tenseleyflow/shithub / b7a3679

+PAYMENTS SP07 completes the first self-serve billing settings surface:

+

+- `GET /organizations/{org}/settings/billing` is owner-only and is

+  linked from organization settings when Stripe Billing is configured.

+- The page shows current local plan state, subscription status, payment

+  source summary, recent Stripe-synced invoice snapshots, and actionable

+  banners for past-due, grace-period, canceled, scheduled-cancel, and

+  billing-action-needed states.

+- Seat accounting is shown as three separate values: current active

+  members, billable seats from the latest local billing state, and

+  pending invitations. Pending invitations are explicitly not billed

+  until accepted.

+- Team organizations manage payment method, invoices, cancellation, and

+  downgrade through Stripe Billing Portal. shithub never collects card

+  data directly and downgrades continue to preserve paid configuration

+  as read-only data.

+- Normal organization owners do not see raw Stripe customer,

+  subscription, or subscription-item IDs. Site admins see a debug panel

+  with those IDs and the latest locally recorded webhook receipt state.

+

+	"errors"

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+

+type billingSeatBreakdown struct {

+	ActiveMembers  int

+	BillableSeats  int64

+	PendingInvites int

+	SnapshotLabel  string

+}

+

+type billingAlert struct {

+	Class      string

+	Message    string

+	ActionText string

+	ActionHref string

+}

+

+type billingDebugView struct {

+	StripeCustomerID         string

+	StripeSubscriptionID     string

+	StripeSubscriptionItemID string

+	LastWebhookEventID       string

+	LastWebhookEventType     string

+	LastWebhookStatus        string

+	LastWebhookReceivedAt    string

+	LastWebhookProcessedAt   string

+	LastWebhookAttempts      int32

+	LastWebhookError         string

+}

+

+	pendingInviteCount, err := orgbilling.CountPendingOrgInvitations(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, org.ID)

+	if err != nil {

+		h.d.Logger.WarnContext(r.Context(), "org billing: count pending invitations", "org_id", org.ID, "error", err)

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	debug := billingDebugView{}

+	if viewer.IsSiteAdmin {

+		debug = h.billingDebugView(r, state)

+	}

+		"BillingAlert":          billingAlertForState(state, org.Slug),

+		"Seats":                 billingSeatBreakdown{ActiveMembers: memberCount, BillableSeats: int64(state.BillableSeats), PendingInvites: pendingInviteCount, SnapshotLabel: billingSeatDetail(state)},

+		"IsSiteAdmin":           viewer.IsSiteAdmin,

+		"Debug":                 debug,

+func (h *Handlers) billingDebugView(r *http.Request, state orgbilling.State) billingDebugView {

+	debug := billingDebugView{

+		StripeCustomerID:         pgTextString(state.StripeCustomerID),

+		StripeSubscriptionID:     pgTextString(state.StripeSubscriptionID),

+		StripeSubscriptionItemID: pgTextString(state.StripeSubscriptionItemID),

+		LastWebhookEventID:       strings.TrimSpace(state.LastWebhookEventID),

+	}

+	if debug.LastWebhookEventID == "" {

+		return debug

+	}

+	receipt, err := orgbilling.GetWebhookEventReceipt(r.Context(), orgbilling.Deps{Pool: h.d.Pool}, debug.LastWebhookEventID)

+	if err != nil {

+		if !errors.Is(err, pgx.ErrNoRows) {

+			h.d.Logger.WarnContext(r.Context(), "org billing: load latest webhook receipt",

+				"event_id", debug.LastWebhookEventID, "error", err)

+		}

+		return debug

+	}

+	debug.LastWebhookEventType = receipt.EventType

+	debug.LastWebhookReceivedAt = formatOptionalTime(receipt.ReceivedAt)

+	debug.LastWebhookProcessedAt = formatOptionalTime(receipt.ProcessedAt)

+	debug.LastWebhookAttempts = receipt.ProcessingAttempts

+	debug.LastWebhookError = strings.TrimSpace(receipt.ProcessError)

+	if receipt.ProcessedAt.Valid {

+		debug.LastWebhookStatus = "processed"

+	} else if debug.LastWebhookError != "" {

+		debug.LastWebhookStatus = "failed"

+	} else {

+		debug.LastWebhookStatus = "pending"

+	}

+	return debug

+}

+

+		return "Payment method and invoices are managed in Stripe Billing Portal."

+func billingAlertForState(state orgbilling.State, orgSlug string) billingAlert {

+	path := orgBillingSettingsPath(orgSlug)

+	switch state.SubscriptionStatus {

+	case orgbilling.SubscriptionStatusPastDue:

+		if state.GraceUntil.Valid && time.Now().UTC().Before(state.GraceUntil.Time) {

+			return billingAlert{

+				Class:      "shithub-flash-notice",

+				Message:    "Payment failed. Team features remain available during the billing grace period, which ends " + state.GraceUntil.Time.Format("Jan 2, 2006") + ".",

+				ActionText: "Manage billing",

+				ActionHref: path,

+			}

+		}

+		return billingAlert{

+			Class:      "shithub-flash-error",

+			Message:    "Payment is past due. Team-only features are read-only until billing is brought back into good standing.",

+			ActionText: "Manage billing",

+			ActionHref: path,

+		}

+	case orgbilling.SubscriptionStatusCanceled:

+		return billingAlert{

+			Class:      "shithub-flash-notice",

+			Message:    "This organization is on Free after cancellation. Existing paid configuration is preserved, but Team-only features are read-only until reactivated.",

+			ActionText: "Upgrade to Team",

+			ActionHref: path + "#manage-plan",

+		}

+	case orgbilling.SubscriptionStatusIncomplete, orgbilling.SubscriptionStatusUnpaid, orgbilling.SubscriptionStatusPaused:

+		return billingAlert{

+			Class:      "shithub-flash-error",

+			Message:    "This subscription needs billing action before Team features are available.",

+			ActionText: "Manage billing",

+			ActionHref: path,

+		}

+	default:

+		if state.CancelAtPeriodEnd && state.CurrentPeriodEnd.Valid {

+			return billingAlert{

+				Class:      "shithub-flash-notice",

+				Message:    "Team is scheduled to cancel at the end of the current billing period on " + state.CurrentPeriodEnd.Time.Format("Jan 2, 2006") + ".",

+				ActionText: "Manage billing",

+				ActionHref: path,

+			}

+		}

+		return billingAlert{}

+	}

+}

+

+func pgTextString(v pgtype.Text) string {

+	if !v.Valid {

+		return ""

+	}

+	return strings.TrimSpace(v.String)

+}

+

+func formatOptionalTime(v pgtype.Timestamptz) string {

+	if v.Valid && !v.Time.IsZero() {

+		return v.Time.UTC().Format("Jan 2, 2006 15:04 UTC")

+	}

+	return ""

+}

+

+func TestOrgBillingSettingsRequiresOwner(t *testing.T) {

+	t.Parallel()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	memberID := insertOrgAvatarUser(t, pool, "member")

+	mux := newOrgBillingMuxForUser(t, pool, middleware.CurrentUser{ID: memberID, Username: "member"}, &fakeStripeRemote{})

+

+	resp := httptest.NewRecorder()

+	req := newOrgFormRequest(http.MethodGet, "/organizations/acme/settings/billing", nil)

+	mux.ServeHTTP(resp, req)

+	if resp.Code != http.StatusForbidden {

+		t.Fatalf("settings status=%d body=%s", resp.Code, resp.Body.String())

+	}

+}

+

+func TestOrgBillingSettingsRendersSeatBreakdownAndHidesStripeIDs(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	if _, err := orgbilling.SetStripeCustomer(ctx, orgbilling.Deps{Pool: pool}, orgID, "cus_owner_secret"); err != nil {

+		t.Fatalf("SetStripeCustomer: %v", err)

+	}

+	if _, err := orgbilling.SyncSeatSnapshot(ctx, orgbilling.Deps{Pool: pool}, orgbilling.SeatSnapshot{

+		OrgID:         orgID,

+		ActiveMembers: 3,

+		BillableSeats: 3,

+		Source:        "test",

+	}); err != nil {

+		t.Fatalf("SyncSeatSnapshot: %v", err)

+	}

+	insertBillingPendingInvitation(t, pool, orgID, "pending@example.com", []byte{1, 2, 3})

+	mux := newOrgBillingMux(t, pool, ownerID, &fakeStripeRemote{})

+

+	resp := httptest.NewRecorder()

+	req := newOrgFormRequest(http.MethodGet, "/organizations/acme/settings/billing", nil)

+	mux.ServeHTTP(resp, req)

+	body := resp.Body.String()

+	if resp.Code != http.StatusOK {

+		t.Fatalf("settings status=%d body=%s", resp.Code, body)

+	}

+	if !strings.Contains(body, "SEATS=1/3/1;") {

+		t.Fatalf("settings did not render seat breakdown: %s", body)

+	}

+	if strings.Contains(body, "cus_owner_secret") {

+		t.Fatalf("owner billing page leaked Stripe customer id: %s", body)

+	}

+}

+

+func TestOrgBillingSettingsSiteAdminDebugShowsProviderState(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	deps := orgbilling.Deps{Pool: pool}

+	if _, err := orgbilling.SetStripeCustomer(ctx, deps, orgID, "cus_debug"); err != nil {

+		t.Fatalf("SetStripeCustomer: %v", err)

+	}

+	if _, err := orgbilling.ApplySubscriptionSnapshot(ctx, deps, orgbilling.SubscriptionSnapshot{

+		OrgID:                    orgID,

+		Plan:                     orgbilling.PlanTeam,

+		Status:                   orgbilling.SubscriptionStatusActive,

+		StripeSubscriptionID:     "sub_debug",

+		StripeSubscriptionItemID: "si_debug",

+		CurrentPeriodStart:       time.Now().UTC().Add(-time.Hour),

+		CurrentPeriodEnd:         time.Now().UTC().Add(30 * 24 * time.Hour),

+		LastWebhookEventID:       "evt_debug",

+	}); err != nil {

+		t.Fatalf("ApplySubscriptionSnapshot: %v", err)

+	}

+	if _, _, err := orgbilling.RecordWebhookEvent(ctx, deps, orgbilling.WebhookEvent{

+		ProviderEventID: "evt_debug",

+		EventType:       "customer.subscription.updated",

+		APIVersion:      "2024-06-20",

+		Payload:         []byte(`{"id":"evt_debug"}`),

+	}); err != nil {

+		t.Fatalf("RecordWebhookEvent: %v", err)

+	}

+	if _, err := orgbilling.MarkWebhookEventProcessed(ctx, deps, "evt_debug"); err != nil {

+		t.Fatalf("MarkWebhookEventProcessed: %v", err)

+	}

+	mux := newOrgBillingMuxForUser(t, pool, middleware.CurrentUser{ID: ownerID, Username: "owner", IsSiteAdmin: true}, &fakeStripeRemote{})

+

+	resp := httptest.NewRecorder()

+	req := newOrgFormRequest(http.MethodGet, "/organizations/acme/settings/billing", nil)

+	mux.ServeHTTP(resp, req)

+	body := resp.Body.String()

+	if resp.Code != http.StatusOK {

+		t.Fatalf("settings status=%d body=%s", resp.Code, body)

+	}

+	if !strings.Contains(body, "DEBUG=cus_debug|sub_debug|si_debug|evt_debug|processed;") {

+		t.Fatalf("settings did not render site-admin debug state: %s", body)

+	}

+}

+

+func TestOrgBillingSettingsShowsPastDueAlert(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	if _, err := orgbilling.MarkPastDue(ctx, orgbilling.Deps{Pool: pool}, orgID, time.Now().UTC().Add(24*time.Hour), "evt_failed"); err != nil {

+		t.Fatalf("MarkPastDue: %v", err)

+	}

+	mux := newOrgBillingMux(t, pool, ownerID, &fakeStripeRemote{})

+

+	resp := httptest.NewRecorder()

+	req := newOrgFormRequest(http.MethodGet, "/organizations/acme/settings/billing", nil)

+	mux.ServeHTTP(resp, req)

+	body := resp.Body.String()

+	if resp.Code != http.StatusOK {

+		t.Fatalf("settings status=%d body=%s", resp.Code, body)

+	}

+	if !strings.Contains(body, "ALERT=Payment failed.") {

+		t.Fatalf("settings did not render past-due alert: %s", body)

+	}

+}

+

+	t.Helper()

+	return newOrgBillingMuxForUser(t, pool, middleware.CurrentUser{ID: ownerID, Username: "owner"}, remote)

+}

+

+func newOrgBillingMuxForUser(t *testing.T, pool *pgxpool.Pool, viewer middleware.CurrentUser, remote stripebilling.Remote) *chi.Mux {

+		"orgs/settings_billing.html": {Data: []byte(`{{ define "page" }}{{ with .Error }}ERROR={{ . }}{{ end }}{{ with .Notice }}NOTICE={{ . }}{{ end }}{{ with .BillingAlert }}{{ if .Message }}ALERT={{ .Message }}{{ end }}{{ end }}SEATS={{ .Seats.ActiveMembers }}/{{ .Seats.BillableSeats }}/{{ .Seats.PendingInvites }};{{ range .Summary }}{{ if eq .Label "Payment source" }}PAYMENT={{ .Detail }};{{ end }}{{ end }}{{ if .IsSiteAdmin }}DEBUG={{ .Debug.StripeCustomerID }}|{{ .Debug.StripeSubscriptionID }}|{{ .Debug.StripeSubscriptionItemID }}|{{ .Debug.LastWebhookEventID }}|{{ .Debug.LastWebhookStatus }};{{ end }}{{ range .Invoices }}INVOICE={{ .Number }};{{ end }}{{ end }}`)},

+

+func insertBillingPendingInvitation(t *testing.T, db *pgxpool.Pool, orgID int64, email string, token []byte) {

+	t.Helper()

+	if _, err := db.Exec(context.Background(), `

+		INSERT INTO org_invitations (org_id, target_email, role, token_hash, expires_at)

+		VALUES ($1, $2, 'member', $3, now() + interval '1 day')

+	`, orgID, email, token); err != nil {

+		t.Fatalf("insert pending billing invitation: %v", err)

+	}

+}

+      {{ with .BillingAlert }}{{ if .Message }}

+      <p class="shithub-flash {{ .Class }}" role="status">

+        {{ .Message }}

+        {{ if .ActionHref }}<a href="{{ .ActionHref }}">{{ .ActionText }}</a>{{ end }}

+      </p>

+      {{ end }}{{ end }}

+      <section class="shithub-org-settings-section" aria-labelledby="org-billing-seats-heading">

+        <div class="Subhead Subhead--spacious border-bottom-0 mb-0 tmp-mb-0">

+          <h2 id="org-billing-seats-heading" class="Subhead-heading">Seats</h2>

+        </div>

+        <div class="Box">

+          <div class="Box-body p-0">

+            <table class="shithub-org-billing-table">

+              <thead>

+                <tr>

+                  <th scope="col">Type</th>

+                  <th scope="col">Count</th>

+                  <th scope="col">How it is used</th>

+                </tr>

+              </thead>

+              <tbody>

+                <tr>

+                  <td>Active members</td>

+                  <td>{{ .Seats.ActiveMembers }}</td>

+                  <td>Current organization members. Team billing charges active members, including owners.</td>

+                </tr>

+                <tr>

+                  <td>Billable seats</td>

+                  <td>{{ .Seats.BillableSeats }}</td>

+                  <td>{{ .Seats.SnapshotLabel }}</td>

+                </tr>

+                <tr>

+                  <td>Pending invitations</td>

+                  <td>{{ .Seats.PendingInvites }}</td>

+                  <td>Open invitations are shown separately and are not billed until accepted.</td>

+                </tr>

+              </tbody>

+            </table>

+          </div>

+        </div>

+      </section>

+

+      <section id="manage-plan" class="shithub-org-settings-section" aria-labelledby="org-billing-manage-heading">

+              <p>$4 per active organization member per month. Public and private repositories stay available; Team unlocks paid organization controls.</p>

+              <button type="submit" class="shithub-button">Manage or cancel</button>

+          {{ if .CanManageSubscription }}

+          <div class="shithub-org-settings-row">

+            <div>

+              <strong>Downgrade to Free</strong>

+              <p>Use Stripe Billing Portal to cancel or schedule cancellation. shithub preserves paid configuration and makes Team-only features read-only after downgrade.</p>

+            </div>

+            <form method="POST" action="/organizations/{{ .Org.Slug }}/billing/portal">

+              <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+              <button type="submit" class="shithub-button shithub-button-danger">Open billing portal</button>

+            </form>

+          </div>

+          {{ end }}

+

+      {{ if .IsSiteAdmin }}

+      <section class="shithub-org-settings-section" aria-labelledby="org-billing-debug-heading">

+        <div class="Subhead Subhead--spacious border-bottom-0 mb-0 tmp-mb-0">

+          <h2 id="org-billing-debug-heading" class="Subhead-heading">Site admin billing debug</h2>

+        </div>

+        <div class="Box">

+          <div class="Box-body p-0">

+            <table class="shithub-org-billing-table">

+              <tbody>

+                <tr><th scope="row">Stripe customer</th><td>{{ if .Debug.StripeCustomerID }}{{ .Debug.StripeCustomerID }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Stripe subscription</th><td>{{ if .Debug.StripeSubscriptionID }}{{ .Debug.StripeSubscriptionID }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Stripe subscription item</th><td>{{ if .Debug.StripeSubscriptionItemID }}{{ .Debug.StripeSubscriptionItemID }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Last webhook event</th><td>{{ if .Debug.LastWebhookEventID }}{{ .Debug.LastWebhookEventID }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Webhook type</th><td>{{ if .Debug.LastWebhookEventType }}{{ .Debug.LastWebhookEventType }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Webhook status</th><td>{{ if .Debug.LastWebhookStatus }}{{ .Debug.LastWebhookStatus }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Webhook received</th><td>{{ if .Debug.LastWebhookReceivedAt }}{{ .Debug.LastWebhookReceivedAt }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Webhook processed</th><td>{{ if .Debug.LastWebhookProcessedAt }}{{ .Debug.LastWebhookProcessedAt }}{{ else }}—{{ end }}</td></tr>

+                <tr><th scope="row">Webhook attempts</th><td>{{ .Debug.LastWebhookAttempts }}</td></tr>

+                <tr><th scope="row">Webhook error</th><td>{{ if .Debug.LastWebhookError }}{{ .Debug.LastWebhookError }}{{ else }}—{{ end }}</td></tr>

+              </tbody>

+            </table>

+          </div>

+        </div>

+      </section>

+      {{ end }}