kasy-cli 1.31.11 → 1.31.12

package/lib/scaffold/CHANGELOG.json

@@ -1,4 +1,13 @@
 {
+  "1.31.12": {
+    "modules": {
+      "core": {
+        "pt": "Preview de dispositivo na web não lança mais erros no console (\"Not initialized\" / provider não encontrado) durante a inicialização — agora espera o DevicePreview montar antes de sincronizar a orientação.",
+        "en": "Web device preview no longer throws console errors (\"Not initialized\" / provider not found) during startup — it now waits for DevicePreview to mount before syncing orientation.",
+        "es": "La vista previa de dispositivo en web ya no lanza errores en consola (\"Not initialized\" / provider no encontrado) durante el arranque — ahora espera a que DevicePreview se monte antes de sincronizar la orientación."
+      }
+    }
+  },
   "1.31.10": {
     "modules": {
       "core": {

package/lib/scaffold/backends/supabase/edge-functions/admin-list-users/index.ts

@@ -24,7 +24,7 @@ import { createClient } from "https://esm.sh/@supabase/supabase-js@2.47.10";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 // In-memory cap: load up to this many of the most recent users in one call.

package/lib/scaffold/backends/supabase/edge-functions/ai-chat/index.ts

@@ -30,7 +30,7 @@ const SSE_HEADERS = {
 const CORS_HEADERS = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Content-Type, Authorization",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 interface ChatMessage {

package/lib/scaffold/backends/supabase/edge-functions/delete-user-account/index.ts

@@ -19,7 +19,7 @@ import { createClient } from "https://esm.sh/@supabase/supabase-js@2.47.10";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 Deno.serve(async (req: Request) => {

package/lib/scaffold/backends/supabase/edge-functions/meta-track-event/index.ts

@@ -172,7 +172,7 @@ async function sendMetaEvent(
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 // ── Main handler ─────────────────────────────────────────────────────────────

package/lib/scaffold/backends/supabase/edge-functions/revenuecat-webhook/index.ts

@@ -261,7 +261,7 @@ Deno.serve(async (req: Request) => {
       headers: {
         "Access-Control-Allow-Origin": "*",
         "Access-Control-Allow-Methods": "POST, OPTIONS",
-        "Access-Control-Allow-Headers": "Authorization, Content-Type",
+        "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
       },
     });
   }

package/lib/scaffold/backends/supabase/edge-functions/stripe-create-checkout-session/index.ts

@@ -23,7 +23,7 @@ import { createClient } from "https://esm.sh/@supabase/supabase-js@2.47.10";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 // Maps a Supabase auth user -> its Stripe customer id.

package/lib/scaffold/backends/supabase/edge-functions/stripe-create-portal-session/index.ts

@@ -22,7 +22,7 @@ import { createClient } from "https://esm.sh/@supabase/supabase-js@2.47.10";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 const CUSTOMERS_TABLE = "stripe_customers";

package/lib/scaffold/backends/supabase/edge-functions/stripe-list-prices/index.ts

@@ -19,7 +19,7 @@ import Stripe from "npm:stripe@18";
 const corsHeaders = {
   "Access-Control-Allow-Origin": "*",
   "Access-Control-Allow-Methods": "POST, OPTIONS",
-  "Access-Control-Allow-Headers": "Authorization, Content-Type",
+  "Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
 };
 
 function trialDaysFor(price: Stripe.Price, product: Stripe.Product): number | null {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kasy-cli",
-  "version": "1.31.11",
+  "version": "1.31.12",
   "description": "CLI for scaffolding production-ready Flutter SaaS apps with Firebase, Supabase, or API REST backends.",
   "bin": {
     "kasy": "./bin/kasy.js"
@@ -31,7 +31,7 @@
     "access": "public"
   },
   "scripts": {
-    "prepack": "node scripts/check-feature-patches.js && node scripts/bundle-template.js && node test/generated-matches-kit.test.js && node test/supabase-verify-jwt.test.js && node test/backend-pubspec-local-reminders.test.js",
+    "prepack": "node scripts/check-feature-patches.js && node scripts/bundle-template.js && node test/generated-matches-kit.test.js && node test/supabase-verify-jwt.test.js && node test/supabase-cors.test.js && node test/backend-pubspec-local-reminders.test.js",
     "start": "node ./bin/kasy.js",
     "setup": "node ./bin/kasy.js setup",
     "doctor": "node ./bin/kasy.js doctor",

package/templates/firebase/functions/src/core/data/entities/subscription_entity.ts

@@ -5,6 +5,11 @@ import {Subscription} from "../../../subscriptions/models/subscriptions";
 
 export interface SubscriptionEntityData {
     id?: string,
+    // Denormalized reference to the subscriber, written as explicit fields on the
+    // Firestore doc (besides being the doc id) so a subscribers list / admin view
+    // can read who owns it and their email without a second lookup.
+    user_id?: string;
+    email?: string;
     creation_date: Timestamp;
     last_activity: Timestamp;
     expiration_date?: Timestamp;
@@ -20,6 +25,8 @@ export interface SubscriptionEntity extends SubscriptionEntityData {}
 export class SubscriptionEntity {
   constructor({
     id,
+    user_id,
+    email,
     creation_date,
     last_activity,
     expiration_date,
@@ -29,6 +36,8 @@ export class SubscriptionEntity {
   }: SubscriptionEntityData
   ) {
     this.id = id;
+    this.user_id = user_id;
+    this.email = email;
     this.creation_date = creation_date;
     this.last_activity = last_activity;
     this.expiration_date = expiration_date;
@@ -52,6 +61,8 @@ export class SubscriptionEntity {
   static from(subscription: Subscription): SubscriptionEntity {
     return new SubscriptionEntity({
       id: subscription.userId,
+      user_id: subscription.userId,
+      email: subscription.email,
       creation_date: subscription.creationDate,
       last_activity: subscription.lastUpdate,
       expiration_date: subscription.expirationDate,
@@ -70,6 +81,7 @@ export class SubscriptionEntity {
       status: this.status,
       store: this.store,
       productId: this.product_id,
+      email: this.email,
     }, subscriptionRepository);
   }
 }

package/templates/firebase/functions/src/subscriptions/models/subscriptions.ts

@@ -24,6 +24,11 @@ export interface SubscriptionData {
   expirationDate?: Timestamp;
   store: Stores;
   productId: string;
+  // Denormalized copy of the subscriber's email. Firestore is a non-relational
+  // store, so we duplicate it onto the subscription doc to list/show subscribers
+  // without a second read. (On the relational backends the user is referenced by
+  // a user_id foreign key and the email is joined from the users table instead.)
+  email?: string;
 }
 
 export interface Subscription extends SubscriptionData {}
@@ -38,6 +43,7 @@ export class Subscription {
       expirationDate,
       store,
       productId,
+      email,
     }: SubscriptionData,
     private subscriptionRepository: SubscriptionsRepository,
   ) {
@@ -48,6 +54,7 @@ export class Subscription {
     this.expirationDate = expirationDate;
     this.store = store;
     this.productId = productId;
+    this.email = email;
   }
 
   static async fromRevenueCat({
@@ -76,6 +83,7 @@ export class Subscription {
                 ? Stores.APPLE_STORE
                 : Stores.PLAY_STORE,
             productId: event.product_id,
+            email: user.email,
         }, subscriptionRepository);
     }
     return new Subscription({
@@ -88,6 +96,7 @@ export class Subscription {
             ? Stores.APPLE_STORE
             : Stores.PLAY_STORE,
         productId: event.product_id,
+        email: user.email,
       }, subscriptionRepository);
   }
 
@@ -106,6 +115,7 @@ export class Subscription {
       expirationDate: entity.expiration_date,
       store: entity.store,
       productId: entity.product_id,
+      email: entity.email,
     }, subscriptionRepository);
   }
 

package/templates/firebase/functions/src/subscriptions/stripe_functions.ts

@@ -5,7 +5,7 @@ import * as admin from "firebase-admin";
 import {Timestamp} from "firebase-admin/firestore";
 import Stripe from "stripe";
 import {Subscription} from "./models/subscriptions";
-import {subscriptionsRepository} from "../core/data/repositories/repositories";
+import {subscriptionsRepository, usersRepository} from "../core/data/repositories/repositories";
 import {Stores, SubscriptionStatus} from "./models/subscription_status";
 
 // Server-side only. Never exposed to the client.
@@ -103,6 +103,20 @@ export const createCheckoutSession = onCall(
     // Pre-fill Checkout with the signed-in user's email (UX only; the user is
     // identified by uid, so paying with a different email still updates them).
     const email = request.auth?.token?.email as string | undefined;
+    // Persist the app language on the user so server-side notifications (e.g.
+    // the "subscription saved" message) are sent in the right language. On web
+    // there is no registered device to read the locale from, so we capture it
+    // here at purchase time.
+    const locale = (request.data?.locale as string | undefined)
+      ?.substring(0, 2)
+      .toLowerCase();
+    if (locale) {
+      await admin
+        .firestore()
+        .collection("users")
+        .doc(uid)
+        .set({locale}, {merge: true});
+    }
 
     const stripe = stripeClient();
     const customerId = await getOrCreateCustomer(stripe, uid, email);
@@ -176,6 +190,9 @@ async function upsertFromStripeSubscription(sub: Stripe.Subscription): Promise<v
   }
   const now = Timestamp.now();
   const existing = await subscriptionsRepository.getFromUserId(uid);
+  // Denormalize the subscriber's email onto the Firestore subscription doc (see
+  // SubscriptionData.email) so a subscribers list reads it without a second hop.
+  const user = await usersRepository.getFromId(uid);
   // In Stripe API v18 the billing period lives on each subscription item.
   const item = sub.items.data[0];
   const priceId = item?.price?.id ?? "";
@@ -193,6 +210,7 @@ async function upsertFromStripeSubscription(sub: Stripe.Subscription): Promise<v
       expirationDate: expiration,
       store: Stores.STRIPE,
       productId: priceId,
+      email: user?.email,
     },
     subscriptionsRepository,
   );

package/templates/firebase/functions/src/subscriptions/triggers.ts

@@ -1,9 +1,38 @@
 import { Logger } from "../core/logger/logger";
-import {usersRepository} from "../core/data/repositories/repositories";
+import {usersRepository, userDevicesRepository} from "../core/data/repositories/repositories";
 import {notificationsApi} from "../notifications/notifications_api";
 import {SystemNotificationParams} from "../notifications/models/notification";
 import {onDocumentCreated} from "firebase-functions/v2/firestore";
 
+/// Localized copy for the "subscription saved" notification.
+function subscriptionSavedText(locale: string): {title: string; body: string} {
+  switch (locale) {
+    case "pt":
+      return {title: "Assinatura confirmada", body: "Obrigado pela sua confiança!"};
+    case "es":
+      return {title: "Suscripción confirmada", body: "¡Gracias por tu confianza!"};
+    default:
+      return {title: "Subscription confirmed", body: "Thank you for your trust!"};
+  }
+}
+
+/// Resolves the user's language: the locale persisted on the user (set on web at
+/// checkout), then the device locale (native), then English.
+async function resolveUserLocale(
+  userId: string,
+  userLocale: string | undefined,
+): Promise<string> {
+  if (userLocale) return userLocale.substring(0, 2).toLowerCase();
+  try {
+    const devices = await userDevicesRepository.getDevices([userId]);
+    const raw = devices[0]?.extra_data?.["deviceLocale"] as string | undefined;
+    if (raw) return raw.substring(0, 2).toLowerCase();
+  } catch {
+    // Fall through to the default below.
+  }
+  return "en";
+}
+
 export const onNewSubscription = onDocumentCreated(
   "subscriptions/{userId}",
   async (event) => {
@@ -12,7 +41,7 @@ export const onNewSubscription = onDocumentCreated(
     }
     const userId = event.params.userId;
     const logger = new Logger("onNewSubscription");
-    
+
     try {
       logger.info(`New subscription for user ${userId}`);
       const user = await usersRepository.getFromId(userId);
@@ -20,11 +49,13 @@ export const onNewSubscription = onDocumentCreated(
         logger.error(`User ${userId} not found`);
         return;
       }
+      const locale = await resolveUserLocale(userId, user.locale);
+      const {title, body} = subscriptionSavedText(locale);
       await notificationsApi.notify(
         [userId],
         <SystemNotificationParams> {
-          title: "Subscription saved",
-          body: "Thank you",
+          title,
+          body,
         },
       );
     } catch (error) {

package/templates/firebase/lib/components/kasy_app_bar.dart

@@ -125,12 +125,9 @@ class KasyFrostedChromeBackground extends StatelessWidget {
     this.padForStatusBar = true,
   });
 
-  /// Translucent tint so blurred content shows through; tuned per brightness.
-  /// Derived from the global `surface` token so the bar lifts off the canvas
-  /// and follows light/dark automatically.
+  /// Solid bar fill from the global `surface` token; follows light/dark.
   Color _tint(BuildContext context) {
-    final bool dark = Theme.of(context).brightness == Brightness.dark;
-    return context.colors.surface.withValues(alpha: dark ? 0.88 : 0.82);
+    return context.colors.surface;
   }
 
   @override
@@ -194,24 +191,19 @@ class KasyFrostedChromeBackground extends StatelessWidget {
 class KasyTopScrollFade extends StatelessWidget {
   const KasyTopScrollFade({super.key});
 
-  /// Fade zone below the status-bar strip (mobile only).
+  /// Total wash height: status-bar strip + a fade zone below it.
   static const double _contentFade = 40.0;
 
   @override
   Widget build(BuildContext context) {
     final double topInset = MediaQuery.paddingOf(context).top;
-    // On web topInset = 0; enforce a 6 px minimum so the topmost pixels are
-    // 100 % opaque even without a status bar.
+    // On web topInset = 0; enforce a 6 px minimum so the strip still exists.
     final double solidHeight = topInset < 6 ? 6.0 : topInset;
     final double totalHeight = solidHeight + _contentFade;
-    final double ss = solidHeight / totalHeight; // solidStop
-    final Color bg = context.colors.background;
-
-    // Whole wash is intentionally faint — even the very top peaks at ~0.32, then
-    // melts to nothing across the fade zone. "Quase transparente, bem suave."
-    // Read from bottom → top: invisible → ghost → a soft hint at the very top.
-    double p(double t) => ss + (1 - ss) * t;
+    final Color base = context.colors.surface;
 
+    // Same gradient the grid cards use for their caption scrim — strong at the
+    // top, melting gradually to fully transparent at the bottom.
     return IgnorePointer(
       child: SizedBox(
         height: totalHeight,
@@ -221,14 +213,12 @@ class KasyTopScrollFade extends StatelessWidget {
               begin: Alignment.topCenter,
               end: Alignment.bottomCenter,
               colors: <Color>[
-                bg.withValues(alpha: 0.32),
-                bg.withValues(alpha: 0.32),
-                bg.withValues(alpha: 0.16),
-                bg.withValues(alpha: 0.06),
-                bg.withValues(alpha: 0.01),
-                bg.withValues(alpha: 0.0),
+                base.withValues(alpha: 0.96),
+                base.withValues(alpha: 0.96),
+                base.withValues(alpha: 0.68),
+                base.withValues(alpha: 0.0),
               ],
-              stops: <double>[0.0, ss, p(0.10), p(0.26), p(0.44), 1.0],
+              stops: const <double>[0.0, 0.20, 0.55, 1.0],
             ),
           ),
         ),

package/templates/firebase/lib/components/kasy_toast.dart

@@ -733,7 +733,9 @@ _Palette _palette(KasyColors c, KasyToastTone tone) {
         accent: c.primary,
         icon: KasyIcons.info,
         buttonBg: c.primary,
-        buttonFg: c.onPrimary,
+        // The Close button sits on a solid, vivid tone color — keep its label
+        // white for reliable contrast regardless of the brand "on" token.
+        buttonFg: Colors.white,
       );
     case KasyToastTone.success:
       final Color successDark = HSLColor.fromColor(c.success)
@@ -745,21 +747,21 @@ _Palette _palette(KasyColors c, KasyToastTone tone) {
         accent: successDark,
         icon: KasyIcons.checkCircle,
         buttonBg: successDark,
-        buttonFg: c.onSuccess,
+        buttonFg: Colors.white,
       );
     case KasyToastTone.warning:
       return _Palette(
         accent: c.warning,
         icon: KasyIcons.privacy,
         buttonBg: c.warning,
-        buttonFg: c.onWarning,
+        buttonFg: Colors.white,
       );
     case KasyToastTone.danger:
       return _Palette(
         accent: c.error,
         icon: KasyIcons.error,
         buttonBg: c.error,
-        buttonFg: c.onError,
+        buttonFg: Colors.white,
       );
   }
 }

package/templates/firebase/lib/core/web_device_preview/web_device_preview.dart

@@ -508,6 +508,11 @@ class _DeviceSwitchBridge extends StatefulWidget {
 }
 
 class _DeviceSwitchBridgeState extends State<_DeviceSwitchBridge> {
+  // _syncOrientation retries on the next frame while the DevicePreview store is
+  // still mounting/initializing; cap the retries so it can never spin forever.
+  int _syncRetries = 0;
+  static const int _maxSyncRetries = 120;
+
   @override
   void initState() {
     super.initState();
@@ -531,8 +536,8 @@ class _DeviceSwitchBridgeState extends State<_DeviceSwitchBridge> {
   }
 
   void _onFrameVisibleChanged() {
-    if (!mounted) return;
-    final store = Provider.of<DevicePreviewStore>(context, listen: false);
+    final store = _store();
+    if (store == null) return;
     final data = _readData(store);
     if (data == null) return;
     if (data.isFrameVisible != widget.frameVisibleNotifier.value) {
@@ -543,17 +548,21 @@ class _DeviceSwitchBridgeState extends State<_DeviceSwitchBridge> {
   void _onOrientationChanged() => _syncOrientation();
 
   void _syncOrientation() {
-    if (!mounted) return;
-    final store = Provider.of<DevicePreviewStore>(context, listen: false);
-    final data = _readData(store);
-    if (data == null) {
-      // DevicePreview initializes asynchronously (it loads saved preferences), so
-      // on the first web frame the store can still be uninitialized and reading
-      // store.data throws "Not initialized". Retry next frame instead of surfacing
-      // a scary (and harmless) exception in the console.
-      WidgetsBinding.instance.addPostFrameCallback((_) => _syncOrientation());
+    final store = _store();
+    final data = store == null ? null : _readData(store);
+    if (store == null || data == null) {
+      // DevicePreview mounts its store asynchronously: on the first web frames the
+      // provider may not be in the tree yet (ProviderNotFound) or the store may be
+      // uninitialized (reading .data throws "Not initialized"). Retry on the next
+      // frame instead of surfacing a scary (and harmless) exception. Capped so it
+      // can never spin forever.
+      if (mounted && _syncRetries < _maxSyncRetries) {
+        _syncRetries++;
+        WidgetsBinding.instance.addPostFrameCallback((_) => _syncOrientation());
+      }
       return;
     }
+    _syncRetries = 0;
     final target = widget.landscapeNotifier.value
         ? Orientation.landscape
         : Orientation.portrait;
@@ -562,9 +571,19 @@ class _DeviceSwitchBridgeState extends State<_DeviceSwitchBridge> {
     }
   }
 
-  /// [DevicePreviewStore.data] throws while the store is still finishing its async
-  /// initialization. Returns null instead of throwing so callers can skip or retry
-  /// cleanly (see _syncOrientation).
+  /// The DevicePreview store, or null if it isn't in the tree yet — `Provider.of`
+  /// throws ProviderNotFound on the first web frames before DevicePreview mounts it.
+  DevicePreviewStore? _store() {
+    if (!mounted) return null;
+    try {
+      return Provider.of<DevicePreviewStore>(context, listen: false);
+    } catch (_) {
+      return null;
+    }
+  }
+
+  /// [DevicePreviewStore.data] throws "Not initialized" while the store finishes its
+  /// async init. Returns null instead so callers can skip or retry cleanly.
   DevicePreviewData? _readData(DevicePreviewStore store) {
     try {
       return store.data;

package/templates/firebase/lib/features/onboarding/repositories/user_infos_repository.dart

@@ -17,11 +17,18 @@ class UserInfosRepository {
 
   Future<void> save(String userId, UserInfoDetail info) async {
     final entity = info.toEntity();
-    
+
     final alreadyExistingInfo =
         await _userInfosApi.getByKey(userId, entity.key);
     if (alreadyExistingInfo != null) {
-      return _userInfosApi.update(userId, entity);
+      // Reuse the existing document id so re-answering the same onboarding
+      // question overwrites its value instead of appending a duplicate. The
+      // fresh entity has a null id, which would otherwise make update() write
+      // to a new auto-id document every time (the duplication seen in testing).
+      return _userInfosApi.update(
+        userId,
+        entity.copyWith(id: alreadyExistingInfo.id),
+      );
     }
 
     return _userInfosApi.create(userId, entity);

package/templates/firebase/lib/features/subscriptions/api/stripe_backend_api.dart

@@ -34,6 +34,7 @@ class StripeBackendApi {
     required String priceId,
     String? successUrl,
     String? cancelUrl,
+    String? locale,
   }) async {
     final res = await _functions
         .httpsCallable('stripeFunctions-createCheckoutSession')
@@ -41,6 +42,7 @@ class StripeBackendApi {
           'priceId': priceId,
           if (successUrl != null) 'successUrl': successUrl,
           if (cancelUrl != null) 'cancelUrl': cancelUrl,
+          if (locale != null) 'locale': locale,
         });
     return (res.data as Map)['url'] as String;
   }

package/templates/firebase/lib/features/subscriptions/api/stripe_payment_api.dart

@@ -3,6 +3,7 @@ import 'package:kasy_kit/core/data/models/subscription.dart';
 import 'package:kasy_kit/features/subscriptions/api/entities/subscription_entity.dart';
 import 'package:kasy_kit/features/subscriptions/api/stripe_backend_api.dart';
 import 'package:kasy_kit/features/subscriptions/api/subscription_payment_api.dart';
+import 'package:kasy_kit/i18n/translations.g.dart';
 import 'package:url_launcher/url_launcher.dart';
 
 /// Stripe web subscription provider.
@@ -33,11 +34,20 @@ class StripePaymentApi implements SubscriptionPaymentApi {
 
   @override
   Future<void> purchaseProduct(SubscriptionProduct product) async {
-    final returnUrl = Uri.base.toString();
+    // On success, Stripe redirects this new tab to a tiny standalone page
+    // (web/stripe_success.html) instead of reloading the whole app in a second
+    // tab. The original app tab keeps polling and flips to premium via the
+    // webhook. On cancel we send the user back to the app where they were.
+    final appUrl = Uri.base.toString();
+    final successUrl = '${Uri.base.origin}/stripe_success.html';
     final url = await _backend.createCheckoutSession(
       priceId: product.skuId,
-      successUrl: returnUrl,
-      cancelUrl: returnUrl,
+      successUrl: successUrl,
+      cancelUrl: appUrl,
+      // Send the app language so the backend can persist it on the user and
+      // deliver subscription notifications in the right language (on web there
+      // is no registered device to read the locale from).
+      locale: LocaleSettings.instance.currentLocale.languageCode,
     );
     await _open(url);
     // Checkout is now open in a new tab. Payment is NOT confirmed yet — the

package/templates/firebase/lib/features/subscriptions/providers/premium_page_provider.dart

@@ -32,6 +32,17 @@ class PremiumStateNotifier extends _$PremiumStateNotifier {
 
   @override
   Future<PremiumState> build() async {
+    // A user who already has an active subscription must ALWAYS land on the
+    // "subscribed" state, even if the offer list fails to load. On web the
+    // offers come from Stripe and the fetch can transiently fail; without this
+    // early return a paying user would wrongly see the empty-products paywall
+    // and "lose" the confirmation that they paid. The active view
+    // ([ActivePremiumContent]) does not need the offer list.
+    final currentSubscription = _userState.subscription;
+    if (currentSubscription is SubscriptionStateData) {
+      return PremiumState.active(activeOffer: currentSubscription.activeOffer);
+    }
+
     try {
       // If you have installed the remote config brick
       // you can use it like this
@@ -42,25 +53,13 @@ class PremiumStateNotifier extends _$PremiumStateNotifier {
       final offers = await _subscriptionRepository.getOffers();
       if (offers.isEmpty) {
         _logger.w(
-          'RevenueCat returned no subscription offers. The paywall will show '
+          'The store returned no subscription offers. The paywall will show '
           'an empty-products state instead of a blank screen.',
         );
         return const PremiumState(offers: []);
       }
 
-      return switch (_userState.subscription) {
-        SubscriptionStateData(:final activeOffer) => PremiumState.active(
-          activeOffer: offers.firstWhere(
-            (element) => element.skuId == activeOffer?.skuId,
-            orElse: () => offers.first,
-          ),
-        ),
-        SubscriptionInactiveStateData() => PremiumState(
-          offers: offers,
-          selectedOffer: offers.first,
-        ),
-        _ => PremiumState(offers: offers, selectedOffer: offers.first),
-      };
+      return PremiumState(offers: offers, selectedOffer: offers.first);
     } catch (err, stack) {
       // RevenueCat CONFIGURATION_ERROR (code 23) means the products exist in the
       // dashboard but aren't live on the store yet (e.g. "Ready to Submit").
@@ -271,15 +270,45 @@ class PremiumStateNotifier extends _$PremiumStateNotifier {
 
     try {
       await _subscriptionRepository.restorePurchase();
+
+      // restorePurchase is a no-op on web (Stripe status lives server-side), so
+      // we re-read the backend to learn the real state: the webhook may have
+      // already written the subscription. Only flip to active when the backend
+      // actually confirms it — otherwise we'd show a false "restored" success.
+      final userId = _userState.user.idOrNull;
+      final restored = userId == null
+          ? null
+          : await _subscriptionRepository.get(userId);
       final t = ref.read(translationsProvider);
-      ref
-          .read(toastProvider)
-          .success(
-            title: t.premium.restore_success_title,
-            text: t.premium.restore_success_text,
-          );
-      await Future.delayed(const Duration(seconds: 2));
-      if (redirectRoute != null) ref.read(goRouterProvider).go(redirectRoute);
+
+      if (restored is SubscriptionStateData && restored.isActive) {
+        await ref
+            .read(userStateNotifierProvider.notifier)
+            .refreshSubscription(
+              product: restored.activeOffer,
+              entitlements: restored.entitlements,
+            );
+        state = AsyncData(
+          PremiumState.active(activeOffer: restored.activeOffer),
+        );
+        ref.read(toastProvider).success(
+          title: t.premium.restore_success_title,
+          text: t.premium.restore_success_text,
+        );
+        await Future.delayed(const Duration(seconds: 2));
+        if (redirectRoute != null) ref.read(goRouterProvider).go(redirectRoute);
+        return;
+      }
+
+      // Nothing to restore: revert to the paywall and tell the user, instead of
+      // a misleading success toast.
+      state = AsyncData(
+        PremiumStateData(offers: data.offers, selectedOffer: data.selectedOffer),
+      );
+      ref.read(toastProvider).alert(
+        title: t.premium.restore_none_title,
+        text: t.premium.restore_none_text,
+      );
     } catch (err, trace) {
       _logger.e("Error while restoring purchase: $err : $trace");
       state = AsyncData(

package/templates/firebase/lib/i18n/en.i18n.json

@@ -208,6 +208,8 @@
         "error_text": "An error occurred. Please try again",
         "web_checkout_timeout_title": "Payment not confirmed",
         "web_checkout_timeout_text": "We did not receive payment confirmation. If you already paid, tap Restore.",
+        "restore_none_title": "No subscription found",
+        "restore_none_text": "We could not find an active subscription to restore.",
         "comparison": {
             "title": "Premium plan comparison",
             "features_label": "Features",

package/templates/firebase/lib/i18n/es.i18n.json

@@ -207,7 +207,9 @@
         "error_title": "Error",
         "error_text": "Ocurrió un error. Inténtalo de nuevo",
         "web_checkout_timeout_title": "Pago no confirmado",
-        "web_checkout_timeout_text": "No recibimos confirmacion del pago. Si ya pagaste, toca Restaurar.",
+        "web_checkout_timeout_text": "No recibimos confirmación del pago. Si ya pagaste, toca Restaurar.",
+        "restore_none_title": "No se encontró ninguna suscripción",
+        "restore_none_text": "No encontramos una suscripción activa para restaurar.",
         "comparison": {
             "title": "Comparación de planes Premium",
             "features_label": "Características",

package/templates/firebase/lib/i18n/pt.i18n.json

@@ -206,8 +206,10 @@
         "purchase_success_text": "Obrigado pela sua confiança",
         "error_title": "Erro",
         "error_text": "Ocorreu um erro. Tente novamente",
-        "web_checkout_timeout_title": "Pagamento nao confirmado",
-        "web_checkout_timeout_text": "Nao recebemos a confirmacao do pagamento. Se voce ja pagou, toque em Restaurar.",
+        "web_checkout_timeout_title": "Pagamento não confirmado",
+        "web_checkout_timeout_text": "Não recebemos a confirmação do pagamento. Se você já pagou, toque em Restaurar.",
+        "restore_none_title": "Nenhuma assinatura encontrada",
+        "restore_none_text": "Não encontramos uma assinatura ativa para restaurar.",
         "comparison": {
             "title": "Comparação de planos Premium",
             "features_label": "Recursos",

package/templates/firebase/web/stripe_success.html

@@ -0,0 +1,138 @@
+<!DOCTYPE html>
+<!--
+  Stripe Checkout success page.
+
+  Stripe redirects the checkout tab here (success_url) after a successful
+  payment. It is intentionally a tiny standalone page — NOT the full Flutter
+  app — so the user does not end up with two heavy app tabs open. The original
+  app tab keeps polling and flips to premium on its own (via the webhook), so
+  here we just congratulate the user and let them close this tab / return.
+
+  Localized client-side from navigator.language (pt / es / en).
+-->
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Payment complete</title>
+  <style>
+    :root {
+      --accent: #0485F7;
+      --success: #16A34A;
+      --bg: #F6F8FB;
+      --card: #FFFFFF;
+      --text: #0B1524;
+      --muted: #5B6776;
+      --border: rgba(11, 21, 36, 0.08);
+    }
+    @media (prefers-color-scheme: dark) {
+      :root {
+        --bg: #0B1220;
+        --card: #131C2B;
+        --text: #F3F6FB;
+        --muted: #9AA7B8;
+        --border: rgba(255, 255, 255, 0.10);
+      }
+    }
+    * { box-sizing: border-box; }
+    html, body { height: 100%; margin: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
+        Helvetica, Arial, sans-serif;
+      background: var(--bg);
+      color: var(--text);
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 24px;
+    }
+    .card {
+      width: 100%;
+      max-width: 420px;
+      background: var(--card);
+      border: 1px solid var(--border);
+      border-radius: 20px;
+      padding: 40px 32px;
+      text-align: center;
+      box-shadow: 0 12px 40px rgba(11, 21, 36, 0.08);
+    }
+    .check {
+      width: 72px;
+      height: 72px;
+      margin: 0 auto 24px;
+      border-radius: 50%;
+      background: rgba(22, 163, 74, 0.12);
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .check svg { width: 38px; height: 38px; stroke: var(--success); }
+    h1 { font-size: 22px; font-weight: 700; margin: 0 0 10px; letter-spacing: -0.4px; }
+    p { font-size: 15px; line-height: 1.5; color: var(--muted); margin: 0 0 28px; }
+    button {
+      width: 100%;
+      border: none;
+      border-radius: 12px;
+      padding: 14px 20px;
+      font-size: 15px;
+      font-weight: 600;
+      color: #FFFFFF;
+      background: var(--accent);
+      cursor: pointer;
+      transition: opacity 0.15s ease;
+    }
+    button:hover { opacity: 0.92; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="check">
+      <svg viewBox="0 0 24 24" fill="none" stroke-width="2.5"
+           stroke-linecap="round" stroke-linejoin="round">
+        <path d="M20 6L9 17l-5-5" />
+      </svg>
+    </div>
+    <h1 id="title">Payment complete</h1>
+    <p id="subtitle">Your subscription is confirmed. You can return to the app.</p>
+    <button id="close">Return to the app</button>
+  </div>
+
+  <script>
+    var I18N = {
+      en: {
+        doc: "Payment complete",
+        title: "Payment complete",
+        subtitle: "Your subscription is confirmed. You can return to the app.",
+        button: "Return to the app",
+      },
+      pt: {
+        doc: "Pagamento concluído",
+        title: "Pagamento concluído!",
+        subtitle: "Sua assinatura foi confirmada. Você já pode voltar ao aplicativo.",
+        button: "Voltar ao aplicativo",
+      },
+      es: {
+        doc: "Pago completado",
+        title: "¡Pago completado!",
+        subtitle: "Tu suscripción está confirmada. Ya puedes volver a la aplicación.",
+        button: "Volver a la aplicación",
+      },
+    };
+
+    var lang = (navigator.language || "en").slice(0, 2).toLowerCase();
+    var t = I18N[lang] || I18N.en;
+    document.documentElement.lang = lang in I18N ? lang : "en";
+    document.title = t.doc;
+    document.getElementById("title").textContent = t.title;
+    document.getElementById("subtitle").textContent = t.subtitle;
+    document.getElementById("close").textContent = t.button;
+
+    // This tab was opened by the app via window.open, so window.close() is
+    // allowed. A button click is a user gesture, so it closes reliably and
+    // returns focus to the original app tab (already flipped to premium).
+    document.getElementById("close").addEventListener("click", function () {
+      window.close();
+    });
+  </script>
+</body>
+</html>