fix(billing): add missing subscription fields and audit logging to upgrade flow

[mcstepp]

What does this PR do?

Additional subscription information was missing during upgrade. Adds audit logging also.

Fixes #2176

If there is not an issue for this, please create one first. This is used to tracking purposes and also helps use understand why this PR exists

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• Enhancement (small improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How should this be tested?

Manual testing

1. Log in as free workspace user without stripe information
2. Initiate upgrade to pro
3. add stripe information and finish upgrade
4. Confirm upgrade in UI
5. Confirm subscription info in db
6. Confirm audit logs

Checklist

Required

• Filled out the "How to test" section in this PR
• Read Contributing Guide
• Self-reviewed my own code
• Commented on my code in hard-to-understand areas
• Ran pnpm build
• Ran pnpm fmt
• Checked for warnings, there are none
• Removed all console.logs
• Merged the latest changes from main onto my branch with git pull origin main
• My changes don't cause any responsiveness issues

Appreciated

• If a UI change was made: Added a screen recording or screenshots to this PR
• Updated the Unkey Docs if changes were necessary

Summary by CodeRabbit

• New Features
  • Enhanced subscription management with improved plan upgrade logic.
  • Integrated audit logging for tracking workspace updates during plan upgrades.
• Bug Fixes
  • Improved user authentication checks to ensure proper tenant ID and user existence validation.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0a75c1e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
dashboard	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 4, 2024 4:42pm
play	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 4, 2024 4:42pm
unkey-engineering	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 4, 2024 4:42pm
www	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 4, 2024 4:42pm

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
planetfall	⬜️ Ignored (Inspect)	Visit Preview		Oct 4, 2024 4:42pm
workflows	⬜️ Ignored (Inspect)	Visit Preview		Oct 4, 2024 4:42pm

[linear]

ENG-1359 [billing] Missing subscription information during upgrade

[github-actions]

Thank you for following the naming conventions for pull request titles! 🙏

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The changes in this pull request focus on enhancing the StripeSuccess function within the apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx file. Key modifications include improved user authentication checks, updated subscription management logic, and the integration of audit logging. The function now ensures atomic database updates during plan upgrades and captures additional subscription information. New methods for logging have been introduced, and the analytics capture is now conditional based on the user's plan upgrade status.

Changes

File Path	Change Summary
apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx	Modifications to StripeSuccess function, including new imports, enhanced authentication, transaction encapsulation for database updates, and integrated audit logging.

Assessment against linked issues

Objective	Addressed	Explanation
DB should be populated with additional information (#2176)	✅

Possibly related PRs

• fix(billing): a user can add payment while upgrading their plan #2120: The changes in the StripeSuccess function in the main PR relate to the modifications in the ChangePlanButton component, as both involve handling plan changes and user interactions with Stripe during the upgrade process.

Suggested reviewers

• perkinsjr
• chronark

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between e7ac47f and ebfa3ea.

📒 Files selected for processing (1)

• apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (3 hunks)

🧰 Additional context used

📓 Learnings (2)

📓 Common learnings

Learnt from: mcstepp
PR: unkeyed/unkey#2120
File: apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx:19-19
Timestamp: 2024-09-20T18:32:21.963Z
Learning: In the `StripeSuccess` function, TypeScript's type-checking of the `new_plan` parameter ensures that only "free", "pro", or undefined values are accepted, so additional runtime validation is not necessary.

apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (1)

Learnt from: mcstepp
PR: unkeyed/unkey#2120
File: apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx:19-19
Timestamp: 2024-09-20T18:32:21.963Z
Learning: In the `StripeSuccess` function, TypeScript's type-checking of the `new_plan` parameter ensures that only "free", "pro", or undefined values are accepted, so additional runtime validation is not necessary.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (1)

82-99: LGTM: Improved database update with transaction and new fields.

The use of a database transaction ensures atomicity of the updates, which is a good practice. The addition of new fields (planChanged, subscriptions, planDowngradeRequest) addresses the PR objective of capturing additional subscription information during the upgrade process.

One minor suggestion:

Consider extracting the object passed to set() into a separate variable for better readability, especially if more fields might be added in the future. For example:

const updateFields = {
  stripeCustomerId: customer.id,
  stripeSubscriptionId: session.subscription as string,
  trialEnds: null,
  ...(isUpgradingPlan
    ? {
        plan: new_plan,
        planChanged: new Date(),
        subscriptions: defaultProSubscriptions(),
        planDowngradeRequest: null,
      }
    : {}),
};

await tx
  .update(schema.workspaces)
  .set(updateFields)
  .where(eq(schema.workspaces.id, ws.id));

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between ebfa3ea and 0a75c1e.

📒 Files selected for processing (1)

• apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (3 hunks)

🧰 Additional context used

📓 Learnings (2)

📓 Common learnings

Learnt from: mcstepp
PR: unkeyed/unkey#2120
File: apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx:19-19
Timestamp: 2024-09-20T18:32:21.963Z
Learning: In the `StripeSuccess` function, TypeScript's type-checking of the `new_plan` parameter ensures that only "free", "pro", or undefined values are accepted, so additional runtime validation is not necessary.

apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (1)

Learnt from: mcstepp
PR: unkeyed/unkey#2120
File: apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx:19-19
Timestamp: 2024-09-20T18:32:21.963Z
Learning: In the `StripeSuccess` function, TypeScript's type-checking of the `new_plan` parameter ensures that only "free", "pro", or undefined values are accepted, so additional runtime validation is not necessary.

🔇 Additional comments (3)

apps/dashboard/app/(app)/settings/billing/stripe/success/page.tsx (3)

3-3: LGTM: New imports are relevant to the changes.

The new imports (insertAuditLogs, ingestAuditLogsTinybird, and defaultProSubscriptions) are appropriate for the added functionality in handling plan upgrades and audit logging.

Also applies to: 8-8, 10-10

---

25-26: LGTM: Improved authentication and upgrade check.

The addition of the currentUser() check enhances security. The isUpgradingPlan variable more accurately represents the condition for upgrading to the 'pro' plan, which aligns well with the PR objectives.

Also applies to: 79-80

---

Line range hint 136-141: LGTM: Improved PostHog event capture.

The conditional PostHog event capture based on isUpgradingPlan ensures that the event is only recorded when there's an actual upgrade to the 'pro' plan. This change aligns well with the PR objectives of improving the upgrade flow and enhances the accuracy of analytics data.

[coderabbitai]

🛠️ Refactor suggestion

Improve audit logging implementation.

The addition of audit logging enhances the tracking of the upgrade process, which aligns with the PR objectives. However, there are a few points to consider:

1. There's duplication in the data passed to both insertAuditLogs and ingestAuditLogsTinybird. Consider extracting this data into a shared variable to adhere to the DRY principle.

2. The ingestAuditLogsTinybird function is called within the database transaction. This might not be ideal for performance, as it could potentially slow down the transaction.

Consider refactoring the audit logging implementation as follows:

const auditLogData = {
  workspaceId: ws.id,
  actor: { type: "user", id: user.id },
  event: "workspace.update",
  description: "Changed plan to 'pro'",
  resources: [{ type: "workspace", id: ws.id }],
  context: {
    location: h.get("x-forwarded-for") ?? process.env.VERCEL_REGION ?? "unknown",
    userAgent: h.get("user-agent") ?? undefined,
  },
};

await db.transaction(async (tx) => {
  // ... existing transaction code ...

  if (isUpgradingPlan) {
    await insertAuditLogs(tx, auditLogData);
  }
});

if (isUpgradingPlan) {
  await ingestAuditLogsTinybird(auditLogData);
}

This refactoring reduces duplication and moves the ingestAuditLogsTinybird call outside the transaction for better performance.