commit 9b70d9be57de76ffa4647d5abd310c7910474ddc · dunkirk.sh/thistle

+51

CRUSH.md

···

       581
        
       - Admin link shows in auth menu only for admin users

     

       582
        
       - Redirects to home page if non-admin accesses admin page

     

       583
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       584
        
       ## Future Additions

     

       585
        
       

     

       586
        
       As the codebase grows, document:

···

       581
        
       - Admin link shows in auth menu only for admin users

     

       582
        
       - Redirects to home page if non-admin accesses admin page

     

       583
        
       

     

       584
       +
       ## Subscription System

     

       585
       +
       

     

       586
       +
       The application uses Polar for subscription management to gate access to transcription features.

     

       587
       +
       

     

       588
       +
       **Subscription requirement:**

     

       589
       +
       - Users must have an active subscription to upload and transcribe audio files

     

       590
       +
       - Users can join classes and request classes without a subscription

     

       591
       +
       - Admins bypass subscription requirements

     

       592
       +
       

     

       593
       +
       **Protected routes:**

     

       594
       +
       - `POST /api/transcriptions` - Upload audio file (requires subscription or admin)

     

       595
       +
       - `GET /api/transcriptions` - List user's transcriptions (requires subscription or admin)

     

       596
       +
       - `GET /api/transcriptions/:id` - Get transcription details (requires subscription or admin)

     

       597
       +
       - `GET /api/transcriptions/:id/audio` - Download audio file (requires subscription or admin)

     

       598
       +
       - `GET /api/transcriptions/:id/stream` - Real-time transcription updates (requires subscription or admin)

     

       599
       +
       

     

       600
       +
       **Open routes (no subscription required):**

     

       601
       +
       - All authentication endpoints (`/api/auth/*`)

     

       602
       +
       - Class search and joining (`/api/classes/search`, `/api/classes/join`)

     

       603
       +
       - Waitlist requests (`/api/classes/waitlist`)

     

       604
       +
       - Billing/subscription management (`/api/billing/*`)

     

       605
       +
       

     

       606
       +
       **Subscription statuses:**

     

       607
       +
       - `active` - Full access to transcription features

     

       608
       +
       - `trialing` - Trial period, full access

     

       609
       +
       - `past_due` - Payment failed but still has access (grace period)

     

       610
       +
       - `canceled` - No access to transcription features

     

       611
       +
       - `expired` - No access to transcription features

     

       612
       +
       

     

       613
       +
       **Implementation:**

     

       614
       +
       - `subscriptions` table tracks user subscriptions from Polar

     

       615
       +
       - `hasActiveSubscription(userId)` checks for active/trialing/past_due status

     

       616
       +
       - `requireSubscription()` middleware enforces subscription requirement

     

       617
       +
       - `/api/auth/me` returns `has_subscription` boolean

     

       618
       +
       - Webhook at `/api/webhooks/polar` receives subscription updates from Polar

     

       619
       +
       - Frontend components check `has_subscription` and show subscribe prompt

     

       620
       +
       

     

       621
       +
       **User settings with query parameters:**

     

       622
       +
       - Settings page supports `?tab=<tabname>` query parameter to open specific tabs

     

       623
       +
       - Valid tabs: `account`, `sessions`, `passkeys`, `billing`, `danger`

     

       624
       +
       - Example: `/settings?tab=billing` opens the billing tab directly

     

       625
       +
       - Subscribe prompts link to `/settings?tab=billing` for direct access

     

       626
       +
       - URL updates when switching tabs (browser history support)

     

       627
       +
       

     

       628
       +
       **Testing subscriptions:**

     

       629
       +
       Manually add a test subscription to the database:

     

       630
       +
       ```sql

     

       631
       +
       INSERT INTO subscriptions (id, user_id, customer_id, status) 

     

       632
       +
       VALUES ('test-sub', <user_id>, 'test-customer', 'active');

     

       633
       +
       ```

     

       634
       +
       

     

       635
        
       ## Future Additions

     

       636
        
       

     

       637
        
       As the codebase grows, document:

src/components/auth.ts

···

       14
        
       	name: string | null;

     

       15
        
       	avatar: string;

     

       16
        
       	role?: "user" | "admin";

     

       0
        
       
     

       17
        
       }

     

       18
        
       

     

       19
        
       @customElement("auth-component")

···

       14
        
       	name: string | null;

     

       15
        
       	avatar: string;

     

       16
        
       	role?: "user" | "admin";

     

       17
       +
       	has_subscription?: boolean;

     

       18
        
       }

     

       19
        
       

     

       20
        
       @customElement("auth-component")

+32 -6

src/components/class-view.ts

···

       52
        
       	@state() error: string | null = null;

     

       53
        
       	@state() searchQuery = "";

     

       54
        
       	@state() uploadModalOpen = false;

     

       0
        
       
     

       0
        
       
     

       55
        
       	private eventSources: Map<string, EventSource> = new Map();

     

       56
        
       

     

       57
        
       	static override styles = css`

     
···

       298
        
       	override async connectedCallback() {

     

       299
        
       		super.connectedCallback();

     

       300
        
       		this.extractClassId();

     

       0
        
       
     

       301
        
       		await this.loadClass();

     

       302
        
       		this.connectToTranscriptionStreams();

     

       303
        
       

     
···

       323
        
       		const match = path.match(/^\/classes\/(.+)$/);

     

       324
        
       		if (match?.[1]) {

     

       325
        
       			this.classId = match[1];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       326
        
       		}

     

       327
        
       	}

     

       328
        
       

     
···

       492
        
             `;

     

       493
        
       		}

     

       494
        
       

     

       0
        
       
     

       0
        
       
     

       495
        
       		return html`

     

       496
        
             <div class="header">

     

       497
        
               <a href="/classes" class="back-link">← Back to all classes</a>

     
···

       520
        
       						: ""

     

       521
        
       				}

     

       522
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       523
        
               <div class="search-upload">

     

       524
        
                 <input

     

       525
        
                   type="text"

     
···

       538
        
                   📤 Upload Recording

     

       539
        
                 </button>

     

       540
        
               </div>

     

       541
       -
             </div>

     

       542
        
       

     

       543
       -
             ${

     

       544
       -
       				this.filteredTranscriptions.length === 0

     

       545
       -
       					? html`

     

       546
        
               <div class="empty-state">

     

       547
        
                 <h2>${this.searchQuery ? "No matching recordings" : "No recordings yet"}</h2>

     

       548
        
                 <p>${this.searchQuery ? "Try a different search term" : "Upload a recording to get started!"}</p>

     
···

       550
        
             `

     

       551
        
       					: html`

     

       552
        
               ${this.filteredTranscriptions.map(

     

       553
       -
       					(t) => html`

     

       554
        
                 <div class="transcription-card">

     

       555
        
                   <div class="transcription-header">

     

       556
        
                     <div>

     
···

       593
        
                   ${t.error_message ? html`<div class="error">${t.error_message}</div>` : ""}

     

       594
        
                 </div>

     

       595
        
               `,

     

       596
       -
       				)}

     

       597
        
             `

     

       598
        
       			}

     

       0
        
       
     

       0
        
       
     

       599
        
       

     

       600
        
             <upload-recording-modal

     

       601
        
               ?open=${this.uploadModalOpen}

···

       52
        
       	@state() error: string | null = null;

     

       53
        
       	@state() searchQuery = "";

     

       54
        
       	@state() uploadModalOpen = false;

     

       55
       +
       	@state() hasSubscription = false;

     

       56
       +
       	@state() isAdmin = false;

     

       57
        
       	private eventSources: Map<string, EventSource> = new Map();

     

       58
        
       

     

       59
        
       	static override styles = css`

     
···

       300
        
       	override async connectedCallback() {

     

       301
        
       		super.connectedCallback();

     

       302
        
       		this.extractClassId();

     

       303
       +
       		await this.checkAuth();

     

       304
        
       		await this.loadClass();

     

       305
        
       		this.connectToTranscriptionStreams();

     

       306
        
       

     
···

       326
        
       		const match = path.match(/^\/classes\/(.+)$/);

     

       327
        
       		if (match?.[1]) {

     

       328
        
       			this.classId = match[1];

     

       329
       +
       		}

     

       330
       +
       	}

     

       331
       +
       

     

       332
       +
       	private async checkAuth() {

     

       333
       +
       		try {

     

       334
       +
       			const response = await fetch("/api/auth/me");

     

       335
       +
       			if (response.ok) {

     

       336
       +
       				const data = await response.json();

     

       337
       +
       				this.hasSubscription = data.has_subscription || false;

     

       338
       +
       				this.isAdmin = data.role === "admin";

     

       339
       +
       			}

     

       340
       +
       		} catch (error) {

     

       341
       +
       			console.warn("Failed to check auth:", error);

     

       342
        
       		}

     

       343
        
       	}

     

       344
        
       

     
···

       508
        
             `;

     

       509
        
       		}

     

       510
        
       

     

       511
       +
       		const canAccessTranscriptions = this.hasSubscription || this.isAdmin;

     

       512
       +
       

     

       513
        
       		return html`

     

       514
        
             <div class="header">

     

       515
        
               <a href="/classes" class="back-link">← Back to all classes</a>

     
···

       538
        
       						: ""

     

       539
        
       				}

     

       540
        
       

     

       541
       +
               ${!canAccessTranscriptions ? html`

     

       542
       +
                 <div style="background: color-mix(in srgb, var(--accent) 10%, transparent); border: 1px solid var(--accent); border-radius: 8px; padding: 1.5rem; margin: 2rem 0; text-align: center;">

     

       543
       +
                   <h3 style="margin: 0 0 0.5rem 0; color: var(--text);">Subscribe to Access Recordings</h3>

     

       544
       +
                   <p style="margin: 0 0 1rem 0; color: var(--text); opacity: 0.8;">You need an active subscription to upload and view transcriptions.</p>

     

       545
       +
                   <a href="/settings?tab=billing" style="display: inline-block; padding: 0.75rem 1.5rem; background: var(--accent); color: white; text-decoration: none; border-radius: 8px; font-weight: 600; transition: opacity 0.2s;">Subscribe Now</a>

     

       546
       +
                 </div>

     

       547
       +
               ` : html`

     

       548
        
               <div class="search-upload">

     

       549
        
                 <input

     

       550
        
                   type="text"

     
···

       563
        
                   📤 Upload Recording

     

       564
        
                 </button>

     

       565
        
               </div>

     

       0
        
       
     

       566
        
       

     

       567
       +
               ${

     

       568
       +
       					this.filteredTranscriptions.length === 0

     

       569
       +
       						? html`

     

       570
        
               <div class="empty-state">

     

       571
        
                 <h2>${this.searchQuery ? "No matching recordings" : "No recordings yet"}</h2>

     

       572
        
                 <p>${this.searchQuery ? "Try a different search term" : "Upload a recording to get started!"}</p>

     
···

       574
        
             `

     

       575
        
       					: html`

     

       576
        
               ${this.filteredTranscriptions.map(

     

       577
       +
       						(t) => html`

     

       578
        
                 <div class="transcription-card">

     

       579
        
                   <div class="transcription-header">

     

       580
        
                     <div>

     
···

       617
        
                   ${t.error_message ? html`<div class="error">${t.error_message}</div>` : ""}

     

       618
        
                 </div>

     

       619
        
               `,

     

       620
       +
       					)}

     

       621
        
             `

     

       622
        
       			}

     

       623
       +
               `}

     

       624
       +
             </div>

     

       625
        
       

     

       626
        
             <upload-recording-modal

     

       627
        
               ?open=${this.uploadModalOpen}

+58 -15

src/components/transcription.ts

···

       81
        
       	@state() serviceAvailable = true;

     

       82
        
       	@state() existingClasses: string[] = [];

     

       83
        
       	@state() showNewClassInput = false;

     

       0
        
       
     

       0
        
       
     

       84
        
       	// Word streamers for each job

     

       85
        
       	private wordStreamers = new Map<string, WordStreamer>();

     

       86
        
       	// Displayed transcripts

     
···

       387
        
       

     

       388
        
       	override async connectedCallback() {

     

       389
        
       		super.connectedCallback();

     

       0
        
       
     

       390
        
       		await this.checkHealth();

     

       391
        
       		await this.loadJobs();

     

       392
        
       		await this.loadExistingClasses();

     
···

       547
        
       		this.eventSources.set(jobId, eventSource);

     

       548
        
       	}

     

       549
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       550
        
       	async checkHealth() {

     

       551
        
       		try {

     

       552
        
       			const response = await fetch("/api/transcriptions/health");

     
···

       583
        
       					}

     

       584
        
       				}

     

       585
        
       				// Don't override serviceAvailable - it's set by checkHealth()

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       586
        
       			} else if (response.status === 404) {

     

       587
        
       				// Transcription service not available - show empty state

     

       588
        
       				this.jobs = [];

     
···

       719
        
       

     

       720
        
       			if (!response.ok) {

     

       721
        
       				const data = await response.json();

     

       722
       -
       				alert(

     

       723
       -
       					data.error ||

     

       724
       -
       						"Upload failed - transcription service may be unavailable",

     

       725
       -
       				);

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       726
        
       			} else {

     

       727
        
       				await response.json();

     

       728
        
       				// Redirect to class page after successful upload

     
···

       761
        
       	}

     

       762
        
       

     

       763
        
       	override render() {

     

       0
        
       
     

       0
        
       
     

       764
        
       		return html`

     

       765
       -
             <div class="upload-area ${this.dragOver ? "drag-over" : ""} ${!this.serviceAvailable ? "disabled" : ""}"

     

       766
       -
                  @dragover=${this.serviceAvailable ? this.handleDragOver : null}

     

       767
       -
                  @dragleave=${this.serviceAvailable ? this.handleDragLeave : null}

     

       768
       -
                  @drop=${this.serviceAvailable ? this.handleDrop : null}

     

       769
       -
                  @click=${this.serviceAvailable ? () => (this.shadowRoot?.querySelector(".file-input") as HTMLInputElement)?.click() : null}>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       770
        
               <div class="upload-icon">🎵</div>

     

       771
        
               <div class="upload-text">

     

       772
        
                 ${

     

       773
        
       						!this.serviceAvailable

     

       774
        
       							? "Transcription service unavailable"

     

       775
       -
       							: this.isUploading

     

       776
       -
       								? "Uploading..."

     

       777
       -
       								: "Drop audio file here or click to browse"

     

       0
        
       
     

       0
        
       
     

       778
        
       					}

     

       779
        
               </div>

     

       780
        
               <div class="upload-hint">

     

       781
       -
                 ${this.serviceAvailable ? "Supports MP3, WAV, M4A, AAC, OGG, WebM, FLAC up to 100MB" : "Transcription is currently unavailable"}

     

       782
        
               </div>

     

       783
       -
               <input type="file" class="file-input" accept="audio/mpeg,audio/wav,audio/m4a,audio/mp4,audio/aac,audio/ogg,audio/webm,audio/flac,.m4a" @change=${this.handleFileSelect} ${!this.serviceAvailable ? "disabled" : ""} />

     

       784
        
             </div>

     

       785
        
       

     

       786
        
             ${

     

       787
       -
       				this.serviceAvailable

     

       788
        
       					? html`

     

       789
        
               <div class="upload-form">

     

       790
        
                 <select

···

       81
        
       	@state() serviceAvailable = true;

     

       82
        
       	@state() existingClasses: string[] = [];

     

       83
        
       	@state() showNewClassInput = false;

     

       84
       +
       	@state() hasSubscription = false;

     

       85
       +
       	@state() isAdmin = false;

     

       86
        
       	// Word streamers for each job

     

       87
        
       	private wordStreamers = new Map<string, WordStreamer>();

     

       88
        
       	// Displayed transcripts

     
···

       389
        
       

     

       390
        
       	override async connectedCallback() {

     

       391
        
       		super.connectedCallback();

     

       392
       +
       		await this.checkAuth();

     

       393
        
       		await this.checkHealth();

     

       394
        
       		await this.loadJobs();

     

       395
        
       		await this.loadExistingClasses();

     
···

       550
        
       		this.eventSources.set(jobId, eventSource);

     

       551
        
       	}

     

       552
        
       

     

       553
       +
       	async checkAuth() {

     

       554
       +
       		try {

     

       555
       +
       			const response = await fetch("/api/auth/me");

     

       556
       +
       			if (response.ok) {

     

       557
       +
       				const data = await response.json();

     

       558
       +
       				this.hasSubscription = data.has_subscription || false;

     

       559
       +
       				this.isAdmin = data.role === "admin";

     

       560
       +
       			}

     

       561
       +
       		} catch (error) {

     

       562
       +
       			console.warn("Failed to check auth:", error);

     

       563
       +
       		}

     

       564
       +
       	}

     

       565
       +
       

     

       566
        
       	async checkHealth() {

     

       567
        
       		try {

     

       568
        
       			const response = await fetch("/api/transcriptions/health");

     
···

       599
        
       					}

     

       600
        
       				}

     

       601
        
       				// Don't override serviceAvailable - it's set by checkHealth()

     

       602
       +
       			} else if (response.status === 403) {

     

       603
       +
       				// Subscription required - already handled by checkAuth

     

       604
       +
       				this.jobs = [];

     

       605
        
       			} else if (response.status === 404) {

     

       606
        
       				// Transcription service not available - show empty state

     

       607
        
       				this.jobs = [];

     
···

       738
        
       

     

       739
        
       			if (!response.ok) {

     

       740
        
       				const data = await response.json();

     

       741
       +
       				if (response.status === 403) {

     

       742
       +
       					// Subscription required

     

       743
       +
       					if (

     

       744
       +
       						confirm(

     

       745
       +
       							"Active subscription required to upload transcriptions. Would you like to subscribe now?",

     

       746
       +
       						)

     

       747
       +
       					) {

     

       748
       +
       						window.location.href = "/settings?tab=billing";

     

       749
       +
       						return;

     

       750
       +
       					}

     

       751
       +
       				} else {

     

       752
       +
       					alert(

     

       753
       +
       						data.error ||

     

       754
       +
       							"Upload failed - transcription service may be unavailable",

     

       755
       +
       					);

     

       756
       +
       				}

     

       757
        
       			} else {

     

       758
        
       				await response.json();

     

       759
        
       				// Redirect to class page after successful upload

     
···

       792
        
       	}

     

       793
        
       

     

       794
        
       	override render() {

     

       795
       +
       		const canUpload = this.serviceAvailable && (this.hasSubscription || this.isAdmin);

     

       796
       +
       

     

       797
        
       		return html`

     

       798
       +
             ${!this.hasSubscription && !this.isAdmin ? html`

     

       799
       +
               <div style="background: color-mix(in srgb, var(--accent) 10%, transparent); border: 1px solid var(--accent); border-radius: 8px; padding: 1.5rem; margin-bottom: 2rem; text-align: center;">

     

       800
       +
                 <h3 style="margin: 0 0 0.5rem 0; color: var(--text);">Subscribe to Upload Transcriptions</h3>

     

       801
       +
                 <p style="margin: 0 0 1rem 0; color: var(--text); opacity: 0.8;">You need an active subscription to upload and transcribe audio files.</p>

     

       802
       +
                 <a href="/settings?tab=billing" style="display: inline-block; padding: 0.75rem 1.5rem; background: var(--accent); color: white; text-decoration: none; border-radius: 8px; font-weight: 600; transition: opacity 0.2s;">Subscribe Now</a>

     

       803
       +
               </div>

     

       804
       +
             ` : ''}

     

       805
       +
       

     

       806
       +
             <div class="upload-area ${this.dragOver ? "drag-over" : ""} ${!canUpload ? "disabled" : ""}"

     

       807
       +
                  @dragover=${canUpload ? this.handleDragOver : null}

     

       808
       +
                  @dragleave=${canUpload ? this.handleDragLeave : null}

     

       809
       +
                  @drop=${canUpload ? this.handleDrop : null}

     

       810
       +
                  @click=${canUpload ? () => (this.shadowRoot?.querySelector(".file-input") as HTMLInputElement)?.click() : null}>

     

       811
        
               <div class="upload-icon">🎵</div>

     

       812
        
               <div class="upload-text">

     

       813
        
                 ${

     

       814
        
       						!this.serviceAvailable

     

       815
        
       							? "Transcription service unavailable"

     

       816
       +
       							: !this.hasSubscription && !this.isAdmin

     

       817
       +
       								? "Subscription required"

     

       818
       +
       								: this.isUploading

     

       819
       +
       									? "Uploading..."

     

       820
       +
       									: "Drop audio file here or click to browse"

     

       821
        
       					}

     

       822
        
               </div>

     

       823
        
               <div class="upload-hint">

     

       824
       +
                 ${canUpload ? "Supports MP3, WAV, M4A, AAC, OGG, WebM, FLAC up to 100MB" : "Transcription is currently unavailable"}

     

       825
        
               </div>

     

       826
       +
               <input type="file" class="file-input" accept="audio/mpeg,audio/wav,audio/m4a,audio/mp4,audio/aac,audio/ogg,audio/webm,audio/flac,.m4a" @change=${this.handleFileSelect} ${!canUpload ? "disabled" : ""} />

     

       827
        
             </div>

     

       828
        
       

     

       829
        
             ${

     

       830
       +
       				canUpload

     

       831
        
       					? html`

     

       832
        
               <div class="upload-form">

     

       833
        
                 <select

+24 -4

src/components/user-settings.ts

···

       446
        
       	override async connectedCallback() {

     

       447
        
       		super.connectedCallback();

     

       448
        
       		this.passkeySupported = isPasskeySupported();

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       449
        
       		await this.loadUser();

     

       450
        
       		await this.loadSessions();

     

       451
        
       		await this.loadSubscription();

     

       452
        
       		if (this.passkeySupported) {

     

       453
        
       			await this.loadPasskeys();

     

       454
        
       		}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       455
        
       	}

     

       456
        
       

     

       457
        
       	async loadUser() {

     
···

       1342
        
       					<button

     

       1343
        
       						class="tab ${this.currentPage === "account" ? "active" : ""}"

     

       1344
        
       						@click=${() => {

     

       1345
       -
       							this.currentPage = "account";

     

       1346
        
       						}}

     

       1347
        
       					>

     

       1348
        
       						Account

     
···

       1350
        
       					<button

     

       1351
        
       						class="tab ${this.currentPage === "sessions" ? "active" : ""}"

     

       1352
        
       						@click=${() => {

     

       1353
       -
       							this.currentPage = "sessions";

     

       1354
        
       						}}

     

       1355
        
       					>

     

       1356
        
       						Sessions

     
···

       1358
        
       					<button

     

       1359
        
       						class="tab ${this.currentPage === "billing" ? "active" : ""}"

     

       1360
        
       						@click=${() => {

     

       1361
       -
       							this.currentPage = "billing";

     

       1362
        
       						}}

     

       1363
        
       					>

     

       1364
        
       						Billing

     
···

       1366
        
       					<button

     

       1367
        
       						class="tab ${this.currentPage === "danger" ? "active" : ""}"

     

       1368
        
       						@click=${() => {

     

       1369
       -
       							this.currentPage = "danger";

     

       1370
        
       						}}

     

       1371
        
       					>

     

       1372
        
       						Danger Zone

···

       446
        
       	override async connectedCallback() {

     

       447
        
       		super.connectedCallback();

     

       448
        
       		this.passkeySupported = isPasskeySupported();

     

       449
       +
       		

     

       450
       +
       		// Check for tab query parameter

     

       451
       +
       		const params = new URLSearchParams(window.location.search);

     

       452
       +
       		const tab = params.get("tab");

     

       453
       +
       		if (tab && this.isValidTab(tab)) {

     

       454
       +
       			this.currentPage = tab as SettingsPage;

     

       455
       +
       		}

     

       456
       +
       		

     

       457
        
       		await this.loadUser();

     

       458
        
       		await this.loadSessions();

     

       459
        
       		await this.loadSubscription();

     

       460
        
       		if (this.passkeySupported) {

     

       461
        
       			await this.loadPasskeys();

     

       462
        
       		}

     

       463
       +
       	}

     

       464
       +
       

     

       465
       +
       	private isValidTab(tab: string): boolean {

     

       466
       +
       		return ["account", "sessions", "passkeys", "billing", "danger"].includes(tab);

     

       467
       +
       	}

     

       468
       +
       

     

       469
       +
       	private setTab(tab: SettingsPage) {

     

       470
       +
       		this.currentPage = tab;

     

       471
       +
       		// Update URL without reloading page

     

       472
       +
       		const url = new URL(window.location.href);

     

       473
       +
       		url.searchParams.set("tab", tab);

     

       474
       +
       		window.history.pushState({}, "", url);

     

       475
        
       	}

     

       476
        
       

     

       477
        
       	async loadUser() {

     
···

       1362
        
       					<button

     

       1363
        
       						class="tab ${this.currentPage === "account" ? "active" : ""}"

     

       1364
        
       						@click=${() => {

     

       1365
       +
       							this.setTab("account");

     

       1366
        
       						}}

     

       1367
        
       					>

     

       1368
        
       						Account

     
···

       1370
        
       					<button

     

       1371
        
       						class="tab ${this.currentPage === "sessions" ? "active" : ""}"

     

       1372
        
       						@click=${() => {

     

       1373
       +
       							this.setTab("sessions");

     

       1374
        
       						}}

     

       1375
        
       					>

     

       1376
        
       						Sessions

     
···

       1378
        
       					<button

     

       1379
        
       						class="tab ${this.currentPage === "billing" ? "active" : ""}"

     

       1380
        
       						@click=${() => {

     

       1381
       +
       							this.setTab("billing");

     

       1382
        
       						}}

     

       1383
        
       					>

     

       1384
        
       						Billing

     
···

       1386
        
       					<button

     

       1387
        
       						class="tab ${this.currentPage === "danger" ? "active" : ""}"

     

       1388
        
       						@click=${() => {

     

       1389
       +
       							this.setTab("danger");

     

       1390
        
       						}}

     

       1391
        
       					>

     

       1392
        
       						Danger Zone

+62 -46

src/index.ts

···

       47
        
       	updateMeetingTime,

     

       48
        
       } from "./lib/classes";

     

       49
        
       import { handleError, ValidationErrors } from "./lib/errors";

     

       50
       -
       import { requireAdmin, requireAuth } from "./lib/middleware";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       51
        
       import {

     

       52
        
       	createAuthenticationOptions,

     

       53
        
       	createRegistrationOptions,

     
···

       273
        
       				if (!user) {

     

       274
        
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       275
        
       				}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       276
        
       				return Response.json({

     

       277
        
       					email: user.email,

     

       278
        
       					name: user.name,

     

       279
        
       					avatar: user.avatar,

     

       280
        
       					created_at: user.created_at,

     

       281
        
       					role: user.role,

     

       0
        
       
     

       282
        
       				});

     

       283
        
       			},

     

       284
        
       		},

     
···

       696
        
       

     

       697
        
       				try {

     

       698
        
       					// Get subscription from database

     

       699
       -
       					const subscription = db.query<{

     

       700
       -
       						id: string;

     

       701
       -
       						status: string;

     

       702
       -
       						current_period_start: number | null;

     

       703
       -
       						current_period_end: number | null;

     

       704
       -
       						cancel_at_period_end: number;

     

       705
       -
       						canceled_at: number | null;

     

       706
       -
       					}>(

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       707
        
       						"SELECT id, status, current_period_start, current_period_end, cancel_at_period_end, canceled_at FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1",

     

       708
        
       					).get(user.id);

     

       709
        
       

     
···

       736
        
       					const { polar } = await import("./lib/polar");

     

       737
        
       

     

       738
        
       					// Get subscription to find customer ID

     

       739
       -
       					const subscription = db.query<{

     

       740
       -
       						customer_id: string;

     

       741
       -
       					}>(

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       742
        
       						"SELECT customer_id FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1",

     

       743
        
       					).get(user.id);

     

       744
        
       

     
···

       846
        
       		},

     

       847
        
       		"/api/transcriptions/:id/stream": {

     

       848
        
       			GET: async (req) => {

     

       849
       -
       				const sessionId = getSessionFromRequest(req);

     

       850
       -
       				if (!sessionId) {

     

       851
       -
       					return Response.json({ error: "Not authenticated" }, { status: 401 });

     

       852
       -
       				}

     

       853
       -
       				const user = getUserBySession(sessionId);

     

       854
       -
       				if (!user) {

     

       855
       -
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       856
       -
       				}

     

       857
       -
       				const transcriptionId = req.params.id;

     

       858
       -
       				// Verify ownership

     

       859
       -
       				const transcription = db

     

       860
       -
       					.query<{ id: string; user_id: number; status: string }, [string]>(

     

       861
       -
       						"SELECT id, user_id, status FROM transcriptions WHERE id = ?",

     

       862
       -
       					)

     

       863
       -
       					.get(transcriptionId);

     

       864
       -
       				if (!transcription || transcription.user_id !== user.id) {

     

       865
       -
       					return Response.json(

     

       866
       -
       						{ error: "Transcription not found" },

     

       867
       -
       						{ status: 404 },

     

       868
       -
       					);

     

       869
       -
       				}

     

       870
       -
       				// Event-driven SSE stream with reconnection support

     

       871
       -
       				const stream = new ReadableStream({

     

       872
       -
       					async start(controller) {

     

       873
        
       						const encoder = new TextEncoder();

     

       874
        
       						let isClosed = false;

     

       875
        
       						let lastEventId = Math.floor(Date.now() / 1000);

     
···

       963
        
       					},

     

       964
        
       				});

     

       965
        
       				return new Response(stream, {

     

       966
       -
       					headers: {

     

       967
       -
       						"Content-Type": "text/event-stream",

     

       968
       -
       						"Cache-Control": "no-cache",

     

       969
       -
       						Connection: "keep-alive",

     

       970
       -
       					},

     

       971
       -
       				});

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       972
        
       			},

     

       973
        
       		},

     

       974
        
       		"/api/transcriptions/health": {

     
···

       980
        
       		"/api/transcriptions/:id": {

     

       981
        
       			GET: async (req) => {

     

       982
        
       				try {

     

       983
       -
       					const user = requireAuth(req);

     

       984
        
       					const transcriptionId = req.params.id;

     

       985
        
       

     

       986
        
       					// Verify ownership or admin

     
···

       1067
        
       		"/api/transcriptions/:id/audio": {

     

       1068
        
       			GET: async (req) => {

     

       1069
        
       				try {

     

       1070
       -
       					const user = requireAuth(req);

     

       1071
        
       					const transcriptionId = req.params.id;

     

       1072
        
       

     

       1073
        
       					// Verify ownership or admin

     
···

       1162
        
       		"/api/transcriptions": {

     

       1163
        
       			GET: async (req) => {

     

       1164
        
       				try {

     

       1165
       -
       					const user = requireAuth(req);

     

       1166
        
       

     

       1167
        
       					const transcriptions = db

     

       1168
        
       						.query<

     
···

       1202
        
       			},

     

       1203
        
       			POST: async (req) => {

     

       1204
        
       				try {

     

       1205
       -
       					const user = requireAuth(req);

     

       1206
        
       

     

       1207
        
       					const formData = await req.formData();

     

       1208
        
       					const file = formData.get("audio") as File;

···

       47
        
       	updateMeetingTime,

     

       48
        
       } from "./lib/classes";

     

       49
        
       import { handleError, ValidationErrors } from "./lib/errors";

     

       50
       +
       import {

     

       51
       +
       	requireAdmin,

     

       52
       +
       	requireAuth,

     

       53
       +
       	requireSubscription,

     

       54
       +
       } from "./lib/middleware";

     

       55
        
       import {

     

       56
        
       	createAuthenticationOptions,

     

       57
        
       	createRegistrationOptions,

     
···

       277
        
       				if (!user) {

     

       278
        
       					return Response.json({ error: "Invalid session" }, { status: 401 });

     

       279
        
       				}

     

       280
       +
       

     

       281
       +
       				// Check subscription status

     

       282
       +
       				const subscription = db

     

       283
       +
       					.query<{ status: string }, [number]>(

     

       284
       +
       						"SELECT status FROM subscriptions WHERE user_id = ? AND status IN ('active', 'trialing', 'past_due') ORDER BY created_at DESC LIMIT 1",

     

       285
       +
       					)

     

       286
       +
       					.get(user.id);

     

       287
       +
       

     

       288
        
       				return Response.json({

     

       289
        
       					email: user.email,

     

       290
        
       					name: user.name,

     

       291
        
       					avatar: user.avatar,

     

       292
        
       					created_at: user.created_at,

     

       293
        
       					role: user.role,

     

       294
       +
       					has_subscription: !!subscription,

     

       295
        
       				});

     

       296
        
       			},

     

       297
        
       		},

     
···

       709
        
       

     

       710
        
       				try {

     

       711
        
       					// Get subscription from database

     

       712
       +
       					const subscription = db.query<

     

       713
       +
       						{

     

       714
       +
       							id: string;

     

       715
       +
       							status: string;

     

       716
       +
       							current_period_start: number | null;

     

       717
       +
       							current_period_end: number | null;

     

       718
       +
       							cancel_at_period_end: number;

     

       719
       +
       							canceled_at: number | null;

     

       720
       +
       						},

     

       721
       +
       						[number]

     

       722
       +
       					>(

     

       723
        
       						"SELECT id, status, current_period_start, current_period_end, cancel_at_period_end, canceled_at FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1",

     

       724
        
       					).get(user.id);

     

       725
        
       

     
···

       752
        
       					const { polar } = await import("./lib/polar");

     

       753
        
       

     

       754
        
       					// Get subscription to find customer ID

     

       755
       +
       					const subscription = db.query<

     

       756
       +
       						{

     

       757
       +
       							customer_id: string;

     

       758
       +
       						},

     

       759
       +
       						[number]

     

       760
       +
       					>(

     

       761
        
       						"SELECT customer_id FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1",

     

       762
        
       					).get(user.id);

     

       763
        
       

     
···

       865
        
       		},

     

       866
        
       		"/api/transcriptions/:id/stream": {

     

       867
        
       			GET: async (req) => {

     

       868
       +
       				try {

     

       869
       +
       					const user = requireSubscription(req);

     

       870
       +
       					const transcriptionId = req.params.id;

     

       871
       +
       					// Verify ownership

     

       872
       +
       					const transcription = db

     

       873
       +
       						.query<{ id: string; user_id: number; status: string }, [string]>(

     

       874
       +
       							"SELECT id, user_id, status FROM transcriptions WHERE id = ?",

     

       875
       +
       						)

     

       876
       +
       						.get(transcriptionId);

     

       877
       +
       					if (!transcription || transcription.user_id !== user.id) {

     

       878
       +
       						return Response.json(

     

       879
       +
       							{ error: "Transcription not found" },

     

       880
       +
       							{ status: 404 },

     

       881
       +
       						);

     

       882
       +
       					}

     

       883
       +
       					// Event-driven SSE stream with reconnection support

     

       884
       +
       					const stream = new ReadableStream({

     

       885
       +
       						async start(controller) {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       886
        
       						const encoder = new TextEncoder();

     

       887
        
       						let isClosed = false;

     

       888
        
       						let lastEventId = Math.floor(Date.now() / 1000);

     
···

       976
        
       					},

     

       977
        
       				});

     

       978
        
       				return new Response(stream, {

     

       979
       +
       						headers: {

     

       980
       +
       							"Content-Type": "text/event-stream",

     

       981
       +
       							"Cache-Control": "no-cache",

     

       982
       +
       							Connection: "keep-alive",

     

       983
       +
       						},

     

       984
       +
       					});

     

       985
       +
       				} catch (error) {

     

       986
       +
       					return handleError(error);

     

       987
       +
       				}

     

       988
        
       			},

     

       989
        
       		},

     

       990
        
       		"/api/transcriptions/health": {

     
···

       996
        
       		"/api/transcriptions/:id": {

     

       997
        
       			GET: async (req) => {

     

       998
        
       				try {

     

       999
       +
       					const user = requireSubscription(req);

     

       1000
        
       					const transcriptionId = req.params.id;

     

       1001
        
       

     

       1002
        
       					// Verify ownership or admin

     
···

       1083
        
       		"/api/transcriptions/:id/audio": {

     

       1084
        
       			GET: async (req) => {

     

       1085
        
       				try {

     

       1086
       +
       					const user = requireSubscription(req);

     

       1087
        
       					const transcriptionId = req.params.id;

     

       1088
        
       

     

       1089
        
       					// Verify ownership or admin

     
···

       1178
        
       		"/api/transcriptions": {

     

       1179
        
       			GET: async (req) => {

     

       1180
        
       				try {

     

       1181
       +
       					const user = requireSubscription(req);

     

       1182
        
       

     

       1183
        
       					const transcriptions = db

     

       1184
        
       						.query<

     
···

       1218
        
       			},

     

       1219
        
       			POST: async (req) => {

     

       1220
        
       				try {

     

       1221
       +
       					const user = requireSubscription(req);

     

       1222
        
       

     

       1223
        
       					const formData = await req.formData();

     

       1224
        
       					const file = formData.get("audio") as File;

src/lib/errors.ts

···

       6
        
       	INVALID_SESSION = "INVALID_SESSION",

     

       7
        
       	INVALID_CREDENTIALS = "INVALID_CREDENTIALS",

     

       8
        
       	EMAIL_ALREADY_EXISTS = "EMAIL_ALREADY_EXISTS",

     

       0
        
       
     

       9
        
       

     

       10
        
       	// Validation errors

     

       11
        
       	VALIDATION_FAILED = "VALIDATION_FAILED",

     
···

       87
        
       		),

     

       88
        
       	adminRequired: () =>

     

       89
        
       		new AppError(ErrorCode.AUTH_REQUIRED, "Admin access required", 403),

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       90
        
       };

     

       91
        
       

     

       92
        
       export const ValidationErrors = {

···

       6
        
       	INVALID_SESSION = "INVALID_SESSION",

     

       7
        
       	INVALID_CREDENTIALS = "INVALID_CREDENTIALS",

     

       8
        
       	EMAIL_ALREADY_EXISTS = "EMAIL_ALREADY_EXISTS",

     

       9
       +
       	SUBSCRIPTION_REQUIRED = "SUBSCRIPTION_REQUIRED",

     

       10
        
       

     

       11
        
       	// Validation errors

     

       12
        
       	VALIDATION_FAILED = "VALIDATION_FAILED",

     
···

       88
        
       		),

     

       89
        
       	adminRequired: () =>

     

       90
        
       		new AppError(ErrorCode.AUTH_REQUIRED, "Admin access required", 403),

     

       91
       +
       	subscriptionRequired: () =>

     

       92
       +
       		new AppError(

     

       93
       +
       			ErrorCode.SUBSCRIPTION_REQUIRED,

     

       94
       +
       			"Active subscription required",

     

       95
       +
       			403,

     

       96
       +
       		),

     

       97
        
       };

     

       98
        
       

     

       99
        
       export const ValidationErrors = {

+112

src/lib/middleware.test.ts

···

       1
       +
       import { afterEach, beforeEach, describe, expect, test } from "bun:test";

     

       2
       +
       import db from "../db/schema";

     

       3
       +
       import { createSession, createUser } from "./auth";

     

       4
       +
       import { AppError } from "./errors";

     

       5
       +
       import { hasActiveSubscription, requireSubscription } from "./middleware";

     

       6
       +
       

     

       7
       +
       describe("middleware", () => {

     

       8
       +
       	let testUserId: number;

     

       9
       +
       	let sessionId: string;

     

       10
       +
       

     

       11
       +
       	beforeEach(async () => {

     

       12
       +
       		// Create test user

     

       13
       +
       		const user = await createUser(

     

       14
       +
       			`test-${Date.now()}@example.com`,

     

       15
       +
       			"0".repeat(64),

     

       16
       +
       			"Test User",

     

       17
       +
       		);

     

       18
       +
       		testUserId = user.id;

     

       19
       +
       		sessionId = createSession(testUserId, "127.0.0.1", "test");

     

       20
       +
       	});

     

       21
       +
       

     

       22
       +
       	afterEach(() => {

     

       23
       +
       		// Cleanup

     

       24
       +
       		db.run("DELETE FROM users WHERE id = ?", [testUserId]);

     

       25
       +
       		db.run("DELETE FROM subscriptions WHERE user_id = ?", [testUserId]);

     

       26
       +
       	});

     

       27
       +
       

     

       28
       +
       	describe("hasActiveSubscription", () => {

     

       29
       +
       		test("returns false when user has no subscription", () => {

     

       30
       +
       			expect(hasActiveSubscription(testUserId)).toBe(false);

     

       31
       +
       		});

     

       32
       +
       

     

       33
       +
       		test("returns true when user has active subscription", () => {

     

       34
       +
       			db.run(

     

       35
       +
       				"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       36
       +
       				["test-sub-1", testUserId, "test-customer", "active"],

     

       37
       +
       			);

     

       38
       +
       

     

       39
       +
       			expect(hasActiveSubscription(testUserId)).toBe(true);

     

       40
       +
       		});

     

       41
       +
       

     

       42
       +
       		test("returns true when user has trialing subscription", () => {

     

       43
       +
       			db.run(

     

       44
       +
       				"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       45
       +
       				["test-sub-2", testUserId, "test-customer", "trialing"],

     

       46
       +
       			);

     

       47
       +
       

     

       48
       +
       			expect(hasActiveSubscription(testUserId)).toBe(true);

     

       49
       +
       		});

     

       50
       +
       

     

       51
       +
       		test("returns false when user has canceled subscription", () => {

     

       52
       +
       			db.run(

     

       53
       +
       				"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       54
       +
       				["test-sub-3", testUserId, "test-customer", "canceled"],

     

       55
       +
       			);

     

       56
       +
       

     

       57
       +
       			expect(hasActiveSubscription(testUserId)).toBe(false);

     

       58
       +
       		});

     

       59
       +
       	});

     

       60
       +
       

     

       61
       +
       	describe("requireSubscription", () => {

     

       62
       +
       		test("throws AppError when user has no subscription", () => {

     

       63
       +
       			const req = new Request("http://localhost/api/test", {

     

       64
       +
       				headers: {

     

       65
       +
       					Cookie: `session=${sessionId}`,

     

       66
       +
       				},

     

       67
       +
       			});

     

       68
       +
       

     

       69
       +
       			try {

     

       70
       +
       				requireSubscription(req);

     

       71
       +
       				expect(true).toBe(false); // Should not reach here

     

       72
       +
       			} catch (error) {

     

       73
       +
       				expect(error instanceof AppError).toBe(true);

     

       74
       +
       				if (error instanceof AppError) {

     

       75
       +
       					expect(error.statusCode).toBe(403);

     

       76
       +
       					expect(error.message).toContain("subscription");

     

       77
       +
       				}

     

       78
       +
       			}

     

       79
       +
       		});

     

       80
       +
       

     

       81
       +
       		test("succeeds when user has active subscription", () => {

     

       82
       +
       			db.run(

     

       83
       +
       				"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       84
       +
       				["test-sub-4", testUserId, "test-customer", "active"],

     

       85
       +
       			);

     

       86
       +
       

     

       87
       +
       			const req = new Request("http://localhost/api/test", {

     

       88
       +
       				headers: {

     

       89
       +
       					Cookie: `session=${sessionId}`,

     

       90
       +
       				},

     

       91
       +
       			});

     

       92
       +
       

     

       93
       +
       			const user = requireSubscription(req);

     

       94
       +
       			expect(user.id).toBe(testUserId);

     

       95
       +
       		});

     

       96
       +
       

     

       97
       +
       		test("succeeds when user is admin without subscription", () => {

     

       98
       +
       			// Make user admin

     

       99
       +
       			db.run("UPDATE users SET role = ? WHERE id = ?", ["admin", testUserId]);

     

       100
       +
       

     

       101
       +
       			const req = new Request("http://localhost/api/test", {

     

       102
       +
       				headers: {

     

       103
       +
       					Cookie: `session=${sessionId}`,

     

       104
       +
       				},

     

       105
       +
       			});

     

       106
       +
       

     

       107
       +
       			const user = requireSubscription(req);

     

       108
       +
       			expect(user.id).toBe(testUserId);

     

       109
       +
       			expect(user.role).toBe("admin");

     

       110
       +
       		});

     

       111
       +
       	});

     

       112
       +
       });

+26

src/lib/middleware.ts

···

       1
        
       // Helper functions for route authentication and error handling

     

       2
        
       

     

       0
        
       
     

       3
        
       import type { User } from "./auth";

     

       4
        
       import { getSessionFromRequest, getUserBySession } from "./auth";

     

       5
        
       import { AuthErrors } from "./errors";

     
···

       31
        
       

     

       32
        
       	return user;

     

       33
        
       }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
        
       // Helper functions for route authentication and error handling

     

       2
        
       

     

       3
       +
       import db from "../db/schema";

     

       4
        
       import type { User } from "./auth";

     

       5
        
       import { getSessionFromRequest, getUserBySession } from "./auth";

     

       6
        
       import { AuthErrors } from "./errors";

     
···

       32
        
       

     

       33
        
       	return user;

     

       34
        
       }

     

       35
       +
       

     

       36
       +
       export function hasActiveSubscription(userId: number): boolean {

     

       37
       +
       	const subscription = db

     

       38
       +
       		.query<{ status: string }, [number]>(

     

       39
       +
       			"SELECT status FROM subscriptions WHERE user_id = ? AND status IN ('active', 'trialing', 'past_due') ORDER BY created_at DESC LIMIT 1",

     

       40
       +
       		)

     

       41
       +
       		.get(userId);

     

       42
       +
       

     

       43
       +
       	return !!subscription;

     

       44
       +
       }

     

       45
       +
       

     

       46
       +
       export function requireSubscription(req: Request): User {

     

       47
       +
       	const user = requireAuth(req);

     

       48
       +
       

     

       49
       +
       	// Admins bypass subscription requirement

     

       50
       +
       	if (user.role === "admin") {

     

       51
       +
       		return user;

     

       52
       +
       	}

     

       53
       +
       

     

       54
       +
       	if (!hasActiveSubscription(user.id)) {

     

       55
       +
       		throw AuthErrors.subscriptionRequired();

     

       56
       +
       	}

     

       57
       +
       

     

       58
       +
       	return user;

     

       59
       +
       }

+105

src/lib/subscription-routes.test.ts

···

       1
       +
       import { afterEach, beforeEach, describe, expect, test } from "bun:test";

     

       2
       +
       import db from "../db/schema";

     

       3
       +
       import { createSession, createUser } from "./auth";

     

       4
       +
       

     

       5
       +
       describe("subscription-protected routes", () => {

     

       6
       +
       	let testUserId: number;

     

       7
       +
       	let sessionCookie: string;

     

       8
       +
       

     

       9
       +
       	beforeEach(async () => {

     

       10
       +
       		// Create test user

     

       11
       +
       		const user = await createUser(

     

       12
       +
       			`test-${Date.now()}@example.com`,

     

       13
       +
       			"0".repeat(64),

     

       14
       +
       			"Test User",

     

       15
       +
       		);

     

       16
       +
       		testUserId = user.id;

     

       17
       +
       		const sessionId = createSession(testUserId, "127.0.0.1", "test");

     

       18
       +
       		sessionCookie = `session=${sessionId}`;

     

       19
       +
       	});

     

       20
       +
       

     

       21
       +
       	afterEach(() => {

     

       22
       +
       		// Cleanup

     

       23
       +
       		db.run("DELETE FROM users WHERE id = ?", [testUserId]);

     

       24
       +
       		db.run("DELETE FROM subscriptions WHERE user_id = ?", [testUserId]);

     

       25
       +
       	});

     

       26
       +
       

     

       27
       +
       	test("GET /api/transcriptions requires subscription", async () => {

     

       28
       +
       		const response = await fetch("http://localhost:3000/api/transcriptions", {

     

       29
       +
       			headers: { Cookie: sessionCookie },

     

       30
       +
       		});

     

       31
       +
       

     

       32
       +
       		expect(response.status).toBe(500);

     

       33
       +
       		const data = await response.json();

     

       34
       +
       		expect(data.error).toContain("subscription");

     

       35
       +
       	});

     

       36
       +
       

     

       37
       +
       	test("GET /api/transcriptions succeeds with active subscription", async () => {

     

       38
       +
       		// Add subscription

     

       39
       +
       		db.run(

     

       40
       +
       			"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       41
       +
       			["test-sub", testUserId, "test-customer", "active"],

     

       42
       +
       		);

     

       43
       +
       

     

       44
       +
       		const response = await fetch("http://localhost:3000/api/transcriptions", {

     

       45
       +
       			headers: { Cookie: sessionCookie },

     

       46
       +
       		});

     

       47
       +
       

     

       48
       +
       		expect(response.status).toBe(200);

     

       49
       +
       		const data = await response.json();

     

       50
       +
       		expect(data.jobs).toBeDefined();

     

       51
       +
       	});

     

       52
       +
       

     

       53
       +
       	test("GET /api/transcriptions succeeds for admin without subscription", async () => {

     

       54
       +
       		// Make user admin

     

       55
       +
       		db.run("UPDATE users SET role = ? WHERE id = ?", ["admin", testUserId]);

     

       56
       +
       

     

       57
       +
       		const response = await fetch("http://localhost:3000/api/transcriptions", {

     

       58
       +
       			headers: { Cookie: sessionCookie },

     

       59
       +
       		});

     

       60
       +
       

     

       61
       +
       		expect(response.status).toBe(200);

     

       62
       +
       		const data = await response.json();

     

       63
       +
       		expect(data.jobs).toBeDefined();

     

       64
       +
       	});

     

       65
       +
       

     

       66
       +
       	test("POST /api/transcriptions requires subscription", async () => {

     

       67
       +
       		const formData = new FormData();

     

       68
       +
       		const file = new File(["test"], "test.mp3", { type: "audio/mpeg" });

     

       69
       +
       		formData.append("audio", file);

     

       70
       +
       

     

       71
       +
       		const response = await fetch("http://localhost:3000/api/transcriptions", {

     

       72
       +
       			method: "POST",

     

       73
       +
       			headers: { Cookie: sessionCookie },

     

       74
       +
       			body: formData,

     

       75
       +
       		});

     

       76
       +
       

     

       77
       +
       		expect(response.status).toBe(500);

     

       78
       +
       		const data = await response.json();

     

       79
       +
       		expect(data.error).toContain("subscription");

     

       80
       +
       	});

     

       81
       +
       

     

       82
       +
       	test("/api/auth/me includes subscription status", async () => {

     

       83
       +
       		const response = await fetch("http://localhost:3000/api/auth/me", {

     

       84
       +
       			headers: { Cookie: sessionCookie },

     

       85
       +
       		});

     

       86
       +
       

     

       87
       +
       		expect(response.status).toBe(200);

     

       88
       +
       		const data = await response.json();

     

       89
       +
       		expect(data.has_subscription).toBe(false);

     

       90
       +
       

     

       91
       +
       		// Add subscription

     

       92
       +
       		db.run(

     

       93
       +
       			"INSERT INTO subscriptions (id, user_id, customer_id, status) VALUES (?, ?, ?, ?)",

     

       94
       +
       			["test-sub", testUserId, "test-customer", "active"],

     

       95
       +
       		);

     

       96
       +
       

     

       97
       +
       		const response2 = await fetch("http://localhost:3000/api/auth/me", {

     

       98
       +
       			headers: { Cookie: sessionCookie },

     

       99
       +
       		});

     

       100
       +
       

     

       101
       +
       		expect(response2.status).toBe(200);

     

       102
       +
       		const data2 = await response2.json();

     

       103
       +
       		expect(data2.has_subscription).toBe(true);

     

       104
       +
       	});

     

       105
       +
       });