mcp-twin 1.2.0 → 1.4.0

package/src/cloud/routes/billing.ts

@@ -0,0 +1,460 @@
+/**
+ * Billing Routes
+ * MCP Twin Cloud
+ */
+
+import { Router, Request, Response } from 'express';
+import { query, queryOne } from '../db';
+import { authenticateApiKey, User } from '../auth';
+import {
+  isStripeConfigured,
+  getOrCreateCustomer,
+  createCheckoutSession,
+  createPortalSession,
+  getInvoices,
+  constructWebhookEvent,
+  TIER_TO_PRICE,
+  PRICE_TO_TIER,
+} from '../stripe';
+
+const router = Router();
+
+/**
+ * GET /api/billing/status
+ * Get billing status and current plan
+ */
+router.get('/status', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.json({
+        configured: false,
+        message: 'Stripe is not configured. Set STRIPE_SECRET_KEY to enable billing.',
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT id, email, tier, stripe_customer_id, stripe_subscription_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user) {
+      res.status(404).json({
+        error: { code: 'NOT_FOUND', message: 'User not found' },
+      });
+      return;
+    }
+
+    res.json({
+      configured: true,
+      tier: user.tier,
+      hasSubscription: !!user.stripe_subscription_id,
+      customerId: user.stripe_customer_id ? `cus_...${user.stripe_customer_id.slice(-4)}` : null,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Status error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to get billing status' },
+    });
+  }
+});
+
+/**
+ * GET /api/billing/plans
+ * Get available plans
+ */
+router.get('/plans', async (req: Request, res: Response) => {
+  res.json({
+    plans: [
+      {
+        id: 'free',
+        name: 'Free',
+        price: 0,
+        interval: null,
+        features: [
+          '1 twin',
+          '10,000 requests/month',
+          '24-hour log retention',
+          'Community support',
+        ],
+      },
+      {
+        id: 'starter',
+        name: 'Starter',
+        price: 29,
+        interval: 'month',
+        priceId: TIER_TO_PRICE.starter,
+        features: [
+          '5 twins',
+          '100,000 requests/month',
+          '7-day log retention',
+          'Email support',
+        ],
+      },
+      {
+        id: 'pro',
+        name: 'Professional',
+        price: 149,
+        interval: 'month',
+        priceId: TIER_TO_PRICE.pro,
+        features: [
+          'Unlimited twins',
+          '1,000,000 requests/month',
+          '30-day log retention',
+          'Priority support',
+          'Custom integrations',
+        ],
+      },
+      {
+        id: 'enterprise',
+        name: 'Enterprise',
+        price: null,
+        interval: null,
+        features: [
+          'Unlimited everything',
+          '90-day log retention',
+          'Dedicated support',
+          'SLA guarantee',
+          'SSO/SAML',
+          'Custom contracts',
+        ],
+        contactSales: true,
+      },
+    ],
+  });
+});
+
+/**
+ * POST /api/billing/checkout
+ * Create a Stripe checkout session
+ */
+router.post('/checkout', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.status(400).json({
+        error: {
+          code: 'STRIPE_NOT_CONFIGURED',
+          message: 'Stripe is not configured',
+        },
+      });
+      return;
+    }
+
+    const { plan, successUrl, cancelUrl } = req.body;
+
+    if (!plan || !successUrl || !cancelUrl) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'plan, successUrl, and cancelUrl are required',
+        },
+      });
+      return;
+    }
+
+    const priceId = TIER_TO_PRICE[plan];
+    if (!priceId) {
+      res.status(400).json({
+        error: {
+          code: 'INVALID_PLAN',
+          message: `Invalid plan: ${plan}. Valid plans: starter, pro`,
+        },
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT id, email, stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user) {
+      res.status(404).json({
+        error: { code: 'NOT_FOUND', message: 'User not found' },
+      });
+      return;
+    }
+
+    // Get or create Stripe customer
+    const customerId = await getOrCreateCustomer(
+      user.id,
+      user.email,
+      user.stripe_customer_id
+    );
+
+    // Update user with customer ID if new
+    if (!user.stripe_customer_id) {
+      await query(
+        'UPDATE users SET stripe_customer_id = $1 WHERE id = $2',
+        [customerId, user.id]
+      );
+    }
+
+    // Create checkout session
+    const session = await createCheckoutSession(
+      customerId,
+      priceId,
+      successUrl,
+      cancelUrl
+    );
+
+    res.json({
+      sessionId: session.id,
+      url: session.url,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Checkout error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to create checkout session' },
+    });
+  }
+});
+
+/**
+ * POST /api/billing/portal
+ * Create a Stripe billing portal session
+ */
+router.post('/portal', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.status(400).json({
+        error: {
+          code: 'STRIPE_NOT_CONFIGURED',
+          message: 'Stripe is not configured',
+        },
+      });
+      return;
+    }
+
+    const { returnUrl } = req.body;
+
+    if (!returnUrl) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'returnUrl is required',
+        },
+      });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user?.stripe_customer_id) {
+      res.status(400).json({
+        error: {
+          code: 'NO_SUBSCRIPTION',
+          message: 'No billing account found. Subscribe to a plan first.',
+        },
+      });
+      return;
+    }
+
+    const session = await createPortalSession(user.stripe_customer_id, returnUrl);
+
+    res.json({
+      url: session.url,
+    });
+  } catch (error: any) {
+    console.error('[Billing] Portal error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to create portal session' },
+    });
+  }
+});
+
+/**
+ * GET /api/billing/invoices
+ * Get user's invoices
+ */
+router.get('/invoices', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    if (!isStripeConfigured()) {
+      res.json({ invoices: [] });
+      return;
+    }
+
+    const user = await queryOne<User>(
+      'SELECT stripe_customer_id FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user?.stripe_customer_id) {
+      res.json({ invoices: [] });
+      return;
+    }
+
+    const invoices = await getInvoices(user.stripe_customer_id);
+
+    res.json({
+      invoices: invoices.map((inv) => ({
+        id: inv.id,
+        number: inv.number,
+        status: inv.status,
+        amount: inv.amount_due / 100,
+        currency: inv.currency,
+        created: new Date(inv.created * 1000).toISOString(),
+        pdfUrl: inv.invoice_pdf,
+        hostedUrl: inv.hosted_invoice_url,
+      })),
+    });
+  } catch (error: any) {
+    console.error('[Billing] Invoices error:', error);
+    res.status(500).json({
+      error: { code: 'INTERNAL_ERROR', message: 'Failed to get invoices' },
+    });
+  }
+});
+
+/**
+ * POST /api/billing/webhook
+ * Handle Stripe webhooks
+ */
+router.post(
+  '/webhook',
+  // Use raw body for webhook signature verification
+  async (req: Request, res: Response) => {
+    const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+
+    if (!webhookSecret) {
+      console.error('[Billing] STRIPE_WEBHOOK_SECRET not configured');
+      res.status(400).json({ error: 'Webhook not configured' });
+      return;
+    }
+
+    const signature = req.headers['stripe-signature'] as string;
+
+    if (!signature) {
+      res.status(400).json({ error: 'Missing stripe-signature header' });
+      return;
+    }
+
+    let event;
+
+    try {
+      // req.body should be raw buffer for webhook verification
+      const rawBody = req.body;
+      event = constructWebhookEvent(rawBody, signature, webhookSecret);
+    } catch (err: any) {
+      console.error('[Billing] Webhook signature verification failed:', err.message);
+      res.status(400).json({ error: `Webhook Error: ${err.message}` });
+      return;
+    }
+
+    console.log(`[Billing] Webhook received: ${event.type}`);
+
+    try {
+      switch (event.type) {
+        case 'checkout.session.completed': {
+          const session = event.data.object as any;
+          await handleCheckoutComplete(session);
+          break;
+        }
+
+        case 'customer.subscription.created':
+        case 'customer.subscription.updated': {
+          const subscription = event.data.object as any;
+          await handleSubscriptionUpdate(subscription);
+          break;
+        }
+
+        case 'customer.subscription.deleted': {
+          const subscription = event.data.object as any;
+          await handleSubscriptionDeleted(subscription);
+          break;
+        }
+
+        case 'invoice.payment_failed': {
+          const invoice = event.data.object as any;
+          await handlePaymentFailed(invoice);
+          break;
+        }
+
+        default:
+          console.log(`[Billing] Unhandled event type: ${event.type}`);
+      }
+
+      res.json({ received: true });
+    } catch (error: any) {
+      console.error('[Billing] Webhook handler error:', error);
+      res.status(500).json({ error: 'Webhook handler failed' });
+    }
+  }
+);
+
+/**
+ * Handle checkout.session.completed
+ */
+async function handleCheckoutComplete(session: any): Promise<void> {
+  const customerId = session.customer;
+  const subscriptionId = session.subscription;
+
+  console.log(`[Billing] Checkout complete for customer ${customerId}`);
+
+  // Update user with subscription ID
+  await query(
+    `UPDATE users
+     SET stripe_subscription_id = $1, updated_at = NOW()
+     WHERE stripe_customer_id = $2`,
+    [subscriptionId, customerId]
+  );
+}
+
+/**
+ * Handle subscription created/updated
+ */
+async function handleSubscriptionUpdate(subscription: any): Promise<void> {
+  const customerId = subscription.customer;
+  const status = subscription.status;
+  const priceId = subscription.items.data[0]?.price?.id;
+
+  console.log(`[Billing] Subscription update: ${customerId} -> ${status} (${priceId})`);
+
+  if (status === 'active' || status === 'trialing') {
+    // Determine tier from price
+    const tier = PRICE_TO_TIER[priceId] || 'free';
+
+    await query(
+      `UPDATE users
+       SET tier = $1, stripe_subscription_id = $2, updated_at = NOW()
+       WHERE stripe_customer_id = $3`,
+      [tier, subscription.id, customerId]
+    );
+
+    console.log(`[Billing] User upgraded to ${tier}`);
+  }
+}
+
+/**
+ * Handle subscription deleted
+ */
+async function handleSubscriptionDeleted(subscription: any): Promise<void> {
+  const customerId = subscription.customer;
+
+  console.log(`[Billing] Subscription deleted for ${customerId}`);
+
+  // Downgrade to free tier
+  await query(
+    `UPDATE users
+     SET tier = 'free', stripe_subscription_id = NULL, updated_at = NOW()
+     WHERE stripe_customer_id = $1`,
+    [customerId]
+  );
+}
+
+/**
+ * Handle payment failed
+ */
+async function handlePaymentFailed(invoice: any): Promise<void> {
+  const customerId = invoice.customer;
+
+  console.log(`[Billing] Payment failed for ${customerId}`);
+
+  // Could send email notification, etc.
+  // For now just log it
+}
+
+export default router;