♻️ Stripe Customer Portal (#1441)

apps/web/src/app/[locale]/(admin)/settings/billing/billing-page.tsx

@@ -38,7 +38,6 @@ const BillingPortal = () => {
       <div className="mt-6">
         <Button asChild>
           <Link
-            target="_blank"
             href={`/api/stripe/portal?return_path=${encodeURIComponent(
               window.location.pathname,
             )}`}

apps/web/src/app/api/stripe/portal/route.ts

@@ -0,0 +1,83 @@
+import { stripe } from "@rallly/billing";
+import { prisma } from "@rallly/database";
+import { absoluteUrl } from "@rallly/utils/absolute-url";
+import * as Sentry from "@sentry/nextjs";
+import type { NextRequest } from "next/server";
+import { NextResponse } from "next/server";
+
+import { getServerSession } from "@/auth";
+
+export async function GET(request: NextRequest) {
+  const sessionId = request.nextUrl.searchParams.get("session_id");
+  const returnPath = request.nextUrl.searchParams.get("return_path");
+
+  let customerId: string | undefined;
+
+  if (sessionId) {
+    try {
+      const session = await stripe.checkout.sessions.retrieve(sessionId);
+      if (typeof session.customer !== "string") {
+        Sentry.captureException(new Error("Invalid customer ID in session"));
+        return NextResponse.json(
+          { error: "Invalid customer ID in session" },
+          { status: 400 },
+        );
+      }
+      customerId = session.customer;
+    } catch (error) {
+      Sentry.captureException(error);
+      return NextResponse.json(
+        { error: "Failed to retrieve session" },
+        { status: 500 },
+      );
+    }
+  } else {
+    const userSession = await getServerSession();
+    if (!userSession || userSession.user.email === null) {
+      Sentry.captureException(new Error("User not logged in"));
+      return NextResponse.json(
+        { error: "User not logged in" },
+        { status: 400 },
+      );
+    }
+    try {
+      const user = await prisma.user.findUnique({
+        where: {
+          id: userSession.user.id,
+        },
+        select: {
+          customerId: true,
+        },
+      });
+      customerId = user?.customerId ?? undefined;
+    } catch (error) {
+      Sentry.captureException(error);
+      return NextResponse.json(
+        { error: "Failed to retrieve user" },
+        { status: 500 },
+      );
+    }
+  }
+
+  if (!customerId) {
+    Sentry.captureException(new Error("Session has no customer ID"));
+    return NextResponse.json(
+      { error: "Session has no customer ID" },
+      { status: 400 },
+    );
+  }
+
+  try {
+    const portalSession = await stripe.billingPortal.sessions.create({
+      customer: customerId,
+      return_url: returnPath ? absoluteUrl(returnPath) : undefined,
+    });
+    return NextResponse.redirect(portalSession.url);
+  } catch (error) {
+    Sentry.captureException(error);
+    return NextResponse.json(
+      { error: "Failed to create portal session" },
+      { status: 500 },
+    );
+  }
+}

apps/web/src/pages/api/stripe/portal.ts

@@ -1,62 +0,0 @@
-import { stripe } from "@rallly/billing";
-import { prisma } from "@rallly/database";
-import { absoluteUrl } from "@rallly/utils/absolute-url";
-import type { NextApiRequest, NextApiResponse } from "next";
-import { z } from "zod";
-
-import { getServerSession } from "@/auth";
-
-const inputSchema = z.object({
-  session_id: z.string().optional(),
-  return_path: z.string().optional(),
-});
-
-export default async function handler(
-  req: NextApiRequest,
-  res: NextApiResponse,
-) {
-  const userSession = await getServerSession(req, res);
-
-  if (!userSession?.user.email) {
-    // You need to be logged in to subscribe
-    res
-      .status(403)
-      .redirect(
-        `/login${req.url ? `?redirect=${encodeURIComponent(req.url)}` : ""}`,
-      );
-    return;
-  }
-
-  const user = await prisma.user.findUnique({
-    where: {
-      id: userSession.user.id,
-    },
-    select: {
-      email: true,
-      customerId: true,
-    },
-  });
-
-  if (!user) {
-    res.status(404).end();
-    return;
-  }
-
-  const { session_id: sessionId, return_path } = inputSchema.parse(req.query);
-
-  let customerId: string;
-
-  if (sessionId) {
-    const session = await stripe.checkout.sessions.retrieve(sessionId);
-    customerId = session.customer as string;
-  } else {
-    customerId = user.customerId as string;
-  }
-
-  const portalSession = await stripe.billingPortal.sessions.create({
-    customer: customerId,
-    return_url: absoluteUrl(return_path),
-  });
-
-  res.status(303).redirect(portalSession.url);
-}

packages/billing/package.json

@@ -3,8 +3,6 @@
   "version": "0.0.0",
   "private": true,
   "exports": {
-    "./server/*": "./src/server/*.tsx",
-    "./next": "./src/next/index.ts",
     ".": "./src/index.ts",
     "./*": "./src/*.ts"
   },

packages/database/prisma/seed.ts

@@ -126,7 +126,6 @@ async function main() {
       id: "pro-user",
       name: "Pro User",
       email: "dev+pro@rallly.co",
-      customerId: "cus_123",
       subscription: {
         create: {
           id: "sub_123",