Ronni Baslund
3288fde693
Access & navigation
- Gate partner-mode strictly to partner staff so admins/end-users never inherit
leftover partner-view state; purge stale session entry on hydrate.
- Role-driven admin entry: useMe.isTenantAdmin, Admin/Personal tiles in the app
launcher, and an /admin route guard in the global middleware (fail closed).
- Drop the duplicate user identity block from the sidebar footer.
Admin pages on real data
- New tenant-scoped, membership-gated endpoints: GET /tenants/:slug/{audit,users,
invoices}; useTenant composable resolves the active workspace + subscription.
- Dashboard: real seats, spend (cycle-normalized + minor-units), plan, renewal,
and recent audit; unbacked sections removed.
- Users & groups: real members; Groups/Invitations/Service accounts shown as
honest "coming soon".
- Subscription & invoices: real plan hero, invoice history, and billing details.
Stripe payment method (Elements + SetupIntent)
- StripeClient: publishable key + getDefaultCard/createSetupIntent/setDefaultCard.
- CustomerBillingController + BillingService methods (ensure-customer on demand).
- Portal: PaymentMethodModal, useStripeJs (CDN load), proxies; hidePostalCode.
Editable billing details & whitelabel branding
- PATCH /tenants/:slug/billing-info (narrow: company/VAT/country/email).
- TenantBranding schema/service + GET/PUT /tenants/:slug/branding: real product
name, accent colour, and per-tenant email-template overrides.
- Branding preview + sidebar workspace mark wired to real name/plan/seats/colour
with YIQ auto-contrast (readableOn util).
Session resilience
- Request offline_access so Authentik issues a refresh token (automaticRefresh).
- Silent refresh + single retry on 401 for writes (useApiFetch, incl. partner
pages) and reads (useMe.fetchMe) — no redirect, no lost input.
- Modal backdrop closes only on press+release on the backdrop (no more
drag-select-to-close).
35 lines
1.4 KiB
TypeScript
35 lines
1.4 KiB
TypeScript
// Loads Stripe.js from js.stripe.com on demand. Stripe requires the library be
|
|
// served from their CDN (not bundled) so card data never touches our origin —
|
|
// that's what keeps PCI scope minimal. We inject the <script> once and cache
|
|
// the promise; `window.Stripe` is the global constructor it exposes.
|
|
//
|
|
// Typed as `any`: we deliberately don't pull in @stripe/stripe-js just for its
|
|
// types. The surface we use (elements, confirmCardSetup) is small and stable.
|
|
|
|
let stripeJsPromise: Promise<unknown> | null = null
|
|
|
|
export function loadStripeJs(): Promise<unknown> {
|
|
if (!import.meta.client) return Promise.resolve(null)
|
|
const w = window as unknown as { Stripe?: unknown }
|
|
if (w.Stripe) return Promise.resolve(w.Stripe)
|
|
if (!stripeJsPromise) {
|
|
stripeJsPromise = new Promise((resolve, reject) => {
|
|
const src = 'https://js.stripe.com/v3/'
|
|
const existing = document.querySelector<HTMLScriptElement>(`script[src="${src}"]`)
|
|
if (existing) {
|
|
existing.addEventListener('load', () => resolve(w.Stripe))
|
|
existing.addEventListener('error', () => reject(new Error('Failed to load Stripe.js')))
|
|
if (w.Stripe) resolve(w.Stripe)
|
|
return
|
|
}
|
|
const s = document.createElement('script')
|
|
s.src = src
|
|
s.async = true
|
|
s.onload = () => resolve(w.Stripe)
|
|
s.onerror = () => reject(new Error('Failed to load Stripe.js'))
|
|
document.head.appendChild(s)
|
|
})
|
|
}
|
|
return stripeJsPromise
|
|
}
|