feat: Implement Stripe integration for premium user upgrades Phase 2

- Add PremiumUser model to store Stripe payment and premium status data.
- Create API endpoint for creating Stripe Checkout Sessions.
- Implement webhook handler for processing Stripe events and updating user status.
- Add service functions to check premium status and enforce item creation limits.
- Update frontend to handle item creation limits and show upgrade modal for free users.
- Integrate Stripe SDK and configure necessary environment variables.
- Ensure proper error handling and logging throughout the payment process.

Author: CupOfGeo

.env

@@ -44,3 +44,8 @@ SENTRY_DSN=
 # Configure these with your own Docker registry images
 DOCKER_IMAGE_BACKEND=backend
 DOCKER_IMAGE_FRONTEND=frontend
+
+# Stripe (get keys from https://dashboard.stripe.com/test/apikeys)
+STRIPE_SECRET_KEY=sk_test_changethis
+STRIPE_WEBHOOK_SECRET=whsec_changethis
+STRIPE_PREMIUM_PRICE_CENTS=100

backend/app/alembic/env.py

@@ -19,6 +19,7 @@
 # target_metadata = None
 
 from app.models import SQLModel  # noqa
+from app.premium_users.models import PremiumUser  # noqa - register for migrations
 from app.core.config import settings # noqa
 
 target_metadata = SQLModel.metadata

backend/app/alembic/versions/43e367b997b2_add_premium_user_table.py

@@ -0,0 +1,61 @@
+"""Add premium_user table
+
+Revision ID: 43e367b997b2
+Revises: 1a31ce608336
+Create Date: 2025-12-14 07:23:37.975275
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel.sql.sqltypes
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '43e367b997b2'
+down_revision = '1a31ce608336'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('premium_user',
+    sa.Column('premium_user_id', sa.Uuid(), nullable=False),
+    sa.Column('user_id', sa.Uuid(), nullable=False),
+    sa.Column('stripe_customer_id', sqlmodel.sql.sqltypes.AutoString(), nullable=False),
+    sa.Column('is_premium', sa.Boolean(), nullable=False),
+    sa.Column('payment_intent_id', sqlmodel.sql.sqltypes.AutoString(), nullable=True),
+    sa.Column('paid_at', sa.DateTime(), nullable=True),
+    sa.Column('created_at', sa.DateTime(), nullable=False),
+    sa.Column('updated_at', sa.DateTime(), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+    sa.PrimaryKeyConstraint('premium_user_id')
+    )
+    op.create_index(op.f('ix_premium_user_stripe_customer_id'), 'premium_user', ['stripe_customer_id'], unique=False)
+    op.create_index(op.f('ix_premium_user_user_id'), 'premium_user', ['user_id'], unique=True)
+    op.drop_index(op.f('ix_premiumuser_stripe_customer_id'), table_name='premiumuser')
+    op.drop_index(op.f('ix_premiumuser_user_id'), table_name='premiumuser')
+    op.drop_table('premiumuser')
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('premiumuser',
+    sa.Column('premium_user_id', sa.UUID(), autoincrement=False, nullable=False),
+    sa.Column('user_id', sa.UUID(), autoincrement=False, nullable=False),
+    sa.Column('stripe_customer_id', sa.VARCHAR(), autoincrement=False, nullable=False),
+    sa.Column('is_premium', sa.BOOLEAN(), autoincrement=False, nullable=False),
+    sa.Column('payment_intent_id', sa.VARCHAR(), autoincrement=False, nullable=True),
+    sa.Column('paid_at', postgresql.TIMESTAMP(), autoincrement=False, nullable=True),
+    sa.Column('created_at', postgresql.TIMESTAMP(), autoincrement=False, nullable=False),
+    sa.Column('updated_at', postgresql.TIMESTAMP(), autoincrement=False, nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['user.id'], name=op.f('premiumuser_user_id_fkey')),
+    sa.PrimaryKeyConstraint('premium_user_id', name=op.f('premiumuser_pkey'))
+    )
+    op.create_index(op.f('ix_premiumuser_user_id'), 'premiumuser', ['user_id'], unique=True)
+    op.create_index(op.f('ix_premiumuser_stripe_customer_id'), 'premiumuser', ['stripe_customer_id'], unique=False)
+    op.drop_index(op.f('ix_premium_user_user_id'), table_name='premium_user')
+    op.drop_index(op.f('ix_premium_user_stripe_customer_id'), table_name='premium_user')
+    op.drop_table('premium_user')
+    # ### end Alembic commands ###

backend/app/api/main.py

@@ -2,12 +2,14 @@
 
 from app.api.routes import items, login, private, users, utils
 from app.core.config import settings
+from app.premium_users import routes as premium_routes
 
 api_router = APIRouter()
 api_router.include_router(login.router)
 api_router.include_router(users.router)
 api_router.include_router(utils.router)
 api_router.include_router(items.router)
+api_router.include_router(premium_routes.router)
 
 
 if settings.ENVIRONMENT == "local":

backend/app/api/routes/items.py

@@ -1,11 +1,12 @@
 import uuid
 from typing import Any
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, status
 from sqlmodel import func, select
 
 from app.api.deps import CurrentUser, SessionDep
 from app.models import Item, ItemCreate, ItemPublic, ItemsPublic, ItemUpdate, Message
+from app.premium_users.service import FREE_TIER_ITEM_LIMIT, can_user_create_item
 
 router = APIRouter(prefix="/items", tags=["items"])
 
@@ -60,7 +61,15 @@ def create_item(
 ) -> Any:
     """
     Create new item.
+
+    Free users limited to 2 items. Premium users have no limit.
     """
+    if not can_user_create_item(session, current_user):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=f"Free tier limited to {FREE_TIER_ITEM_LIMIT} items. Upgrade to premium for unlimited items.",
+        )
+
     item = Item.model_validate(item_in, update={"owner_id": current_user.id})
     session.add(item)
     session.commit()

backend/app/core/config.py

@@ -56,6 +56,11 @@ def all_cors_origins(self) -> list[str]:
     POSTGRES_PASSWORD: str = ""
     POSTGRES_DB: str = ""
 
+    # Stripe Configuration
+    STRIPE_SECRET_KEY: str = ""
+    STRIPE_WEBHOOK_SECRET: str = ""
+    STRIPE_PREMIUM_PRICE_CENTS: int = 100  # $1.00 in cents
+
     @computed_field  # type: ignore[prop-decorator]
     @property
     def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:

backend/app/main.py

@@ -5,6 +5,7 @@
 
 from app.api.main import api_router
 from app.core.config import settings
+from app.premium_users.stripe import init_stripe
 
 
 def custom_generate_unique_id(route: APIRoute) -> str:
@@ -14,6 +15,9 @@ def custom_generate_unique_id(route: APIRoute) -> str:
 if settings.SENTRY_DSN and settings.ENVIRONMENT != "local":
     sentry_sdk.init(dsn=str(settings.SENTRY_DSN), enable_tracing=True)
 
+# Initialize Stripe API client
+init_stripe()
+
 app = FastAPI(
     title=settings.PROJECT_NAME,
     openapi_url=f"{settings.API_V1_STR}/openapi.json",

backend/app/premium_users/__init__.py

@@ -0,0 +1,9 @@
+"""
+Premium Users module.
+
+Handles Stripe payment tracking and premium user status.
+"""
+
+from app.premium_users.models import PremiumUser
+
+__all__ = ["PremiumUser"]

backend/app/premium_users/models.py

@@ -0,0 +1,38 @@
+"""
+Premium User database model.
+
+Stores Stripe payment and premium status data with a one-to-one
+relationship to the User table. Created when a user completes
+Stripe checkout and used to check premium status for feature gating.
+"""
+
+import uuid
+from datetime import datetime, timezone
+
+from sqlmodel import Field, SQLModel
+
+
+def utc_now() -> datetime:
+    """Return current UTC time as timezone-aware datetime."""
+    return datetime.now(timezone.utc)
+
+
+class PremiumUser(SQLModel, table=True):
+    """
+    Stores Stripe payment and premium status data.
+    One-to-one relationship with User.
+
+    Created when a user completes Stripe checkout.
+    Used to check premium status for feature gating (e.g., item limits).
+    """
+
+    __tablename__ = "premium_user"
+
+    premium_user_id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
+    user_id: uuid.UUID = Field(foreign_key="user.id", unique=True, index=True)
+    stripe_customer_id: str = Field(index=True)  # Stripe's customer ID (cus_xxx)
+    is_premium: bool = Field(default=False)  # Premium status flag
+    payment_intent_id: str | None = Field(default=None)  # Stripe payment intent (pi_xxx)
+    paid_at: datetime | None = Field(default=None)  # When payment completed
+    created_at: datetime = Field(default_factory=utc_now)
+    updated_at: datetime = Field(default_factory=utc_now)

backend/app/premium_users/routes.py

@@ -0,0 +1,183 @@
+"""
+Stripe payment API routes.
+
+Handles checkout session creation and webhook processing for premium
+user upgrades. The checkout flow redirects users to Stripe's hosted
+payment page, and webhooks handle fulfillment after successful payment.
+"""
+
+import logging
+from uuid import UUID
+
+from fastapi import APIRouter, HTTPException, Request, status
+from pydantic import BaseModel
+from sqlmodel import Session, select
+
+from app.api.deps import CurrentUser, SessionDep
+from app.core.config import settings
+from app.premium_users.models import PremiumUser, utc_now
+from app.premium_users.stripe import get_stripe_client
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/stripe", tags=["stripe"])
+
+
+class CheckoutSessionResponse(BaseModel):
+    """Response containing Stripe Checkout URL."""
+
+    checkout_url: str
+
+
+@router.post("/create-checkout-session", response_model=CheckoutSessionResponse)
+def create_checkout_session(
+    session: SessionDep,
+    current_user: CurrentUser,
+) -> CheckoutSessionResponse:
+    """
+    Create a Stripe Checkout Session for premium upgrade.
+
+    Returns a URL to redirect the user to Stripe's hosted checkout page.
+    After payment, Stripe redirects back to our success URL and sends
+    a webhook to fulfill the order.
+    """
+    logger.debug(f"Creating checkout session for user {current_user.id}")
+
+    # Check if user is already premium
+    existing = session.exec(
+        select(PremiumUser).where(PremiumUser.user_id == current_user.id)
+    ).first()
+
+    if existing and existing.is_premium:
+        logger.debug(f"User {current_user.id} is already premium")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="User is already premium",
+        )
+
+    stripe = get_stripe_client()
+
+    try:
+        checkout_session = stripe.checkout.Session.create(
+            payment_method_types=["card"],
+            line_items=[
+                {
+                    "price_data": {
+                        "currency": "usd",
+                        "product_data": {
+                            "name": "Premium Upgrade",
+                            "description": "Unlock unlimited items and premium badge",
+                        },
+                        "unit_amount": settings.STRIPE_PREMIUM_PRICE_CENTS,
+                    },
+                    "quantity": 1,
+                }
+            ],
+            mode="payment",
+            success_url=f"{settings.FRONTEND_HOST}/payment-success?session_id={{CHECKOUT_SESSION_ID}}",
+            cancel_url=f"{settings.FRONTEND_HOST}/settings",
+            metadata={
+                "user_id": str(current_user.id),
+            },
+        )
+
+        logger.debug(f"Created checkout session {checkout_session.id} for user {current_user.id}")
+
+        return CheckoutSessionResponse(checkout_url=checkout_session.url)
+
+    except stripe.error.StripeError as e:
+        logger.error(f"Stripe error creating checkout session: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to create checkout session",
+        )
+
+
+@router.post("/webhook")
+async def stripe_webhook(request: Request, session: SessionDep) -> dict:
+    """
+    Handle Stripe webhook events.
+
+    Stripe sends events here when payment status changes. We use this
+    to fulfill the premium upgrade after successful payment.
+
+    Note: This endpoint is PUBLIC (no auth) - Stripe calls it directly.
+    Security comes from signature verification.
+    """
+    payload = await request.body()
+    sig_header = request.headers.get("stripe-signature")
+
+    stripe = get_stripe_client()
+
+    try:
+        event = stripe.webhooks.Webhook.construct_event(
+            payload, sig_header, settings.STRIPE_WEBHOOK_SECRET
+        )
+    except ValueError as e:
+        logger.error(f"Invalid webhook payload: {e}")
+        raise HTTPException(status_code=400, detail="Invalid payload")
+    except stripe.error.SignatureVerificationError as e:
+        logger.error(f"Invalid webhook signature: {e}")
+        raise HTTPException(status_code=400, detail="Invalid signature")
+
+    logger.debug(f"Received Stripe webhook: {event['type']}")
+
+    # Handle checkout session completed
+    if event["type"] == "checkout.session.completed":
+        checkout_session = event["data"]["object"]
+        _handle_checkout_completed(session, checkout_session)
+
+    return {"status": "success"}
+
+
+def _handle_checkout_completed(
+    session: Session,
+    checkout_session: dict,
+) -> None:
+    """
+    Process successful checkout - grant premium status to user.
+
+    Creates or updates PremiumUser record with payment details.
+    Idempotent: safe to call multiple times for same checkout session.
+    """
+    user_id_str = checkout_session.get("metadata", {}).get("user_id")
+    if not user_id_str:
+        logger.error("No user_id in checkout session metadata")
+        return
+
+    user_id = UUID(user_id_str)
+    stripe_customer_id = checkout_session.get("customer")
+    payment_intent_id = checkout_session.get("payment_intent")
+
+    logger.debug(f"Processing premium upgrade for user {user_id}")
+
+    # Check for existing record (idempotency)
+    existing = session.exec(
+        select(PremiumUser).where(PremiumUser.user_id == user_id)
+    ).first()
+
+    if existing:
+        if existing.is_premium:
+            logger.debug(f"User {user_id} already premium, skipping")
+            return
+
+        # Update existing record
+        existing.is_premium = True
+        existing.stripe_customer_id = stripe_customer_id
+        existing.payment_intent_id = payment_intent_id
+        existing.paid_at = utc_now()
+        existing.updated_at = utc_now()
+        session.add(existing)
+    else:
+        # Create new record
+        premium_user = PremiumUser(
+            user_id=user_id,
+            stripe_customer_id=stripe_customer_id,
+            is_premium=True,
+            payment_intent_id=payment_intent_id,
+            paid_at=utc_now(),
+        )
+        session.add(premium_user)
+
+    session.commit()
+    logger.debug(f"User {user_id} upgraded to premium")