From ca7b2ab18bfaaacb0f845d4ead7b8a12c8c241c2 Mon Sep 17 00:00:00 2001
From: Deeman <hendriknote@gmail.com>
Date: Sun, 22 Feb 2026 01:38:51 +0100
Subject: [PATCH] settings: remove Write scope, add billing portal error
 handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Remove 'Write' scope checkbox from API key creation form — BeanFlows
  is a read-only data platform, write keys are meaningless to users.
  Scope is now always 'read' via hidden input.
- Add try/except in billing.manage route so Paddle API failures (e.g.
  no live credentials in dev) show a user-facing flash error instead
  of a 500.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 web/src/beanflows/billing/routes.py            | 18 +++++++++++-------
 .../dashboard/templates/settings.html          | 14 +-------------
 2 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/web/src/beanflows/billing/routes.py b/web/src/beanflows/billing/routes.py
index 3a6aadb..e9cb1f3 100644
--- a/web/src/beanflows/billing/routes.py
+++ b/web/src/beanflows/billing/routes.py
@@ -201,14 +201,18 @@ async def manage():
         await flash("No active subscription found.", "error")
         return redirect(url_for("dashboard.settings"))
 
-    async with httpx.AsyncClient() as client:
-        response = await client.get(
-            f"https://api.paddle.com/subscriptions/{sub['provider_subscription_id']}",
-            headers={"Authorization": f"Bearer {config.PADDLE_API_KEY}"},
-        )
-        response.raise_for_status()
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                f"https://api.paddle.com/subscriptions/{sub['provider_subscription_id']}",
+                headers={"Authorization": f"Bearer {config.PADDLE_API_KEY}"},
+            )
+            response.raise_for_status()
+        portal_url = response.json()["data"]["management_urls"]["update_payment_method"]
+    except Exception:
+        await flash("Could not reach the billing portal. Please try again or contact support.", "error")
+        return redirect(url_for("dashboard.settings"))
 
-    portal_url = response.json()["data"]["management_urls"]["update_payment_method"]
     return redirect(portal_url)
 
 
diff --git a/web/src/beanflows/dashboard/templates/settings.html b/web/src/beanflows/dashboard/templates/settings.html
index 57d5f6f..eb2fda4 100644
--- a/web/src/beanflows/dashboard/templates/settings.html
+++ b/web/src/beanflows/dashboard/templates/settings.html
@@ -111,19 +111,7 @@
             <input type="text" id="key-name" name="name" class="form-input" placeholder="My API Key" required>
           </div>
 
-          <div class="mb-4">
-            <span class="form-label">Scopes</span>
-            <div class="flex gap-4 mt-1">
-              <label class="flex items-center gap-2 text-sm text-stone-dark">
-                <input type="checkbox" name="scopes" value="read" checked class="accent-copper">
-                Read
-              </label>
-              <label class="flex items-center gap-2 text-sm text-stone-dark">
-                <input type="checkbox" name="scopes" value="write" class="accent-copper">
-                Write
-              </label>
-            </div>
-          </div>
+          <input type="hidden" name="scopes" value="read">
 
           <button type="submit" class="btn">Create Key</button>
         </form>