1. Updated packages

2. Added comments to schema
3. Minor API updates

apps/web/package.json

@@ -51,19 +51,19 @@
     "@kit/ui": "workspace:^",
     "@makerkit/data-loader-supabase-core": "^0.0.7",
     "@makerkit/data-loader-supabase-nextjs": "^1.1.0",
-    "@marsidev/react-turnstile": "^0.5.4",
+    "@marsidev/react-turnstile": "^0.6.0",
     "@radix-ui/react-icons": "^1.3.0",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
     "@tanstack/react-query-next-experimental": "^5.32.0",
     "@tanstack/react-table": "^8.16.0",
     "date-fns": "^3.6.0",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
     "next-sitemap": "^4.2.3",
     "next-themes": "0.3.0",
-    "react": "18.2.0",
+    "react": "18.3.1",
-    "react-dom": "18.2.0",
+    "react-dom": "18.3.1",
     "react-hook-form": "^7.51.3",
     "react-i18next": "^14.1.1",
     "recharts": "^2.12.6",
@@ -79,13 +79,13 @@
     "@next/bundle-analyzer": "14.3.0-canary.9",
     "@types/mdx": "^2.0.13",
     "@types/node": "^20.12.7",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "@types/react-dom": "^18.2.25",
+    "@types/react-dom": "^18.3.0",
     "autoprefixer": "^10.4.19",
     "dotenv-cli": "^7.4.1",
     "eslint": "^8.57.0",
     "prettier": "^3.2.5",
-    "supabase": "^1.163.2",
+    "supabase": "^1.163.6",
     "tailwindcss": "3.4.3",
     "typescript": "^5.4.5"
   },
@@ -98,5 +98,12 @@
       "@kit/eslint-config/apps"
     ]
   },
-  "prettier": "@kit/prettier-config"
+  "prettier": "@kit/prettier-config",
+  "browserslist": [
+    "iOS >= 9",
+    "Android >= 4.4",
+    "last 2 versions",
+    "> 0.2%",
+    "not dead"
+  ]
 }

apps/web/public/locales/en/marketing.json

@@ -33,5 +33,5 @@
   "contactSuccess": "Your message has been sent successfully",
   "contactError": "An error occurred while sending your message",
   "contactSuccessDescription": "We have received your message and will get back to you as soon as possible",
-    "contactErrorDescription": "An error occurred while sending your message. Please try again later"
+  "contactErrorDescription": "An error occurred while sending your message. Please try again later"
 }

apps/web/supabase/migrations/20221215192558_schema.sql

@@ -172,7 +172,8 @@ values (
 -- Open up access to config table for authenticated users and service_role
 grant select on public.config to authenticated, service_role;
 
--- RLS on the config table
+-- RLS
+-- SELECT(config):
 -- Authenticated users can read the config
 create policy "public config can be read by authenticated users" on
     public.config
@@ -246,7 +247,8 @@ language plpgsql;
 
 grant execute on function public.get_config() to authenticated, service_role;
 
--- check if a field is set in the config
+-- Function "public.is_set"
+-- Check if a field is set in the config
 create or replace function public.is_set(field_name text)
     returns boolean
     as $$
@@ -264,7 +266,6 @@ language plpgsql;
 
 grant execute on function public.is_set(text) to authenticated;
 
-
 /*
  * -------------------------------------------------------
  * Section: Accounts
@@ -309,33 +310,35 @@ grant select, insert, update, delete on table public.accounts to
     authenticated, service_role;
 
 -- constraint that conditionally allows nulls on the slug ONLY if
---   personal_account is true
+--  personal_account is true
 alter table public.accounts
     add constraint accounts_slug_null_if_personal_account_true check
 	((is_personal_account = true and slug is null) or
 	(is_personal_account = false and slug is not null));
 
--- constraint to ensure that the primary_owner_user_id is unique for
+-- constraint to ensure that the primary_owner_user_id is unique for personal accounts
---   personal accounts
 create unique index unique_personal_account on
     public.accounts(primary_owner_user_id)
 where
     is_personal_account = true;
 
 -- RLS on the accounts table
--- SELECT: Users can read their own accounts
+
+-- SELECT(accounts):
+-- Users can read their own accounts
 create policy accounts_read_self on public.accounts
     for select to authenticated
         using (auth.uid() = primary_owner_user_id);
 
--- UPDATE: Team owners can update their accounts
+-- UPDATE(accounts):
+-- Team owners can update their accounts
 create policy accounts_self_update on public.accounts
     for update to authenticated
         using (auth.uid() = primary_owner_user_id)
         with check (auth.uid() = primary_owner_user_id);
 
--- Functions
+-- Function "public.transfer_team_account_ownership"
--- Function to transfer team account ownership to another user
+-- Function to transfer the ownership of a team account to another user
 create or replace function
     public.transfer_team_account_ownership(target_account_id uuid,
     new_owner_id uuid)
@@ -386,6 +389,8 @@ grant execute on function
     public.transfer_team_account_ownership(uuid, uuid) to
     service_role;
 
+-- Function "public.is_account_owner"
+-- Function to check if a user is the primary owner of an account
 create function public.is_account_owner(account_id uuid)
     returns boolean
     as $$
@@ -404,6 +409,8 @@ language sql;
 grant execute on function public.is_account_owner(uuid) to
     authenticated, service_role;
 
+-- Function "kit.protect_account_fields"
+-- Function to protect account fields from being updated
 create or replace function kit.protect_account_fields()
     returns trigger
     as $$
@@ -429,6 +436,8 @@ create trigger protect_account_fields
     before update on public.accounts for each row
     execute function kit.protect_account_fields();
 
+-- Function "public.get_upper_system_role"
+-- Function to get the highest system role for an account
 create or replace function public.get_upper_system_role()
     returns varchar
     as $$
@@ -447,6 +456,8 @@ language plpgsql;
 grant execute on function public.get_upper_system_role() to
     service_role;
 
+-- Function "kit.add_current_user_to_new_account"
+-- Trigger to add the current user to a new account as the primary owner
 create or replace function kit.add_current_user_to_new_account()
     returns trigger
     language plpgsql
@@ -477,8 +488,7 @@ create trigger "add_current_user_to_new_account"
     after insert on public.accounts for each row
     execute function kit.add_current_user_to_new_account();
 
--- create a trigger to update the account email when the primary owner
+-- create a trigger to update the account email when the primary owner email is updated
---   email is updated
 create or replace function kit.handle_update_user_email()
     returns trigger
     language plpgsql
@@ -500,9 +510,8 @@ end;
 
 $$;
 
--- trigger the function every time a user email is updated
+-- trigger the function every time a user email is updated only if the user is the primary owner of the account and
---     only if the user is the primary owner of the account and the
+ -- the account is personal account
---   account is personal account
 create trigger "on_auth_user_updated"
     after update of email on auth.users for each row
     execute procedure kit.handle_update_user_email();
@@ -513,7 +522,7 @@ create trigger "on_auth_user_updated"
  * We create the schema for the roles. Roles are the roles for an account. For example, an account might have the roles 'owner', 'admin', and 'member'.
  * -------------------------------------------------------
  */
--- Account Memberships table
+-- Roles Table
 create table if not exists public.roles(
     name varchar(50) not null,
     hierarchy_level int not null check (hierarchy_level > 0),
@@ -545,6 +554,8 @@ create unique index idx_unique_hierarchy_per_account
 create unique index idx_unique_name_per_account
     on public.roles (name, coalesce(account_id, kit.get_system_role_uuid()));
 
+-- Function "kit.check_non_personal_account_roles"
+-- Trigger to prevent roles from being created for personal accounts
 create or replace function kit.check_non_personal_account_roles()
     returns trigger
     as $$
@@ -594,14 +605,14 @@ comment on column public.accounts_memberships.account_id is 'The account the mem
 
 comment on column public.accounts_memberships.account_role is 'The role for the membership';
 
--- Open up access to accounts_memberships table for authenticated users
+-- Open up access to accounts_memberships table for authenticated users and service_role
---   and service_role
 grant select, insert, update, delete on table
     public.accounts_memberships to service_role;
 
 -- Enable RLS on the accounts_memberships table
 alter table public.accounts_memberships enable row level security;
 
+-- Function "kit.prevent_account_owner_membership_delete"
 -- Trigger to prevent a primary owner from being removed from an account
 create or replace function kit.prevent_account_owner_membership_delete()
     returns trigger
@@ -630,7 +641,8 @@ create or replace trigger prevent_account_owner_membership_delete_check
     before delete on public.accounts_memberships for each row
     execute function kit.prevent_account_owner_membership_delete();
 
--- Functions
+-- Function "public.has_role_on_account"
+-- Function to check if a user has a role on an account
 create or replace function public.has_role_on_account(account_id
     uuid, account_role varchar(50) default null)
     returns boolean
@@ -654,7 +666,8 @@ $$;
 grant execute on function public.has_role_on_account(uuid, varchar)
     to authenticated;
 
--- Function to check if a user is a team member of an account or not
+-- Function "public.is_team_member"
+-- Check if a user is a team member of an account or not
 create or replace function public.is_team_member(account_id uuid,
     user_id uuid)
     returns boolean
@@ -676,9 +689,9 @@ $$;
 
 grant execute on function public.is_team_member(uuid, uuid) to authenticated;
 
-
+-- RLS
--- SELECT(roles): authenticated users can query roles if the role is public
+-- SELECT(roles)
---  or the user has a role on the account the role is for
+-- authenticated users can query roles if the role is public or the user has a role on the account the role is for
 create policy roles_read on public.roles
     for select to authenticated
         using (
@@ -686,8 +699,8 @@ create policy roles_read on public.roles
             or public.has_role_on_account(account_id)
         );
 
-
+-- Function "public.can_action_account_member"
--- Function to check if a user can perform management actions on an account member
+-- Check if a user can perform management actions on an account member
 create or replace function
     public.can_action_account_member(target_team_account_id uuid,
     target_user_id uuid)
@@ -786,36 +799,29 @@ grant execute on function public.can_action_account_member(uuid, uuid)
     to authenticated, service_role;
 
 -- RLS
--- SELECT: Users can read their account memberships
+
+-- SELECT(accounts_memberships):
+-- Users can read their account memberships
 create policy accounts_memberships_read_self on public.accounts_memberships
     for select to authenticated
         using (user_id = auth.uid());
 
--- SELECT: Users can read their team members account memberships
+-- SELECT(accounts_memberships):
+-- Users can read their team members account memberships
 create policy accounts_memberships_team_read on public.accounts_memberships
     for select to authenticated
         using (is_team_member(account_id, user_id));
 
 -- RLS on the accounts table
---    SELECT: Users can read the team accounts they are a member of
+
+-- SELECT(accounts):
+-- Users can read the team accounts they are a member of
 create policy accounts_read_team on public.accounts
     for select to authenticated
         using (has_role_on_account(id));
 
--- DELETE: Users can remove themselves from an account unless they are the primary owner
+-- SELECT(accounts):
-create policy accounts_memberships_delete_self on public.accounts_memberships
+-- Team members can read accounts of the team they are a member of
-    for delete
-    to authenticated
-        using (user_id = auth.uid());
-
--- DELETE: Users with the required role can remove members from an account
-create policy accounts_memberships_delete on public.accounts_memberships
-    for delete
-    to authenticated
-        using (public.can_action_account_member(account_id, user_id));
-
--- SELECT (public.accounts): Team members can read accounts of the team
---   they are a member of
 create policy accounts_team_read on public.accounts
     for select to authenticated
         using (exists (
@@ -826,6 +832,20 @@ create policy accounts_team_read on public.accounts
             where
                 public.is_team_member(membership.account_id, id)));
 
+-- DELETE(accounts_memberships):
+-- Users can remove themselves from an account unless they are the primary owner
+create policy accounts_memberships_delete_self on public.accounts_memberships
+    for delete
+    to authenticated
+        using (user_id = auth.uid());
+
+-- DELETE(accounts_memberships):
+-- Users with the required role can remove members from an account
+create policy accounts_memberships_delete on public.accounts_memberships
+    for delete
+    to authenticated
+        using (public.can_action_account_member(account_id, user_id));
+
 /*
  * -------------------------------------------------------
  * Section: Role Permissions
@@ -847,10 +867,14 @@ comment on column public.role_permissions.role is 'The role the permission is fo
 
 comment on column public.role_permissions.permission is 'The permission for the role';
 
--- Open up access to accounts
+-- Open up access to role_permissions table for authenticated users and service_role
 grant select, insert, update, delete on table public.role_permissions
-    to authenticated, service_role;
+    to service_role;
 
+-- Authenticated users can read role permissions
+grant select on table public.role_permissions to authenticated;
+
+-- Function "public.has_permission"
 -- Create a function to check if a user has a permission
 create function public.has_permission(user_id uuid, account_id uuid,
     permission_name app_permissions)
@@ -878,7 +902,8 @@ language plpgsql;
 grant execute on function public.has_permission(uuid, uuid,
     public.app_permissions) to authenticated, service_role;
 
--- Function: Check if a user has a more elevated role than the target role
+-- Function "public.has_more_elevated_role"
+-- Check if a user has a more elevated role than the target role
 create or replace function
     public.has_more_elevated_role(target_user_id uuid,
     target_account_id uuid, role_name varchar)
@@ -951,7 +976,8 @@ language plpgsql;
 grant execute on function public.has_more_elevated_role(uuid, uuid,
     varchar) to authenticated, service_role;
 
--- Function: Check if a user has the same role hierarchy level as the target role
+-- Function "public.has_same_role_hierarchy_level"
+-- Check if a user has the same role hierarchy level as the target role
 create or replace function
     public.has_same_role_hierarchy_level(target_user_id uuid,
     target_account_id uuid, role_name varchar)
@@ -1026,8 +1052,10 @@ grant execute on function public.has_same_role_hierarchy_level(uuid, uuid,
 -- Enable RLS on the role_permissions table
 alter table public.role_permissions enable row level security;
 
--- RLS
+-- RLS on the role_permissions table
--- Authenticated Users can read their permissions
+
+-- SELECT(role_permissions):
+-- Authenticated Users can read global permissions
 create policy role_permissions_read on public.role_permissions
     for select to authenticated
         using (true);
@@ -1074,6 +1102,8 @@ grant select, insert, update, delete on table public.invitations to
 -- Enable RLS on the invitations table
 alter table public.invitations enable row level security;
 
+-- Function "kit.check_team_account"
+-- Function to check if the account is a team account or not when inserting or updating an invitation
 create or replace function kit.check_team_account()
     returns trigger
     as $$
@@ -1100,19 +1130,17 @@ create trigger only_team_accounts_check
     before insert or update on public.invitations for each row
     execute procedure kit.check_team_account();
 
--- RLS
+-- RLS on the invitations table
---    SELECT: Users can read invitations to users of an account they
+
--- are
+-- SELECT(invitations):
---   a member of
+-- Users can read invitations to users of an account they are a member of
 create policy invitations_read_self on public.invitations
     for select to authenticated
         using (public.has_role_on_account(account_id));
 
--- INSERT: Users can create invitations to users of an account they are
+-- INSERT(invitations):
---   a member of
+-- Users can create invitations to users of an account they are
---     and have the 'invites.manage' permission AND the target role is
+-- a member of  and have the 'invites.manage' permission AND the target role is not higher than the user's role
---  not
---   higher than the user's role
 create policy invitations_create_self on public.invitations
     for insert to authenticated
         with check (
@@ -1120,11 +1148,9 @@ create policy invitations_create_self on public.invitations
         and public.has_permission(auth.uid(), account_id, 'invites.manage'::app_permissions)
         and public.has_same_role_hierarchy_level(auth.uid(), account_id, role));
 
--- UPDATE: Users can update invitations to users of an account they are
+-- UPDATE(public.invitations):
---   a member of
+-- Users can update invitations to users of an account they are a member of and have the 'invites.manage' permission AND
---     and have the 'invites.manage' permission AND the target role is
+-- the target role is not higher than the user's role
---  not
---   higher than the user's role
 create policy invitations_update on public.invitations
     for update to authenticated
 	using (public.has_permission(auth.uid(), account_id,
@@ -1134,16 +1160,14 @@ create policy invitations_update on public.invitations
 		'invites.manage'::app_permissions)
             and public.has_more_elevated_role(auth.uid(), account_id, role));
 
--- DELETE: Users can delete invitations to users of an account they are
+-- DELETE(public.invitations):
---   a member of
+-- Users can delete invitations to users of an account they are a member of and have the 'invites.manage' permission
---    and have the 'invites.manage' permission
 create policy invitations_delete on public.invitations
     for delete to authenticated
         using (has_role_on_account(account_id)
-	    and public.has_permission(auth.uid(), account_id,
+	    and public.has_permission(auth.uid(), account_id, 'invites.manage'::app_permissions));
-		'invites.manage'::app_permissions));
 
--- Functions
+-- Functions "public.accept_invitation"
 -- Function to accept an invitation to an account
 create or replace function accept_invitation(token text, user_id uuid)
     returns uuid
@@ -1164,7 +1188,6 @@ begin
 
     if not found then
         raise exception 'Invalid or expired invitation token';
-
     end if;
 
     insert into public.accounts_memberships(
@@ -1187,7 +1210,6 @@ language plpgsql;
 
 grant execute on function accept_invitation(text, uuid) to service_role;
 
-
 /*
  * -------------------------------------------------------
  * Section: Billing Customers
@@ -1222,12 +1244,13 @@ grant select, insert, update, delete on table
 -- Enable RLS on billing_customers table
 alter table public.billing_customers enable row level security;
 
-grant select on table public.billing_customers to authenticated;
+-- Open up access to billing_customers table for authenticated users
+grant select on table public.billing_customers to authenticated, service_role;
 
--- RLS
+-- RLS on the billing_customers table
---    SELECT: Users can read account subscriptions on an account they
+
---  are
+-- SELECT(billing_customers):
---   a member of
+-- Users can read account subscriptions on an account they are a member of
 create policy billing_customers_read_self on public.billing_customers
     for select to authenticated
         using (account_id = auth.uid()
@@ -1282,9 +1305,7 @@ comment on column public.subscriptions.active is 'Whether the subscription is ac
 
 comment on column public.subscriptions.billing_customer_id is 'The billing customer ID for the subscription';
 
-
+-- Open up access to subscriptions table for authenticated users and service_role
--- Open up access to subscriptions table for authenticated users and
---   service_role
 grant select, insert, update, delete on table public.subscriptions to
     service_role;
 
@@ -1293,10 +1314,10 @@ grant select on table public.subscriptions to authenticated;
 -- Enable RLS on subscriptions table
 alter table public.subscriptions enable row level security;
 
--- RLS
+-- RLS on the subscriptions table
---    SELECT: Users can read account subscriptions on an account they
+
---  are
+-- SELECT(subscriptions):
---   a member of
+-- Users can read account subscriptions on an account they are a member of
 create policy subscriptions_read_self on public.subscriptions
     for select to authenticated
         using (
@@ -1304,7 +1325,8 @@ create policy subscriptions_read_self on public.subscriptions
             or (account_id = auth.uid() and public.is_set('enable_account_billing'))
          );
 
--- Functions
+-- Function "public.upsert_subscription"
+-- Insert or Update a subscription and its items in the database when receiving a webhook from the billing provider
 create or replace function
     public.upsert_subscription(target_account_id uuid,
     target_customer_id varchar(255), target_subscription_id text,
@@ -1483,8 +1505,8 @@ grant insert, update, delete on table public.subscription_items to
 -- RLS
 alter table public.subscription_items enable row level security;
 
--- SELECT: Users can read subscription items on a subscription they are
+-- SELECT(subscription_items)
---   a member of
+-- Users can read subscription items on a subscription they are a member of
 create policy subscription_items_read_self on public.subscription_items
     for select to authenticated
         using (exists (
@@ -1538,9 +1560,8 @@ grant select, insert, update, delete on table public.orders to service_role;
 -- RLS
 alter table public.orders enable row level security;
 
--- SELECT
+-- SELECT(orders)
---    Users can read orders on an account they are a member of or the
+-- Users can read orders on an account they are a member of or the account is their own
---   account is their own
 create policy orders_read_self on public.orders
     for select to authenticated
         using ((account_id = auth.uid() and public.is_set('enable_account_billing'))
@@ -1586,7 +1607,7 @@ grant select on table public.order_items to authenticated, service_role;
 -- RLS
 alter table public.order_items enable row level security;
 
--- SELECT
+-- SELECT(order_items):
 -- Users can read order items on an order they are a member of
 create policy order_items_read_self on public.order_items
     for select to authenticated
@@ -1599,7 +1620,8 @@ create policy order_items_read_self on public.order_items
 		id = order_id and (account_id = auth.uid() or
 		    has_role_on_account(account_id))));
 
--- Functions
+-- Function "public.upsert_order"
+-- Insert or update an order and its items when receiving a webhook from the billing provider
 create or replace function public.upsert_order(target_account_id
     uuid, target_customer_id varchar(255), target_order_id text,
     status public.payment_status, billing_provider
@@ -1685,13 +1707,8 @@ grant execute on function public.upsert_order(uuid, varchar, text,
     public.payment_status, public.billing_provider, numeric, varchar,
     jsonb) to service_role;
 
-
-/*
- * -------------------------------------------------------
- * Section: Functions
- * -------------------------------------------------------
- */
 -- Create a function to slugify a string
+-- useful for turning an account name into a unique slug
 create or replace function kit.slugify("value" text)
     returns text
     as $$
@@ -1740,6 +1757,8 @@ strict immutable;
 
 grant execute on function kit.slugify(text) to service_role, authenticated;
 
+-- Function "kit.set_slug_from_account_name"
+-- Set the slug from the account name and increment if the slug exists
 create or replace function kit.set_slug_from_account_name()
     returns trigger
     language plpgsql
@@ -1802,7 +1821,8 @@ create trigger "update_slug_from_account_name"
 	NEW.is_personal_account = false)
     execute procedure kit.set_slug_from_account_name();
 
--- Create a function to setup a new user with a personal account
+-- Function "kit.setup_new_user"
+-- Setup a new user account after user creation
 create function kit.setup_new_user()
     returns trigger
     language plpgsql
@@ -1851,13 +1871,18 @@ create trigger on_auth_user_created
     after insert on auth.users for each row
     execute procedure kit.setup_new_user();
 
--- Function: create a team account
+-- Function "public.create_team_account"
+-- Create a team account if team accounts are enabled
 create or replace function public.create_team_account(account_name text)
     returns public.accounts
     as $$
 declare
     new_account public.accounts;
 begin
+    if (not public.is_set('enable_team_accounts')) then
+        raise exception 'Team accounts are not enabled';
+    end if;
+
     insert into public.accounts(
         name,
         is_personal_account)
@@ -1877,7 +1902,7 @@ language plpgsql;
 grant execute on function public.create_team_account(text) to
     authenticated, service_role;
 
--- RLS
+-- RLS(public.accounts)
 -- Authenticated users can create team accounts
 create policy create_org_account on public.accounts
     for insert to authenticated
@@ -1886,7 +1911,8 @@ public.is_set(
         'enable_team_accounts')
         and public.accounts.is_personal_account = false);
 
--- Function: create an invitation to an account
+-- Function "public.create_invitation"
+-- create an invitation to an account
 create or replace function public.create_invitation(account_id uuid,
     email text, role varchar(50))
     returns public.invitations
@@ -1962,8 +1988,8 @@ where
 grant select on public.user_accounts to authenticated, service_role;
 
 --
--- Function: get the account workspace for a team account
+-- Function "public.team_account_workspace"
--- to load all the required data for the authenticated user within the account scope
+-- Load all the data for a team account workspace
 create or replace function
     public.team_account_workspace(account_slug text)
     returns table(
@@ -2015,7 +2041,7 @@ language plpgsql;
 grant execute on function public.team_account_workspace(text)
     to authenticated, service_role;
 
--- Functions: get account members
+-- Functions "public.get_account_members"
 -- Function to get the members of an account by the account slug
 create or replace function public.get_account_members(account_slug text)
     returns table(
@@ -2061,7 +2087,8 @@ $$;
 grant execute on function public.get_account_members(text) to
     authenticated, service_role;
 
--- Function to get the account invitations by the account slug
+-- Function "public.get_account_invitations"
+-- List the account invitations by the account slug
 create or replace function public.get_account_invitations(account_slug text)
     returns table(
         id integer,
@@ -2103,7 +2130,8 @@ language plpgsql;
 grant execute on function public.get_account_invitations(text) to
     authenticated, service_role;
 
--- Function to append invitations to an account
+-- Function "public.add_invitations_to_account"
+-- Add invitations to an account
 create or replace function
     public.add_invitations_to_account(account_slug text, invitations
     public.invitation[])
@@ -2152,6 +2180,9 @@ language plpgsql;
 grant execute on function public.add_invitations_to_account(text,
     public.invitation[]) to authenticated, service_role;
 
+-- Function "public.has_active_subscription"
+-- Check if a user has an active subscription on an account - ie. it's trialing or active
+-- Useful to gate access to features that require a subscription
 create or replace function public.has_active_subscription(target_account_id uuid)
     returns boolean
     as $$
@@ -2173,7 +2204,6 @@ language plpgsql;
 grant execute on function public.has_active_subscription(uuid) to
     authenticated, service_role;
 
-
 -- Storage
 -- Account Image
 insert into storage.buckets(
@@ -2185,6 +2215,8 @@ values (
     'account_image',
     true);
 
+-- Function: get the storage filename as a UUID.
+-- Useful if you want to name files with UUIDs related to an account
 create or replace function kit.get_storage_filename_as_uuid(name text)
     returns uuid
     as $$

package.json

@@ -37,26 +37,12 @@
   ],
   "dependencies": {
     "@manypkg/cli": "^0.21.4",
-    "@turbo/gen": "^1.13.2",
+    "@turbo/gen": "^1.13.3",
     "cross-env": "^7.0.3",
-    "pnpm": "^8.15.7",
+    "pnpm": "^9.0.6",
     "prettier": "^3.2.5",
-    "turbo": "^1.13.2",
+    "turbo": "^1.13.3",
     "typescript": "^5.4.5",
     "yarn": "^1.22.22"
-  },
+  }
-  "pnpm": {
-    "overrides": {
-      "next": "14.3.0-canary.7",
-      "react": "18.2.0",
-      "react-dom": "18.2.0"
-    }
-  },
-  "browserslist": [
-    "iOS >= 9",
-    "Android >= 4.4",
-    "last 2 versions",
-    "> 0.2%",
-    "not dead"
-  ]
 }

packages/billing/core/src/services/billing-strategy-provider.service.ts

@@ -4,11 +4,11 @@ import {
   CancelSubscriptionParamsSchema,
   CreateBillingCheckoutSchema,
   CreateBillingPortalSessionSchema,
+  QueryBillingUsageSchema,
   ReportBillingUsageSchema,
   RetrieveCheckoutSessionSchema,
   UpdateSubscriptionParamsSchema,
 } from '../schema';
-import { QueryBillingUsageSchema } from '../schema/query-billing-usage.schema';
 
 export abstract class BillingStrategyProviderService {
   abstract createBillingPortalSession(
@@ -53,7 +53,7 @@ export abstract class BillingStrategyProviderService {
     value: number;
   }>;
 
-  abstract updateSubscription(
+  abstract updateSubscriptionItem(
     params: z.infer<typeof UpdateSubscriptionParamsSchema>,
   ): Promise<{
     success: boolean;

packages/billing/gateway/package.json

@@ -27,12 +27,12 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
     "date-fns": "^3.6.0",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
     "react-hook-form": "^7.51.3",
     "react-i18next": "^14.1.1",
     "zod": "^3.23.4"

packages/billing/gateway/src/server/services/billing-gateway/billing-gateway.service.ts

@@ -44,10 +44,7 @@ class BillingGatewayService {
   async createCheckoutSession(
     params: z.infer<typeof CreateBillingCheckoutSchema>,
   ) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = CreateBillingCheckoutSchema.parse(params);
 
     return strategy.createCheckoutSession(payload);
@@ -61,10 +58,7 @@ class BillingGatewayService {
   async retrieveCheckoutSession(
     params: z.infer<typeof RetrieveCheckoutSessionSchema>,
   ) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = RetrieveCheckoutSessionSchema.parse(params);
 
     return strategy.retrieveCheckoutSession(payload);
@@ -78,10 +72,7 @@ class BillingGatewayService {
   async createBillingPortalSession(
     params: z.infer<typeof CreateBillingPortalSessionSchema>,
   ) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = CreateBillingPortalSessionSchema.parse(params);
 
     return strategy.createBillingPortalSession(payload);
@@ -95,10 +86,7 @@ class BillingGatewayService {
   async cancelSubscription(
     params: z.infer<typeof CancelSubscriptionParamsSchema>,
   ) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = CancelSubscriptionParamsSchema.parse(params);
 
     return strategy.cancelSubscription(payload);
@@ -110,10 +98,7 @@ class BillingGatewayService {
    * @param params
    */
   async reportUsage(params: z.infer<typeof ReportBillingUsageSchema>) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = ReportBillingUsageSchema.parse(params);
 
     return strategy.reportUsage(payload);
@@ -125,10 +110,7 @@ class BillingGatewayService {
    * @param params
    */
   async queryUsage(params: z.infer<typeof QueryBillingUsageSchema>) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = QueryBillingUsageSchema.parse(params);
 
     return strategy.queryUsage(payload);
@@ -141,12 +123,13 @@ class BillingGatewayService {
   async updateSubscriptionItem(
     params: z.infer<typeof UpdateSubscriptionParamsSchema>,
   ) {
-    const strategy = await BillingGatewayFactoryService.GetProviderStrategy(
+    const strategy = await this.getStrategy();
-      this.provider,
-    );
-
     const payload = UpdateSubscriptionParamsSchema.parse(params);
 
-    return strategy.updateSubscription(payload);
+    return strategy.updateSubscriptionItem(payload);
+  }
+
+  getStrategy() {
+    return BillingGatewayFactoryService.GetProviderStrategy(this.provider);
   }
 }

packages/billing/lemon-squeezy/package.json

@@ -25,9 +25,9 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
     "zod": "^3.23.4"
   },
   "eslintConfig": {

packages/billing/lemon-squeezy/src/services/lemon-squeezy-billing-strategy.service.ts

@@ -307,7 +307,7 @@ export class LemonSqueezyBillingStrategyService
    * @description Queries the usage of the metered billing
    * @param params
    */
-  async updateSubscription(
+  async updateSubscriptionItem(
     params: z.infer<typeof UpdateSubscriptionParamsSchema>,
   ) {
     const logger = await getLogger();

packages/billing/stripe/package.json

@@ -17,7 +17,7 @@
   "dependencies": {
     "@stripe/react-stripe-js": "^2.7.0",
     "@stripe/stripe-js": "^3.3.0",
-    "stripe": "^15.3.0"
+    "stripe": "^15.4.0"
   },
   "devDependencies": {
     "@kit/billing": "workspace:^",
@@ -28,10 +28,10 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
     "date-fns": "^3.6.0",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
     "zod": "^3.23.4"
   },
   "eslintConfig": {

packages/billing/stripe/src/services/stripe-billing-strategy.service.ts

@@ -273,11 +273,11 @@ export class StripeBillingStrategyService
   }
 
   /**
-   * @name updateSubscription
+   * @name updateSubscriptionItem
    * @description Updates a subscription
    * @param params
    */
-  async updateSubscription(
+  async updateSubscriptionItem(
     params: z.infer<typeof UpdateSubscriptionParamsSchema>,
   ) {
     const stripe = await this.stripeProvider();

packages/cms/keystatic/package.json

@@ -15,7 +15,7 @@
     "./route-handler": "./src/keystatic-route-handler.ts"
   },
   "dependencies": {
-    "@keystatic/core": "0.5.12",
+    "@keystatic/core": "0.5.13",
     "@keystatic/next": "5.0.0"
   },
   "devDependencies": {

packages/database-webhooks/package.json

@@ -23,7 +23,7 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/team-accounts": "workspace:^",
     "@kit/tsconfig": "workspace:*",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "zod": "^3.23.4"
   },
   "eslintConfig": {

packages/features/accounts/package.json

@@ -32,15 +32,15 @@
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
     "@radix-ui/react-icons": "^1.3.0",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "@types/react-dom": "^18.2.25",
+    "@types/react-dom": "^18.3.0",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
     "next-themes": "0.3.0",
-    "react": "18.2.0",
+    "react": "18.3.1",
-    "react-dom": "18.2.0",
+    "react-dom": "18.3.1",
     "react-hook-form": "^7.51.3",
     "react-i18next": "^14.1.1",
     "sonner": "^1.4.41",

packages/features/admin/package.json

@@ -20,14 +20,14 @@
     "@kit/ui": "workspace:^",
     "@makerkit/data-loader-supabase-core": "^0.0.7",
     "@makerkit/data-loader-supabase-nextjs": "^1.1.0",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
     "@tanstack/react-table": "^8.16.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
-    "react-dom": "18.2.0",
+    "react-dom": "18.3.1",
     "react-hook-form": "^7.51.3",
     "zod": "^3.23.4"
   },

packages/features/auth/package.json

@@ -26,12 +26,12 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
-    "@marsidev/react-turnstile": "^0.5.4",
+    "@marsidev/react-turnstile": "^0.6.0",
     "@radix-ui/react-icons": "^1.3.0",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
     "react-hook-form": "^7.51.3",
     "react-i18next": "^14.1.1",

packages/features/team-accounts/package.json

@@ -30,17 +30,17 @@
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
     "@kit/ui": "workspace:^",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
     "@tanstack/react-table": "^8.16.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "@types/react-dom": "^18.2.25",
+    "@types/react-dom": "^18.3.0",
     "class-variance-authority": "^0.7.0",
     "date-fns": "^3.6.0",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
-    "react-dom": "18.2.0",
+    "react-dom": "18.3.1",
     "react-hook-form": "^7.51.3",
     "react-i18next": "^14.1.1",
     "sonner": "^1.4.41",

packages/monitoring/api/package.json

@@ -24,8 +24,8 @@
     "@kit/sentry": "workspace:*",
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "react": "18.2.0"
+    "react": "18.3.1"
   },
   "eslintConfig": {
     "root": true,

packages/monitoring/baselime/package.json

@@ -25,8 +25,8 @@
     "@kit/prettier-config": "workspace:*",
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "react": "18.2.0",
+    "react": "18.3.1",
     "zod": "^3.23.4"
   },
   "eslintConfig": {

packages/monitoring/core/package.json

@@ -18,8 +18,8 @@
     "@kit/prettier-config": "workspace:*",
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "react": "18.2.0"
+    "react": "18.3.1"
   },
   "eslintConfig": {
     "root": true,

packages/monitoring/sentry/package.json

@@ -31,8 +31,8 @@
     "@kit/prettier-config": "workspace:*",
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "react": "18.2.0"
+    "react": "18.3.1"
   },
   "eslintConfig": {
     "root": true,

packages/next/package.json

@@ -21,7 +21,7 @@
     "@kit/supabase": "workspace:^",
     "@kit/tailwind-config": "workspace:*",
     "@kit/tsconfig": "workspace:*",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "next": "14.2.3",
     "zod": "^3.23.4"
   },

packages/supabase/package.json

@@ -27,11 +27,11 @@
     "@kit/tsconfig": "workspace:*",
     "@supabase/gotrue-js": "2.62.2",
     "@supabase/ssr": "^0.3.0",
-    "@supabase/supabase-js": "^2.42.6",
+    "@supabase/supabase-js": "^2.42.7",
     "@tanstack/react-query": "5.32.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
     "next": "14.2.3",
-    "react": "18.2.0",
+    "react": "18.3.1",
     "zod": "^3.23.4"
   },
   "eslintConfig": {

packages/ui/package.json

@@ -30,7 +30,7 @@
     "clsx": "^2.1.1",
     "cmdk": "1.0.0",
     "input-otp": "1.2.4",
-    "lucide-react": "^0.373.0",
+    "lucide-react": "^0.376.0",
     "react-top-loading-bar": "2.3.1",
     "tailwind-merge": "^2.3.0"
   },
@@ -41,8 +41,8 @@
     "@kit/tsconfig": "workspace:*",
     "@radix-ui/react-icons": "^1.3.0",
     "@tanstack/react-table": "^8.16.0",
-    "@types/react": "^18.2.79",
+    "@types/react": "^18.3.1",
-    "@types/react-dom": "^18.2.25",
+    "@types/react-dom": "^18.3.0",
     "class-variance-authority": "^0.7.0",
     "date-fns": "^3.6.0",
     "eslint": "^8.57.0",

tooling/eslint/package.json

@@ -16,14 +16,14 @@
     "@next/eslint-plugin-next": "^14.2.3",
     "@tanstack/react-table": "^8.16.0",
     "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-    "@types/eslint": "^8.56.9",
+    "@types/eslint": "^8.56.10",
-    "@typescript-eslint/eslint-plugin": "^7.7.0",
+    "@typescript-eslint/eslint-plugin": "^7.7.1",
-    "@typescript-eslint/parser": "^7.7.0",
+    "@typescript-eslint/parser": "^7.7.1",
     "eslint-config-prettier": "^9.1.0",
-    "eslint-config-turbo": "^1.13.2",
+    "eslint-config-turbo": "^1.13.3",
     "eslint-plugin-import": "^2.29.1",
     "eslint-plugin-react": "^7.34.1",
-    "eslint-plugin-react-hooks": "^4.6.0",
+    "eslint-plugin-react-hooks": "^4.6.2",
     "next": "14.2.3",
     "tailwind-merge": "^2.3.0",
     "zod": "^3.23.4"