foodsnap/supabase/functions/stripe-checkout/index.ts


/// <reference lib="deno.ns" />
import Stripe from "https://esm.sh/stripe@16.12.0?target=deno";

const STRIPE_SECRET_KEY = Deno.env.get("STRIPE_SECRET_KEY")!;
const SUPABASE_URL = Deno.env.get("SUPABASE_URL")!;
const SUPABASE_ANON_KEY = Deno.env.get("SUPABASE_ANON_KEY")!;
const SITE_URL = Deno.env.get("SITE_URL")!;

// ✅ seus PRICE IDs (recorrentes)
const PRICE_MENSAL = "price_1SeOVpPHwVDouhbBWZj9beS3";
const PRICE_TRIMESTRAL = "price_1SeOeXPHwVDouhbBcaiUy3vu";
const PRICE_ANUAL = "price_1SeOg4PHwVDouhbBTEiUPhMl";

const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: "2025-11-17.clover" });

const corsHeaders = {
    "access-control-allow-origin": "*",
    "access-control-allow-headers": "authorization, x-client-info, apikey, content-type",
    "access-control-allow-methods": "POST, OPTIONS",
};

function json(data: unknown, status = 200) {
    return new Response(JSON.stringify(data), {
        status,
        headers: { "content-type": "application/json", ...corsHeaders },
    });
}

async function getUserFromJwt(jwt: string) {
    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
        headers: {
            apikey: SUPABASE_ANON_KEY,
            authorization: `Bearer ${jwt}`,
        },
    });
    if (!res.ok) return null;
    return await res.json();
}

function assertBaseUrl(raw: string, name: string) {
    let u: URL;
    try {
        u = new URL(raw);
    } catch {
        throw new Error(`${name} inválida. Use https://... (ex: https://foodsnap.com.br)`);
    }
    if (u.protocol !== "https:" && u.hostname !== "localhost") {
        throw new Error(`${name} deve ser https:// (ou localhost em dev)`);
    }
    return u;
}

function normalizePlan(planRaw: unknown) {
    const p = String(planRaw ?? "").toLowerCase().trim();
    if (p === "mensal" || p === "monthly") return "mensal";
    if (p === "trimestral" || p === "quarterly") return "trimestral";
    if (p === "anual" || p === "annual" || p === "yearly") return "anual";
    return "";
}

function priceIdForPlan(plan: string) {
    if (plan === "mensal") return PRICE_MENSAL;
    if (plan === "trimestral") return PRICE_TRIMESTRAL;
    if (plan === "anual") return PRICE_ANUAL;
    return null;
}

Deno.serve(async (req) => {
    if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders });
    if (req.method !== "POST") return json({ ok: false, error: "Method not allowed" }, 405);

    try {
        if (!STRIPE_SECRET_KEY) return json({ ok: false, error: "Missing STRIPE_SECRET_KEY" }, 500);
        if (!SUPABASE_URL) return json({ ok: false, error: "Missing SUPABASE_URL" }, 500);
        if (!SUPABASE_ANON_KEY) return json({ ok: false, error: "Missing SUPABASE_ANON_KEY" }, 500);
        if (!SITE_URL) return json({ ok: false, error: "Missing SITE_URL" }, 500);

        const site = assertBaseUrl(SITE_URL, "SITE_URL");

        const auth = req.headers.get("authorization") || "";
        const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : "";
        if (!jwt) return json({ ok: false, error: "Missing Authorization Bearer token" }, 401);

        const user = await getUserFromJwt(jwt);
        if (!user?.id) return json({ ok: false, error: "Invalid token" }, 401);

        const body = await req.json().catch(() => ({}));
        const plan = normalizePlan(body?.plan);
        if (!plan) return json({ ok: false, error: "Plano inválido. Use: mensal|trimestral|anual" }, 400);

        const priceId = priceIdForPlan(plan);
        if (!priceId) return json({ ok: false, error: "Price não configurado para este plano" }, 500);

        // ✅ garante que é recorrente
        const price = await stripe.prices.retrieve(priceId);
        const isRecurring = (price as any)?.type === "recurring" || !!(price as any)?.recurring;
        if (!isRecurring) {
            return json(
                { ok: false, error: `O price ${priceId} não é recorrente. Precisa ser Recurring para subscription.` },
                400,
            );
        }

        const successUrl = new URL("/dashboard?checkout=success", site).toString();
        const cancelUrl = new URL("/dashboard?checkout=cancel", site).toString();

        const session = await stripe.checkout.sessions.create({
            mode: "subscription",
            line_items: [{ price: priceId, quantity: 1 }],
            success_url: successUrl,
            cancel_url: cancelUrl,

            // ✅ amarra no usuário
            customer_email: user.email ?? undefined,
            metadata: { user_id: user.id, plan_code: plan },
            subscription_data: { metadata: { user_id: user.id, plan_code: plan } },
        });

        return json({ ok: true, url: session.url, plan, priceId });
    } catch (err) {
        console.error("stripe-checkout error:", err);
        return json({ ok: false, error: String((err as any)?.message ?? err) }, 500);
    }
});
feat: complete dashboard redesign, payment history, and backend limits 2026-02-17 20:49:42 +00:00
			`/// <reference lib="deno.ns" />`
			`import Stripe from "https://esm.sh/stripe@16.12.0?target=deno";`

			`const STRIPE_SECRET_KEY = Deno.env.get("STRIPE_SECRET_KEY")!;`
			`const SUPABASE_URL = Deno.env.get("SUPABASE_URL")!;`
			`const SUPABASE_ANON_KEY = Deno.env.get("SUPABASE_ANON_KEY")!;`
			`const SITE_URL = Deno.env.get("SITE_URL")!;`

			`// ✅ seus PRICE IDs (recorrentes)`
			`const PRICE_MENSAL = "price_1SeOVpPHwVDouhbBWZj9beS3";`
			`const PRICE_TRIMESTRAL = "price_1SeOeXPHwVDouhbBcaiUy3vu";`
			`const PRICE_ANUAL = "price_1SeOg4PHwVDouhbBTEiUPhMl";`

			`const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: "2025-11-17.clover" });`

			`const corsHeaders = {`
			`"access-control-allow-origin": "*",`
			`"access-control-allow-headers": "authorization, x-client-info, apikey, content-type",`
			`"access-control-allow-methods": "POST, OPTIONS",`
			`};`

			`function json(data: unknown, status = 200) {`
			`return new Response(JSON.stringify(data), {`
			`status,`
			`headers: { "content-type": "application/json", ...corsHeaders },`
			`});`
			`}`

			`async function getUserFromJwt(jwt: string) {`
			const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
			`headers: {`
			`apikey: SUPABASE_ANON_KEY,`
			authorization: `Bearer ${jwt}`,
			`},`
			`});`
			`if (!res.ok) return null;`
			`return await res.json();`
			`}`

			`function assertBaseUrl(raw: string, name: string) {`
			`let u: URL;`
			`try {`
			`u = new URL(raw);`
			`} catch {`
			throw new Error(`${name} inválida. Use https://... (ex: https://foodsnap.com.br)`);
			`}`
			`if (u.protocol !== "https:" && u.hostname !== "localhost") {`
			throw new Error(`${name} deve ser https:// (ou localhost em dev)`);
			`}`
			`return u;`
			`}`

			`function normalizePlan(planRaw: unknown) {`
			`const p = String(planRaw ?? "").toLowerCase().trim();`
			`if (p === "mensal" \|\| p === "monthly") return "mensal";`
			`if (p === "trimestral" \|\| p === "quarterly") return "trimestral";`
			`if (p === "anual" \|\| p === "annual" \|\| p === "yearly") return "anual";`
			`return "";`
			`}`

			`function priceIdForPlan(plan: string) {`
			`if (plan === "mensal") return PRICE_MENSAL;`
			`if (plan === "trimestral") return PRICE_TRIMESTRAL;`
			`if (plan === "anual") return PRICE_ANUAL;`
			`return null;`
			`}`

			`Deno.serve(async (req) => {`
			`if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders });`
			`if (req.method !== "POST") return json({ ok: false, error: "Method not allowed" }, 405);`

			`try {`
			`if (!STRIPE_SECRET_KEY) return json({ ok: false, error: "Missing STRIPE_SECRET_KEY" }, 500);`
			`if (!SUPABASE_URL) return json({ ok: false, error: "Missing SUPABASE_URL" }, 500);`
			`if (!SUPABASE_ANON_KEY) return json({ ok: false, error: "Missing SUPABASE_ANON_KEY" }, 500);`
			`if (!SITE_URL) return json({ ok: false, error: "Missing SITE_URL" }, 500);`

			`const site = assertBaseUrl(SITE_URL, "SITE_URL");`

			`const auth = req.headers.get("authorization") \|\| "";`
			`const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : "";`
			`if (!jwt) return json({ ok: false, error: "Missing Authorization Bearer token" }, 401);`

			`const user = await getUserFromJwt(jwt);`
			`if (!user?.id) return json({ ok: false, error: "Invalid token" }, 401);`

			`const body = await req.json().catch(() => ({}));`
			`const plan = normalizePlan(body?.plan);`
			`if (!plan) return json({ ok: false, error: "Plano inválido. Use: mensal\|trimestral\|anual" }, 400);`

			`const priceId = priceIdForPlan(plan);`
			`if (!priceId) return json({ ok: false, error: "Price não configurado para este plano" }, 500);`

			`// ✅ garante que é recorrente`
			`const price = await stripe.prices.retrieve(priceId);`
			`const isRecurring = (price as any)?.type === "recurring" \|\| !!(price as any)?.recurring;`
			`if (!isRecurring) {`
			`return json(`
			{ ok: false, error: `O price ${priceId} não é recorrente. Precisa ser Recurring para subscription.` },
			`400,`
			`);`
			`}`

			`const successUrl = new URL("/dashboard?checkout=success", site).toString();`
			`const cancelUrl = new URL("/dashboard?checkout=cancel", site).toString();`

			`const session = await stripe.checkout.sessions.create({`
			`mode: "subscription",`
			`line_items: [{ price: priceId, quantity: 1 }],`
			`success_url: successUrl,`
			`cancel_url: cancelUrl,`

			`// ✅ amarra no usuário`
			`customer_email: user.email ?? undefined,`
			`metadata: { user_id: user.id, plan_code: plan },`
			`subscription_data: { metadata: { user_id: user.id, plan_code: plan } },`
			`});`

			`return json({ ok: true, url: session.url, plan, priceId });`
			`} catch (err) {`
			`console.error("stripe-checkout error:", err);`
			`return json({ ok: false, error: String((err as any)?.message ?? err) }, 500);`
			`}`
			`});`