foodsnap/supabase/functions/stripe-portal/index.ts


/// <reference lib="deno.ns" />
import Stripe from "npm:stripe@16.12.0";

const STRIPE_SECRET_KEY = Deno.env.get("STRIPE_SECRET_KEY") ?? "";
const SUPABASE_URL = Deno.env.get("SUPABASE_URL") ?? "";
const SUPABASE_ANON_KEY = Deno.env.get("SUPABASE_ANON_KEY") ?? "";
const SITE_URL = Deno.env.get("SITE_URL") ?? "http://localhost:3000";

const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: "2025-11-17.clover" });

const corsHeaders = {
    "access-control-allow-origin": "*",
    "access-control-allow-headers": "authorization, x-client-info, apikey, content-type",
    "access-control-allow-methods": "POST, OPTIONS",
};

function json(data: unknown, status = 200) {
    return new Response(JSON.stringify(data), {
        status,
        headers: { "content-type": "application/json", ...corsHeaders },
    });
}

async function getUserFromJwt(jwt: string) {
    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
        headers: {
            apikey: SUPABASE_ANON_KEY,
            authorization: `Bearer ${jwt}`,
        },
    });
    if (!res.ok) return null;
    return await res.json();
}

async function getStripeCustomerId(userId: string) {
    const res = await fetch(`${SUPABASE_URL}/rest/v1/stripe_customers?user_id=eq.${userId}&select=stripe_customer_id`, {
        headers: {
            apikey: SUPABASE_ANON_KEY,
            authorization: `Bearer ${SUPABASE_ANON_KEY}`,
        },
    });
    if (!res.ok) return null;
    const rows = await res.json();
    return rows?.[0]?.stripe_customer_id;
}

Deno.serve(async (req) => {
    if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders });
    if (req.method !== "POST") return json({ ok: false, error: "Method not allowed" }, 405);

    try {
        const auth = req.headers.get("authorization") || "";
        const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : "";
        if (!jwt) return json({ ok: false, error: "Missing Authorization" }, 401);

        const user = await getUserFromJwt(jwt);
        if (!user?.id) return json({ ok: false, error: "Invalid token" }, 401);

        const customerId = await getStripeCustomerId(user.id);
        if (!customerId) return json({ ok: false, error: "Customer not found" }, 404);

        const session = await stripe.billingPortal.sessions.create({
            customer: customerId,
            return_url: `${SITE_URL}/dashboard`,
        });

        return json({ ok: true, url: session.url });
    } catch (err) {
        return json({ ok: false, error: String((err as any)?.message ?? err) }, 500);
    }
});
fix: implement stripe portal and upgrade button logic 2026-02-17 21:32:47 +00:00
			`/// <reference lib="deno.ns" />`
			`import Stripe from "npm:stripe@16.12.0";`

			`const STRIPE_SECRET_KEY = Deno.env.get("STRIPE_SECRET_KEY") ?? "";`
			`const SUPABASE_URL = Deno.env.get("SUPABASE_URL") ?? "";`
			`const SUPABASE_ANON_KEY = Deno.env.get("SUPABASE_ANON_KEY") ?? "";`
			`const SITE_URL = Deno.env.get("SITE_URL") ?? "http://localhost:3000";`

			`const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: "2025-11-17.clover" });`

			`const corsHeaders = {`
			`"access-control-allow-origin": "*",`
			`"access-control-allow-headers": "authorization, x-client-info, apikey, content-type",`
			`"access-control-allow-methods": "POST, OPTIONS",`
			`};`

			`function json(data: unknown, status = 200) {`
			`return new Response(JSON.stringify(data), {`
			`status,`
			`headers: { "content-type": "application/json", ...corsHeaders },`
			`});`
			`}`

			`async function getUserFromJwt(jwt: string) {`
			const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
			`headers: {`
			`apikey: SUPABASE_ANON_KEY,`
			authorization: `Bearer ${jwt}`,
			`},`
			`});`
			`if (!res.ok) return null;`
			`return await res.json();`
			`}`

			`async function getStripeCustomerId(userId: string) {`
			const res = await fetch(`${SUPABASE_URL}/rest/v1/stripe_customers?user_id=eq.${userId}&select=stripe_customer_id`, {
			`headers: {`
			`apikey: SUPABASE_ANON_KEY,`
			authorization: `Bearer ${SUPABASE_ANON_KEY}`,
			`},`
			`});`
			`if (!res.ok) return null;`
			`const rows = await res.json();`
			`return rows?.[0]?.stripe_customer_id;`
			`}`

			`Deno.serve(async (req) => {`
			`if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders });`
			`if (req.method !== "POST") return json({ ok: false, error: "Method not allowed" }, 405);`

			`try {`
			`const auth = req.headers.get("authorization") \|\| "";`
			`const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : "";`
			`if (!jwt) return json({ ok: false, error: "Missing Authorization" }, 401);`

			`const user = await getUserFromJwt(jwt);`
			`if (!user?.id) return json({ ok: false, error: "Invalid token" }, 401);`

			`const customerId = await getStripeCustomerId(user.id);`
			`if (!customerId) return json({ ok: false, error: "Customer not found" }, 404);`

			`const session = await stripe.billingPortal.sessions.create({`
			`customer: customerId,`
			return_url: `${SITE_URL}/dashboard`,
			`});`

			`return json({ ok: true, url: session.url });`
			`} catch (err) {`
			`return json({ ok: false, error: String((err as any)?.message ?? err) }, 500);`
			`}`
			`});`