login handling fixes

Author: yujonglee

Taskfile.yaml

@@ -104,6 +104,8 @@ tasks:
       - '[ -n "$GOOGLE_CLIENT_ID" ] && [ -n "$GOOGLE_CLIENT_SECRET" ] && dasel put -f supabase/config.toml -t string -v ''{{.GOOGLE_CLIENT_ID}}'' ''auth.external.google.client_id'' || true'
       - '[ -n "$GOOGLE_CLIENT_ID" ] && [ -n "$GOOGLE_CLIENT_SECRET" ] && dasel put -f supabase/config.toml -t string -v ''{{.GOOGLE_CLIENT_SECRET}}'' ''auth.external.google.secret'' || true'
       - '[ -n "$GOOGLE_CLIENT_ID" ] && [ -n "$GOOGLE_CLIENT_SECRET" ] && dasel put -f supabase/config.toml -t bool -v false ''auth.external.google.skip_nonce_check'' || true'
+      - dasel put -f supabase/config.toml -t bool -v true 'auth.hook.custom_access_token.enabled'
+      - dasel put -f supabase/config.toml -t string -v 'pg-functions://postgres/public/custom_access_token_hook' 'auth.hook.custom_access_token.uri'
       - dprint fmt supabase/config.toml
       - task: supabase-start:capture
       - supabase migration up --local

apps/api/src/integration/stripe-sync.ts

@@ -3,7 +3,9 @@ import { StripeSync } from "@supabase/stripe-sync-engine";
 import { env } from "../env";
 
 export const stripeSync = new StripeSync({
+  schema: "stripe",
   poolConfig: { connectionString: env.DATABASE_URL },
   stripeSecretKey: env.STRIPE_SECRET_KEY,
   stripeWebhookSecret: env.STRIPE_WEBHOOK_SECRET,
+  backfillRelatedEntities: true,
 });

apps/api/src/routes/llm.ts

@@ -138,6 +138,7 @@ llm.post(
 
       return c.json(response, 200);
     } catch (error) {
+      console.error(error);
       Metrics.upstreamLatency("openrouter", performance.now() - startTime);
       const isAPIError =
         error instanceof Error &&

apps/api/src/routes/webhook.ts

@@ -5,9 +5,9 @@ import { resolver, validator } from "hono-openapi/zod";
 import { z } from "zod";
 
 import { syncBillingBridge } from "../billing";
+import { env } from "../env";
 import type { AppBindings } from "../hono-bindings";
 import { stripeSync } from "../integration/stripe-sync";
-import { Metrics } from "../metrics";
 import { API_TAGS } from "./constants";
 
 const WebhookSuccessSchema = z.object({
@@ -69,12 +69,31 @@ webhook.post(
 
     try {
       await stripeSync.processWebhook(rawBody, signature);
+    } catch (error) {
+      if (env.NODE_ENV !== "production") {
+        console.error(error);
+      } else {
+        if (
+          error instanceof Error &&
+          error.message === "Unhandled webhook event"
+        ) {
+          // stripe-sync-engine doesn't support this event type, skip silently
+        } else {
+          Sentry.captureException(error, {
+            tags: { webhook: "stripe", event_type: stripeEvent.type },
+          });
+          return c.json({ error: "stripe_sync_failed" }, 500);
+        }
+      }
+    }
+
+    try {
       await syncBillingBridge(stripeEvent);
     } catch (error) {
       Sentry.captureException(error, {
         tags: { webhook: "stripe", event_type: stripeEvent.type },
       });
-      return c.json({ error: "stripe_billing_sync_failed" }, 500);
+      return c.json({ error: "billing_bridge_sync_failed" }, 500);
     }
 
     return c.json({ ok: true }, 200);

apps/desktop/src/auth.tsx

@@ -91,6 +91,7 @@ const AuthContext = createContext<{
   session: Session | null;
   signIn: () => Promise<void>;
   signOut: () => Promise<void>;
+  refreshSession: () => Promise<void>;
   handleAuthCallback: (url: string) => Promise<void>;
   getHeaders: () => Record<string, string> | null;
   getAvatarUrl: () => Promise<string>;
@@ -237,6 +238,20 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
     }
   };
 
+  const refreshSession = async () => {
+    if (!supabase) {
+      return;
+    }
+
+    const { data, error } = await supabase.auth.refreshSession();
+    if (error) {
+      return;
+    }
+    if (data.session) {
+      setSession(data.session);
+    }
+  };
+
   const getHeaders = useCallback(() => {
     if (!session) {
       return null;
@@ -267,6 +282,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
     supabase,
     signIn,
     signOut,
+    refreshSession,
     handleAuthCallback,
     getHeaders,
     getAvatarUrl,

apps/desktop/src/billing.tsx

@@ -25,15 +25,27 @@ export function BillingProvider({ children }: { children: ReactNode }) {
 
   const isPro = useMemo(() => {
     if (!auth?.session?.access_token) {
+      console.log("[BillingProvider] no access_token, isPro=false");
       return false;
     }
 
+    console.log(auth.session);
+
     try {
       const decoded = jwtDecode<{ is_pro?: boolean }>(
         auth.session.access_token,
       );
-      return decoded.is_pro ?? false;
-    } catch {
+      console.log(decoded);
+      const result = decoded.is_pro ?? false;
+      console.log(
+        "[BillingProvider] decoded JWT, is_pro claim:",
+        decoded.is_pro,
+        "-> isPro:",
+        result,
+      );
+      return result;
+    } catch (e) {
+      console.error("[BillingProvider] failed to decode JWT:", e);
       return false;
     }
   }, [auth?.session?.access_token]);

apps/desktop/src/components/main/sidebar/profile/auth.tsx

@@ -1,15 +1,10 @@
-import { LogIn, LogOut } from "lucide-react";
+import { LogIn } from "lucide-react";
 import { useCallback } from "react";
 
 import { commands as windowsCommands } from "@hypr/plugin-windows";
 import { Button } from "@hypr/ui/components/ui/button";
 
-type AuthSectionProps = {
-  isAuthenticated: boolean;
-  onSignOut: () => Promise<void> | void;
-};
-
-export function AuthSection({ isAuthenticated, onSignOut }: AuthSectionProps) {
+export function AuthSection({ isAuthenticated }: { isAuthenticated: boolean }) {
   const handleOpenAccount = useCallback(async () => {
     await windowsCommands.windowShow({ type: "settings" });
     await windowsCommands.windowNavigate(
@@ -19,18 +14,7 @@ export function AuthSection({ isAuthenticated, onSignOut }: AuthSectionProps) {
   }, []);
 
   if (isAuthenticated) {
-    return (
-      <div className="px-1 py-2">
-        <Button
-          onClick={() => onSignOut()}
-          variant="outline"
-          className="w-full"
-        >
-          <LogOut className="w-4 h-4 mr-2" />
-          Log out
-        </Button>
-      </div>
-    );
+    return null;
   }
 
   return (

apps/desktop/src/components/main/sidebar/profile/index.tsx

@@ -53,11 +53,6 @@ export function ProfileSection({ onExpandChange }: ProfileSectionProps = {}) {
     onExpandChange?.(isExpanded);
   }, [isExpanded, onExpandChange]);
 
-  const handleSignOut = useCallback(async () => {
-    await auth?.signOut();
-    closeMenu();
-  }, [auth, closeMenu]);
-
   useEffect(() => {
     if (!isExpanded && currentView !== "main") {
       const timer = setTimeout(() => {
@@ -206,10 +201,7 @@ export function ProfileSection({ onExpandChange }: ProfileSectionProps = {}) {
                         <MenuItem key={item.label} {...item} />
                       ))}
 
-                      <AuthSection
-                        isAuthenticated={isAuthenticated}
-                        onSignOut={handleSignOut}
-                      />
+                      <AuthSection isAuthenticated={isAuthenticated} />
                     </motion.div>
                   ) : (
                     <motion.div