feat: Upgrade to Freemium B2B/B2E platform with Stripe, NextAuth, Supabase

- Add authentication: NextAuth.js with Google OAuth & credentials
- Add payment: Stripe subscriptions (FREE/PRO/BUSINESS/ENTERPRISE)
- Add database: Prisma schema with 30+ models for Supabase
- Add features: Scan history, Watchlist, API keys, PDF export
- Add B2B: Organization dashboard, member management
- Add pages: Dashboard, Pricing, Billing, Transparency, API Keys
- Add middleware: Auth protection & tier-based access control
- Add rate limiting: Tier-based quota system
- Fix all TypeScript errors (0 errors)
- Add documentation: Setup guides for Supabase, Stripe, deployment

Author: maitamdev

.env.example

@@ -1,7 +1,16 @@
-# Database (Supabase/PostgreSQL)
-DATABASE_URL="postgresql://user:password@host:6543/database?pgbouncer=true"
-DIRECT_URL="postgresql://user:password@host:5432/database"
+# ==============================================
+# DATABASE - SUPABASE
+# ==============================================
+# Get from: https://supabase.com/dashboard/project/_/settings/database
+# Transaction mode (for Prisma Migrate) - Port 5432
+DIRECT_URL="postgresql://postgres.[PROJECT-REF]:[YOUR-PASSWORD]@aws-0-ap-southeast-1.pooler.supabase.com:5432/postgres"
 
+# Session mode (for queries via PgBouncer) - Port 6543
+DATABASE_URL="postgresql://postgres.[PROJECT-REF]:[YOUR-PASSWORD]@aws-0-ap-southeast-1.pooler.supabase.com:6543/postgres?pgbouncer=true"
+
+# ==============================================
+# AI MODELS
+# ==============================================
 # HuggingFace API (with Inference Provider permission)
 # Get from: https://huggingface.co/settings/tokens
 HUGGINGFACE_API_KEY="hf_xxxxxxxxxxxxxxxxxxxx"
@@ -10,11 +19,44 @@ HUGGINGFACE_API_KEY="hf_xxxxxxxxxxxxxxxxxxxx"
 # Get from: https://console.groq.com/keys
 GROQ_API_KEY="gsk_xxxxxxxxxxxxxxxxxxxx"
 
+# ==============================================
+# EXTERNAL SERVICES
+# ==============================================
 # VirusTotal API (optional, for malware/phishing detection)
 # Get from: https://www.virustotal.com/gui/my-apikey
 # Free tier: 500 requests/day, 4 requests/minute
 VIRUSTOTAL_API_KEY="your_virustotal_api_key_here"
 
+# ==============================================
+# AUTHENTICATION (NextAuth.js)
+# ==============================================
+NEXTAUTH_URL="http://localhost:3000"
+NEXTAUTH_SECRET="your-nextauth-secret-here-generate-with-openssl-rand-base64-32"
+
+# OAuth Providers (Optional)
+GOOGLE_CLIENT_ID="your-google-client-id"
+GOOGLE_CLIENT_SECRET="your-google-client-secret"
+
+# ==============================================
+# STRIPE PAYMENT
+# ==============================================
+STRIPE_SECRET_KEY="sk_test_xxxxx"
+NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="pk_test_xxxxx"
+STRIPE_WEBHOOK_SECRET="whsec_xxxxx"
+
+# Price IDs (create these in Stripe Dashboard)
+NEXT_PUBLIC_STRIPE_PRO_PRICE_ID="price_xxxxx"
+NEXT_PUBLIC_STRIPE_BUSINESS_PRICE_ID="price_xxxxx"
+
+# ==============================================
+# APP CONFIGURATION
+# ==============================================
+NEXT_PUBLIC_APP_URL="http://localhost:3000"
+NEXT_PUBLIC_APP_NAME="ANTI-SCAM"
+
+# ==============================================
+# ADMIN PANEL
+# ==============================================
 # Admin Secret (generate a strong random string)
 # Use: openssl rand -hex 32
 ADMIN_SECRET="12345"

.github/workflows/deploy.yml

@@ -0,0 +1,61 @@
+name: Deploy to GitHub Pages
+
+on:
+  push:
+    branches:
+      - main  # Hoặc master, tùy theo tên branch chính của bạn
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          
+      - name: Install dependencies
+        run: npm ci
+        
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+        
+      - name: Build with Next.js
+        run: npm run export
+        env:
+          # Thêm các environment variables cần thiết
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          HUGGINGFACE_API_KEY: ${{ secrets.HUGGINGFACE_API_KEY }}
+          VIRUSTOTAL_API_KEY: ${{ secrets.VIRUSTOTAL_API_KEY }}
+          ADMIN_SECRET: ${{ secrets.ADMIN_SECRET }}
+          
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./out
+
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

app/api/api-keys/[id]/route.ts

@@ -0,0 +1,47 @@
+/**
+ * Delete API Key
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
+import { authOptions } from '@/app/lib/auth'
+import prisma from '@/app/lib/db'
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: { id: string } }
+) {
+  try {
+    const session = await getServerSession(authOptions)
+
+    if (!session?.user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { id } = params
+
+    const key = await prisma.apiKey.findUnique({
+      where: { id },
+    })
+
+    if (!key || key.userId !== session.user.id) {
+      return NextResponse.json(
+        { error: 'Not found or unauthorized' },
+        { status: 404 }
+      )
+    }
+
+    await prisma.apiKey.delete({
+      where: { id },
+    })
+
+    return NextResponse.json({ success: true })
+
+  } catch (error) {
+    console.error('Delete API key error:', error)
+    return NextResponse.json(
+      { error: 'Failed to delete' },
+      { status: 500 }
+    )
+  }
+}

app/api/api-keys/route.ts

@@ -0,0 +1,120 @@
+/**
+ * API Keys Management API
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { getServerSession } from 'next-auth'
+import { authOptions } from '@/app/lib/auth'
+import prisma from '@/app/lib/db'
+import { nanoid } from 'nanoid'
+import { hash } from 'bcryptjs'
+
+export async function GET(request: NextRequest) {
+  try {
+    const session = await getServerSession(authOptions)
+
+    if (!session?.user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    if (session.user.tier === 'FREE' || session.user.tier === 'PRO') {
+      return NextResponse.json(
+        { error: 'API access chỉ dành cho gói Business trở lên' },
+        { status: 403 }
+      )
+    }
+
+    const apiKeys = await prisma.apiKey.findMany({
+      where: { userId: session.user.id },
+      select: {
+        id: true,
+        name: true,
+        prefix: true,
+        lastUsedAt: true,
+        createdAt: true,
+        isActive: true,
+      },
+      orderBy: { createdAt: 'desc' },
+    })
+
+    return NextResponse.json({ success: true, data: apiKeys })
+
+  } catch (error) {
+    console.error('API keys fetch error:', error)
+    return NextResponse.json(
+      { error: 'Failed to fetch API keys' },
+      { status: 500 }
+    )
+  }
+}
+
+export async function POST(request: NextRequest) {
+  try {
+    const session = await getServerSession(authOptions)
+
+    if (!session?.user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    if (session.user.tier === 'FREE' || session.user.tier === 'PRO') {
+      return NextResponse.json(
+        { error: 'API access chỉ dành cho gói Business trở lên' },
+        { status: 403 }
+      )
+    }
+
+    // Check limit (max 10 keys)
+    const count = await prisma.apiKey.count({
+      where: { userId: session.user.id }
+    })
+
+    if (count >= 10) {
+      return NextResponse.json(
+        { error: 'Đã đạt giới hạn 10 API keys' },
+        { status: 400 }
+      )
+    }
+
+    const body = await request.json()
+    const { name } = body
+
+    if (!name || name.length < 3) {
+      return NextResponse.json(
+        { error: 'Tên phải có ít nhất 3 ký tự' },
+        { status: 400 }
+      )
+    }
+
+    // Generate API key: as_xxxxxxxxxxxxxxxx
+    const key = `as_${nanoid(32)}`
+    const prefix = key.substring(0, 8)
+    const hashedKey = await hash(key, 12)
+
+    const apiKey = await prisma.apiKey.create({
+      data: {
+        userId: session.user.id,
+        name,
+        key: hashedKey,
+        prefix,
+      },
+    })
+
+    return NextResponse.json({
+      success: true,
+      key, // Return unhashed key ONLY this one time
+      data: {
+        id: apiKey.id,
+        name: apiKey.name,
+        prefix: apiKey.prefix,
+        createdAt: apiKey.createdAt,
+      },
+    })
+
+  } catch (error) {
+    console.error('API key create error:', error)
+    return NextResponse.json(
+      { error: 'Failed to create API key' },
+      { status: 500 }
+    )
+  }
+}

app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,6 @@
+import NextAuth from 'next-auth'
+import { authOptions } from '@/app/lib/auth'
+
+const handler = NextAuth(authOptions)
+
+export { handler as GET, handler as POST }

app/api/auth/register/route.ts

@@ -0,0 +1,70 @@
+/**
+ * Authentication API Routes
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { hash } from 'bcryptjs'
+import prisma from '@/app/lib/db'
+import { z } from 'zod'
+
+const registerSchema = z.object({
+  email: z.string().email('Email không hợp lệ'),
+  password: z.string().min(8, 'Mật khẩu phải có ít nhất 8 ký tự'),
+  name: z.string().optional(),
+})
+
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { email, password, name } = registerSchema.parse(body)
+
+    // Check if user exists
+    const existingUser = await prisma.user.findUnique({
+      where: { email }
+    })
+
+    if (existingUser) {
+      return NextResponse.json(
+        { error: 'Email đã được sử dụng' },
+        { status: 400 }
+      )
+    }
+
+    // Hash password
+    const hashedPassword = await hash(password, 12)
+
+    // Create user
+    const user = await prisma.user.create({
+      data: {
+        email,
+        password: hashedPassword,
+        name,
+        tier: 'FREE',
+        role: 'USER',
+        status: 'ACTIVE',
+      }
+    })
+
+    return NextResponse.json({
+      success: true,
+      user: {
+        id: user.id,
+        email: user.email,
+        name: user.name,
+      }
+    })
+
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: error.errors[0].message },
+        { status: 400 }
+      )
+    }
+
+    return NextResponse.json(
+      { error: 'Đã xảy ra lỗi khi đăng ký' },
+      { status: 500 }
+    )
+  }
+}