Web routes to cancel, change tier, create subscription, or get subscription info

jahooma · jahooma · commit 9184aa289c5e · 2026-01-28T14:44:11.000-08:00
diff --git a/common/src/constants/analytics-events.ts b/common/src/constants/analytics-events.ts
@@ -38,6 +38,7 @@ export enum AnalyticsEvent {
   SUBSCRIPTION_BLOCK_LIMIT_HIT = 'backend.subscription_block_limit_hit',
   SUBSCRIPTION_WEEKLY_LIMIT_HIT = 'backend.subscription_weekly_limit_hit',
   SUBSCRIPTION_CREDITS_MIGRATED = 'backend.subscription_credits_migrated',
+  SUBSCRIPTION_TIER_CHANGED = 'backend.subscription_tier_changed',
 
   // Web
   SIGNUP = 'web.signup',
diff --git a/packages/billing/src/subscription-webhooks.ts b/packages/billing/src/subscription-webhooks.ts
@@ -37,6 +37,14 @@ function getTierFromPriceId(priceId: string): SubscriptionTierPrice | null {
   return priceToTier[priceId] ?? null
 }
 
+const tierToPrice = Object.fromEntries(
+  Object.entries(priceToTier).map(([priceId, tier]) => [tier, priceId]),
+) as Partial<Record<SubscriptionTierPrice, string>>
+
+export function getTierPriceId(tier: SubscriptionTierPrice): string | null {
+  return tierToPrice[tier] ?? null
+}
+
 // ---------------------------------------------------------------------------
 // invoice.paid
 // ---------------------------------------------------------------------------
diff --git a/packages/billing/src/subscription.ts b/packages/billing/src/subscription.ts
@@ -485,6 +485,41 @@ export async function checkRateLimit(params: {
   }
 }
 
+// ---------------------------------------------------------------------------
+// Block grant expiration
+// ---------------------------------------------------------------------------
+
+export async function expireActiveBlockGrants(params: {
+  userId: string
+  subscriptionId: string
+  logger: Logger
+}): Promise<number> {
+  const { userId, subscriptionId, logger } = params
+  const now = new Date()
+
+  const expired = await db
+    .update(schema.creditLedger)
+    .set({ balance: 0, expires_at: now })
+    .where(
+      and(
+        eq(schema.creditLedger.user_id, userId),
+        eq(schema.creditLedger.type, 'subscription'),
+        gt(schema.creditLedger.expires_at, now),
+        gt(schema.creditLedger.balance, 0),
+      ),
+    )
+    .returning({ operation_id: schema.creditLedger.operation_id })
+
+  if (expired.length > 0) {
+    logger.info(
+      { userId, subscriptionId, expiredCount: expired.length },
+      'Expired active block grants for tier change',
+    )
+  }
+
+  return expired.length
+}
+
 // ---------------------------------------------------------------------------
 // Subscription lookup
 // ---------------------------------------------------------------------------
diff --git a/packages/billing/src/usage-service.ts b/packages/billing/src/usage-service.ts
@@ -9,16 +9,24 @@ import {
   calculateOrganizationUsageAndBalance,
   syncOrganizationBillingCycle,
 } from './org-billing'
+import { getActiveSubscription } from './subscription'
 
 import type { CreditBalance } from './balance-calculator'
 import type { Logger } from '@codebuff/common/types/contracts/logger'
 
+export interface SubscriptionInfo {
+  status: string
+  billingPeriodEnd: string
+  cancelAtPeriodEnd: boolean
+}
+
 export interface UserUsageData {
   usageThisCycle: number
   balance: CreditBalance
   nextQuotaReset: string
   autoTopupTriggered?: boolean
   autoTopupEnabled?: boolean
+  subscription?: SubscriptionInfo
 }
 
 export interface OrganizationUsageData {
@@ -79,12 +87,24 @@ export async function getUserUsageData(params: {
       isPersonalContext: true, // isPersonalContext: true to exclude organization credits
     })
 
+    // Check for active subscription
+    let subscription: SubscriptionInfo | undefined
+    const activeSub = await getActiveSubscription({ userId, logger })
+    if (activeSub) {
+      subscription = {
+        status: activeSub.status,
+        billingPeriodEnd: activeSub.billing_period_end.toISOString(),
+        cancelAtPeriodEnd: activeSub.cancel_at_period_end,
+      }
+    }
+
     return {
       usageThisCycle,
       balance,
       nextQuotaReset: quotaResetDate.toISOString(),
       autoTopupTriggered,
       autoTopupEnabled,
+      subscription,
     }
   } catch (error) {
     logger.error({ userId, error }, 'Error fetching user usage data')
diff --git a/packages/internal/src/env-schema.ts b/packages/internal/src/env-schema.ts
@@ -21,9 +21,9 @@ export const serverEnvSchema = clientEnvSchema.extend({
   STRIPE_WEBHOOK_SECRET_KEY: z.string().min(1),
   STRIPE_USAGE_PRICE_ID: z.string().min(1),
   STRIPE_TEAM_FEE_PRICE_ID: z.string().min(1),
-  STRIPE_SUBSCRIPTION_100_PRICE_ID: z.string().min(1).optional(),
-  STRIPE_SUBSCRIPTION_200_PRICE_ID: z.string().min(1).optional(),
-  STRIPE_SUBSCRIPTION_500_PRICE_ID: z.string().min(1).optional(),
+  STRIPE_SUBSCRIPTION_100_PRICE_ID: z.string().min(1),
+  STRIPE_SUBSCRIPTION_200_PRICE_ID: z.string().min(1),
+  STRIPE_SUBSCRIPTION_500_PRICE_ID: z.string().min(1),
   LOOPS_API_KEY: z.string().min(1),
   DISCORD_PUBLIC_KEY: z.string().min(1),
   DISCORD_BOT_TOKEN: z.string().min(1),
diff --git a/web/src/app/api/stripe/cancel-subscription/route.ts b/web/src/app/api/stripe/cancel-subscription/route.ts
@@ -0,0 +1,60 @@
+import { getActiveSubscription } from '@codebuff/billing'
+import db from '@codebuff/internal/db'
+import * as schema from '@codebuff/internal/db/schema'
+import { stripeServer } from '@codebuff/internal/util/stripe'
+import { eq } from 'drizzle-orm'
+import { NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
+
+import { authOptions } from '@/app/api/auth/[...nextauth]/auth-options'
+import { logger } from '@/util/logger'
+
+export async function POST() {
+  const session = await getServerSession(authOptions)
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const userId = session.user.id
+
+  const subscription = await getActiveSubscription({ userId, logger })
+  if (!subscription) {
+    return NextResponse.json(
+      { error: 'No active subscription found.' },
+      { status: 404 },
+    )
+  }
+
+  try {
+    await stripeServer.subscriptions.update(
+      subscription.stripe_subscription_id,
+      { cancel_at_period_end: true },
+    )
+
+    await db
+      .update(schema.subscription)
+      .set({ cancel_at_period_end: true, updated_at: new Date() })
+      .where(
+        eq(
+          schema.subscription.stripe_subscription_id,
+          subscription.stripe_subscription_id,
+        ),
+      )
+
+    logger.info(
+      { userId, subscriptionId: subscription.stripe_subscription_id },
+      'Subscription set to cancel at period end',
+    )
+
+    return NextResponse.json({ success: true })
+  } catch (error: unknown) {
+    const message =
+      (error as { raw?: { message?: string } })?.raw?.message ||
+      'Internal server error canceling subscription.'
+    logger.error(
+      { error: message, userId, subscriptionId: subscription.stripe_subscription_id },
+      'Failed to cancel subscription',
+    )
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}
diff --git a/web/src/app/api/stripe/change-subscription-tier/route.ts b/web/src/app/api/stripe/change-subscription-tier/route.ts
@@ -0,0 +1,161 @@
+import {
+  expireActiveBlockGrants,
+  getActiveSubscription,
+  getTierPriceId,
+} from '@codebuff/billing'
+import { trackEvent } from '@codebuff/common/analytics'
+import { AnalyticsEvent } from '@codebuff/common/constants/analytics-events'
+import { SUBSCRIPTION_TIERS } from '@codebuff/common/constants/subscription-plans'
+import db from '@codebuff/internal/db'
+import * as schema from '@codebuff/internal/db/schema'
+import { stripeServer } from '@codebuff/internal/util/stripe'
+import { eq } from 'drizzle-orm'
+import { NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
+
+import type { SubscriptionTierPrice } from '@codebuff/common/constants/subscription-plans'
+import type { NextRequest } from 'next/server'
+
+import { authOptions } from '@/app/api/auth/[...nextauth]/auth-options'
+import { logger } from '@/util/logger'
+
+export async function POST(req: NextRequest) {
+  const session = await getServerSession(authOptions)
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const userId = session.user.id
+
+  const user = await db.query.user.findFirst({
+    where: eq(schema.user.id, userId),
+    columns: { banned: true },
+  })
+
+  if (user?.banned) {
+    logger.warn({ userId }, 'Banned user attempted to change subscription tier')
+    return NextResponse.json(
+      { error: 'Your account has been suspended. Please contact support.' },
+      { status: 403 },
+    )
+  }
+
+  const body = await req.json().catch(() => null)
+  const rawTier = Number(body?.tier)
+  if (!rawTier || !(rawTier in SUBSCRIPTION_TIERS)) {
+    return NextResponse.json(
+      { error: 'Invalid tier. Must be 100, 200, or 500.' },
+      { status: 400 },
+    )
+  }
+  const tier = rawTier as SubscriptionTierPrice
+
+  const subscription = await getActiveSubscription({ userId, logger })
+  if (!subscription) {
+    return NextResponse.json(
+      { error: 'No active subscription found.' },
+      { status: 404 },
+    )
+  }
+
+  const previousTier = subscription.tier
+  if (previousTier === tier) {
+    return NextResponse.json(
+      { error: 'Already on the requested tier.' },
+      { status: 400 },
+    )
+  }
+
+  const newPriceId = getTierPriceId(tier)
+  if (!newPriceId) {
+    return NextResponse.json(
+      { error: 'Subscription tier not available' },
+      { status: 503 },
+    )
+  }
+
+  try {
+    const stripeSub = await stripeServer.subscriptions.retrieve(
+      subscription.stripe_subscription_id,
+    )
+    const itemId = stripeSub.items.data[0]?.id
+    if (!itemId) {
+      logger.error(
+        { userId, subscriptionId: subscription.stripe_subscription_id },
+        'Stripe subscription has no items',
+      )
+      return NextResponse.json(
+        { error: 'Subscription configuration error.' },
+        { status: 500 },
+      )
+    }
+
+    await stripeServer.subscriptions.update(
+      subscription.stripe_subscription_id,
+      {
+        items: [{ id: itemId, price: newPriceId }],
+        proration_behavior: 'create_prorations',
+      },
+    )
+
+    try {
+      await Promise.all([
+        db
+          .update(schema.subscription)
+          .set({ tier, stripe_price_id: newPriceId, updated_at: new Date() })
+          .where(
+            eq(
+              schema.subscription.stripe_subscription_id,
+              subscription.stripe_subscription_id,
+            ),
+          ),
+        expireActiveBlockGrants({
+          userId,
+          subscriptionId: subscription.stripe_subscription_id,
+          logger,
+        }),
+      ])
+    } catch (dbError) {
+      logger.error(
+        { error: dbError, userId, subscriptionId: subscription.stripe_subscription_id },
+        'DB update failed after Stripe tier change — webhook will reconcile',
+      )
+    }
+
+    trackEvent({
+      event: AnalyticsEvent.SUBSCRIPTION_TIER_CHANGED,
+      userId,
+      properties: {
+        subscriptionId: subscription.stripe_subscription_id,
+        previousTier,
+        newTier: tier,
+      },
+      logger,
+    })
+
+    logger.info(
+      {
+        userId,
+        subscriptionId: subscription.stripe_subscription_id,
+        previousTier,
+        newTier: tier,
+      },
+      'Subscription tier changed',
+    )
+
+    return NextResponse.json({ success: true, previousTier, newTier: tier })
+  } catch (error: unknown) {
+    const message = error instanceof Error
+      ? error.message
+      : 'Internal server error changing subscription tier.'
+    logger.error(
+      {
+        error,
+        userId,
+        subscriptionId: subscription.stripe_subscription_id,
+      },
+      'Failed to change subscription tier',
+    )
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}
diff --git a/web/src/app/api/stripe/create-subscription/route.ts b/web/src/app/api/stripe/create-subscription/route.ts
diff --git a/web/src/app/api/user/subscription/route.ts b/web/src/app/api/user/subscription/route.ts
