kasy-cli 1.31.12 → 1.31.13

package/lib/scaffold/backends/api/patch/lib/features/subscriptions/api/stripe_backend_api.dart

@@ -37,6 +37,7 @@ class StripeBackendApi {
     required String priceId,
     String? successUrl,
     String? cancelUrl,
+    String? locale,
   }) async {
     final Response res = await _client.post(
       '/stripe/checkout-session',
@@ -44,6 +45,7 @@ class StripeBackendApi {
         'priceId': priceId,
         if (successUrl != null) 'successUrl': successUrl,
         if (cancelUrl != null) 'cancelUrl': cancelUrl,
+        if (locale != null) 'locale': locale,
       },
     );
     return (res.data as Map)['url'] as String;

package/lib/scaffold/backends/supabase/edge-functions/delete-user-account/index.ts

@@ -71,6 +71,29 @@ Deno.serve(async (req: Request) => {
 
   const supabaseAdmin = createClient(supabaseUrl, serviceRoleKey);
 
+  // Best-effort Stripe teardown BEFORE deletion: deleting the Stripe customer
+  // cancels all of its subscriptions, so billing stops for the deleted account.
+  // The DB rows (stripe_customers, subscriptions, ...) are removed by ON DELETE
+  // CASCADE, but that does not reach Stripe. Guarded by the secret so a
+  // non-Stripe app simply skips it.
+  const stripeKey = Deno.env.get("STRIPE_SECRET_KEY");
+  if (stripeKey) {
+    try {
+      const { data: cust } = await supabaseAdmin
+        .from("stripe_customers")
+        .select("customer_id")
+        .eq("user_id", user.id)
+        .maybeSingle();
+      const customerId = cust?.customer_id as string | undefined;
+      if (customerId) {
+        const { default: Stripe } = await import("npm:stripe@18");
+        await new Stripe(stripeKey).customers.del(customerId);
+      }
+    } catch (e) {
+      console.error("[delete-user-account] Stripe cleanup failed:", e);
+    }
+  }
+
   try {
     const { error: deleteError } = await supabaseAdmin.auth.admin.deleteUser(user.id);
 

package/lib/scaffold/backends/supabase/edge-functions/stripe-create-checkout-session/index.ts

@@ -97,7 +97,7 @@ Deno.serve(async (req: Request) => {
   }
   const uid = user.id;
 
-  let body: { priceId?: string; successUrl?: string; cancelUrl?: string };
+  let body: { priceId?: string; successUrl?: string; cancelUrl?: string; locale?: string };
   try {
     body = await req.json();
   } catch {
@@ -109,10 +109,17 @@ Deno.serve(async (req: Request) => {
   }
   const successUrl = body.successUrl ?? "";
   const cancelUrl = body.cancelUrl ?? successUrl;
+  const locale = body.locale?.substring(0, 2).toLowerCase();
 
   try {
     const stripe = new Stripe(secretKey);
     const admin = createClient(supabaseUrl, serviceRoleKey);
+    // Persist the app language on the user so server-side notifications are sent
+    // in the right language (on web there is no registered device to read it
+    // from). Mirrors the Firebase checkout behavior.
+    if (locale) {
+      await admin.from("users").update({ locale }).eq("id", uid);
+    }
     const customerId = await getOrCreateCustomer(stripe, admin, uid, user.email);
 
     const price = await stripe.prices.retrieve(priceId, { expand: ["product"] });

package/lib/scaffold/backends/supabase/patch/lib/features/authentication/api/authentication_api.dart

@@ -211,6 +211,18 @@ Note: wait a minute after enabling anonymous sign-in before trying again. It tak
 
   @override
   Future<Credentials> signinWithGoogle() async {
+    if (kIsWeb) {
+      // google_sign_in's imperative authenticate() is UNSUPPORTED on web (the v7
+      // web plugin throws UnimplementedError). Use Supabase's OAuth redirect flow:
+      // it sends the user to Google and back; the session arrives on return and is
+      // picked up by the auth state listener. Requires your web origin in Supabase
+      // Auth -> URL Configuration (Site URL / Redirect URLs).
+      await client.auth.signInWithOAuth(
+        OAuthProvider.google,
+        redirectTo: Uri.base.origin,
+      );
+      return Credentials(id: '', token: '');
+    }
     final googleSignIn = GoogleSignIn.instance;
     // Web: clientId = Web Client ID (no serverClientId needed)
     // Native iOS: clientId = iOS Client ID, serverClientId = Web Client ID
@@ -310,6 +322,16 @@ Note: wait a minute after enabling anonymous sign-in before trying again. It tak
 
   @override
   Future<Credentials> signupFromAnonymousWithGoogle() async {
+    if (kIsWeb) {
+      // Imperative GoogleSignIn.authenticate() is UNSUPPORTED on web. Use Supabase's
+      // OAuth redirect; the session arrives on return via the auth listener. (On web
+      // this signs in with Google instead of linking the anonymous user.)
+      await client.auth.signInWithOAuth(
+        OAuthProvider.google,
+        redirectTo: Uri.base.origin,
+      );
+      return Credentials(id: '', token: '');
+    }
     final scopes = ['email'];
     final googleSignIn = GoogleSignIn.instance;
 

package/lib/scaffold/backends/supabase/patch/lib/features/subscriptions/api/stripe_backend_api.dart

@@ -29,6 +29,7 @@ class StripeBackendApi {
     required String priceId,
     String? successUrl,
     String? cancelUrl,
+    String? locale,
   }) async {
     final res = await _client.functions.invoke(
       'stripe-create-checkout-session',
@@ -36,6 +37,7 @@ class StripeBackendApi {
         'priceId': priceId,
         if (successUrl != null) 'successUrl': successUrl,
         if (cancelUrl != null) 'cancelUrl': cancelUrl,
+        if (locale != null) 'locale': locale,
       },
     );
     return (res.data as Map)['url'] as String;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kasy-cli",
-  "version": "1.31.12",
+  "version": "1.31.13",
   "description": "CLI for scaffolding production-ready Flutter SaaS apps with Firebase, Supabase, or API REST backends.",
   "bin": {
     "kasy": "./bin/kasy.js"
@@ -31,7 +31,7 @@
     "access": "public"
   },
   "scripts": {
-    "prepack": "node scripts/check-feature-patches.js && node scripts/bundle-template.js && node test/generated-matches-kit.test.js && node test/supabase-verify-jwt.test.js && node test/supabase-cors.test.js && node test/backend-pubspec-local-reminders.test.js",
+    "prepack": "node scripts/check-feature-patches.js && node scripts/bundle-template.js && node test/generated-matches-kit.test.js && node test/supabase-verify-jwt.test.js && node test/supabase-cors.test.js && node test/supabase-google-web.test.js && node test/backend-pubspec-local-reminders.test.js",
     "start": "node ./bin/kasy.js",
     "setup": "node ./bin/kasy.js setup",
     "doctor": "node ./bin/kasy.js doctor",

package/templates/firebase/functions/src/subscriptions/stripe_functions.ts

@@ -1,5 +1,6 @@
 import {error} from "firebase-functions/logger";
 import {onCall, onRequest, HttpsError} from "firebase-functions/v2/https";
+import {onDocumentDeleted} from "firebase-functions/v2/firestore";
 import {defineSecret, defineString} from "firebase-functions/params";
 import * as admin from "firebase-admin";
 import {Timestamp} from "firebase-admin/firestore";
@@ -255,3 +256,39 @@ export const stripeWebhook = onRequest(
     }
   },
 );
+
+// ---------------------------------------------------------------------------
+// onUserDeletedCleanupStripe — tears down Stripe state when an account is
+// deleted. deleteUserAccount removes the users/{uid} doc; this trigger fires on
+// that deletion and (a) deletes the Stripe customer, which immediately cancels
+// all of its subscriptions so billing stops, and (b) removes the local
+// uid -> customer mapping so no orphan stripe_customers doc is left behind.
+// Lives in the Stripe module so a non-Stripe app never deploys it.
+// ---------------------------------------------------------------------------
+export const onUserDeletedCleanupStripe = onDocumentDeleted(
+  {document: "users/{userId}", secrets: [stripeSecretKey]},
+  async (event) => {
+    const uid = event.params.userId;
+    const custRef = admin
+      .firestore()
+      .collection(CUSTOMERS_COLLECTION)
+      .doc(uid);
+    try {
+      const snap = await custRef.get();
+      const customerId = snap.data()?.customerId as string | undefined;
+      if (customerId) {
+        // Deleting the Stripe customer cancels all of its subscriptions, so
+        // billing stops for the deleted account in a single call.
+        await stripeClient().customers.del(customerId);
+      }
+    } catch (e) {
+      console.log(`[stripe-cleanup] could not delete Stripe customer for ${uid}: ${e}`);
+    }
+    // Always drop the local mapping so no orphan remains.
+    try {
+      await custRef.delete();
+    } catch (e) {
+      console.log(`[stripe-cleanup] could not delete stripe_customers/${uid}: ${e}`);
+    }
+  },
+);

package/templates/firebase/lib/components/kasy_app_bar.dart

@@ -23,8 +23,6 @@
 
 library;
 
-import 'dart:ui' show ImageFilter;
-
 import 'package:flutter/foundation.dart' show kIsWeb;
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart' show SystemUiOverlayStyle;
@@ -111,17 +109,13 @@ Color kasyChromeOrbFillColor(BuildContext context) {
 class KasyFrostedChromeBackground extends StatelessWidget {
   final Widget child;
 
-  /// Backdrop blur strength; higher = more frosted (content still visible through tint).
-  final double blurSigma;
-
-  /// Insets content below the notch but keeps tint/blur covering the status-bar
-  /// strip so scroll never shows cards behind clock/battery icons.
+  /// Insets content below the notch but keeps the solid fill covering the
+  /// status-bar strip so scroll never shows cards behind clock/battery icons.
   final bool padForStatusBar;
 
   const KasyFrostedChromeBackground({
     super.key,
     required this.child,
-    this.blurSigma = 14,
     this.padForStatusBar = true,
   });
 
@@ -165,16 +159,8 @@ class KasyFrostedChromeBackground extends StatelessWidget {
     return AnnotatedRegion<SystemUiOverlayStyle>(
       value: overlayStyle,
       child: DecoratedBox(
-        decoration: BoxDecoration(boxShadow: chromeShadow),
-        child: ClipRect(
-          child: BackdropFilter(
-            filter: ImageFilter.blur(sigmaX: blurSigma, sigmaY: blurSigma),
-            child: DecoratedBox(
-              decoration: BoxDecoration(color: tint),
-              child: content,
-            ),
-          ),
-        ),
+        decoration: BoxDecoration(color: tint, boxShadow: chromeShadow),
+        child: content,
       ),
     );
   }
@@ -253,7 +239,6 @@ class KasyAppBar extends StatelessWidget {
   /// same tap target semantics as the built-in orbs.
   final Widget? trailing;
   final bool useSafeArea;
-  final double frostBlurSigma;
 
   /// When set, called instead of [ThemeProvider.toggle] for the theme orb
   /// ([KasyAppBarStyle.subpage], [KasyAppBarStyle.rootTab]).
@@ -282,7 +267,6 @@ class KasyAppBar extends StatelessWidget {
     this.onBack,
     this.trailing,
     this.useSafeArea = true,
-    this.frostBlurSigma = 14,
     this.onThemeToggle,
     this.toolbarHeight,
     this.topInset,
@@ -366,7 +350,6 @@ class KasyAppBar extends StatelessWidget {
           )
         : bar;
     final Widget chrome = KasyFrostedChromeBackground(
-      blurSigma: frostBlurSigma,
       padForStatusBar: useSafeArea,
       child: barContent,
     );

package/templates/firebase/lib/components/kasy_dialog.dart

@@ -506,6 +506,7 @@ Future<void> showKasyConfirmDialog(
   required String confirmLabel,
   VoidCallback? onCancel,
   VoidCallback? onConfirm,
+  Future<void> Function()? onConfirmAsync,
   bool destructive = false,
   bool barrierDismissible = false,
   IconData? leadingIcon,
@@ -517,37 +518,54 @@ Future<void> showKasyConfirmDialog(
   return showKasyBlurDialog<void>(
     context: context,
     barrierDismissible: barrierDismissible,
-    builder: (dialogCtx) => KasyDialog(
-      leadingIcon: leadingIcon ?? (destructive ? KasyIcons.trash : null),
-      iconTone: destructive ? KasyDialogIconTone.danger : iconTone,
-      title: title,
-      titleCentered: leadingIcon == null && !destructive,
-      message: message,
-      showCloseButton: false,
-      actionsAxis: Axis.horizontal,
-      actions: [
-        KasyButton(
-          label: cancelLabel,
-          variant: KasyButtonVariant.outline,
-          expand: true,
-          onPressed: () {
-            Navigator.of(dialogCtx).pop();
-            onCancel?.call();
-          },
-        ),
-        KasyButton(
-          label: confirmLabel,
-          variant: destructive
-              ? KasyButtonVariant.destructive
-              : KasyButtonVariant.primary,
-          expand: true,
-          onPressed: () {
-            Navigator.of(dialogCtx).pop();
-            onConfirm?.call();
-          },
+    builder: (dialogCtx) {
+      var isLoading = false;
+      return StatefulBuilder(
+        builder: (ctx, setState) => KasyDialog(
+          leadingIcon: leadingIcon ?? (destructive ? KasyIcons.trash : null),
+          iconTone: destructive ? KasyDialogIconTone.danger : iconTone,
+          title: title,
+          titleCentered: leadingIcon == null && !destructive,
+          message: message,
+          showCloseButton: false,
+          actionsAxis: Axis.horizontal,
+          actions: [
+            KasyButton(
+              label: cancelLabel,
+              variant: KasyButtonVariant.outline,
+              expand: true,
+              onPressed: isLoading
+                  ? null
+                  : () {
+                      Navigator.of(dialogCtx).pop();
+                      onCancel?.call();
+                    },
+            ),
+            KasyButton(
+              label: confirmLabel,
+              variant: destructive
+                  ? KasyButtonVariant.destructive
+                  : KasyButtonVariant.primary,
+              expand: true,
+              isLoading: isLoading,
+              onPressed: isLoading
+                  ? null
+                  : () {
+                      if (onConfirmAsync != null) {
+                        setState(() => isLoading = true);
+                        onConfirmAsync().whenComplete(() {
+                          if (dialogCtx.mounted) Navigator.of(dialogCtx).pop();
+                        });
+                      } else {
+                        Navigator.of(dialogCtx).pop();
+                        onConfirm?.call();
+                      }
+                    },
+            ),
+          ],
         ),
-      ],
-    ),
+      );
+    },
   );
 }
 

package/templates/firebase/lib/features/settings/ui/components/delete_user_component.dart

@@ -21,7 +21,19 @@ class DeleteUserButton extends ConsumerWidget {
         cancelLabel: t.settings.delete_account.cancel,
         confirmLabel: t.settings.delete_account.confirm,
         destructive: true,
-        onConfirm: () => ref.read(userStateNotifierProvider.notifier).deleteAccount(),
+        onConfirmAsync: () async {
+          try {
+            await ref.read(userStateNotifierProvider.notifier).deleteAccount();
+          } catch (_) {
+            if (context.mounted) {
+              showKasyToast(
+                context,
+                title: t.settings.delete_account.error,
+                tone: KasyToastTone.danger,
+              );
+            }
+          }
+        },
       ),
     );
   }

package/templates/firebase/lib/i18n/en.i18n.json

@@ -502,9 +502,10 @@
         "delete_account": {
             "button": "I want to delete my account",
             "title": "Delete your account?",
-            "content": "Warning: this action is irreversible.",
+            "content": "Warning: this is permanent. You will lose any active subscription, and creating a new account later (even with the same email) will not restore it.",
             "cancel": "Cancel",
-            "confirm": "Yes, delete"
+            "confirm": "Yes, delete",
+            "error": "Something went wrong. Please try again."
         },
         "admin": {
             "update_bottom_sheet": "Update bottom sheet",

package/templates/firebase/lib/i18n/es.i18n.json

@@ -502,9 +502,10 @@
         "delete_account": {
             "button": "Quiero eliminar mi cuenta",
             "title": "¿Quieres eliminar tu cuenta?",
-            "content": "Advertencia: esta acción es irreversible.",
+            "content": "Advertencia: esta acción es permanente. Perderás cualquier suscripción activa, y crear una cuenta nueva más tarde (incluso con el mismo correo) no la recuperará.",
             "cancel": "Cancelar",
-            "confirm": "Sí, eliminar"
+            "confirm": "Sí, eliminar",
+            "error": "Algo salió mal. Por favor, inténtalo de nuevo."
         },
         "admin": {
             "update_bottom_sheet": "Actualizar bottom sheet",

package/templates/firebase/lib/i18n/pt.i18n.json

@@ -502,9 +502,10 @@
         "delete_account": {
             "button": "Quero excluir minha conta",
             "title": "Quer excluir sua conta?",
-            "content": "Atenção: esta ação é irreversível.",
+            "content": "Atenção: esta ação é permanente. Você perde qualquer assinatura ativa, e criar uma nova conta depois (mesmo com o mesmo e-mail) não recupera ela.",
             "cancel": "Cancelar",
-            "confirm": "Sim, excluir"
+            "confirm": "Sim, excluir",
+            "error": "Algo deu errado. Por favor, tente novamente."
         },
         "admin": {
             "update_bottom_sheet": "Atualizar bottom sheet",