@better-auth/stripe 1.5.0-beta.2 → 1.5.0-beta.3

package/src/routes.ts

@@ -1,12 +1,10 @@
 import { createAuthEndpoint } from "@better-auth/core/api";
 import { APIError } from "@better-auth/core/error";
-import type { GenericEndpointContext } from "better-auth";
+import type { GenericEndpointContext, User } from "better-auth";
 import { HIDE_METADATA } from "better-auth";
-import {
-	getSessionFromCtx,
-	originCheck,
-	sessionMiddleware,
-} from "better-auth/api";
+import { getSessionFromCtx, originCheck } from "better-auth/api";
+import type { Organization } from "better-auth/plugins/organization";
+import { defu } from "defu";
 import type Stripe from "stripe";
 import type { Stripe as StripeType } from "stripe";
 import * as z from "zod/v4";
@@ -17,14 +15,17 @@ import {
 	onSubscriptionDeleted,
 	onSubscriptionUpdated,
 } from "./hooks";
-import { referenceMiddleware } from "./middleware";
+import { referenceMiddleware, stripeSessionMiddleware } from "./middleware";
 import type {
-	InputSubscription,
+	CustomerType,
+	StripeCtxSession,
 	StripeOptions,
 	Subscription,
 	SubscriptionOptions,
+	WithStripeCustomerId,
 } from "./types";
 import {
+	escapeStripeSearchValue,
 	getPlanByName,
 	getPlanByPriceInfo,
 	getPlans,
@@ -33,6 +34,70 @@ import {
 	isStripePendingCancel,
 } from "./utils";
 
+/**
+ * Converts a relative URL to an absolute URL using baseURL.
+ * @internal
+ */
+function getUrl(ctx: GenericEndpointContext, url: string) {
+	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) {
+		return url;
+	}
+	return `${ctx.context.options.baseURL}${
+		url.startsWith("/") ? url : `/${url}`
+	}`;
+}
+
+/**
+ * Resolves a Stripe price ID from a lookup key.
+ * @internal
+ */
+async function resolvePriceIdFromLookupKey(
+	stripeClient: Stripe,
+	lookupKey: string,
+): Promise<string | undefined> {
+	if (!lookupKey) return undefined;
+	const prices = await stripeClient.prices.list({
+		lookup_keys: [lookupKey],
+		active: true,
+		limit: 1,
+	});
+	return prices.data[0]?.id;
+}
+
+/**
+ * Determines the reference ID based on customer type.
+ * - `user` (default): uses userId
+ * - `organization`: uses activeOrganizationId from session
+ * @internal
+ */
+function getReferenceId(
+	ctxSession: StripeCtxSession,
+	customerType: CustomerType | undefined,
+	options: StripeOptions,
+): string {
+	const { user, session } = ctxSession;
+	const type = customerType || "user";
+
+	if (type === "organization") {
+		if (!options.organization?.enabled) {
+			throw APIError.from(
+				"BAD_REQUEST",
+				STRIPE_ERROR_CODES.ORGANIZATION_SUBSCRIPTION_NOT_ENABLED,
+			);
+		}
+
+		if (!session.activeOrganizationId) {
+			throw APIError.from(
+				"BAD_REQUEST",
+				STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND,
+			);
+		}
+		return session.activeOrganizationId;
+	}
+
+	return user.id;
+}
+
 const upgradeSubscriptionBodySchema = z.object({
 	/**
 	 * The name of the plan to subscribe
@@ -50,14 +115,14 @@ const upgradeSubscriptionBodySchema = z.object({
 		})
 		.optional(),
 	/**
-	 * Reference id of the subscription to upgrade
-	 * This is used to identify the subscription to upgrade
-	 * If not provided, the user's id will be used
+	 * Reference ID for the subscription based on customerType:
+	 * - `user`: defaults to `user.id`
+	 * - `organization`: defaults to `session.activeOrganizationId`
 	 */
 	referenceId: z
 		.string()
 		.meta({
-			description: 'Reference id of the subscription to upgrade. Eg: "123"',
+			description: 'Reference ID for the subscription. Eg: "org_123"',
 		})
 		.optional(),
 	/**
@@ -72,12 +137,23 @@ const upgradeSubscriptionBodySchema = z.object({
 		})
 		.optional(),
 	/**
-	 * Any additional data you want to store in your database
-	 * subscriptions
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription (requires referenceId)
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
+	/**
+	 * Additional metadata to store with the subscription.
 	 */
 	metadata: z.record(z.string(), z.any()).optional(),
 	/**
-	 * If a subscription
+	 * Number of seats for subscriptions.
 	 */
 	seats: z
 		.number()
@@ -156,22 +232,27 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
+				referenceMiddleware(subscriptionOptions, "upgrade-subscription"),
 				originCheck((c) => {
 					return [c.body.successUrl as string, c.body.cancelUrl as string];
 				}),
-				referenceMiddleware(subscriptionOptions, "upgrade-subscription"),
 			],
 		},
 		async (ctx) => {
 			const { user, session } = ctx.context.session;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			if (!user.emailVerified && subscriptionOptions.requireEmailVerification) {
 				throw APIError.from(
 					"BAD_REQUEST",
 					STRIPE_ERROR_CODES.EMAIL_VERIFICATION_REQUIRED,
 				);
 			}
-			const referenceId = ctx.body.referenceId || user.id;
+
 			const plan = await getPlanByName(options, ctx.body.plan);
 			if (!plan) {
 				throw APIError.from(
@@ -179,6 +260,8 @@ export const upgradeSubscription = (options: StripeOptions) => {
 					STRIPE_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND,
 				);
 			}
+
+			// Find existing subscription by Stripe ID or reference ID
 			let subscriptionToUpdate = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
 						model: "subscription",
@@ -192,7 +275,12 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				: referenceId
 					? await ctx.context.adapter.findOne<Subscription>({
 							model: "subscription",
-							where: [{ field: "referenceId", value: referenceId }],
+							where: [
+								{
+									field: "referenceId",
+									value: referenceId,
+								},
+							],
 						})
 					: null;
 
@@ -203,7 +291,6 @@ export const upgradeSubscription = (options: StripeOptions) => {
 			) {
 				subscriptionToUpdate = null;
 			}
-
 			if (ctx.body.subscriptionId && !subscriptionToUpdate) {
 				throw APIError.from(
 					"BAD_REQUEST",
@@ -211,51 +298,154 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				);
 			}
 
-			let customerId =
-				subscriptionToUpdate?.stripeCustomerId || user.stripeCustomerId;
-
-			if (!customerId) {
-				try {
-					// Try to find existing Stripe customer by email
-					const existingCustomers = await client.customers.list({
-						email: user.email,
-						limit: 1,
-					});
-
-					let stripeCustomer = existingCustomers.data[0];
-
-					if (!stripeCustomer) {
-						stripeCustomer = await client.customers.create({
-							email: user.email,
-							name: user.name,
-							metadata: {
-								...ctx.body.metadata,
-								userId: user.id,
-							},
-						});
-					}
-
-					// Update local DB with Stripe customer ID
-					await ctx.context.adapter.update({
-						model: "user",
-						update: {
-							stripeCustomerId: stripeCustomer.id,
-						},
+			// Determine customer id
+			let customerId: string | undefined;
+			if (customerType === "organization") {
+				// Organization subscription - get customer ID from organization
+				customerId = subscriptionToUpdate?.stripeCustomerId;
+				if (!customerId) {
+					const org = await ctx.context.adapter.findOne<
+						Organization & WithStripeCustomerId
+					>({
+						model: "organization",
 						where: [
 							{
 								field: "id",
-								value: user.id,
+								value: referenceId,
 							},
 						],
 					});
+					if (!org) {
+						throw APIError.from(
+							"BAD_REQUEST",
+							STRIPE_ERROR_CODES.ORGANIZATION_NOT_FOUND,
+						);
+					}
+					customerId = org.stripeCustomerId;
+
+					// If org doesn't have a customer ID, create one
+					if (!customerId) {
+						try {
+							// First, search for existing organization customer by organizationId
+							const existingOrgCustomers = await client.customers.search({
+								query: `metadata["organizationId"]:"${org.id}"`,
+								limit: 1,
+							});
 
-					customerId = stripeCustomer.id;
-				} catch (e: any) {
-					ctx.context.logger.error(e);
-					throw APIError.from(
-						"BAD_REQUEST",
-						STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
-					);
+							let stripeCustomer = existingOrgCustomers.data[0];
+
+							if (!stripeCustomer) {
+								// Get custom params if provided
+								let extraCreateParams: Partial<StripeType.CustomerCreateParams> =
+									{};
+								if (options.organization?.getCustomerCreateParams) {
+									extraCreateParams =
+										await options.organization.getCustomerCreateParams(
+											org,
+											ctx,
+										);
+								}
+
+								// Create Stripe customer for organization
+								// Email can be set via getCustomerCreateParams or updated in billing portal
+								// Use defu to ensure internal metadata fields are preserved
+								const customerParams: StripeType.CustomerCreateParams = defu(
+									{
+										name: org.name,
+										metadata: {
+											...ctx.body.metadata,
+											organizationId: org.id,
+											customerType: "organization",
+										},
+									},
+									extraCreateParams,
+								);
+								stripeCustomer = await client.customers.create(customerParams);
+
+								// Call onCustomerCreate callback only for newly created customers
+								await options.organization?.onCustomerCreate?.(
+									{
+										stripeCustomer,
+										organization: {
+											...org,
+											stripeCustomerId: stripeCustomer.id,
+										},
+									},
+									ctx,
+								);
+							}
+
+							await ctx.context.adapter.update({
+								model: "organization",
+								update: {
+									stripeCustomerId: stripeCustomer.id,
+								},
+								where: [
+									{
+										field: "id",
+										value: org.id,
+									},
+								],
+							});
+
+							customerId = stripeCustomer.id;
+						} catch (e: any) {
+							ctx.context.logger.error(e);
+							throw APIError.from(
+								"BAD_REQUEST",
+								STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
+							);
+						}
+					}
+				}
+			} else {
+				// User subscription - get customer ID from user
+				customerId =
+					subscriptionToUpdate?.stripeCustomerId || user.stripeCustomerId;
+				if (!customerId) {
+					try {
+						// Try to find existing user Stripe customer by email
+						const existingCustomers = await client.customers.search({
+							query: `email:"${escapeStripeSearchValue(user.email)}" AND -metadata["customerType"]:"organization"`,
+							limit: 1,
+						});
+
+						let stripeCustomer = existingCustomers.data[0];
+
+						if (!stripeCustomer) {
+							stripeCustomer = await client.customers.create({
+								email: user.email,
+								name: user.name,
+								metadata: {
+									...ctx.body.metadata,
+									userId: user.id,
+									customerType: "user",
+								},
+							});
+						}
+
+						// Update local DB with Stripe customer ID
+						await ctx.context.adapter.update({
+							model: "user",
+							update: {
+								stripeCustomerId: stripeCustomer.id,
+							},
+							where: [
+								{
+									field: "id",
+									value: user.id,
+								},
+							],
+						});
+
+						customerId = stripeCustomer.id;
+					} catch (e: any) {
+						ctx.context.logger.error(e);
+						throw APIError.from(
+							"BAD_REQUEST",
+							STRIPE_ERROR_CODES.UNABLE_TO_CREATE_CUSTOMER,
+						);
+					}
 				}
 			}
 
@@ -266,7 +456,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						where: [
 							{
 								field: "referenceId",
-								value: ctx.body.referenceId || user.id,
+								value: referenceId,
 							},
 						],
 					});
@@ -330,7 +520,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 
 				// If no database record exists for this Stripe subscription, update the existing one
 				if (!dbSubscription && activeOrTrialingSubscription) {
-					await ctx.context.adapter.update<InputSubscription>({
+					await ctx.context.adapter.update<Subscription>({
 						model: "subscription",
 						update: {
 							stripeSubscriptionId: activeSubscription.id,
@@ -412,7 +602,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 				activeOrTrialingSubscription || incompleteSubscription;
 
 			if (incompleteSubscription && !activeOrTrialingSubscription) {
-				const updated = await ctx.context.adapter.update<InputSubscription>({
+				const updated = await ctx.context.adapter.update<Subscription>({
 					model: "subscription",
 					update: {
 						plan: plan.name.toLowerCase(),
@@ -430,10 +620,7 @@ export const upgradeSubscription = (options: StripeOptions) => {
 			}
 
 			if (!subscription) {
-				subscription = await ctx.context.adapter.create<
-					InputSubscription,
-					Subscription
-				>({
+				subscription = await ctx.context.adapter.create<Subscription>({
 					model: "subscription",
 					data: {
 						plan: plan.name.toLowerCase(),
@@ -447,7 +634,10 @@ export const upgradeSubscription = (options: StripeOptions) => {
 
 			if (!subscription) {
 				ctx.context.logger.error("Subscription ID not found");
-				throw new APIError("INTERNAL_SERVER_ERROR");
+				throw APIError.from(
+					"NOT_FOUND",
+					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
+				);
 			}
 
 			const params = await subscriptionOptions.getCheckoutSessionParams?.(
@@ -504,13 +694,13 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						...(customerId
 							? {
 									customer: customerId,
-									customer_update: {
-										name: "auto",
-										address: "auto",
-									},
+									customer_update:
+										customerType !== "user"
+											? ({ address: "auto" } as const)
+											: ({ name: "auto", address: "auto" } as const), // The customer name is automatically set only for users
 								}
 							: {
-									customer_email: session.user.email,
+									customer_email: user.email,
 								}),
 						success_url: getUrl(
 							ctx,
@@ -529,15 +719,23 @@ export const upgradeSubscription = (options: StripeOptions) => {
 						],
 						subscription_data: {
 							...freeTrial,
+							metadata: {
+								...ctx.body.metadata,
+								...params?.params?.subscription_data?.metadata,
+								userId: user.id,
+								subscriptionId: subscription.id,
+								referenceId,
+							},
 						},
 						mode: "subscription",
 						client_reference_id: referenceId,
 						...params?.params,
 						metadata: {
+							...ctx.body.metadata,
+							...params?.params?.metadata,
 							userId: user.id,
 							subscriptionId: subscription.id,
 							referenceId,
-							...params?.params?.metadata,
 						},
 					},
 					params?.options,
@@ -579,9 +777,7 @@ export const cancelSubscriptionCallback = (options: StripeOptions) => {
 			if (!ctx.query || !ctx.query.callbackURL || !ctx.query.subscriptionId) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const session = await getSessionFromCtx<{ stripeCustomerId: string }>(
-				ctx,
-			);
+			const session = await getSessionFromCtx<User & WithStripeCustomerId>(ctx);
 			if (!session) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
@@ -673,6 +869,18 @@ const cancelSubscriptionBodySchema = z.object({
 				"The Stripe subscription ID to cancel. Eg: 'sub_1ABC2DEF3GHI4JKL'",
 		})
 		.optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 	returnUrl: z.string().meta({
 		description:
 			'URL to take customers to when they click on the billing portal\'s link to return to your website. Eg: "/account"',
@@ -718,13 +926,17 @@ export const cancelSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
-				originCheck((ctx) => ctx.body.returnUrl),
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "cancel-subscription"),
+				originCheck((ctx) => ctx.body.returnUrl),
 			],
 		},
 		async (ctx) => {
-			const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			let subscription = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
 						model: "subscription",
@@ -863,6 +1075,18 @@ const restoreSubscriptionBodySchema = z.object({
 				"The Stripe subscription ID to restore. Eg: 'sub_1ABC2DEF3GHI4JKL'",
 		})
 		.optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 });
 
 export const restoreSubscription = (options: StripeOptions) => {
@@ -879,12 +1103,15 @@ export const restoreSubscription = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "restore-subscription"),
 			],
 		},
 		async (ctx) => {
-			const referenceId = ctx.body?.referenceId || ctx.context.session.user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
 
 			let subscription = ctx.body.subscriptionId
 				? await ctx.context.adapter.findOne<Subscription>({
@@ -920,10 +1147,7 @@ export const restoreSubscription = (options: StripeOptions) => {
 					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_FOUND,
 				);
 			}
-			if (
-				subscription.status != "active" &&
-				subscription.status != "trialing"
-			) {
+			if (!isActiveOrTrialing(subscription)) {
 				throw APIError.from(
 					"BAD_REQUEST",
 					STRIPE_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE,
@@ -995,6 +1219,18 @@ const listActiveSubscriptionsQuerySchema = z.optional(
 				description: "Reference id of the subscription to list. Eg: '123'",
 			})
 			.optional(),
+		/**
+		 * Customer type for the subscription.
+		 * - `user`: User owns the subscription (default)
+		 * - `organization`: Organization owns the subscription
+		 */
+		customerType: z
+			.enum(["user", "organization"])
+			.meta({
+				description:
+					'Customer type for the subscription. Eg: "user" or "organization"',
+			})
+			.optional(),
 	}),
 );
 /**
@@ -1025,17 +1261,22 @@ export const listActiveSubscriptions = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "list-subscription"),
 			],
 		},
 		async (ctx) => {
+			const customerType = ctx.query?.customerType || "user";
+			const referenceId =
+				ctx.query?.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
+
 			const subscriptions = await ctx.context.adapter.findMany<Subscription>({
 				model: "subscription",
 				where: [
 					{
 						field: "referenceId",
-						value: ctx.query?.referenceId || ctx.context.session.user.id,
+						value: referenceId,
 					},
 				],
 			});
@@ -1083,14 +1324,12 @@ export const subscriptionSuccess = (options: StripeOptions) => {
 			if (!ctx.query || !ctx.query.callbackURL || !ctx.query.subscriptionId) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const session = await getSessionFromCtx<{ stripeCustomerId: string }>(
-				ctx,
-			);
+			const { callbackURL, subscriptionId } = ctx.query;
+
+			const session = await getSessionFromCtx<User & WithStripeCustomerId>(ctx);
 			if (!session) {
 				throw ctx.redirect(getUrl(ctx, ctx.query?.callbackURL || "/"));
 			}
-			const { user } = session;
-			const { callbackURL, subscriptionId } = ctx.query;
 
 			const subscription = await ctx.context.adapter.findOne<Subscription>({
 				model: "subscription",
@@ -1101,81 +1340,89 @@ export const subscriptionSuccess = (options: StripeOptions) => {
 					},
 				],
 			});
-
-			if (
-				subscription?.status === "active" ||
-				subscription?.status === "trialing"
-			) {
-				return ctx.redirect(getUrl(ctx, callbackURL));
+			if (!subscription) {
+				ctx.context.logger.warn(
+					`Subscription record not found for subscriptionId: ${subscriptionId}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
 			}
-			const customerId =
-				subscription?.stripeCustomerId || user.stripeCustomerId;
 
-			if (customerId) {
-				try {
-					const stripeSubscription = await client.subscriptions
-						.list({
-							customer: customerId,
-							status: "active",
-						})
-						.then((res) => res.data[0]);
+			// Already active or trialing, no need to update
+			if (isActiveOrTrialing(subscription)) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
 
-					if (stripeSubscription) {
-						const plan = await getPlanByPriceInfo(
-							options,
-							stripeSubscription.items.data[0]?.price.id!,
-							stripeSubscription.items.data[0]?.price.lookup_key!,
-						);
+			const customerId =
+				subscription.stripeCustomerId || session.user.stripeCustomerId;
+			if (!customerId) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
 
-						if (plan && subscription) {
-							await ctx.context.adapter.update({
-								model: "subscription",
-								update: {
-									status: stripeSubscription.status,
-									seats: stripeSubscription.items.data[0]?.quantity || 1,
-									plan: plan.name.toLowerCase(),
-									periodEnd: new Date(
-										stripeSubscription.items.data[0]?.current_period_end! *
-											1000,
-									),
-									periodStart: new Date(
-										stripeSubscription.items.data[0]?.current_period_start! *
-											1000,
-									),
-									stripeSubscriptionId: stripeSubscription.id,
-									cancelAtPeriodEnd: stripeSubscription.cancel_at_period_end,
-									cancelAt: stripeSubscription.cancel_at
-										? new Date(stripeSubscription.cancel_at * 1000)
-										: null,
-									canceledAt: stripeSubscription.canceled_at
-										? new Date(stripeSubscription.canceled_at * 1000)
-										: null,
-									...(stripeSubscription.trial_start &&
-									stripeSubscription.trial_end
-										? {
-												trialStart: new Date(
-													stripeSubscription.trial_start * 1000,
-												),
-												trialEnd: new Date(stripeSubscription.trial_end * 1000),
-											}
-										: {}),
-								},
-								where: [
-									{
-										field: "id",
-										value: subscription.id,
-									},
-								],
-							});
-						}
-					}
-				} catch (error) {
+			const stripeSubscription = await client.subscriptions
+				.list({ customer: customerId, status: "active" })
+				.then((res) => res.data[0])
+				.catch((error) => {
 					ctx.context.logger.error(
 						"Error fetching subscription from Stripe",
 						error,
 					);
-				}
+					throw ctx.redirect(getUrl(ctx, callbackURL));
+				});
+			if (!stripeSubscription) {
+				throw ctx.redirect(getUrl(ctx, callbackURL));
 			}
+
+			const subscriptionItem = stripeSubscription.items.data[0];
+			if (!subscriptionItem) {
+				ctx.context.logger.warn(
+					`No subscription items found for Stripe subscription ${stripeSubscription.id}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
+
+			const plan = await getPlanByPriceInfo(
+				options,
+				subscriptionItem.price.id,
+				subscriptionItem.price.lookup_key,
+			);
+			if (!plan) {
+				ctx.context.logger.warn(
+					`Plan not found for price ${subscriptionItem.price.id}`,
+				);
+				throw ctx.redirect(getUrl(ctx, callbackURL));
+			}
+
+			await ctx.context.adapter.update({
+				model: "subscription",
+				update: {
+					status: stripeSubscription.status,
+					seats: subscriptionItem.quantity || 1,
+					plan: plan.name.toLowerCase(),
+					periodEnd: new Date(subscriptionItem.current_period_end * 1000),
+					periodStart: new Date(subscriptionItem.current_period_start * 1000),
+					stripeSubscriptionId: stripeSubscription.id,
+					cancelAtPeriodEnd: stripeSubscription.cancel_at_period_end,
+					cancelAt: stripeSubscription.cancel_at
+						? new Date(stripeSubscription.cancel_at * 1000)
+						: null,
+					canceledAt: stripeSubscription.canceled_at
+						? new Date(stripeSubscription.canceled_at * 1000)
+						: null,
+					...(stripeSubscription.trial_start && stripeSubscription.trial_end
+						? {
+								trialStart: new Date(stripeSubscription.trial_start * 1000),
+								trialEnd: new Date(stripeSubscription.trial_end * 1000),
+							}
+						: {}),
+				},
+				where: [
+					{
+						field: "id",
+						value: subscription.id,
+					},
+				],
+			});
+
 			throw ctx.redirect(getUrl(ctx, callbackURL));
 		},
 	);
@@ -1188,6 +1435,18 @@ const createBillingPortalBodySchema = z.object({
 		})
 		.optional(),
 	referenceId: z.string().optional(),
+	/**
+	 * Customer type for the subscription.
+	 * - `user`: User owns the subscription (default)
+	 * - `organization`: Organization owns the subscription
+	 */
+	customerType: z
+		.enum(["user", "organization"])
+		.meta({
+			description:
+				'Customer type for the subscription. Eg: "user" or "organization"',
+		})
+		.optional(),
 	returnUrl: z.string().default("/"),
 	/**
 	 * Disable Redirect
@@ -1215,37 +1474,61 @@ export const createBillingPortal = (options: StripeOptions) => {
 				},
 			},
 			use: [
-				sessionMiddleware,
-				originCheck((ctx) => ctx.body.returnUrl),
+				stripeSessionMiddleware,
 				referenceMiddleware(subscriptionOptions, "billing-portal"),
+				originCheck((ctx) => ctx.body.returnUrl),
 			],
 		},
 		async (ctx) => {
 			const { user } = ctx.context.session;
-			const referenceId = ctx.body.referenceId || user.id;
+			const customerType = ctx.body.customerType || "user";
+			const referenceId =
+				ctx.body.referenceId ||
+				getReferenceId(ctx.context.session, customerType, options);
 
-			let customerId = user.stripeCustomerId;
+			let customerId: string | undefined;
 
-			if (!customerId) {
-				const subscription = await ctx.context.adapter
-					.findMany<Subscription>({
-						model: "subscription",
-						where: [
-							{
-								field: "referenceId",
-								value: referenceId,
-							},
-						],
-					})
-					.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
+			if (customerType === "organization") {
+				// Organization billing portal - get customer ID from organization
+				const org = await ctx.context.adapter.findOne<
+					Organization & WithStripeCustomerId
+				>({
+					model: "organization",
+					where: [{ field: "id", value: referenceId }],
+				});
+				customerId = org?.stripeCustomerId;
 
-				customerId = subscription?.stripeCustomerId;
-			}
+				if (!customerId) {
+					// Fallback to subscription's stripeCustomerId
+					const subscription = await ctx.context.adapter
+						.findMany<Subscription>({
+							model: "subscription",
+							where: [{ field: "referenceId", value: referenceId }],
+						})
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
+					customerId = subscription?.stripeCustomerId;
+				}
+			} else {
+				// User billing portal
+				customerId = user.stripeCustomerId;
+				if (!customerId) {
+					const subscription = await ctx.context.adapter
+						.findMany<Subscription>({
+							model: "subscription",
+							where: [
+								{
+									field: "referenceId",
+									value: referenceId,
+								},
+							],
+						})
+						.then((subs) => subs.find((sub) => isActiveOrTrialing(sub)));
 
+					customerId = subscription?.stripeCustomerId;
+				}
+			}
 			if (!customerId) {
-				throw new APIError("BAD_REQUEST", {
-					message: "No Stripe customer found for this user",
-				});
+				throw APIError.from("NOT_FOUND", STRIPE_ERROR_CODES.CUSTOMER_NOT_FOUND);
 			}
 
 			try {
@@ -1264,9 +1547,10 @@ export const createBillingPortal = (options: StripeOptions) => {
 					"Error creating billing portal session",
 					error,
 				);
-				throw new APIError("BAD_REQUEST", {
-					message: error.message,
-				});
+				throw APIError.from(
+					"INTERNAL_SERVER_ERROR",
+					STRIPE_ERROR_CODES.UNABLE_TO_CREATE_BILLING_PORTAL,
+				);
 			}
 		},
 	);
@@ -1285,45 +1569,60 @@ export const stripeWebhook = (options: StripeOptions) => {
 				},
 			},
 			cloneRequest: true,
-			//don't parse the body
-			disableBody: true,
+			disableBody: true, // Don't parse the body
 		},
 		async (ctx) => {
 			if (!ctx.request?.body) {
-				throw new APIError("INTERNAL_SERVER_ERROR");
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.INVALID_REQUEST_BODY,
+				);
 			}
-			const buf = await ctx.request.text();
-			const sig = ctx.request.headers.get("stripe-signature") as string;
+
+			const sig = ctx.request.headers.get("stripe-signature");
+			if (!sig) {
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.STRIPE_SIGNATURE_NOT_FOUND,
+				);
+			}
+
 			const webhookSecret = options.stripeWebhookSecret;
+			if (!webhookSecret) {
+				throw APIError.from(
+					"INTERNAL_SERVER_ERROR",
+					STRIPE_ERROR_CODES.STRIPE_WEBHOOK_SECRET_NOT_FOUND,
+				);
+			}
+
+			const payload = await ctx.request.text();
+
 			let event: Stripe.Event;
 			try {
-				if (!sig || !webhookSecret) {
-					throw new APIError("BAD_REQUEST", {
-						message: "Stripe webhook secret not found",
-					});
-				}
 				// Support both Stripe v18 (constructEvent) and v19+ (constructEventAsync)
 				if (typeof client.webhooks.constructEventAsync === "function") {
 					// Stripe v19+ - use async method
 					event = await client.webhooks.constructEventAsync(
-						buf,
+						payload,
 						sig,
 						webhookSecret,
 					);
 				} else {
 					// Stripe v18 - use sync method
-					event = client.webhooks.constructEvent(buf, sig, webhookSecret);
+					event = client.webhooks.constructEvent(payload, sig, webhookSecret);
 				}
 			} catch (err: any) {
 				ctx.context.logger.error(`${err.message}`);
-				throw new APIError("BAD_REQUEST", {
-					message: `Webhook Error: ${err.message}`,
-				});
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT,
+				);
 			}
 			if (!event) {
-				throw new APIError("BAD_REQUEST", {
-					message: "Failed to construct event",
-				});
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.FAILED_TO_CONSTRUCT_STRIPE_EVENT,
+				);
 			}
 			try {
 				switch (event.type) {
@@ -1349,33 +1648,12 @@ export const stripeWebhook = (options: StripeOptions) => {
 				}
 			} catch (e: any) {
 				ctx.context.logger.error(`Stripe webhook failed. Error: ${e.message}`);
-				throw new APIError("BAD_REQUEST", {
-					message: "Webhook error: See server logs for more information.",
-				});
+				throw APIError.from(
+					"BAD_REQUEST",
+					STRIPE_ERROR_CODES.STRIPE_WEBHOOK_ERROR,
+				);
 			}
 			return ctx.json({ success: true });
 		},
 	);
 };
-
-const getUrl = (ctx: GenericEndpointContext, url: string) => {
-	if (/^[a-zA-Z][a-zA-Z0-9+\-.]*:/.test(url)) {
-		return url;
-	}
-	return `${ctx.context.options.baseURL}${
-		url.startsWith("/") ? url : `/${url}`
-	}`;
-};
-
-async function resolvePriceIdFromLookupKey(
-	stripeClient: Stripe,
-	lookupKey: string,
-): Promise<string | undefined> {
-	if (!lookupKey) return undefined;
-	const prices = await stripeClient.prices.list({
-		lookup_keys: [lookupKey],
-		active: true,
-		limit: 1,
-	});
-	return prices.data[0]?.id;
-}