Update routes/subscription.py

routes/subscription.py

@@ -131,9 +131,26 @@ async def create_price(
         raise HTTPException(status_code=500, detail="Error creating/updating price.")
         
 @router.post("/create_checkout_session")
-def create_checkout_session(data: SubscriptionRequest):
+def create_checkout_session(
+    data: SubscriptionRequest,
+    user_token: str = Header(None, alias="User-key")
+):
     try:
-        # 🔹 1. Buscar estilista no Supabase
+        if not user_token:
+            raise HTTPException(status_code=401, detail="Missing User-key header")
+
+        # 🔹 1. Decodificar o token JWT para obter o ID do usuário
+        try:
+            payload = jwt.decode(user_token, JWT_SECRET, algorithms=["HS256"])  # Substitua JWT_SECRET pela sua chave real
+            user_id = payload.get("id")
+            if not user_id:
+                raise HTTPException(status_code=400, detail="Invalid token: User ID not found")
+        except jwt.ExpiredSignatureError:
+            raise HTTPException(status_code=401, detail="Token expired")
+        except jwt.InvalidTokenError:
+            raise HTTPException(status_code=401, detail="Invalid token")
+
+        # 🔹 2. Buscar estilista no Supabase
         response = requests.get(
             f"{SUPABASE_URL}/rest/v1/User?id=eq.{data.id}",
             headers=SUPABASE_HEADERS
@@ -144,17 +161,15 @@ def create_checkout_session(data: SubscriptionRequest):
             raise HTTPException(status_code=404, detail="Stylist not found")
 
         stylist = stylist_data[0]
-        stylist_name = stylist["name"]
-        stylist_avatar = stylist["avatar"]
-        consultations = stylist["consultations"]
-        stylist_stripe_id = stylist["stripe_id"]
+        stylist_stripe_id = stylist.get("stripe_id")
+        consultations = stylist.get("consultations")
 
         if not consultations or not stylist_stripe_id:
             raise HTTPException(status_code=400, detail="Stylist profile is incomplete")
 
-        # 🔹 2. Buscar o stripe_id e price_id do usuário no banco de dados (Supabase)
+        # 🔹 3. Buscar o stripe_id e price_id do usuário autenticado
         response_user = requests.get(
-            f"{SUPABASE_URL}/rest/v1/User?id=eq.{data.user_id}",
+            f"{SUPABASE_URL}/rest/v1/User?id=eq.{user_id}",
             headers=SUPABASE_HEADERS
         )
 
@@ -164,14 +179,14 @@ def create_checkout_session(data: SubscriptionRequest):
 
         user = user_data[0]
         user_stripe_id = user.get("stripe_id")
-        price_id = user.get("price_id")  # Pegamos o price_id salvo no Supabase
+        price_id = user.get("price_id")  
 
         if not user_stripe_id:
             raise HTTPException(status_code=400, detail="User does not have a Stripe ID")
         if not price_id:
             raise HTTPException(status_code=400, detail="User does not have a valid price ID")
 
-        # 🔹 3. Criar Checkout Session no Stripe com o price_id salvo
+        # 🔹 4. Criar Checkout Session no Stripe
         session = stripe.checkout.Session.create(
             success_url="https://yourdomain.com/success",
             cancel_url="https://yourdomain.com/cancel",
@@ -182,12 +197,12 @@ def create_checkout_session(data: SubscriptionRequest):
                 {
                     "price": price_id,  
                     "quantity": 1,
-                    "description": "Assinatura personalizada para usuário"  # ✅ Enviar a descrição aqui
+                    "description": "Assinatura personalizada para usuário"
                 }
             ],
             metadata={
                 "stylist_id": stylist_stripe_id,
-                "user_id": data.user_id,
+                "user_id": user_id,  # 🔹 Continua no metadata para rastreamento interno
                 "consultations_per_month": consultations
             }
         )