feat: user auth, API keys, Stripe billing, and dashboard scoping

- NextAuth v5 credentials auth with registration/login pages - API key CRUD (create, list, revoke) with secure hashing - Stripe checkout, webhooks, and customer portal integration - Rate limiting per subscription tier - All dashboard API endpoints scoped to authenticated user - Prisma schema: User, Account, Session, ApiKey, plus Stripe fields - Auth middleware protecting dashboard and API routes Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-02-10 15:37:49 +00:00
parent 07cf717c15
commit 61268f870f
33 changed files with 2247 additions and 57 deletions
--- a/apps/web/src/app/api/settings/stats/route.ts
+++ b/apps/web/src/app/api/settings/stats/route.ts
@@ -1,14 +1,24 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
+import { auth } from "@/auth";

 export async function GET() {
  try {
+    const session = await auth();
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const userId = session.user.id;
+    const traceFilter = { userId };
+    const childFilter = { trace: { userId } };
+
    const [totalTraces, totalSpans, totalDecisions, totalEvents] =
      await Promise.all([
-        prisma.trace.count(),
-        prisma.span.count(),
-        prisma.decisionPoint.count(),
-        prisma.event.count(),
+        prisma.trace.count({ where: traceFilter }),
+        prisma.span.count({ where: childFilter }),
+        prisma.decisionPoint.count({ where: childFilter }),
+        prisma.event.count({ where: childFilter }),
      ]);

    return NextResponse.json(