Enhance payment system #3112

phatgg221 · 2025-06-18T10:33:18Z

Summary by CodeRabbit

New Features
- Introduced a billing history table to display recent workspace subscription activity.
- Added support for subscription products, including product details and recurring intervals.
- Enabled dynamic fetching and display of billing history and products in the billing dashboard.
Bug Fixes
- Improved authorization and error handling during checkout and payment processes.
Style
- Updated icon imports throughout the app for improved consistency and maintainability.
- Refined layout and styling of billing and feature sections.
Chores
- Enhanced logging and cleaned up comments in webhook and API handlers.
- Updated environment example file formatting.

… workspace

coderabbitai · 2025-06-18T10:33:24Z

Walkthrough

This update introduces a new billing product model, including a workspace_subscription_products table, and extends the billing UI to support dynamic billing history and product selection. Numerous icon imports across the codebase are consolidated to a single internal UI library. Database policies and Supabase types are updated to reflect the new subscription structure and authorization logic.

Changes

File(s) / Group	Change Summary
apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql	Adds/replaces `check_ws_creator` function and updates RLS policies on `workspace_subscription` for insert, select, and delete, enforcing creator and membership checks.
apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql	Adds `workspace_subscription_products` table, links it to `workspace_subscription` via `product_id`, enables RLS, and creates a permissive select policy for authenticated users.
packages/types/src/supabase.ts	Adds `workspace_subscription_products` table/types, extends `workspace_subscription` with `product_id`, updates foreign key, and reorders/extends multiple function argument and return types for consistency.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx	Updates props to include `product_id` and optional `activeSubscriptionId`, removes payment method UI, adds (commented) cancel subscription logic, refactors layout, and adds message display area.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx	Adds new `BillingHistory` component to display dynamic subscription history, with color-coded status, receipt download, and empty state handling.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx	Simplifies checkout URL construction by removing test email and query params; uses static API path for payment.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx	Adds `fetchWorkspaceSubscriptions` to retrieve billing history, replaces static payment table with dynamic `BillingHistory`, and passes new props to `BillingClient`.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/success/page.tsx	Changes icon imports from `lucide-react` to `@tuturuuu/ui/icons`.
apps/web/src/app/[locale]/(dashboard)/[wsId]/nav-link.tsx	Changes icon import source to `@tuturuuu/ui/icons`.
apps/web/src/app/[locale]/(dashboard)/settings/account/sessions/sessions-card.tsx	Reorders and consolidates icon, `Progress`, and `Separator` imports to `@tuturuuu/ui/*`.
apps/web/src/app/[locale]/(dashboard)/settings/account/settings-nav.tsx	Reorders imports and changes icon source to `@tuturuuu/ui/icons`.
apps/web/src/components/command/add-task-form.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/components/command/board-navigation.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/components/command/coming-soon.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/components/command/command-header.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/components/command/empty-state.tsx	Changes icon import to `@tuturuuu/ui/icons`.
apps/web/src/components/command/quick-actions.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/components/command/quick-time-tracker.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/web/src/app/api/[wsId]/[productId]/cancel/route.ts	Adds new (commented) POST API route for subscription cancellation, including authentication and (commented) external API logic.
apps/web/src/app/api/[wsId]/[productId]/payment/route.ts	Adds Supabase auth checks, user display name retrieval, and workspace creator validation before creating checkout session; adjusts redirect URL with user info.
apps/web/src/app/api/webhooks/route.ts	Improves logging and removes comments in webhook handlers; no logic changes.
apps/web/.env.example	Adds newline at end of file.
apps/calendar/src/app/[locale]/(root)/scheduler/components/AlgorithmInsights.tsx	Changes icon and UI component imports to `@tuturuuu/ui/*` and reorders imports.
apps/calendar/src/app/[locale]/(root)/scheduler/components/ScheduleDisplay.tsx	Changes icon imports to `@tuturuuu/ui/icons` and reorders imports.
apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskList.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskModal.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/calendar/src/app/[locale]/(root)/scheduler/components/TemplateScenarios.tsx	Changes icon imports to `@tuturuuu/ui/icons`.
apps/calendar/src/app/[locale]/(root)/scheduler/page.tsx	Changes icon imports to `@tuturuuu/ui/icons` and reorders imports.
apps/upskii/src/components/request-education-banner.tsx	Changes icon imports to `@tuturuuu/ui/icons`.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant WebApp
    participant Supabase
    participant DB
    participant PolarAPI

    User->>WebApp: Clicks "Upgrade Plan"
    WebApp->>Supabase: Auth check, get user info
    Supabase->>DB: Call check_ws_creator(ws_id)
    DB-->>Supabase: Returns authorization result
    Supabase-->>WebApp: User info, authorization
    alt Authorized
        WebApp->>PolarAPI: Create checkout session (with user, wsId, productId)
        PolarAPI-->>WebApp: Checkout URL
        WebApp-->>User: Redirect to checkout
    else Unauthorized
        WebApp-->>User: Show error message
    end

sequenceDiagram
    participant User
    participant WebApp
    participant Supabase
    participant DB

    User->>WebApp: Views Billing Page
    WebApp->>Supabase: Fetch workspace subscriptions (limit 5, with product info)
    Supabase->>DB: Query workspace_subscription, join workspace_subscription_products
    DB-->>Supabase: Returns billing history
    Supabase-->>WebApp: Billing history data
    WebApp-->>User: Renders BillingHistory table with dynamic data

Poem

In the land of carrots, billing grows anew,
With products, plans, and histories in view.
Icons now hop from one home to another,
While policies guard, and new tables gather.
Rabbits rejoice—subscriptions made bright,
Dynamic and tidy, all working just right!
🥕💳✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/types/src/supabase.ts

Oops! Something went wrong! :(

ESLint: 9.29.0

Error [ERR_MODULE_NOT_FOUND]: Cannot find package '@typescript-eslint/parser' imported from /eslint.config.mjs
at Object.getPackageJSONURL (node:internal/modules/package_json_reader:255:9)
at packageResolve (node:internal/modules/esm/resolve:767:81)
at moduleResolve (node:internal/modules/esm/resolve:853:18)
at defaultResolve (node:internal/modules/esm/resolve:983:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:801:12)
at #cachedDefaultResolve (node:internal/modules/esm/loader:725:25)
at ModuleLoader.resolve (node:internal/modules/esm/loader:708:38)
at ModuleLoader.getModuleJobForImport (node:internal/modules/esm/loader:309:38)
at #link (node:internal/modules/esm/module_job:201:49)

✨ Finishing Touches

📝 Generate Docstrings

🧪 Generate Unit Tests

Create PR with Unit Tests
Post Copyable Unit Tests in Comment
Commit Unit Tests in branch feat/payment-completion

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai auto-generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

graphite-app · 2025-06-18T10:33:28Z

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

merge-queue - adds this PR to the back of the merge queue
hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

_{An organization admin has enabled the Graphite Merge Queue in this repository.} _{Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.}

codecov · 2025-06-18T10:33:39Z

Codecov Report

Attention: Patch coverage is 0% with 433 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@aa2cfc3). Learn more about missing BASE report.
Report is 20 commits behind head on main.

Files with missing lines	Patch %	Lines
[...le]/(dashboard)/[wsId]/billing/billing-history.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3112?src=pr&el=tree&filepath=apps%2Fweb%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28dashboard%29%2F%5BwsId%5D%2Fbilling%2Fbilling-history.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy93ZWIvc3JjL2FwcC9bbG9jYWxlXS8oZGFzaGJvYXJkKS9bd3NJZF0vYmlsbGluZy9iaWxsaW5nLWhpc3RvcnkudHN4)	0.00%	146 Missing and 1 partial ⚠️
[...ale]/(dashboard)/[wsId]/billing/billing-client.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3112?src=pr&el=tree&filepath=apps%2Fweb%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28dashboard%29%2F%5BwsId%5D%2Fbilling%2Fbilling-client.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy93ZWIvc3JjL2FwcC9bbG9jYWxlXS8oZGFzaGJvYXJkKS9bd3NJZF0vYmlsbGluZy9iaWxsaW5nLWNsaWVudC50c3g=)	0.00%	68 Missing ⚠️
...c/app/[locale]/(dashboard)/[wsId]/billing/page.tsx	0.00%	68 Missing ⚠️
...web/src/app/api/[wsId]/[productId]/cancel/route.ts	0.00%	52 Missing and 1 partial ⚠️
...eb/src/app/api/[wsId]/[productId]/payment/route.ts	0.00%	48 Missing ⚠️
.../[locale]/(root)/scheduler/components/TaskList.tsx	0.00%	8 Missing ⚠️
...alendar/src/app/[locale]/(root)/scheduler/page.tsx	0.00%	6 Missing ⚠️
[...ocale]/(dashboard)/[wsId]/billing/success/page.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3112?src=pr&el=tree&filepath=apps%2Fweb%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28dashboard%29%2F%5BwsId%5D%2Fbilling%2Fsuccess%2Fpage.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy93ZWIvc3JjL2FwcC9bbG9jYWxlXS8oZGFzaGJvYXJkKS9bd3NJZF0vYmlsbGluZy9zdWNjZXNzL3BhZ2UudHN4)	0.00%	6 Missing ⚠️
apps/web/src/app/api/webhooks/route.ts	0.00%	6 Missing ⚠️
[...e]/(root)/scheduler/components/ScheduleDisplay.tsx](https://app.codecov.io/gh/tutur3u/platform/pull/3112?src=pr&el=tree&filepath=apps%2Fcalendar%2Fsrc%2Fapp%2F%5Blocale%5D%2F%28root%29%2Fscheduler%2Fcomponents%2FScheduleDisplay.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=tutur3u#diff-YXBwcy9jYWxlbmRhci9zcmMvYXBwL1tsb2NhbGVdLyhyb290KS9zY2hlZHVsZXIvY29tcG9uZW50cy9TY2hlZHVsZURpc3BsYXkudHN4)	0.00%	4 Missing ⚠️
... and 14 more

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #3112   +/-   ##
=======================================
  Coverage        ?    0.81%           
=======================================
  Files           ?     2539           
  Lines           ?   322213           
  Branches        ?     3040           
=======================================
  Hits            ?     2621           
  Misses          ?   317426           
  Partials        ?     2166

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

gemini-code-assist

Summary of Changes

Hello @phatgg221, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on building out and refining the subscription and payment completion flow for workspaces. It involves significant database schema changes to support subscription products, robust access control mechanisms, a complete overhaul of the billing page's user interface to display dynamic history, and improvements to the payment initiation API for better security and data handling.

Highlights

Subscription Product Management: I've introduced a new workspace_subscription_products table in the database and linked it to the workspace_subscription table. This allows for better management and storage of different subscription plans and their associated details like name, description, price, and recurring interval.
Enhanced Subscription Authorization: I've implemented and refined a check_ws_creator Supabase function and updated Row-Level Security (RLS) policies. This ensures that only the creator of a workspace can initiate a new subscription for it, and only if an active subscription doesn't already exist, preventing unauthorized or duplicate subscriptions.
Dynamic Billing History Display: I've added a new BillingHistory React component and integrated it into the billing page. This component dynamically fetches and displays a comprehensive history of a user's workspace subscriptions, including status, dates, and product details, replacing previously static data.
Billing Page UI/UX Improvements: The billing page's user interface has been significantly updated. I've removed the static 'Payment Method' section and refined the layout for displaying current plan details and features, making the page cleaner and more focused on subscription management.
Secure Payment Initiation: The API route responsible for initiating payments with Polar has been enhanced. It now performs robust authorization checks using the check_ws_creator function and securely passes user details (like email and display name) to the Polar checkout session, improving both security and customer identification.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request introduces payment completion features, including new database tables for subscription products, UI updates for the billing page to display current plans and upgrade options, and a new billing history component. API routes and webhooks are updated to handle checkout creation and subscription activation, including an initial usage report to Polar. Key changes involve schema updates, RLS policy adjustments, and frontend components for billing management.

Several areas need attention: database permissions for the new products table are overly permissive, the price column type could be improved for financial data, and some frontend elements like debug logs and button functionality need refinement. Consistency in price handling (cents vs. currency units) across different parts of the application should also be ensured.

apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx

apps/web/src/app/api/[wsId]/[productId]/payment/route.ts

apps/web/src/app/api/webhooks/route.ts

Problems: - Cancel subscription needs to be functionally working - Must charge based on how many people in the workspace

coderabbitai

Actionable comments posted: 10

🔭 Outside diff range comments (3)

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx (1)
8-8: Remove unused customerEmail prop.

The customerEmail prop is no longer used in the component logic but remains in the interface, which could be confusing for consumers.
interface PurchaseLinkProps {
  productId: string;
  wsId: string;
-  customerEmail?: string;
  theme?: 'light' | 'dark' | 'auto';
  className?: string;
}
Also remove it from the destructuring:
const PurchaseLink = ({
  productId,
  wsId,
  theme = 'auto',
  className,
  children,
}: PropsWithChildren<PurchaseLinkProps>) => {
apps/web/src/app/api/[wsId]/[productId]/cancel/route.ts (1)

1-54: Remove or complete the commented-out implementation.

The entire API route is commented out, which suggests incomplete development. Either:

Complete the implementation if cancellation functionality is needed

Remove the file if the feature is not ready for this release

Having commented-out code in production deployments can be confusing and should be avoided.
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx (1)
241-241: Replace hard-coded email with dynamic value.

The customerEmail prop uses a hard-coded test email "t@test.com", which should not be used in production code.
-                        customerEmail="t@test.com"
+                        customerEmail={userEmail || ''}
Ensure you pass the actual user's email from the parent component or retrieve it from your authentication context.

♻️ Duplicate comments (6)

apps/web/src/app/api/webhooks/route.ts (1)

70-73: Table usage concern remains unaddressed.

The previous review comment about using workspace_users vs workspace_members for counting workspace seats is still valid. The migration files in this PR use workspace_members for workspace membership checks, suggesting potential inconsistency.

apps/web/src/app/api/[wsId]/[productId]/payment/route.ts (1)

62-62: Relative URL concern persists.

The successUrl still uses a relative path (http://localhost:7803/${wsId}/billing/success). While this often works, consider using an absolute URL constructed from environment variables for better robustness across different environments.

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (2)

130-137: Receipt download button lacks functionality.

The download receipt button is present but has no onClick handler or associated functionality to actually download receipts.

111-111: Price formatting consistency concern.

The price subscription.product.price is displayed directly without .toFixed(2) formatting. Ensure consistent price handling throughout the application.

apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql (2)

6-6: Use NUMERIC instead of REAL for monetary values.

For monetary values like price, use NUMERIC or DECIMAL data types instead of REAL to avoid precision issues with financial calculations.

21-47: Excessive permissions granted to anon and authenticated roles.

Granting DELETE, INSERT, TRUNCATE, and UPDATE permissions on workspace_subscription_products to the anon role is highly insecure. The anon role represents unauthenticated users and should have minimal write access.

Apply the principle of least privilege:

anon should have no permissions or only SELECT if product information is public

authenticated users might only need SELECT

service_role should handle write operations

🧹 Nitpick comments (2)

apps/web/.env.example (1)
47-48: Good formatting improvement with optional ordering enhancement.

Adding the trailing newline is a good practice for file formatting.

Consider reordering the environment variables as suggested by the linter for better organization:
# Payment Polar.sh
-POLAR_WEBHOOK_SECRET=YOUR_POLAR_WEBHOOK_SECRET
-NEXT_PUBLIC_POLAR_ACCESS_TOKEN=YOUR_NEXT_PUBLIC_POLAR_ACCESS_TOKEN
+NEXT_PUBLIC_POLAR_ACCESS_TOKEN=YOUR_NEXT_PUBLIC_POLAR_ACCESS_TOKEN
+POLAR_WEBHOOK_SECRET=YOUR_POLAR_WEBHOOK_SECRET
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx (1)
24-24: Remove unnecessary toString() call.

The checkoutUrl is already a string, making the .toString() call redundant.
-      href={checkoutUrl.toString()}
+      href={checkoutUrl}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ffe88d and b421cc7.

📒 Files selected for processing (18)

apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql (1 hunks)
apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql (1 hunks)
apps/db/supabase/migrations/20250618082551_new_migration.sql (1 hunks)
apps/db/supabase/migrations/20250618083711_new_migration.sql (1 hunks)
apps/db/supabase/migrations/20250618085435_new_migration.sql (1 hunks)
apps/db/supabase/migrations/20250618085749_new_migration.sql (1 hunks)
apps/db/supabase/migrations/20250618090740_new_migration.sql (1 hunks)
apps/db/supabase/migrations/20250618111109_allow_delete_ws_creator.sql (1 hunks)
apps/db/supabase/migrations/20250618161718_new_migration.sql (1 hunks)
apps/web/.env.example (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx (5 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx (7 hunks)
apps/web/src/app/api/[wsId]/[productId]/cancel/route.ts (1 hunks)
apps/web/src/app/api/[wsId]/[productId]/payment/route.ts (2 hunks)
apps/web/src/app/api/webhooks/route.ts (2 hunks)
packages/types/src/supabase.ts (20 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (2)

apps/web/src/app/api/[wsId]/[productId]/payment/route.ts (1)

packages/utils/src/user-helper.ts (1)

getCurrentSupabaseUser (6-14)

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx (2)

apps/web/src/lib/polar.ts (1)

api (3-6)

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (1)

BillingHistory (18-147)

🪛 dotenv-linter (3.3.0)

apps/web/.env.example

[warning] 47-47: [UnorderedKey] The NEXT_PUBLIC_POLAR_ACCESS_TOKEN key should go before the POLAR_WEBHOOK_SECRET key

🪛 GitHub Check: codecov/patch

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx

[warning] 20-20: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx#L20
Added line #L20 was not covered by tests

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx

[warning] 2-147: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx#L2-L147
Added lines #L2 - L147 were not covered by tests

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx

[warning] 2-2: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L2
Added line #L2 was not covered by tests

[warning] 10-10: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L10
Added line #L10 was not covered by tests

[warning] 31-31: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L31
Added line #L31 was not covered by tests

[warning] 37-37: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L37
Added line #L37 was not covered by tests

[warning] 49-49: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L49
Added line #L49 was not covered by tests

[warning] 53-53: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L53
Added line #L53 was not covered by tests

[warning] 55-55: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L55
Added line #L55 was not covered by tests

[warning] 61-61: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L61
Added line #L61 was not covered by tests

[warning] 71-102: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L71-L102
Added lines #L71 - L102 were not covered by tests

[warning] 109-116: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L109-L116
Added lines #L109 - L116 were not covered by tests

[warning] 153-168: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L153-L168
Added lines #L153 - L168 were not covered by tests

[warning] 185-185: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx#L185
Added line #L185 was not covered by tests

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx

[warning] 5-5: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L5
Added line #L5 was not covered by tests

[warning] 33-33: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L33
Added line #L33 was not covered by tests

[warning] 35-35: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L35
Added line #L35 was not covered by tests

[warning] 43-44: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L43-L44
Added lines #L43 - L44 were not covered by tests

[warning] 47-77: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L47-L77
Added lines #L47 - L77 were not covered by tests

[warning] 103-104: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L103-L104
Added lines #L103 - L104 were not covered by tests

[warning] 117-117: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L117
Added line #L117 was not covered by tests

[warning] 134-136: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L134-L136
Added lines #L134 - L136 were not covered by tests

[warning] 138-138: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L138
Added line #L138 was not covered by tests

[warning] 144-145: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L144-L145
Added lines #L144 - L145 were not covered by tests

[warning] 151-163: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L151-L163
Added lines #L151 - L163 were not covered by tests

[warning] 168-168: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L168
Added line #L168 was not covered by tests

[warning] 170-171: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L170-L171
Added lines #L170 - L171 were not covered by tests

[warning] 173-173: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L173
Added line #L173 was not covered by tests

[warning] 175-178: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L175-L178
Added lines #L175 - L178 were not covered by tests

[warning] 180-181: apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx#L180-L181
Added lines #L180 - L181 were not covered by tests

🔇 Additional comments (20)

apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql (1)

1-1: Function body checking is disabled - ensure proper testing.

The set check_function_bodies = off; directive disables PostgreSQL's function validation during creation. Ensure this function is thoroughly tested since compile-time checks are bypassed.

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/data-polar-checkout.tsx (1)

20-20: Add test coverage for the checkout URL generation.

The static analysis indicates this line lacks test coverage. Consider adding unit tests to verify the correct URL format.

apps/db/supabase/migrations/20250618111109_allow_delete_ws_creator.sql (1)

1-8: Well-structured RLS policy for delete operations.

The policy correctly restricts delete operations to workspace creators by verifying the relationship between the workspace and the authenticated user. The EXISTS clause with proper join conditions ensures security.

apps/web/src/app/api/webhooks/route.ts (4)

7-7: Verify the server configuration for production readiness.

The Polar client is configured to use the 'sandbox' server. Ensure this is appropriate for the target environment.

14-14: Good addition of debugging logs.

The console.log statement will help with troubleshooting webhook payload issues.

75-75: Good error handling addition.

Adding proper error handling for the count operation improves robustness.

80-83: Event name and metadata structure look correct.

The workspace.seats.sync event name and seat_count metadata field appear appropriate for usage reporting.

apps/db/supabase/migrations/20250618090740_new_migration.sql (1)

1-11: Row-level security policy implementation looks correct.

The policy correctly restricts SELECT access to workspace_subscription records based on workspace membership via the workspace_members table. This follows security best practices.
apps/db/supabase/migrations/20250618082551_new_migration.sql (1)

1-11: Policy logic is correct but check for migration conflicts.

The INSERT policy correctly restricts subscription creation to workspace creators. However, there's another migration (20250618083711_new_migration.sql) that also updates a policy with the same name, which could cause conflicts.
#!/bin/bash
# Check for duplicate policy names across migrations
rg -A 5 "only allow owner of the user to buy subscription" apps/db/supabase/migrations/
apps/web/src/app/api/[wsId]/[productId]/payment/route.ts (1)

11-51: Excellent authentication and authorization implementation.

The integration of Supabase authentication with proper error handling and the check_ws_creator RPC call provides robust security. The code correctly:

Validates user authentication

Fetches user display name with error handling

Verifies workspace creator permissions

Returns appropriate HTTP status codes for different scenarios

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (2)

4-16: Well-defined TypeScript interface.

The BillingHistoryItem interface properly defines the structure with appropriate nullable fields and nested product details.

23-38: Comprehensive status color mapping.

The getStatusColor function handles all relevant subscription statuses with appropriate color schemes for both light and dark themes.

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/page.tsx (3)

71-101: Well-implemented subscription fetching function.

The fetchWorkspaceSubscriptions function properly:

Uses Supabase client with appropriate select query

Includes related product data via join

Implements proper error handling and logging

Returns empty array on error for graceful degradation

110-116: Efficient concurrent data fetching.

Using Promise.all to fetch products, subscription, creator status, and subscription history concurrently is an excellent performance optimization.

153-168: Proper data transformation for billing history.

The mapping from database records to the billing history format handles nullable values appropriately and provides fallback values for missing data.
apps/db/supabase/migrations/20250618161718_new_migration.sql (1)

9-40: ```shell
#!/bin/bash
echo "Verifying base tables and column existence for the view:"

for table in time_tracking_sessions time_tracking_categories tasks; do
echo
echo "=== Table: $table ==="

Show the CREATE TABLE statement

rg -n "create table.*$table" -A20 -t sql || echo "⚠️ No CREATE TABLE found for $table"

Define the columns each table must have

if [[ $table == "time_tracking_sessions" ]]; then
cols=(id ws_id user_id task_id category_id title description start_time end_time duration_seconds is_running tags created_at updated_at productivity_score)
elif [[ $table == "time_tracking_categories" ]]; then
cols=(id name color)
else
cols=(id name)
fi

Verify each column exists in the SQL schema

echo "Referenced columns:"
for col in "${cols[@]}"; do
if rg -q "^\s*$col\b" -t sql; then
echo " ✔ $col"
else
echo " ❌ $col"
fi
done
done
</details>
<details>
<summary>packages/types/src/supabase.ts (4)</summary>

`6176-6176`: **LGTM! Well-designed nullable product_id integration.**

The addition of the optional `product_id` field to the workspace_subscription table is properly implemented with consistent nullable typing across Row, Insert, and Update types. This maintains backward compatibility while enabling the new subscription product model.




Also applies to: 6188-6188, 6200-6200

---

`6222-6248`: **LGTM! Clean subscription products table definition.**

The new `workspace_subscription_products` table is well-designed with appropriate nullable fields and follows consistent naming conventions. The structure supports flexible subscription product management with name, description, price, and recurring interval fields.

---

`6206-6212`: **Verify foreign key relationship integrity.**

The new foreign key relationship for `product_id` is properly defined, but ensure that the database migration includes the corresponding foreign key constraint and that orphaned subscriptions are handled appropriately.



```shell
#!/bin/bash
# Description: Verify that the foreign key relationship is properly implemented in migrations
# Expected: Find migration files that add the foreign key constraint

# Search for migration files that reference the product_id foreign key
rg -A 10 -B 5 "product_id.*fkey|workspace_subscription_products.*fkey" --type sql
7466-7466: ```shell
#!/bin/bash

Re-run search across .ts and .tsx files for updated function calls and old parameter patterns

Search for calls to modified functions with context

rg -n -A5 'create_ai_chat(' -g '.ts' -g '.tsx'
rg -n -A5 'generate_cross_app_token(' -g '.ts' -g '.tsx'
rg -n -A5 'get_inventory_products(' -g '.ts' -g '.tsx'
rg -n -A5 'get_workspace_users(' -g '.ts' -g '.tsx'
rg -n -A5 'search_users(' -g '.ts' -g '.tsx'

Check for any remaining calls using old parameter order or names

rg -n 'create_ai_chat([^)]message[^)]title' -g '.ts' -g '.tsx'
rg -n 'generate_cross_app_token([^)]session_data[^)]expiry' -g '.ts' -g '.tsx'
</details>

</blockquote></details>

</details>

apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql

apps/db/supabase/migrations/20250618085435_new_migration.sql

apps/db/supabase/migrations/20250618085749_new_migration.sql

apps/db/supabase/migrations/20250618083711_new_migration.sql

apps/db/supabase/migrations/20250618161718_new_migration.sql

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (7)

apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (2)
111-111: Inconsistent price formatting requires verification.

The price display uses ${subscription.product.price} without explicit formatting. This could lead to display issues if prices contain fractional cents or are stored differently than expected.

Please verify the price format consistency across the application. Run this script to check how prices are stored and formatted:
#!/bin/bash
# Check price field usage and format across the codebase
rg -A 3 -B 1 "price.*toFixed|\.price" --type ts --type tsx
131-137: Missing download receipt functionality.

The receipt download button is displayed but lacks an onClick handler or any functionality to actually download receipts.

Either implement the download functionality or remove/disable the button until the feature is ready. Would you like me to help implement a basic receipt download handler?
apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql (1)
3-16: Function has NULL handling issues and misleading name.

The function has the same issues highlighted in previous reviews:

NULL handling: When workspace doesn't exist, the subquery returns NULL, making NULL = auth.uid() always false

Misleading name: check_ws_creator suggests it only checks creator status, but it also enforces no existing subscription

Apply this fix to handle NULL cases explicitly and improve clarity:
-CREATE OR REPLACE FUNCTION public.check_ws_creator(ws_id uuid)
- RETURNS boolean
- LANGUAGE plpgsql
-AS $function$BEGIN
-  RETURN (
-    (
-      SELECT creator_id FROM public.workspaces WHERE id = check_ws_creator.ws_id
-    ) = auth.uid()
-    AND NOT EXISTS (
-      SELECT 1 FROM public.workspace_subscription
-      WHERE public.workspace_subscription.ws_id = check_ws_creator.ws_id
-    )
-  );
-END;$function$
+CREATE OR REPLACE FUNCTION public.check_ws_creator_can_subscribe(ws_id uuid)
+ RETURNS boolean
+ LANGUAGE plpgsql
+AS $function$BEGIN
+  RETURN (
+    EXISTS (
+      SELECT 1 FROM public.workspaces 
+      WHERE id = ws_id AND creator_id = auth.uid()
+    )
+    AND NOT EXISTS (
+      SELECT 1 FROM public.workspace_subscription
+      WHERE public.workspace_subscription.ws_id = ws_id
+    )
+  );
+END;$function$
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx (4)
33-35: New props added to interface but not consistently used.

The interface defines product_id and activeSubscriptionId but they're commented out in the destructuring, creating inconsistency.

Either use these props or remove them from the interface:
interface BillingClientProps {
  currentPlan: Plan;
  upgradePlans: UpgradePlan[];
  wsId: string;
-  product_id: string;
  isCreator: boolean;
-  activeSubscriptionId?: string;
}
Or uncomment their usage if they're needed for the cancellation feature.

47-48: Remove unused state variables.

The state variables _isLoading and message with underscore prefixes indicate they're unused, creating dead code.

Remove these unused state declarations:
-  const [_isLoading, _setIsLoading] = useState(false);
-  const [message, _setMessage] = useState('');
50-77: Complete or remove commented-out cancellation logic.

The entire handleCancelSubscription function is commented out, indicating incomplete implementation.

Either implement the complete cancellation functionality or remove this commented code block to maintain code clarity.

151-161: Message display references unused state.

The message display logic uses the message state variable, but its setter _setMessage has an underscore prefix indicating it's unused.

Either implement proper message handling by removing the underscore prefix and adding logic to set messages, or remove this entire conditional block.

🧹 Nitpick comments (2)

apps/upskii/src/components/request-education-banner.tsx (1)

4-5: Add test coverage for the new icons
Static analysis flags these lines as not covered by tests. Please add a rendering or snapshot test for EducationBanner to verify BookOpenText and Sparkles render correctly.

apps/calendar/src/app/[locale]/(root)/scheduler/page.tsx (1)

34-39: Add tests for new imports and functionality
Static coverage reports show that the newly added imports and corresponding component logic aren’t covered by tests. Consider adding unit or integration tests (e.g., with React Testing Library) to verify icon rendering, tab interactions, time input handling, and dayjs-based active hours updates. I can help generate test stubs if needed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b421cc7 and 068797d.

📒 Files selected for processing (23)

apps/calendar/src/app/[locale]/(root)/scheduler/components/AlgorithmInsights.tsx (1 hunks)
apps/calendar/src/app/[locale]/(root)/scheduler/components/ScheduleDisplay.tsx (1 hunks)
apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskList.tsx (1 hunks)
apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskModal.tsx (1 hunks)
apps/calendar/src/app/[locale]/(root)/scheduler/components/TemplateScenarios.tsx (1 hunks)
apps/calendar/src/app/[locale]/(root)/scheduler/page.tsx (1 hunks)
apps/db/supabase/migrations/20250618070621_changed_check_creator_function_policy.sql (1 hunks)
apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql (1 hunks)
apps/db/supabase/migrations/20250618161718_new_migration.sql (1 hunks)
apps/upskii/src/components/request-education-banner.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-client.tsx (5 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/billing-history.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/success/page.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/[wsId]/nav-link.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/settings/account/sessions/sessions-card.tsx (1 hunks)
apps/web/src/app/[locale]/(dashboard)/settings/account/settings-nav.tsx (1 hunks)
apps/web/src/components/command/add-task-form.tsx (1 hunks)
apps/web/src/components/command/board-navigation.tsx (1 hunks)
apps/web/src/components/command/coming-soon.tsx (1 hunks)
apps/web/src/components/command/command-header.tsx (1 hunks)
apps/web/src/components/command/empty-state.tsx (1 hunks)
apps/web/src/components/command/quick-actions.tsx (1 hunks)
apps/web/src/components/command/quick-time-tracker.tsx (1 hunks)

✅ Files skipped from review due to trivial changes (9)

apps/web/src/app/[locale]/(dashboard)/[wsId]/nav-link.tsx
apps/web/src/components/command/command-header.tsx
apps/web/src/components/command/board-navigation.tsx
apps/web/src/components/command/quick-time-tracker.tsx
apps/web/src/components/command/coming-soon.tsx
apps/web/src/components/command/empty-state.tsx
apps/web/src/components/command/quick-actions.tsx
apps/web/src/app/[locale]/(dashboard)/[wsId]/billing/success/page.tsx
apps/web/src/app/[locale]/(dashboard)/settings/account/sessions/sessions-card.tsx

🚧 Files skipped from review as they are similar to previous changes (2)

apps/db/supabase/migrations/20250618161718_new_migration.sql
apps/db/supabase/migrations/20250618073214_add_workspace_subscription_products_table.sql

🧰 Additional context used

🪛 GitHub Check: codecov/patch

apps/calendar/src/app/[locale]/(root)/scheduler/components/AlgorithmInsights.tsx

[warning] 22-24: apps/calendar/src/app/[locale]/(root)/scheduler/components/AlgorithmInsights.tsx#L22-L24
Added lines #L22 - L24 were not covered by tests

apps/calendar/src/app/[locale]/(root)/scheduler/components/ScheduleDisplay.tsx

[warning] 18-21: apps/calendar/src/app/[locale]/(root)/scheduler/components/ScheduleDisplay.tsx#L18-L21
Added lines #L18 - L21 were not covered by tests

apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskList.tsx

[warning] 13-20: apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskList.tsx#L13-L20
Added lines #L13 - L20 were not covered by tests

apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskModal.tsx

[warning] 13-13: apps/calendar/src/app/[locale]/(root)/scheduler/components/TaskModal.tsx#L13
Added line #L13 was not covered by tests

apps/calendar/src/app/[locale]/(root)/scheduler/components/TemplateScenarios.tsx

[warning] 27-27: apps/calendar/src/app/[locale]/(root)/scheduler/components/TemplateScenarios.tsx#L27
Added line #L27 was not covered by tests

apps/calendar/src/app/[locale]/(root)/scheduler/page.tsx

[warning] 34-39: apps/calendar/src/app/[locale]/(root)/scheduler/page.tsx#L34-L39
Added lines #L34 - L39 were not covered by tests

apps/upskii/src/components/request-education-banner.tsx

[warning] 4-5: apps/upskii/src/components/request-education-banner.tsx#L4-L5
Added lines #L4 - L5 were not covered by tests