import { NextRequest, NextResponse } from 'next/server'; import { cookies } from 'next/headers'; import { stripe } from '@/lib/stripe'; import { db } from '@/lib/db'; import { rateLimit, getClientIdentifier, RateLimits } from '@/lib/rateLimit'; export async function POST(request: NextRequest) { try { const userId = cookies().get('userId')?.value; // Rate Limiting (user-based) const clientId = userId || getClientIdentifier(request); const rateLimitResult = rateLimit(clientId, RateLimits.STRIPE_PORTAL); if (!rateLimitResult.success) { return NextResponse.json( { error: 'Too many requests. Please try again later.', retryAfter: Math.ceil((rateLimitResult.reset - Date.now()) / 1000) }, { status: 429, headers: { 'X-RateLimit-Limit': rateLimitResult.limit.toString(), 'X-RateLimit-Remaining': rateLimitResult.remaining.toString(), 'X-RateLimit-Reset': rateLimitResult.reset.toString(), } } ); } if (!userId) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } // Get user with Stripe customer ID const user = await db.user.findUnique({ where: { id: userId }, select: { stripeCustomerId: true, email: true, }, }); if (!user) { return NextResponse.json({ error: 'User not found' }, { status: 404 }); } // If user doesn't have a Stripe customer ID, they can't access the portal if (!user.stripeCustomerId) { return NextResponse.json( { error: 'No active subscription found' }, { status: 400 } ); } // Create Stripe Customer Portal session const portalSession = await stripe.billingPortal.sessions.create({ customer: user.stripeCustomerId, return_url: `${process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'}/settings`, }); return NextResponse.json({ url: portalSession.url }); } catch (error) { console.error('Error creating portal session:', error); return NextResponse.json( { error: 'Failed to create portal session' }, { status: 500 } ); } }