/// import Stripe from "https://esm.sh/stripe@16.12.0?target=deno"; const STRIPE_SECRET_KEY = Deno.env.get("STRIPE_SECRET_KEY")!; const SUPABASE_URL = Deno.env.get("SUPABASE_URL")!; const SUPABASE_ANON_KEY = Deno.env.get("SUPABASE_ANON_KEY")!; const SITE_URL = Deno.env.get("SITE_URL")!; // ✅ seus PRICE IDs (recorrentes) const PRICE_MENSAL = "price_1SeOVpPHwVDouhbBWZj9beS3"; const PRICE_TRIMESTRAL = "price_1SeOeXPHwVDouhbBcaiUy3vu"; const PRICE_ANUAL = "price_1SeOg4PHwVDouhbBTEiUPhMl"; const stripe = new Stripe(STRIPE_SECRET_KEY, { apiVersion: "2025-11-17.clover" }); const corsHeaders = { "access-control-allow-origin": "*", "access-control-allow-headers": "authorization, x-client-info, apikey, content-type", "access-control-allow-methods": "POST, OPTIONS", }; function json(data: unknown, status = 200) { return new Response(JSON.stringify(data), { status, headers: { "content-type": "application/json", ...corsHeaders }, }); } async function getUserFromJwt(jwt: string) { const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, { headers: { apikey: SUPABASE_ANON_KEY, authorization: `Bearer ${jwt}`, }, }); if (!res.ok) return null; return await res.json(); } function assertBaseUrl(raw: string, name: string) { let u: URL; try { u = new URL(raw); } catch { throw new Error(`${name} inválida. Use https://... (ex: https://foodsnap.com.br)`); } if (u.protocol !== "https:" && u.hostname !== "localhost") { throw new Error(`${name} deve ser https:// (ou localhost em dev)`); } return u; } function normalizePlan(planRaw: unknown) { const p = String(planRaw ?? "").toLowerCase().trim(); if (p === "mensal" || p === "monthly") return "mensal"; if (p === "trimestral" || p === "quarterly") return "trimestral"; if (p === "anual" || p === "annual" || p === "yearly") return "anual"; return ""; } function priceIdForPlan(plan: string) { if (plan === "mensal") return PRICE_MENSAL; if (plan === "trimestral") return PRICE_TRIMESTRAL; if (plan === "anual") return PRICE_ANUAL; return null; } Deno.serve(async (req) => { if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders }); if (req.method !== "POST") return json({ ok: false, error: "Method not allowed" }, 405); try { if (!STRIPE_SECRET_KEY) return json({ ok: false, error: "Missing STRIPE_SECRET_KEY" }, 500); if (!SUPABASE_URL) return json({ ok: false, error: "Missing SUPABASE_URL" }, 500); if (!SUPABASE_ANON_KEY) return json({ ok: false, error: "Missing SUPABASE_ANON_KEY" }, 500); if (!SITE_URL) return json({ ok: false, error: "Missing SITE_URL" }, 500); const site = assertBaseUrl(SITE_URL, "SITE_URL"); const auth = req.headers.get("authorization") || ""; const jwt = auth.startsWith("Bearer ") ? auth.slice(7) : ""; if (!jwt) return json({ ok: false, error: "Missing Authorization Bearer token" }, 401); const user = await getUserFromJwt(jwt); if (!user?.id) return json({ ok: false, error: "Invalid token" }, 401); const body = await req.json().catch(() => ({})); const plan = normalizePlan(body?.plan); if (!plan) return json({ ok: false, error: "Plano inválido. Use: mensal|trimestral|anual" }, 400); const priceId = priceIdForPlan(plan); if (!priceId) return json({ ok: false, error: "Price não configurado para este plano" }, 500); // ✅ garante que é recorrente const price = await stripe.prices.retrieve(priceId); const isRecurring = (price as any)?.type === "recurring" || !!(price as any)?.recurring; if (!isRecurring) { return json( { ok: false, error: `O price ${priceId} não é recorrente. Precisa ser Recurring para subscription.` }, 400, ); } const successUrl = new URL("/dashboard?checkout=success", site).toString(); const cancelUrl = new URL("/dashboard?checkout=cancel", site).toString(); const session = await stripe.checkout.sessions.create({ mode: "subscription", line_items: [{ price: priceId, quantity: 1 }], success_url: successUrl, cancel_url: cancelUrl, // ✅ amarra no usuário customer_email: user.email ?? undefined, metadata: { user_id: user.id, plan_code: plan }, subscription_data: { metadata: { user_id: user.id, plan_code: plan } }, }); return json({ ok: true, url: session.url, plan, priceId }); } catch (err) { console.error("stripe-checkout error:", err); return json({ ok: false, error: String((err as any)?.message ?? err) }, 500); } });