Org billing (#1995)

* Add billing organization selection

Introduces support for selecting a billing organization for inference requests in HuggingChat. Adds a new billing section in application settings, updates user settings and API to store and validate the selected organization, and ensures requests are billed to the chosen organization by sending the X-HF-Bill-To header. Also updates environment and chart files to include the new OpenID scope required for billing.

* Update +page.svelte

* Remove billingOrganization from default settings

* Fix user settings creation and update test for findUser

The test for updateUser now passes a URL to findUser to match the updated function signature. Also, the updateUser function now inserts the full DEFAULT_SETTINGS object when creating default user settings, ensuring billingOrganization is included.

Author: gary149

.env

@@ -34,7 +34,7 @@ COUPLE_SESSION_WITH_COOKIE_NAME=
 # when OPEN_ID is configured, users are required to login after the welcome modal
 OPENID_CLIENT_ID="" # You can set to "__CIMD__" for automatic oauth app creation when deployed, see https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/
 OPENID_CLIENT_SECRET=
-OPENID_SCOPES="openid profile inference-api read-mcp"
+OPENID_SCOPES="openid profile inference-api read-mcp read-billing"
 USE_USER_TOKEN=
 AUTOMATIC_LOGIN=# if true authentication is required on all routes
 

chart/env/dev.yaml

@@ -38,7 +38,7 @@ ingressInternal:
 envVars:
   TEST: "test"
   COUPLE_SESSION_WITH_COOKIE_NAME: "token"
-  OPENID_SCOPES: "openid profile inference-api read-mcp"
+  OPENID_SCOPES: "openid profile inference-api read-mcp read-billing"
   USE_USER_TOKEN: "true"
   MCP_FORWARD_HF_USER_TOKEN: "true"
   AUTOMATIC_LOGIN: "false"

chart/env/prod.yaml

@@ -48,7 +48,7 @@ ingressInternal:
 
 envVars:
   COUPLE_SESSION_WITH_COOKIE_NAME: "token"
-  OPENID_SCOPES: "openid profile inference-api read-mcp"
+  OPENID_SCOPES: "openid profile inference-api read-mcp read-billing"
   USE_USER_TOKEN: "true"
   MCP_FORWARD_HF_USER_TOKEN: "true"
   AUTOMATIC_LOGIN: "false"

src/app.d.ts

@@ -13,6 +13,8 @@ declare global {
 			user?: User;
 			isAdmin: boolean;
 			token?: string;
+			/** Organization to bill inference requests to (from settings) */
+			billingOrganization?: string;
 		}
 
 		interface Error {

src/lib/server/api/authPlugin.ts

@@ -22,6 +22,7 @@ export const authPlugin = new Elysia({ name: "auth" }).derive(
 				user: auth?.user,
 				sessionId: auth?.sessionId,
 				isAdmin: auth?.isAdmin,
+				token: auth?.token,
 			},
 		};
 	}

src/lib/server/api/routes/groups/user.ts

@@ -6,6 +6,8 @@ import { authCondition } from "$lib/server/auth";
 import { models, validateModel } from "$lib/server/models";
 import { DEFAULT_SETTINGS, type SettingsEditable } from "$lib/types/Settings";
 import { z } from "zod";
+import { config } from "$lib/server/config";
+import { logger } from "$lib/server/logger";
 
 export const userGroup = new Elysia()
 	.use(authPlugin)
@@ -72,6 +74,7 @@ export const userGroup = new Elysia()
 					customPrompts: settings?.customPrompts ?? {},
 					multimodalOverrides: settings?.multimodalOverrides ?? {},
 					toolsOverrides: settings?.toolsOverrides ?? {},
+					billingOrganization: settings?.billingOrganization ?? undefined,
 				};
 			})
 			.post("/settings", async ({ locals, request }) => {
@@ -90,6 +93,7 @@ export const userGroup = new Elysia()
 						disableStream: z.boolean().default(false),
 						directPaste: z.boolean().default(false),
 						hidePromptExamples: z.record(z.boolean()).default({}),
+						billingOrganization: z.string().optional(),
 					})
 					.parse(body) satisfies SettingsEditable;
 
@@ -123,5 +127,79 @@ export const userGroup = new Elysia()
 					})
 					.toArray();
 				return reports;
+			})
+			.get("/billing-orgs", async ({ locals, set }) => {
+				// Only available for HuggingChat
+				if (!config.isHuggingChat) {
+					set.status = 404;
+					return { error: "Not available" };
+				}
+
+				// Requires authenticated user with OAuth token
+				if (!locals.user) {
+					set.status = 401;
+					return { error: "Login required" };
+				}
+
+				if (!locals.token) {
+					set.status = 401;
+					return { error: "OAuth token not available. Please log out and log back in." };
+				}
+
+				try {
+					// Fetch billing info from HuggingFace OAuth userinfo
+					const response = await fetch("https://huggingface.co/oauth/userinfo", {
+						headers: { Authorization: `Bearer ${locals.token}` },
+					});
+
+					if (!response.ok) {
+						logger.error(`Failed to fetch billing orgs: ${response.status}`);
+						set.status = 502;
+						return { error: "Failed to fetch billing information" };
+					}
+
+					const data = await response.json();
+
+					// Get user's current billingOrganization setting
+					const settings = await collections.settings.findOne(authCondition(locals));
+					const currentBillingOrg = settings?.billingOrganization;
+
+					// Filter orgs to only those with canPay: true
+					const billingOrgs = (data.orgs ?? [])
+						.filter((org: { canPay?: boolean }) => org.canPay === true)
+						.map((org: { sub: string; name: string; preferred_username: string }) => ({
+							sub: org.sub,
+							name: org.name,
+							preferred_username: org.preferred_username,
+						}));
+
+					// Check if current billing org is still valid
+					const isCurrentOrgValid =
+						!currentBillingOrg ||
+						billingOrgs.some(
+							(org: { preferred_username: string }) => org.preferred_username === currentBillingOrg
+						);
+
+					// If current billing org is no longer valid, clear it
+					if (!isCurrentOrgValid && currentBillingOrg) {
+						logger.info(
+							`Clearing invalid billingOrganization '${currentBillingOrg}' for user ${locals.user._id}`
+						);
+						await collections.settings.updateOne(authCondition(locals), {
+							$unset: { billingOrganization: "" },
+							$set: { updatedAt: new Date() },
+						});
+					}
+
+					return {
+						userCanPay: data.canPay ?? false,
+						organizations: billingOrgs,
+						currentBillingOrg: isCurrentOrgValid ? currentBillingOrg : undefined,
+					};
+				} catch (err) {
+					logger.error("Error fetching billing orgs:", err);
+					set.status = 500;
+					return { error: "Internal server error" };
+				}
 			});
 	});

src/lib/server/endpoints/openai/endpointOai.ts

@@ -148,6 +148,10 @@ export async function endpointOai(
 					"ChatUI-Conversation-ID": conversationId?.toString() ?? "",
 					"X-use-cache": "false",
 					...(locals?.token ? { Authorization: `Bearer ${locals.token}` } : {}),
+					// Bill to organization if configured (HuggingChat only)
+					...(config.isHuggingChat && locals?.billingOrganization
+						? { "X-HF-Bill-To": locals.billingOrganization }
+						: {}),
 				},
 				signal: abortSignal,
 			});
@@ -218,6 +222,10 @@ export async function endpointOai(
 							"ChatUI-Conversation-ID": conversationId?.toString() ?? "",
 							"X-use-cache": "false",
 							...(locals?.token ? { Authorization: `Bearer ${locals.token}` } : {}),
+							// Bill to organization if configured (HuggingChat only)
+							...(config.isHuggingChat && locals?.billingOrganization
+								? { "X-HF-Bill-To": locals.billingOrganization }
+								: {}),
 						},
 						signal: abortSignal,
 					}
@@ -232,6 +240,10 @@ export async function endpointOai(
 							"ChatUI-Conversation-ID": conversationId?.toString() ?? "",
 							"X-use-cache": "false",
 							...(locals?.token ? { Authorization: `Bearer ${locals.token}` } : {}),
+							// Bill to organization if configured (HuggingChat only)
+							...(config.isHuggingChat && locals?.billingOrganization
+								? { "X-HF-Bill-To": locals.billingOrganization }
+								: {}),
 						},
 						signal: abortSignal,
 					}

src/lib/server/router/arch.ts

@@ -152,6 +152,10 @@ export async function archSelectRoute(
 	const headers: HeadersInit = {
 		Authorization: `Bearer ${getApiToken(locals)}`,
 		"Content-Type": "application/json",
+		// Bill to organization if configured (HuggingChat only)
+		...(config.isHuggingChat && locals?.billingOrganization
+			? { "X-HF-Bill-To": locals.billingOrganization }
+			: {}),
 	};
 	const body = {
 		model: archModel,

src/lib/server/textGeneration/mcp/runMcpFlow.ts

@@ -264,6 +264,12 @@ export async function* runMcpFlow({
 			apiKey: config.OPENAI_API_KEY || config.HF_TOKEN || "sk-",
 			baseURL: config.OPENAI_BASE_URL,
 			fetch: captureProviderFetch,
+			defaultHeaders: {
+				// Bill to organization if configured (HuggingChat only)
+				...(config.isHuggingChat && locals?.billingOrganization
+					? { "X-HF-Bill-To": locals.billingOrganization }
+					: {}),
+			},
 		});
 
 		const mmEnabled = (forceMultimodal ?? false) || targetModel.multimodal;

src/lib/stores/settings.ts

@@ -17,6 +17,7 @@ type SettingsStore = {
 	disableStream: boolean;
 	directPaste: boolean;
 	hidePromptExamples: Record<string, boolean>;
+	billingOrganization?: string;
 };
 
 type SettingsStoreWritable = Writable<SettingsStore> & {