== "canceled" &&
+								sub.status !== "incomplete" &&
+								sub.status !== "incomplete_expired"
+							) {
+								throw APIError.from(
+									"BAD_REQUEST",
+									STRIPE_ERROR_CODES.ORGANIZATION_HAS_ACTIVE_SUBSCRIPTION,
+								);
+							}
+						}
+					} catch (error: any) {
+						if (error instanceof APIError) {
+							throw error;
+						}
+						ctx.logger.error(
+							`Failed to check organization subscriptions: ${error.message}`,
+						);
+						throw error;
+					}
+				};
+
+				orgPlugin.options.organizationHooks = {
+					...existingHooks,
+					afterUpdateOrganization: existingHooks.afterUpdateOrganization
+						? async (data) => {
+								await existingHooks.afterUpdateOrganization!(data);
+								await afterUpdateStripeOrg(data);
+							}
+						: afterUpdateStripeOrg,
+					beforeDeleteOrganization: existingHooks.beforeDeleteOrganization
+						? async (data) => {
+								await existingHooks.beforeDeleteOrganization!(data);
+								await beforeDeleteStripeOrg(data);
+							}
+						: beforeDeleteStripeOrg,
+				};
+			}
+
 			return {
 				options: {
 					databaseHooks: {
 						user: {
 							create: {
-								async after(user, ctx) {
-									if (!ctx || !options.createCustomerOnSignUp) return;
+								async after(user: User & WithStripeCustomerId, ctx) {
+									if (
+										!ctx ||
+										!options.createCustomerOnSignUp ||
+										user.stripeCustomerId // Skip if user already has a Stripe customer ID
+									) {
+										return;
+									}
 
 									try {
-										const userWithStripe = user as typeof user & {
-											stripeCustomerId?: string;
-										};
-
-										// Skip if user already has a Stripe customer ID
-										if (userWithStripe.stripeCustomerId) return;
-
-										// Check if customer already exists in Stripe by email
-										const existingCustomers = await client.customers.list({
-											email: user.email,
+										// Check if user customer already exists in Stripe by email
+										const existingCustomers = await client.customers.search({
+											query: `email:"${escapeStripeSearchValue(user.email)}" AND -metadata["customerType"]:"organization"`,
 											limit: 1,
 										});
 
 										let stripeCustomer = existingCustomers.data[0];
 
-										// If customer exists, link it to prevent duplicate creation
+										// If user customer exists, link it to prevent duplicate creation
 										if (stripeCustomer) {
 											await ctx.context.internalAdapter.updateUser(user.id, {
 												stripeCustomerId: stripeCustomer.id,
@@ -120,6 +223,7 @@ export const stripe = <O extends StripeOptions>(options: O) => {
 												name: user.name,
 												metadata: {
 													userId: user.id,
+													customerType: "user",
 												},
 											},
 											extraCreateParams,
@@ -150,41 +254,34 @@ export const stripe = <O extends StripeOptions>(options: O) => {
 								},
 							},
 							update: {
-								async after(user, ctx) {
-									if (!ctx) return;
+								async after(user: User & WithStripeCustomerId, ctx) {
+									if (
+										!ctx ||
+										!user.stripeCustomerId // Only proceed if user has a Stripe customer ID
+									)
+										return;
 
 									try {
-										// Cast user to include stripeCustomerId (added by the stripe plugin schema)
-										const userWithStripe = user as typeof user & {
-											stripeCustomerId?: string;
-										};
-
-										// Only proceed if user has a Stripe customer ID
-										if (!userWithStripe.stripeCustomerId) return;
-
 										// Get the user from the database to check if email actually changed
 										// The 'user' parameter here is the freshly updated user
 										// We need to check if the Stripe customer's email matches
 										const stripeCustomer = await client.customers.retrieve(
-											userWithStripe.stripeCustomerId,
+											user.stripeCustomerId,
 										);
 
 										// Check if customer was deleted
 										if (stripeCustomer.deleted) {
 											ctx.context.logger.warn(
-												`Stripe customer ${userWithStripe.stripeCustomerId} was deleted, cannot update email`,
+												`Stripe customer ${user.stripeCustomerId} was deleted, cannot update email`,
 											);
 											return;
 										}
 
 										// If Stripe customer email doesn't match the user's current email, update it
 										if (stripeCustomer.email !== user.email) {
-											await client.customers.update(
-												userWithStripe.stripeCustomerId,
-												{
-													email: user.email,
-												},
-											);
+											await client.customers.update(user.stripeCustomerId, {
+												email: user.email,
+											});
 											ctx.context.logger.info(
 												`Updated Stripe customer email from ${stripeCustomer.email} to ${user.email}`,
 											);