fix: images, couverture, slash, agents, wizard, Stripe et admin
- Collage/accès images: ownership path userId + meta legacy, 403 non caché - Couverture note: explicite (choix/aucune), plus d’auto depuis le corps - Éditeur: suppression image TipTap, sync immédiate, toolbar réordonnée - Slash: listes par titre (plus d’index), keywords nettoyés - Agents: nextRun à la réactivation, cron sans stampede null - Wizard: titres courts + mode Expert plus robuste - Stripe checkout hosted fiable; admin métriques live; dark mode IA/settings - Indexation notes courtes + test unit aligné
This commit is contained in:
@@ -1,13 +1,15 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { auth } from '@/auth';
|
||||
import { stripe } from '@/lib/stripe';
|
||||
import { resolvePriceId } from '@/lib/billing/stripe-prices';
|
||||
import { isBillingEnabled, resolvePriceId } from '@/lib/billing/stripe-prices';
|
||||
import { prisma } from '@/lib/prisma';
|
||||
import { z } from 'zod';
|
||||
|
||||
const bodySchema = z.object({
|
||||
tier: z.enum(['PRO', 'BUSINESS']),
|
||||
interval: z.enum(['month', 'year']),
|
||||
/** Prefer hosted redirect when embedded checkout is unavailable */
|
||||
mode: z.enum(['hosted', 'embedded']).optional(),
|
||||
});
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
@@ -16,17 +18,46 @@ export async function POST(req: NextRequest) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
if (!(await isBillingEnabled())) {
|
||||
return NextResponse.json({ error: 'Billing is not enabled' }, { status: 403 });
|
||||
}
|
||||
|
||||
const secret = process.env.STRIPE_SECRET_KEY;
|
||||
if (!secret || secret === 'sk_test_placeholder') {
|
||||
return NextResponse.json(
|
||||
{ error: 'Stripe is not configured (STRIPE_SECRET_KEY missing)' },
|
||||
{ status: 503 },
|
||||
);
|
||||
}
|
||||
|
||||
const parsed = bodySchema.safeParse(await req.json());
|
||||
if (!parsed.success) {
|
||||
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 });
|
||||
}
|
||||
|
||||
const { tier, interval } = parsed.data;
|
||||
const preferredMode = parsed.data.mode ?? 'hosted';
|
||||
const userId = session.user.id;
|
||||
const userEmail = session.user.email;
|
||||
|
||||
try {
|
||||
const priceId = await resolvePriceId(tier, interval);
|
||||
let priceId: string;
|
||||
try {
|
||||
priceId = await resolvePriceId(tier, interval);
|
||||
} catch (e) {
|
||||
console.error('[billing/create-checkout] price resolve failed:', e);
|
||||
return NextResponse.json(
|
||||
{ error: 'Stripe price IDs not configured. Set them in Admin > Billing.' },
|
||||
{ status: 503 },
|
||||
);
|
||||
}
|
||||
|
||||
if (priceId.startsWith('price_mock_')) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Stripe price IDs not configured. Set them in Admin > Billing.' },
|
||||
{ status: 503 },
|
||||
);
|
||||
}
|
||||
|
||||
const subscription = await prisma.subscription.findUnique({ where: { userId } });
|
||||
let customerId = subscription?.stripeCustomerId ?? undefined;
|
||||
@@ -41,8 +72,7 @@ export async function POST(req: NextRequest) {
|
||||
metadata: { userId },
|
||||
});
|
||||
customerId = customer.id;
|
||||
|
||||
// Update DB to save the real Stripe customer ID
|
||||
|
||||
await prisma.subscription.upsert({
|
||||
where: { userId },
|
||||
update: { stripeCustomerId: customerId },
|
||||
@@ -52,8 +82,8 @@ export async function POST(req: NextRequest) {
|
||||
tier: 'BASIC',
|
||||
status: 'ACTIVE',
|
||||
currentPeriodStart: new Date(),
|
||||
currentPeriodEnd: new Date(Date.now() + 30 * 24 * 3600 * 1000), // temp basic dates
|
||||
}
|
||||
currentPeriodEnd: new Date(Date.now() + 30 * 24 * 3600 * 1000),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
@@ -61,29 +91,51 @@ export async function POST(req: NextRequest) {
|
||||
const proto = req.headers.get('x-forwarded-proto') ?? 'http';
|
||||
const origin = `${proto}://${host}`;
|
||||
|
||||
const sessionParams = {
|
||||
// Hosted Checkout is the most reliable path (redirect). Embedded is optional.
|
||||
if (preferredMode === 'embedded') {
|
||||
try {
|
||||
const embedded = await stripe.checkout.sessions.create({
|
||||
customer: customerId,
|
||||
mode: 'subscription',
|
||||
line_items: [{ price: priceId, quantity: 1 }],
|
||||
ui_mode: 'embedded' as any,
|
||||
return_url: `${origin}/settings/billing?session_id={CHECKOUT_SESSION_ID}`,
|
||||
metadata: { userId, tier },
|
||||
subscription_data: { metadata: { userId, tier } },
|
||||
customer_update: { address: 'auto' },
|
||||
allow_promotion_codes: true,
|
||||
} as any);
|
||||
if (embedded.client_secret) {
|
||||
return NextResponse.json({
|
||||
clientSecret: embedded.client_secret,
|
||||
sessionId: embedded.id,
|
||||
});
|
||||
}
|
||||
} catch (embeddedErr) {
|
||||
console.warn('[billing/create-checkout] embedded failed, falling back to hosted:', embeddedErr);
|
||||
}
|
||||
}
|
||||
|
||||
const checkoutSession = await stripe.checkout.sessions.create({
|
||||
customer: customerId,
|
||||
mode: 'subscription' as const,
|
||||
mode: 'subscription',
|
||||
line_items: [{ price: priceId, quantity: 1 }],
|
||||
ui_mode: 'embedded_page',
|
||||
return_url: `${origin}/settings/billing?session_id={CHECKOUT_SESSION_ID}`,
|
||||
success_url: `${origin}/settings/billing?session_id={CHECKOUT_SESSION_ID}`,
|
||||
cancel_url: `${origin}/settings/billing?canceled=1`,
|
||||
metadata: { userId, tier },
|
||||
subscription_data: { metadata: { userId, tier } },
|
||||
customer_update: { address: 'auto' },
|
||||
allow_promotion_codes: true,
|
||||
};
|
||||
const checkoutSession = await stripe.checkout.sessions.create(sessionParams as any);
|
||||
});
|
||||
|
||||
if (checkoutSession.client_secret) {
|
||||
return NextResponse.json({
|
||||
clientSecret: checkoutSession.client_secret,
|
||||
sessionId: checkoutSession.id,
|
||||
});
|
||||
if (!checkoutSession.url) {
|
||||
return NextResponse.json({ error: 'Checkout session has no URL' }, { status: 500 });
|
||||
}
|
||||
|
||||
return NextResponse.json({ url: checkoutSession.url });
|
||||
return NextResponse.json({ url: checkoutSession.url, sessionId: checkoutSession.id });
|
||||
} catch (error) {
|
||||
console.error('[billing/create-checkout]', error);
|
||||
return NextResponse.json({ error: 'Failed to create checkout session' }, { status: 500 });
|
||||
const msg = error instanceof Error ? error.message : 'Failed to create checkout session';
|
||||
return NextResponse.json({ error: msg }, { status: 500 });
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user