vibefast-cli 1.3.4 → 1.3.5

package/recipes/stripe-supabase/packages/backend/supabase/functions/payments/index.ts

@@ -0,0 +1,138 @@
+/**
+ * Supabase Payments Edge Function
+ *
+ * Unified entry point for authenticated payment actions:
+ * - checkout
+ * - portal
+ * - subscription
+ * - cancel
+ * - payments
+ */
+
+import 'jsr:@supabase/functions-js/edge-runtime.d.ts';
+import { createClient } from 'npm:@supabase/supabase-js@2';
+import { getPaymentProvider } from './config.ts';
+import { stripeProvider } from './providers/stripe.ts';
+import { lemonsqueezyProvider } from './providers/lemonsqueezy.ts';
+import type { PaymentProviderApi } from './types.ts';
+
+const corsHeaders = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Headers':
+    'authorization, x-client-info, apikey, content-type',
+  'Access-Control-Allow-Methods': 'POST, OPTIONS',
+};
+
+const jsonResponse = (body: unknown, status = 200) =>
+  new Response(JSON.stringify(body), {
+    status,
+    headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+  });
+
+const getEnv = (key: string, fallback?: string) => {
+  const value = Deno.env.get(key) ?? fallback;
+  if (!value) {
+    throw new Error(`Missing environment variable: ${key}`);
+  }
+  return value;
+};
+
+Deno.serve(async (req: Request) => {
+  if (req.method === 'OPTIONS') {
+    return new Response('ok', { headers: corsHeaders });
+  }
+
+  if (req.method !== 'POST') {
+    return jsonResponse({ ok: false, message: 'Method not allowed' }, 405);
+  }
+
+  try {
+    const authHeader = req.headers.get('Authorization');
+    if (!authHeader) {
+      return jsonResponse({ ok: false, message: 'Missing authorization header' }, 401);
+    }
+
+    const token = authHeader.replace('Bearer ', '');
+    const supabaseUrl = getEnv('SUPABASE_URL');
+    const supabaseAnonKey =
+      Deno.env.get('SUPABASE_ANON_KEY') ??
+      Deno.env.get('SUPABASE_PUBLISHABLE_KEY');
+    const supabaseSecretKey =
+      Deno.env.get('SUPABASE_SECRET_KEY') ??
+      Deno.env.get('SUPABASE_SERVICE_ROLE_KEY');
+
+    if (!supabaseAnonKey || !supabaseSecretKey) {
+      throw new Error('Supabase keys are not configured');
+    }
+
+    const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+      global: { headers: { Authorization: `Bearer ${token}` } },
+    });
+    const supabaseAdmin = createClient(supabaseUrl, supabaseSecretKey);
+
+    const {
+      data: { user },
+      error: authError,
+    } = await supabase.auth.getUser();
+
+    if (authError || !user) {
+      return jsonResponse({ ok: false, message: 'Invalid or expired token' }, 401);
+    }
+
+    const body = await req.json();
+    const action = body?.action as string | undefined;
+
+    if (!action) {
+      return jsonResponse({ ok: false, message: 'Missing action' }, 400);
+    }
+
+    const provider = getPaymentProvider();
+    const api: PaymentProviderApi =
+      provider === 'stripe'
+        ? stripeProvider({ supabaseAdmin, user })
+        : lemonsqueezyProvider({ supabaseAdmin, user });
+
+    switch (action) {
+      case 'checkout': {
+        const priceId = body?.priceId;
+        if (!priceId) {
+          return jsonResponse({ ok: false, message: 'priceId is required' }, 400);
+        }
+        const result = await api.createCheckout({
+          priceId,
+          mode: body?.mode,
+          successUrl: body?.successUrl,
+          cancelUrl: body?.cancelUrl,
+        });
+        return jsonResponse({ ok: true, ...result });
+      }
+      case 'portal': {
+        const result = await api.createPortalSession({
+          returnUrl: body?.returnUrl,
+        });
+        return jsonResponse({ ok: true, ...result });
+      }
+      case 'subscription': {
+        const subscription = await api.getSubscription();
+        return jsonResponse({ ok: true, subscription });
+      }
+      case 'cancel': {
+        const subscriptionId = body?.subscriptionId;
+        if (!subscriptionId) {
+          return jsonResponse({ ok: false, message: 'subscriptionId is required' }, 400);
+        }
+        await api.cancelSubscription({ subscriptionId });
+        return jsonResponse({ ok: true });
+      }
+      case 'payments': {
+        const payments = await api.getPayments();
+        return jsonResponse({ ok: true, payments });
+      }
+      default:
+        return jsonResponse({ ok: false, message: 'Unknown action' }, 400);
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'Unexpected error';
+    return jsonResponse({ ok: false, message }, 500);
+  }
+});

package/recipes/stripe-supabase/packages/backend/supabase/functions/payments/providers/lemonsqueezy.ts

@@ -0,0 +1,165 @@
+import {
+  createCheckout as lsCreateCheckout,
+  cancelSubscription as lsCancelSubscription,
+  lemonSqueezySetup,
+} from 'npm:@lemonsqueezy/lemonsqueezy.js';
+import { createClient } from 'npm:@supabase/supabase-js@2';
+import { getCheckoutUrls, getPlanByPriceId } from '../config.ts';
+import type { PaymentProviderApi, Subscription } from '../types.ts';
+
+type SupabaseClient = ReturnType<typeof createClient>;
+
+type ProviderContext = {
+  supabaseAdmin: SupabaseClient;
+  user: {
+    id: string;
+    email?: string | null;
+    user_metadata?: Record<string, unknown>;
+  };
+};
+
+const initLemonSqueezy = () => {
+  const apiKey = Deno.env.get('LEMONSQUEEZY_API_KEY');
+  if (!apiKey) {
+    throw new Error('LEMONSQUEEZY_API_KEY is not configured');
+  }
+  lemonSqueezySetup({ apiKey });
+};
+
+const getCustomerName = (user: ProviderContext['user']) => {
+  const metadata = user.user_metadata ?? {};
+  return (
+    (metadata['full_name'] as string | undefined) ||
+    (metadata['name'] as string | undefined) ||
+    undefined
+  );
+};
+
+const mapSubscription = (row: any): Subscription | null => {
+  if (!row) return null;
+  const activeStatuses = ['active', 'trialing', 'on_trial'];
+  if (!activeStatuses.includes(row.status)) {
+    return null;
+  }
+
+  const plan = getPlanByPriceId(row.price_id ?? '');
+  const toUnix = (value: string | null) =>
+    value ? Math.floor(new Date(value).getTime() / 1000) : undefined;
+
+  return {
+    id: row.provider_subscription_id,
+    provider: 'lemonsqueezy',
+    status: row.status === 'on_trial' ? 'trialing' : row.status,
+    planId: plan?.id ?? '',
+    priceId: row.price_id ?? undefined,
+    currentPeriodEnd: toUnix(row.current_period_end),
+    cancelAt: toUnix(row.cancel_at),
+    cancelAtPeriodEnd: row.cancel_at_period_end ?? undefined,
+  };
+};
+
+export const lemonsqueezyProvider = ({
+  supabaseAdmin,
+  user,
+}: ProviderContext): PaymentProviderApi => {
+  return {
+    async createCheckout(args) {
+      initLemonSqueezy();
+
+      const storeId = Deno.env.get('LEMONSQUEEZY_STORE_ID');
+      if (!storeId) {
+        throw new Error('LEMONSQUEEZY_STORE_ID is not configured');
+      }
+
+      const urls = getCheckoutUrls(args.successUrl, args.cancelUrl);
+
+      const { data, error } = await lsCreateCheckout(storeId, args.priceId, {
+        checkoutData: {
+          email: user.email ?? undefined,
+          name: getCustomerName(user),
+          custom: {
+            user_id: user.id,
+          },
+        },
+        productOptions: {
+          redirectUrl: urls.successUrl,
+        },
+      });
+
+      if (error) {
+        throw new Error(`LemonSqueezy checkout error: ${error.message}`);
+      }
+
+      const url = data?.data?.attributes?.url;
+      if (!url) {
+        throw new Error('No checkout URL returned from LemonSqueezy');
+      }
+
+      return { url };
+    },
+
+    async createPortalSession(args) {
+      const { data, error } = await supabaseAdmin
+        .from('subscriptions')
+        .select('*')
+        .eq('user_id', user.id)
+        .eq('provider', 'lemonsqueezy')
+        .order('created_at', { ascending: false })
+        .limit(1)
+        .maybeSingle();
+
+      if (error) {
+        throw new Error(`Failed to read subscription: ${error.message}`);
+      }
+
+      const portalUrl = data?.metadata?.customerPortalUrl as
+        | string
+        | undefined;
+
+      return {
+        url: portalUrl ?? args.returnUrl ?? `${Deno.env.get('SITE_URL')}/billing`,
+      };
+    },
+
+    async getSubscription() {
+      const { data, error } = await supabaseAdmin
+        .from('subscriptions')
+        .select('*')
+        .eq('user_id', user.id)
+        .eq('provider', 'lemonsqueezy')
+        .order('created_at', { ascending: false })
+        .limit(1)
+        .maybeSingle();
+
+      if (error) {
+        throw new Error(`Failed to read subscription: ${error.message}`);
+      }
+
+      return mapSubscription(data);
+    },
+
+    async cancelSubscription({ subscriptionId }) {
+      initLemonSqueezy();
+      const { error } = await lsCancelSubscription(subscriptionId);
+      if (error) {
+        throw new Error(`Failed to cancel subscription: ${error.message}`);
+      }
+      return true;
+    },
+
+    async getPayments() {
+      const { data, error } = await supabaseAdmin
+        .from('orders')
+        .select('*')
+        .eq('user_id', user.id)
+        .eq('provider', 'lemonsqueezy')
+        .order('created_at', { ascending: false });
+
+      if (error) {
+        throw new Error(`Failed to read payments: ${error.message}`);
+      }
+
+      return data ?? [];
+    },
+  };
+};

package/recipes/stripe-supabase/packages/backend/supabase/functions/payments/providers/stripe.ts

@@ -0,0 +1,179 @@
+import Stripe from 'npm:stripe@14.25.0';
+import { createClient } from 'npm:@supabase/supabase-js@2';
+import { getCheckoutUrls, getPlanByPriceId } from '../config.ts';
+import type { PaymentProviderApi, Subscription } from '../types.ts';
+
+type SupabaseClient = ReturnType<typeof createClient>;
+
+type ProviderContext = {
+  supabaseAdmin: SupabaseClient;
+  user: {
+    id: string;
+    email?: string | null;
+    user_metadata?: Record<string, unknown>;
+  };
+};
+
+const getStripeClient = () => {
+  const secretKey = Deno.env.get('STRIPE_SECRET_KEY');
+  if (!secretKey) {
+    throw new Error('STRIPE_SECRET_KEY is not configured');
+  }
+  return new Stripe(secretKey, {
+    apiVersion: '2023-10-16',
+  });
+};
+
+const getCustomerName = (user: ProviderContext['user']) => {
+  const metadata = user.user_metadata ?? {};
+  const name =
+    (metadata['full_name'] as string | undefined) ||
+    (metadata['name'] as string | undefined) ||
+    undefined;
+  return name;
+};
+
+const getOrCreateCustomer = async (
+  stripe: Stripe,
+  supabaseAdmin: SupabaseClient,
+  user: ProviderContext['user'],
+) => {
+  const { data: existing, error } = await supabaseAdmin
+    .from('payment_customers')
+    .select('provider_customer_id')
+    .eq('user_id', user.id)
+    .eq('provider', 'stripe')
+    .maybeSingle();
+
+  if (error) {
+    throw new Error(`Failed to query customer mapping: ${error.message}`);
+  }
+
+  if (existing?.provider_customer_id) {
+    return existing.provider_customer_id;
+  }
+
+  const customer = await stripe.customers.create({
+    email: user.email ?? undefined,
+    name: getCustomerName(user),
+    metadata: { user_id: user.id },
+  });
+
+  const { error: insertError } = await supabaseAdmin
+    .from('payment_customers')
+    .insert({
+      user_id: user.id,
+      provider: 'stripe',
+      provider_customer_id: customer.id,
+    });
+
+  if (insertError) {
+    throw new Error(`Failed to store customer mapping: ${insertError.message}`);
+  }
+
+  return customer.id;
+};
+
+const mapSubscription = (row: any): Subscription | null => {
+  if (!row) return null;
+  const activeStatuses = ['active', 'trialing'];
+  if (!activeStatuses.includes(row.status)) {
+    return null;
+  }
+
+  const plan = getPlanByPriceId(row.price_id ?? '');
+  const toUnix = (value: string | null) =>
+    value ? Math.floor(new Date(value).getTime() / 1000) : undefined;
+
+  return {
+    id: row.provider_subscription_id,
+    provider: 'stripe',
+    status: row.status,
+    planId: plan?.id ?? '',
+    priceId: row.price_id ?? undefined,
+    currentPeriodEnd: toUnix(row.current_period_end),
+    cancelAt: toUnix(row.cancel_at),
+    cancelAtPeriodEnd: row.cancel_at_period_end ?? undefined,
+  };
+};
+
+export const stripeProvider = ({
+  supabaseAdmin,
+  user,
+}: ProviderContext): PaymentProviderApi => {
+  return {
+    async createCheckout(args) {
+      const stripe = getStripeClient();
+      const customerId = await getOrCreateCustomer(stripe, supabaseAdmin, user);
+      const urls = getCheckoutUrls(args.successUrl, args.cancelUrl);
+
+      const session = await stripe.checkout.sessions.create({
+        mode: args.mode ?? 'subscription',
+        customer: customerId,
+        line_items: [{ price: args.priceId, quantity: 1 }],
+        success_url: urls.successUrl,
+        cancel_url: urls.cancelUrl,
+        subscription_data: { metadata: { user_id: user.id } },
+        metadata: { user_id: user.id },
+      });
+
+      if (!session.url) {
+        throw new Error('No checkout URL returned from Stripe');
+      }
+
+      return { url: session.url, sessionId: session.id };
+    },
+
+    async createPortalSession(args) {
+      const stripe = getStripeClient();
+      const customerId = await getOrCreateCustomer(stripe, supabaseAdmin, user);
+
+      const result = await stripe.billingPortal.sessions.create({
+        customer: customerId,
+        return_url: args.returnUrl ?? `${Deno.env.get('SITE_URL')}/billing`,
+      });
+
+      return { url: result.url };
+    },
+
+    async getSubscription() {
+      const { data, error } = await supabaseAdmin
+        .from('subscriptions')
+        .select('*')
+        .eq('user_id', user.id)
+        .eq('provider', 'stripe')
+        .order('created_at', { ascending: false })
+        .limit(1)
+        .maybeSingle();
+
+      if (error) {
+        throw new Error(`Failed to read subscription: ${error.message}`);
+      }
+
+      return mapSubscription(data);
+    },
+
+    async cancelSubscription({ subscriptionId }) {
+      const stripe = getStripeClient();
+      await stripe.subscriptions.update(subscriptionId, {
+        cancel_at_period_end: true,
+      });
+      return true;
+    },
+
+    async getPayments() {
+      const { data, error } = await supabaseAdmin
+        .from('orders')
+        .select('*')
+        .eq('user_id', user.id)
+        .eq('provider', 'stripe')
+        .order('created_at', { ascending: false });
+
+      if (error) {
+        throw new Error(`Failed to read payments: ${error.message}`);
+      }
+
+      return data ?? [];
+    },
+  };
+};

package/recipes/stripe-supabase/packages/backend/supabase/functions/payments/types.ts

@@ -0,0 +1,57 @@
+export type PaymentProvider = 'stripe' | 'lemonsqueezy';
+
+export type SubscriptionStatus =
+  | 'active'
+  | 'trialing'
+  | 'past_due'
+  | 'canceled'
+  | 'expired'
+  | 'paused'
+  | 'unpaid';
+
+export type BillingInterval = 'month' | 'year' | 'one_time';
+
+export interface Plan {
+  id: string;
+  name: string;
+  description?: string;
+  price: string;
+  priceId: string;
+  interval: BillingInterval;
+  features: string[];
+  popular?: boolean;
+}
+
+export interface Subscription {
+  id: string;
+  provider: PaymentProvider;
+  status: SubscriptionStatus | string;
+  planId: string;
+  priceId?: string;
+  currentPeriodEnd?: number;
+  cancelAt?: number;
+  cancelAtPeriodEnd?: boolean;
+  createdAt?: number;
+}
+
+export interface CheckoutResult {
+  url: string;
+  sessionId?: string;
+}
+
+export interface PortalResult {
+  url: string;
+}
+
+export interface PaymentProviderApi {
+  createCheckout: (args: {
+    priceId: string;
+    mode?: 'subscription' | 'payment';
+    successUrl?: string;
+    cancelUrl?: string;
+  }) => Promise<CheckoutResult>;
+  createPortalSession: (args: { returnUrl?: string }) => Promise<PortalResult>;
+  getSubscription: () => Promise<Subscription | null>;
+  cancelSubscription: (args: { subscriptionId: string }) => Promise<boolean>;
+  getPayments: () => Promise<any[]>;
+}