@lastbrain/module-auth 2.0.27 → 2.0.31

package/dist/api/public/callback.js

@@ -0,0 +1,197 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServerClient, getSupabaseServiceClient, } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+import { sendWelcomeOnboardingEmail, sendNewUserNotificationToAdmin, } from "../../lib/auth-email-service";
+export async function GET(request) {
+    const { searchParams } = new URL(request.url);
+    const code = searchParams.get("code");
+    const next = searchParams.get("next") ?? "/";
+    const error = searchParams.get("error");
+    const errorDescription = searchParams.get("error_description");
+    // If there's an error from Supabase, redirect to error page
+    if (error) {
+        logger.error("Auth callback error:", error, errorDescription);
+        return NextResponse.redirect(new URL(`/auth-code-error?error=${encodeURIComponent(error)}&description=${encodeURIComponent(errorDescription || "")}`, request.url));
+    }
+    // If we have a code, exchange it server-side for a session
+    if (code) {
+        try {
+            // Get Supabase server client with proper cookie handlers
+            const supabase = await getSupabaseServerClient();
+            // Exchange code for session - cookies are set automatically via @supabase/ssr
+            const { data, error: exchangeError } = await supabase.auth.exchangeCodeForSession(code);
+            if (exchangeError || !data?.session) {
+                logger.error("Code exchange failed:", exchangeError);
+                return NextResponse.redirect(new URL(`/auth-code-error?error=${encodeURIComponent(exchangeError?.message || "Failed to exchange code for session")}`, request.url));
+            }
+            logger.debug("✅ Session established successfully for user:", data.user?.email);
+            // Add welcome bonus when email is confirmed
+            if (data.user?.id) {
+                try {
+                    // Check if welcome bonus is enabled via env var
+                    const ENABLE_SIGNUP_BONUS = process.env.NEXT_PUBLIC_ENABLE_SIGNUP_BONUS === "true";
+                    const SIGNUP_BONUS_AMOUNT_USD = parseFloat(process.env.NEXT_PUBLIC_SIGNUP_BONUS_AMOUNT_USD || "1.0");
+                    logger.debug(`[callback] Signup bonus config - enabled: ${ENABLE_SIGNUP_BONUS}, amount: ${SIGNUP_BONUS_AMOUNT_USD}`);
+                    if (!ENABLE_SIGNUP_BONUS) {
+                        logger.debug("Signup bonus disabled via NEXT_PUBLIC_ENABLE_SIGNUP_BONUS");
+                    }
+                    else {
+                        const serviceClient = await getSupabaseServiceClient();
+                        // Check if we already added bonus for this user
+                        const { data: existingBonus } = await serviceClient
+                            .from("user_token_ledger")
+                            .select("id")
+                            .eq("owner_id", data.user.id)
+                            .eq("type", "signup_bonus")
+                            .single();
+                        logger.debug(`[callback] Existing bonus check for user ${data.user.id}:`, existingBonus ? "Already exists" : "Not found");
+                        // Only add bonus if not already added
+                        if (!existingBonus) {
+                            // Add welcome bonus using wallet system
+                            const MARGIN_TARGET = 0.6;
+                            const providerBudgetUsd = SIGNUP_BONUS_AMOUNT_USD * (1 - MARGIN_TARGET); // 40%
+                            logger.debug(`[callback] Inserting bonus for user ${data.user.id}: sell=$${SIGNUP_BONUS_AMOUNT_USD}, provider=$${providerBudgetUsd}`);
+                            // Insert into ledger with USD values
+                            const { error: ledgerError } = await serviceClient
+                                .from("user_token_ledger")
+                                .insert({
+                                owner_id: data.user.id,
+                                type: "signup_bonus",
+                                amount: 0, // Tokens deprecated
+                                sell_value_added_usd: SIGNUP_BONUS_AMOUNT_USD,
+                                provider_budget_added_usd: providerBudgetUsd,
+                                meta: {
+                                    reason: "signup_welcome_bonus",
+                                    provider: "system",
+                                },
+                                created_by: null,
+                            });
+                            if (ledgerError) {
+                                logger.error("[callback] Error adding welcome bonus to ledger:", ledgerError);
+                            }
+                            else {
+                                logger.debug(`[callback] ✅ Bonus inserted in ledger for user ${data.user.id}`);
+                                // Update wallet table
+                                const { data: currentWallet } = await serviceClient
+                                    .from("user_token_wallet")
+                                    .select("wallet_provider_budget_usd, wallet_sell_value_usd")
+                                    .eq("user_id", data.user.id)
+                                    .single();
+                                const newProviderBudget = (currentWallet?.wallet_provider_budget_usd || 0) +
+                                    providerBudgetUsd;
+                                const newSellValue = (currentWallet?.wallet_sell_value_usd || 0) +
+                                    SIGNUP_BONUS_AMOUNT_USD;
+                                const { error: walletError } = await serviceClient
+                                    .from("user_token_wallet")
+                                    .upsert({
+                                    user_id: data.user.id,
+                                    wallet_provider_budget_usd: newProviderBudget,
+                                    wallet_sell_value_usd: newSellValue,
+                                    updated_at: new Date().toISOString(),
+                                }, {
+                                    onConflict: "user_id",
+                                });
+                                if (walletError) {
+                                    logger.error("Error updating wallet for welcome bonus:", walletError);
+                                }
+                                else {
+                                    logger.debug(`✅ Added $${SIGNUP_BONUS_AMOUNT_USD} welcome bonus to user ${data.user.id}`);
+                                }
+                            }
+                        }
+                        // Extract locale from user metadata or default to 'en'
+                        const locale = data.user.user_metadata?.locale || "en";
+                        logger.debug(`[callback] User locale detected: ${locale} (from metadata: ${data.user.user_metadata?.locale || "not set"})`);
+                        // Add welcome notifications
+                        const notifications = [
+                            {
+                                title: locale === "fr" ? "Bienvenue ! 👋" : "Welcome! 👋",
+                                body: locale === "fr"
+                                    ? "Merci de vous être inscrit ! Explorez toutes les fonctionnalités disponibles."
+                                    : "Thank you for signing up! Explore all available features.",
+                                type: "primary",
+                            },
+                        ];
+                        // Add signup bonus notification only if enabled
+                        if (ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0) {
+                            notifications.push({
+                                title: locale === "fr"
+                                    ? `🎁 Cadeau de bienvenue : $${SIGNUP_BONUS_AMOUNT_USD}`
+                                    : `🎁 Welcome gift: $${SIGNUP_BONUS_AMOUNT_USD}`,
+                                body: locale === "fr"
+                                    ? `Nous vous offrons $${SIGNUP_BONUS_AMOUNT_USD} de crédit IA pour démarrer. Utilisez-les pour accéder à nos services premium.`
+                                    : `We're giving you $${SIGNUP_BONUS_AMOUNT_USD} AI credits to get started. Use them to access our premium services.`,
+                                type: "success",
+                            });
+                        }
+                        for (const notification of notifications) {
+                            const { error: notifError } = await serviceClient
+                                .from("user_notifications")
+                                .insert({
+                                owner_id: data.user.id,
+                                title: notification.title,
+                                body: notification.body,
+                                type: notification.type,
+                            });
+                            if (notifError) {
+                                logger.error("[callback] Error creating welcome notification:", notifError);
+                            }
+                            else {
+                                logger.debug(`[callback] ✅ Notification created: ${notification.title}`);
+                            }
+                        }
+                        logger.debug(`✅ Created welcome notifications for user ${data.user.id}`);
+                        // Send welcome onboarding email with bonus amount if enabled
+                        try {
+                            await sendWelcomeOnboardingEmail({
+                                email: data.user.email || "",
+                                displayName: data.user.user_metadata?.full_name || "user",
+                                locale,
+                                ownerId: data.user.id,
+                                bonusAmountUsd: ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0
+                                    ? SIGNUP_BONUS_AMOUNT_USD
+                                    : undefined,
+                            });
+                            logger.debug(`📧 Sent welcome onboarding email to ${data.user.email}`);
+                        }
+                        catch (emailError) {
+                            logger.warn("Failed to send welcome email (non-blocking):", emailError);
+                            // Don't fail the response if email fails
+                        }
+                        // Send notification to admin about new user signup
+                        try {
+                            await sendNewUserNotificationToAdmin({
+                                userEmail: data.user.email || "",
+                                displayName: data.user.user_metadata?.full_name || undefined,
+                                userId: data.user.id,
+                                locale,
+                                bonusAmountUsd: ENABLE_SIGNUP_BONUS && SIGNUP_BONUS_AMOUNT_USD > 0
+                                    ? SIGNUP_BONUS_AMOUNT_USD
+                                    : undefined,
+                            });
+                            logger.debug(`📧 Sent admin notification for new user: ${data.user.email}`);
+                        }
+                        catch (adminEmailError) {
+                            logger.warn("Failed to send admin notification email (non-blocking):", adminEmailError);
+                            // Don't fail the response if admin email fails
+                        }
+                    }
+                }
+                catch (bonusError) {
+                    logger.error("Error adding welcome bonus (non-blocking):", bonusError);
+                    // Don't fail auth if bonus creation fails
+                }
+            }
+            // Success! Cookies have been set via the @supabase/ssr cookie handlers
+            // Redirect to destination
+            return NextResponse.redirect(new URL(next, request.url));
+        }
+        catch (err) {
+            logger.error("Unexpected callback error:", err);
+            return NextResponse.redirect(new URL(`/auth-code-error?error=${encodeURIComponent("Unexpected error during authentication")}`, request.url));
+        }
+    }
+    // No code or error, redirect to next or home
+    logger.warn("Auth callback called without code or error");
+    return NextResponse.redirect(new URL(next, request.url));
+}

package/dist/api/public/reset-password.d.ts

@@ -0,0 +1,3 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare function POST(request: NextRequest): Promise<NextResponse<any>>;
+//# sourceMappingURL=reset-password.d.ts.map

package/dist/api/public/reset-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reset-password.d.ts","sourceRoot":"","sources":["../../../src/api/public/reset-password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAsBxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,8BA6B9C"}

package/dist/api/public/reset-password.js

@@ -0,0 +1,43 @@
+import { NextResponse } from "next/server";
+import { sendPasswordResetEmail } from "../../lib/auth-email-service";
+import { logger } from "@lastbrain/core";
+import { resolveSiteUrl } from "../../lib/site-url";
+function extractLocaleFromRequest(request) {
+    // 1. Priorité : cookie NEXT_LOCALE
+    const localeCookie = request.cookies.get("NEXT_LOCALE")?.value;
+    if (localeCookie && /^[a-z]{2}$/.test(localeCookie)) {
+        return localeCookie;
+    }
+    // 2. Fallback : header accept-language
+    const lang = request.headers
+        .get("accept-language")
+        ?.split(",")?.[0]
+        ?.split("-")?.[0];
+    return lang === "fr" || lang === "en" ? lang : undefined;
+}
+const DEFAULT_LOCALE = "fr";
+export async function POST(request) {
+    try {
+        const locale = extractLocaleFromRequest(request);
+        const body = await request.json();
+        const { email, next } = body;
+        const resolvedLocale = locale || DEFAULT_LOCALE;
+        const baseRedirect = `${resolveSiteUrl(request)}/${resolvedLocale}/reset-password`;
+        const redirectTo = next
+            ? `${baseRedirect}?next=${encodeURIComponent(next)}`
+            : baseRedirect;
+        if (!email) {
+            return NextResponse.json({ error: "Email requis" }, { status: 400 });
+        }
+        logger.debug("[reset-password] computed redirectTo", { redirectTo, next });
+        await sendPasswordResetEmail({ email, locale, redirectTo, next });
+        const respBody = { message: "Lien de réinitialisation envoyé" };
+        if (process.env.NODE_ENV !== "production")
+            respBody.redirectTo = redirectTo;
+        return NextResponse.json(respBody);
+    }
+    catch (error) {
+        logger.error("reset-password error:", error);
+        return NextResponse.json({ error: "Impossible d'envoyer le lien de réinitialisation" }, { status: 500 });
+    }
+}

package/dist/api/public/set-session.d.ts

@@ -0,0 +1,7 @@
+import { NextRequest, NextResponse } from "next/server";
+export declare function POST(request: NextRequest): Promise<NextResponse<{
+    success: boolean;
+}> | NextResponse<{
+    error: any;
+}>>;
+//# sourceMappingURL=set-session.d.ts.map

package/dist/api/public/set-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"set-session.d.ts","sourceRoot":"","sources":["../../../src/api/public/set-session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAIxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;IAoE9C"}

package/dist/api/public/set-session.js

@@ -0,0 +1,55 @@
+import { NextResponse } from "next/server";
+import { getSupabaseServerClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+export async function POST(request) {
+    try {
+        const payload = await request.json().catch((e) => {
+            logger.error("[set-session] failed to parse body", e);
+            return {};
+        });
+        const { access_token, refresh_token } = payload;
+        logger.debug("[set-session] incoming payload", {
+            hasAccessToken: !!access_token,
+            hasRefreshToken: !!refresh_token,
+            url: request.url,
+            headers: {
+                host: request.headers.get("host"),
+                origin: request.headers.get("origin"),
+                referer: request.headers.get("referer"),
+            },
+        });
+        if (!access_token || !refresh_token) {
+            logger.warn("[set-session] missing tokens", { payload });
+            return NextResponse.json({ error: "Missing tokens" }, { status: 400 });
+        }
+        const supabase = await getSupabaseServerClient();
+        logger.debug("[set-session] calling supabase.auth.setSession");
+        const { data, error } = await supabase.auth
+            .setSession({
+            access_token,
+            refresh_token,
+        })
+            .catch((e) => {
+            logger.error("[set-session] supabase.setSession threw", e);
+            return { data: null, error: { message: String(e) } };
+        });
+        logger.debug("[set-session] supabase response", {
+            hasSession: !!data?.session,
+            userId: data?.session?.user?.id,
+            error: error?.message,
+        });
+        if (error || !data?.session) {
+            logger.warn("[set-session] failed to set session", { error });
+            return NextResponse.json({ error: error?.message || "Failed to set session" }, { status: 401 });
+        }
+        // Cookies are set by the Supabase SSR adapter inside setSession
+        logger.debug("[set-session] session set successfully for user", {
+            userId: data.session.user.id,
+        });
+        return NextResponse.json({ success: true });
+    }
+    catch (err) {
+        logger.error("[set-session] unexpected error", err);
+        return NextResponse.json({ error: err?.message || "Unexpected error" }, { status: 500 });
+    }
+}

package/dist/api/public/signin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signin.d.ts","sourceRoot":"","sources":["../../../src/api/public/signin.ts"],"names":[],"mappings":"AAWA,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,qBAmB1C"}
+{"version":3,"file":"signin.d.ts","sourceRoot":"","sources":["../../../src/api/public/signin.ts"],"names":[],"mappings":"AAWA,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,qBAuD1C"}

package/dist/api/public/signin.js

@@ -21,5 +21,36 @@ export async function POST(request) {
     if (error) {
         return jsonResponse({ error: error.message }, 400);
     }
+    // Si le client a envoyé un cookie NEXT_LOCALE, synchroniser côté serveur
+    // la préférence stockée en base (user_profil.language). Ne rien faire
+    // si le cookie n'existe pas.
+    try {
+        const cookieHeader = request.headers.get("cookie") || "";
+        const match = cookieHeader.match(/(?:^|; )NEXT_LOCALE=([^;]+)/);
+        const currentCookie = match ? decodeURIComponent(match[1]) : null;
+        if (currentCookie && data?.user?.id) {
+            const { data: profil, error: _profilErr } = await supabase
+                .from("user_profil")
+                .select("language")
+                .eq("user_id", data.user.id)
+                .maybeSingle();
+            const profileLang = profil?.language;
+            if (profileLang && profileLang !== currentCookie) {
+                const maxAge = 365 * 24 * 60 * 60; // 1 an
+                const cookieValue = `NEXT_LOCALE=${encodeURIComponent(profileLang)}; Path=/; Max-Age=${maxAge}; SameSite=Lax`;
+                return new Response(JSON.stringify({ data, updated: true }), {
+                    headers: {
+                        "content-type": "application/json",
+                        "set-cookie": cookieValue,
+                    },
+                    status: 200,
+                });
+            }
+        }
+    }
+    catch (e) {
+        // ne pas bloquer la connexion si la sync échoue
+        console.debug("signin: sync-locale failed", e);
+    }
     return jsonResponse({ data });
 }

package/dist/api/public/signup.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signup.d.ts","sourceRoot":"","sources":["../../../src/api/public/signup.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AASxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;;;IA4F9C"}
+{"version":3,"file":"signup.d.ts","sourceRoot":"","sources":["../../../src/api/public/signup.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAqBxD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW;;;;;;;IA0F9C"}

package/dist/api/public/signup.js

@@ -1,56 +1,67 @@
-import { getSupabaseServerClient, getSupabaseServiceClient, } from "@lastbrain/core/server";
+import { getSupabaseServiceClient } from "@lastbrain/core/server";
 import { NextResponse } from "next/server";
+import { sendSignupConfirmationEmail } from "../../lib/auth-email-service";
+import { logger } from "@lastbrain/core";
+import { resolveSiteUrl } from "../../lib/site-url";
+function extractLocale(request) {
+    const lang = request.headers
+        .get("accept-language")
+        ?.split(",")?.[0]
+        ?.split("-")?.[0];
+    return lang === "fr" || lang === "en" ? lang : undefined;
+}
 export async function POST(request) {
     try {
         const body = await request.json();
+        const locale = extractLocale(request);
         const defaultSource = process.env.APP_NAME || "undefined";
-        console.log("🚀 ~ POST ~ defaultSource:", defaultSource);
         const { email, password, fullName, signupSource = defaultSource } = body;
         // Validate required fields
         if (!email || !password) {
             return NextResponse.json({ error: "Email et mot de passe requis." }, { status: 400 });
         }
-        // Get Supabase client for authentication
-        const supabase = await getSupabaseServerClient();
-        // Sign up the user
-        const { data: authData, error: signUpError } = await supabase.auth.signUp({
-            email,
-            password,
-            options: {
-                emailRedirectTo: `${request.nextUrl.origin}/api/auth/callback`,
-                data: {
-                    full_name: fullName,
-                    signup_source: signupSource,
-                },
-            },
-        });
-        if (signUpError) {
-            return NextResponse.json({ error: signUpError.message }, { status: 400 });
+        // Générer le lien d'inscription + envoyer l'email via module-contact-pro
+        let user;
+        try {
+            user = await sendSignupConfirmationEmail({
+                email,
+                password,
+                locale,
+                fullName,
+                signupSource,
+                // Use client-side confirm page so Supabase can return hash tokens
+                // and the client `ConfirmPage` will set the session and add welcome bonus.
+                redirectTo: `${resolveSiteUrl(request)}/confirm`,
+                next: body.next,
+            });
         }
-        if (!authData.user) {
-            return NextResponse.json({ error: "Erreur lors de la création du compte" }, { status: 500 });
+        catch (emailError) {
+            // Handle Supabase auth errors
+            if (emailError?.status === 422 && emailError?.code === "email_exists") {
+                return NextResponse.json({ error: "Cet email est déjà utilisé." }, { status: 409 });
+            }
+            throw emailError;
         }
-        // Create user profile with signup_source
         const serviceClient = await getSupabaseServiceClient();
         // Check if profile already exists
         const { data: existingProfile } = await serviceClient
             .from("user_profil")
             .select("owner_id")
-            .eq("owner_id", authData.user.id)
+            .eq("owner_id", user?.id)
             .single();
         // Only create profile if it doesn't exist
         if (!existingProfile) {
             const { error: profileError } = await serviceClient
                 .from("user_profil")
                 .insert({
-                owner_id: authData.user.id,
+                owner_id: user?.id,
                 first_name: fullName?.split(" ")[0] || "",
                 last_name: fullName?.split(" ").slice(1).join(" ") || "",
                 signup_source: signupSource,
                 preferences: {},
             });
             if (profileError) {
-                console.error("Error creating user profile:", profileError);
+                logger.error("Error creating user profile:", profileError);
                 return NextResponse.json({
                     error: "Compte créé mais profil non configuré",
                     message: profileError.message,
@@ -59,13 +70,13 @@ export async function POST(request) {
         }
         return NextResponse.json({
             data: {
-                user: authData.user,
-                message: "Compte créé avec succès",
+                user,
+                message: "Compte créé avec succès. Vérifiez vos emails pour confirmer votre compte.",
             },
         }, { status: 201 });
     }
     catch (error) {
-        console.error("Signup error:", error);
+        logger.error("Signup error:", error);
         return NextResponse.json({ error: "Erreur interne du serveur" }, { status: 500 });
     }
 }

package/dist/api/public/webhook/storage-addon.d.ts

@@ -0,0 +1,9 @@
+/**
+ * POST /api/auth/webhook/storage-addon
+ * Webhook handler for storage addon subscription events
+ * Called by module-billing-pro when a storage addon subscription item is updated
+ */
+export declare const runtime = "nodejs";
+export declare const dynamic = "force-dynamic";
+export declare function POST(request: Request): Promise<Response>;
+//# sourceMappingURL=storage-addon.d.ts.map

package/dist/api/public/webhook/storage-addon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage-addon.d.ts","sourceRoot":"","sources":["../../../../src/api/public/webhook/storage-addon.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,eAAO,MAAM,OAAO,WAAW,CAAC;AAChC,eAAO,MAAM,OAAO,kBAAkB,CAAC;AAevC,wBAAsB,IAAI,CAAC,OAAO,EAAE,OAAO,qBAgP1C"}

package/dist/api/public/webhook/storage-addon.js

@@ -0,0 +1,155 @@
+/**
+ * POST /api/auth/webhook/storage-addon
+ * Webhook handler for storage addon subscription events
+ * Called by module-billing-pro when a storage addon subscription item is updated
+ */
+import { getSupabaseServiceClient } from "@lastbrain/core/server";
+import { logger } from "@lastbrain/core";
+// Runtime config
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+export async function POST(request) {
+    try {
+        const body = await request.json();
+        const { eventType, owner_id, addon_key, stripe_subscription_id, stripe_subscription_item_id, stripe_customer_id, quantity = 1, status, current_period_start, current_period_end, } = body;
+        logger.debug(`[Storage Addon Webhook] Processing ${eventType} for user ${owner_id}, addon ${addon_key}`);
+        if (!owner_id ||
+            !addon_key ||
+            !stripe_subscription_id ||
+            !stripe_subscription_item_id) {
+            logger.warn("[Storage Addon Webhook] Missing required fields in payload");
+            return Response.json({ received: true }, { status: 200 });
+        }
+        const supabase = await getSupabaseServiceClient();
+        // Find the addon by key
+        const { data: addon, error: addonError } = await supabase
+            .from("global_addons")
+            .select("id")
+            .eq("addon_key", addon_key)
+            .eq("addon_type", "storage")
+            .eq("is_active", true)
+            .single();
+        if (addonError || !addon) {
+            logger.warn(`[Storage Addon Webhook] Addon not found for key: ${addon_key}`);
+            return Response.json({ received: true }, { status: 200 });
+        }
+        // Handle different event types
+        switch (eventType) {
+            case "addon.created":
+            case "addon.updated": {
+                // Upsert user addon activation
+                // Use owner_id + addon_id as the unique key (one addon type per user)
+                // When a subscription is canceled and recreated, we update the same record with new stripe IDs
+                const { error: upsertError } = await supabase
+                    .from("user_global_addons")
+                    .upsert({
+                    owner_id,
+                    addon_id: addon.id,
+                    quantity,
+                    status,
+                    current_period_start,
+                    current_period_end,
+                    stripe_customer_id,
+                    stripe_subscription_id,
+                    stripe_subscription_item_id,
+                    updated_at: new Date().toISOString(),
+                }, {
+                    // Use owner_id + addon_id as the unique key for idempotency
+                    // This ensures one addon per user, even if subscription is recreated
+                    onConflict: "owner_id,addon_id",
+                });
+                if (upsertError) {
+                    logger.error("[Storage Addon Webhook] Error upserting addon:", upsertError);
+                    return Response.json({ error: "Failed to update storage addon" }, { status: 500 });
+                }
+                logger.debug(`[Storage Addon Webhook] Storage addon ${addon_key} ${eventType} for user ${owner_id}: status=${status}, quantity=${quantity}`);
+                // Update user_profil.stockage to reflect total (optional, since get_user_limits calculates dynamically)
+                // We'll keep this for backward compatibility with existing code
+                try {
+                    const limitsResult = await supabase.rpc("get_user_limits", {
+                        owner_id_param: owner_id,
+                    });
+                    logger.debug(`[Storage Addon Webhook] get_user_limits raw result:`, JSON.stringify(limitsResult, null, 2));
+                    if (limitsResult.error) {
+                        logger.error(`[Storage Addon Webhook] get_user_limits error:`, limitsResult.error);
+                    }
+                    if (limitsResult.data) {
+                        // Supabase RPC returns JSON as string, need to parse if string
+                        const limitsData = typeof limitsResult.data === "string"
+                            ? JSON.parse(limitsResult.data)
+                            : limitsResult.data;
+                        logger.debug(`[Storage Addon Webhook] Parsed limits data:`, limitsData);
+                        const totalStorageGb = limitsData.storage_quota_gb;
+                        logger.debug(`[Storage Addon Webhook] Extracted storage_quota_gb: ${totalStorageGb}`);
+                        // Update user_profil with new total
+                        await supabase.from("user_profil").upsert({
+                            owner_id,
+                            stockage: totalStorageGb,
+                            updated_at: new Date().toISOString(),
+                        }, {
+                            onConflict: "owner_id",
+                        });
+                        logger.debug(`[Storage Addon Webhook] Updated user_profil.stockage to ${totalStorageGb} GB for user ${owner_id}`);
+                    }
+                    else {
+                        logger.warn(`[Storage Addon Webhook] get_user_limits returned no data for user ${owner_id}`);
+                    }
+                }
+                catch (error) {
+                    logger.error("[Storage Addon Webhook] Error updating user_profil.stockage:", error);
+                    // Don't fail - the addon is still recorded
+                }
+                break;
+            }
+            case "addon.deleted":
+            case "addon.canceled": {
+                // Mark addon as canceled but keep for period_end grace
+                const { error: cancelError } = await supabase
+                    .from("user_global_addons")
+                    .update({
+                    status: "canceled",
+                    updated_at: new Date().toISOString(),
+                })
+                    .eq("stripe_subscription_item_id", stripe_subscription_item_id);
+                if (cancelError) {
+                    logger.error("[Storage Addon Webhook] Error canceling addon:", cancelError);
+                    return Response.json({ error: "Failed to cancel storage addon" }, { status: 500 });
+                }
+                logger.debug(`[Storage Addon Webhook] Storage addon ${addon_key} canceled for user ${owner_id}`);
+                // Recalculate total storage
+                try {
+                    const limitsResult = await supabase.rpc("get_user_limits", {
+                        owner_id_param: owner_id,
+                    });
+                    if (limitsResult.data) {
+                        const limitsData = typeof limitsResult.data === "string"
+                            ? JSON.parse(limitsResult.data)
+                            : limitsResult.data;
+                        const totalStorageGb = limitsData.storage_quota_gb;
+                        await supabase.from("user_profil").upsert({
+                            owner_id,
+                            stockage: totalStorageGb,
+                            updated_at: new Date().toISOString(),
+                        }, {
+                            onConflict: "owner_id",
+                        });
+                        logger.debug(`[Storage Addon Webhook] Recalculated user_profil.stockage to ${totalStorageGb} GB after addon cancellation`);
+                    }
+                }
+                catch (error) {
+                    logger.warn("[Storage Addon Webhook] Could not recalculate storage:", error);
+                }
+                break;
+            }
+            default:
+                logger.warn(`[Storage Addon Webhook] Unknown event type: ${eventType}`);
+        }
+        return Response.json({ received: true }, { status: 200 });
+    }
+    catch (error) {
+        logger.error("[Storage Addon Webhook] Error:", error);
+        return Response.json({
+            error: error instanceof Error ? error.message : "Webhook error",
+        }, { status: 400 });
+    }
+}