tenseleyflow/shithub / 3c68bbc

+	// BillingWebhookMounter registers the Stripe webhook receiver at

+	// /stripe/webhook. It lives in the public, CSRF-exempt group and is

+	// mounted only when billing is enabled and fully configured.

+	BillingWebhookMounter func(chi.Router)

+		if deps.BillingWebhookMounter != nil {

+			deps.BillingWebhookMounter(r)

+		}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs

+

+import (

+	"fmt"

+	"net/http"

+	"net/url"

+	"strings"

+	"time"

+

+	orgbilling "github.com/tenseleyFlow/shithub/internal/billing"

+	billingdb "github.com/tenseleyFlow/shithub/internal/billing/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/billing/stripebilling"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+type billingSummaryItem struct {

+	Label  string

+	Value  string

+	Detail string

+}

+

+type billingInvoiceView struct {

+	Number           string

+	StatusLabel      string

+	StatusClass      string

+	AmountLabel      string

+	PeriodLabel      string

+	DueLabel         string

+	HostedInvoiceURL string

+	InvoicePDFURL    string

+}

+

+func (h *Handlers) settingsBilling(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	h.renderSettingsBilling(w, r, org, "", billingNotice(r.URL.Query().Get("notice")))

+}

+

+func (h *Handlers) billingCheckout(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	if !h.billingConfigured() {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	state, err := orgbilling.GetOrgBillingState(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: load state for checkout", "org_id", org.ID, "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	state, err = h.ensureStripeCustomer(r, org, state)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: ensure stripe customer", "org_id", org.ID, "error", err)

+		h.renderSettingsBilling(w, r, org, "Could not start checkout right now.", "")

+		return

+	}

+	seats, err := orgbilling.CountBillableOrgMembers(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: count seats", "org_id", org.ID, "error", err)

+		h.renderSettingsBilling(w, r, org, "Could not calculate billable seats right now.", "")

+		return

+	}

+	session, err := h.d.Stripe.CreateCheckoutSession(r.Context(), stripebilling.CheckoutInput{

+		OrgID:      org.ID,

+		OrgSlug:    org.Slug,

+		CustomerID: state.StripeCustomerID.String,

+		SeatCount:  int64(seats),

+		SuccessURL: h.billingReturnURL(org.Slug, h.d.StripeSuccessURL, "/organizations/"+org.Slug+"/billing/success"),

+		CancelURL:  h.billingReturnURL(org.Slug, h.d.StripeCancelURL, "/organizations/"+org.Slug+"/billing/cancel"),

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: create checkout session", "org_id", org.ID, "error", err)

+		h.renderSettingsBilling(w, r, org, "Could not create the Stripe checkout session.", "")

+		return

+	}

+	http.Redirect(w, r, session.URL, http.StatusSeeOther)

+}

+

+func (h *Handlers) billingPortal(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	if !h.billingConfigured() {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+	state, err := orgbilling.GetOrgBillingState(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: load state for portal", "org_id", org.ID, "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	if !state.StripeCustomerID.Valid || strings.TrimSpace(state.StripeCustomerID.String) == "" {

+		h.renderSettingsBilling(w, r, org, "Billing portal is unavailable until this organization has a Stripe customer record.", "")

+		return

+	}

+	session, err := h.d.Stripe.CreatePortalSession(r.Context(), stripebilling.PortalInput{

+		CustomerID: state.StripeCustomerID.String,

+		ReturnURL:  h.billingReturnURL(org.Slug, h.d.StripePortalReturnURL, orgBillingSettingsPath(org.Slug)),

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: create portal session", "org_id", org.ID, "error", err)

+		h.renderSettingsBilling(w, r, org, "Could not open the Stripe billing portal right now.", "")

+		return

+	}

+	http.Redirect(w, r, session.URL, http.StatusSeeOther)

+}

+

+func (h *Handlers) billingSuccess(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	http.Redirect(w, r, orgBillingSettingsPath(org.Slug)+"?notice=checkout-success", http.StatusSeeOther)

+}

+

+func (h *Handlers) billingCancel(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.loadOrgSettingsOwner(w, r)

+	if !ok {

+		return

+	}

+	http.Redirect(w, r, orgBillingSettingsPath(org.Slug)+"?notice=checkout-canceled", http.StatusSeeOther)

+}

+

+func (h *Handlers) renderSettingsBilling(w http.ResponseWriter, r *http.Request, org orgsdb.Org, errMsg, notice string) {

+	state, err := orgbilling.GetOrgBillingState(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: load state", "org_id", org.ID, "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	memberCount, err := orgbilling.CountBillableOrgMembers(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.WarnContext(r.Context(), "org billing: count members", "org_id", org.ID, "error", err)

+		memberCount = int(state.BillableSeats)

+	}

+	invoices, err := orgbilling.ListInvoicesForOrg(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID, 10)

+	if err != nil {

+		h.d.Logger.WarnContext(r.Context(), "org billing: list invoices", "org_id", org.ID, "error", err)

+		invoices = nil

+	}

+	_ = h.d.Render.RenderPage(w, r, "orgs/settings_billing", map[string]any{

+		"Title":                 org.Slug + " - billing and plans",

+		"CSRFToken":             middleware.CSRFTokenForRequest(r),

+		"Org":                   org,

+		"AvatarURL":             "/avatars/" + url.PathEscape(org.Slug),

+		"ActiveOrgNav":          "settings",

+		"OrgSettingsActive":     "billing",

+		"BillingEnabled":        h.d.BillingEnabled,

+		"Error":                 errMsg,

+		"Notice":                notice,

+		"Summary":               billingSummary(state, memberCount),

+		"CanStartCheckout":      h.billingConfigured(),

+		"CanManageSubscription": h.billingConfigured() && state.StripeCustomerID.Valid && strings.TrimSpace(state.StripeCustomerID.String) != "",

+		"GracePeriodLabel":      formatGracePeriod(h.d.BillingGracePeriod),

+		"Invoices":              billingInvoiceViews(invoices),

+	})

+}

+

+func (h *Handlers) ensureStripeCustomer(r *http.Request, org orgsdb.Org, state orgbilling.State) (orgbilling.State, error) {

+	if state.StripeCustomerID.Valid && strings.TrimSpace(state.StripeCustomerID.String) != "" {

+		return state, nil

+	}

+	customer, err := h.d.Stripe.CreateCustomer(r.Context(), stripebilling.CustomerInput{

+		OrgID:   org.ID,

+		OrgSlug: org.Slug,

+		OrgName: strings.TrimSpace(org.DisplayName),

+		Email:   strings.TrimSpace(org.BillingEmail),

+	})

+	if err != nil {

+		return orgbilling.State{}, err

+	}

+	return orgbilling.SetStripeCustomer(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID, customer.ID)

+}

+

+func (h *Handlers) billingReturnURL(orgSlug, overrideURL, fallbackPath string) string {

+	overrideURL = strings.TrimSpace(overrideURL)

+	if overrideURL != "" {

+		return strings.ReplaceAll(overrideURL, "{org}", url.PathEscape(orgSlug))

+	}

+	base, err := url.Parse(strings.TrimRight(h.d.BaseURL, "/") + "/")

+	if err != nil {

+		return ""

+	}

+	rel, err := url.Parse(strings.TrimLeft(fallbackPath, "/"))

+	if err != nil {

+		return ""

+	}

+	return base.ResolveReference(rel).String()

+}

+

+func orgBillingSettingsPath(slug string) string {

+	return "/organizations/" + slug + "/settings/billing"

+}

+

+func billingNotice(code string) string {

+	switch code {

+	case "checkout-success":

+		return "Checkout completed. Stripe will finish provisioning as webhook events arrive."

+	case "checkout-canceled":

+		return "Checkout canceled."

+	default:

+		return ""

+	}

+}

+

+func billingSummary(state orgbilling.State, memberCount int) []billingSummaryItem {

+	summary := []billingSummaryItem{

+		{

+			Label:  "Current plan",

+			Value:  billingPlanLabel(state.Plan),

+			Detail: billingPlanDetail(state),

+		},

+		{

+			Label:  "Subscription",

+			Value:  billingStatusLabel(state.SubscriptionStatus),

+			Detail: billingStatusDetail(state),

+		},

+		{

+			Label:  "Billable members",

+			Value:  fmt.Sprintf("%d", memberCount),

+			Detail: billingSeatDetail(state),

+		},

+		{

+			Label:  "Payment source",

+			Value:  billingPaymentSourceLabel(state),

+			Detail: billingPaymentSourceDetail(state),

+		},

+	}

+	return summary

+}

+

+func billingPlanLabel(plan orgbilling.Plan) string {

+	switch plan {

+	case orgbilling.PlanTeam:

+		return "Team"

+	case orgbilling.PlanEnterprise:

+		return "Enterprise"

+	default:

+		return "Free"

+	}

+}

+

+func billingPlanDetail(state orgbilling.State) string {

+	if state.CurrentPeriodEnd.Valid {

+		label := "Current period ends"

+		if state.CancelAtPeriodEnd {

+			label = "Scheduled to cancel at period end"

+		}

+		return label + " " + state.CurrentPeriodEnd.Time.Format("Jan 2, 2006")

+	}

+	if state.Plan == orgbilling.PlanFree {

+		return "No active paid subscription."

+	}

+	return ""

+}

+

+func billingStatusLabel(status orgbilling.SubscriptionStatus) string {

+	switch status {

+	case orgbilling.SubscriptionStatusActive:

+		return "Active"

+	case orgbilling.SubscriptionStatusTrialing:

+		return "Trialing"

+	case orgbilling.SubscriptionStatusIncomplete:

+		return "Incomplete"

+	case orgbilling.SubscriptionStatusPastDue:

+		return "Past due"

+	case orgbilling.SubscriptionStatusCanceled:

+		return "Canceled"

+	case orgbilling.SubscriptionStatusUnpaid:

+		return "Unpaid"

+	case orgbilling.SubscriptionStatusPaused:

+		return "Paused"

+	default:

+		return "No subscription"

+	}

+}

+

+func billingStatusDetail(state orgbilling.State) string {

+	if state.GraceUntil.Valid {

+		return "Grace period until " + state.GraceUntil.Time.Format("Jan 2, 2006")

+	}

+	if state.CanceledAt.Valid {

+		return "Canceled " + state.CanceledAt.Time.Format("Jan 2, 2006")

+	}

+	if state.TrialEnd.Valid {

+		return "Trial ends " + state.TrialEnd.Time.Format("Jan 2, 2006")

+	}

+	return ""

+}

+

+func billingSeatDetail(state orgbilling.State) string {

+	if state.SeatSnapshotAt.Valid {

+		return fmt.Sprintf("Latest billed seat snapshot: %d captured %s", state.BillableSeats, state.SeatSnapshotAt.Time.Format("Jan 2, 2006"))

+	}

+	if state.BillableSeats > 0 {

+		return fmt.Sprintf("Latest billed seat snapshot: %d", state.BillableSeats)

+	}

+	return "Seat sync has not recorded a snapshot yet."

+}

+

+func billingPaymentSourceLabel(state orgbilling.State) string {

+	if state.StripeCustomerID.Valid && strings.TrimSpace(state.StripeCustomerID.String) != "" {

+		return "Stripe customer connected"

+	}

+	return "Not connected"

+}

+

+func billingPaymentSourceDetail(state orgbilling.State) string {

+	if state.StripeCustomerID.Valid && strings.TrimSpace(state.StripeCustomerID.String) != "" {

+		return state.StripeCustomerID.String

+	}

+	return "Checkout creates a customer record the first time this organization upgrades."

+}

+

+func billingInvoiceViews(invoices []billingdb.BillingInvoice) []billingInvoiceView {

+	items := make([]billingInvoiceView, 0, len(invoices))

+	for _, inv := range invoices {

+		number := strings.TrimSpace(inv.Number)

+		if number == "" {

+			number = inv.StripeInvoiceID

+		}

+		items = append(items, billingInvoiceView{

+			Number:           number,

+			StatusLabel:      billingInvoiceStatusLabel(inv.Status),

+			StatusClass:      strings.ReplaceAll(strings.ToLower(string(inv.Status)), "_", "-"),

+			AmountLabel:      formatCurrencyAmount(inv.Currency, inv.AmountDueCents),

+			PeriodLabel:      billingPeriodLabel(inv),

+			DueLabel:         billingDueLabel(inv),

+			HostedInvoiceURL: strings.TrimSpace(inv.HostedInvoiceUrl),

+			InvoicePDFURL:    strings.TrimSpace(inv.InvoicePdfUrl),

+		})

+	}

+	return items

+}

+

+func billingInvoiceStatusLabel(status orgbilling.InvoiceStatus) string {

+	switch status {

+	case orgbilling.InvoiceStatusOpen:

+		return "Open"

+	case orgbilling.InvoiceStatusPaid:

+		return "Paid"

+	case orgbilling.InvoiceStatusVoid:

+		return "Void"

+	case orgbilling.InvoiceStatusUncollectible:

+		return "Uncollectible"

+	default:

+		return "Draft"

+	}

+}

+

+func billingPeriodLabel(inv billingdb.BillingInvoice) string {

+	if inv.PeriodStart.Valid && inv.PeriodEnd.Valid {

+		return inv.PeriodStart.Time.Format("Jan 2, 2006") + " - " + inv.PeriodEnd.Time.Format("Jan 2, 2006")

+	}

+	return "—"

+}

+

+func billingDueLabel(inv billingdb.BillingInvoice) string {

+	switch {

+	case inv.PaidAt.Valid:

+		return "Paid " + inv.PaidAt.Time.Format("Jan 2, 2006")

+	case inv.VoidedAt.Valid:

+		return "Voided " + inv.VoidedAt.Time.Format("Jan 2, 2006")

+	case inv.DueAt.Valid:

+		return inv.DueAt.Time.Format("Jan 2, 2006")

+	default:

+		return "—"

+	}

+}

+

+func formatGracePeriod(d time.Duration) string {

+	if d <= 0 {

+		return "No grace period"

+	}

+	if d%(24*time.Hour) == 0 {

+		days := int(d / (24 * time.Hour))

+		if days == 1 {

+			return "1 day"

+		}

+		return fmt.Sprintf("%d days", days)

+	}

+	return d.String()

+}

+

+func formatCurrencyAmount(currency string, cents int64) string {

+	currency = strings.ToUpper(strings.TrimSpace(currency))

+	sign := ""

+	if cents < 0 {

+		sign = "-"

+		cents = -cents

+	}

+	major := cents / 100

+	minor := cents % 100

+	if currency == "" {

+		currency = "USD"

+	}

+	return fmt.Sprintf("%s$%d.%02d %s", sign, major, minor, currency)

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs_test

+

+import (

+	"context"

+	"encoding/json"

+	"io"

+	"log/slog"

+	"net/http"

+	"net/http/httptest"

+	"net/url"

+	"strconv"

+	"strings"

+	"testing"

+	"testing/fstest"

+	"time"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5/pgxpool"

+	stripeapi "github.com/stripe/stripe-go/v85"

+

+	orgbilling "github.com/tenseleyFlow/shithub/internal/billing"

+	billingdb "github.com/tenseleyFlow/shithub/internal/billing/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/billing/stripebilling"

+	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"

+	orgsh "github.com/tenseleyFlow/shithub/internal/web/handlers/orgs"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+func TestOrgBillingCheckoutRedirectsToStripeAndCreatesCustomer(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	fake := &fakeStripeRemote{

+		createCustomerFn: func(_ context.Context, in stripebilling.CustomerInput) (stripebilling.Customer, error) {

+			if in.OrgID != orgID || in.OrgSlug != "acme" {

+				t.Fatalf("unexpected customer input: %+v", in)

+			}

+			return stripebilling.Customer{ID: "cus_test_checkout"}, nil

+		},

+		createCheckoutFn: func(_ context.Context, in stripebilling.CheckoutInput) (stripebilling.CheckoutSession, error) {

+			if in.CustomerID != "cus_test_checkout" {

+				t.Fatalf("checkout customer = %q", in.CustomerID)

+			}

+			if in.SeatCount != 1 {

+				t.Fatalf("checkout seats = %d, want 1", in.SeatCount)

+			}

+			if !strings.Contains(in.SuccessURL, "/organizations/acme/billing/success") {

+				t.Fatalf("success url = %q", in.SuccessURL)

+			}

+			if !strings.Contains(in.CancelURL, "/organizations/acme/billing/cancel") {

+				t.Fatalf("cancel url = %q", in.CancelURL)

+			}

+			return stripebilling.CheckoutSession{ID: "cs_test", URL: "https://checkout.stripe.test/session"}, nil

+		},

+	}

+	mux := newOrgBillingMux(t, pool, ownerID, fake)

+

+	resp := httptest.NewRecorder()

+	req := newOrgFormRequest(http.MethodPost, "/organizations/acme/billing/checkout", url.Values{})

+	mux.ServeHTTP(resp, req)

+	if resp.Code != http.StatusSeeOther {

+		t.Fatalf("checkout status=%d body=%s", resp.Code, resp.Body.String())

+	}

+	if got := resp.Header().Get("Location"); got != "https://checkout.stripe.test/session" {

+		t.Fatalf("checkout redirect=%q", got)

+	}

+	state, err := orgbilling.GetOrgBillingState(ctx, orgbilling.Deps{Pool: pool}, orgID)

+	if err != nil {

+		t.Fatalf("GetOrgBillingState: %v", err)

+	}

+	if !state.StripeCustomerID.Valid || state.StripeCustomerID.String != "cus_test_checkout" {

+		t.Fatalf("expected stripe customer saved, got %+v", state.StripeCustomerID)

+	}

+}

+

+func TestOrgBillingWebhookProcessesSubscriptionAndStaysIdempotent(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	raw, err := json.Marshal(map[string]any{

+		"id":                   "sub_test",

+		"customer":             "cus_test_webhook",

+		"status":               "active",

+		"cancel_at_period_end": false,

+		"trial_end":            int64(0),

+		"canceled_at":          int64(0),

+		"metadata":             map[string]string{stripebilling.MetadataOrgID: strconv.FormatInt(orgID, 10)},

+		"items": map[string]any{"data": []map[string]any{{

+			"id":                   "si_test_webhook",

+			"current_period_start": time.Now().UTC().Add(-time.Hour).Unix(),

+			"current_period_end":   time.Now().UTC().Add(30 * 24 * time.Hour).Unix(),

+		}}},

+	})

+	if err != nil {

+		t.Fatalf("marshal subscription raw: %v", err)

+	}

+	fake := &fakeStripeRemote{

+		verifyWebhookFn: func(_ []byte, _ string) (stripeapi.Event, error) {

+			return stripeapi.Event{

+				ID:         "evt_sub_active",

+				Type:       stripeapi.EventType("customer.subscription.updated"),

+				APIVersion: "2024-06-20",

+				Data:       &stripeapi.EventData{Raw: raw},

+			}, nil

+		},

+	}

+	mux := newOrgBillingMux(t, pool, ownerID, fake)

+

+	req := httptest.NewRequest(http.MethodPost, "/stripe/webhook", strings.NewReader(`{"id":"evt_sub_active"}`))

+	req.Header.Set("Stripe-Signature", "sig_test")

+	resp := httptest.NewRecorder()

+	mux.ServeHTTP(resp, req)

+	if resp.Code != http.StatusOK {

+		t.Fatalf("first webhook status=%d body=%s", resp.Code, resp.Body.String())

+	}

+	state, err := orgbilling.GetOrgBillingState(ctx, orgbilling.Deps{Pool: pool}, orgID)

+	if err != nil {

+		t.Fatalf("GetOrgBillingState: %v", err)

+	}

+	if state.Plan != orgbilling.PlanTeam || state.SubscriptionStatus != orgbilling.SubscriptionStatusActive {

+		t.Fatalf("unexpected billing state: %+v", state)

+	}

+	if !state.StripeCustomerID.Valid || state.StripeCustomerID.String != "cus_test_webhook" {

+		t.Fatalf("expected customer id saved, got %+v", state.StripeCustomerID)

+	}

+	if !state.StripeSubscriptionID.Valid || state.StripeSubscriptionID.String != "sub_test" {

+		t.Fatalf("expected subscription id saved, got %+v", state.StripeSubscriptionID)

+	}

+	receipt, err := billingdb.New().GetWebhookEventReceipt(ctx, pool, "evt_sub_active")

+	if err != nil {

+		t.Fatalf("GetWebhookEventReceipt: %v", err)

+	}

+	if !receipt.ProcessedAt.Valid || receipt.ProcessingAttempts != 1 {

+		t.Fatalf("unexpected receipt after first processing: %+v", receipt)

+	}

+

+	req = httptest.NewRequest(http.MethodPost, "/stripe/webhook", strings.NewReader(`{"id":"evt_sub_active"}`))

+	req.Header.Set("Stripe-Signature", "sig_test")

+	resp = httptest.NewRecorder()

+	mux.ServeHTTP(resp, req)

+	if resp.Code != http.StatusOK {

+		t.Fatalf("duplicate webhook status=%d body=%s", resp.Code, resp.Body.String())

+	}

+	receipt, err = billingdb.New().GetWebhookEventReceipt(ctx, pool, "evt_sub_active")

+	if err != nil {

+		t.Fatalf("GetWebhookEventReceipt duplicate: %v", err)

+	}

+	if receipt.ProcessingAttempts != 1 {

+		t.Fatalf("duplicate webhook should not reprocess receipt: %+v", receipt)

+	}

+}

+

+type fakeStripeRemote struct {

+	createCustomerFn func(context.Context, stripebilling.CustomerInput) (stripebilling.Customer, error)

+	createCheckoutFn func(context.Context, stripebilling.CheckoutInput) (stripebilling.CheckoutSession, error)

+	createPortalFn   func(context.Context, stripebilling.PortalInput) (stripebilling.PortalSession, error)

+	updateQuantityFn func(context.Context, stripebilling.SeatQuantityInput) error

+	verifyWebhookFn  func([]byte, string) (stripeapi.Event, error)

+}

+

+func (f *fakeStripeRemote) CreateCustomer(ctx context.Context, in stripebilling.CustomerInput) (stripebilling.Customer, error) {

+	if f.createCustomerFn == nil {

+		return stripebilling.Customer{}, nil

+	}

+	return f.createCustomerFn(ctx, in)

+}

+

+func (f *fakeStripeRemote) CreateCheckoutSession(ctx context.Context, in stripebilling.CheckoutInput) (stripebilling.CheckoutSession, error) {

+	if f.createCheckoutFn == nil {

+		return stripebilling.CheckoutSession{}, nil

+	}

+	return f.createCheckoutFn(ctx, in)

+}

+

+func (f *fakeStripeRemote) CreatePortalSession(ctx context.Context, in stripebilling.PortalInput) (stripebilling.PortalSession, error) {

+	if f.createPortalFn == nil {

+		return stripebilling.PortalSession{}, nil

+	}

+	return f.createPortalFn(ctx, in)

+}

+

+func (f *fakeStripeRemote) UpdateSubscriptionItemQuantity(ctx context.Context, in stripebilling.SeatQuantityInput) error {

+	if f.updateQuantityFn == nil {

+		return nil

+	}

+	return f.updateQuantityFn(ctx, in)

+}

+

+func (f *fakeStripeRemote) VerifyWebhook(payload []byte, signatureHeader string) (stripeapi.Event, error) {

+	if f.verifyWebhookFn == nil {

+		return stripeapi.Event{}, nil

+	}

+	return f.verifyWebhookFn(payload, signatureHeader)

+}

+

+func newOrgBillingMux(t *testing.T, pool *pgxpool.Pool, ownerID int64, remote stripebilling.Remote) *chi.Mux {

+	t.Helper()

+	tmplFS := fstest.MapFS{

+		"_layout.html":               {Data: []byte(`{{ define "layout" }}<html><body>{{ template "page" . }}</body></html>{{ end }}`)},

+		"orgs/settings_billing.html": {Data: []byte(`{{ define "page" }}{{ with .Error }}ERROR={{ . }}{{ end }}{{ with .Notice }}NOTICE={{ . }}{{ end }}{{ range .Invoices }}INVOICE={{ .Number }};{{ end }}{{ end }}`)},

+		"errors/403.html":            {Data: []byte(`{{ define "page" }}403{{ end }}`)},

+		"errors/404.html":            {Data: []byte(`{{ define "page" }}404{{ end }}`)},

+		"errors/500.html":            {Data: []byte(`{{ define "page" }}500{{ end }}`)},

+	}

+	rr, err := render.New(tmplFS, render.Options{})

+	if err != nil {

+		t.Fatalf("render.New: %v", err)

+	}

+	h, err := orgsh.New(orgsh.Deps{

+		Logger:                slog.New(slog.NewTextHandler(io.Discard, nil)),

+		Render:                rr,

+		Pool:                  pool,

+		BaseURL:               "https://shithub.example",

+		BillingEnabled:        true,

+		BillingGracePeriod:    14 * 24 * time.Hour,

+		Stripe:                remote,

+		StripeSuccessURL:      "https://shithub.example/organizations/{org}/billing/success",

+		StripeCancelURL:       "https://shithub.example/organizations/{org}/billing/cancel",

+		StripePortalReturnURL: "https://shithub.example/organizations/{org}/settings/billing",

+	})

+	if err != nil {

+		t.Fatalf("orgsh.New: %v", err)

+	}

+	mux := chi.NewRouter()

+	mux.Use(func(next http.Handler) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

+			viewer := middleware.CurrentUser{ID: ownerID, Username: "owner"}

+			next.ServeHTTP(w, r.WithContext(middleware.WithCurrentUserForTest(r.Context(), viewer)))

+		})

+	})

+	h.MountCreate(mux)

+	h.MountBillingWebhook(mux)

+	return mux

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs

+

+import (

+	"context"

+	"encoding/json"

+	"errors"

+	"fmt"

+	"io"

+	"net/http"

+	"strconv"

+	"strings"

+	"time"

+

+	"github.com/jackc/pgx/v5"

+	stripeapi "github.com/stripe/stripe-go/v85"

+

+	orgbilling "github.com/tenseleyFlow/shithub/internal/billing"

+	"github.com/tenseleyFlow/shithub/internal/billing/stripebilling"

+)

+

+const stripeWebhookBodyLimit = 1 << 20

+

+func (h *Handlers) billingWebhook(w http.ResponseWriter, r *http.Request) {

+	if !h.billingConfigured() {

+		http.NotFound(w, r)

+		return

+	}

+	r.Body = http.MaxBytesReader(w, r.Body, stripeWebhookBodyLimit)

+	payload, err := io.ReadAll(r.Body)

+	if err != nil {

+		http.Error(w, "invalid webhook body", http.StatusBadRequest)

+		return

+	}

+	event, err := h.d.Stripe.VerifyWebhook(payload, r.Header.Get("Stripe-Signature"))

+	if err != nil {

+		http.Error(w, "invalid stripe signature", http.StatusBadRequest)

+		return

+	}

+	receipt, created, err := orgbilling.RecordWebhookEvent(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, orgbilling.WebhookEvent{

+		ProviderEventID: event.ID,

+		EventType:       string(event.Type),

+		APIVersion:      event.APIVersion,

+		Payload:         payload,

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: record webhook receipt", "event_id", event.ID, "event_type", event.Type, "error", err)

+		http.Error(w, "could not record webhook receipt", http.StatusInternalServerError)

+		return

+	}

+	if !created && receipt.ProcessedAt.Valid {

+		w.WriteHeader(http.StatusOK)

+		_, _ = w.Write([]byte("ok"))

+		return

+	}

+	if err := h.processStripeWebhook(r.Context(), event); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: process webhook", "event_id", event.ID, "event_type", event.Type, "error", err)

+		if _, markErr := orgbilling.MarkWebhookEventFailed(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, event.ID, err.Error()); markErr != nil {

+			h.d.Logger.ErrorContext(r.Context(), "org billing: mark webhook failed", "event_id", event.ID, "error", markErr)

+		}

+		http.Error(w, "webhook processing failed", http.StatusInternalServerError)

+		return

+	}

+	if _, err := orgbilling.MarkWebhookEventProcessed(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, event.ID); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org billing: mark webhook processed", "event_id", event.ID, "error", err)

+		http.Error(w, "could not finalize webhook receipt", http.StatusInternalServerError)

+		return

+	}

+	w.WriteHeader(http.StatusOK)

+	_, _ = w.Write([]byte("ok"))

+}

+

+func (h *Handlers) processStripeWebhook(ctx context.Context, event stripeapi.Event) error {

+	switch string(event.Type) {

+	case "checkout.session.completed":

+		return h.applyStripeCheckoutCompleted(ctx, event)

+	case "customer.subscription.created", "customer.subscription.updated", "customer.subscription.deleted":

+		return h.applyStripeSubscriptionEvent(ctx, event)

+	case "invoice.payment_succeeded", "invoice.payment_failed", "invoice.voided", "invoice.marked_uncollectible":

+		return h.applyStripeInvoiceEvent(ctx, event)

+	default:

+		return nil

+	}

+}

+

+func (h *Handlers) applyStripeCheckoutCompleted(ctx context.Context, event stripeapi.Event) error {

+	var session stripeapi.CheckoutSession

+	if err := unmarshalStripeEventObject(event, &session); err != nil {

+		return err

+	}

+	orgID := stripeOrgIDFromMetadata(session.Metadata)

+	if orgID == 0 {

+		if id, err := strconv.ParseInt(strings.TrimSpace(session.ClientReferenceID), 10, 64); err == nil && id > 0 {

+			orgID = id

+		}

+	}

+	if orgID == 0 {

+		return errors.New("stripe checkout.session.completed missing shithub org metadata")

+	}

+	customerID := stripeCustomerID(session.Customer)

+	if customerID == "" {

+		return errors.New("stripe checkout.session.completed missing customer")

+	}

+	_, err := orgbilling.SetStripeCustomer(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgID, customerID)

+	return err

+}

+

+func (h *Handlers) applyStripeSubscriptionEvent(ctx context.Context, event stripeapi.Event) error {

+	var sub stripeapi.Subscription

+	if err := unmarshalStripeEventObject(event, &sub); err != nil {

+		return err

+	}

+	orgID, err := h.resolveOrgIDFromSubscription(ctx, &sub)

+	if err != nil {

+		return err

+	}

+	customerID := stripeCustomerID(sub.Customer)

+	if customerID != "" {

+		if _, err := orgbilling.SetStripeCustomer(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgID, customerID); err != nil {

+			return err

+		}

+	}

+	status, err := stripeSubscriptionStatus(sub.Status)

+	if err != nil {

+		return err

+	}

+	if status == orgbilling.SubscriptionStatusCanceled || string(event.Type) == "customer.subscription.deleted" {

+		_, err := orgbilling.MarkCanceled(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgID, event.ID)

+		return err

+	}

+	itemID := stripeSubscriptionItemID(sub.Items)

+	periodStart, periodEnd := stripeSubscriptionPeriod(sub.Items)

+	_, err = orgbilling.ApplySubscriptionSnapshot(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgbilling.SubscriptionSnapshot{

+		OrgID:                    orgID,

+		Plan:                     orgbilling.PlanTeam,

+		Status:                   status,

+		StripeSubscriptionID:     strings.TrimSpace(sub.ID),

+		StripeSubscriptionItemID: itemID,

+		CurrentPeriodStart:       periodStart,

+		CurrentPeriodEnd:         periodEnd,

+		CancelAtPeriodEnd:        sub.CancelAtPeriodEnd,

+		TrialEnd:                 unixTime(sub.TrialEnd),

+		CanceledAt:               unixTime(sub.CanceledAt),

+		LastWebhookEventID:       event.ID,

+	})

+	return err

+}

+

+func (h *Handlers) applyStripeInvoiceEvent(ctx context.Context, event stripeapi.Event) error {

+	var inv stripeapi.Invoice

+	if err := unmarshalStripeEventObject(event, &inv); err != nil {

+		return err

+	}

+	orgID, state, err := h.resolveOrgStateFromInvoice(ctx, &inv)

+	if err != nil {

+		return err

+	}

+	status, err := stripeInvoiceStatus(inv.Status)

+	if err != nil {

+		return err

+	}

+	if _, err := orgbilling.UpsertInvoice(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgbilling.InvoiceSnapshot{

+		OrgID:                orgID,

+		StripeInvoiceID:      strings.TrimSpace(inv.ID),

+		StripeCustomerID:     stripeCustomerID(inv.Customer),

+		StripeSubscriptionID: stripeInvoiceSubscriptionID(&inv),

+		Status:               status,

+		Number:               strings.TrimSpace(inv.Number),

+		Currency:             strings.ToLower(string(inv.Currency)),

+		AmountDueCents:       inv.AmountDue,

+		AmountPaidCents:      inv.AmountPaid,

+		AmountRemainingCents: inv.AmountRemaining,

+		HostedInvoiceURL:     strings.TrimSpace(inv.HostedInvoiceURL),

+		InvoicePDFURL:        strings.TrimSpace(inv.InvoicePDF),

+		PeriodStart:          unixTime(inv.PeriodStart),

+		PeriodEnd:            unixTime(inv.PeriodEnd),

+		DueAt:                unixTime(inv.DueDate),

+		PaidAt:               unixTime(stripeInvoicePaidAt(inv.StatusTransitions)),

+		VoidedAt:             unixTime(stripeInvoiceVoidedAt(inv.StatusTransitions)),

+	}); err != nil {

+		return err

+	}

+	switch string(event.Type) {

+	case "invoice.payment_failed":

+		graceUntil := time.Now().UTC().Add(h.d.BillingGracePeriod)

+		_, err := orgbilling.MarkPastDue(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgID, graceUntil, event.ID)

+		return err

+	case "invoice.payment_succeeded":

+		if state.SubscriptionStatus != orgbilling.SubscriptionStatusCanceled {

+			_, err := orgbilling.ClearBillingLock(ctx, orgbilling.Deps{Pool: h.d.Pool}, orgID)

+			return err

+		}

+	}

+	return nil

+}

+

+func (h *Handlers) resolveOrgIDFromSubscription(ctx context.Context, sub *stripeapi.Subscription) (int64, error) {

+	if orgID := stripeOrgIDFromMetadata(sub.Metadata); orgID != 0 {

+		return orgID, nil

+	}

+	if customerID := stripeCustomerID(sub.Customer); customerID != "" {

+		state, err := orgbilling.GetOrgBillingStateByStripeCustomer(ctx, orgbilling.Deps{Pool: h.d.Pool}, customerID)

+		if err == nil {

+			return state.OrgID, nil

+		}

+		if !errors.Is(err, pgx.ErrNoRows) {

+			return 0, err

+		}

+	}

+	if subID := strings.TrimSpace(sub.ID); subID != "" {

+		state, err := orgbilling.GetOrgBillingStateByStripeSubscription(ctx, orgbilling.Deps{Pool: h.d.Pool}, subID)

+		if err == nil {

+			return state.OrgID, nil

+		}

+		if !errors.Is(err, pgx.ErrNoRows) {

+			return 0, err

+		}

+	}

+	return 0, errors.New("stripe subscription does not map to a shithub organization")

+}

+

+func (h *Handlers) resolveOrgStateFromInvoice(ctx context.Context, inv *stripeapi.Invoice) (int64, orgbilling.State, error) {

+	if customerID := stripeCustomerID(inv.Customer); customerID != "" {

+		state, err := orgbilling.GetOrgBillingStateByStripeCustomer(ctx, orgbilling.Deps{Pool: h.d.Pool}, customerID)

+		if err == nil {

+			return state.OrgID, state, nil

+		}

+		if !errors.Is(err, pgx.ErrNoRows) {

+			return 0, orgbilling.State{}, err

+		}

+	}

+	if subID := stripeInvoiceSubscriptionID(inv); subID != "" {

+		state, err := orgbilling.GetOrgBillingStateByStripeSubscription(ctx, orgbilling.Deps{Pool: h.d.Pool}, subID)

+		if err == nil {

+			return state.OrgID, state, nil

+		}

+		if !errors.Is(err, pgx.ErrNoRows) {

+			return 0, orgbilling.State{}, err

+		}

+	}

+	return 0, orgbilling.State{}, errors.New("stripe invoice does not map to a shithub organization")

+}

+

+func stripeOrgIDFromMetadata(metadata map[string]string) int64 {

+	raw := strings.TrimSpace(metadata[stripebilling.MetadataOrgID])

+	if raw == "" {

+		return 0

+	}

+	n, err := strconv.ParseInt(raw, 10, 64)

+	if err != nil || n <= 0 {

+		return 0

+	}

+	return n

+}

+

+func stripeCustomerID(customer *stripeapi.Customer) string {

+	if customer == nil {

+		return ""

+	}

+	return strings.TrimSpace(customer.ID)

+}

+

+func stripeSubscriptionID(sub *stripeapi.Subscription) string {

+	if sub == nil {

+		return ""

+	}

+	return strings.TrimSpace(sub.ID)

+}

+

+func stripeSubscriptionItemID(items *stripeapi.SubscriptionItemList) string {

+	if items == nil || len(items.Data) == 0 || items.Data[0] == nil {

+		return ""

+	}

+	return strings.TrimSpace(items.Data[0].ID)

+}

+

+func stripeSubscriptionPeriod(items *stripeapi.SubscriptionItemList) (time.Time, time.Time) {

+	if items == nil || len(items.Data) == 0 || items.Data[0] == nil {

+		return time.Time{}, time.Time{}

+	}

+	return unixTime(items.Data[0].CurrentPeriodStart), unixTime(items.Data[0].CurrentPeriodEnd)

+}

+

+func stripeInvoiceSubscriptionID(inv *stripeapi.Invoice) string {

+	if inv == nil || inv.Parent == nil || inv.Parent.SubscriptionDetails == nil || inv.Parent.SubscriptionDetails.Subscription == nil {

+		return ""

+	}

+	return strings.TrimSpace(inv.Parent.SubscriptionDetails.Subscription.ID)

+}

+

+func stripeSubscriptionStatus(status stripeapi.SubscriptionStatus) (orgbilling.SubscriptionStatus, error) {

+	switch string(status) {

+	case "incomplete":

+		return orgbilling.SubscriptionStatusIncomplete, nil

+	case "trialing":

+		return orgbilling.SubscriptionStatusTrialing, nil

+	case "active":

+		return orgbilling.SubscriptionStatusActive, nil

+	case "past_due":

+		return orgbilling.SubscriptionStatusPastDue, nil

+	case "canceled":

+		return orgbilling.SubscriptionStatusCanceled, nil

+	case "unpaid":

+		return orgbilling.SubscriptionStatusUnpaid, nil

+	case "paused":

+		return orgbilling.SubscriptionStatusPaused, nil

+	case "incomplete_expired":

+		return orgbilling.SubscriptionStatusCanceled, nil

+	default:

+		return "", fmt.Errorf("unsupported stripe subscription status %q", status)

+	}

+}

+

+func stripeInvoiceStatus(status stripeapi.InvoiceStatus) (orgbilling.InvoiceStatus, error) {

+	switch string(status) {

+	case "draft":

+		return orgbilling.InvoiceStatusDraft, nil

+	case "open":

+		return orgbilling.InvoiceStatusOpen, nil

+	case "paid":

+		return orgbilling.InvoiceStatusPaid, nil

+	case "void":

+		return orgbilling.InvoiceStatusVoid, nil

+	case "uncollectible":

+		return orgbilling.InvoiceStatusUncollectible, nil

+	default:

+		return "", fmt.Errorf("unsupported stripe invoice status %q", status)

+	}

+}

+

+func stripeInvoicePaidAt(transitions *stripeapi.InvoiceStatusTransitions) int64 {

+	if transitions == nil {

+		return 0

+	}

+	return transitions.PaidAt

+}

+

+func stripeInvoiceVoidedAt(transitions *stripeapi.InvoiceStatusTransitions) int64 {

+	if transitions == nil {

+		return 0

+	}

+	return transitions.VoidedAt

+}

+

+func unixTime(ts int64) time.Time {

+	if ts <= 0 {

+		return time.Time{}

+	}

+	return time.Unix(ts, 0).UTC()

+}

+

+func unmarshalStripeEventObject[T any](event stripeapi.Event, out *T) error {

+	if event.Data == nil || len(event.Data.Raw) == 0 {

+		return errors.New("stripe webhook missing event data")

+	}

+	if err := json.Unmarshal(event.Data.Raw, out); err != nil {

+		return fmt.Errorf("decode stripe %s event: %w", event.Type, err)

+	}

+	return nil

+}

+		"OrgSettingsActive": "import",

+		"BillingEnabled":    h.d.BillingEnabled,

+	"time"

+	"github.com/tenseleyFlow/shithub/internal/billing/stripebilling"

+	BillingEnabled        bool

+	BillingGracePeriod    time.Duration

+	Stripe                stripebilling.Remote

+	StripeSuccessURL      string

+	StripeCancelURL       string

+	StripePortalReturnURL string

+	if h.billingConfigured() {

+		r.Get("/organizations/{org}/settings/billing", h.settingsBilling)

+		r.Post("/organizations/{org}/billing/checkout", h.billingCheckout)

+		r.Post("/organizations/{org}/billing/portal", h.billingPortal)

+		r.Get("/organizations/{org}/billing/success", h.billingSuccess)

+		r.Get("/organizations/{org}/billing/cancel", h.billingCancel)

+	}

+func (h *Handlers) MountBillingWebhook(r chi.Router) {

+	if !h.billingConfigured() {

+		return

+	}

+	r.Post("/stripe/webhook", h.billingWebhook)

+}

+

+func (h *Handlers) billingConfigured() bool {

+	return h.d.BillingEnabled && h.d.Stripe != nil

+}

+

+		"OrgSettingsActive":   "profile",

+		"BillingEnabled":      h.d.BillingEnabled,

+	"github.com/tenseleyFlow/shithub/internal/billing/stripebilling"

+	var stripeRemote stripebilling.Remote

+	if cfg.Billing.Enabled {

+		remote, err := stripebilling.New(stripebilling.Config{

+			SecretKey:     cfg.Billing.Stripe.SecretKey,

+			WebhookSecret: cfg.Billing.Stripe.WebhookSecret,

+			TeamPriceID:   cfg.Billing.Stripe.TeamPriceID,

+			AutomaticTax:  cfg.Billing.Stripe.AutomaticTax,

+		})

+		if err != nil {

+			return nil, err

+		}

+		stripeRemote = remote

+	}

+		BillingEnabled:        cfg.Billing.Enabled,

+		BillingGracePeriod:    cfg.Billing.GracePeriod,

+		Stripe:                stripeRemote,

+		StripeSuccessURL:      cfg.Billing.Stripe.SuccessURL,

+		StripeCancelURL:       cfg.Billing.Stripe.CancelURL,

+		StripePortalReturnURL: cfg.Billing.Stripe.PortalReturnURL,

+		if cfg.Billing.Enabled {

+			deps.BillingWebhookMounter = orgH.MountBillingWebhook

+		}

+.shithub-org-billing-summary {

+  display: grid;

+  grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));

+  gap: 1rem;

+}

+.shithub-org-billing-card {

+  min-height: 100%;

+}

+.shithub-org-billing-card .Box-body {

+  display: grid;

+  gap: 0.35rem;

+}

+.shithub-org-billing-card-value {

+  margin: 0;

+  font-size: 1.5rem;

+  font-weight: 600;

+  line-height: 1.2;

+}

+.shithub-org-billing-card-detail {

+  margin: 0;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+.shithub-org-billing-table {

+  width: 100%;

+  border-collapse: collapse;

+}

+.shithub-org-billing-table th,

+.shithub-org-billing-table td {

+  padding: 0.75rem 1rem;

+  border-top: 1px solid var(--border-muted, var(--border-default));

+  text-align: left;

+  vertical-align: top;

+}

+.shithub-org-billing-table thead th {

+  border-top: 0;

+  color: var(--fg-muted);

+  font-size: 0.75rem;

+  font-weight: 600;

+  text-transform: uppercase;

+}

+.shithub-org-billing-links {

+  white-space: nowrap;

+}

+.shithub-org-billing-links a + a {

+  margin-left: 0.65rem;

+}

+.shithub-org-billing-status {

+  display: inline-flex;

+  align-items: center;

+  min-height: 1.5rem;

+  padding: 0 0.5rem;

+  border-radius: 999px;

+  font-size: 0.75rem;

+  font-weight: 600;

+  text-transform: uppercase;

+  letter-spacing: 0;

+  background: var(--canvas-subtle);

+  color: var(--fg-default);

+}

+.shithub-org-billing-status.is-paid,

+.shithub-org-billing-status.is-active {

+  background: rgba(35, 134, 54, 0.18);

+  color: var(--success-fg);

+}

+.shithub-org-billing-status.is-open,

+.shithub-org-billing-status.is-draft {

+  background: rgba(9, 105, 218, 0.16);

+  color: var(--accent-fg);

+}

+.shithub-org-billing-status.is-uncollectible,

+.shithub-org-billing-status.is-void,

+.shithub-org-billing-status.is-past-due,

+.shithub-org-billing-status.is-unpaid,

+.shithub-org-billing-status.is-canceled {

+  background: rgba(218, 54, 51, 0.16);

+  color: var(--danger-fg);

+}

+{{ define "org-settings-nav" -}}

+<aside class="shithub-org-settings-sidebar" aria-label="Organization settings">

+  <h1>Settings</h1>

+  <nav class="shithub-org-settings-menu">

+    <a{{ if eq .OrgSettingsActive "profile" }} class="is-selected" aria-current="page"{{ end }} href="/organizations/{{ .Org.Slug }}/settings/profile">{{ octicon "organization" }} General</a>

+    <a{{ if eq .OrgSettingsActive "import" }} class="is-selected" aria-current="page"{{ end }} href="/organizations/{{ .Org.Slug }}/settings/import">{{ octicon "repo" }} Import repositories</a>

+    <span aria-disabled="true">{{ octicon "people" }} People</span>

+    <span aria-disabled="true">{{ octicon "repo" }} Repository defaults</span>

+    <span aria-disabled="true">{{ octicon "lock" }} Member privileges</span>

+    <h2>Code, planning, and automation</h2>

+    <span aria-disabled="true">{{ octicon "play" }} Actions</span>

+    <span aria-disabled="true">{{ octicon "table" }} Projects</span>

+    <span aria-disabled="true">{{ octicon "package" }} Packages</span>

+    <h2>Security</h2>

+    <span aria-disabled="true">{{ octicon "shield-check" }} Code security</span>

+    <span aria-disabled="true">{{ octicon "globe" }} Domains</span>

+    <h2>Access</h2>

+    {{ if .BillingEnabled }}

+    <a{{ if eq .OrgSettingsActive "billing" }} class="is-selected" aria-current="page"{{ end }} href="/organizations/{{ .Org.Slug }}/settings/billing">{{ octicon "credit-card" }} Billing and plans</a>

+    {{ else }}

+    <span aria-disabled="true">{{ octicon "credit-card" }} Billing and plans</span>

+    {{ end }}

+    <span aria-disabled="true">{{ octicon "gear" }} Integrations</span>

+    <span aria-disabled="true">{{ octicon "history" }} Audit log</span>

+  </nav>

+</aside>

+{{- end }}

+{{ define "page" -}}

+<section class="shithub-org-settings-page">

+  <header class="shithub-org-pagehead shithub-org-settings-pagehead">

+    <div class="shithub-org-pagehead-inner">

+      <a class="shithub-org-pagehead-title" href="/{{ .Org.Slug }}">

+        <img src="{{ .AvatarURL }}" alt="" width="30" height="30">

+        <span>{{ if .Org.DisplayName }}{{ .Org.DisplayName }}{{ else }}{{ .Org.Slug }}{{ end }}</span>

+      </a>

+    </div>

+  </header>

+

+  <div class="shithub-org-settings-layout">

+    {{ template "org-settings-nav" . }}

+

+    <div class="shithub-org-settings-main">

+      {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}

+      {{ with .Notice }}<p class="shithub-flash shithub-flash-success" role="status">{{ . }}</p>{{ end }}

+

+      <div class="Subhead">

+        <h2 class="Subhead-heading Subhead-heading--large">Billing and plans</h2>

+      </div>

+

+      <section class="shithub-org-settings-section" aria-labelledby="org-billing-summary-heading">

+        <h3 id="org-billing-summary-heading" class="sr-only">Billing summary</h3>

+        <div class="shithub-org-billing-summary">

+          {{ range .Summary }}

+          <section class="Box shithub-org-billing-card">

+            <div class="Box-header">

+              <h4 class="Box-title">{{ .Label }}</h4>

+            </div>

+            <div class="Box-body">

+              <p class="shithub-org-billing-card-value">{{ .Value }}</p>

+              {{ with .Detail }}<p class="shithub-org-billing-card-detail">{{ . }}</p>{{ end }}

+            </div>

+          </section>

+          {{ end }}

+        </div>

+      </section>

+

+      <section class="shithub-org-settings-section" aria-labelledby="org-billing-manage-heading">

+        <div class="Subhead Subhead--spacious border-bottom-0 mb-0 tmp-mb-0">

+          <h2 id="org-billing-manage-heading" class="Subhead-heading">Manage plan</h2>

+        </div>

+        <div class="shithub-org-settings-box">

+          <div class="shithub-org-settings-row">

+            <div>

+              <strong>Team plan</strong>

+              <p>$4 per active organization member per month. Public and private repositories stay available; billing applies to hosted organization collaboration.</p>

+            </div>

+            {{ if .CanManageSubscription }}

+            <form method="POST" action="/organizations/{{ .Org.Slug }}/billing/portal">

+              <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+              <button type="submit" class="shithub-button">Manage billing</button>

+            </form>

+            {{ else if .CanStartCheckout }}

+            <form method="POST" action="/organizations/{{ .Org.Slug }}/billing/checkout">

+              <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+              <button type="submit" class="shithub-button shithub-button-primary">Upgrade to Team</button>

+            </form>

+            {{ else }}

+            <span class="shithub-empty-note">Billing is not configured on this instance.</span>

+            {{ end }}

+          </div>

+          <div class="shithub-org-settings-row">

+            <div>

+              <strong>Billing email</strong>

+              <p>Stripe customer and invoice notifications use the organization billing email when one is set.</p>

+            </div>

+            <span>{{ if .Org.BillingEmail }}{{ .Org.BillingEmail }}{{ else }}Not set{{ end }}</span>

+          </div>

+          <div class="shithub-org-settings-row">

+            <div>

+              <strong>Payment failures</strong>

+              <p>Past-due subscriptions enter a grace period before paid entitlements are cut off.</p>

+            </div>

+            <span>{{ .GracePeriodLabel }}</span>

+          </div>

+        </div>

+      </section>

+

+      <section class="shithub-org-settings-section" aria-labelledby="org-billing-invoices-heading">

+        <div class="Subhead Subhead--spacious border-bottom-0 mb-0 tmp-mb-0">

+          <h2 id="org-billing-invoices-heading" class="Subhead-heading">Recent invoices</h2>

+        </div>

+        {{ if .Invoices }}

+        <div class="Box">

+          <div class="Box-body p-0">

+            <table class="shithub-org-billing-table">

+              <thead>

+                <tr>

+                  <th scope="col">Invoice</th>

+                  <th scope="col">Status</th>

+                  <th scope="col">Amount</th>

+                  <th scope="col">Period</th>

+                  <th scope="col">Due</th>

+                  <th scope="col"></th>

+                </tr>

+              </thead>

+              <tbody>

+                {{ range .Invoices }}

+                <tr>

+                  <td>{{ .Number }}</td>

+                  <td><span class="shithub-org-billing-status is-{{ .StatusClass }}">{{ .StatusLabel }}</span></td>

+                  <td>{{ .AmountLabel }}</td>

+                  <td>{{ .PeriodLabel }}</td>

+                  <td>{{ .DueLabel }}</td>

+                  <td class="shithub-org-billing-links">

+                    {{ if .HostedInvoiceURL }}<a href="{{ .HostedInvoiceURL }}" target="_blank" rel="noreferrer">Open</a>{{ end }}

+                    {{ if .InvoicePDFURL }}<a href="{{ .InvoicePDFURL }}" target="_blank" rel="noreferrer">PDF</a>{{ end }}

+                  </td>

+                </tr>

+                {{ end }}

+              </tbody>

+            </table>

+          </div>

+        </div>

+        {{ else }}

+        <p class="shithub-empty-note">No invoices have been recorded for this organization yet.</p>

+        {{ end }}

+      </section>

+    </div>

+  </div>

+</section>

+{{- end }}

+    {{ template "org-settings-nav" . }}

+    {{ template "org-settings-nav" . }}