mirror of
https://github.com/MODSetter/SurfSense.git
synced 2026-04-25 00:36:31 +02:00
07a4bc3fc3
Add POST /api/v1/stripe/create-subscription-checkout endpoint with get_or_create_stripe_customer (SELECT FOR UPDATE), plan_id→price_id mapping from env vars, active subscription guard (409), and session_id in success URL. Add GET /verify-checkout-session endpoint for server-side payment verification. Add /subscription-success frontend page with loading/verified/failed states. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.5 KiB
1.5 KiB
Deferred Work
Deferred from: code review of story 3-5-model-selection-via-quota (2026-04-14)
- stripe_subscription_id has no unique constraint [surfsense_backend/app/db.py] — Column added without UNIQUE constraint. Should be enforced once Stripe integration (Epic 5) is implemented to prevent duplicate subscription mappings.
- load_llm_config_from_yaml reads API keys directly from YAML file, not env vars [surfsense_backend/app/config.py] — Pre-existing: YAML config stores API keys inline. Spec Task 1.2 says "đọc API keys từ env vars" but this is the existing pattern used throughout the project. To be refactored when security hardening is prioritized.
Deferred from: code review of story 5-1 (2026-04-14)
refcastas anyon Switch component inpricing.tsx:99— pre-existing issue, not introduced by this change. Should use properReact.ComponentRef<typeof Switch>type.
Deferred from: code review of story 5-2 (2026-04-14)
- Webhook handler needs to distinguish
mode='subscription'frommode='payment'incheckout.session.completedand update User'ssubscription_status,plan_id,stripe_subscription_id— scope of Story 5.3. - Subscription lifecycle events (
invoice.paid,customer.subscription.updated/deleted,invoice.payment_failed) not handled — scope of Story 5.3. _get_or_create_stripe_customercan create orphaned Stripe customers ifdb_session.commit()fails aftercustomers.create. Consider idempotency key in future.