From cd87e527bbf6330f1b77e1220f8032bdc5baee6f Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Mon, 15 Apr 2024 11:03:27 +0800
Subject: [PATCH] feat(core): add customJwt paywall guard to core API

add customJwt paywall guard to core API
---
 packages/core/package.json                              | 2 +-
 packages/core/src/libraries/quota.ts                    | 3 ++-
 packages/core/src/routes/logto-config/jwt-customizer.ts | 9 ++++++++-
 pnpm-lock.yaml                                          | 8 ++++----
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/packages/core/package.json b/packages/core/package.json
index 4db9f56412c..4d7b9cf810e 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -92,7 +92,7 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-749cae5",
+    "@logto/cloud": "0.2.5-94f7bcc",
     "@silverhand/eslint-config": "5.0.0",
     "@silverhand/ts-config": "5.0.0",
     "@types/debug": "^4.1.7",
diff --git a/packages/core/src/libraries/quota.ts b/packages/core/src/libraries/quota.ts
index 65cf4fb72a5..6ac9e26c8b9 100644
--- a/packages/core/src/libraries/quota.ts
+++ b/packages/core/src/libraries/quota.ts
@@ -1,5 +1,5 @@
 import { ConnectorType, DemoConnector } from '@logto/connector-kit';
-import { RoleType, ReservedPlanId } from '@logto/schemas';
+import { ReservedPlanId, RoleType } from '@logto/schemas';
 
 import { EnvSet } from '#src/env-set/index.js';
 import RequestError from '#src/errors/RequestError/index.js';
@@ -72,6 +72,7 @@ export const createQuotaLibrary = (
     ssoEnabled: notNumber,
     omniSignInEnabled: notNumber, // No limit for now
     builtInEmailConnectorEnabled: notNumber, // No limit for now
+    customJwtEnabled: notNumber, // No limit for now
   };
 
   const getTenantUsage = async (key: keyof FeatureQuota, queryKey?: string): Promise<number> => {
diff --git a/packages/core/src/routes/logto-config/jwt-customizer.ts b/packages/core/src/routes/logto-config/jwt-customizer.ts
index 45478731cd5..2ca1afe8e38 100644
--- a/packages/core/src/routes/logto-config/jwt-customizer.ts
+++ b/packages/core/src/routes/logto-config/jwt-customizer.ts
@@ -14,6 +14,7 @@ import { ZodError, z } from 'zod';
 import { EnvSet } from '#src/env-set/index.js';
 import RequestError, { formatZodError } from '#src/errors/RequestError/index.js';
 import koaGuard, { parse } from '#src/middleware/koa-guard.js';
+import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
 import type { AuthedRouter, RouterInitArgs } from '../types.js';
 
@@ -31,7 +32,10 @@ const getJwtTokenKeyAndBody = (tokenPath: LogtoJwtTokenKeyType, body: unknown) =
 };
 
 export default function logtoConfigJwtCustomizerRoutes<T extends AuthedRouter>(
-  ...[router, { id: tenantId, queries, logtoConfigs, cloudConnection }]: RouterInitArgs<T>
+  ...[
+    router,
+    { id: tenantId, queries, logtoConfigs, cloudConnection, libraries },
+  ]: RouterInitArgs<T>
 ) {
   const { getRowsByKeys, deleteJwtCustomizer } = queries.logtoConfigs;
   const {
@@ -60,6 +64,7 @@ export default function logtoConfigJwtCustomizerRoutes<T extends AuthedRouter>(
       response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
       status: [200, 201, 400, 403],
     }),
+    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { isCloud, isIntegrationTest } = EnvSet.values;
       if (tenantId === adminTenantId && isCloud && !isIntegrationTest) {
@@ -109,6 +114,7 @@ export default function logtoConfigJwtCustomizerRoutes<T extends AuthedRouter>(
       response: accessTokenJwtCustomizerGuard.or(clientCredentialsJwtCustomizerGuard),
       status: [200, 400, 404],
     }),
+    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { isIntegrationTest } = EnvSet.values;
 
@@ -211,6 +217,7 @@ export default function logtoConfigJwtCustomizerRoutes<T extends AuthedRouter>(
       response: jsonObjectGuard,
       status: [200, 400, 403, 422],
     }),
+    koaQuotaGuard({ key: 'customJwtEnabled', quota: libraries.quota }),
     async (ctx, next) => {
       const { body } = ctx.guard;
 
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 6a242a38d56..c8895f776d9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -3205,8 +3205,8 @@ importers:
         version: 3.22.4
     devDependencies:
       '@logto/cloud':
-        specifier: 0.2.5-749cae5
-        version: 0.2.5-749cae5(zod@3.22.4)
+        specifier: 0.2.5-94f7bcc
+        version: 0.2.5-94f7bcc(zod@3.22.4)
       '@silverhand/eslint-config':
         specifier: 5.0.0
         version: 5.0.0(eslint@8.44.0)(prettier@3.0.0)(typescript@5.3.3)
@@ -7647,8 +7647,8 @@ packages:
       jose: 5.2.2
     dev: true
 
-  /@logto/cloud@0.2.5-749cae5(zod@3.22.4):
-    resolution: {integrity: sha512-QzebHRSBShQwOsKAvYlVd7QF43RlrHOt/nmwrlRNW4F9U0DUEFaeLZujYS56oxjQ49GRdsOPKSQCE97wRB7NNQ==}
+  /@logto/cloud@0.2.5-94f7bcc(zod@3.22.4):
+    resolution: {integrity: sha512-1nY3o1/gXgEIqgvjel2no0X3rR+BGnfozB7Vev+FY2qTkDyQIWRtHAnx+kkv4iEIIFcZW86LRNlvfjDUqR2yIg==}
     engines: {node: ^20.9.0}
     dependencies:
       '@silverhand/essentials': 2.9.0