@nexo-labs/payload-stripe-inventory 1.6.11 → 1.6.13

package/dist/server/index.mjs

@@ -1,9 +1,6 @@
-import { S as generateUserInventory, _ as PricingType, a as getPermissionsSlugs, b as permissionSlugs, d as COLLECTION_SLUG_PRICES, f as COLLECTION_SLUG_PRODUCTS, g as PricingPlanInterval, m as MAX_UNLOCKS_PER_WEEK, n as countWeeklyUnlocksQuery, p as COLLECTION_SLUG_USER, r as checkIfUserCanUnlockQuery, u as COLLECTION_SLUG_CUSTOMERS, x as generateCustomerInventory, y as formatOptions } from "../src-BmlQoR4x.mjs";
-import Stripe from "stripe";
-import { headers } from "next/headers.js";
-import { NextResponse } from "next/server.js";
-import { COLLECTION_SLUG_TAXONOMY, buildTaxonomyRelationship } from "@nexo-labs/payload-taxonomies";
+import { S as generateUserInventory, _ as PricingType, a as checkIfUserCanUnlockQuery, b as permissionSlugs, d as COLLECTION_SLUG_PRICES, f as COLLECTION_SLUG_PRODUCTS, g as PricingPlanInterval, i as countWeeklyUnlocksQuery, m as MAX_UNLOCKS_PER_WEEK, p as COLLECTION_SLUG_USER, u as COLLECTION_SLUG_CUSTOMERS, x as generateCustomerInventory, y as formatOptions } from "../src-I_DPhIL5.mjs";
 import { stripePlugin } from "@payloadcms/plugin-stripe";
+import Stripe from "stripe";
 
 //#region src/server/utils/payload/upsert.ts
 const payloadUpsert = async ({ payload, collection, data, where }) => {
@@ -31,8 +28,13 @@ const payloadUpsert = async ({ payload, collection, data, where }) => {
 
 //#endregion
 //#region src/server/utils/stripe/stripe-builder.ts
+let stripeInstance = null;
 const stripeBuilder = () => {
-	return new Stripe(process.env.STRIPE_SECRET_KEY, { apiVersion: "2024-09-30.acacia" });
+	if (stripeInstance) return stripeInstance;
+	const secretKey = process.env.STRIPE_SECRET_KEY;
+	if (!secretKey) throw new Error("STRIPE_SECRET_KEY environment variable is not set");
+	stripeInstance = new Stripe(secretKey, { apiVersion: "2024-09-30.acacia" });
+	return stripeInstance;
 };
 
 //#endregion
@@ -42,23 +44,23 @@ const updatePrices = async (payload) => {
 		limit: 100,
 		active: true
 	})).data.map((price) => priceUpsert(price, payload));
-	const pricesByProductId = (await Promise.all(promises)).mapNotNull((t) => t).reduce((acc, { productId, priceId }) => {
+	const pricesByProductId = (await Promise.all(promises)).filter((p) => p !== null).reduce((acc, { productId, priceId }) => {
 		if (!acc[productId]) acc[productId] = [];
 		acc[productId].push(priceId);
 		return acc;
 	}, {});
-	Object.entries(pricesByProductId).map(async ([productId, prices$1]) => {
+	await Promise.all(Object.entries(pricesByProductId).map(async ([productId, prices$1]) => {
 		await payload.update({
 			collection: COLLECTION_SLUG_PRODUCTS,
 			data: { prices: prices$1 },
 			where: { stripeID: { equals: productId } }
 		});
-	});
+	}));
 };
 async function priceUpsert(price, payload) {
 	const stripeProductID = typeof price.product === "string" ? price.product : price.product.id;
 	if (price.deleted !== void 0) {
-		priceDeleted(price, payload);
+		await priceDeleted(price, payload);
 		return null;
 	}
 	if (price.unit_amount == null) return null;
@@ -99,14 +101,15 @@ const priceDeleted = async (price, payload) => {
 //#endregion
 //#region src/server/actions/product.ts
 const updateProducts = async (payload) => {
-	(await (await stripeBuilder()).products.list({
+	const products$1 = await (await stripeBuilder()).products.list({
 		limit: 100,
 		active: true
-	})).data.forEach((product) => productSync(product, payload));
+	});
+	await Promise.all(products$1.data.map((product) => productSync(product, payload)));
 };
 const productSync = async (object, payload) => {
 	const { id: stripeProductID, name, description, images } = object;
-	if (object.deleted !== void 0) return productDeleted(object, payload);
+	if (object.deleted !== void 0) return await productDeleted(object, payload);
 	try {
 		await payloadUpsert({
 			payload,
@@ -153,7 +156,7 @@ async function syncCustomerByEmail({ email, payload }) {
 		where: { email: { equals: email } }
 	})).docs?.[0]?.id;
 	await payload.update({
-		collection: "users",
+		collection: COLLECTION_SLUG_USER,
 		data: { customer: customerId },
 		where: { email: { equals: email } }
 	});
@@ -196,7 +199,8 @@ async function getUserIdByEmail({ email, payload }) {
 //#region src/server/utils/stripe/get-customer.ts
 async function getCustomer({ stripe, email }) {
 	stripe = stripe ?? stripeBuilder();
-	const customers$1 = await stripe.customers.search({ query: `email:'${email}'` });
+	const sanitizedEmail = email.replace(/'/g, "\\'");
+	const customers$1 = await stripe.customers.search({ query: `email:'${sanitizedEmail}'` });
 	return customers$1.data.length ? customers$1.data[0] : null;
 }
 async function resolveStripeCustomer({ customer }) {
@@ -257,7 +261,7 @@ async function findOrCreateCustomer({ email, payload, stripeId }) {
 
 //#endregion
 //#region src/server/actions/subscription.ts
-const subscriptionUpsert = async (subscription, payload, onSubscriptionUpdate) => {
+const subscriptionUpsert = async (subscription, payload, onSubscriptionUpdate, resolveSubscriptionPermissions) => {
 	const { id: stripeID, status, customer: stripeCustomer } = subscription;
 	const customer = await resolveStripeCustomer({ customer: stripeCustomer });
 	const error = (message) => payload.logger.error("Subscription Upsert: ", message);
@@ -299,7 +303,7 @@ const subscriptionUpsert = async (subscription, payload, onSubscriptionUpdate) =
 		const inventory = customer$1.inventory;
 		inventory.subscriptions[stripeID] = {
 			...subscription,
-			permissions: getPermissionsSlugs({ permissions: product.roles })
+			permissions: await resolveSubscriptionPermissions(subscription, product, payload)
 		};
 		info(`INVENTORY OF THE SUBSCRIPTION ${inventory}`);
 		await upsertCustomerInventoryAndSyncWithUser(payload, inventory, email, stripeId);
@@ -347,7 +351,7 @@ const subscriptionDeleted = async (subscription, payload, onSubscriptionUpdate)
 			payload.logger.error("No customer found for subscription");
 			return;
 		}
-		const inventory = customer$1.inventory;
+		const inventory = customer$1.inventory ?? generateCustomerInventory();
 		delete inventory.subscriptions[id];
 		await upsertCustomerInventoryAndSyncWithUser(payload, inventory, email, stripeId);
 		const userId = await getUserIdByEmail({
@@ -392,12 +396,11 @@ const paymentSucceeded = async (paymentIntent, payload) => {
 			payload,
 			stripeId: stripeCustomer.id
 		});
-		if (!customer) return;
 		if (!customer) {
-			payload.logger.error(`User not found for payment: ${stripeCustomer.email}`);
+			payload.logger.error(`Customer not found for payment: ${stripeCustomer.email}`);
 			return;
 		}
-		let inventory = customer.inventory;
+		const inventory = customer.inventory ?? generateCustomerInventory();
 		inventory.payments[id] = paymentIntent;
 		await payload.update({
 			collection: COLLECTION_SLUG_CUSTOMERS,
@@ -437,8 +440,11 @@ const invoiceSucceeded = async (invoiceIntent, payload) => {
 			payload,
 			stripeId: stripeCustomer.id
 		});
-		if (!customer) return;
-		let inventory = customer.inventory;
+		if (!customer) {
+			payload.logger.error(`Customer not found for invoice: ${stripeCustomer.email}`);
+			return;
+		}
+		const inventory = customer.inventory ?? generateCustomerInventory();
 		inventory.invoices[id] = invoiceIntent;
 		await payload.update({
 			collection: COLLECTION_SLUG_CUSTOMERS,
@@ -468,13 +474,6 @@ const customerDeleted = async (customer, payload) => {
 	}
 };
 
-//#endregion
-//#region src/server/access/get-current-user-query.ts
-async function getCurrentUserQuery(payload) {
-	const headers$1 = await headers();
-	return (await payload.auth({ headers: headers$1 })).user;
-}
-
 //#endregion
 //#region src/server/actions/unlock-item-for-user-action.ts
 const addUniqueUnlock = (unlocks, collection, contentId) => {
@@ -485,34 +484,59 @@ const addUniqueUnlock = (unlocks, collection, contentId) => {
 		dateUnlocked: /* @__PURE__ */ new Date()
 	}];
 };
-const unlockItemForUser = async (getPayload, collection, contentId) => {
-	const payload = await getPayload();
-	const user = await getCurrentUserQuery(payload);
-	if (!user || !user.id) return { error: "Usuario no válido" };
-	const item = await payload.findByID({
-		collection,
-		id: contentId.toString()
-	});
-	if (!item) return { error: "Elemento no encontrado" };
-	if (!checkIfUserCanUnlockQuery(user, getPermissionsSlugs({ permissions: item.permissions }))) return { error: "No tienes permisos para desbloquear este elemento" };
-	if (countWeeklyUnlocksQuery(user) >= MAX_UNLOCKS_PER_WEEK) return { error: `Has alcanzado el límite de ${MAX_UNLOCKS_PER_WEEK} desbloqueos para esta semana` };
-	const inventory = user.inventory ?? generateUserInventory();
-	const updatedUnlocks = addUniqueUnlock(inventory.unlocks, collection, contentId);
-	if (updatedUnlocks.length === inventory.unlocks.length) return { data: true };
-	try {
-		await payload.update({
-			collection: COLLECTION_SLUG_USER,
-			id: user.id.toString(),
-			data: { inventory: {
-				...inventory,
-				unlocks: updatedUnlocks
-			} }
+/**
+* Creates an unlock action with the specified content permissions resolver.
+*
+* @param resolveContentPermissions - Callback to resolve permissions required by content
+* @returns A function that unlocks items for users
+*
+* @example
+* ```typescript
+* const unlockItem = createUnlockAction(async (content, payload) => {
+*   return content.requiredPermissions || [];
+* });
+*
+* // Use in server actions
+* await unlockItem(payload, user, 'posts', 123);
+* ```
+*/
+const createUnlockAction = (resolveContentPermissions) => {
+	/**
+	* Unlocks an item for a user, adding it to their inventory.
+	*
+	* @param payload - The Payload instance
+	* @param user - The authenticated user
+	* @param collection - The collection slug of the item to unlock
+	* @param contentId - The ID of the item to unlock
+	* @returns Result indicating success or error message
+	*/
+	return async (payload, user, collection, contentId) => {
+		if (!user || !user.id) return { error: "Usuario no válido" };
+		const item = await payload.findByID({
+			collection,
+			id: contentId.toString()
 		});
-		return { data: true };
-	} catch (error) {
-		console.error("Error al actualizar el inventario del usuario:", error);
-		return { error: "Error al actualizar el inventario del usuario" };
-	}
+		if (!item) return { error: "Elemento no encontrado" };
+		if (!checkIfUserCanUnlockQuery(user, await resolveContentPermissions(item, payload))) return { error: "No tienes permisos para desbloquear este elemento" };
+		if (countWeeklyUnlocksQuery(user) >= MAX_UNLOCKS_PER_WEEK) return { error: `Has alcanzado el límite de ${MAX_UNLOCKS_PER_WEEK} desbloqueos para esta semana` };
+		const inventory = user.inventory ?? generateUserInventory();
+		const updatedUnlocks = addUniqueUnlock(inventory.unlocks, collection, contentId);
+		if (updatedUnlocks.length === inventory.unlocks.length) return { data: true };
+		try {
+			await payload.update({
+				collection: COLLECTION_SLUG_USER,
+				id: user.id.toString(),
+				data: { inventory: {
+					...inventory,
+					unlocks: updatedUnlocks
+				} }
+			});
+			return { data: true };
+		} catch (error) {
+			console.error("Error al actualizar el inventario del usuario:", error);
+			return { error: "Error al actualizar el inventario del usuario" };
+		}
+	};
 };
 
 //#endregion
@@ -549,148 +573,351 @@ async function getCustomerFromStripeOrCreate(email, name) {
 }
 
 //#endregion
-//#region src/server/api/handle-donation.ts
-async function handleDonation(request, getPayload, getRoutes) {
-	const payload = await getPayload();
-	const payloadUser = await getCurrentUserQuery(payload);
-	if (!payloadUser || !payloadUser.email) throw new Error("You must be logged in to make a donation");
-	const amountParam = new URL(request.url).searchParams.get("amount");
-	if (!amountParam) throw new Error("Amount is required");
-	const amount = parseInt(amountParam);
-	if (amount < 100) throw new Error("Minimum donation amount is €1");
-	const stripe = stripeBuilder();
-	const customerId = await getCustomerFromStripeOrCreate(payloadUser.email, payloadUser.name);
-	await upsertCustomerInventoryAndSyncWithUser(payload, payloadUser.customer?.inventory, payloadUser.email, customerId);
-	const metadata = { type: "donation" };
-	const session = await stripe.checkout.sessions.create({
-		customer: customerId,
-		payment_method_types: ["card"],
-		line_items: [{
-			price_data: {
-				currency: "eur",
-				product_data: {
-					name: "Donación - Portal Escohotado",
-					description: "Apoyo al mantenimiento del legado digital de Antonio Escohotado"
+//#region src/server/endpoints/validators/request-validator.ts
+/**
+* Creates a JSON response using Web API Response
+*/
+function jsonResponse(data, options) {
+	return new Response(JSON.stringify(data), {
+		headers: { "Content-Type": "application/json" },
+		...options
+	});
+}
+/**
+* Creates a redirect response using Web API Response
+* @param url - The URL to redirect to
+* @param status - HTTP status code (default: 303 See Other)
+*/
+function redirectResponse(url, status = 303) {
+	return new Response(null, {
+		status,
+		headers: { Location: url }
+	});
+}
+/**
+* Creates an error response
+*/
+function errorResponse(message, status = 400) {
+	return jsonResponse({ error: message }, { status });
+}
+/**
+* Validates that the request has an authenticated user
+* Uses the config's resolveUser if provided, otherwise uses request.user
+*/
+async function validateAuthenticatedRequest(request, config) {
+	if (config.checkPermissions) {
+		if (!await config.checkPermissions(request)) return {
+			success: false,
+			error: errorResponse("Permission denied", 403)
+		};
+	}
+	let user = null;
+	if (config.resolveUser) user = await config.resolveUser(request);
+	else user = request.user;
+	if (!user) return {
+		success: false,
+		error: errorResponse("You must be logged in to access this endpoint", 401)
+	};
+	if (!user.email) return {
+		success: false,
+		error: errorResponse("User email is required", 400)
+	};
+	return {
+		success: true,
+		user,
+		payload: request.payload
+	};
+}
+
+//#endregion
+//#region src/server/endpoints/handlers/checkout-handler.ts
+/**
+* Creates a handler for Stripe checkout sessions (subscriptions)
+*
+* @param config - Endpoint configuration
+* @returns PayloadHandler for checkout endpoint
+*/
+function createCheckoutHandler(config) {
+	return async (request) => {
+		try {
+			const validated = await validateAuthenticatedRequest(request, config);
+			if (!validated.success) return validated.error;
+			const { user, payload } = validated;
+			if (!user.email) return errorResponse("User email is required", 400);
+			const priceId = new URL(request.url || "").searchParams.get("priceId");
+			if (!priceId) return errorResponse("priceId is required", 400);
+			const stripe = stripeBuilder();
+			const customerId = await getCustomerFromStripeOrCreate(user.email, user.name);
+			await upsertCustomerInventoryAndSyncWithUser(payload, user.customer?.inventory, user.email, customerId);
+			const metadata = { type: "subscription" };
+			const checkoutResult = await stripe.checkout.sessions.create({
+				success_url: `${process.env.DOMAIN}${config.routes.subscriptionPageHref}?success=${Date.now()}`,
+				cancel_url: `${process.env.DOMAIN}${config.routes.subscriptionPageHref}?error=${Date.now()}`,
+				mode: "subscription",
+				customer: customerId,
+				client_reference_id: String(user.id),
+				line_items: [{
+					price: priceId,
+					quantity: 1
+				}],
+				metadata,
+				tax_id_collection: { enabled: true },
+				customer_update: {
+					name: "auto",
+					address: "auto",
+					shipping: "auto"
 				},
-				unit_amount: amount
-			},
-			quantity: 1
-		}],
-		mode: "payment",
-		success_url: `${process.env.DOMAIN}${getRoutes().nextJS.subscriptionPageHref}?success=donation`,
-		cancel_url: `${process.env.DOMAIN}${getRoutes().nextJS.subscriptionPageHref}?error=donation_cancelled`,
-		metadata,
-		payment_intent_data: { metadata },
-		invoice_creation: {
-			enabled: true,
-			invoice_data: { metadata }
+				subscription_data: { metadata }
+			});
+			if (checkoutResult.url) return redirectResponse(checkoutResult.url, 303);
+			return errorResponse("Failed to create checkout URL", 406);
+		} catch (error) {
+			console.error("[Stripe Checkout Error]", error);
+			return errorResponse(error instanceof Error ? error.message : "Unknown error occurred", 500);
 		}
-	});
-	return NextResponse.json({ url: session.url });
+	};
 }
 
 //#endregion
-//#region src/server/api/handle-update.ts
-async function handleUpdate(request, getPayload, getRoutes) {
-	const payload = await getPayload();
-	const payloadUser = await getCurrentUserQuery(payload);
-	if (!payloadUser) throw new Error("You must be logged in to access this page");
-	const { searchParams } = new URL(request.url);
-	const subscriptionId = searchParams.get("subscriptionId");
-	const cancelAtPeriodEnd = searchParams.get("cancelAtPeriodEnd") === "true";
-	if (!subscriptionId) throw Error("SubscriptionId could not be found.");
-	await stripeBuilder().subscriptions.update(subscriptionId, { cancel_at_period_end: cancelAtPeriodEnd });
-	const customer = payloadUser.customer;
-	console.error("UPDATE: customer", customer);
-	const inventory = customer.inventory;
-	if (inventory && inventory.subscriptions && inventory.subscriptions[subscriptionId]) inventory.subscriptions[subscriptionId].cancel_at_period_end = cancelAtPeriodEnd;
-	await upsertCustomerInventoryAndSyncWithUser(payload, inventory, customer.email);
-	const routes = getRoutes();
-	return NextResponse.redirect(`${process.env.DOMAIN}${routes.nextJS.subscriptionPageHref}?refresh=${Date.now()}`, 303);
+//#region src/server/endpoints/handlers/donation-handler.ts
+/**
+* Creates a handler for one-time donation payments
+*
+* @param config - Endpoint configuration
+* @returns PayloadHandler for donation endpoint
+*/
+function createDonationHandler(config) {
+	return async (request) => {
+		try {
+			const validated = await validateAuthenticatedRequest(request, config);
+			if (!validated.success) return validated.error;
+			const { user, payload } = validated;
+			if (!user.email) return errorResponse("User email is required", 400);
+			const amountParam = new URL(request.url || "").searchParams.get("amount");
+			if (!amountParam) return errorResponse("amount is required", 400);
+			const amount = parseInt(amountParam, 10);
+			if (isNaN(amount) || amount < 100) return errorResponse("Minimum donation amount is 1 EUR (100 cents)", 400);
+			const stripe = stripeBuilder();
+			const customerId = await getCustomerFromStripeOrCreate(user.email, user.name);
+			await upsertCustomerInventoryAndSyncWithUser(payload, user.customer?.inventory, user.email, customerId);
+			const donationPageHref = config.routes.donationPageHref || config.routes.subscriptionPageHref;
+			const metadata = { type: "donation" };
+			return jsonResponse({ url: (await stripe.checkout.sessions.create({
+				customer: customerId,
+				payment_method_types: ["card"],
+				line_items: [{
+					price_data: {
+						currency: "eur",
+						product_data: {
+							name: "Donation",
+							description: "One-time donation"
+						},
+						unit_amount: amount
+					},
+					quantity: 1
+				}],
+				mode: "payment",
+				success_url: `${process.env.DOMAIN}${donationPageHref}?success=donation`,
+				cancel_url: `${process.env.DOMAIN}${donationPageHref}?error=donation_cancelled`,
+				metadata,
+				payment_intent_data: { metadata },
+				invoice_creation: {
+					enabled: true,
+					invoice_data: { metadata }
+				}
+			})).url });
+		} catch (error) {
+			console.error("[Stripe Donation Error]", error);
+			return errorResponse(error instanceof Error ? error.message : "Unknown error occurred", 500);
+		}
+	};
 }
 
 //#endregion
-//#region src/server/api/handle-portal.ts
-async function handlePortal(request, getPayload, getRoutes) {
-	const payload = await getPayload();
-	const payloadUser = await getCurrentUserQuery(payload);
-	if (!payloadUser || !payloadUser.email) throw new Error("You must be logged in to access this page");
-	const url = new URL(request.url);
-	const cancelSubscriptionId = url.searchParams.get("cancelSubscriptionId");
-	const updateSubscriptionId = url.searchParams.get("updateSubscriptionId");
-	let flowData;
-	if (cancelSubscriptionId) flowData = {
-		type: "subscription_cancel",
-		subscription_cancel: { subscription: cancelSubscriptionId }
+//#region src/server/endpoints/handlers/portal-handler.ts
+/**
+* Creates a handler for Stripe Billing Portal access
+*
+* @param config - Endpoint configuration
+* @returns PayloadHandler for portal endpoint
+*/
+function createPortalHandler(config) {
+	return async (request) => {
+		try {
+			const validated = await validateAuthenticatedRequest(request, config);
+			if (!validated.success) return validated.error;
+			const { user, payload } = validated;
+			if (!user.email) return errorResponse("User email is required", 400);
+			const url = new URL(request.url || "");
+			const cancelSubscriptionId = url.searchParams.get("cancelSubscriptionId");
+			const updateSubscriptionId = url.searchParams.get("updateSubscriptionId");
+			if (cancelSubscriptionId && !cancelSubscriptionId.startsWith("sub_")) return errorResponse("Invalid subscription ID format", 400);
+			if (updateSubscriptionId && !updateSubscriptionId.startsWith("sub_")) return errorResponse("Invalid subscription ID format", 400);
+			let flowData;
+			if (cancelSubscriptionId) flowData = {
+				type: "subscription_cancel",
+				subscription_cancel: { subscription: cancelSubscriptionId }
+			};
+			else if (updateSubscriptionId) flowData = {
+				type: "subscription_update",
+				subscription_update: { subscription: updateSubscriptionId }
+			};
+			const stripe = stripeBuilder();
+			const customerId = await getCustomerFromStripeOrCreate(user.email, user.name);
+			await upsertCustomerInventoryAndSyncWithUser(payload, user.customer?.inventory, user.email, customerId);
+			return redirectResponse((await stripe.billingPortal.sessions.create({
+				flow_data: flowData,
+				customer: customerId,
+				return_url: `${process.env.DOMAIN}${config.routes.subscriptionPageHref}`
+			})).url, 303);
+		} catch (error) {
+			console.error("[Stripe Portal Error]", error);
+			return errorResponse(error instanceof Error ? error.message : "Unknown error occurred", 500);
+		}
 	};
-	else if (updateSubscriptionId) flowData = {
-		type: "subscription_update",
-		subscription_update: { subscription: updateSubscriptionId }
+}
+
+//#endregion
+//#region src/server/endpoints/handlers/update-handler.ts
+/**
+* Creates a handler for updating Stripe subscriptions (cancel at period end)
+*
+* @param config - Endpoint configuration
+* @returns PayloadHandler for update endpoint
+*/
+function createUpdateHandler(config) {
+	return async (request) => {
+		try {
+			const validated = await validateAuthenticatedRequest(request, config);
+			if (!validated.success) return validated.error;
+			const { user, payload } = validated;
+			const url = new URL(request.url || "");
+			const subscriptionId = url.searchParams.get("subscriptionId");
+			const cancelAtPeriodEnd = url.searchParams.get("cancelAtPeriodEnd") === "true";
+			if (!subscriptionId) return errorResponse("subscriptionId is required", 400);
+			if (!subscriptionId.startsWith("sub_")) return errorResponse("Invalid subscription ID format", 400);
+			const stripe = stripeBuilder();
+			const originalCancelAtPeriodEnd = (await stripe.subscriptions.retrieve(subscriptionId)).cancel_at_period_end;
+			await stripe.subscriptions.update(subscriptionId, { cancel_at_period_end: cancelAtPeriodEnd });
+			const customer = user.customer;
+			const inventory = customer?.inventory;
+			if (inventory?.subscriptions?.[subscriptionId]) inventory.subscriptions[subscriptionId].cancel_at_period_end = cancelAtPeriodEnd;
+			if (customer?.email) try {
+				await upsertCustomerInventoryAndSyncWithUser(payload, inventory, customer.email);
+			} catch (syncError) {
+				console.error("[Stripe Update] Local sync failed, rolling back Stripe change", syncError);
+				await stripe.subscriptions.update(subscriptionId, { cancel_at_period_end: originalCancelAtPeriodEnd });
+				throw syncError;
+			}
+			return redirectResponse(`${process.env.DOMAIN}${config.routes.subscriptionPageHref}?refresh=${Date.now()}`, 303);
+		} catch (error) {
+			console.error("[Stripe Update Error]", error);
+			return errorResponse(error instanceof Error ? error.message : "Unknown error occurred", 500);
+		}
 	};
-	const stripe = stripeBuilder();
-	const routes = getRoutes();
-	const customerId = await getCustomerFromStripeOrCreate(payloadUser.email, payloadUser.name);
-	await upsertCustomerInventoryAndSyncWithUser(payload, payloadUser.customer?.inventory, payloadUser.email, customerId);
-	const session = await stripe.billingPortal.sessions.create({
-		flow_data: flowData,
-		customer: customerId,
-		return_url: `${process.env.DOMAIN}${routes.nextJS.subscriptionPageHref}`
-	});
-	return NextResponse.redirect(session.url, 303);
 }
 
 //#endregion
-//#region src/server/api/handle-checkout.ts
-async function handleCheckout(request, getPayload, getRoutes) {
-	const payload = await getPayload();
-	const payloadUser = await getCurrentUserQuery(payload);
-	const priceId = new URL(request.url).searchParams.get("priceId");
-	if (!priceId || !payloadUser || !payloadUser.email) throw new Error("Invalid request");
-	const stripe = stripeBuilder();
-	const routes = getRoutes();
-	const customerId = await getCustomerFromStripeOrCreate(payloadUser.email, payloadUser.name);
-	await upsertCustomerInventoryAndSyncWithUser(payload, payloadUser.customer?.inventory, payloadUser.email, customerId);
-	const metadata = { type: "subscription" };
-	const checkoutResult = await stripe.checkout.sessions.create({
-		success_url: `${process.env.DOMAIN}${routes.nextJS.subscriptionPageHref}?success=${Date.now()}`,
-		cancel_url: `${process.env.DOMAIN}${routes.nextJS.subscriptionPageHref}?error=${Date.now()}`,
-		mode: "subscription",
-		customer: customerId,
-		client_reference_id: String(payloadUser.id),
-		line_items: [{
-			price: priceId,
-			quantity: 1
-		}],
-		metadata,
-		tax_id_collection: { enabled: true },
-		customer_update: {
-			name: "auto",
-			address: "auto",
-			shipping: "auto"
+//#region src/server/endpoints/index.ts
+/**
+* Creates all Stripe inventory endpoints
+*
+* @param config - Endpoint configuration
+* @param basePath - Base path for endpoints (default: '/stripe')
+* @returns Array of Payload endpoints
+*
+* @example
+* ```typescript
+* const endpoints = createStripeEndpoints({
+*   routes: { subscriptionPageHref: '/account/subscription' },
+* });
+* // Endpoints:
+* // GET /api/stripe/checkout?priceId={id}
+* // GET /api/stripe/portal
+* // GET /api/stripe/update?subscriptionId={id}&cancelAtPeriodEnd={bool}
+* // GET /api/stripe/donation?amount={cents}
+* ```
+*/
+function createStripeEndpoints(config, basePath = "/stripe") {
+	return [
+		{
+			path: `${basePath}/checkout`,
+			method: "get",
+			handler: createCheckoutHandler(config)
 		},
-		subscription_data: { metadata }
-	});
-	if (checkoutResult.url) return NextResponse.redirect(checkoutResult.url, 303);
-	else return NextResponse.json("Create checkout url failed", { status: 406 });
+		{
+			path: `${basePath}/portal`,
+			method: "get",
+			handler: createPortalHandler(config)
+		},
+		{
+			path: `${basePath}/update`,
+			method: "get",
+			handler: createUpdateHandler(config)
+		},
+		{
+			path: `${basePath}/donation`,
+			method: "get",
+			handler: createDonationHandler(config)
+		}
+	];
 }
 
 //#endregion
-//#region src/server/api/index.ts
-function createStripeInventoryHandlers(getPayload, getRoutes) {
-	return {
-		checkout: { GET: (request) => handleCheckout(request, getPayload, getRoutes) },
-		portal: { GET: (request) => handlePortal(request, getPayload, getRoutes) },
-		update: { GET: (request) => handleUpdate(request, getPayload, getRoutes) },
-		donation: { GET: (request) => handleDonation(request, getPayload, getRoutes) }
+//#region src/server/plugin/create-stripe-inventory-plugin.ts
+/**
+* Creates the Stripe Inventory plugin for Payload CMS
+*
+* This plugin:
+* - Registers REST endpoints for checkout, portal, update, and donation
+* - Sets up Stripe webhook handlers for subscription and payment events
+* - Syncs customer data between Stripe and Payload
+*
+* @param config - Plugin configuration
+* @returns A Payload plugin function
+*
+* Endpoints registered:
+* - GET /api{basePath}/checkout?priceId={id} - Redirect to Stripe Checkout
+* - GET /api{basePath}/portal - Redirect to Stripe Billing Portal
+* - GET /api{basePath}/update?subscriptionId={id}&cancelAtPeriodEnd={bool} - Update subscription
+* - GET /api{basePath}/donation?amount={cents} - Returns JSON with checkout URL
+*/
+function createStripeInventoryPlugin(config) {
+	const basePath = config.basePath || "/stripe";
+	const endpointConfig = {
+		routes: config.routes,
+		checkPermissions: config.checkPermissions,
+		resolveUser: config.resolveUser
+	};
+	const onSubscriptionUpdate = config.onSubscriptionUpdate || (async () => {});
+	const { resolveSubscriptionPermissions, resolveContentPermissions } = config;
+	return (incomingConfig) => {
+		const stripeEndpoints = createStripeEndpoints(endpointConfig, basePath);
+		const configWithEndpoints = {
+			...incomingConfig,
+			endpoints: [...incomingConfig.endpoints || [], ...stripeEndpoints]
+		};
+		return stripePlugin({
+			isTestKey: process.env.STRIPE_SECRET_KEY?.includes("sk_test"),
+			stripeSecretKey: process.env.STRIPE_SECRET_KEY || "",
+			stripeWebhooksEndpointSecret: process.env.STRIPE_WEBHOOK_SECRET,
+			webhooks: {
+				"price.deleted": async ({ event, payload }) => await priceDeleted(event.data.object, payload),
+				"customer.subscription.created": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate, resolveSubscriptionPermissions),
+				"customer.subscription.paused": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate, resolveSubscriptionPermissions),
+				"customer.subscription.updated": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate, resolveSubscriptionPermissions),
+				"customer.subscription.deleted": async ({ event, payload }) => await subscriptionDeleted(event.data.object, payload, onSubscriptionUpdate),
+				"customer.deleted": async ({ event, payload }) => await customerDeleted(event.data.object, payload),
+				"product.deleted": async ({ event, payload }) => await productDeleted(event.data.object, payload),
+				"payment_intent.succeeded": async ({ event, payload }) => {
+					await paymentSucceeded(event.data.object, payload);
+				},
+				"invoice.paid": async ({ event, payload }) => {
+					await invoiceSucceeded(event.data.object, payload);
+				}
+			}
+		})(configWithEndpoints);
 	};
-}
-function createRouteHandlers(getPayload, getRoutes) {
-	return { GET: async (request, { params }) => {
-		const path = (await params).stripe[0];
-		const handlers = createStripeInventoryHandlers(getPayload, getRoutes);
-		if (path === "checkout" || path === "portal" || path === "update" || path === "donation") return handlers[path].GET(request);
-		return NextResponse.json({ error: "Route not found" }, { status: 404 });
-	} };
 }
 
 //#endregion
@@ -723,6 +950,19 @@ const loggedInOrPublished = ({ req: { user } }) => {
 	return { _status: { equals: "published" } };
 };
 
+//#endregion
+//#region src/server/access/get-user-from-request.ts
+/**
+* Gets the current user from a PayloadRequest without depending on next/headers.
+* This is the recommended way to get the user in Payload endpoint handlers.
+*
+* @param request - The PayloadRequest object
+* @returns The user object or null if not authenticated
+*/
+function getUserFromRequest(request) {
+	return request.user;
+}
+
 //#endregion
 //#region src/server/collections/customers.ts
 const customers = {
@@ -772,42 +1012,6 @@ const customers = {
 	]
 };
 
-//#endregion
-//#region src/server/collections/fields/permission-evaluation-field.ts
-const permissionEvaluationField = {
-	type: "row",
-	fields: [{
-		type: "select",
-		name: "type_of_permissions",
-		options: [
-			{
-				label: "Todos",
-				value: "all"
-			},
-			{
-				label: "Permisos por roles",
-				value: "roles"
-			},
-			{
-				label: "Solo para usuarios sin roles",
-				value: "only_no_roles"
-			},
-			{
-				label: "Solo invitados",
-				value: "only_guess"
-			}
-		],
-		defaultValue: "all",
-		label: "Tipo de permisos"
-	}, {
-		type: "relationship",
-		name: "permissions",
-		relationTo: [COLLECTION_SLUG_TAXONOMY],
-		hasMany: false,
-		admin: { condition: (_, siblingData) => siblingData.type_of_permissions === "roles" }
-	}]
-};
-
 //#endregion
 //#region src/server/collections/prices.ts
 const prices = {
@@ -988,44 +1192,10 @@ const products = {
 				type: "text",
 				name: "title"
 			}]
-		},
-		buildTaxonomyRelationship({
-			name: "roles",
-			label: "Roles",
-			defaultValue: [],
-			filterOptions: () => {
-				return { "payload.types": { in: ["role"] } };
-			},
-			required: false
-		})
-	]
-};
-
-//#endregion
-//#region src/server/plugin.ts
-const plugin = (onSubscriptionUpdate) => {
-	return stripePlugin({
-		isTestKey: process.env.STRIPE_SECRET_KEY?.includes("sk_test"),
-		stripeSecretKey: process.env.STRIPE_SECRET_KEY || "",
-		stripeWebhooksEndpointSecret: process.env.STRIPE_WEBHOOK_SECRET,
-		webhooks: {
-			"price.deleted": async ({ event, payload }) => await priceDeleted(event.data.object, payload),
-			"customer.subscription.created": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate),
-			"customer.subscription.paused": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate),
-			"customer.subscription.updated": async ({ event, payload }) => await subscriptionUpsert(event.data.object, payload, onSubscriptionUpdate),
-			"customer.subscription.deleted": async ({ event, payload }) => await subscriptionDeleted(event.data.object, payload, onSubscriptionUpdate),
-			"customer.deleted": async ({ event, payload }) => await customerDeleted(event.data.object, payload),
-			"product.deleted": async ({ event, payload }) => await productDeleted(event.data.object, payload),
-			"payment_intent.succeeded": async ({ event, payload }) => {
-				await paymentSucceeded(event.data.object, payload);
-			},
-			"invoice.paid": async ({ event, payload }) => {
-				await invoiceSucceeded(event.data.object, payload);
-			}
 		}
-	});
+	]
 };
 
 //#endregion
-export { createCustomerAtStripe, createRouteHandlers, createStripeInventoryHandlers, customerDeleted, customers, getCustomer, getCustomerFromStripeOrCreate, invoiceSucceeded, isAdmin, isAdminOrCurrentUser, isAdminOrPublished, isAdminOrStripeActive, isAdminOrUserFieldMatchingCurrentUser, isAnyone, loggedInOrPublished, payloadUpsert, paymentSucceeded, permissionEvaluationField, plugin, priceDeleted, priceUpsert, prices, productDeleted, productSync, products, resolveStripeCustomer, stripeBuilder, subscriptionDeleted, subscriptionUpsert, syncCustomerByEmail, unlockItemForUser, updatePrices, updateProducts, updateProductsAndPrices, upsertCustomerInventoryAndSyncWithUser };
+export { createCheckoutHandler, createCustomerAtStripe, createDonationHandler, createPortalHandler, createStripeEndpoints, createStripeInventoryPlugin, createUnlockAction, createUpdateHandler, customerDeleted, customers, errorResponse, getCustomer, getUserFromRequest, invoiceSucceeded, isAdmin, isAdminOrCurrentUser, isAdminOrPublished, isAdminOrStripeActive, isAdminOrUserFieldMatchingCurrentUser, isAnyone, jsonResponse, loggedInOrPublished, payloadUpsert, paymentSucceeded, priceDeleted, priceUpsert, prices, productDeleted, productSync, products, redirectResponse, resolveStripeCustomer, stripeBuilder, subscriptionDeleted, subscriptionUpsert, syncCustomerByEmail, updatePrices, updateProducts, updateProductsAndPrices, upsertCustomerInventoryAndSyncWithUser, validateAuthenticatedRequest };
 //# sourceMappingURL=index.mjs.map