settings: remove Write scope, add billing portal error handling

- Remove 'Write' scope checkbox from API key creation form — BeanFlows is a read-only data platform, write keys are meaningless to users. Scope is now always 'read' via hidden input. - Add try/except in billing.manage route so Paddle API failures (e.g. no live credentials in dev) show a user-facing flash error instead of a 500. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 01:38:51 +01:00
parent c92e5a8e07
commit ca7b2ab18b
2 changed files with 12 additions and 20 deletions
--- a/web/src/beanflows/billing/routes.py
+++ b/web/src/beanflows/billing/routes.py
@@ -201,14 +201,18 @@ async def manage():
        await flash("No active subscription found.", "error")
        return redirect(url_for("dashboard.settings"))

-    async with httpx.AsyncClient() as client:
-        response = await client.get(
-            f"https://api.paddle.com/subscriptions/{sub['provider_subscription_id']}",
-            headers={"Authorization": f"Bearer {config.PADDLE_API_KEY}"},
-        )
-        response.raise_for_status()
+    try:
+        async with httpx.AsyncClient() as client:
+            response = await client.get(
+                f"https://api.paddle.com/subscriptions/{sub['provider_subscription_id']}",
+                headers={"Authorization": f"Bearer {config.PADDLE_API_KEY}"},
+            )
+            response.raise_for_status()
+        portal_url = response.json()["data"]["management_urls"]["update_payment_method"]
+    except Exception:
+        await flash("Could not reach the billing portal. Please try again or contact support.", "error")
+        return redirect(url_for("dashboard.settings"))

-    portal_url = response.json()["data"]["management_urls"]["update_payment_method"]
    return redirect(portal_url)


--- a/web/src/beanflows/dashboard/templates/settings.html
+++ b/web/src/beanflows/dashboard/templates/settings.html
@@ -111,19 +111,7 @@
            <input type="text" id="key-name" name="name" class="form-input" placeholder="My API Key" required>
          </div>

-          <div class="mb-4">
-            <span class="form-label">Scopes</span>
-            <div class="flex gap-4 mt-1">
-              <label class="flex items-center gap-2 text-sm text-stone-dark">
-                <input type="checkbox" name="scopes" value="read" checked class="accent-copper">
-                Read
-              </label>
-              <label class="flex items-center gap-2 text-sm text-stone-dark">
-                <input type="checkbox" name="scopes" value="write" class="accent-copper">
-                Write
-              </label>
-            </div>
-          </div>
+          <input type="hidden" name="scopes" value="read">

          <button type="submit" class="btn">Create Key</button>
        </form>