Update routes/subscription.py

routes/subscription.py

@@ -3,8 +3,10 @@ import logging
 import json
 import os
 import requests
+import jwt
 from fastapi import APIRouter, HTTPException, Request
 from pydantic import BaseModel
+from fastapi import Header
 
 router = APIRouter()
 
@@ -32,7 +34,6 @@ class CheckSubscriptionRequest(BaseModel):
     user_id: str
     stylist_id: str
 
-# 📌 Agora recebemos `user_id` (ID do cliente que está comprando)
 class SubscriptionRequest(BaseModel):
     id: str  # ID do estilista
 
@@ -40,8 +41,6 @@ class CreatePriceRequest(BaseModel):
     amount: int  # Valor em centavos (ex: 2500 para R$25,00)
     user_id: str  # ID do usuário que está criando o preço
 
-from fastapi import Header  # Import para pegar headers
-
 @router.post("/create_price")
 async def create_price(
     data: CreatePriceRequest,
@@ -51,14 +50,26 @@ async def create_price(
         if not user_token:
             raise HTTPException(status_code=401, detail="Missing User-key header")
 
+        # 🔹 Verificação do token JWT no Supabase
+        supabase_url = f"{SUPABASE_URL}/auth/v1/user"
+        response = requests.get(supabase_url, headers={"Authorization": f"Bearer {user_token}"})
+
+        if response.status_code != 200:
+            raise HTTPException(status_code=401, detail="Invalid token")
+
+        user_data = response.json()
+        user_id = user_data.get("id")
+        if not user_id:
+            raise HTTPException(status_code=400, detail="Invalid token: User ID not found")
+
         amount = data.amount
-        user_id = data.user_id
+        user_id_request = data.user_id
 
-        if not amount or not user_id:
+        if not amount or not user_id_request:
             raise HTTPException(status_code=400, detail="Amount and user_id are required")
 
         # 🔹 Buscar `price_id` do usuário no Supabase
-        supabase_url = f"{SUPABASE_URL}/rest/v1/User?id=eq.{user_id}"
+        supabase_url = f"{SUPABASE_URL}/rest/v1/User?id=eq.{user_id_request}"
         supabase_headers = {
             "apikey": SUPABASE_KEY,
             "Authorization": f"Bearer {user_token}",
@@ -128,7 +139,7 @@ async def create_price(
     except Exception as e:
         logger.error(f"❌ Error creating/updating price: {e}")
         raise HTTPException(status_code=500, detail="Error creating/updating price.")
-        
+
 @router.post("/create_checkout_session")
 def create_checkout_session(
     data: SubscriptionRequest,
@@ -138,17 +149,18 @@ def create_checkout_session(
         if not user_token:
             raise HTTPException(status_code=401, detail="Missing User-key header")
 
-        # 🔹 1. Decodificar o token JWT para obter o ID do usuário
-        try:
-            payload = jwt.decode(user_token, JWT_SECRET, algorithms=["HS256"])  # Substitua JWT_SECRET pela sua chave real
-            user_id = payload.get("id")
-            if not user_id:
-                raise HTTPException(status_code=400, detail="Invalid token: User ID not found")
-        except jwt.ExpiredSignatureError:
-            raise HTTPException(status_code=401, detail="Token expired")
-        except jwt.InvalidTokenError:
+        # 🔹 1. Verificação do token JWT no Supabase
+        supabase_url = f"{SUPABASE_URL}/auth/v1/user"
+        response = requests.get(supabase_url, headers={"Authorization": f"Bearer {user_token}"})
+
+        if response.status_code != 200:
             raise HTTPException(status_code=401, detail="Invalid token")
 
+        user_data = response.json()
+        user_id = user_data.get("id")
+        if not user_id:
+            raise HTTPException(status_code=400, detail="Invalid token: User ID not found")
+
         # 🔹 2. Buscar estilista no Supabase
         response = requests.get(
             f"{SUPABASE_URL}/rest/v1/User?id=eq.{data.id}",