User access based on subscription tiers

[sergeim19]

Thank you very much for this template. I am very new to SaaS and web dev so this is my first time dealing with these types of issues. I have a question about user access. Currently the stripe_customers table has 3 columns - user_id, updated_at, and stripe_customer_id. But this table by itself does not have information about the user's subscription, only that they picked a subscription at some point in time. We check the user's subscription via the functions inside subscription_helpers.server.ts. It gets the uuid -> looks up the customer's stripe_customer_id and then uses the stripe api to fetch their current subscription.

If we want to restrict certain features based on the user's subscription level, as far as I understand, we must somehow re-implement the subscription check using the stripe api on the backend (or create another column inside stripe_customers to save their subscription type when it is created), correct? Otherwise, the current process of checking their subscription is done on the front-end and is vulnerable to being changed by the user. In my case, I have a large table with some data, and I want to restrict "free tier" users to only a subset of that data.

[sergeim19]

Repying to myself here...Sorry, web dev newbie here. Ok, I think I forgot that page.server.ts is run on the server. So as long as I do my data fetching inside page.server.ts it is safe to only use the functionality in subscription_helpers.server.ts -- they will be evaluated backend. Hopefully that's right.