feat(billing): add BillingService.open_customer_portal + GET endpoint

Authed users can now request a Stripe-hosted Customer Portal URL for card updates and cancellation via GET /api/v1/billing/portal-session. The path is already in both _SUBSCRIPTION_GUARD_ALLOWLIST and _EMAIL_VERIFICATION_ALLOWLIST so canceled or unverified-past-grace users can still update billing. - Returns 503 with {"error": "stripe_not_configured"} when STRIPE_SECRET_KEY unset. - Returns 400 with {"error": "no_stripe_customer"} when account has no stripe_customer_id (must complete checkout first). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-06 19:55:42 -04:00
parent f918b766b0
commit 2f8ec3775e
4 changed files with 131 additions and 1 deletions
--- a/backend/app/api/endpoints/billing.py
+++ b/backend/app/api/endpoints/billing.py
@@ -1,6 +1,6 @@
 from typing import Annotated

-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

@@ -10,6 +10,7 @@ from app.core.config import settings
 from app.models.account import Account
 from app.models.user import User
 from app.schemas.billing import (
+    BillingPortalSessionResponse,
    BillingStateResponse,
    CheckoutSessionCreate,
    CheckoutSessionResponse,
@@ -50,3 +51,26 @@ async def get_billing_state(
    )).scalar_one()
    state = await BillingService.get_billing_state(db, account)
    return BillingStateResponse(**state)
+
+
+@router.get("/portal-session", response_model=BillingPortalSessionResponse)
+async def get_billing_portal_session(
+    current_user: Annotated[User, Depends(get_current_active_user)],
+    db: Annotated[AsyncSession, Depends(get_admin_db)],
+) -> BillingPortalSessionResponse:
+    """Return a Stripe-hosted Customer Portal URL for the account so the user
+    can update card / cancel. Allowlisted from the subscription + email-verify
+    guards (a canceled or unverified-past-grace user must still be able to
+    update billing)."""
+    if not settings.stripe_enabled:
+        raise HTTPException(status_code=503, detail={"error": "stripe_not_configured"})
+
+    account = (await db.execute(
+        select(Account).where(Account.id == current_user.account_id)
+    )).scalar_one()
+
+    try:
+        url = await BillingService.open_customer_portal(account)
+    except ValueError:
+        raise HTTPException(status_code=400, detail={"error": "no_stripe_customer"})
+    return BillingPortalSessionResponse(url=url)
--- a/backend/app/schemas/billing.py
+++ b/backend/app/schemas/billing.py
@@ -13,6 +13,10 @@ class CheckoutSessionResponse(BaseModel):
    url: str


+class BillingPortalSessionResponse(BaseModel):
+    url: str
+
+
 class SubscriptionState(BaseModel):
    status: str
    plan: str
--- a/backend/app/services/billing.py
+++ b/backend/app/services/billing.py
@@ -105,6 +105,25 @@ class BillingService:
        )
        return session.url

+    @staticmethod
+    async def open_customer_portal(account: Account) -> str:
+        """Create a Stripe-hosted Customer Portal session and return the URL.
+
+        Raises RuntimeError if Stripe isn't configured (endpoint maps to 503).
+        Raises ValueError if the account has no stripe_customer_id yet — the
+        user must complete a checkout first (endpoint maps to 400).
+        """
+        if not settings.stripe_enabled:
+            raise RuntimeError("Stripe not configured")
+        if account.stripe_customer_id is None:
+            raise ValueError("no_stripe_customer")
+        stripe.api_key = settings.STRIPE_SECRET_KEY
+        session = stripe.billing_portal.Session.create(
+            customer=account.stripe_customer_id,
+            return_url=f"{settings.FRONTEND_URL}/account/billing",
+        )
+        return session.url
+
    @staticmethod
    async def get_billing_state(db: AsyncSession, account):
        """Aggregate Subscription + PlanLimits + PlanBilling + resolved feature