feat(portal): customer-admin surface on real data + Stripe billing + session resilience

Access & navigation
- Gate partner-mode strictly to partner staff so admins/end-users never inherit
  leftover partner-view state; purge stale session entry on hydrate.
- Role-driven admin entry: useMe.isTenantAdmin, Admin/Personal tiles in the app
  launcher, and an /admin route guard in the global middleware (fail closed).
- Drop the duplicate user identity block from the sidebar footer.

Admin pages on real data
- New tenant-scoped, membership-gated endpoints: GET /tenants/:slug/{audit,users,
  invoices}; useTenant composable resolves the active workspace + subscription.
- Dashboard: real seats, spend (cycle-normalized + minor-units), plan, renewal,
  and recent audit; unbacked sections removed.
- Users & groups: real members; Groups/Invitations/Service accounts shown as
  honest "coming soon".
- Subscription & invoices: real plan hero, invoice history, and billing details.

Stripe payment method (Elements + SetupIntent)
- StripeClient: publishable key + getDefaultCard/createSetupIntent/setDefaultCard.
- CustomerBillingController + BillingService methods (ensure-customer on demand).
- Portal: PaymentMethodModal, useStripeJs (CDN load), proxies; hidePostalCode.

Editable billing details & whitelabel branding
- PATCH /tenants/:slug/billing-info (narrow: company/VAT/country/email).
- TenantBranding schema/service + GET/PUT /tenants/:slug/branding: real product
  name, accent colour, and per-tenant email-template overrides.
- Branding preview + sidebar workspace mark wired to real name/plan/seats/colour
  with YIQ auto-contrast (readableOn util).

Session resilience
- Request offline_access so Authentik issues a refresh token (automaticRefresh).
- Silent refresh + single retry on 401 for writes (useApiFetch, incl. partner
  pages) and reads (useMe.fetchMe) — no redirect, no lost input.
- Modal backdrop closes only on press+release on the backdrop (no more
  drag-select-to-close).

This commit is contained in:

Ronni Baslund

2026-05-31 00:19:34 +02:00

parent db26dafc64

commit 3288fde693

44 changed files with 1874 additions and 1237 deletions

									
										infrastructure/docker-compose/docker-compose.yml
									
		+3
		
												View File
												
				@@ -590,6 +590,9 @@ services:

				      # marginPct). Values come from the gitignored root .env. Webhook secret is

				      # only needed once the signature-verified /stripe/webhook path goes live.

				      STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY:-}

				      # Publishable key is safe to expose to the browser — the portal fetches it

				      # from platform-api (via the setup-intent response) to mount Stripe Elements.

				      STRIPE_PUBLISHABLE_KEY: ${STRIPE_PUBLISHABLE_KEY:-}

				      STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET:-}

				      BILLING_STRIPE_ENABLED: ${BILLING_STRIPE_ENABLED:-false}

				    volumes: