feat: add Stripe webhook handling and update user subscriptions in Appwrite

Author: danieldanielecki

.env.example

@@ -15,6 +15,7 @@ NEXT_PUBLIC_STRIPE_PRICE_BYOK=price_...
 NEXT_PUBLIC_STRIPE_PRICE_DITECTREV=price_...
 NEXT_PUBLIC_STRIPE_PRICE_LOCAL=price_...
 STRIPE_SECRET_KEY=
+STRIPE_WEBHOOK_SECRET=
 
 # AI Provider Keys (for Ditectrev premium service)
 DITECTREV_OPENAI_KEY=sk-...

.github/workflows/azure-static-web-apps-kind-plant-0e80e5803.yml

@@ -1,83 +1,84 @@
-name: Azure Static Web Apps CI/CD
-
-on:
-  push:
-    branches:
-      - main
-      - 'feature/*'
-  pull_request:
-    types: [opened, synchronize, reopened, closed]
-    branches:
-      - main
-      - 'feature/*'
-
-jobs:
-  build_and_deploy_job:
-    if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
-    runs-on: ubuntu-latest
-    name: Build and Deploy Job
-    environment: ${{ github.ref == 'refs/heads/main' && 'Production' || 'Staging' }}
-    env:
-      # Google Analytics
-      NEXT_PUBLIC_GA_TRACKING_ID: ${{ secrets.NEXT_PUBLIC_GA_TRACKING_ID }}
-
-      # Appwrite Configuration (comes from environment secrets)
-      NEXT_PUBLIC_APPWRITE_ENDPOINT: ${{ secrets.NEXT_PUBLIC_APPWRITE_ENDPOINT }}
-      NEXT_PUBLIC_APPWRITE_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_PROJECT_ID }}
-      NEXT_PUBLIC_APPWRITE_API_KEY: ${{ secrets.NEXT_PUBLIC_APPWRITE_API_KEY }}
-      NEXT_PUBLIC_APPWRITE_DATABASE_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_ID }}
-      NEXT_PUBLIC_APPWRITE_DATABASE_NAME: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_NAME }}
-      NEXT_PUBLIC_APPWRITE_COLLECTION_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_COLLECTION_ID }}
-
-      # Stripe Configuration
-      # Note: Using NEXT_PUBLIC_ prefix is required for Azure Static Web Apps runtime access
-      # This is safe because it's only used in server-side API routes, never in client components
-      NEXT_PUBLIC_STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
-      # Stripe Price IDs (environment variables, distinguished per environment)
-      NEXT_PUBLIC_STRIPE_PRICE_ADS_FREE: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_ADS_FREE }}
-      NEXT_PUBLIC_STRIPE_PRICE_LOCAL: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_LOCAL }}
-      NEXT_PUBLIC_STRIPE_PRICE_BYOK: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_BYOK }}
-      NEXT_PUBLIC_STRIPE_PRICE_DITECTREV: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_DITECTREV }}
-
-      # Azure Cosmos DB Configuration (comes from environment secrets)
-      AZURE_COSMOSDB_ENDPOINT: ${{ secrets.AZURE_COSMOSDB_ENDPOINT }}
-      AZURE_COSMOSDB_KEY: ${{ secrets.AZURE_COSMOSDB_KEY }}
-      AZURE_COSMOSDB_DATABASE: ${{ secrets.AZURE_COSMOSDB_DATABASE }}
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          submodules: true
-      - name: Setup Node.js
-        uses: actions/setup-node@v2
-        with:
-          node-version: "20.x"
-        env:
-          NODE_VERSION: "20.x"
-      - name: Build And Deploy
-        id: builddeploy
-        uses: Azure/static-web-apps-deploy@v1
-        with:
-          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_KIND_PLANT_0E80E5803 }}
-          repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
-          action: "upload"
-          ###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
-          # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
-          app_location: "/" # App source code path
-          api_location: "" # Api source code path - optional
-          output_location: "" # Built app content directory - optional
-          app_build_command: "npm run build"
-          api_build_command: "rm -rf ./node_modules/@next/swc-* && rm -rf ./.next/cache"
-          production_branch: "main" # Only main branch goes to production (custom domain)
-          ###### End of Repository/Build Configurations ######
-
-  close_pull_request_job:
-    if: github.event_name == 'pull_request' && github.event.action == 'closed'
-    runs-on: ubuntu-latest
-    name: Close Pull Request Job
-    steps:
-      - name: Close Pull Request
-        id: closepullrequest
-        uses: Azure/static-web-apps-deploy@v1
-        with:
-          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_KIND_PLANT_0E80E5803 }}
-          action: "close"
+name: Azure Static Web Apps CI/CD
+
+on:
+  push:
+    branches:
+      - main
+      - 'feature/*'
+  pull_request:
+    types: [opened, synchronize, reopened, closed]
+    branches:
+      - main
+      - 'feature/*'
+
+jobs:
+  build_and_deploy_job:
+    if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed')
+    runs-on: ubuntu-latest
+    name: Build and Deploy Job
+    environment: ${{ github.ref == 'refs/heads/main' && 'Production' || 'Staging' }}
+    env:
+      # Google Analytics
+      NEXT_PUBLIC_GA_TRACKING_ID: ${{ secrets.NEXT_PUBLIC_GA_TRACKING_ID }}
+
+      # Appwrite Configuration (comes from environment secrets)
+      NEXT_PUBLIC_APPWRITE_ENDPOINT: ${{ secrets.NEXT_PUBLIC_APPWRITE_ENDPOINT }}
+      NEXT_PUBLIC_APPWRITE_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_PROJECT_ID }}
+      NEXT_PUBLIC_APPWRITE_API_KEY: ${{ secrets.NEXT_PUBLIC_APPWRITE_API_KEY }}
+      NEXT_PUBLIC_APPWRITE_DATABASE_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_ID }}
+      NEXT_PUBLIC_APPWRITE_DATABASE_NAME: ${{ secrets.NEXT_PUBLIC_APPWRITE_DATABASE_NAME }}
+      NEXT_PUBLIC_APPWRITE_COLLECTION_ID: ${{ secrets.NEXT_PUBLIC_APPWRITE_COLLECTION_ID }}
+
+      # Stripe Configuration
+      # Note: Using NEXT_PUBLIC_ prefix is required for Azure Static Web Apps runtime access
+      # This is safe because it's only used in server-side API routes, never in client components
+      NEXT_PUBLIC_STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
+      NEXT_PUBLIC_STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
+      # Stripe Price IDs (environment variables, distinguished per environment)
+      NEXT_PUBLIC_STRIPE_PRICE_ADS_FREE: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_ADS_FREE }}
+      NEXT_PUBLIC_STRIPE_PRICE_LOCAL: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_LOCAL }}
+      NEXT_PUBLIC_STRIPE_PRICE_BYOK: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_BYOK }}
+      NEXT_PUBLIC_STRIPE_PRICE_DITECTREV: ${{ vars.NEXT_PUBLIC_STRIPE_PRICE_DITECTREV }}
+
+      # Azure Cosmos DB Configuration (comes from environment secrets)
+      AZURE_COSMOSDB_ENDPOINT: ${{ secrets.AZURE_COSMOSDB_ENDPOINT }}
+      AZURE_COSMOSDB_KEY: ${{ secrets.AZURE_COSMOSDB_KEY }}
+      AZURE_COSMOSDB_DATABASE: ${{ secrets.AZURE_COSMOSDB_DATABASE }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: "20.x"
+        env:
+          NODE_VERSION: "20.x"
+      - name: Build And Deploy
+        id: builddeploy
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_KIND_PLANT_0E80E5803 }}
+          repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for Github integrations (i.e. PR comments)
+          action: "upload"
+          ###### Repository/Build Configurations - These values can be configured to match your app requirements. ######
+          # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
+          app_location: "/" # App source code path
+          api_location: "" # Api source code path - optional
+          output_location: "" # Built app content directory - optional
+          app_build_command: "npm run build"
+          api_build_command: "rm -rf ./node_modules/@next/swc-* && rm -rf ./.next/cache"
+          production_branch: "main" # Only main branch goes to production (custom domain)
+          ###### End of Repository/Build Configurations ######
+
+  close_pull_request_job:
+    if: github.event_name == 'pull_request' && github.event.action == 'closed'
+    runs-on: ubuntu-latest
+    name: Close Pull Request Job
+    steps:
+      - name: Close Pull Request
+        id: closepullrequest
+        uses: Azure/static-web-apps-deploy@v1
+        with:
+          azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_KIND_PLANT_0E80E5803 }}
+          action: "close"

app/api/profile/route.ts

@@ -1,28 +1,87 @@
 import { NextRequest, NextResponse } from "next/server";
+import { Client, Databases } from "node-appwrite";
 
-// Mock user data - replace with your actual database
-const mockUser = {
-  id: "user_123",
-  email: "[email protected]",
-  subscription: "free",
+// Initialize Appwrite client
+function getAppwriteClient() {
+  const client = new Client()
+    .setEndpoint(process.env.NEXT_PUBLIC_APPWRITE_ENDPOINT || "")
+    .setProject(process.env.NEXT_PUBLIC_APPWRITE_PROJECT_ID || "")
+    .setKey(process.env.NEXT_PUBLIC_APPWRITE_API_KEY || "");
+
+  return new Databases(client);
+}
+
+// Default user data structure
+const defaultUser = {
+  subscription: "free" as const,
   apiKeys: {
     openai: "",
     gemini: "",
     mistral: "",
     deepseek: "",
   },
   preferences: {
-    explanationProvider: "ollama",
+    explanationProvider: "ollama" as const,
   },
 };
 
 export async function GET(request: NextRequest) {
   try {
-    // TODO: Get user from authentication context
-    // const user = await getCurrentUser(request);
+    // TODO: Get user email from authentication context
+    // For now, we'll try to get it from query params or use a default
+    // In production, you should get this from your auth system
+    const email =
+      request.nextUrl.searchParams.get("email") || "[email protected]";
+
+    const DATABASE_ID = process.env.NEXT_PUBLIC_APPWRITE_DATABASE_ID;
+    const USERS_COLLECTION_ID = "users";
+
+    if (!DATABASE_ID) {
+      console.warn("Appwrite not configured, returning default user");
+      return NextResponse.json({
+        id: "default",
+        email,
+        ...defaultUser,
+      });
+    }
+
+    try {
+      const databases = getAppwriteClient();
+      const { Query } = await import("node-appwrite");
+
+      // Try to find user by email
+      const users = await databases.listDocuments(
+        DATABASE_ID,
+        USERS_COLLECTION_ID,
+        [Query.equal("email", email)],
+      );
 
-    // For now, return mock data
-    return NextResponse.json(mockUser);
+      if (users.documents.length > 0) {
+        const user = users.documents[0];
+        return NextResponse.json({
+          id: user.$id,
+          email: user.email || email,
+          subscription: user.subscription || defaultUser.subscription,
+          apiKeys: user.apiKeys || defaultUser.apiKeys,
+          preferences: user.preferences || defaultUser.preferences,
+        });
+      } else {
+        // User doesn't exist yet, return default
+        return NextResponse.json({
+          id: "new",
+          email,
+          ...defaultUser,
+        });
+      }
+    } catch (dbError: any) {
+      console.error("Database error:", dbError);
+      // Return default user on error
+      return NextResponse.json({
+        id: "error",
+        email,
+        ...defaultUser,
+      });
+    }
   } catch (error) {
     console.error("Error fetching profile:", error);
     return NextResponse.json(

app/api/stripe/create-checkout-session/route.ts

@@ -86,6 +86,7 @@ export async function POST(request: NextRequest) {
       cancel_url: `${baseUrl}/pricing?canceled=true`,
       allow_promotion_codes: true,
       billing_address_collection: "required",
+      customer_email: request.headers.get("x-user-email") || undefined, // Get from auth header if available
       metadata: {
         priceId: priceId.trim(),
       },