mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
refactor(saas): remove the legacy credits engine (FE + Java) (#6687)
Complete legacy-credits teardown ("Group 3"). The per-user/per-team
credit model is fully superseded by PAYG (`wallet_ledger`) — confirmed
no PAYG code references it. Authorized to also remove the `TeamCredit`
pool + its monthly reset.
## Frontend (saas)
- Deleted `saas/hooks/useCredits.ts`, `apiKeys/hooks/useCredits.ts`,
`types/credits.ts`, `apiKeys/UsageSection.tsx`.
- `UseSession.tsx`: removed credit members (`creditBalance`,
`creditSummary`, `hasSufficientCredits`, `updateCredits`,
`refreshCredits`, `fetchCredits`) + the credit types + global
credit-update callback. **Kept** `isPro`/`refreshProStatus` and the
Supabase auth subscription listener.
- `services/apiClient.ts`: removed the dead `x-credits-remaining`
handler + low-credit plumbing (token-refresh / PAYG / 401 logic
untouched).
- Credit refs removed from `ApiKeys.tsx`, `AppConfigModal.tsx`,
`auth/teamSession.ts`.
## Java (:saas)
**Deleted (15):** `UserCredit`(+repo),
`TeamCredit`(+repo)+`TeamCreditService`, `CreditService`,
`CreditHeaderUtils`, `CreditResetScheduler`, `CreditController`,
`CreditInterceptorConfig`, `UnifiedCreditInterceptor`,
`CreditSuccessAdvice`, `CreditErrorAdvice`, `CreditConsumptionResult` (+
the CreditController test).
**Edited — stripped legacy credit side-effects, preserved
auth/role/AI/PAYG logic:**
- `AiCreate`/`AiProxyController`: dropped the
`X-Credits-Remaining`/`X-Credit-Source` response header (its only
consumer, the desktop credit system, was already removed).
- `SaasTeamService`: dropped UserCredit/TeamCredit init on team-create +
seat-update.
- `SupabaseAuthenticationFilter` / `SupabaseSecurityConfig`: dropped
`getOrCreateUserCredits` on signup + the credit field/CORS header.
- `UserRoleService`: dropped `resetCycleAllocationForRoleChange`;
`ROLE_PRO_USER` grant/revoke preserved.
- proprietary `UserRepository`: dropped
`findUsersWithApiKeyButNoCredits()`.
- Tests updated to drop credit mocks/refs.
## Kept / scope
- `isPro` / `is_pro` RPC / `ROLE_PRO_USER` (that's the separate Group-4
/ EE effort) and **all PAYG** are untouched.
- **No DB tables dropped.** `user_credits`/`team_credits` stay until a
later **gated** migration — which this PR unblocks (the JPA entities
that pinned them are gone).
## Verify
`:saas:compileJava` + `:saas:compileTestJava` pass; FE `tsc --noEmit`
(saas) + eslint clean; 0 stray artifacts; no residual source refs to the
deleted classes.
## Follow-up (not in this PR)
`ErrorTrackingService` (+
`UserErrorTracker`/`ProcessingErrorType`/`CreditsProperties`) is now a
dead island — its only callers were the deleted interceptors. Safe to
delete, but it cascades beyond the credit scope, so it's a separate
tidy-up.
Targets `feat/desktop-cloud-saas-reuse`.
This commit is contained in:
-9
@@ -105,15 +105,6 @@ public interface UserRepository extends JpaRepository<User, Long> {
|
||||
Stream<Long> findByUsernameIsNullAndCreatedAtBefore(
|
||||
@Param("cutoffDate") LocalDateTime cutoffDate);
|
||||
|
||||
/** Users with an API key but no row in {@code user_credits}. */
|
||||
@Query(
|
||||
value =
|
||||
"SELECT u.* FROM users u "
|
||||
+ "LEFT JOIN user_credits uc ON uc.user_id = u.user_id "
|
||||
+ "WHERE u.api_key IS NOT NULL AND uc.user_id IS NULL",
|
||||
nativeQuery = true)
|
||||
List<User> findUsersWithApiKeyButNoCredits();
|
||||
|
||||
/** Single-shot UPDATE that reassigns a user to a different team. */
|
||||
@Modifying
|
||||
@Query("UPDATE User u SET u.team.id = :teamId WHERE u.id = :userId")
|
||||
|
||||
+3
-49
@@ -51,10 +51,7 @@ import stirling.software.saas.payg.model.BillingCategory;
|
||||
import stirling.software.saas.payg.model.FeatureGate;
|
||||
import stirling.software.saas.payg.model.JobSource;
|
||||
import stirling.software.saas.payg.model.ProcessType;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
@RestController
|
||||
@Profile("saas")
|
||||
@@ -69,10 +66,7 @@ public class AiCreateController {
|
||||
private final AiCreateSessionService sessionService;
|
||||
private final AiCreateProxyService proxyService;
|
||||
private final ObjectMapper objectMapper = new ObjectMapper();
|
||||
private final CreditService creditService;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final UserRepository userRepository;
|
||||
private final CreditHeaderUtils creditHeaderUtils;
|
||||
private final JobChargeService jobChargeService;
|
||||
|
||||
@PostMapping("/sessions")
|
||||
@@ -233,8 +227,7 @@ public class AiCreateController {
|
||||
@PathVariable String sessionId, HttpServletRequest request) {
|
||||
sessionService.getSessionForCurrentUser(sessionId);
|
||||
log.info("AI create fillFields sessionId={}", sessionId);
|
||||
return proxy(
|
||||
"POST", "/api/create/sessions/" + sessionId + "/fields", request, false, false);
|
||||
return proxy("POST", "/api/create/sessions/" + sessionId + "/fields", request, false);
|
||||
}
|
||||
|
||||
@GetMapping(
|
||||
@@ -243,20 +236,11 @@ public class AiCreateController {
|
||||
public ResponseEntity<StreamingResponseBody> stream(
|
||||
@PathVariable String sessionId, HttpServletRequest request) {
|
||||
sessionService.getSessionForCurrentUser(sessionId);
|
||||
return proxy(
|
||||
"GET",
|
||||
"/api/create/sessions/" + sessionId + "/stream",
|
||||
request,
|
||||
true,
|
||||
true); // Add credits header: frontend endpoint that triggers AI
|
||||
return proxy("GET", "/api/create/sessions/" + sessionId + "/stream", request, true);
|
||||
}
|
||||
|
||||
private ResponseEntity<StreamingResponseBody> proxy(
|
||||
String method,
|
||||
String path,
|
||||
HttpServletRequest request,
|
||||
boolean acceptEventStream,
|
||||
boolean includeCreditsHeader) {
|
||||
String method, String path, HttpServletRequest request, boolean acceptEventStream) {
|
||||
try {
|
||||
HttpResponse<InputStream> response =
|
||||
proxyService.forward(method, path, request, acceptEventStream);
|
||||
@@ -270,11 +254,6 @@ public class AiCreateController {
|
||||
headers.set(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
}
|
||||
|
||||
// Add credit headers if requested
|
||||
if (includeCreditsHeader) {
|
||||
addCreditHeaders(headers);
|
||||
}
|
||||
|
||||
StreamingResponseBody body =
|
||||
outputStream -> {
|
||||
try (InputStream inputStream = response.body()) {
|
||||
@@ -302,31 +281,6 @@ public class AiCreateController {
|
||||
.ifPresent(value -> headers.set(headerName, value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add credit headers to the response headers.
|
||||
*
|
||||
* @param headers The headers to add credit information to
|
||||
*/
|
||||
private void addCreditHeaders(HttpHeaders headers) {
|
||||
try {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth == null || !auth.isAuthenticated()) {
|
||||
log.debug("[AI-CREATE] No authentication found, skipping credit header");
|
||||
return;
|
||||
}
|
||||
|
||||
User user = AuthenticationUtils.getCurrentUser(auth, userRepository);
|
||||
int remainingCredits =
|
||||
creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService);
|
||||
if (remainingCredits >= 0) {
|
||||
headers.set("X-Credits-Remaining", Integer.toString(remainingCredits));
|
||||
log.warn("[AI-CREATE] Added X-Credits-Remaining header: {}", remainingCredits);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.error("[AI-CREATE] Failed to add credit header: {}", e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public record CreateSessionRequest(
|
||||
String prompt,
|
||||
String docType,
|
||||
|
||||
+22
-80
@@ -9,8 +9,6 @@ import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
@@ -25,15 +23,9 @@ import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.ai.service.AiProxyService;
|
||||
import stirling.software.saas.payg.cap.RequiresFeature;
|
||||
import stirling.software.saas.payg.model.FeatureGate;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
@RestController
|
||||
@Profile("saas")
|
||||
@@ -45,103 +37,89 @@ import stirling.software.saas.util.CreditHeaderUtils;
|
||||
public class AiProxyController {
|
||||
|
||||
private final AiProxyService aiProxyService;
|
||||
private final CreditService creditService;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final UserRepository userRepository;
|
||||
private final CreditHeaderUtils creditHeaderUtils;
|
||||
|
||||
public AiProxyController(
|
||||
AiProxyService aiProxyService,
|
||||
CreditService creditService,
|
||||
TeamCreditService teamCreditService,
|
||||
UserRepository userRepository,
|
||||
CreditHeaderUtils creditHeaderUtils) {
|
||||
public AiProxyController(AiProxyService aiProxyService) {
|
||||
this.aiProxyService = aiProxyService;
|
||||
this.creditService = creditService;
|
||||
this.teamCreditService = teamCreditService;
|
||||
this.userRepository = userRepository;
|
||||
this.creditHeaderUtils = creditHeaderUtils;
|
||||
}
|
||||
|
||||
@PostMapping("/generate_section")
|
||||
public ResponseEntity<StreamingResponseBody> generateSection(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/generate_section", request, false, false);
|
||||
return proxy("POST", "/api/generate_section", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/generate_all_sections")
|
||||
public ResponseEntity<StreamingResponseBody> generateAllSections(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/generate_all_sections", request, false, false);
|
||||
return proxy("POST", "/api/generate_all_sections", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/intent/check")
|
||||
public ResponseEntity<StreamingResponseBody> intentCheck(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/intent/check", request, false, false);
|
||||
return proxy("POST", "/api/intent/check", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/chat/route")
|
||||
public ResponseEntity<StreamingResponseBody> chatRoute(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/chat/route", request, false, true);
|
||||
return proxy("POST", "/api/chat/route", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/chat/create-smart-folder")
|
||||
public ResponseEntity<StreamingResponseBody> createSmartFolder(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/chat/create-smart-folder", request, false, true);
|
||||
return proxy("POST", "/api/chat/create-smart-folder", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/chat/info")
|
||||
public ResponseEntity<StreamingResponseBody> chatInfo(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/chat/info", request, false, true);
|
||||
return proxy("POST", "/api/chat/info", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/pdf/answer")
|
||||
public ResponseEntity<StreamingResponseBody> pdfAnswer(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/pdf/answer", request, false, false);
|
||||
return proxy("POST", "/api/pdf/answer", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/progressive_render")
|
||||
public ResponseEntity<StreamingResponseBody> progressiveRender(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/progressive_render", request, false, false);
|
||||
return proxy("POST", "/api/progressive_render", request, false);
|
||||
}
|
||||
|
||||
@GetMapping("/versions/{userId}")
|
||||
public ResponseEntity<StreamingResponseBody> versions(
|
||||
@PathVariable("userId") String userId, HttpServletRequest request) {
|
||||
return proxy("GET", "/api/versions/" + userId, request, false, false);
|
||||
return proxy("GET", "/api/versions/" + userId, request, false);
|
||||
}
|
||||
|
||||
@GetMapping("/style/{userId}")
|
||||
public ResponseEntity<StreamingResponseBody> style(
|
||||
@PathVariable("userId") String userId, HttpServletRequest request) {
|
||||
return proxy("GET", "/api/style/" + userId, request, false, false);
|
||||
return proxy("GET", "/api/style/" + userId, request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/style/{userId}")
|
||||
public ResponseEntity<StreamingResponseBody> updateStyle(
|
||||
@PathVariable("userId") String userId, HttpServletRequest request) {
|
||||
return proxy("POST", "/api/style/" + userId, request, false, false);
|
||||
return proxy("POST", "/api/style/" + userId, request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/import_template")
|
||||
public ResponseEntity<StreamingResponseBody> importTemplate(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/import_template", request, false, false);
|
||||
return proxy("POST", "/api/import_template", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/edit/sessions")
|
||||
public ResponseEntity<StreamingResponseBody> createEditSession(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/edit/sessions", request, false, false);
|
||||
return proxy("POST", "/api/edit/sessions", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/edit/sessions/{sessionId}/messages")
|
||||
public ResponseEntity<StreamingResponseBody> editSessionMessage(
|
||||
@PathVariable("sessionId") String sessionId, HttpServletRequest request) {
|
||||
return proxy("POST", "/api/edit/sessions/" + sessionId + "/messages", request, false, true);
|
||||
return proxy("POST", "/api/edit/sessions/" + sessionId + "/messages", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/edit/sessions/{sessionId}/attachments")
|
||||
public ResponseEntity<StreamingResponseBody> editSessionAttachment(
|
||||
@PathVariable("sessionId") String sessionId, HttpServletRequest request) {
|
||||
return proxy(
|
||||
"POST", "/api/edit/sessions/" + sessionId + "/attachments", request, false, false);
|
||||
return proxy("POST", "/api/edit/sessions/" + sessionId + "/attachments", request, false);
|
||||
}
|
||||
|
||||
@PostMapping(
|
||||
@@ -149,17 +127,17 @@ public class AiProxyController {
|
||||
produces = MediaType.TEXT_EVENT_STREAM_VALUE)
|
||||
public ResponseEntity<StreamingResponseBody> runEditSession(
|
||||
@PathVariable("sessionId") String sessionId, HttpServletRequest request) {
|
||||
return proxy("POST", "/api/edit/sessions/" + sessionId + "/run", request, true, false);
|
||||
return proxy("POST", "/api/edit/sessions/" + sessionId + "/run", request, true);
|
||||
}
|
||||
|
||||
@GetMapping("/pdf-editor/document")
|
||||
public ResponseEntity<StreamingResponseBody> pdfEditorDocument(HttpServletRequest request) {
|
||||
return proxy("GET", "/api/pdf-editor/document", request, false, false);
|
||||
return proxy("GET", "/api/pdf-editor/document", request, false);
|
||||
}
|
||||
|
||||
@PostMapping("/pdf-editor/upload")
|
||||
public ResponseEntity<StreamingResponseBody> pdfEditorUpload(HttpServletRequest request) {
|
||||
return proxy("POST", "/api/pdf-editor/upload", request, false, false);
|
||||
return proxy("POST", "/api/pdf-editor/upload", request, false);
|
||||
}
|
||||
|
||||
@GetMapping("/output/**")
|
||||
@@ -167,27 +145,22 @@ public class AiProxyController {
|
||||
String requestUri = request.getRequestURI();
|
||||
String prefix = request.getContextPath() + "/api/v1/ai/output/";
|
||||
String path = requestUri.startsWith(prefix) ? requestUri.substring(prefix.length()) : "";
|
||||
return proxy("GET", "/output/" + path, request, false, false);
|
||||
return proxy("GET", "/output/" + path, request, false);
|
||||
}
|
||||
|
||||
// Health endpoint at /api/v1/ai/health is owned by the proprietary AiEngineController; both
|
||||
// proxy to the same backing AI engine. No need for credit-aware wrapping on a health probe.
|
||||
|
||||
/**
|
||||
* Proxy method that optionally adds credit headers.
|
||||
* Proxy method.
|
||||
*
|
||||
* @param method HTTP method
|
||||
* @param path API path
|
||||
* @param request The incoming request
|
||||
* @param acceptEventStream Whether to accept event stream responses
|
||||
* @param includeCreditsHeader Whether to add credit balance header
|
||||
*/
|
||||
private ResponseEntity<StreamingResponseBody> proxy(
|
||||
String method,
|
||||
String path,
|
||||
HttpServletRequest request,
|
||||
boolean acceptEventStream,
|
||||
boolean includeCreditsHeader) {
|
||||
String method, String path, HttpServletRequest request, boolean acceptEventStream) {
|
||||
try {
|
||||
// Forward to AI backend
|
||||
HttpResponse<InputStream> aiResponse =
|
||||
@@ -204,11 +177,6 @@ public class AiProxyController {
|
||||
headers.set(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
}
|
||||
|
||||
// Add credit headers if requested (after AI processing completes)
|
||||
if (includeCreditsHeader) {
|
||||
addCreditHeaders(headers);
|
||||
}
|
||||
|
||||
StreamingResponseBody body =
|
||||
outputStream -> {
|
||||
try (InputStream inputStream = aiResponse.body()) {
|
||||
@@ -247,30 +215,4 @@ public class AiProxyController {
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Add credit headers to the response headers.
|
||||
*
|
||||
* @param headers The headers to add credit information to
|
||||
*/
|
||||
private void addCreditHeaders(HttpHeaders headers) {
|
||||
try {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth == null || !auth.isAuthenticated()) {
|
||||
log.debug("[AI-PROXY] No authentication found, skipping credit header");
|
||||
return;
|
||||
}
|
||||
|
||||
User user = AuthenticationUtils.getCurrentUser(auth, userRepository);
|
||||
int remainingCredits =
|
||||
creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService);
|
||||
if (remainingCredits >= 0) {
|
||||
headers.set("X-Credits-Remaining", Integer.toString(remainingCredits));
|
||||
log.warn("[AI-PROXY] Added X-Credits-Remaining header: {}", remainingCredits);
|
||||
}
|
||||
headers.set("X-Credit-Source", "AI_TOOL_CALL");
|
||||
} catch (Exception e) {
|
||||
log.error("[AI-PROXY] Failed to add credit header: {}", e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
package stirling.software.saas.config;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
import stirling.software.saas.interceptor.UnifiedCreditInterceptor;
|
||||
|
||||
// Legacy credit-billing path. Disabled in saas-PAYG by default — activate the legacy-credits
|
||||
// profile explicitly (`--spring.profiles.active=saas,dev,legacy-credits`) if you need it back.
|
||||
@Configuration
|
||||
@Profile("saas & legacy-credits")
|
||||
@RequiredArgsConstructor
|
||||
public class CreditInterceptorConfig implements WebMvcConfigurer {
|
||||
|
||||
private final UnifiedCreditInterceptor unifiedCreditInterceptor;
|
||||
private final CreditsProperties creditsProperties;
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
if (creditsProperties.isEnabled()) {
|
||||
registry.addInterceptor(unifiedCreditInterceptor)
|
||||
.addPathPatterns("/api/**")
|
||||
.excludePathPatterns(
|
||||
"/api/v1/credits/**", "/api/v1/config/**", "/api/v1/info/**");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,315 +0,0 @@
|
||||
package stirling.software.saas.controller;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import io.swagger.v3.oas.annotations.Hidden;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.media.Content;
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import io.swagger.v3.oas.annotations.responses.ApiResponse;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.proprietary.security.model.ApiKeyAuthenticationToken;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.security.EnhancedJwtAuthenticationToken;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.CreditService.CreditSummary;
|
||||
import stirling.software.saas.util.LogRedactionUtils;
|
||||
|
||||
// Legacy credit-billing endpoints. PAYG replaces this — gated behind legacy-credits profile.
|
||||
@RestController
|
||||
@Profile("saas & legacy-credits")
|
||||
@RequestMapping("/api/v1/credits")
|
||||
@Tag(name = "Credit Management", description = "Endpoints for managing user API credits")
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
public class CreditController {
|
||||
|
||||
private final CreditService creditService;
|
||||
|
||||
@GetMapping
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Get user credit information",
|
||||
description =
|
||||
"Retrieve current credit balance and usage statistics for the authenticated user")
|
||||
@ApiResponse(
|
||||
responseCode = "200",
|
||||
description = "Credit information retrieved successfully",
|
||||
content = @Content(schema = @Schema(implementation = CreditSummary.class)))
|
||||
public ResponseEntity<CreditSummary> getUserCredits(Authentication authentication) {
|
||||
return ResponseEntity.ok(getCreditSummaryForAuthentication(authentication));
|
||||
}
|
||||
|
||||
@PostMapping("/purchase")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Purchase additional credits",
|
||||
description = "Add bought credits to user account (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Credits purchased successfully")
|
||||
public ResponseEntity<Map<String, Object>> purchaseCredits(
|
||||
@RequestParam("username") String username, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits <= 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits must be positive"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.addBoughtCredits(username, credits);
|
||||
log.info("Admin added {} credits to user: {}", credits, username);
|
||||
return ResponseEntity.ok(Map.of("success", true, "creditsAdded", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("purchaseCredits rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/purchase-by-supabase-id")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Purchase additional credits by Supabase ID",
|
||||
description = "Add bought credits to user account using Supabase ID (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Credits purchased successfully")
|
||||
public ResponseEntity<Map<String, Object>> purchaseCreditsBySupabaseId(
|
||||
@RequestParam("supabaseId") String supabaseId, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits <= 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits must be positive"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.addBoughtCreditsBySupabaseId(supabaseId, credits);
|
||||
log.info(
|
||||
"Admin added {} credits to user with Supabase ID: {}",
|
||||
credits,
|
||||
LogRedactionUtils.redactSupabaseId(supabaseId));
|
||||
return ResponseEntity.ok(Map.of("success", true, "creditsAdded", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("purchaseCreditsBySupabaseId rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/user/{username}")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Get credit information for specific user",
|
||||
description = "Retrieve credit information for a specific user (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(
|
||||
responseCode = "200",
|
||||
description = "User credit information retrieved successfully",
|
||||
content = @Content(schema = @Schema(implementation = CreditSummary.class)))
|
||||
public ResponseEntity<CreditSummary> getUserCreditsAdmin(
|
||||
@PathVariable("username") String username) {
|
||||
CreditSummary summary = creditService.getCreditSummary(username);
|
||||
return ResponseEntity.ok(summary);
|
||||
}
|
||||
|
||||
@GetMapping("/user-by-supabase-id/{supabaseId}")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Get credit information for specific user by Supabase ID",
|
||||
description =
|
||||
"Retrieve credit information for a specific user using Supabase ID (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(
|
||||
responseCode = "200",
|
||||
description = "User credit information retrieved successfully",
|
||||
content = @Content(schema = @Schema(implementation = CreditSummary.class)))
|
||||
public ResponseEntity<CreditSummary> getUserCreditsAdminBySupabaseId(
|
||||
@PathVariable("supabaseId") String supabaseId) {
|
||||
CreditSummary summary = creditService.getCreditSummaryBySupabaseId(supabaseId);
|
||||
return ResponseEntity.ok(summary);
|
||||
}
|
||||
|
||||
@PostMapping("/reset-cycle")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Reset cycle credits for all users",
|
||||
description = "Manually trigger cycle credit reset for all users (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Cycle credits reset successfully")
|
||||
public ResponseEntity<String> resetCycleCredits() {
|
||||
creditService.resetCycleCreditsForAllUsers();
|
||||
log.info("Manual cycle credit reset triggered by admin");
|
||||
return ResponseEntity.ok("Cycle credits reset successfully for all users");
|
||||
}
|
||||
|
||||
@PostMapping("/set-bought-credits")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Set user's bought credits to a specific amount",
|
||||
description =
|
||||
"Hard set the bought credits balance for a specific user to an exact amount (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Bought credits set successfully")
|
||||
public ResponseEntity<Map<String, Object>> setBoughtCredits(
|
||||
@RequestParam("username") String username, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits < 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits cannot be negative"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.setBoughtCredits(username, credits);
|
||||
log.info("Admin set bought credits to {} for user: {}", credits, username);
|
||||
return ResponseEntity.ok(Map.of("success", true, "boughtCredits", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("setBoughtCredits rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/set-bought-credits-by-supabase-id")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Set user's bought credits to a specific amount by Supabase ID",
|
||||
description =
|
||||
"Hard set the bought credits balance for a specific user using Supabase ID to an exact amount (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Bought credits set successfully")
|
||||
public ResponseEntity<Map<String, Object>> setBoughtCreditsBySupabaseId(
|
||||
@RequestParam("supabaseId") String supabaseId, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits < 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits cannot be negative"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.setBoughtCreditsBySupabaseId(supabaseId, credits);
|
||||
log.info(
|
||||
"Admin set bought credits to {} for user with Supabase ID: {}",
|
||||
credits,
|
||||
LogRedactionUtils.redactSupabaseId(supabaseId));
|
||||
return ResponseEntity.ok(Map.of("success", true, "boughtCredits", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("setBoughtCreditsBySupabaseId rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/set-cycle-credits")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Set user's cycle credits remaining to a specific amount",
|
||||
description =
|
||||
"Hard set the cycle credits remaining balance for a specific user to an exact amount (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Cycle credits set successfully")
|
||||
public ResponseEntity<Map<String, Object>> setCycleCredits(
|
||||
@RequestParam("username") String username, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits < 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits cannot be negative"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.setCycleCredits(username, credits);
|
||||
log.info("Admin set cycle credits to {} for user: {}", credits, username);
|
||||
return ResponseEntity.ok(Map.of("success", true, "cycleCredits", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("setCycleCredits rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@PostMapping("/set-cycle-credits-by-supabase-id")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Set user's cycle credits remaining to a specific amount by Supabase ID",
|
||||
description =
|
||||
"Hard set the cycle credits remaining balance for a specific user using Supabase ID to an exact amount (admin only)")
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
@ApiResponse(responseCode = "200", description = "Cycle credits set successfully")
|
||||
public ResponseEntity<Map<String, Object>> setCycleCreditsBySupabaseId(
|
||||
@RequestParam("supabaseId") String supabaseId, @RequestParam("credits") int credits) {
|
||||
|
||||
if (credits < 0) {
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Credits cannot be negative"));
|
||||
}
|
||||
|
||||
try {
|
||||
creditService.setCycleCreditsBySupabaseId(supabaseId, credits);
|
||||
log.info(
|
||||
"Admin set cycle credits to {} for user with Supabase ID: {}",
|
||||
credits,
|
||||
LogRedactionUtils.redactSupabaseId(supabaseId));
|
||||
return ResponseEntity.ok(Map.of("success", true, "cycleCredits", credits));
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.warn("setCycleCreditsBySupabaseId rejected: {}", e.getMessage());
|
||||
return ResponseEntity.badRequest().body(Map.of("error", "Invalid request"));
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/usage")
|
||||
@Hidden
|
||||
@Operation(
|
||||
summary = "Get credit usage summary",
|
||||
description = "Get overview of credit usage (for authenticated user or admin view)")
|
||||
public ResponseEntity<UsageSummary> getCreditUsage(Authentication authentication) {
|
||||
CreditSummary summary = getCreditSummaryForAuthentication(authentication);
|
||||
|
||||
// For unlimited users, don't show meaningless huge usage numbers
|
||||
int cycleCreditsUsed =
|
||||
summary.unlimited
|
||||
? 0
|
||||
: (summary.cycleCreditsAllocated - summary.cycleCreditsRemaining);
|
||||
|
||||
UsageSummary usage =
|
||||
new UsageSummary(
|
||||
cycleCreditsUsed,
|
||||
summary.totalBoughtCredits - summary.boughtCreditsRemaining,
|
||||
summary.totalAvailableCredits,
|
||||
summary.unlimited);
|
||||
|
||||
return ResponseEntity.ok(usage);
|
||||
}
|
||||
|
||||
/** Resolves the current authentication to a credit summary, handling JWT and API-key auth. */
|
||||
private CreditSummary getCreditSummaryForAuthentication(Authentication authentication) {
|
||||
if (authentication instanceof EnhancedJwtAuthenticationToken enhancedJwt) {
|
||||
return creditService.getCreditSummaryBySupabaseId(enhancedJwt.getSupabaseId());
|
||||
}
|
||||
if (authentication instanceof ApiKeyAuthenticationToken apiKeyToken) {
|
||||
String apiKey = (String) apiKeyToken.getCredentials();
|
||||
// Principal is the resolved User entity (per SupabaseAuthenticationFilter). Prefer the
|
||||
// linked Supabase ID; fall back to API-key-keyed credits if there's no supabase link
|
||||
// or no User row (e.g. legacy API-key-only deployments).
|
||||
if (apiKeyToken.getPrincipal() instanceof User user && user.getSupabaseId() != null) {
|
||||
return creditService.getCreditSummaryBySupabaseId(user.getSupabaseId().toString());
|
||||
}
|
||||
return creditService.getCreditSummaryByApiKey(apiKey);
|
||||
}
|
||||
return creditService.getCreditSummaryBySupabaseId(authentication.getName());
|
||||
}
|
||||
|
||||
public static class UsageSummary {
|
||||
public final int cycleCreditsUsed;
|
||||
public final int boughtCreditsUsed;
|
||||
public final int creditsRemaining;
|
||||
public final boolean unlimited;
|
||||
|
||||
public UsageSummary(
|
||||
int cycleCreditsUsed,
|
||||
int boughtCreditsUsed,
|
||||
int creditsRemaining,
|
||||
boolean unlimited) {
|
||||
this.cycleCreditsUsed = cycleCreditsUsed;
|
||||
this.boughtCreditsUsed = boughtCreditsUsed;
|
||||
this.creditsRemaining = creditsRemaining;
|
||||
this.unlimited = unlimited;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,307 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import io.micrometer.core.instrument.Counter;
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.common.annotations.AutoJobPostMapping;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.ErrorTrackingService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
/**
|
||||
* Scoped to controllers annotated with {@link AutoJobPostMapping} so it doesn't hijack the global
|
||||
* exception flow.
|
||||
*/
|
||||
// Legacy credit-billing error advice. PAYG handles its own error semantics via
|
||||
// PaygChargeInterceptor — disabled by default in saas, activate legacy-credits profile if needed.
|
||||
@RestControllerAdvice(annotations = AutoJobPostMapping.class)
|
||||
@Profile("saas & legacy-credits")
|
||||
@Slf4j
|
||||
@Order(1)
|
||||
public class CreditErrorAdvice {
|
||||
|
||||
private static final String ATTR_ELIGIBLE = "CREDIT_ELIGIBLE";
|
||||
private static final String ATTR_APIKEY = "CREDIT_API_KEY";
|
||||
private static final String ATTR_CHARGED = "CREDIT_CHARGED";
|
||||
private static final String ATTR_RESOURCE_WEIGHT = "CREDIT_RESOURCE_WEIGHT";
|
||||
|
||||
private final CreditService creditService;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final UserRepository userRepository;
|
||||
private final ErrorTrackingService errorTrackingService;
|
||||
private final SaasTeamExtensionService saasTeamExtensionService;
|
||||
private final CreditHeaderUtils creditHeaderUtils;
|
||||
private final Counter creditsConsumedCounter;
|
||||
// Inlined: Stirling's parent build uses Jackson 3 (tools.jackson), no Jackson 2 ObjectMapper
|
||||
// bean in the context. Stateless usage, so a fresh instance is fine.
|
||||
private final ObjectMapper objectMapper = new ObjectMapper();
|
||||
|
||||
public CreditErrorAdvice(
|
||||
CreditService creditService,
|
||||
TeamCreditService teamCreditService,
|
||||
UserRepository userRepository,
|
||||
ErrorTrackingService errorTrackingService,
|
||||
SaasTeamExtensionService saasTeamExtensionService,
|
||||
CreditHeaderUtils creditHeaderUtils,
|
||||
MeterRegistry meterRegistry) {
|
||||
this.creditService = creditService;
|
||||
this.teamCreditService = teamCreditService;
|
||||
this.userRepository = userRepository;
|
||||
this.errorTrackingService = errorTrackingService;
|
||||
this.saasTeamExtensionService = saasTeamExtensionService;
|
||||
this.creditHeaderUtils = creditHeaderUtils;
|
||||
this.creditsConsumedCounter =
|
||||
Counter.builder("credits.consumed")
|
||||
.description("Number of credits actually consumed")
|
||||
.tag("source", "error")
|
||||
.register(meterRegistry);
|
||||
}
|
||||
|
||||
@ExceptionHandler(Throwable.class)
|
||||
public ResponseEntity<Object> handleThrowable(HttpServletRequest request, Throwable ex) {
|
||||
HttpStatus status = determineHttpStatus(ex);
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: Handling exception: {} -> {}",
|
||||
ex.getClass().getSimpleName(),
|
||||
status);
|
||||
|
||||
String message = Optional.ofNullable(ex.getMessage()).orElse("An error occurred");
|
||||
// Build error body
|
||||
Map<String, Object> body = new HashMap<>();
|
||||
body.put("error", ex.getClass().getSimpleName());
|
||||
body.put("message", message);
|
||||
body.put("status", status.value());
|
||||
|
||||
var builder = ResponseEntity.status(status);
|
||||
|
||||
// Handle credit consumption for errors
|
||||
if (Boolean.TRUE.equals(request.getAttribute(ATTR_ELIGIBLE))
|
||||
&& request.getAttribute(ATTR_CHARGED) == null) {
|
||||
|
||||
var apiKey = (String) request.getAttribute(ATTR_APIKEY);
|
||||
var resourceWeight = (Integer) request.getAttribute(ATTR_RESOURCE_WEIGHT);
|
||||
var isApiRequest = (Boolean) request.getAttribute("IS_API_REQUEST");
|
||||
int creditAmount = resourceWeight != null ? resourceWeight : 1;
|
||||
|
||||
String identifierForErrorTracking =
|
||||
apiKey; // Keep using apiKey/username for error tracking
|
||||
if (apiKey != null
|
||||
&& errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
identifierForErrorTracking,
|
||||
request.getRequestURI(),
|
||||
ex,
|
||||
status.value())) {
|
||||
|
||||
// Get current user
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
User user = null;
|
||||
try {
|
||||
user = AuthenticationUtils.getCurrentUser(auth, userRepository);
|
||||
} catch (Exception e) {
|
||||
log.warn(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: Could not get user for team check: {}",
|
||||
e.getMessage());
|
||||
}
|
||||
|
||||
if (user == null) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: Unable to resolve user - skipping credit consumption");
|
||||
} else {
|
||||
// Check if user is in a non-personal team (must match UnifiedCreditInterceptor
|
||||
// logic)
|
||||
Long targetTeamId = null;
|
||||
if (user.getTeam() != null
|
||||
&& !saasTeamExtensionService.isPersonal(user.getTeam())) {
|
||||
targetTeamId = user.getTeam().getId();
|
||||
}
|
||||
|
||||
boolean consumed = false;
|
||||
String creditSource = null;
|
||||
|
||||
if (targetTeamId != null) {
|
||||
// User is in a non-personal team - consume from team credit pool
|
||||
consumed = teamCreditService.consumeCredit(targetTeamId, creditAmount);
|
||||
creditSource = "TEAM_CREDITS";
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: Consumed {} credits from team {}",
|
||||
creditAmount,
|
||||
targetTeamId);
|
||||
} else {
|
||||
// No team - use waterfall logic for individual credits
|
||||
boolean isApiRequestFlag = Boolean.TRUE.equals(isApiRequest);
|
||||
CreditConsumptionResult result =
|
||||
creditService.consumeCreditWithWaterfall(
|
||||
user, creditAmount, isApiRequestFlag);
|
||||
consumed = result.isSuccess();
|
||||
creditSource = result.getSource();
|
||||
|
||||
if (!consumed) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: Credit consumption failed for user: {} - {}",
|
||||
user.getUsername(),
|
||||
result.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
if (consumed) {
|
||||
request.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
creditsConsumedCounter.increment();
|
||||
|
||||
// Set remaining credits header
|
||||
int remainingCredits =
|
||||
creditHeaderUtils.getRemainingCredits(
|
||||
user, creditService, teamCreditService);
|
||||
if (remainingCredits >= 0) {
|
||||
builder.header(
|
||||
"X-Credits-Remaining", Integer.toString(remainingCredits));
|
||||
log.warn(
|
||||
"[CREDIT-HEADER] Added X-Credits-Remaining header: {}",
|
||||
remainingCredits);
|
||||
}
|
||||
if (creditSource != null) {
|
||||
builder.header("X-Credit-Source", creditSource);
|
||||
}
|
||||
|
||||
log.info(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: {} credits consumed from {} for user: {} (error case)",
|
||||
creditAmount,
|
||||
creditSource,
|
||||
user.getUsername());
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] CreditErrorAdvice: ErrorTrackingService says do NOT consume credit for this error");
|
||||
}
|
||||
} else if (request.getAttribute(ATTR_CHARGED) != null) {
|
||||
// Already charged, set header if user is authenticated
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth != null && auth.isAuthenticated()) {
|
||||
try {
|
||||
User user = AuthenticationUtils.getCurrentUser(auth, userRepository);
|
||||
int remainingCredits =
|
||||
creditHeaderUtils.getRemainingCredits(
|
||||
user, creditService, teamCreditService);
|
||||
if (remainingCredits >= 0) {
|
||||
builder.header("X-Credits-Remaining", Integer.toString(remainingCredits));
|
||||
log.warn(
|
||||
"[CREDIT-HEADER] Added X-Credits-Remaining header: {}",
|
||||
remainingCredits);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.debug(
|
||||
"[CREDIT-HEADER] Could not add credits header for already charged error: {}",
|
||||
e.getMessage());
|
||||
}
|
||||
}
|
||||
log.debug("[CREDIT-DEBUG] CreditErrorAdvice: Header set for already charged error");
|
||||
}
|
||||
|
||||
if (isSseRequest(request)) {
|
||||
String payload = toJsonPayload(body);
|
||||
String sseBody = "event: error\ndata: " + payload + "\n\n";
|
||||
return builder.contentType(MediaType.TEXT_EVENT_STREAM).body(sseBody);
|
||||
}
|
||||
|
||||
return builder.body(body);
|
||||
}
|
||||
|
||||
private String maskApiKey(String apiKey) {
|
||||
if (apiKey == null || apiKey.length() < 8) {
|
||||
return "***";
|
||||
}
|
||||
return apiKey.substring(0, 4) + "***" + apiKey.substring(apiKey.length() - 4);
|
||||
}
|
||||
|
||||
private HttpStatus determineHttpStatus(Throwable throwable) {
|
||||
// Map common exceptions to HTTP status codes
|
||||
String exceptionClass = throwable.getClass().getSimpleName();
|
||||
switch (exceptionClass) {
|
||||
case "IllegalArgumentException":
|
||||
case "ValidationException":
|
||||
case "MethodArgumentNotValidException":
|
||||
return HttpStatus.BAD_REQUEST;
|
||||
case "AccessDeniedException":
|
||||
return HttpStatus.FORBIDDEN;
|
||||
case "UsernameNotFoundException":
|
||||
return HttpStatus.UNAUTHORIZED;
|
||||
case "HttpMessageNotReadableException":
|
||||
return HttpStatus.BAD_REQUEST;
|
||||
case "MaxUploadSizeExceededException":
|
||||
return HttpStatus.PAYLOAD_TOO_LARGE;
|
||||
case "UnsupportedOperationException":
|
||||
return HttpStatus.NOT_IMPLEMENTED;
|
||||
default:
|
||||
// Check error message for clues
|
||||
String message = throwable.getMessage();
|
||||
if (message != null) {
|
||||
if (message.toLowerCase().contains("validation")
|
||||
|| message.toLowerCase().contains("invalid parameter")) {
|
||||
return HttpStatus.BAD_REQUEST;
|
||||
}
|
||||
if (message.toLowerCase().contains("not found")) {
|
||||
return HttpStatus.NOT_FOUND;
|
||||
}
|
||||
}
|
||||
return HttpStatus.INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isSseRequest(HttpServletRequest request) {
|
||||
String accept = request.getHeader("Accept");
|
||||
if (accept != null && accept.contains(MediaType.TEXT_EVENT_STREAM_VALUE)) {
|
||||
return true;
|
||||
}
|
||||
String contentType = request.getContentType();
|
||||
return contentType != null && contentType.contains(MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
}
|
||||
|
||||
private String toJsonPayload(Map<String, Object> payload) {
|
||||
try {
|
||||
return objectMapper.writeValueAsString(payload);
|
||||
} catch (JsonProcessingException exc) {
|
||||
log.warn("Failed to serialize SSE error payload, falling back to string", exc);
|
||||
String message = payload.getOrDefault("message", "An error occurred").toString();
|
||||
return "{\"error\":\"Error\",\"message\":\"" + message + "\",\"status\":500}";
|
||||
}
|
||||
}
|
||||
|
||||
public static class ErrorResponse {
|
||||
public final String error;
|
||||
public final String message;
|
||||
public final int status;
|
||||
|
||||
public ErrorResponse(String error, String message, int status) {
|
||||
this.error = error;
|
||||
this.message = message;
|
||||
this.status = status;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,228 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.core.MethodParameter;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.converter.HttpMessageConverter;
|
||||
import org.springframework.http.server.ServerHttpRequest;
|
||||
import org.springframework.http.server.ServerHttpResponse;
|
||||
import org.springframework.http.server.ServletServerHttpRequest;
|
||||
import org.springframework.http.server.ServletServerHttpResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
|
||||
|
||||
import io.micrometer.core.instrument.Counter;
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
// Legacy credit-billing success advice. PAYG writes its own ledger entries via
|
||||
// JobChargeService — disabled by default in saas, activate legacy-credits profile if needed.
|
||||
@RestControllerAdvice
|
||||
@Profile("saas & legacy-credits")
|
||||
@Slf4j
|
||||
public class CreditSuccessAdvice implements ResponseBodyAdvice<Object> {
|
||||
|
||||
private static final String ATTR_ELIGIBLE = "CREDIT_ELIGIBLE";
|
||||
private static final String ATTR_APIKEY = "CREDIT_API_KEY";
|
||||
private static final String ATTR_CHARGED = "CREDIT_CHARGED";
|
||||
private static final String ATTR_RESOURCE_WEIGHT = "CREDIT_RESOURCE_WEIGHT";
|
||||
|
||||
private final CreditService creditService;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final UserRepository userRepository;
|
||||
private final SaasTeamExtensionService saasTeamExtensionService;
|
||||
private final CreditHeaderUtils creditHeaderUtils;
|
||||
private final Counter creditsConsumedCounter;
|
||||
|
||||
public CreditSuccessAdvice(
|
||||
CreditService creditService,
|
||||
TeamCreditService teamCreditService,
|
||||
UserRepository userRepository,
|
||||
SaasTeamExtensionService saasTeamExtensionService,
|
||||
CreditHeaderUtils creditHeaderUtils,
|
||||
MeterRegistry meterRegistry) {
|
||||
this.creditService = creditService;
|
||||
this.teamCreditService = teamCreditService;
|
||||
this.userRepository = userRepository;
|
||||
this.saasTeamExtensionService = saasTeamExtensionService;
|
||||
this.creditHeaderUtils = creditHeaderUtils;
|
||||
this.creditsConsumedCounter =
|
||||
Counter.builder("credits.consumed")
|
||||
.description("Number of credits actually consumed")
|
||||
.tag("source", "success")
|
||||
.register(meterRegistry);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(
|
||||
MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
|
||||
// Only REST bodies; this covers @ResponseBody and ResponseEntity
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object beforeBodyWrite(
|
||||
Object body,
|
||||
MethodParameter returnType,
|
||||
MediaType selectedContentType,
|
||||
Class<? extends HttpMessageConverter<?>> selectedConverterType,
|
||||
ServerHttpRequest request,
|
||||
ServerHttpResponse response) {
|
||||
|
||||
if (!(request instanceof ServletServerHttpRequest)) {
|
||||
return body;
|
||||
}
|
||||
|
||||
var servletReq = ((ServletServerHttpRequest) request).getServletRequest();
|
||||
if (!Boolean.TRUE.equals(servletReq.getAttribute(ATTR_ELIGIBLE))) {
|
||||
return body;
|
||||
}
|
||||
|
||||
if (servletReq.getAttribute(ATTR_CHARGED) != null) {
|
||||
return body;
|
||||
}
|
||||
|
||||
// If the handler returned an error ResponseEntity (>=400) without throwing,
|
||||
// don't spend here; the error advice will decide.
|
||||
int status = 200;
|
||||
if (response instanceof ServletServerHttpResponse) {
|
||||
status = ((ServletServerHttpResponse) response).getServletResponse().getStatus();
|
||||
}
|
||||
if (status >= 400) {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Error status {} detected, skipping credit consumption",
|
||||
status);
|
||||
return body;
|
||||
}
|
||||
|
||||
var apiKey = (String) servletReq.getAttribute(ATTR_APIKEY);
|
||||
var resourceWeight = (Integer) servletReq.getAttribute(ATTR_RESOURCE_WEIGHT);
|
||||
var isApiRequest = (Boolean) servletReq.getAttribute("IS_API_REQUEST");
|
||||
int creditAmount = resourceWeight != null ? resourceWeight : 1;
|
||||
|
||||
if (apiKey != null) {
|
||||
// Get current user
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
User user = null;
|
||||
try {
|
||||
user = AuthenticationUtils.getCurrentUser(auth, userRepository);
|
||||
} catch (Exception e) {
|
||||
log.warn(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Could not get user for team check: {}",
|
||||
e.getMessage());
|
||||
}
|
||||
|
||||
if (user == null) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Unable to resolve user - skipping credit consumption");
|
||||
return body;
|
||||
}
|
||||
|
||||
// Check if user is in a non-personal team (must match UnifiedCreditInterceptor logic)
|
||||
// IMPORTANT: Limited API users (anonymous, extra limited) always use personal credits,
|
||||
// never team credits
|
||||
boolean isLimitedApiUser =
|
||||
auth.getAuthorities().stream()
|
||||
.anyMatch(
|
||||
authority ->
|
||||
"ROLE_LIMITED_API_USER".equals(authority.getAuthority())
|
||||
|| "ROLE_EXTRA_LIMITED_API_USER"
|
||||
.equals(authority.getAuthority()));
|
||||
Long targetTeamId = null;
|
||||
if (!isLimitedApiUser
|
||||
&& user.getTeam() != null
|
||||
&& !saasTeamExtensionService.isPersonal(user.getTeam())) {
|
||||
targetTeamId = user.getTeam().getId();
|
||||
}
|
||||
|
||||
final boolean consumed;
|
||||
final String creditSource;
|
||||
|
||||
if (targetTeamId != null) {
|
||||
// User is in a non-personal team - use waterfall with leader overage
|
||||
CreditConsumptionResult result =
|
||||
teamCreditService.consumeCreditWithWaterfall(targetTeamId, creditAmount);
|
||||
consumed = result.isSuccess();
|
||||
creditSource = result.getSource();
|
||||
|
||||
if (!consumed) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Team credit consumption failed:"
|
||||
+ " {}",
|
||||
result.getMessage());
|
||||
} else {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Consumed {} credits from team {}"
|
||||
+ " via {}",
|
||||
creditAmount,
|
||||
targetTeamId,
|
||||
creditSource);
|
||||
}
|
||||
} else {
|
||||
// No team - use waterfall logic for individual credits
|
||||
boolean isApiRequestFlag = Boolean.TRUE.equals(isApiRequest);
|
||||
CreditConsumptionResult result =
|
||||
creditService.consumeCreditWithWaterfall(
|
||||
user, creditAmount, isApiRequestFlag);
|
||||
consumed = result.isSuccess();
|
||||
creditSource = result.getSource();
|
||||
|
||||
if (!consumed) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: Credit consumption failed for user: {} - {}",
|
||||
user.getUsername(),
|
||||
result.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
if (consumed) {
|
||||
servletReq.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
creditsConsumedCounter.increment();
|
||||
|
||||
// Set remaining credits header
|
||||
int remainingCredits =
|
||||
creditHeaderUtils.getRemainingCredits(
|
||||
user, creditService, teamCreditService);
|
||||
if (remainingCredits >= 0) {
|
||||
response.getHeaders()
|
||||
.set("X-Credits-Remaining", Integer.toString(remainingCredits));
|
||||
log.warn(
|
||||
"[CREDIT-HEADER] Added X-Credits-Remaining header: {}",
|
||||
remainingCredits);
|
||||
}
|
||||
if (creditSource != null) {
|
||||
response.getHeaders().set("X-Credit-Source", creditSource);
|
||||
}
|
||||
|
||||
log.info(
|
||||
"[CREDIT-DEBUG] CreditSuccessAdvice: {} credits consumed from {} for user: {}",
|
||||
creditAmount,
|
||||
creditSource,
|
||||
user.getUsername());
|
||||
}
|
||||
} else {
|
||||
log.warn("[CREDIT-DEBUG] CreditSuccessAdvice: No apiKey attribute found");
|
||||
}
|
||||
|
||||
return body;
|
||||
}
|
||||
|
||||
private String maskApiKey(String apiKey) {
|
||||
if (apiKey == null || apiKey.length() < 8) {
|
||||
return "***";
|
||||
}
|
||||
return apiKey.substring(0, 4) + "***" + apiKey.substring(apiKey.length() - 4);
|
||||
}
|
||||
}
|
||||
-493
@@ -1,493 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.AsyncHandlerInterceptor;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import io.micrometer.core.instrument.Counter;
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import io.micrometer.core.instrument.Timer;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.common.annotations.AutoJobPostMapping;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.ApiKeyAuthenticationToken;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.UserCredit;
|
||||
import stirling.software.saas.repository.TeamMembershipRepository;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.ErrorTrackingService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.SaasUserExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
|
||||
// Legacy credit-billing interceptor. PAYG replaces this with PaygChargeInterceptor — disabled
|
||||
// by default in saas, activate legacy-credits profile to bring it back.
|
||||
@Component
|
||||
@Profile("saas & legacy-credits")
|
||||
@Slf4j
|
||||
public class UnifiedCreditInterceptor implements AsyncHandlerInterceptor {
|
||||
|
||||
private final CreditService creditService;
|
||||
private final ErrorTrackingService errorTrackingService;
|
||||
private final CreditsProperties creditsProperties;
|
||||
private final UserRepository userRepository;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final TeamMembershipRepository membershipRepository;
|
||||
private final SaasUserExtensionService saasUserExtensionService;
|
||||
private final SaasTeamExtensionService saasTeamExtensionService;
|
||||
|
||||
private final Counter creditsCheckedCounter;
|
||||
private final Counter creditsRejectedCounter;
|
||||
private final Counter jwtBypassCounter;
|
||||
private final Timer creditCheckTimer;
|
||||
|
||||
private static final String ATTR_CREDIT_ELIGIBLE = "CREDIT_ELIGIBLE";
|
||||
private static final String ATTR_API_KEY = "CREDIT_API_KEY";
|
||||
private static final String ATTR_RESOURCE_WEIGHT = "CREDIT_RESOURCE_WEIGHT";
|
||||
private static final String ATTR_CHARGED = "CREDIT_CHARGED";
|
||||
|
||||
public UnifiedCreditInterceptor(
|
||||
CreditService creditService,
|
||||
ErrorTrackingService errorTrackingService,
|
||||
CreditsProperties creditsProperties,
|
||||
UserRepository userRepository,
|
||||
TeamCreditService teamCreditService,
|
||||
TeamMembershipRepository membershipRepository,
|
||||
SaasUserExtensionService saasUserExtensionService,
|
||||
SaasTeamExtensionService saasTeamExtensionService,
|
||||
MeterRegistry meterRegistry) {
|
||||
this.creditService = creditService;
|
||||
this.errorTrackingService = errorTrackingService;
|
||||
this.creditsProperties = creditsProperties;
|
||||
this.userRepository = userRepository;
|
||||
this.teamCreditService = teamCreditService;
|
||||
this.membershipRepository = membershipRepository;
|
||||
this.saasUserExtensionService = saasUserExtensionService;
|
||||
this.saasTeamExtensionService = saasTeamExtensionService;
|
||||
|
||||
this.creditsCheckedCounter =
|
||||
Counter.builder("credits.validation.checked")
|
||||
.description("Number of requests that had credit validation performed")
|
||||
.register(meterRegistry);
|
||||
this.creditsRejectedCounter =
|
||||
Counter.builder("credits.validation.rejected")
|
||||
.description("Number of requests rejected due to insufficient credits")
|
||||
.register(meterRegistry);
|
||||
this.jwtBypassCounter =
|
||||
Counter.builder("credits.validation.jwt_bypass")
|
||||
.description("Number of JWT requests that bypassed credit validation")
|
||||
.register(meterRegistry);
|
||||
this.creditCheckTimer =
|
||||
Timer.builder("credits.validation.duration")
|
||||
.description("Time taken to validate credits")
|
||||
.register(meterRegistry);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean preHandle(
|
||||
HttpServletRequest request, HttpServletResponse response, Object handler)
|
||||
throws Exception {
|
||||
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] UnifiedCreditInterceptor.preHandle() - handler: {}",
|
||||
handler.getClass().getSimpleName());
|
||||
|
||||
// Credits system disabled - allow all requests
|
||||
if (!creditsProperties.isEnabled()) {
|
||||
log.debug("[CREDIT-DEBUG] Credits system disabled - allowing request");
|
||||
return true;
|
||||
}
|
||||
|
||||
// Only apply to @AutoJobPostMapping endpoints and extract resource weight
|
||||
if (!(handler instanceof HandlerMethod hm)
|
||||
|| !hm.getMethod().isAnnotationPresent(AutoJobPostMapping.class)) {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Handler not eligible for credit validation (no @AutoJobPostMapping)");
|
||||
return true;
|
||||
}
|
||||
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Authentication: {}",
|
||||
auth != null ? auth.getClass().getSimpleName() : "null");
|
||||
|
||||
User currentUser = null;
|
||||
|
||||
// API key authentication always needs credit validation
|
||||
if (auth instanceof ApiKeyAuthenticationToken) {
|
||||
// API key users - proceed with normal credit validation
|
||||
currentUser = (User) auth.getPrincipal();
|
||||
} else if (auth != null && auth.isAuthenticated()) {
|
||||
// JWT users - get user from authentication details
|
||||
// JwtAuthenticationToken.getPrincipal() might not be a User object
|
||||
// so we need to look up the user by the Supabase ID from auth.getName()
|
||||
|
||||
String supabaseId = AuthenticationUtils.extractSupabaseId(auth);
|
||||
log.debug("[CREDIT-DEBUG] JWT authentication detected, Supabase ID: {}", supabaseId);
|
||||
|
||||
// Look up the User object that should exist (authentication succeeded)
|
||||
try {
|
||||
java.util.UUID supabaseUuid = java.util.UUID.fromString(supabaseId);
|
||||
java.util.Optional<User> userOpt = userRepository.findBySupabaseId(supabaseUuid);
|
||||
if (userOpt.isEmpty()) {
|
||||
log.error(
|
||||
"[CREDIT-DEBUG] JWT authenticated but no User found for Supabase ID: {}",
|
||||
supabaseId);
|
||||
response.setStatus(500);
|
||||
response.setContentType("application/json");
|
||||
response.getWriter()
|
||||
.write(
|
||||
"{\"error\":\"USER_NOT_FOUND\",\"message\":\"Authenticated user not found in database\",\"status\":500}");
|
||||
return false;
|
||||
}
|
||||
currentUser = userOpt.get();
|
||||
|
||||
if (shouldApplyCreditsToJwtUser(currentUser)) {
|
||||
// Anonymous users or other limited JWT users should consume credits
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] JWT user {} subject to credit validation due to limited role",
|
||||
currentUser.getUsername());
|
||||
} else {
|
||||
jwtBypassCounter.increment();
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] JWT user {} bypassing credit validation (unlimited role)",
|
||||
currentUser.getUsername());
|
||||
return true;
|
||||
}
|
||||
} catch (IllegalArgumentException e) {
|
||||
log.error("[CREDIT-DEBUG] Invalid Supabase ID format: {}", supabaseId);
|
||||
response.setStatus(400);
|
||||
response.setContentType("application/json");
|
||||
response.getWriter()
|
||||
.write(
|
||||
"{\"error\":\"INVALID_USER_ID\",\"message\":\"Invalid user identifier format\",\"status\":400}");
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
// SECURITY: Block all non-authenticated requests
|
||||
log.warn(
|
||||
"[CREDIT-DEBUG] Non-authenticated request blocked - authentication required for credit-controlled endpoints");
|
||||
response.setStatus(401); // 401 Unauthorized
|
||||
response.setContentType("application/json");
|
||||
response.getWriter()
|
||||
.write(
|
||||
"{\"error\":\"AUTHENTICATION_REQUIRED\",\"message\":\"Authentication required to access this endpoint\",\"status\":401}");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Extract resource weight from annotation
|
||||
AutoJobPostMapping annotation = hm.getMethod().getAnnotation(AutoJobPostMapping.class);
|
||||
int resourceWeight =
|
||||
Math.max(1, Math.min(100, annotation.resourceWeight())); // Clamp to 1-100
|
||||
|
||||
String apiKey = getApiKeyForUser(auth, currentUser);
|
||||
String maskedApiKey = maskApiKey(apiKey);
|
||||
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Credit validation for user: {}, API key: {}, resource weight: {}",
|
||||
currentUser.getUsername(),
|
||||
maskedApiKey,
|
||||
resourceWeight);
|
||||
|
||||
// Track that we're performing credit validation
|
||||
creditsCheckedCounter.increment();
|
||||
|
||||
// Check if user has SUFFICIENT credits for this operation (with timing)
|
||||
Timer.Sample sample = Timer.start();
|
||||
boolean hasSufficientCredits;
|
||||
int availableCredits = 0;
|
||||
|
||||
// Check if user is a limited API user (anonymous, extra limited)
|
||||
// Limited API users always use personal credits, never team credits
|
||||
boolean isLimitedApiUser =
|
||||
currentUser.getAuthorities().stream()
|
||||
.anyMatch(
|
||||
authority ->
|
||||
"ROLE_LIMITED_API_USER".equals(authority.getAuthority())
|
||||
|| "ROLE_EXTRA_LIMITED_API_USER"
|
||||
.equals(authority.getAuthority()));
|
||||
|
||||
if (auth instanceof ApiKeyAuthenticationToken) {
|
||||
// API key auth - get credit balance
|
||||
java.util.Optional<UserCredit> userCreditsOpt =
|
||||
creditService.getUserCreditsByApiKey(apiKey);
|
||||
availableCredits = userCreditsOpt.map(UserCredit::getTotalAvailableCredits).orElse(0);
|
||||
hasSufficientCredits = availableCredits >= resourceWeight;
|
||||
} else {
|
||||
// JWT user - check team credits if user is in a non-personal team, otherwise personal
|
||||
// credits
|
||||
Long teamId = null;
|
||||
if (!isLimitedApiUser
|
||||
&& currentUser.getTeam() != null
|
||||
&& !saasTeamExtensionService.isPersonal(currentUser.getTeam())) {
|
||||
teamId = currentUser.getTeam().getId();
|
||||
}
|
||||
|
||||
if (teamId != null) {
|
||||
// User is in a non-personal team - check team credits + leader overage billing
|
||||
java.util.Optional<TeamCredit> teamCredits =
|
||||
teamCreditService.getTeamCredits(teamId);
|
||||
availableCredits = teamCredits.map(TeamCredit::getTotalAvailableCredits).orElse(0);
|
||||
|
||||
// Check if sufficient credits OR team leader has metered billing
|
||||
boolean hasTeamCredits = availableCredits >= resourceWeight;
|
||||
boolean leaderHasMetered = checkTeamLeaderMeteredBilling(currentUser.getTeam());
|
||||
|
||||
hasSufficientCredits = hasTeamCredits || leaderHasMetered;
|
||||
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Checking team {} credits for user {}: available={}"
|
||||
+ " required={} hasCredits={} leaderMetered={} sufficient={}",
|
||||
teamId,
|
||||
currentUser.getUsername(),
|
||||
availableCredits,
|
||||
resourceWeight,
|
||||
hasTeamCredits,
|
||||
leaderHasMetered,
|
||||
hasSufficientCredits);
|
||||
} else {
|
||||
// Personal team or no team - check personal credits
|
||||
UserCredit userCredits = creditService.getOrCreateUserCredits(currentUser);
|
||||
availableCredits = userCredits.getTotalAvailableCredits();
|
||||
hasSufficientCredits = availableCredits >= resourceWeight;
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Checking personal credits for user {}: available={} required={} sufficient={}",
|
||||
currentUser.getUsername(),
|
||||
availableCredits,
|
||||
resourceWeight,
|
||||
hasSufficientCredits);
|
||||
}
|
||||
}
|
||||
sample.stop(creditCheckTimer);
|
||||
|
||||
// Check if user has metered billing enabled (they can use overage credits even with
|
||||
// insufficient free credits)
|
||||
boolean hasMeteredBilling = saasUserExtensionService.isMeteredBillingEnabled(currentUser);
|
||||
|
||||
if (!hasSufficientCredits && !hasMeteredBilling) {
|
||||
creditsRejectedCounter.increment();
|
||||
|
||||
// Enhanced message for team members
|
||||
// Note: Limited API users always use personal credits, so they get personal message
|
||||
String message;
|
||||
if (!isLimitedApiUser
|
||||
&& currentUser.getTeam() != null
|
||||
&& !saasTeamExtensionService.isPersonal(currentUser.getTeam())) {
|
||||
message =
|
||||
"Insufficient team credits. Team leader must enable overage billing for"
|
||||
+ " uninterrupted service.";
|
||||
} else {
|
||||
message =
|
||||
"Insufficient API credits. Please purchase more credits or wait for your"
|
||||
+ " monthly cycle credits to reset.";
|
||||
}
|
||||
|
||||
log.warn(
|
||||
"[CREDIT-DEBUG] Credit validation rejected - Method: {}, URI: {}, IP: {},"
|
||||
+ " User-Agent: {}, User: {}, Supabase ID: {}, Reason: {}",
|
||||
request.getMethod(),
|
||||
request.getRequestURI(),
|
||||
getClientIpAddress(request),
|
||||
request.getHeader("User-Agent"),
|
||||
currentUser.getUsername(),
|
||||
currentUser.getSupabaseId(),
|
||||
message);
|
||||
|
||||
response.setStatus(429); // 429 Too Many Requests
|
||||
response.setContentType("application/json");
|
||||
response.getWriter()
|
||||
.write(
|
||||
String.format(
|
||||
"{\"error\":\"INSUFFICIENT_CREDITS\",\"message\":\"%s\",\"status\":429}",
|
||||
message));
|
||||
response.getWriter().flush();
|
||||
return false;
|
||||
}
|
||||
|
||||
// Log when metered billing users are using overage credits
|
||||
if (!hasSufficientCredits && hasMeteredBilling) {
|
||||
log.info(
|
||||
"[CREDIT-DEBUG] Metered billing user {} proceeding with insufficient free credits (have: {}, need: {}) - will use overage credits (billed monthly)",
|
||||
currentUser.getUsername(),
|
||||
availableCredits,
|
||||
resourceWeight);
|
||||
}
|
||||
|
||||
// Mark request as eligible for credit consumption
|
||||
request.setAttribute(ATTR_CREDIT_ELIGIBLE, Boolean.TRUE);
|
||||
request.setAttribute(ATTR_API_KEY, apiKey);
|
||||
request.setAttribute(ATTR_RESOURCE_WEIGHT, resourceWeight);
|
||||
|
||||
// Store whether this is API key or JWT authentication for advice classes
|
||||
boolean isApiKeyAuth = auth instanceof ApiKeyAuthenticationToken;
|
||||
request.setAttribute("IS_API_KEY_AUTH", isApiKeyAuth);
|
||||
|
||||
// Store IS_API_REQUEST for waterfall logic (API key requests always consume credits)
|
||||
request.setAttribute("IS_API_REQUEST", isApiKeyAuth);
|
||||
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Credit validation passed - request marked as eligible for consumption (will consume after success/error)");
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postHandle(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
Object handler,
|
||||
ModelAndView modelAndView)
|
||||
throws Exception {
|
||||
// Success path now handled by CreditSuccessAdvice - no spending in postHandle anymore
|
||||
log.debug("[CREDIT-DEBUG] postHandle: Success path will be handled by CreditSuccessAdvice");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterCompletion(
|
||||
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
|
||||
throws Exception {
|
||||
// Error path now handled by CreditErrorAdvice - no spending in afterCompletion anymore
|
||||
if (ex != null) {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] afterCompletion: Error path will be handled by CreditErrorAdvice: {}",
|
||||
ex.getClass().getSimpleName());
|
||||
} else {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] afterCompletion: Success path already handled by CreditSuccessAdvice");
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterConcurrentHandlingStarted(
|
||||
HttpServletRequest request, HttpServletResponse response, Object handler)
|
||||
throws Exception {
|
||||
// For async requests (Callable, DeferredResult, etc.), prevent duplicate processing
|
||||
// The actual postHandle/afterCompletion will be called when async processing completes
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] afterConcurrentHandlingStarted: Async processing started - skipping interceptor logic");
|
||||
}
|
||||
|
||||
private String maskApiKey(String apiKey) {
|
||||
if (apiKey == null || apiKey.length() < 8) {
|
||||
return "***";
|
||||
}
|
||||
return apiKey.substring(0, 4) + "***" + apiKey.substring(apiKey.length() - 4);
|
||||
}
|
||||
|
||||
private String getClientIpAddress(HttpServletRequest request) {
|
||||
String xForwardedFor = request.getHeader("X-Forwarded-For");
|
||||
if (xForwardedFor != null && !xForwardedFor.isEmpty()) {
|
||||
return xForwardedFor.split(",")[0].trim();
|
||||
}
|
||||
|
||||
String xRealIp = request.getHeader("X-Real-IP");
|
||||
if (xRealIp != null && !xRealIp.isEmpty()) {
|
||||
return xRealIp;
|
||||
}
|
||||
|
||||
return request.getRemoteAddr();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if credit limits should apply to a JWT user.
|
||||
*
|
||||
* <p>Rules:
|
||||
*
|
||||
* <ul>
|
||||
* <li>Metered billing users: always consume (free tier first, then report overage to Stripe)
|
||||
* <li>Anonymous users: consume credits (web/API)
|
||||
* <li>Regular users: consume credits (web/API)
|
||||
* <li>Pro users: unlimited on web UI (waterfall logic handles this), but subject to checks
|
||||
* <li>API users: always consume credits
|
||||
* <li>Internal API users: unlimited everywhere
|
||||
* <li>Admin users: unlimited everywhere
|
||||
* </ul>
|
||||
*/
|
||||
private boolean shouldApplyCreditsToJwtUser(User user) {
|
||||
String roles = user.getRolesAsString();
|
||||
|
||||
// Internal API users are unlimited everywhere (for backend internal operations)
|
||||
if (roles.contains("STIRLING-PDF-BACKEND-API-USER")) {
|
||||
log.debug("[CREDIT-DEBUG] Internal API user {} - unlimited usage", user.getUsername());
|
||||
return false;
|
||||
}
|
||||
|
||||
// Pro users: Let them through to waterfall logic
|
||||
// (Pro gets unlimited UI but API still consumes credits)
|
||||
if (roles.contains("ROLE_PRO_USER")) {
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] Pro user {} - will be handled by waterfall logic",
|
||||
user.getUsername());
|
||||
return true; // Changed from false - let waterfall handle Pro exemption
|
||||
}
|
||||
|
||||
// Admin users are unlimited everywhere
|
||||
if (roles.contains("ROLE_ADMIN")) {
|
||||
log.debug("[CREDIT-DEBUG] Admin user {} - unlimited usage", user.getUsername());
|
||||
return false;
|
||||
}
|
||||
|
||||
// All other users (anonymous, regular, limited API users, metered billing) consume credits
|
||||
log.debug(
|
||||
"[CREDIT-DEBUG] User {} with roles {} - subject to credit limits",
|
||||
user.getUsername(),
|
||||
roles);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the identifier for credit consumption. For API key users, use their actual API key. For
|
||||
* JWT users, use the Supabase ID as identifier (auth.getName() returns Supabase ID).
|
||||
*/
|
||||
private String getApiKeyForUser(Authentication auth, User user) {
|
||||
if (auth instanceof ApiKeyAuthenticationToken) {
|
||||
return user.getApiKey();
|
||||
} else {
|
||||
// For JWT users, return Supabase ID as the credit consumption identifier
|
||||
return AuthenticationUtils.extractSupabaseId(auth);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if team leader has metered billing enabled. This allows teams to use overage billing
|
||||
* when team credits are exhausted.
|
||||
*
|
||||
* @param team the team to check
|
||||
* @return true if team leader has metered billing enabled
|
||||
*/
|
||||
private boolean checkTeamLeaderMeteredBilling(stirling.software.proprietary.model.Team team) {
|
||||
if (team == null || team.getId() == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
try {
|
||||
java.util.List<stirling.software.saas.model.TeamMembership> leaders =
|
||||
membershipRepository.findByTeamIdAndRole(
|
||||
team.getId(),
|
||||
stirling.software.common.model.enumeration.TeamRole.LEADER);
|
||||
|
||||
if (leaders.isEmpty()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
User leader = leaders.get(0).getUser();
|
||||
return saasUserExtensionService.isMeteredBillingEnabled(leader);
|
||||
} catch (Exception e) {
|
||||
log.error("Error checking team leader metered billing: {}", e.getMessage());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,69 +0,0 @@
|
||||
package stirling.software.saas.model;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
|
||||
/**
|
||||
* Result of a credit consumption attempt with explicit waterfall logic. Indicates whether the
|
||||
* operation succeeded and which credit source was used.
|
||||
*/
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
public class CreditConsumptionResult {
|
||||
|
||||
/** Whether the credit consumption succeeded */
|
||||
private boolean success;
|
||||
|
||||
/**
|
||||
* The credit source used for this operation. Possible values: "PRO_PLAN" (Pro user with
|
||||
* unlimited UI access, no credits consumed); "CYCLE_CREDITS" (free monthly cycle credit
|
||||
* allocation); "BOUGHT_CREDITS" (one-time purchased credits); "METERED_SUBSCRIPTION"
|
||||
* (pay-what-you-use metered billing, reported to Stripe); null (operation failed; see message
|
||||
* for reason).
|
||||
*/
|
||||
private String source;
|
||||
|
||||
/** Human-readable message about the result */
|
||||
private String message;
|
||||
|
||||
/**
|
||||
* Creates a successful result for unlimited access (Pro plan UI requests).
|
||||
*
|
||||
* @param source The credit source (typically "PRO_PLAN")
|
||||
* @return CreditConsumptionResult indicating unlimited access
|
||||
*/
|
||||
public static CreditConsumptionResult unlimited(String source) {
|
||||
return new CreditConsumptionResult(true, source, "Unlimited access");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a successful result for credit consumption.
|
||||
*
|
||||
* @param source The credit source used
|
||||
* @return CreditConsumptionResult indicating success
|
||||
*/
|
||||
public static CreditConsumptionResult success(String source) {
|
||||
return new CreditConsumptionResult(true, source, "Credits consumed");
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a failure result.
|
||||
*
|
||||
* @param reason The reason for failure
|
||||
* @return CreditConsumptionResult indicating failure
|
||||
*/
|
||||
public static CreditConsumptionResult failure(String reason) {
|
||||
return new CreditConsumptionResult(false, null, reason);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a failure result with custom message.
|
||||
*
|
||||
* @param reason The reason code
|
||||
* @param message Custom human-readable message
|
||||
* @return CreditConsumptionResult indicating failure
|
||||
*/
|
||||
public static CreditConsumptionResult failure(String reason, String message) {
|
||||
return new CreditConsumptionResult(false, null, message != null ? message : reason);
|
||||
}
|
||||
}
|
||||
@@ -1,131 +0,0 @@
|
||||
package stirling.software.saas.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
import org.hibernate.annotations.CreationTimestamp;
|
||||
import org.hibernate.annotations.OnDelete;
|
||||
import org.hibernate.annotations.OnDeleteAction;
|
||||
import org.hibernate.annotations.UpdateTimestamp;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.OneToOne;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.Version;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
import stirling.software.proprietary.model.Team;
|
||||
|
||||
/** Shared credit pool for multi-member teams; see {@link UserCredit} for the per-user variant. */
|
||||
@Entity
|
||||
@Table(name = "team_credits")
|
||||
@NoArgsConstructor
|
||||
@Getter
|
||||
@Setter
|
||||
public class TeamCredit implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
@Column(name = "credit_id")
|
||||
private Long id;
|
||||
|
||||
@OneToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "team_id", nullable = false, unique = true)
|
||||
@OnDelete(action = OnDeleteAction.CASCADE)
|
||||
private Team team;
|
||||
|
||||
@Column(name = "cycle_credits_remaining")
|
||||
private Integer cycleCreditsRemaining = 0;
|
||||
|
||||
@Column(name = "cycle_credits_allocated")
|
||||
private Integer cycleCreditsAllocated = 0;
|
||||
|
||||
@Column(name = "bought_credits_remaining")
|
||||
private Integer boughtCreditsRemaining = 0;
|
||||
|
||||
@Column(name = "total_bought_credits")
|
||||
private Integer totalBoughtCredits = 0;
|
||||
|
||||
@Column(name = "last_cycle_reset_at")
|
||||
private LocalDateTime lastCycleResetAt;
|
||||
|
||||
@Column(name = "last_api_usage")
|
||||
private LocalDateTime lastApiUsage;
|
||||
|
||||
@Column(name = "total_api_calls_made")
|
||||
private Long totalApiCallsMade = 0L;
|
||||
|
||||
@CreationTimestamp
|
||||
@Column(name = "created_at", updatable = false)
|
||||
private LocalDateTime createdAt;
|
||||
|
||||
@UpdateTimestamp
|
||||
@Column(name = "updated_at")
|
||||
private LocalDateTime updatedAt;
|
||||
|
||||
@Version
|
||||
@Column(name = "version")
|
||||
private Long version;
|
||||
|
||||
public TeamCredit(Team team) {
|
||||
this.team = team;
|
||||
}
|
||||
|
||||
public int getTotalAvailableCredits() {
|
||||
return (cycleCreditsRemaining != null ? cycleCreditsRemaining : 0)
|
||||
+ (boughtCreditsRemaining != null ? boughtCreditsRemaining : 0);
|
||||
}
|
||||
|
||||
public boolean hasCreditsAvailable() {
|
||||
return getTotalAvailableCredits() > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Consume a credit from the team pool. Consumes cycle credits first, then bought credits.
|
||||
*
|
||||
* @return true if a credit was consumed, false if no credits available
|
||||
*/
|
||||
public boolean consumeCredit() {
|
||||
if (cycleCreditsRemaining != null && cycleCreditsRemaining > 0) {
|
||||
cycleCreditsRemaining--;
|
||||
totalApiCallsMade++;
|
||||
lastApiUsage = LocalDateTime.now();
|
||||
return true;
|
||||
} else if (boughtCreditsRemaining != null && boughtCreditsRemaining > 0) {
|
||||
boughtCreditsRemaining--;
|
||||
totalApiCallsMade++;
|
||||
lastApiUsage = LocalDateTime.now();
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public void addBoughtCredits(int credits) {
|
||||
if (credits > 0) {
|
||||
boughtCreditsRemaining =
|
||||
(boughtCreditsRemaining != null ? boughtCreditsRemaining : 0) + credits;
|
||||
totalBoughtCredits = (totalBoughtCredits != null ? totalBoughtCredits : 0) + credits;
|
||||
}
|
||||
}
|
||||
|
||||
public void resetCycleCredits(int cycleAllocation, LocalDateTime resetTime) {
|
||||
this.cycleCreditsAllocated = cycleAllocation;
|
||||
this.cycleCreditsRemaining = cycleAllocation;
|
||||
this.lastCycleResetAt = resetTime;
|
||||
}
|
||||
|
||||
public boolean isCycleResetDue(LocalDateTime lastScheduledReset) {
|
||||
return lastCycleResetAt == null || lastCycleResetAt.isBefore(lastScheduledReset);
|
||||
}
|
||||
}
|
||||
@@ -1,133 +0,0 @@
|
||||
package stirling.software.saas.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
import org.hibernate.annotations.CreationTimestamp;
|
||||
import org.hibernate.annotations.OnDelete;
|
||||
import org.hibernate.annotations.OnDeleteAction;
|
||||
import org.hibernate.annotations.UpdateTimestamp;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.GenerationType;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.Version;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
|
||||
/**
|
||||
* Per-user credit pool. Layers a renewable monthly cycle pool ({@code cycleCreditsRemaining}) over
|
||||
* a non-expiring purchased pool ({@code boughtCreditsRemaining}); cycle credits consume first.
|
||||
*/
|
||||
@Entity
|
||||
@Table(name = "user_credits")
|
||||
@NoArgsConstructor
|
||||
@Getter
|
||||
@Setter
|
||||
public class UserCredit implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
@Column(name = "credit_id")
|
||||
private Long id;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "user_id", nullable = false)
|
||||
@OnDelete(action = OnDeleteAction.CASCADE)
|
||||
private User user;
|
||||
|
||||
@Column(name = "cycle_credits_remaining")
|
||||
private Integer cycleCreditsRemaining = 0;
|
||||
|
||||
@Column(name = "cycle_credits_allocated")
|
||||
private Integer cycleCreditsAllocated = 0;
|
||||
|
||||
@Column(name = "bought_credits_remaining")
|
||||
private Integer boughtCreditsRemaining = 0;
|
||||
|
||||
@Column(name = "total_bought_credits")
|
||||
private Integer totalBoughtCredits = 0;
|
||||
|
||||
@Column(name = "last_cycle_reset_at")
|
||||
private LocalDateTime lastCycleResetAt;
|
||||
|
||||
@Column(name = "last_api_usage")
|
||||
private LocalDateTime lastApiUsage;
|
||||
|
||||
@Column(name = "total_api_calls_made")
|
||||
private Long totalApiCallsMade = 0L;
|
||||
|
||||
@CreationTimestamp
|
||||
@Column(name = "created_at", updatable = false)
|
||||
private LocalDateTime createdAt;
|
||||
|
||||
@UpdateTimestamp
|
||||
@Column(name = "updated_at")
|
||||
private LocalDateTime updatedAt;
|
||||
|
||||
@Version
|
||||
@Column(name = "version")
|
||||
private Long version;
|
||||
|
||||
public UserCredit(User user) {
|
||||
this.user = user;
|
||||
// Cycle credits are initialized by CreditService after this object is created,
|
||||
// typically during user registration or at the start of a new billing cycle,
|
||||
// using values from the application configuration.
|
||||
}
|
||||
|
||||
public int getTotalAvailableCredits() {
|
||||
return (cycleCreditsRemaining != null ? cycleCreditsRemaining : 0)
|
||||
+ (boughtCreditsRemaining != null ? boughtCreditsRemaining : 0);
|
||||
}
|
||||
|
||||
public boolean hasCreditsAvailable() {
|
||||
return getTotalAvailableCredits() > 0;
|
||||
}
|
||||
|
||||
public boolean consumeCredit() {
|
||||
// Consume cycle credits first, then bought credits.
|
||||
if (cycleCreditsRemaining != null && cycleCreditsRemaining > 0) {
|
||||
cycleCreditsRemaining--;
|
||||
totalApiCallsMade++;
|
||||
lastApiUsage = LocalDateTime.now();
|
||||
return true;
|
||||
} else if (boughtCreditsRemaining != null && boughtCreditsRemaining > 0) {
|
||||
boughtCreditsRemaining--;
|
||||
totalApiCallsMade++;
|
||||
lastApiUsage = LocalDateTime.now();
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public void addBoughtCredits(int credits) {
|
||||
if (credits > 0) {
|
||||
boughtCreditsRemaining =
|
||||
(boughtCreditsRemaining != null ? boughtCreditsRemaining : 0) + credits;
|
||||
totalBoughtCredits = (totalBoughtCredits != null ? totalBoughtCredits : 0) + credits;
|
||||
}
|
||||
}
|
||||
|
||||
public void resetCycleCredits(int cycleAllocation, LocalDateTime resetTime) {
|
||||
this.cycleCreditsAllocated = cycleAllocation;
|
||||
this.cycleCreditsRemaining = cycleAllocation;
|
||||
this.lastCycleResetAt = resetTime;
|
||||
}
|
||||
|
||||
public boolean isCycleResetDue(LocalDateTime lastScheduledReset) {
|
||||
return lastCycleResetAt == null || lastCycleResetAt.isBefore(lastScheduledReset);
|
||||
}
|
||||
}
|
||||
@@ -51,10 +51,9 @@ import stirling.software.saas.payg.wallet.WalletLedgerEntry;
|
||||
* The real-charging path lives in a separate follow-up and reuses the same orchestration — only the
|
||||
* side-effect (shadow row vs ledger entry + Stripe call) differs.
|
||||
*
|
||||
* <p>The {@code legacyCreditsCharged} field on the shadow row is set to {@code 0} here. When the
|
||||
* legacy {@code CreditService} is wired to call this service (separate PR), the legacy debit amount
|
||||
* becomes available and {@code diffPct} can be computed against it; until then the shadow row
|
||||
* captures the PAYG units only.
|
||||
* <p>The {@code legacyCreditsCharged} field on the shadow row is set to {@code 0}: the legacy
|
||||
* credit engine has been removed, so there is no legacy debit to compare against and {@code
|
||||
* diffPct} stays {@code 0}. The shadow row captures the PAYG units only.
|
||||
*/
|
||||
@Service
|
||||
@Profile("saas")
|
||||
@@ -281,8 +280,7 @@ public class JobChargeService {
|
||||
// Free-vs-paid split fixed at charge time: paid (metered) = paygUnits - freeUnitsConsumed,
|
||||
// and a refund restores freeUnitsConsumed to the team's grant.
|
||||
row.setFreeUnitsConsumed(freeUnitsConsumed);
|
||||
// No legacy comparison yet — wired when the shadow path is connected to the legacy
|
||||
// CreditService in the follow-up PR. Until then, diff stays at 0.
|
||||
// No legacy comparison: the legacy credit engine has been removed, so diff stays at 0.
|
||||
row.setLegacyCreditsCharged(0);
|
||||
row.setDiffPct(0);
|
||||
row.setStatus(ShadowChargeStatus.CHARGED);
|
||||
|
||||
+1
-3
@@ -53,9 +53,7 @@ import stirling.software.saas.payg.model.ProcessType;
|
||||
import stirling.software.saas.util.AuthenticationUtils;
|
||||
|
||||
/**
|
||||
* The hot-path PAYG interceptor. Mirrors the {@code UnifiedCreditInterceptor} shape: registered
|
||||
* after it in {@code PaygWebMvcConfig} so legacy credit-rejection short-circuits before we waste
|
||||
* work hashing inputs.
|
||||
* The hot-path PAYG interceptor, registered in {@code PaygWebMvcConfig}.
|
||||
*
|
||||
* <p>{@code preHandle}: gates on {@code @AutoJobPostMapping} OR {@code @RequiresFeature} (the
|
||||
* latter lets AI controllers — JSON-bodied, no AutoJobPostMapping — bill correctly), reads the
|
||||
|
||||
@@ -18,10 +18,8 @@ import stirling.software.saas.payg.entitlement.EntitlementGuard;
|
||||
* <li>{@link PaygResponseBodyWrapperFilter} as a Servlet filter — registered with no explicit
|
||||
* order so it sits at the end of the Spring filter chain (after all security filters). Pure
|
||||
* response-wrapping plumbing.
|
||||
* <li>{@link PaygChargeInterceptor} as a Spring MVC interceptor — registered AFTER {@code
|
||||
* UnifiedCreditInterceptor} so legacy credit rejections short-circuit before we hash inputs.
|
||||
* Both intercept {@code /api/**} with the same admin/info/health exclusions as the legacy
|
||||
* config.
|
||||
* <li>{@link PaygChargeInterceptor} as a Spring MVC interceptor — intercepts {@code /api/**} with
|
||||
* admin/info/health exclusions.
|
||||
* </ul>
|
||||
*/
|
||||
@Configuration
|
||||
@@ -42,10 +40,9 @@ public class PaygWebMvcConfig implements WebMvcConfigurer {
|
||||
}
|
||||
|
||||
/**
|
||||
* The {@code PaygChargeInterceptor} runs after the {@link #ENTITLEMENT_GUARD_ORDER guard} (and
|
||||
* after the legacy {@code UnifiedCreditInterceptor}, default order 0), so {@code openProcess}
|
||||
* only fires for requests the guard has admitted. See {@link #ENTITLEMENT_GUARD_ORDER} for the
|
||||
* full ordering rationale.
|
||||
* The {@code PaygChargeInterceptor} runs after the {@link #ENTITLEMENT_GUARD_ORDER guard}, so
|
||||
* {@code openProcess} only fires for requests the guard has admitted. See {@link
|
||||
* #ENTITLEMENT_GUARD_ORDER} for the full ordering rationale.
|
||||
*/
|
||||
public static final int INTERCEPTOR_ORDER = 1000;
|
||||
|
||||
@@ -57,9 +54,7 @@ public class PaygWebMvcConfig implements WebMvcConfigurer {
|
||||
* short-circuits with its 402 before the charge interceptor ever runs. A blocked request
|
||||
* therefore never opens a process, materialises inputs, or writes a charge: a refused operation
|
||||
* must not bill, and running the guard first guarantees that structurally rather than by
|
||||
* compensating after the fact. Stays above the legacy {@code UnifiedCreditInterceptor} (default
|
||||
* order 0, only registered under the {@code legacy-credits} profile) so a legacy rejection
|
||||
* still wins.
|
||||
* compensating after the fact.
|
||||
*/
|
||||
public static final int ENTITLEMENT_GUARD_ORDER = 900;
|
||||
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
package stirling.software.saas.repository;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
|
||||
@Repository
|
||||
public interface TeamCreditRepository extends JpaRepository<TeamCredit, Long> {
|
||||
|
||||
/** Find team credits by team ID. */
|
||||
@Query("SELECT tc FROM TeamCredit tc WHERE tc.team.id = :teamId")
|
||||
Optional<TeamCredit> findByTeamId(@Param("teamId") Long teamId);
|
||||
|
||||
/**
|
||||
* Atomically consume credits from the team pool. Uses the {@code @Version} column on {@link
|
||||
* TeamCredit} for optimistic locking - concurrent attempts will fail-fast rather than
|
||||
* over-deduct. Returns 1 on success, 0 if insufficient balance or version conflict.
|
||||
*/
|
||||
@Modifying
|
||||
@Query(
|
||||
value =
|
||||
"""
|
||||
UPDATE team_credits
|
||||
SET cycle_credits_remaining = CASE
|
||||
WHEN cycle_credits_remaining >= :amount THEN cycle_credits_remaining - :amount
|
||||
WHEN cycle_credits_remaining > 0 AND bought_credits_remaining >= (:amount - cycle_credits_remaining)
|
||||
THEN 0
|
||||
ELSE cycle_credits_remaining
|
||||
END,
|
||||
bought_credits_remaining = CASE
|
||||
WHEN cycle_credits_remaining >= :amount THEN bought_credits_remaining
|
||||
WHEN cycle_credits_remaining > 0 AND bought_credits_remaining >= (:amount - cycle_credits_remaining)
|
||||
THEN bought_credits_remaining - (:amount - cycle_credits_remaining)
|
||||
WHEN cycle_credits_remaining = 0 AND bought_credits_remaining >= :amount
|
||||
THEN bought_credits_remaining - :amount
|
||||
ELSE bought_credits_remaining
|
||||
END,
|
||||
total_api_calls_made = total_api_calls_made + :amount,
|
||||
last_api_usage = CURRENT_TIMESTAMP,
|
||||
updated_at = CURRENT_TIMESTAMP,
|
||||
version = version + 1
|
||||
WHERE team_id = :teamId
|
||||
AND (cycle_credits_remaining + bought_credits_remaining) >= :amount
|
||||
""",
|
||||
nativeQuery = true)
|
||||
int consumeCredit(@Param("teamId") Long teamId, @Param("amount") int amount);
|
||||
|
||||
@Query(
|
||||
"SELECT CASE WHEN COUNT(tc) > 0 THEN true ELSE false END FROM TeamCredit tc WHERE tc.team.id = :teamId")
|
||||
boolean existsByTeamId(@Param("teamId") Long teamId);
|
||||
|
||||
@Modifying
|
||||
@Query("DELETE FROM TeamCredit tc WHERE tc.team.id = :teamId")
|
||||
void deleteByTeamId(@Param("teamId") Long teamId);
|
||||
|
||||
@Query(
|
||||
"SELECT tc FROM TeamCredit tc WHERE tc.lastCycleResetAt IS NULL OR tc.lastCycleResetAt < :lastScheduledReset")
|
||||
List<TeamCredit> findCreditsNeedingCycleReset(
|
||||
@Param("lastScheduledReset") LocalDateTime lastScheduledReset);
|
||||
}
|
||||
@@ -1,148 +0,0 @@
|
||||
package stirling.software.saas.repository;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.data.jpa.repository.Modifying;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.query.Param;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.UserCredit;
|
||||
|
||||
/**
|
||||
* JPA repository for {@link UserCredit}. Includes JPQL queries for the common read paths and native
|
||||
* SQL for atomic credit-consumption updates (avoids select-then-update races).
|
||||
*
|
||||
* <p>Native queries reference {@code user_credits} and {@code users} unqualified — they pick up
|
||||
* Hibernate's {@code default_schema} (set to {@code stirling_pdf} in {@code
|
||||
* application-saas.properties}). Keeping the schema out of the SQL means a future schema rename is
|
||||
* a one-property change instead of a sweep of native SQL.
|
||||
*/
|
||||
@Repository
|
||||
public interface UserCreditRepository extends JpaRepository<UserCredit, Long> {
|
||||
|
||||
Optional<UserCredit> findByUser(User user);
|
||||
|
||||
Optional<UserCredit> findByUserId(Long userId);
|
||||
|
||||
@Query(
|
||||
"SELECT uc FROM UserCredit uc WHERE uc.lastCycleResetAt IS NULL OR uc.lastCycleResetAt < :lastScheduledReset")
|
||||
List<UserCredit> findCreditsNeedingCycleReset(
|
||||
@Param("lastScheduledReset") LocalDateTime lastScheduledReset);
|
||||
|
||||
@Query("SELECT SUM(uc.totalApiCallsMade) FROM UserCredit uc")
|
||||
Long getTotalApiCallsAcrossAllUsers();
|
||||
|
||||
@Query("SELECT SUM(uc.cycleCreditsRemaining + uc.boughtCreditsRemaining) FROM UserCredit uc")
|
||||
Long getTotalAvailableCreditsAcrossAllUsers();
|
||||
|
||||
@Query("SELECT uc FROM UserCredit uc WHERE uc.user.apiKey = :apiKey")
|
||||
Optional<UserCredit> findByUserApiKey(@Param("apiKey") String apiKey);
|
||||
|
||||
@Query("SELECT uc FROM UserCredit uc WHERE uc.user.supabaseId = :supabaseId")
|
||||
Optional<UserCredit> findBySupabaseId(@Param("supabaseId") UUID supabaseId);
|
||||
|
||||
@Query("SELECT COUNT(uc) FROM UserCredit uc WHERE uc.lastApiUsage >= :since")
|
||||
Long countActiveUsersInPeriod(@Param("since") LocalDateTime since);
|
||||
|
||||
@Modifying
|
||||
@Query(
|
||||
value =
|
||||
"UPDATE user_credits "
|
||||
+ "SET "
|
||||
+ " cycle_credits_remaining = "
|
||||
+ " CASE "
|
||||
+ " WHEN cycle_credits_remaining >= :creditAmount THEN cycle_credits_remaining - :creditAmount "
|
||||
+ " ELSE 0 "
|
||||
+ " END, "
|
||||
+ " bought_credits_remaining = "
|
||||
+ " CASE "
|
||||
+ " WHEN cycle_credits_remaining < :creditAmount "
|
||||
+ " THEN GREATEST(0, bought_credits_remaining - (:creditAmount - cycle_credits_remaining)) "
|
||||
+ " ELSE bought_credits_remaining "
|
||||
+ " END, "
|
||||
+ " total_api_calls_made = total_api_calls_made + 1, "
|
||||
+ " last_api_usage = now() "
|
||||
+ "WHERE user_id = (SELECT user_id FROM users WHERE api_key = :apiKey) "
|
||||
+ " AND (cycle_credits_remaining + bought_credits_remaining >= :creditAmount)",
|
||||
nativeQuery = true)
|
||||
int consumeCredit(@Param("apiKey") String apiKey, @Param("creditAmount") int creditAmount);
|
||||
|
||||
@Modifying
|
||||
@Query(
|
||||
value =
|
||||
"UPDATE user_credits "
|
||||
+ "SET "
|
||||
+ " cycle_credits_remaining = "
|
||||
+ " CASE "
|
||||
+ " WHEN cycle_credits_remaining >= :creditAmount THEN cycle_credits_remaining - :creditAmount "
|
||||
+ " ELSE 0 "
|
||||
+ " END, "
|
||||
+ " bought_credits_remaining = "
|
||||
+ " CASE "
|
||||
+ " WHEN cycle_credits_remaining < :creditAmount "
|
||||
+ " THEN GREATEST(0, bought_credits_remaining - (:creditAmount - cycle_credits_remaining)) "
|
||||
+ " ELSE bought_credits_remaining "
|
||||
+ " END, "
|
||||
+ " total_api_calls_made = total_api_calls_made + 1, "
|
||||
+ " last_api_usage = now() "
|
||||
+ "WHERE user_id = (SELECT u.user_id FROM users u WHERE u.supabase_auth_id = :supabaseId) "
|
||||
+ " AND (cycle_credits_remaining + bought_credits_remaining >= :creditAmount)",
|
||||
nativeQuery = true)
|
||||
int consumeCreditBySupabaseId(
|
||||
@Param("supabaseId") UUID supabaseId, @Param("creditAmount") int creditAmount);
|
||||
|
||||
/**
|
||||
* Consumes ONLY cycle credits (does not touch bought credits). Used in explicit waterfall
|
||||
* logic.
|
||||
*/
|
||||
@Modifying
|
||||
@Query(
|
||||
value =
|
||||
"UPDATE user_credits "
|
||||
+ "SET "
|
||||
+ " cycle_credits_remaining = cycle_credits_remaining - :amount, "
|
||||
+ " total_api_calls_made = total_api_calls_made + 1, "
|
||||
+ " last_api_usage = now() "
|
||||
+ "WHERE user_id = (SELECT u.user_id FROM users u WHERE u.supabase_auth_id = :supabaseId) "
|
||||
+ " AND cycle_credits_remaining >= :amount",
|
||||
nativeQuery = true)
|
||||
int consumeCycleCredits(@Param("supabaseId") UUID supabaseId, @Param("amount") int amount);
|
||||
|
||||
/** Consumes ONLY bought credits (does not touch cycle credits). */
|
||||
@Modifying
|
||||
@Query(
|
||||
value =
|
||||
"UPDATE user_credits "
|
||||
+ "SET "
|
||||
+ " bought_credits_remaining = bought_credits_remaining - :amount, "
|
||||
+ " total_api_calls_made = total_api_calls_made + 1, "
|
||||
+ " last_api_usage = now() "
|
||||
+ "WHERE user_id = (SELECT u.user_id FROM users u WHERE u.supabase_auth_id = :supabaseId) "
|
||||
+ " AND bought_credits_remaining >= :amount",
|
||||
nativeQuery = true)
|
||||
int consumeBoughtCredits(@Param("supabaseId") UUID supabaseId, @Param("amount") int amount);
|
||||
|
||||
/** Checks if user has sufficient cycle credits (does NOT consume them). */
|
||||
@Query(
|
||||
value =
|
||||
"SELECT CASE WHEN uc.cycle_credits_remaining >= :amount THEN TRUE ELSE FALSE END "
|
||||
+ "FROM user_credits uc "
|
||||
+ "WHERE uc.user_id = (SELECT u.user_id FROM users u WHERE u.supabase_auth_id = :supabaseId)",
|
||||
nativeQuery = true)
|
||||
Boolean hasCycleCredits(@Param("supabaseId") UUID supabaseId, @Param("amount") int amount);
|
||||
|
||||
/** Checks if user has sufficient bought credits (does NOT consume them). */
|
||||
@Query(
|
||||
value =
|
||||
"SELECT CASE WHEN uc.bought_credits_remaining >= :amount THEN TRUE ELSE FALSE END "
|
||||
+ "FROM user_credits uc "
|
||||
+ "WHERE uc.user_id = (SELECT u.user_id FROM users u WHERE u.supabase_auth_id = :supabaseId)",
|
||||
nativeQuery = true)
|
||||
Boolean hasBoughtCredits(@Param("supabaseId") UUID supabaseId, @Param("amount") int amount);
|
||||
}
|
||||
-13
@@ -63,7 +63,6 @@ public class SupabaseAuthenticationFilter extends OncePerRequestFilter {
|
||||
private final TeamService teamService;
|
||||
private final UserService userService;
|
||||
private final SupabaseUserService supabaseUserService;
|
||||
private final stirling.software.saas.service.CreditService creditService;
|
||||
private final SaasTeamService saasTeamService;
|
||||
private final JwtDecoder jwtDecoder;
|
||||
private final AuthenticationEntryPoint authenticationEntryPoint =
|
||||
@@ -73,13 +72,11 @@ public class SupabaseAuthenticationFilter extends OncePerRequestFilter {
|
||||
TeamService teamService,
|
||||
UserService userService,
|
||||
SupabaseUserService supabaseUserService,
|
||||
stirling.software.saas.service.CreditService creditService,
|
||||
SaasTeamService saasTeamService,
|
||||
JwtDecoder jwtDecoder) {
|
||||
this.teamService = teamService;
|
||||
this.userService = userService;
|
||||
this.supabaseUserService = supabaseUserService;
|
||||
this.creditService = creditService;
|
||||
this.saasTeamService = saasTeamService;
|
||||
this.jwtDecoder = jwtDecoder;
|
||||
}
|
||||
@@ -381,16 +378,6 @@ public class SupabaseAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
// Only the DB-race winner runs first-time init; the losers skip it.
|
||||
if (weCreatedThisUser) {
|
||||
try {
|
||||
creditService.getOrCreateUserCredits(savedUser);
|
||||
} catch (Exception e) {
|
||||
log.warn(
|
||||
"Failed to initialize credits for new user {} ({}): {}",
|
||||
LogRedactionUtils.redactSupabaseId(supabaseId),
|
||||
LogRedactionUtils.redactEmail(savedUser.getUsername()),
|
||||
e.getMessage());
|
||||
}
|
||||
|
||||
try {
|
||||
saasTeamService.createPersonalTeam(savedUser);
|
||||
savedUser = userService.findBySupabaseId(supabaseId).orElse(savedUser);
|
||||
|
||||
@@ -49,7 +49,6 @@ import stirling.software.common.util.RequestUriUtils;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.proprietary.security.service.TeamService;
|
||||
import stirling.software.proprietary.security.service.UserService;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.SaasTeamService;
|
||||
import stirling.software.saas.service.SupabaseUserService;
|
||||
|
||||
@@ -66,7 +65,6 @@ public class SupabaseSecurityConfig {
|
||||
private final UserService userService;
|
||||
private final TeamService teamService;
|
||||
private final SupabaseUserService supabaseUserService;
|
||||
private final CreditService creditService;
|
||||
private final SaasTeamService saasTeamService;
|
||||
private final ApplicationProperties applicationProperties;
|
||||
|
||||
@@ -121,7 +119,6 @@ public class SupabaseSecurityConfig {
|
||||
teamService,
|
||||
userService,
|
||||
supabaseUserService,
|
||||
creditService,
|
||||
saasTeamService,
|
||||
jwtDecoder),
|
||||
BearerTokenAuthenticationFilter.class)
|
||||
@@ -300,7 +297,7 @@ public class SupabaseSecurityConfig {
|
||||
"Accept",
|
||||
"Origin",
|
||||
"X-API-KEY"));
|
||||
cfg.setExposedHeaders(List.of("WWW-Authenticate", "X-Credits-Remaining"));
|
||||
cfg.setExposedHeaders(List.of("WWW-Authenticate"));
|
||||
cfg.setAllowCredentials(true);
|
||||
cfg.setMaxAge(3600L);
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
package stirling.software.saas.service;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.time.ZoneId;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.scheduling.annotation.Scheduled;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
|
||||
@Service
|
||||
@Profile("saas")
|
||||
@Slf4j
|
||||
@RequiredArgsConstructor
|
||||
public class CreditResetScheduler {
|
||||
|
||||
private final CreditService creditService;
|
||||
private final CreditsProperties creditsProperties;
|
||||
|
||||
/**
|
||||
* Reset cycle credits for all users and teams on the 1st of each month at 2 AM UTC This runs
|
||||
* monthly, resetting credits based on user roles and team seats
|
||||
*/
|
||||
@Scheduled(cron = "${credits.reset.cron:0 0 2 1 * *}", zone = "${credits.reset.zone:UTC}")
|
||||
public void resetCycleCredits() {
|
||||
log.info(
|
||||
"Starting monthly credit reset for all users and teams (schedule: {}, zone: {})",
|
||||
creditsProperties.getReset().getCron(),
|
||||
creditsProperties.getReset().getZone());
|
||||
|
||||
try {
|
||||
ZoneId configuredZone = ZoneId.of(creditsProperties.getReset().getZone());
|
||||
LocalDateTime resetTime = LocalDateTime.now(configuredZone);
|
||||
creditService.resetCycleCreditsForAllUsers(resetTime);
|
||||
creditService.resetCycleCreditsForAllTeams(resetTime);
|
||||
log.info("Monthly credit reset completed successfully at {}", resetTime);
|
||||
} catch (Exception e) {
|
||||
log.error("Error during monthly credit reset", e);
|
||||
}
|
||||
}
|
||||
|
||||
// NOTE: The startup catch-up reset (formerly @EventListener(ApplicationReadyEvent)) was
|
||||
// removed. It bulk-looped every user on each boot (per-row save), hammering the DB and
|
||||
// stalling boot on large user tables. Per-user cycle resets already happen lazily in
|
||||
// CreditService.getOrCreateUserCredits (isCycleResetDue), and the monthly cron above still
|
||||
// performs the scheduled reset.
|
||||
|
||||
/**
|
||||
* Cleanup and maintenance task; runs daily at 3 AM UTC. Performs maintenance tasks like
|
||||
* cleaning up old data.
|
||||
*/
|
||||
@Scheduled(cron = "0 0 3 * * *", zone = "UTC")
|
||||
public void performDailyMaintenance() {
|
||||
log.debug("Starting daily credit system maintenance");
|
||||
|
||||
try {
|
||||
// API call history cleanup is no longer needed; audit system handles this
|
||||
log.debug("Daily credit system maintenance completed");
|
||||
} catch (Exception e) {
|
||||
log.error("Error during daily credit system maintenance", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -2,7 +2,6 @@ package stirling.software.saas.service;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
@@ -21,16 +20,12 @@ import stirling.software.proprietary.security.database.repository.UserRepository
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.proprietary.security.repository.TeamRepository;
|
||||
import stirling.software.saas.billing.repository.BillingSubscriptionRepository;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.config.SupabaseConfigurationProperties;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.TeamInvitation;
|
||||
import stirling.software.saas.model.TeamMembership;
|
||||
import stirling.software.saas.repository.SaasTeamExtensionsRepository;
|
||||
import stirling.software.saas.repository.TeamCreditRepository;
|
||||
import stirling.software.saas.repository.TeamInvitationRepository;
|
||||
import stirling.software.saas.repository.TeamMembershipRepository;
|
||||
import stirling.software.saas.repository.UserCreditRepository;
|
||||
|
||||
/** SaaS-only team management: invitations, personal teams, seat caps, paid-subscription gating. */
|
||||
@Service
|
||||
@@ -43,11 +38,7 @@ public class SaasTeamService {
|
||||
private final TeamMembershipRepository membershipRepository;
|
||||
private final TeamInvitationRepository invitationRepository;
|
||||
private final UserRepository userRepository;
|
||||
private final UserCreditRepository userCreditRepository;
|
||||
private final BillingSubscriptionRepository billingSubscriptionRepository;
|
||||
private final TeamCreditService teamCreditService;
|
||||
private final TeamCreditRepository teamCreditRepository;
|
||||
private final CreditsProperties creditsProperties;
|
||||
private final RestTemplate restTemplate;
|
||||
private final RateLimitService rateLimitService;
|
||||
private final SupabaseConfigurationProperties supabaseConfig;
|
||||
@@ -100,9 +91,6 @@ public class SaasTeamService {
|
||||
user.setTeam(savedTeam);
|
||||
userRepository.save(user);
|
||||
|
||||
// Initialize team credits
|
||||
teamCreditService.initializeTeamCredits(savedTeam, user);
|
||||
|
||||
// Clean up old Default/Internal team membership
|
||||
if (oldTeam != null
|
||||
&& (DEFAULT_TEAM_NAME.equals(oldTeam.getName())
|
||||
@@ -783,64 +771,6 @@ public class SaasTeamService {
|
||||
|
||||
teamRepository.save(team);
|
||||
|
||||
Optional<TeamCredit> creditOpt = teamCreditRepository.findByTeamId(teamId);
|
||||
|
||||
int fixedAllocation =
|
||||
creditsProperties.getCycle().getAllocations().getOrDefault("ROLE_PRO_USER", 500);
|
||||
|
||||
if (creditOpt.isPresent()) {
|
||||
TeamCredit credit = creditOpt.get();
|
||||
|
||||
int oldAllocation =
|
||||
credit.getCycleCreditsAllocated() != null
|
||||
? credit.getCycleCreditsAllocated()
|
||||
: 0;
|
||||
|
||||
if (oldAllocation != fixedAllocation) {
|
||||
int currentRemaining =
|
||||
credit.getCycleCreditsRemaining() != null
|
||||
? credit.getCycleCreditsRemaining()
|
||||
: 0;
|
||||
int allocationDifference = fixedAllocation - oldAllocation;
|
||||
|
||||
credit.setCycleCreditsAllocated(fixedAllocation);
|
||||
|
||||
int newRemaining = Math.max(0, currentRemaining + allocationDifference);
|
||||
credit.setCycleCreditsRemaining(newRemaining);
|
||||
|
||||
teamCreditRepository.save(credit);
|
||||
|
||||
log.info(
|
||||
"Updated team {} credit allocation: {} -> {} (fixed PRO amount). Remaining: {} -> {}",
|
||||
teamId,
|
||||
oldAllocation,
|
||||
fixedAllocation,
|
||||
currentRemaining,
|
||||
newRemaining);
|
||||
} else {
|
||||
log.debug(
|
||||
"Team {} already has fixed allocation of {} credits, no update needed",
|
||||
teamId,
|
||||
fixedAllocation);
|
||||
}
|
||||
} else {
|
||||
log.warn("Team {} missing credit record; creating with fixed allocation", teamId);
|
||||
TeamCredit credit = new TeamCredit(team);
|
||||
|
||||
credit.setCycleCreditsAllocated(fixedAllocation);
|
||||
credit.setCycleCreditsRemaining(fixedAllocation);
|
||||
credit.setBoughtCreditsRemaining(0);
|
||||
credit.setTotalBoughtCredits(0);
|
||||
credit.setTotalApiCallsMade(0L);
|
||||
credit.setLastCycleResetAt(LocalDateTime.now());
|
||||
teamCreditRepository.save(credit);
|
||||
|
||||
log.info(
|
||||
"Created team_credits record for team {} with {} fixed credits (unlimited seats model)",
|
||||
teamId,
|
||||
fixedAllocation);
|
||||
}
|
||||
|
||||
log.info(
|
||||
"Team {} seat allocation updated: maxSeats={}, seatsUsed={}, isPersonal={}",
|
||||
teamId,
|
||||
|
||||
@@ -1,279 +0,0 @@
|
||||
package stirling.software.saas.service;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.common.model.enumeration.TeamRole;
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.billing.service.StripeUsageReportingService;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.TeamMembership;
|
||||
import stirling.software.saas.repository.TeamCreditRepository;
|
||||
import stirling.software.saas.repository.TeamMembershipRepository;
|
||||
|
||||
/**
|
||||
* Service for managing team credit pools. Handles credit initialization, consumption, and cycle
|
||||
* resets for teams.
|
||||
*/
|
||||
@Service
|
||||
@Profile("saas")
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
public class TeamCreditService {
|
||||
|
||||
private final TeamCreditRepository teamCreditRepository;
|
||||
private final TeamMembershipRepository membershipRepository;
|
||||
private final CreditsProperties creditsProperties;
|
||||
private final StripeUsageReportingService stripeUsageReportingService;
|
||||
private final SaasUserExtensionService saasUserExtensionService;
|
||||
|
||||
/** Initialise a fixed PRO credit allocation for a new team. */
|
||||
@Transactional
|
||||
public TeamCredit initializeTeamCredits(Team team, User primaryUser) {
|
||||
Optional<TeamCredit> existing = teamCreditRepository.findByTeamId(team.getId());
|
||||
if (existing.isPresent()) {
|
||||
log.debug("Team credits already exist for team {}", team.getId());
|
||||
return existing.get();
|
||||
}
|
||||
|
||||
TeamCredit credits = new TeamCredit(team);
|
||||
|
||||
// Fixed PRO allocation; seat-independent.
|
||||
int proAllocation =
|
||||
creditsProperties.getCycle().getAllocations().getOrDefault("ROLE_PRO_USER", 500);
|
||||
int totalCycleAllocation = proAllocation;
|
||||
|
||||
credits.setCycleCreditsAllocated(totalCycleAllocation);
|
||||
credits.setCycleCreditsRemaining(totalCycleAllocation);
|
||||
credits.setLastCycleResetAt(LocalDateTime.now());
|
||||
|
||||
TeamCredit saved = teamCreditRepository.save(credits);
|
||||
log.info(
|
||||
"Initialized team credits for team {} with {} cycle credits (fixed PRO amount)",
|
||||
team.getId(),
|
||||
totalCycleAllocation);
|
||||
return saved;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if team has credits available
|
||||
*
|
||||
* @param teamId the team ID
|
||||
* @return true if team has credits available
|
||||
*/
|
||||
public boolean hasCreditsAvailable(Long teamId) {
|
||||
return teamCreditRepository
|
||||
.findByTeamId(teamId)
|
||||
.map(TeamCredit::hasCreditsAvailable)
|
||||
.orElse(false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Atomically consume credits from team pool
|
||||
*
|
||||
* @param teamId the team ID
|
||||
* @param amount number of credits to consume
|
||||
* @return true if credits were consumed, false if insufficient credits or version conflict
|
||||
*/
|
||||
@Transactional
|
||||
public boolean consumeCredit(Long teamId, int amount) {
|
||||
int rowsUpdated = teamCreditRepository.consumeCredit(teamId, amount);
|
||||
if (rowsUpdated == 0) {
|
||||
log.warn(
|
||||
"Failed to consume {} credits for team {} (insufficient credits or version conflict)",
|
||||
amount,
|
||||
teamId);
|
||||
return false;
|
||||
}
|
||||
log.debug("Consumed {} credits for team {}", amount, teamId);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get team credit summary for a user's team.
|
||||
*
|
||||
* @param user the user
|
||||
* @return Optional of TeamCredit for the user's team
|
||||
*/
|
||||
public Optional<TeamCredit> getCreditSummaryForUser(User user) {
|
||||
if (user.getTeam() == null) {
|
||||
log.warn("User {} has no team assigned", user.getId());
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
Long teamId = user.getTeam().getId();
|
||||
log.debug("Using user's team {} for credit summary", teamId);
|
||||
return teamCreditRepository.findByTeamId(teamId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get team credits by team ID
|
||||
*
|
||||
* @param teamId the team ID
|
||||
* @return Optional of TeamCredit
|
||||
*/
|
||||
public Optional<TeamCredit> getTeamCredits(Long teamId) {
|
||||
return teamCreditRepository.findByTeamId(teamId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add bought credits to team pool
|
||||
*
|
||||
* @param teamId the team ID
|
||||
* @param credits number of credits to add
|
||||
*/
|
||||
@Transactional
|
||||
public void addBoughtCredits(Long teamId, int credits) {
|
||||
TeamCredit teamCredit =
|
||||
teamCreditRepository
|
||||
.findByTeamId(teamId)
|
||||
.orElseThrow(() -> new IllegalArgumentException("Team credits not found"));
|
||||
|
||||
teamCredit.addBoughtCredits(credits);
|
||||
teamCreditRepository.save(teamCredit);
|
||||
log.info("Added {} bought credits to team {}", credits, teamId);
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset cycle credits for team
|
||||
*
|
||||
* @param teamId the team ID
|
||||
* @param cycleAllocation new cycle allocation
|
||||
* @param resetTime reset timestamp
|
||||
*/
|
||||
@Transactional
|
||||
public void resetCycleCredits(Long teamId, int cycleAllocation, LocalDateTime resetTime) {
|
||||
TeamCredit teamCredit =
|
||||
teamCreditRepository
|
||||
.findByTeamId(teamId)
|
||||
.orElseThrow(() -> new IllegalArgumentException("Team credits not found"));
|
||||
|
||||
teamCredit.resetCycleCredits(cycleAllocation, resetTime);
|
||||
teamCreditRepository.save(teamCredit);
|
||||
log.info("Reset cycle credits for team {} to {}", teamId, cycleAllocation);
|
||||
}
|
||||
|
||||
/**
|
||||
* Consume from the team credit pool; falls through to the team leader's metered Stripe billing
|
||||
* when the pool is exhausted.
|
||||
*/
|
||||
@Transactional
|
||||
public CreditConsumptionResult consumeCreditWithWaterfall(Long teamId, int amount) {
|
||||
log.debug("[TEAM-CREDIT] Starting consumption for team {} - amount: {}", teamId, amount);
|
||||
|
||||
// Step 1: Try consuming from team credit pool
|
||||
int rowsUpdated = teamCreditRepository.consumeCredit(teamId, amount);
|
||||
if (rowsUpdated == 1) {
|
||||
log.info("[TEAM-CREDIT] Consumed {} credits from team {} pool", amount, teamId);
|
||||
return CreditConsumptionResult.success("TEAM_CREDITS");
|
||||
}
|
||||
|
||||
log.warn("[TEAM-CREDIT] Team {} credit pool exhausted; checking leader overage", teamId);
|
||||
|
||||
// Step 2: Get team leader
|
||||
Optional<User> leaderOpt = getTeamLeader(teamId);
|
||||
if (leaderOpt.isEmpty()) {
|
||||
log.error("[TEAM-CREDIT] Team {} has no leader; cannot use overage billing", teamId);
|
||||
return CreditConsumptionResult.failure("NO_TEAM_LEADER");
|
||||
}
|
||||
|
||||
User teamLeader = leaderOpt.get();
|
||||
|
||||
// Step 3: Check if team leader has metered billing enabled
|
||||
if (!saasUserExtensionService.isMeteredBillingEnabled(teamLeader)) {
|
||||
log.warn(
|
||||
"[TEAM-CREDIT] Team {} leader {} does not have metered billing enabled",
|
||||
teamId,
|
||||
teamLeader.getUsername());
|
||||
return CreditConsumptionResult.failure(
|
||||
"TEAM_CREDITS_EXHAUSTED_NO_OVERAGE",
|
||||
"Team credits exhausted. Team leader must enable overage billing for"
|
||||
+ " uninterrupted service.");
|
||||
}
|
||||
|
||||
// Step 4: Report overage to Stripe via team leader's metered billing
|
||||
String leaderSupabaseId =
|
||||
teamLeader.getSupabaseId() != null ? teamLeader.getSupabaseId().toString() : null;
|
||||
|
||||
if (leaderSupabaseId == null) {
|
||||
log.error("[TEAM-CREDIT] Team leader {} has no Supabase ID", teamLeader.getUsername());
|
||||
return CreditConsumptionResult.failure("LEADER_NO_SUPABASE_ID");
|
||||
}
|
||||
|
||||
try {
|
||||
String operationId = org.slf4j.MDC.get("requestId");
|
||||
if (operationId == null || operationId.isBlank()) {
|
||||
operationId = java.util.UUID.randomUUID().toString();
|
||||
}
|
||||
String idempotencyKey =
|
||||
stripeUsageReportingService.generateIdempotencyKey(
|
||||
leaderSupabaseId, amount, operationId);
|
||||
|
||||
log.info(
|
||||
"[TEAM-CREDIT] Reporting {} overage credits to Stripe for team {} leader {}",
|
||||
amount,
|
||||
teamId,
|
||||
teamLeader.getUsername());
|
||||
|
||||
boolean reported =
|
||||
stripeUsageReportingService.reportUsageToStripe(
|
||||
leaderSupabaseId, amount, idempotencyKey);
|
||||
|
||||
if (reported) {
|
||||
log.info(
|
||||
"[TEAM-CREDIT] Successfully reported {} overage credits for team {} via"
|
||||
+ " leader {}",
|
||||
amount,
|
||||
teamId,
|
||||
teamLeader.getUsername());
|
||||
return CreditConsumptionResult.success("TEAM_LEADER_METERED");
|
||||
} else {
|
||||
log.error("[TEAM-CREDIT] Failed to report overage to Stripe for team {}", teamId);
|
||||
return CreditConsumptionResult.failure(
|
||||
"STRIPE_REPORTING_FAILED",
|
||||
"Unable to report usage to Stripe. Please try again.");
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.error(
|
||||
"[TEAM-CREDIT] Exception reporting overage for team {}: {}",
|
||||
teamId,
|
||||
e.getMessage(),
|
||||
e);
|
||||
return CreditConsumptionResult.failure(
|
||||
"STRIPE_REPORTING_ERROR", "Error reporting usage: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/** Returns the team's LEADER (first one if multiple exist) for overage-billing routing. */
|
||||
private Optional<User> getTeamLeader(Long teamId) {
|
||||
List<TeamMembership> leaders =
|
||||
membershipRepository.findByTeamIdAndRole(teamId, TeamRole.LEADER);
|
||||
|
||||
if (leaders.isEmpty()) {
|
||||
log.warn("Team {} has no leaders", teamId);
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
// Return first leader (typically only one leader per team)
|
||||
TeamMembership leader = leaders.get(0);
|
||||
User leaderUser = leader.getUser();
|
||||
log.debug(
|
||||
"Found team {} leader: {} (user ID: {})",
|
||||
teamId,
|
||||
leaderUser.getUsername(),
|
||||
leaderUser.getId());
|
||||
|
||||
return Optional.of(leaderUser);
|
||||
}
|
||||
}
|
||||
@@ -12,10 +12,9 @@ import stirling.software.proprietary.security.database.repository.AuthorityRepos
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.Authority;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.util.LogRedactionUtils;
|
||||
|
||||
/** Changes user roles and refreshes their credit allocation. */
|
||||
/** Changes user roles (and the matching authority grant/revoke). */
|
||||
@Service
|
||||
@Profile("saas")
|
||||
@RequiredArgsConstructor
|
||||
@@ -24,8 +23,6 @@ public class UserRoleService {
|
||||
|
||||
private final UserRepository userRepository;
|
||||
private final AuthorityRepository authorityRepository;
|
||||
private final CreditService creditService;
|
||||
private final CreditsProperties creditsProperties;
|
||||
|
||||
/**
|
||||
* Change a user's role
|
||||
@@ -58,7 +55,7 @@ public class UserRoleService {
|
||||
/**
|
||||
* Downgrade a user to FREE tier (ROLE_USER)
|
||||
*
|
||||
* <p>Changes role from PRO_USER to USER and resets cycle credit allocation to FREE tier.
|
||||
* <p>Revokes ROLE_PRO_USER by changing the role/authority from PRO_USER to USER.
|
||||
*
|
||||
* @param user the user to downgrade
|
||||
*/
|
||||
@@ -70,24 +67,15 @@ public class UserRoleService {
|
||||
|
||||
changeRole(user, Role.USER.getRoleId());
|
||||
|
||||
// Reset credits to FREE tier allocation
|
||||
int freeAllocation =
|
||||
creditsProperties
|
||||
.getCycle()
|
||||
.getAllocations()
|
||||
.getOrDefault(Role.USER.getRoleId(), 25);
|
||||
creditService.resetCycleAllocationForRoleChange(user.getId(), freeAllocation);
|
||||
|
||||
log.info(
|
||||
"Successfully downgraded user {} to FREE with {} cycle credits",
|
||||
LogRedactionUtils.redactEmail(user.getUsername()),
|
||||
freeAllocation);
|
||||
"Successfully downgraded user {} to FREE",
|
||||
LogRedactionUtils.redactEmail(user.getUsername()));
|
||||
}
|
||||
|
||||
/**
|
||||
* Upgrade a user to PRO tier (ROLE_PRO_USER)
|
||||
*
|
||||
* <p>Changes role from USER to PRO_USER and resets cycle credit allocation to PRO tier.
|
||||
* <p>Grants ROLE_PRO_USER by changing the role/authority from USER to PRO_USER.
|
||||
*
|
||||
* @param user the user to upgrade
|
||||
*/
|
||||
@@ -98,30 +86,8 @@ public class UserRoleService {
|
||||
|
||||
changeRole(user, Role.PRO_USER.getRoleId());
|
||||
|
||||
// Reset credits to PRO tier allocation
|
||||
int proAllocation =
|
||||
creditsProperties
|
||||
.getCycle()
|
||||
.getAllocations()
|
||||
.getOrDefault(Role.PRO_USER.getRoleId(), 100);
|
||||
creditService.resetCycleAllocationForRoleChange(user.getId(), proAllocation);
|
||||
|
||||
log.info(
|
||||
"Successfully upgraded user {} to PRO with {} cycle credits",
|
||||
LogRedactionUtils.redactEmail(user.getUsername()),
|
||||
proAllocation);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get credit allocation for a specific role
|
||||
*
|
||||
* @param roleId the role ID (e.g., "ROLE_USER", "ROLE_PRO_USER")
|
||||
* @return the cycle credit allocation for that role
|
||||
*/
|
||||
public int getCreditAllocationForRole(String roleId) {
|
||||
return creditsProperties
|
||||
.getCycle()
|
||||
.getAllocations()
|
||||
.getOrDefault(roleId, Role.USER.getRoleId().equals(roleId) ? 25 : 100);
|
||||
"Successfully upgraded user {} to PRO",
|
||||
LogRedactionUtils.redactEmail(user.getUsername()));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
package stirling.software.saas.util;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.UserCredit;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
|
||||
/**
|
||||
* Resolves the user's remaining credit balance. Uses the team pool for non-personal team members,
|
||||
* otherwise the user's individual credits (looked up by Supabase ID or API key).
|
||||
*/
|
||||
@Component
|
||||
@Profile("saas")
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
public class CreditHeaderUtils {
|
||||
|
||||
private final SaasTeamExtensionService saasTeamExtensionService;
|
||||
|
||||
/**
|
||||
* Get the remaining credits for a user, checking team credits first (non-personal teams only).
|
||||
*
|
||||
* @param user The user whose credits to check
|
||||
* @param creditService The credit service to fetch user credits
|
||||
* @param teamCreditService The team credit service to fetch team credits
|
||||
* @return The remaining credit balance, or -1 if credits cannot be determined
|
||||
*/
|
||||
public int getRemainingCredits(
|
||||
User user, CreditService creditService, TeamCreditService teamCreditService) {
|
||||
try {
|
||||
// Limited-API users always read personal credits.
|
||||
boolean isLimitedApiUser =
|
||||
user.getAuthorities().stream()
|
||||
.anyMatch(
|
||||
authority ->
|
||||
"ROLE_LIMITED_API_USER".equals(authority.getAuthority())
|
||||
|| "ROLE_EXTRA_LIMITED_API_USER"
|
||||
.equals(authority.getAuthority()));
|
||||
|
||||
Long targetTeamId = null;
|
||||
if (!isLimitedApiUser
|
||||
&& user.getTeam() != null
|
||||
&& !saasTeamExtensionService.isPersonal(user.getTeam())) {
|
||||
targetTeamId = user.getTeam().getId();
|
||||
}
|
||||
|
||||
if (targetTeamId != null) {
|
||||
return teamCreditService
|
||||
.getTeamCredits(targetTeamId)
|
||||
.map(TeamCredit::getTotalAvailableCredits)
|
||||
.orElse(-1);
|
||||
} else {
|
||||
log.debug(
|
||||
"[CREDIT-HEADER] Getting personal credits - SupabaseId: {}, ApiKey: {}, Username: {}",
|
||||
user.getSupabaseId(),
|
||||
user.getApiKey() != null ? "present" : "null",
|
||||
user.getUsername());
|
||||
|
||||
Optional<UserCredit> credits;
|
||||
if (user.getSupabaseId() != null) {
|
||||
credits =
|
||||
creditService.getUserCreditsBySupabaseId(
|
||||
user.getSupabaseId().toString());
|
||||
log.debug(
|
||||
"[CREDIT-HEADER] Looked up by SupabaseId - Found: {}",
|
||||
credits.isPresent());
|
||||
} else if (user.getApiKey() != null) {
|
||||
credits = creditService.getUserCreditsByApiKey(user.getApiKey());
|
||||
log.debug(
|
||||
"[CREDIT-HEADER] Looked up by ApiKey - Found: {}", credits.isPresent());
|
||||
} else {
|
||||
log.warn(
|
||||
"[CREDIT-HEADER] No SupabaseId or ApiKey for user: {}",
|
||||
user.getUsername());
|
||||
return -1;
|
||||
}
|
||||
|
||||
int remaining = credits.map(UserCredit::getTotalAvailableCredits).orElse(-1);
|
||||
log.debug("[CREDIT-HEADER] Returning credits: {}", remaining);
|
||||
return remaining;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.warn("[CREDIT-HEADER] Could not get remaining credits: {}", e.getMessage(), e);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
+9
-98
@@ -64,17 +64,13 @@ import stirling.software.saas.payg.charge.JobChargeService;
|
||||
import stirling.software.saas.payg.model.BillingCategory;
|
||||
import stirling.software.saas.payg.model.JobSource;
|
||||
import stirling.software.saas.payg.model.ProcessType;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
/**
|
||||
* Pure unit tests for {@link AiCreateController}. All collaborators are mocked; the controller's
|
||||
* handler methods are invoked directly and asserted via {@link ResponseEntity} / {@code verify}.
|
||||
*
|
||||
* <p>The controller reads {@code SecurityContextHolder} in the charge + credit-header paths, so
|
||||
* each relevant test seeds an authentication and {@link #clearSecurityContext()} resets it
|
||||
* afterwards.
|
||||
* <p>The controller reads {@code SecurityContextHolder} in the charge path, so each relevant test
|
||||
* seeds an authentication and {@link #clearSecurityContext()} resets it afterwards.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
@@ -82,10 +78,7 @@ class AiCreateControllerTest {
|
||||
|
||||
@Mock private AiCreateSessionService sessionService;
|
||||
@Mock private AiCreateProxyService proxyService;
|
||||
@Mock private CreditService creditService;
|
||||
@Mock private TeamCreditService teamCreditService;
|
||||
@Mock private UserRepository userRepository;
|
||||
@Mock private CreditHeaderUtils creditHeaderUtils;
|
||||
@Mock private JobChargeService jobChargeService;
|
||||
|
||||
private AiCreateController controller;
|
||||
@@ -94,13 +87,7 @@ class AiCreateControllerTest {
|
||||
void setUp() {
|
||||
controller =
|
||||
new AiCreateController(
|
||||
sessionService,
|
||||
proxyService,
|
||||
creditService,
|
||||
teamCreditService,
|
||||
userRepository,
|
||||
creditHeaderUtils,
|
||||
jobChargeService);
|
||||
sessionService, proxyService, userRepository, jobChargeService);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
@@ -729,8 +716,6 @@ class AiCreateControllerTest {
|
||||
// Ownership guard runs before the proxy.
|
||||
verify(sessionService).getSessionForCurrentUser("sess-1");
|
||||
assertThat(drain(resp.getBody())).isEqualTo("section data");
|
||||
// No credit header on the non-AI-triggering endpoint.
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -761,7 +746,7 @@ class AiCreateControllerTest {
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
// stream (proxy, accept event-stream + credit header)
|
||||
// stream (proxy, accept event-stream)
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@@ -769,13 +754,9 @@ class AiCreateControllerTest {
|
||||
class Stream {
|
||||
|
||||
@Test
|
||||
@DisplayName("proxies GET as event-stream and adds X-Credits-Remaining for authed user")
|
||||
void stream_addsCreditHeader() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(42);
|
||||
|
||||
@DisplayName(
|
||||
"checks ownership, proxies GET as event-stream, defaults Content-Type, and streams")
|
||||
void stream_proxiesEventStreamAndStreams() throws Exception {
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
HttpResponse<InputStream> upstream =
|
||||
upstreamResponse(200, "data: hi\n\n", httpHeaders(Map.of()));
|
||||
@@ -789,80 +770,11 @@ class AiCreateControllerTest {
|
||||
// No upstream Content-Type → defaulted to text/event-stream.
|
||||
assertThat(resp.getHeaders().getFirst(HttpHeaders.CONTENT_TYPE))
|
||||
.isEqualTo(MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("42");
|
||||
// Ownership guard runs before the proxy.
|
||||
verify(sessionService).getSessionForCurrentUser("sess-1");
|
||||
assertThat(drain(resp.getBody())).isEqualTo("data: hi\n\n");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("negative remaining credits suppresses the credit header")
|
||||
void stream_negativeCredits_omitsHeader() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(-1);
|
||||
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
HttpResponse<InputStream> upstream = upstreamResponse(200, "x", httpHeaders(Map.of()));
|
||||
when(proxyService.forward(any(), any(), any(), eq(true))).thenReturn(upstream);
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.stream("sess-1", req);
|
||||
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("zero remaining credits still emits the header (>= 0 boundary)")
|
||||
void stream_zeroCredits_emitsHeader() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(0);
|
||||
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
HttpResponse<InputStream> upstream = upstreamResponse(200, "x", httpHeaders(Map.of()));
|
||||
when(proxyService.forward(any(), any(), any(), eq(true))).thenReturn(upstream);
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.stream("sess-1", req);
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("0");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("unauthenticated context: stream still proxies, no credit header, no NPE")
|
||||
void stream_noAuth_omitsCreditHeader() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
HttpResponse<InputStream> upstream = upstreamResponse(200, "x", httpHeaders(Map.of()));
|
||||
when(proxyService.forward(any(), any(), any(), eq(true))).thenReturn(upstream);
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.stream("sess-1", req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("credit-header lookup blowing up does not break the stream response")
|
||||
void stream_creditLookupThrows_stillStreams() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(any(), any(), any()))
|
||||
.thenThrow(new RuntimeException("boom"));
|
||||
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
HttpResponse<InputStream> upstream =
|
||||
upstreamResponse(200, "payload", httpHeaders(Map.of()));
|
||||
when(proxyService.forward(any(), any(), any(), eq(true))).thenReturn(upstream);
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.stream("sess-1", req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
assertThat(drain(resp.getBody())).isEqualTo("payload");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("upstream non-2xx status is passed through; explicit Content-Type wins")
|
||||
void stream_upstreamStatusAndExplicitContentTypePassedThrough() throws Exception {
|
||||
@@ -904,7 +816,7 @@ class AiCreateControllerTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("ownership failure short-circuits before proxy/credit work")
|
||||
@DisplayName("ownership failure short-circuits before proxying")
|
||||
void stream_ownershipFailure_doesNotProxy() throws Exception {
|
||||
HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
when(sessionService.getSessionForCurrentUser("sess-1"))
|
||||
@@ -913,7 +825,6 @@ class AiCreateControllerTest {
|
||||
assertThatThrownBy(() -> controller.stream("sess-1", req))
|
||||
.isInstanceOf(ResponseStatusException.class);
|
||||
verify(proxyService, never()).forward(any(), any(), any(), anyBoolean());
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+50
-283
@@ -6,7 +6,6 @@ import static org.mockito.ArgumentMatchers.anyBoolean;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
@@ -17,7 +16,6 @@ import java.nio.charset.StandardCharsets;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -30,70 +28,41 @@ import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.ai.service.AiProxyService;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
/**
|
||||
* Pure unit tests for {@link AiProxyController}. Every collaborator is mocked; each handler is
|
||||
* invoked directly and asserted via {@link ResponseEntity} / {@code verify}.
|
||||
*
|
||||
* <p>All endpoints funnel through one private {@code proxy(method, path, request,
|
||||
* acceptEventStream, includeCreditsHeader)} helper, so the suite has two halves:
|
||||
* acceptEventStream)} helper, so the suite has two halves:
|
||||
*
|
||||
* <ol>
|
||||
* <li>per-endpoint tests that pin the exact {@code (method, path, acceptEventStream)} contract a
|
||||
* given handler forwards (the path-mapping surface), and
|
||||
* <li>behavioural tests around the single shared {@code proxy} body: header copy, status
|
||||
* resolution, the 503 error fallback, and the credit-header path keyed off {@code
|
||||
* includeCreditsHeader}.
|
||||
* resolution, and the 503 error fallback.
|
||||
* </ol>
|
||||
*
|
||||
* <p>The credit-header branch reads {@code SecurityContextHolder}, so the relevant tests seed an
|
||||
* authentication and {@link #clearSecurityContext()} resets it afterwards.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class AiProxyControllerTest {
|
||||
|
||||
@Mock private AiProxyService aiProxyService;
|
||||
@Mock private CreditService creditService;
|
||||
@Mock private TeamCreditService teamCreditService;
|
||||
@Mock private UserRepository userRepository;
|
||||
@Mock private CreditHeaderUtils creditHeaderUtils;
|
||||
|
||||
private AiProxyController controller;
|
||||
|
||||
@org.junit.jupiter.api.BeforeEach
|
||||
void setUp() {
|
||||
controller =
|
||||
new AiProxyController(
|
||||
aiProxyService,
|
||||
creditService,
|
||||
teamCreditService,
|
||||
userRepository,
|
||||
creditHeaderUtils);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void clearSecurityContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
controller = new AiProxyController(aiProxyService);
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
// Endpoint path/method mapping — each handler pins the exact upstream contract it forwards.
|
||||
// None of these endpoints request the credit header except chat/* and edit message; see the
|
||||
// dedicated credit-header section for those.
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@@ -101,7 +70,7 @@ class AiProxyControllerTest {
|
||||
class EndpointMapping {
|
||||
|
||||
@Test
|
||||
@DisplayName("generateSection POSTs to /api/generate_section, non-stream, no credit header")
|
||||
@DisplayName("generateSection POSTs to /api/generate_section, non-stream")
|
||||
void generateSection() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/generate_section", req, false, ok("body"));
|
||||
@@ -110,7 +79,6 @@ class AiProxyControllerTest {
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
verify(aiProxyService).forward("POST", "/api/generate_section", req, false);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -135,6 +103,39 @@ class AiProxyControllerTest {
|
||||
verify(aiProxyService).forward("POST", "/api/intent/check", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("chatRoute POSTs to /api/chat/route")
|
||||
void chatRoute() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("body"));
|
||||
|
||||
controller.chatRoute(req);
|
||||
|
||||
verify(aiProxyService).forward("POST", "/api/chat/route", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("createSmartFolder POSTs to /api/chat/create-smart-folder")
|
||||
void createSmartFolder() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/create-smart-folder", req, false, ok("body"));
|
||||
|
||||
controller.createSmartFolder(req);
|
||||
|
||||
verify(aiProxyService).forward("POST", "/api/chat/create-smart-folder", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("chatInfo POSTs to /api/chat/info")
|
||||
void chatInfo() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/info", req, false, ok("body"));
|
||||
|
||||
controller.chatInfo(req);
|
||||
|
||||
verify(aiProxyService).forward("POST", "/api/chat/info", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("pdfAnswer POSTs to /api/pdf/answer")
|
||||
void pdfAnswer() throws Exception {
|
||||
@@ -212,6 +213,18 @@ class AiProxyControllerTest {
|
||||
verify(aiProxyService).forward("POST", "/api/edit/sessions", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("editSessionMessage POSTs /api/edit/sessions/{id}/messages")
|
||||
void editSessionMessage() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/edit/sessions/sess-9/messages", req, false, ok("body"));
|
||||
|
||||
controller.editSessionMessage("sess-9", req);
|
||||
|
||||
verify(aiProxyService)
|
||||
.forward("POST", "/api/edit/sessions/sess-9/messages", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("editSessionAttachment POSTs /api/edit/sessions/{id}/attachments")
|
||||
void editSessionAttachment() throws Exception {
|
||||
@@ -228,7 +241,7 @@ class AiProxyControllerTest {
|
||||
@DisplayName("runEditSession POSTs /api/edit/sessions/{id}/run as an event stream")
|
||||
void runEditSession() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
// acceptEventStream == true here (and no credit header).
|
||||
// acceptEventStream == true here.
|
||||
stubForward("POST", "/api/edit/sessions/sess-9/run", req, true, ok("data: x\n\n"));
|
||||
|
||||
controller.runEditSession("sess-9", req);
|
||||
@@ -505,234 +518,6 @@ class AiProxyControllerTest {
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);
|
||||
assertThat(drain(resp.getBody())).contains("AI backend unavailable");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("a credit-bearing endpoint failing in forward never reaches the credit path")
|
||||
void creditEndpointFailure_skipsCreditWork() throws Exception {
|
||||
HttpServletRequest req = req();
|
||||
authenticateWeb(userWithTeam(7L, 100L));
|
||||
when(aiProxyService.forward(any(), any(), any(), anyBoolean()))
|
||||
.thenThrow(new java.io.IOException("down"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.SERVICE_UNAVAILABLE);
|
||||
// The credit header is only added after a successful forward.
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
// Credit headers — only the chat/* and edit-message endpoints set includeCreditsHeader = true.
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName(
|
||||
"credit-header endpoints (chatRoute / createSmartFolder / chatInfo / editSessionMessage)")
|
||||
class CreditHeaders {
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"chatRoute POSTs /api/chat/route and adds X-Credits-Remaining for an authed user")
|
||||
void chatRoute_addsCreditHeaders() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(42);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("42");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("AI_TOOL_CALL");
|
||||
verify(aiProxyService).forward("POST", "/api/chat/route", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("createSmartFolder POSTs /api/chat/create-smart-folder with the credit header")
|
||||
void createSmartFolder_addsCreditHeaders() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(5);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/create-smart-folder", req, false, ok("folder"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.createSmartFolder(req);
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("5");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("AI_TOOL_CALL");
|
||||
verify(aiProxyService).forward("POST", "/api/chat/create-smart-folder", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("chatInfo POSTs /api/chat/info with the credit header")
|
||||
void chatInfo_addsCreditHeaders() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(3);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/info", req, false, ok("info"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatInfo(req);
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("3");
|
||||
verify(aiProxyService).forward("POST", "/api/chat/info", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"editSessionMessage POSTs /api/edit/sessions/{id}/messages with the credit header")
|
||||
void editSessionMessage_addsCreditHeaders() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(99);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/edit/sessions/sess-9/messages", req, false, ok("msg"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp =
|
||||
controller.editSessionMessage("sess-9", req);
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("99");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("AI_TOOL_CALL");
|
||||
verify(aiProxyService)
|
||||
.forward("POST", "/api/edit/sessions/sess-9/messages", req, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("zero remaining credits still emits the header (>= 0 boundary)")
|
||||
void zeroCredits_emitsHeader() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(0);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("0");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("AI_TOOL_CALL");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"negative remaining credits omits X-Credits-Remaining but still sets the source")
|
||||
void negativeCredits_omitsRemainingButKeepsSource() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(user, creditService, teamCreditService))
|
||||
.thenReturn(-1);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
// X-Credit-Source is set unconditionally once we reach the credit path.
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("AI_TOOL_CALL");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"no authentication: credit work is skipped, no credit headers, response still streams")
|
||||
void noAuth_skipsCreditHeaders() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
assertThat(drain(resp.getBody())).isEqualTo("reply");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("an unauthenticated token (isAuthenticated()==false) is treated as no-auth")
|
||||
void unauthenticatedToken_skipsCreditHeaders() throws Exception {
|
||||
// 2-arg ctor → isAuthenticated() == false, so the credit branch short-circuits.
|
||||
UsernamePasswordAuthenticationToken token =
|
||||
new UsernamePasswordAuthenticationToken("alice", "pw");
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("credit-header work blowing up is swallowed; the response still streams")
|
||||
void creditLookupThrows_stillStreams() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(any(), any(), any()))
|
||||
.thenThrow(new RuntimeException("boom"));
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("payload"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
// The catch in addCreditHeaders runs before X-Credit-Source is set, so neither lands.
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
assertThat(drain(resp.getBody())).isEqualTo("payload");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("resolving the current user failing is swallowed; the response still streams")
|
||||
void getCurrentUserThrows_stillStreams() throws Exception {
|
||||
// EnhancedJwtAuthenticationToken is the only auth type with a getCurrentUser DB lookup,
|
||||
// but a plain authed token whose principal is a User short-circuits there. To exercise
|
||||
// the swallow we make the downstream credit lookup throw (covered above); here we
|
||||
// assert
|
||||
// that a non-User principal that can't be resolved doesn't break the stream.
|
||||
UsernamePasswordAuthenticationToken token =
|
||||
new UsernamePasswordAuthenticationToken("alice", "pw", List.of());
|
||||
// principal is the String "alice"; getCurrentUser will hit
|
||||
// userRepository.findByUsername.
|
||||
when(userRepository.findByUsername("alice")).thenReturn(java.util.Optional.empty());
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("payload"));
|
||||
|
||||
ResponseEntity<StreamingResponseBody> resp = controller.chatRoute(req);
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.OK);
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credits-Remaining")).isFalse();
|
||||
assertThat(resp.getHeaders().containsHeader("X-Credit-Source")).isFalse();
|
||||
assertThat(drain(resp.getBody())).isEqualTo("payload");
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"an authed User principal is passed straight to the credit utils (no repo lookup)")
|
||||
void authedUserPrincipal_passedToCreditUtils() throws Exception {
|
||||
User user = userWithTeam(7L, 100L);
|
||||
authenticateWeb(user);
|
||||
when(creditHeaderUtils.getRemainingCredits(any(), any(), any())).thenReturn(11);
|
||||
HttpServletRequest req = req();
|
||||
stubForward("POST", "/api/chat/route", req, false, ok("reply"));
|
||||
|
||||
controller.chatRoute(req);
|
||||
|
||||
// The principal User is forwarded verbatim alongside both credit services.
|
||||
verify(creditHeaderUtils).getRemainingCredits(user, creditService, teamCreditService);
|
||||
verifyNoInteractions(userRepository);
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------------
|
||||
@@ -759,24 +544,6 @@ class AiProxyControllerTest {
|
||||
return upstreamResponse(200, body, httpHeaders(Map.of()));
|
||||
}
|
||||
|
||||
private static User userWithTeam(long userId, long teamId) {
|
||||
User user = new User();
|
||||
user.setId(userId);
|
||||
Team team = new Team();
|
||||
team.setId(teamId);
|
||||
user.setTeam(team);
|
||||
return user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticated WEB principal: 3-arg ctor so isAuthenticated()==true, principal is the User.
|
||||
*/
|
||||
private static void authenticateWeb(User user) {
|
||||
UsernamePasswordAuthenticationToken auth =
|
||||
new UsernamePasswordAuthenticationToken(user, null, List.of());
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
|
||||
private static java.net.http.HttpHeaders httpHeaders(Map<String, String> single) {
|
||||
Map<String, List<String>> multi = new java.util.HashMap<>();
|
||||
single.forEach((k, v) -> multi.put(k, List.of(v)));
|
||||
|
||||
-89
@@ -1,89 +0,0 @@
|
||||
package stirling.software.saas.controller;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
||||
import stirling.software.proprietary.security.model.ApiKeyAuthenticationToken;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.CreditService.CreditSummary;
|
||||
|
||||
/**
|
||||
* Regression coverage for finding #15: API-key users used to always see empty credits because the
|
||||
* controller blindly passed the API key string through to {@code getCreditSummaryBySupabaseId},
|
||||
* which then blew up on {@code UUID.fromString}. The new code reads the User from the principal and
|
||||
* prefers the linked Supabase ID, falling back to API-key-keyed credits.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class CreditControllerApiKeyTest {
|
||||
|
||||
@Mock private CreditService creditService;
|
||||
|
||||
@Test
|
||||
void apiKeyUserWithSupabaseIdGetsResolvedToSupabaseLookup() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User u = new User();
|
||||
u.setSupabaseId(supabaseId);
|
||||
|
||||
CreditSummary expected = creditSummary(42, 100);
|
||||
when(creditService.getCreditSummaryBySupabaseId(supabaseId.toString()))
|
||||
.thenReturn(expected);
|
||||
|
||||
CreditController controller = new CreditController(creditService);
|
||||
ApiKeyAuthenticationToken token =
|
||||
new ApiKeyAuthenticationToken(u, "the-api-key", java.util.List.of());
|
||||
|
||||
ResponseEntity<CreditSummary> resp = controller.getUserCredits(token);
|
||||
|
||||
assertThat(resp.getBody()).isSameAs(expected);
|
||||
verify(creditService).getCreditSummaryBySupabaseId(supabaseId.toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
void apiKeyUserWithoutSupabaseIdFallsBackToApiKeyLookup() {
|
||||
User u = new User();
|
||||
// No supabaseId set — covers self-hosted / OSS-style API-only users.
|
||||
CreditSummary expected = creditSummary(7, 25);
|
||||
when(creditService.getCreditSummaryByApiKey("apikey-no-supabase")).thenReturn(expected);
|
||||
|
||||
CreditController controller = new CreditController(creditService);
|
||||
ApiKeyAuthenticationToken token =
|
||||
new ApiKeyAuthenticationToken(u, "apikey-no-supabase", java.util.List.of());
|
||||
|
||||
ResponseEntity<CreditSummary> resp = controller.getUserCredits(token);
|
||||
|
||||
assertThat(resp.getBody()).isSameAs(expected);
|
||||
verify(creditService).getCreditSummaryByApiKey(eq("apikey-no-supabase"));
|
||||
}
|
||||
|
||||
@Test
|
||||
void apiKeyTokenWithoutUserPrincipalFallsBackToApiKeyLookup() {
|
||||
// Edge: token wasn't constructed with a User principal. Should still attempt API-key
|
||||
// lookup rather than throw.
|
||||
CreditSummary expected = creditSummary(0, 0);
|
||||
when(creditService.getCreditSummaryByApiKey("orphan-key")).thenReturn(expected);
|
||||
|
||||
CreditController controller = new CreditController(creditService);
|
||||
ApiKeyAuthenticationToken token =
|
||||
new ApiKeyAuthenticationToken("not-a-user", "orphan-key", java.util.List.of());
|
||||
|
||||
ResponseEntity<CreditSummary> resp = controller.getUserCredits(token);
|
||||
|
||||
assertThat(resp.getBody()).isNotNull();
|
||||
verify(creditService).getCreditSummaryByApiKey("orphan-key");
|
||||
}
|
||||
|
||||
private static CreditSummary creditSummary(int remaining, int allocated) {
|
||||
return new CreditSummary(remaining, allocated, 0, 0, remaining, null, null, false);
|
||||
}
|
||||
}
|
||||
@@ -1,725 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyBoolean;
|
||||
import static org.mockito.ArgumentMatchers.anyInt;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
|
||||
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.ErrorTrackingService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link CreditErrorAdvice}.
|
||||
*
|
||||
* <p>The advice is a {@code @RestControllerAdvice} that maps thrown exceptions to a status/body
|
||||
* and, when the request was flagged eligible (and not already charged), consumes a credit through
|
||||
* either the team pool or the individual waterfall. Collaborators are mocked; the {@link
|
||||
* MeterRegistry} is a real {@link SimpleMeterRegistry} so the {@code credits.consumed} counter is
|
||||
* exercised.
|
||||
*
|
||||
* <p>Authentication is driven through {@link SecurityContextHolder} using a 3-arg {@code
|
||||
* UsernamePasswordAuthenticationToken} (authenticated=true) whose principal is the live {@link
|
||||
* User} object, so {@code AuthenticationUtils.getCurrentUser} resolves it directly via {@code
|
||||
* instanceof User} without touching the repository.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class CreditErrorAdviceTest {
|
||||
|
||||
private static final String ATTR_ELIGIBLE = "CREDIT_ELIGIBLE";
|
||||
private static final String ATTR_APIKEY = "CREDIT_API_KEY";
|
||||
private static final String ATTR_CHARGED = "CREDIT_CHARGED";
|
||||
private static final String ATTR_RESOURCE_WEIGHT = "CREDIT_RESOURCE_WEIGHT";
|
||||
private static final String ATTR_IS_API = "IS_API_REQUEST";
|
||||
|
||||
private static final String API_KEY = "apikey-abcdefgh";
|
||||
private static final String URI = "/api/v1/convert/pdf-to-img";
|
||||
|
||||
@Mock private CreditService creditService;
|
||||
@Mock private TeamCreditService teamCreditService;
|
||||
@Mock private UserRepository userRepository;
|
||||
@Mock private ErrorTrackingService errorTrackingService;
|
||||
@Mock private SaasTeamExtensionService saasTeamExtensionService;
|
||||
@Mock private CreditHeaderUtils creditHeaderUtils;
|
||||
|
||||
private MeterRegistry meterRegistry;
|
||||
private CreditErrorAdvice advice;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
meterRegistry = new SimpleMeterRegistry();
|
||||
advice =
|
||||
new CreditErrorAdvice(
|
||||
creditService,
|
||||
teamCreditService,
|
||||
userRepository,
|
||||
errorTrackingService,
|
||||
saasTeamExtensionService,
|
||||
creditHeaderUtils,
|
||||
meterRegistry);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void tearDown() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
// --- helpers --------------------------------------------------------------------------------
|
||||
|
||||
private static User user(String username) {
|
||||
User u = new User();
|
||||
u.setUsername(username);
|
||||
return u;
|
||||
}
|
||||
|
||||
private static Team team(Long id) {
|
||||
Team t = new Team();
|
||||
t.setId(id);
|
||||
return t;
|
||||
}
|
||||
|
||||
/** Put the user on the SecurityContext as an authenticated principal. */
|
||||
private void authenticate(User user) {
|
||||
UsernamePasswordAuthenticationToken token =
|
||||
new UsernamePasswordAuthenticationToken(
|
||||
user, null, List.of(new SimpleGrantedAuthority("ROLE_USER")));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
}
|
||||
|
||||
/** Base request that is credit-eligible with an api key, resource weight 1 and not charged. */
|
||||
private MockHttpServletRequest eligibleRequest() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setRequestURI(URI);
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_APIKEY, API_KEY);
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(1));
|
||||
return req;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private static Map<String, Object> bodyOf(ResponseEntity<Object> resp) {
|
||||
return (Map<String, Object>) resp.getBody();
|
||||
}
|
||||
|
||||
private double counter() {
|
||||
return meterRegistry.get("credits.consumed").counter().count();
|
||||
}
|
||||
|
||||
// --- status mapping -------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("determineHttpStatus mapping (via handleThrowable)")
|
||||
class StatusMapping {
|
||||
|
||||
@Test
|
||||
@DisplayName("IllegalArgumentException -> 400 BAD_REQUEST")
|
||||
void illegalArgument_400() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new IllegalArgumentException("bad"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
|
||||
assertThat(bodyOf(resp))
|
||||
.containsEntry("error", "IllegalArgumentException")
|
||||
.containsEntry("message", "bad")
|
||||
.containsEntry("status", 400);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("AccessDeniedException -> 403 FORBIDDEN")
|
||||
void accessDenied_403() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(
|
||||
req,
|
||||
new org.springframework.security.access.AccessDeniedException("nope"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("UsernameNotFoundException -> 401 UNAUTHORIZED")
|
||||
void usernameNotFound_401() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(
|
||||
req,
|
||||
new org.springframework.security.core.userdetails
|
||||
.UsernameNotFoundException("who"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("UnsupportedOperationException -> 501 NOT_IMPLEMENTED")
|
||||
void unsupported_501() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new UnsupportedOperationException("later"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.NOT_IMPLEMENTED);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("unknown exception with no message clue -> 500 INTERNAL_SERVER_ERROR")
|
||||
void unknown_500() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("boom"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("message containing 'not found' -> 404 NOT_FOUND")
|
||||
void messageNotFound_404() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new RuntimeException("Resource not found here"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("message containing 'validation' -> 400 BAD_REQUEST")
|
||||
void messageValidation_400() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new RuntimeException("Validation of input failed"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("message containing 'invalid parameter' -> 400 BAD_REQUEST")
|
||||
void messageInvalidParameter_400() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new RuntimeException("invalid parameter: x"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("null message falls back to 'An error occurred' and 500")
|
||||
void nullMessage_default() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException());
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
assertThat(bodyOf(resp)).containsEntry("message", "An error occurred");
|
||||
}
|
||||
}
|
||||
|
||||
// --- no credit handling (gates closed) ------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("credit handling gate is closed -> no consumption")
|
||||
class GateClosed {
|
||||
|
||||
@Test
|
||||
@DisplayName("request not eligible: no error tracking, no consumption")
|
||||
void notEligible_noConsumption() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
// ATTR_ELIGIBLE absent
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
verifyNoInteractions(errorTrackingService, creditService, teamCreditService);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("eligible but already charged and unauthenticated: no consumption, no header")
|
||||
void alreadyCharged_unauthenticated_noHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
// no SecurityContext authentication
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
verifyNoInteractions(errorTrackingService, creditService, teamCreditService);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"eligible, null api key: error tracking is skipped entirely (apiKey != null guard)")
|
||||
void eligibleNullApiKey_noTracking() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setRequestURI(URI);
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(1));
|
||||
// no ATTR_APIKEY -> apiKey is null
|
||||
|
||||
advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
verifyNoInteractions(errorTrackingService, creditService, teamCreditService);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("eligible with api key but tracking says do NOT consume: no charge")
|
||||
void trackingSaysNo_noConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(false);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
verify(errorTrackingService)
|
||||
.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), eq(500));
|
||||
verifyNoInteractions(creditService, teamCreditService);
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
}
|
||||
|
||||
// --- individual (waterfall) consumption -----------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("individual credit consumption (no team)")
|
||||
class IndividualConsumption {
|
||||
|
||||
@Test
|
||||
@DisplayName("waterfall success: marks charged, increments counter, sets both headers")
|
||||
void waterfallSuccess_chargesAndHeaders() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(3));
|
||||
req.setAttribute(ATTR_IS_API, Boolean.TRUE);
|
||||
User u = user("alice");
|
||||
authenticate(u);
|
||||
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 3, true))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(42);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("42");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("CYCLE_CREDITS");
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 3, true);
|
||||
verify(teamCreditService, never()).consumeCredit(any(), anyInt());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("resource weight absent defaults credit amount to 1")
|
||||
void weightAbsent_defaultsToOne() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setRequestURI(URI);
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_APIKEY, API_KEY);
|
||||
// no resource weight, no IS_API_REQUEST -> isApiRequestFlag false
|
||||
User u = user("bob");
|
||||
authenticate(u);
|
||||
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("BOUGHT_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(0);
|
||||
|
||||
advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("waterfall failure: not charged, counter stays zero, no headers")
|
||||
void waterfallFailure_notCharged() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("carol");
|
||||
authenticate(u);
|
||||
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.failure("INSUFFICIENT_CREDITS"));
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("success but negative remaining: charged + source header, no remaining header")
|
||||
void successNegativeRemaining_noRemainingHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("dave");
|
||||
authenticate(u);
|
||||
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("METERED_SUBSCRIPTION"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(-1);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source"))
|
||||
.isEqualTo("METERED_SUBSCRIPTION");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("success with null source: charged, remaining header set, no source header")
|
||||
void successNullSource_noSourceHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("erin");
|
||||
authenticate(u);
|
||||
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
// success=true but source=null (unusual but defensively handled by the advice)
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(new CreditConsumptionResult(true, null, "ok"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(7);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("7");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("personal team is treated as no team -> waterfall, not team pool")
|
||||
void personalTeam_usesWaterfall() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("frank");
|
||||
u.setTeam(team(99L));
|
||||
authenticate(u);
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(true);
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(5);
|
||||
|
||||
advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
verify(teamCreditService, never()).consumeCredit(any(), anyInt());
|
||||
}
|
||||
}
|
||||
|
||||
// --- team consumption -----------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("team credit consumption (non-personal team)")
|
||||
class TeamConsumption {
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team success: consumes from team pool, source TEAM_CREDITS")
|
||||
void teamSuccess_consumesTeamPool() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(2));
|
||||
User u = user("gina");
|
||||
u.setTeam(team(77L));
|
||||
authenticate(u);
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(teamCreditService.consumeCredit(77L, 2)).thenReturn(true);
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(100);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("TEAM_CREDITS");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("100");
|
||||
verify(teamCreditService).consumeCredit(77L, 2);
|
||||
verify(creditService, never())
|
||||
.consumeCreditWithWaterfall(any(), anyInt(), anyBoolean());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team failure: not charged, counter stays zero")
|
||||
void teamFailure_notCharged() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("hank");
|
||||
u.setTeam(team(55L));
|
||||
authenticate(u);
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(teamCreditService.consumeCredit(55L, 1)).thenReturn(false);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isNull();
|
||||
verify(creditService, never())
|
||||
.consumeCreditWithWaterfall(any(), anyInt(), anyBoolean());
|
||||
}
|
||||
}
|
||||
|
||||
// --- user resolution edge cases -------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("user resolution edge cases (tracking says consume)")
|
||||
class UserResolution {
|
||||
|
||||
@Test
|
||||
@DisplayName("no authentication: getCurrentUser throws, user null -> no consumption")
|
||||
void noAuth_userNull_noConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
// no SecurityContext authentication -> AuthenticationUtils throws SecurityException
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
verifyNoInteractions(creditService, teamCreditService);
|
||||
}
|
||||
}
|
||||
|
||||
// --- already-charged header path ------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("already-charged path sets remaining header when authenticated")
|
||||
class AlreadyCharged {
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"already charged + authenticated + non-negative remaining: header set, no consumption")
|
||||
void alreadyCharged_authenticated_setsHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
User u = user("ian");
|
||||
authenticate(u);
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(9);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("9");
|
||||
// Already-charged branch never records an error or consumes again.
|
||||
verifyNoInteractions(errorTrackingService, teamCreditService);
|
||||
verify(creditService, never())
|
||||
.consumeCreditWithWaterfall(any(), anyInt(), anyBoolean());
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("already charged + authenticated + negative remaining: no header")
|
||||
void alreadyCharged_negativeRemaining_noHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
User u = user("jane");
|
||||
authenticate(u);
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(-1);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("already charged: header lookup throwing is swallowed (no propagation)")
|
||||
void alreadyCharged_headerLookupThrows_swallowed() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
User u = user("kyle");
|
||||
authenticate(u);
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenThrow(new RuntimeException("header boom"));
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
// Must not propagate; status still computed and no remaining header set.
|
||||
assertThat(resp.getStatusCode()).isEqualTo(HttpStatus.INTERNAL_SERVER_ERROR);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isNull();
|
||||
}
|
||||
}
|
||||
|
||||
// --- SSE response shaping --------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("SSE response shaping")
|
||||
class SseShaping {
|
||||
|
||||
@Test
|
||||
@DisplayName("Accept text/event-stream: body is SSE framed text with event: error")
|
||||
void acceptHeader_producesSseBody() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.addHeader("Accept", MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
|
||||
ResponseEntity<Object> resp =
|
||||
advice.handleThrowable(req, new IllegalArgumentException("bad"));
|
||||
|
||||
assertThat(resp.getHeaders().getContentType()).isEqualTo(MediaType.TEXT_EVENT_STREAM);
|
||||
assertThat(resp.getBody()).isInstanceOf(String.class);
|
||||
String sse = (String) resp.getBody();
|
||||
assertThat(sse).startsWith("event: error\ndata: ").endsWith("\n\n");
|
||||
assertThat(sse).contains("\"error\":\"IllegalArgumentException\"");
|
||||
assertThat(sse).contains("\"status\":400");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Content-Type text/event-stream also triggers SSE framing")
|
||||
void contentTypeHeader_producesSseBody() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setContentType(MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("boom"));
|
||||
|
||||
assertThat(resp.getHeaders().getContentType()).isEqualTo(MediaType.TEXT_EVENT_STREAM);
|
||||
assertThat((String) resp.getBody()).startsWith("event: error\ndata: ");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-SSE request returns the Map body, not SSE text")
|
||||
void nonSse_returnsMapBody() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("boom"));
|
||||
|
||||
assertThat(resp.getBody()).isInstanceOf(Map.class);
|
||||
assertThat(resp.getHeaders().getContentType()).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"SSE framing carries through after a successful team charge (headers + SSE body)")
|
||||
void sseWithTeamCharge_headersAndSseBody() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.addHeader("Accept", MediaType.TEXT_EVENT_STREAM_VALUE);
|
||||
User u = user("liz");
|
||||
u.setTeam(team(33L));
|
||||
authenticate(u);
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(teamCreditService.consumeCredit(33L, 1)).thenReturn(true);
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(8);
|
||||
|
||||
ResponseEntity<Object> resp = advice.handleThrowable(req, new RuntimeException("x"));
|
||||
|
||||
assertThat(resp.getHeaders().getContentType()).isEqualTo(MediaType.TEXT_EVENT_STREAM);
|
||||
assertThat(resp.getHeaders().getFirst("X-Credit-Source")).isEqualTo("TEAM_CREDITS");
|
||||
assertThat(resp.getHeaders().getFirst("X-Credits-Remaining")).isEqualTo("8");
|
||||
assertThat((String) resp.getBody()).startsWith("event: error\ndata: ");
|
||||
}
|
||||
}
|
||||
|
||||
// --- counter accumulation across calls -------------------------------------------------------
|
||||
|
||||
@Test
|
||||
@DisplayName("counter accumulates across multiple successful charges")
|
||||
void counterAccumulates() {
|
||||
User u = user("mike");
|
||||
authenticate(u);
|
||||
when(errorTrackingService.recordErrorAndShouldConsumeCredit(
|
||||
eq(API_KEY), eq(URI), any(Throwable.class), anyInt()))
|
||||
.thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(eq(u), eq(1), eq(false)))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(3);
|
||||
|
||||
advice.handleThrowable(eligibleRequest(), new RuntimeException("a"));
|
||||
advice.handleThrowable(eligibleRequest(), new RuntimeException("b"));
|
||||
|
||||
assertThat(counter()).isEqualTo(2.0d);
|
||||
verify(creditService, times(2)).consumeCreditWithWaterfall(u, 1, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("ErrorResponse value holder wires its fields verbatim")
|
||||
void errorResponseHolder() {
|
||||
CreditErrorAdvice.ErrorResponse er =
|
||||
new CreditErrorAdvice.ErrorResponse("Boom", "it broke", 500);
|
||||
|
||||
assertThat(er.error).isEqualTo("Boom");
|
||||
assertThat(er.message).isEqualTo("it broke");
|
||||
assertThat(er.status).isEqualTo(500);
|
||||
}
|
||||
}
|
||||
-679
@@ -1,679 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyBoolean;
|
||||
import static org.mockito.ArgumentMatchers.anyInt;
|
||||
import static org.mockito.ArgumentMatchers.anyLong;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
import org.springframework.http.server.ServerHttpRequest;
|
||||
import org.springframework.http.server.ServletServerHttpRequest;
|
||||
import org.springframework.http.server.ServletServerHttpResponse;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
|
||||
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
import stirling.software.saas.util.CreditHeaderUtils;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link CreditSuccessAdvice}.
|
||||
*
|
||||
* <p>The advice is a {@code @RestControllerAdvice} {@code ResponseBodyAdvice} that, on a successful
|
||||
* (status < 400) response previously flagged credit-eligible (and not already charged), consumes
|
||||
* a credit either from the team pool (non-personal team) or via the individual waterfall, then sets
|
||||
* {@code X-Credits-Remaining} / {@code X-Credit-Source} headers and increments a {@code
|
||||
* credits.consumed} counter. Collaborators are mocked; the {@link MeterRegistry} is a real {@link
|
||||
* SimpleMeterRegistry} so the counter is exercised.
|
||||
*
|
||||
* <p>{@link ServerHttpRequest}/response are constructed by wrapping {@link MockHttpServletRequest}
|
||||
* and {@link MockHttpServletResponse} in {@link ServletServerHttpRequest}/{@link
|
||||
* ServletServerHttpResponse} so the advice's {@code instanceof} unwrapping and status read work
|
||||
* against the mock servlet objects. {@code beforeBodyWrite}'s {@code MethodParameter}, {@code
|
||||
* MediaType} and converter type arguments are unused by the charging logic, so {@code null} is
|
||||
* passed for them.
|
||||
*
|
||||
* <p>Authentication is driven through {@link SecurityContextHolder} using a 3-arg {@code
|
||||
* UsernamePasswordAuthenticationToken} (authenticated=true) whose principal is the live {@link
|
||||
* User} object, so {@code AuthenticationUtils.getCurrentUser} resolves it directly via {@code
|
||||
* instanceof User} without touching the repository. The authorities on that token drive the
|
||||
* limited-API-user check (which the advice reads from the authentication, not the user).
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class CreditSuccessAdviceTest {
|
||||
|
||||
private static final String ATTR_ELIGIBLE = "CREDIT_ELIGIBLE";
|
||||
private static final String ATTR_APIKEY = "CREDIT_API_KEY";
|
||||
private static final String ATTR_CHARGED = "CREDIT_CHARGED";
|
||||
private static final String ATTR_RESOURCE_WEIGHT = "CREDIT_RESOURCE_WEIGHT";
|
||||
private static final String ATTR_IS_API = "IS_API_REQUEST";
|
||||
|
||||
private static final String API_KEY = "apikey-abcdefgh";
|
||||
|
||||
@Mock private CreditService creditService;
|
||||
@Mock private TeamCreditService teamCreditService;
|
||||
@Mock private UserRepository userRepository;
|
||||
@Mock private SaasTeamExtensionService saasTeamExtensionService;
|
||||
@Mock private CreditHeaderUtils creditHeaderUtils;
|
||||
|
||||
private MeterRegistry meterRegistry;
|
||||
private CreditSuccessAdvice advice;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
meterRegistry = new SimpleMeterRegistry();
|
||||
advice =
|
||||
new CreditSuccessAdvice(
|
||||
creditService,
|
||||
teamCreditService,
|
||||
userRepository,
|
||||
saasTeamExtensionService,
|
||||
creditHeaderUtils,
|
||||
meterRegistry);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void tearDown() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
// --- helpers --------------------------------------------------------------------------------
|
||||
|
||||
private static User user(String username) {
|
||||
User u = new User();
|
||||
u.setUsername(username);
|
||||
return u;
|
||||
}
|
||||
|
||||
private static Team team(Long id) {
|
||||
Team t = new Team();
|
||||
t.setId(id);
|
||||
return t;
|
||||
}
|
||||
|
||||
/** Authenticate with the default ROLE_USER authority (not a limited-API user). */
|
||||
private void authenticate(User user) {
|
||||
authenticate(user, "ROLE_USER");
|
||||
}
|
||||
|
||||
/** Put the user on the SecurityContext as an authenticated principal with given authorities. */
|
||||
private void authenticate(User user, String... authorities) {
|
||||
var grants = java.util.Arrays.stream(authorities).map(SimpleGrantedAuthority::new).toList();
|
||||
UsernamePasswordAuthenticationToken token =
|
||||
new UsernamePasswordAuthenticationToken(user, null, grants);
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
}
|
||||
|
||||
/** Base request: credit-eligible with an api key, resource weight 1, not charged. */
|
||||
private MockHttpServletRequest eligibleRequest() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_APIKEY, API_KEY);
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(1));
|
||||
return req;
|
||||
}
|
||||
|
||||
/** Holder so a test can read back both the returned body and the underlying servlet objects. */
|
||||
private static final class Exchange {
|
||||
final MockHttpServletRequest servletReq;
|
||||
final MockHttpServletResponse servletResp;
|
||||
final ServletServerHttpResponse response;
|
||||
|
||||
Exchange(MockHttpServletRequest servletReq, MockHttpServletResponse servletResp) {
|
||||
this.servletReq = servletReq;
|
||||
this.servletResp = servletResp;
|
||||
this.response = new ServletServerHttpResponse(servletResp);
|
||||
}
|
||||
|
||||
String header(String name) {
|
||||
// Read from the live ServerHttpResponse headers the advice wrote to.
|
||||
return response.getHeaders().getFirst(name);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Invoke beforeBodyWrite against the given servlet request/response and return the exchange.
|
||||
*/
|
||||
private Object invoke(Exchange ex, Object body) {
|
||||
ServletServerHttpRequest request = new ServletServerHttpRequest(ex.servletReq);
|
||||
return advice.beforeBodyWrite(body, null, null, null, request, ex.response);
|
||||
}
|
||||
|
||||
private Object invoke(MockHttpServletRequest servletReq, Object body) {
|
||||
return invoke(new Exchange(servletReq, new MockHttpServletResponse()), body);
|
||||
}
|
||||
|
||||
private double counter() {
|
||||
return meterRegistry.get("credits.consumed").counter().count();
|
||||
}
|
||||
|
||||
// --- supports() -----------------------------------------------------------------------------
|
||||
|
||||
@Test
|
||||
@DisplayName("supports() returns true for any return type / converter")
|
||||
void supports_alwaysTrue() {
|
||||
assertThat(advice.supports(null, null)).isTrue();
|
||||
}
|
||||
|
||||
// --- gates that short-circuit (body returned unchanged, nothing consumed) --------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("short-circuit gates -> body returned unchanged, no consumption")
|
||||
class Gates {
|
||||
|
||||
@Test
|
||||
@DisplayName("non-servlet request: returns body untouched, no interactions")
|
||||
void nonServletRequest_returnsBody() {
|
||||
ServerHttpRequest notServlet = org.mockito.Mockito.mock(ServerHttpRequest.class);
|
||||
ServletServerHttpResponse resp =
|
||||
new ServletServerHttpResponse(new MockHttpServletResponse());
|
||||
|
||||
Object body = "BODY";
|
||||
Object out = advice.beforeBodyWrite(body, null, null, null, notServlet, resp);
|
||||
|
||||
assertThat(out).isSameAs(body);
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("not eligible (attribute absent): no consumption")
|
||||
void notEligible_noConsumption() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setAttribute(ATTR_APIKEY, API_KEY);
|
||||
|
||||
Object out = invoke(req, "BODY");
|
||||
|
||||
assertThat(out).isEqualTo("BODY");
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("eligible attribute not Boolean.TRUE (e.g. Boolean.FALSE): no consumption")
|
||||
void eligibleFalse_noConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.FALSE);
|
||||
authenticate(user("x"));
|
||||
|
||||
invoke(req, "BODY");
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("already charged (CREDIT_CHARGED set): no second consumption")
|
||||
void alreadyCharged_noConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_CHARGED, Boolean.TRUE);
|
||||
authenticate(user("x"));
|
||||
|
||||
invoke(req, "BODY");
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("error status >= 400 on response: skip consumption, error advice decides")
|
||||
void errorStatus_skipsConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
authenticate(user("x"));
|
||||
MockHttpServletResponse servletResp = new MockHttpServletResponse();
|
||||
servletResp.setStatus(500);
|
||||
Exchange ex = new Exchange(req, servletResp);
|
||||
|
||||
Object out = invoke(ex, "BODY");
|
||||
|
||||
assertThat(out).isEqualTo("BODY");
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("status exactly 400 is treated as error -> skip")
|
||||
void status400_skipsConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
authenticate(user("x"));
|
||||
MockHttpServletResponse servletResp = new MockHttpServletResponse();
|
||||
servletResp.setStatus(400);
|
||||
|
||||
invoke(new Exchange(req, servletResp), "BODY");
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("status 399 (just below 400) still consumes")
|
||||
void status399_stillConsumes() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("edge");
|
||||
authenticate(u);
|
||||
MockHttpServletResponse servletResp = new MockHttpServletResponse();
|
||||
servletResp.setStatus(399);
|
||||
Exchange ex = new Exchange(req, servletResp);
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(5);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("eligible but apiKey attribute absent: no consumption (apiKey != null guard)")
|
||||
void nullApiKey_noConsumption() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(1));
|
||||
// no ATTR_APIKEY -> apiKey null
|
||||
authenticate(user("x"));
|
||||
|
||||
invoke(req, "BODY");
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
assertThat(counter()).isZero();
|
||||
}
|
||||
}
|
||||
|
||||
// --- individual (waterfall) consumption -----------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("individual credit consumption (no team)")
|
||||
class IndividualConsumption {
|
||||
|
||||
@Test
|
||||
@DisplayName("waterfall success: marks charged, increments counter, sets both headers")
|
||||
void waterfallSuccess_chargesAndHeaders() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(3));
|
||||
req.setAttribute(ATTR_IS_API, Boolean.TRUE);
|
||||
User u = user("alice");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 3, true))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(42);
|
||||
|
||||
Object out = invoke(ex, "BODY");
|
||||
|
||||
assertThat(out).isEqualTo("BODY");
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(ex.header("X-Credits-Remaining")).isEqualTo("42");
|
||||
assertThat(ex.header("X-Credit-Source")).isEqualTo("CYCLE_CREDITS");
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 3, true);
|
||||
verify(teamCreditService, never()).consumeCreditWithWaterfall(anyLong(), anyInt());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("resource weight absent defaults credit amount to 1, IS_API absent -> false")
|
||||
void weightAbsent_defaultsToOne() {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
req.setAttribute(ATTR_ELIGIBLE, Boolean.TRUE);
|
||||
req.setAttribute(ATTR_APIKEY, API_KEY);
|
||||
// no resource weight, no IS_API_REQUEST -> isApiRequestFlag false
|
||||
User u = user("bob");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("BOUGHT_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(0);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
// remaining 0 is non-negative -> header set
|
||||
assertThat(ex.header("X-Credits-Remaining")).isEqualTo("0");
|
||||
assertThat(ex.header("X-Credit-Source")).isEqualTo("BOUGHT_CREDITS");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("IS_API_REQUEST=false is passed through as false to the waterfall")
|
||||
void isApiFalse_passedThrough() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_IS_API, Boolean.FALSE);
|
||||
User u = user("ivy");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(3);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"waterfall failure (insufficient credits): not charged, counter zero, no headers")
|
||||
void waterfallFailure_notCharged() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("carol");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.failure("INSUFFICIENT_CREDITS"));
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
assertThat(ex.header("X-Credits-Remaining")).isNull();
|
||||
assertThat(ex.header("X-Credit-Source")).isNull();
|
||||
// header utils is only consulted after a successful charge
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("success but negative remaining: charged + source header, no remaining header")
|
||||
void successNegativeRemaining_noRemainingHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("dave");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("METERED_SUBSCRIPTION"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(-1);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(ex.header("X-Credits-Remaining")).isNull();
|
||||
assertThat(ex.header("X-Credit-Source")).isEqualTo("METERED_SUBSCRIPTION");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("success with null source: charged, remaining header set, no source header")
|
||||
void successNullSource_noSourceHeader() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("erin");
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
// success=true but source=null (defensively handled by the advice)
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(new CreditConsumptionResult(true, null, "ok"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(7);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(ex.header("X-Credits-Remaining")).isEqualTo("7");
|
||||
assertThat(ex.header("X-Credit-Source")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("user with personal team is treated as no team -> waterfall, not team pool")
|
||||
void personalTeam_usesWaterfall() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("frank");
|
||||
u.setTeam(team(99L));
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(true);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(5);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
verify(teamCreditService, never()).consumeCreditWithWaterfall(anyLong(), anyInt());
|
||||
}
|
||||
}
|
||||
|
||||
// --- limited-API users always use personal credits ------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("limited-API users always use personal credits (never team pool)")
|
||||
class LimitedApiUsers {
|
||||
|
||||
@Test
|
||||
@DisplayName("ROLE_LIMITED_API_USER in a non-personal team still uses the waterfall")
|
||||
void limitedApiUser_usesWaterfall() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("lim");
|
||||
u.setTeam(team(77L));
|
||||
authenticate(u, "ROLE_LIMITED_API_USER");
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(2);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
verify(teamCreditService, never()).consumeCreditWithWaterfall(anyLong(), anyInt());
|
||||
// isPersonal short-circuited by the limited-API check; team service untouched
|
||||
verify(saasTeamExtensionService, never()).isPersonal(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("ROLE_EXTRA_LIMITED_API_USER in a non-personal team still uses the waterfall")
|
||||
void extraLimitedApiUser_usesWaterfall() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("xlim");
|
||||
u.setTeam(team(88L));
|
||||
authenticate(u, "ROLE_EXTRA_LIMITED_API_USER");
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(1);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
verify(teamCreditService, never()).consumeCreditWithWaterfall(anyLong(), anyInt());
|
||||
}
|
||||
}
|
||||
|
||||
// --- team consumption -----------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("team credit consumption (non-personal team)")
|
||||
class TeamConsumption {
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team success: consumes from team pool, sets source header")
|
||||
void teamSuccess_consumesTeamPool() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
req.setAttribute(ATTR_RESOURCE_WEIGHT, Integer.valueOf(2));
|
||||
User u = user("gina");
|
||||
u.setTeam(team(77L));
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.consumeCreditWithWaterfall(77L, 2))
|
||||
.thenReturn(CreditConsumptionResult.success("TEAM_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(100);
|
||||
|
||||
Object out = invoke(ex, "BODY");
|
||||
|
||||
assertThat(out).isEqualTo("BODY");
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isEqualTo(Boolean.TRUE);
|
||||
assertThat(counter()).isEqualTo(1.0d);
|
||||
assertThat(ex.header("X-Credit-Source")).isEqualTo("TEAM_CREDITS");
|
||||
assertThat(ex.header("X-Credits-Remaining")).isEqualTo("100");
|
||||
verify(teamCreditService).consumeCreditWithWaterfall(77L, 2);
|
||||
verify(creditService, never())
|
||||
.consumeCreditWithWaterfall(any(), anyInt(), anyBoolean());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team success via leader overage source is propagated")
|
||||
void teamSuccess_overageSourcePropagated() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("greg");
|
||||
u.setTeam(team(12L));
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.consumeCreditWithWaterfall(12L, 1))
|
||||
.thenReturn(CreditConsumptionResult.success("METERED_SUBSCRIPTION"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(0);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(ex.header("X-Credit-Source")).isEqualTo("METERED_SUBSCRIPTION");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team failure: not charged, counter zero, no headers")
|
||||
void teamFailure_notCharged() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("hank");
|
||||
u.setTeam(team(55L));
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.consumeCreditWithWaterfall(55L, 1))
|
||||
.thenReturn(
|
||||
CreditConsumptionResult.failure("TEAM_CREDITS_EXHAUSTED_NO_OVERAGE"));
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
assertThat(ex.header("X-Credits-Remaining")).isNull();
|
||||
assertThat(ex.header("X-Credit-Source")).isNull();
|
||||
verify(creditService, never())
|
||||
.consumeCreditWithWaterfall(any(), anyInt(), anyBoolean());
|
||||
verifyNoInteractions(creditHeaderUtils);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("team with null id is treated as no team -> waterfall used")
|
||||
void teamNullId_usesWaterfall() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
User u = user("nina");
|
||||
u.setTeam(team(null)); // non-personal (isPersonal false) but id null
|
||||
authenticate(u);
|
||||
Exchange ex = new Exchange(req, new MockHttpServletResponse());
|
||||
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(4);
|
||||
|
||||
invoke(ex, "BODY");
|
||||
|
||||
// targetTeamId resolves to null (team id null) -> individual waterfall
|
||||
verify(creditService).consumeCreditWithWaterfall(u, 1, false);
|
||||
verify(teamCreditService, never()).consumeCreditWithWaterfall(anyLong(), anyInt());
|
||||
}
|
||||
}
|
||||
|
||||
// --- user resolution edge cases -------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("user resolution edge cases")
|
||||
class UserResolution {
|
||||
|
||||
@Test
|
||||
@DisplayName("no authentication: getCurrentUser throws, user null -> no consumption")
|
||||
void noAuth_userNull_noConsumption() {
|
||||
MockHttpServletRequest req = eligibleRequest();
|
||||
// no SecurityContext authentication -> AuthenticationUtils throws SecurityException
|
||||
|
||||
Object out = invoke(req, "BODY");
|
||||
|
||||
assertThat(out).isEqualTo("BODY");
|
||||
assertThat(req.getAttribute(ATTR_CHARGED)).isNull();
|
||||
assertThat(counter()).isZero();
|
||||
verifyNoInteractions(creditService, teamCreditService, creditHeaderUtils);
|
||||
}
|
||||
}
|
||||
|
||||
// --- counter accumulation -------------------------------------------------------------------
|
||||
|
||||
@Test
|
||||
@DisplayName("counter accumulates across multiple successful charges")
|
||||
void counterAccumulates() {
|
||||
User u = user("mike");
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(3);
|
||||
|
||||
// fresh request each time so ATTR_CHARGED from a prior call doesn't block the next
|
||||
authenticate(u);
|
||||
invoke(eligibleRequest(), "A");
|
||||
invoke(eligibleRequest(), "B");
|
||||
|
||||
assertThat(counter()).isEqualTo(2.0d);
|
||||
verify(creditService, times(2)).consumeCreditWithWaterfall(u, 1, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("body is always returned verbatim (including null) regardless of charging")
|
||||
void bodyReturnedVerbatim() {
|
||||
User u = user("nora");
|
||||
authenticate(u);
|
||||
when(creditService.consumeCreditWithWaterfall(u, 1, false))
|
||||
.thenReturn(CreditConsumptionResult.success("CYCLE_CREDITS"));
|
||||
when(creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService))
|
||||
.thenReturn(1);
|
||||
|
||||
Object out = invoke(eligibleRequest(), null);
|
||||
|
||||
assertThat(out).isNull();
|
||||
}
|
||||
}
|
||||
-806
@@ -1,806 +0,0 @@
|
||||
package stirling.software.saas.interceptor;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.mockito.Mockito;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
|
||||
import io.micrometer.core.instrument.MeterRegistry;
|
||||
import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
|
||||
|
||||
import stirling.software.common.annotations.AutoJobPostMapping;
|
||||
import stirling.software.common.model.enumeration.TeamRole;
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.ApiKeyAuthenticationToken;
|
||||
import stirling.software.proprietary.security.model.Authority;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.TeamMembership;
|
||||
import stirling.software.saas.model.UserCredit;
|
||||
import stirling.software.saas.repository.TeamMembershipRepository;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.ErrorTrackingService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.SaasUserExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
|
||||
/**
|
||||
* Pure-Mockito unit tests for {@link UnifiedCreditInterceptor}. No Spring context: request/response
|
||||
* are Spring's mock servlet objects, the SecurityContext is populated with real token types
|
||||
* (matching the sibling {@code PaygChargeInterceptorTest} house style) and every collaborator is a
|
||||
* Mockito mock. A real {@link SimpleMeterRegistry} backs the counters/timer so increments can be
|
||||
* asserted directly.
|
||||
*/
|
||||
class UnifiedCreditInterceptorTest {
|
||||
|
||||
private CreditService creditService;
|
||||
private ErrorTrackingService errorTrackingService;
|
||||
private CreditsProperties creditsProperties;
|
||||
private UserRepository userRepository;
|
||||
private TeamCreditService teamCreditService;
|
||||
private TeamMembershipRepository membershipRepository;
|
||||
private SaasUserExtensionService saasUserExtensionService;
|
||||
private SaasTeamExtensionService saasTeamExtensionService;
|
||||
private MeterRegistry meterRegistry;
|
||||
private UnifiedCreditInterceptor interceptor;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
creditService = Mockito.mock(CreditService.class);
|
||||
errorTrackingService = Mockito.mock(ErrorTrackingService.class);
|
||||
creditsProperties = new CreditsProperties();
|
||||
userRepository = Mockito.mock(UserRepository.class);
|
||||
teamCreditService = Mockito.mock(TeamCreditService.class);
|
||||
membershipRepository = Mockito.mock(TeamMembershipRepository.class);
|
||||
saasUserExtensionService = Mockito.mock(SaasUserExtensionService.class);
|
||||
saasTeamExtensionService = Mockito.mock(SaasTeamExtensionService.class);
|
||||
meterRegistry = new SimpleMeterRegistry();
|
||||
interceptor =
|
||||
new UnifiedCreditInterceptor(
|
||||
creditService,
|
||||
errorTrackingService,
|
||||
creditsProperties,
|
||||
userRepository,
|
||||
teamCreditService,
|
||||
membershipRepository,
|
||||
saasUserExtensionService,
|
||||
saasTeamExtensionService,
|
||||
meterRegistry);
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void tearDown() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
// --- gate short-circuits ---------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("preHandle gate / short-circuit branches")
|
||||
class GateBranches {
|
||||
|
||||
@Test
|
||||
@DisplayName("credits disabled allows request without touching any collaborator")
|
||||
void creditsDisabled_allowsAndSkipsValidation() throws Exception {
|
||||
creditsProperties.setEnabled(false);
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
verifyNoInteractions(creditService, teamCreditService, userRepository);
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-HandlerMethod handler is out of scope and allowed")
|
||||
void plainHandlerObject_isAllowed() throws Exception {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, new Object());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
verifyNoInteractions(creditService, teamCreditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("HandlerMethod without @AutoJobPostMapping is out of scope and allowed")
|
||||
void handlerWithoutAnnotation_isAllowed() throws Exception {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForPlain());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
verifyNoInteractions(creditService, teamCreditService);
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isNull();
|
||||
}
|
||||
}
|
||||
|
||||
// --- authentication gating -------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("authentication blocking")
|
||||
class AuthBlocking {
|
||||
|
||||
@Test
|
||||
@DisplayName("null authentication is blocked with 401")
|
||||
void nullAuth_blockedWith401() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(401);
|
||||
assertThat(res.getContentType()).isEqualTo("application/json");
|
||||
assertThat(res.getContentAsString()).contains("AUTHENTICATION_REQUIRED");
|
||||
verifyNoInteractions(creditService, teamCreditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("unauthenticated token (isAuthenticated=false) is blocked with 401")
|
||||
void unauthenticatedToken_blockedWith401() throws Exception {
|
||||
// 2-arg ctor leaves isAuthenticated()=false, so it falls through to the security block.
|
||||
SecurityContextHolder.getContext()
|
||||
.setAuthentication(new UsernamePasswordAuthenticationToken("someone", "creds"));
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(401);
|
||||
assertThat(res.getContentAsString()).contains("AUTHENTICATION_REQUIRED");
|
||||
}
|
||||
}
|
||||
|
||||
// --- JWT lookup / role bypass ----------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("JWT authentication: lookup, role bypass and bad identifiers")
|
||||
class JwtLookupAndBypass {
|
||||
|
||||
@Test
|
||||
@DisplayName("JWT user not found in repository returns 500 USER_NOT_FOUND")
|
||||
void jwtUserMissing_returns500() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.empty());
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(500);
|
||||
assertThat(res.getContentAsString()).contains("USER_NOT_FOUND");
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("JWT with non-UUID identifier returns 400 INVALID_USER_ID")
|
||||
void jwtInvalidSupabaseIdFormat_returns400() throws Exception {
|
||||
// auth.getName() is not a UUID → UUID.fromString throws IllegalArgumentException.
|
||||
authenticateJwt("not-a-uuid", "ROLE_USER");
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(400);
|
||||
assertThat(res.getContentAsString()).contains("INVALID_USER_ID");
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("admin JWT user bypasses credit validation and bumps jwt_bypass counter")
|
||||
void adminJwtUser_bypassesValidation() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_ADMIN");
|
||||
User admin = makeUser(1L, null, "ROLE_ADMIN");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(admin));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isNull();
|
||||
assertThat(meterRegistry.counter("credits.validation.jwt_bypass").count())
|
||||
.isEqualTo(1.0);
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("internal backend-API JWT user bypasses credit validation")
|
||||
void internalBackendApiUser_bypassesValidation() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "STIRLING-PDF-BACKEND-API-USER");
|
||||
User internal = makeUser(2L, null, "STIRLING-PDF-BACKEND-API-USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(internal));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(meterRegistry.counter("credits.validation.jwt_bypass").count())
|
||||
.isEqualTo(1.0);
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("pro JWT user is NOT bypassed - still flows into waterfall credit checks")
|
||||
void proJwtUser_isSubjectToCreditChecks() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_PRO_USER");
|
||||
User pro = makeUser(3L, null, "ROLE_PRO_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(pro));
|
||||
when(creditService.getOrCreateUserCredits(pro)).thenReturn(userCredit(100));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
// Pro is not bypassed; it consumed the credit-check path so the eligible flag is set.
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
assertThat(meterRegistry.counter("credits.validation.jwt_bypass").count())
|
||||
.isEqualTo(0.0);
|
||||
verify(creditService).getOrCreateUserCredits(pro);
|
||||
}
|
||||
}
|
||||
|
||||
// --- JWT personal-credit path ----------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("JWT personal-credit path")
|
||||
class JwtPersonalCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("sufficient personal credits passes and marks request eligible")
|
||||
void sufficientPersonalCredits_passes() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
User user = makeUser(10L, null, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(creditService.getOrCreateUserCredits(user)).thenReturn(userCredit(50));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
// JWT credit identifier is the Supabase id, weight clamps to 1 (default sentinel).
|
||||
assertThat(req.getAttribute("CREDIT_API_KEY")).isEqualTo(supabaseId);
|
||||
assertThat(req.getAttribute("CREDIT_RESOURCE_WEIGHT")).isEqualTo(1);
|
||||
assertThat(req.getAttribute("IS_API_KEY_AUTH")).isEqualTo(false);
|
||||
assertThat(req.getAttribute("IS_API_REQUEST")).isEqualTo(false);
|
||||
assertThat(meterRegistry.counter("credits.validation.checked").count()).isEqualTo(1.0);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("insufficient personal credits without metered billing is rejected with 429")
|
||||
void insufficientPersonalCredits_rejectedWith429() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
User user = makeUser(11L, null, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(creditService.getOrCreateUserCredits(user)).thenReturn(userCredit(0));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(false);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(429);
|
||||
assertThat(res.getContentAsString()).contains("INSUFFICIENT_CREDITS");
|
||||
// Personal (not team) message wording.
|
||||
assertThat(res.getContentAsString()).contains("Insufficient API credits");
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isNull();
|
||||
assertThat(meterRegistry.counter("credits.validation.rejected").count()).isEqualTo(1.0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"insufficient personal credits but metered billing enabled proceeds on overage")
|
||||
void insufficientPersonalCredits_withMeteredBilling_proceeds() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
User user = makeUser(12L, null, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(creditService.getOrCreateUserCredits(user)).thenReturn(userCredit(0));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(true);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
assertThat(meterRegistry.counter("credits.validation.rejected").count()).isEqualTo(0.0);
|
||||
}
|
||||
}
|
||||
|
||||
// --- JWT team-credit path --------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("JWT team-credit path")
|
||||
class JwtTeamCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team with sufficient team credits passes")
|
||||
void teamCreditsSufficient_passes() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
Team team = makeTeam(500L);
|
||||
User user = makeUser(20L, team, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(saasTeamExtensionService.isPersonal(team)).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(500L)).thenReturn(Optional.of(teamCredit(80)));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
verify(teamCreditService).getTeamCredits(500L);
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("non-personal team with no credits but leader metered billing proceeds")
|
||||
void teamCreditsExhausted_leaderMetered_proceeds() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
Team team = makeTeam(501L);
|
||||
User user = makeUser(21L, team, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(saasTeamExtensionService.isPersonal(team)).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(501L)).thenReturn(Optional.of(teamCredit(0)));
|
||||
|
||||
// Leader has metered billing → overage allowed even with zero team credits.
|
||||
User leader = makeUser(99L, team, "ROLE_USER");
|
||||
TeamMembership leaderMembership = new TeamMembership();
|
||||
leaderMembership.setUser(leader);
|
||||
leaderMembership.setRole(TeamRole.LEADER);
|
||||
when(membershipRepository.findByTeamIdAndRole(501L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"non-personal team with no credits and no leader metered is rejected (team msg)")
|
||||
void teamCreditsExhausted_noLeaderMetered_rejectedWithTeamMessage() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
Team team = makeTeam(502L);
|
||||
User user = makeUser(22L, team, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(saasTeamExtensionService.isPersonal(team)).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(502L)).thenReturn(Optional.of(teamCredit(0)));
|
||||
when(membershipRepository.findByTeamIdAndRole(502L, TeamRole.LEADER))
|
||||
.thenReturn(List.of());
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(false);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(429);
|
||||
assertThat(res.getContentAsString()).contains("Insufficient team credits");
|
||||
assertThat(meterRegistry.counter("credits.validation.rejected").count()).isEqualTo(1.0);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("personal team falls back to personal credits, not team credits")
|
||||
void personalTeam_usesPersonalCredits() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
Team team = makeTeam(503L);
|
||||
User user = makeUser(23L, team, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(saasTeamExtensionService.isPersonal(team)).thenReturn(true);
|
||||
when(creditService.getOrCreateUserCredits(user)).thenReturn(userCredit(10));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
verify(creditService).getOrCreateUserCredits(user);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("limited-API JWT user in a team uses personal credits, never team credits")
|
||||
void limitedApiUserInTeam_usesPersonalCredits() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_LIMITED_API_USER");
|
||||
Team team = makeTeam(504L);
|
||||
User user = makeUser(24L, team, "ROLE_LIMITED_API_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(creditService.getOrCreateUserCredits(user)).thenReturn(userCredit(5));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
verify(creditService).getOrCreateUserCredits(user);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
verify(saasTeamExtensionService, never()).isPersonal(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("leader-metered lookup that throws is swallowed and treated as not-metered")
|
||||
void leaderMeteredLookupThrows_treatedAsNotMetered() throws Exception {
|
||||
String supabaseId = UUID.randomUUID().toString();
|
||||
authenticateJwt(supabaseId, "ROLE_USER");
|
||||
Team team = makeTeam(505L);
|
||||
User user = makeUser(25L, team, "ROLE_USER");
|
||||
when(userRepository.findBySupabaseId(UUID.fromString(supabaseId)))
|
||||
.thenReturn(Optional.of(user));
|
||||
when(saasTeamExtensionService.isPersonal(team)).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(505L)).thenReturn(Optional.of(teamCredit(0)));
|
||||
when(membershipRepository.findByTeamIdAndRole(505L, TeamRole.LEADER))
|
||||
.thenThrow(new RuntimeException("db down"));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(false);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
// Exception in checkTeamLeaderMeteredBilling is caught → false → rejected, not a 500.
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(429);
|
||||
}
|
||||
}
|
||||
|
||||
// --- API key path ----------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("API key authentication path")
|
||||
class ApiKeyPath {
|
||||
|
||||
@Test
|
||||
@DisplayName("API key with sufficient credits passes and flags API request attributes")
|
||||
void apiKeySufficientCredits_passes() throws Exception {
|
||||
User user = makeUser(30L, null, "ROLE_API");
|
||||
user.setApiKey("sk-abcd1234efgh5678");
|
||||
authenticateApiKey(user, "sk-abcd1234efgh5678");
|
||||
when(creditService.getUserCreditsByApiKey("sk-abcd1234efgh5678"))
|
||||
.thenReturn(Optional.of(userCredit(20)));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
assertThat(req.getAttribute("CREDIT_API_KEY")).isEqualTo("sk-abcd1234efgh5678");
|
||||
assertThat(req.getAttribute("IS_API_KEY_AUTH")).isEqualTo(true);
|
||||
assertThat(req.getAttribute("IS_API_REQUEST")).isEqualTo(true);
|
||||
verify(creditService).getUserCreditsByApiKey("sk-abcd1234efgh5678");
|
||||
verify(creditService, never()).getOrCreateUserCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("API key with no credit row defaults to zero balance and is rejected")
|
||||
void apiKeyNoCreditRow_rejectedWith429() throws Exception {
|
||||
User user = makeUser(31L, null, "ROLE_API");
|
||||
user.setApiKey("sk-zzzz0000zzzz0000");
|
||||
authenticateApiKey(user, "sk-zzzz0000zzzz0000");
|
||||
when(creditService.getUserCreditsByApiKey("sk-zzzz0000zzzz0000"))
|
||||
.thenReturn(Optional.empty());
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(false);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(429);
|
||||
// API key users always use personal credits → personal message even with a team absent.
|
||||
assertThat(res.getContentAsString()).contains("Insufficient API credits");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("API key insufficient credits but metered billing enabled proceeds")
|
||||
void apiKeyInsufficientCredits_withMeteredBilling_proceeds() throws Exception {
|
||||
User user = makeUser(32L, null, "ROLE_API");
|
||||
user.setApiKey("sk-meter0000meter0");
|
||||
authenticateApiKey(user, "sk-meter0000meter0");
|
||||
when(creditService.getUserCreditsByApiKey("sk-meter0000meter0"))
|
||||
.thenReturn(Optional.of(userCredit(0)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(true);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForAuto());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
}
|
||||
}
|
||||
|
||||
// --- resource weight clamping ----------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("resource weight clamping")
|
||||
class ResourceWeightClamping {
|
||||
|
||||
@Test
|
||||
@DisplayName("weight above 100 clamps to 100")
|
||||
void weightAbove100_clampsTo100() throws Exception {
|
||||
User user = makeUser(40L, null, "ROLE_API");
|
||||
user.setApiKey("sk-clamp0000clamp00");
|
||||
authenticateApiKey(user, "sk-clamp0000clamp00");
|
||||
when(creditService.getUserCreditsByApiKey("sk-clamp0000clamp00"))
|
||||
.thenReturn(Optional.of(userCredit(1000)));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForHeavy());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_RESOURCE_WEIGHT")).isEqualTo(100);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("a weight-100 job is rejected when balance is below 100 (no rounding leak)")
|
||||
void weight100_balance50_rejected() throws Exception {
|
||||
User user = makeUser(41L, null, "ROLE_API");
|
||||
user.setApiKey("sk-tight0000tight00");
|
||||
authenticateApiKey(user, "sk-tight0000tight00");
|
||||
when(creditService.getUserCreditsByApiKey("sk-tight0000tight00"))
|
||||
.thenReturn(Optional.of(userCredit(50)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(user)).thenReturn(false);
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForHeavy());
|
||||
|
||||
assertThat(cont).isFalse();
|
||||
assertThat(res.getStatus()).isEqualTo(429);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("exact balance == weight is sufficient (>= boundary)")
|
||||
void exactBalanceEqualsWeight_passes() throws Exception {
|
||||
User user = makeUser(42L, null, "ROLE_API");
|
||||
user.setApiKey("sk-exact0000exact00");
|
||||
authenticateApiKey(user, "sk-exact0000exact00");
|
||||
// Heavy endpoint weight clamps to 100; exactly 100 credits is sufficient.
|
||||
when(creditService.getUserCreditsByApiKey("sk-exact0000exact00"))
|
||||
.thenReturn(Optional.of(userCredit(100)));
|
||||
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
|
||||
boolean cont = interceptor.preHandle(req, res, handlerMethodForHeavy());
|
||||
|
||||
assertThat(cont).isTrue();
|
||||
assertThat(req.getAttribute("CREDIT_ELIGIBLE")).isEqualTo(Boolean.TRUE);
|
||||
}
|
||||
}
|
||||
|
||||
// --- lifecycle no-ops ------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("postHandle / afterCompletion / afterConcurrentHandlingStarted are no-ops")
|
||||
class LifecycleNoOps {
|
||||
|
||||
@Test
|
||||
@DisplayName("postHandle does no spending and touches no collaborator")
|
||||
void postHandle_isNoOp() throws Exception {
|
||||
interceptor.postHandle(
|
||||
new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(),
|
||||
handlerMethodForAuto(),
|
||||
null);
|
||||
|
||||
verifyNoInteractions(
|
||||
creditService, teamCreditService, errorTrackingService, userRepository);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("afterCompletion with no exception does no spending")
|
||||
void afterCompletion_success_isNoOp() throws Exception {
|
||||
interceptor.afterCompletion(
|
||||
new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(),
|
||||
handlerMethodForAuto(),
|
||||
null);
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, errorTrackingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("afterCompletion with an exception still does no spending")
|
||||
void afterCompletion_withException_isNoOp() throws Exception {
|
||||
interceptor.afterCompletion(
|
||||
new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(),
|
||||
handlerMethodForAuto(),
|
||||
new RuntimeException("boom"));
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, errorTrackingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("afterConcurrentHandlingStarted does no spending")
|
||||
void afterConcurrentHandlingStarted_isNoOp() throws Exception {
|
||||
interceptor.afterConcurrentHandlingStarted(
|
||||
new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse(),
|
||||
handlerMethodForAuto());
|
||||
|
||||
verifyNoInteractions(creditService, teamCreditService, errorTrackingService);
|
||||
}
|
||||
}
|
||||
|
||||
// --- helpers ---------------------------------------------------------------------------------
|
||||
|
||||
private void authenticateJwt(String name, String role) {
|
||||
// Not an EnhancedJwtAuthenticationToken, so extractSupabaseId falls back to auth.getName().
|
||||
// 3-arg ctor → isAuthenticated()=true so the JWT branch is taken.
|
||||
UsernamePasswordAuthenticationToken token =
|
||||
new UsernamePasswordAuthenticationToken(
|
||||
name, null, List.of(new SimpleGrantedAuthority(role)));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
}
|
||||
|
||||
private void authenticateApiKey(User user, String apiKey) {
|
||||
ApiKeyAuthenticationToken token =
|
||||
new ApiKeyAuthenticationToken(
|
||||
user, apiKey, List.of(new SimpleGrantedAuthority("ROLE_API")));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
}
|
||||
|
||||
private static UserCredit userCredit(int cycleCredits) {
|
||||
UserCredit c = new UserCredit();
|
||||
c.setCycleCreditsRemaining(cycleCredits);
|
||||
c.setBoughtCreditsRemaining(0);
|
||||
return c;
|
||||
}
|
||||
|
||||
private static TeamCredit teamCredit(int cycleCredits) {
|
||||
TeamCredit c = new TeamCredit();
|
||||
c.setCycleCreditsRemaining(cycleCredits);
|
||||
c.setBoughtCreditsRemaining(0);
|
||||
return c;
|
||||
}
|
||||
|
||||
private static Team makeTeam(Long id) {
|
||||
Team team = new Team();
|
||||
team.setId(id);
|
||||
return team;
|
||||
}
|
||||
|
||||
private static User makeUser(Long id, Team team, String role) {
|
||||
User user = new User();
|
||||
try {
|
||||
java.lang.reflect.Field idField = User.class.getDeclaredField("id");
|
||||
idField.setAccessible(true);
|
||||
idField.set(user, id);
|
||||
} catch (ReflectiveOperationException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
user.setUsername("user-" + id);
|
||||
user.setSupabaseId(UUID.randomUUID());
|
||||
if (team != null) {
|
||||
user.setTeam(team);
|
||||
}
|
||||
if (role != null) {
|
||||
// Authority ctor self-registers into user.getAuthorities().
|
||||
new Authority(role, user);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
||||
private static HandlerMethod handlerMethodForAuto() {
|
||||
return handlerMethod("handleAuto");
|
||||
}
|
||||
|
||||
private static HandlerMethod handlerMethodForHeavy() {
|
||||
return handlerMethod("handleHeavy");
|
||||
}
|
||||
|
||||
private static HandlerMethod handlerMethodForPlain() {
|
||||
return handlerMethod("handlePlain");
|
||||
}
|
||||
|
||||
private static HandlerMethod handlerMethod(String name) {
|
||||
try {
|
||||
Method m = FakeController.class.getDeclaredMethod(name);
|
||||
return new HandlerMethod(new FakeController(), m);
|
||||
} catch (NoSuchMethodException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
static class FakeController {
|
||||
// No explicit resourceWeight → default sentinel Integer.MIN_VALUE → clamps to 1.
|
||||
@AutoJobPostMapping(value = "/auto")
|
||||
public void handleAuto() {}
|
||||
|
||||
// Above-max weight to exercise the clamp-to-100 branch.
|
||||
@AutoJobPostMapping(value = "/heavy", resourceWeight = 5000)
|
||||
public void handleHeavy() {}
|
||||
|
||||
public void handlePlain() {}
|
||||
}
|
||||
}
|
||||
@@ -174,7 +174,7 @@ class JobChargeServiceTest {
|
||||
assertThat(row.getJobId()).isEqualTo(newJob.getId());
|
||||
assertThat(row.getPolicyId()).isEqualTo(policy.getId());
|
||||
assertThat(row.getPaygUnits()).isEqualTo(4);
|
||||
// Legacy comparison not wired yet — zeroed until CreditService is wired in the follow-up.
|
||||
// Legacy comparison removed with the legacy credit engine — always zeroed.
|
||||
assertThat(row.getLegacyCreditsCharged()).isZero();
|
||||
assertThat(row.getDiffPct()).isZero();
|
||||
// PAYG analytics axis: billing_category + job_source are copied from the context so the
|
||||
|
||||
+2
-3
@@ -26,9 +26,8 @@ import stirling.software.saas.payg.policy.admin.PolicyDtos.PolicyResponse;
|
||||
import stirling.software.saas.payg.policy.admin.PolicyDtos.TeamOverrideRequest;
|
||||
|
||||
/**
|
||||
* Tests {@link PricingPolicyAdminController} as a plain Java unit (matching {@code
|
||||
* CreditControllerApiKeyTest}'s style — no MockMvc layer). Covers happy paths and the controller's
|
||||
* error mapping (4xx for validation, 404 for missing rows).
|
||||
* Tests {@link PricingPolicyAdminController} as a plain Java unit (no MockMvc layer). Covers happy
|
||||
* paths and the controller's error mapping (4xx for validation, 404 for missing rows).
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class PricingPolicyAdminControllerTest {
|
||||
|
||||
+1
-7
@@ -46,7 +46,6 @@ class SupabaseAuthenticationFilterTest {
|
||||
@Mock private TeamService teamService;
|
||||
@Mock private UserService userService;
|
||||
@Mock private SupabaseUserService supabaseUserService;
|
||||
@Mock private stirling.software.saas.service.CreditService creditService;
|
||||
@Mock private stirling.software.saas.service.SaasTeamService saasTeamService;
|
||||
@Mock private JwtDecoder jwtDecoder;
|
||||
|
||||
@@ -60,12 +59,7 @@ class SupabaseAuthenticationFilterTest {
|
||||
SecurityContextHolder.clearContext();
|
||||
filter =
|
||||
new SupabaseAuthenticationFilter(
|
||||
teamService,
|
||||
userService,
|
||||
supabaseUserService,
|
||||
creditService,
|
||||
saasTeamService,
|
||||
jwtDecoder);
|
||||
teamService, userService, supabaseUserService, saasTeamService, jwtDecoder);
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
chain = new MockFilterChain();
|
||||
|
||||
@@ -1,219 +0,0 @@
|
||||
package stirling.software.saas.service;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.within;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.inOrder;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.times;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.time.ZoneId;
|
||||
import java.time.temporal.ChronoUnit;
|
||||
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.InOrder;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link CreditResetScheduler}.
|
||||
*
|
||||
* <p>The scheduler has two {@code @Scheduled} entry points that are invoked directly (no Spring
|
||||
* context, no real cron firing). {@code resetCycleCredits()} parses the configured zone, builds a
|
||||
* {@code LocalDateTime} in that zone, and delegates to {@link CreditService} for users then teams,
|
||||
* swallowing any exception. {@code performDailyMaintenance()} is a pure no-op log step that must
|
||||
* never touch {@link CreditService}.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
class CreditResetSchedulerTest {
|
||||
|
||||
@Mock private CreditService creditService;
|
||||
|
||||
/** Real CreditsProperties (a simple @Data POJO) configured per test via its nested Reset. */
|
||||
private static CreditsProperties props(String cron, String zone) {
|
||||
CreditsProperties p = new CreditsProperties();
|
||||
p.getReset().setCron(cron);
|
||||
p.getReset().setZone(zone);
|
||||
return p;
|
||||
}
|
||||
|
||||
private CreditResetScheduler scheduler(CreditsProperties props) {
|
||||
return new CreditResetScheduler(creditService, props);
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("resetCycleCredits - happy path")
|
||||
class ResetHappyPath {
|
||||
|
||||
@Test
|
||||
@DisplayName("resets users then teams exactly once each")
|
||||
void resetsUsersThenTeamsOnce() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
verify(creditService, times(1)).resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
verify(creditService, times(1)).resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("users are reset strictly before teams")
|
||||
void usersResetBeforeTeams() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
InOrder order = inOrder(creditService);
|
||||
order.verify(creditService).resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
order.verify(creditService).resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
order.verifyNoMoreInteractions();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("passes a non-null reset time and uses the same instant for users and teams")
|
||||
void passesSameNonNullResetTimeToBoth() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
ArgumentCaptor<LocalDateTime> userTime = ArgumentCaptor.forClass(LocalDateTime.class);
|
||||
ArgumentCaptor<LocalDateTime> teamTime = ArgumentCaptor.forClass(LocalDateTime.class);
|
||||
verify(creditService).resetCycleCreditsForAllUsers(userTime.capture());
|
||||
verify(creditService).resetCycleCreditsForAllTeams(teamTime.capture());
|
||||
|
||||
assertThat(userTime.getValue()).isNotNull();
|
||||
assertThat(teamTime.getValue()).isNotNull();
|
||||
// The very same LocalDateTime instance is threaded through both calls.
|
||||
assertThat(teamTime.getValue()).isSameAs(userTime.getValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("reset time is computed in the configured zone (~now)")
|
||||
void resetTimeMatchesConfiguredZone() {
|
||||
String zone = "UTC";
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", zone));
|
||||
LocalDateTime expected = LocalDateTime.now(ZoneId.of(zone));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
ArgumentCaptor<LocalDateTime> captor = ArgumentCaptor.forClass(LocalDateTime.class);
|
||||
verify(creditService).resetCycleCreditsForAllUsers(captor.capture());
|
||||
// Wall-clock now in the same zone; allow generous slack to avoid flakiness.
|
||||
assertThat(captor.getValue()).isCloseTo(expected, within(10, ChronoUnit.SECONDS));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("a non-UTC zone is honored when building the reset time")
|
||||
void nonUtcZoneHonored() {
|
||||
String zone = "America/New_York";
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", zone));
|
||||
LocalDateTime expected = LocalDateTime.now(ZoneId.of(zone));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
ArgumentCaptor<LocalDateTime> captor = ArgumentCaptor.forClass(LocalDateTime.class);
|
||||
verify(creditService).resetCycleCreditsForAllUsers(captor.capture());
|
||||
assertThat(captor.getValue()).isCloseTo(expected, within(10, ChronoUnit.SECONDS));
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("resetCycleCredits - error handling (exceptions are swallowed)")
|
||||
class ResetErrorHandling {
|
||||
|
||||
@Test
|
||||
@DisplayName("user-reset failure is swallowed and short-circuits the team reset")
|
||||
void userResetThrows_swallowedAndTeamsSkipped() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
doThrow(new RuntimeException("user reset boom"))
|
||||
.when(creditService)
|
||||
.resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
|
||||
// Must not propagate.
|
||||
s.resetCycleCredits();
|
||||
|
||||
verify(creditService).resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
// Exception thrown before the team call is reached.
|
||||
verify(creditService, never()).resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("team-reset failure is swallowed after users already reset")
|
||||
void teamResetThrows_swallowedAfterUsersReset() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
doThrow(new RuntimeException("team reset boom"))
|
||||
.when(creditService)
|
||||
.resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
|
||||
// Must not propagate.
|
||||
s.resetCycleCredits();
|
||||
|
||||
verify(creditService).resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
verify(creditService).resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("an invalid zone string is swallowed and no reset work is attempted")
|
||||
void invalidZone_swallowedNoResets() {
|
||||
// ZoneId.of on a bad id throws DateTimeException before any delegation occurs.
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "Not/AZone"));
|
||||
|
||||
// Must not propagate.
|
||||
s.resetCycleCredits();
|
||||
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("any RuntimeException subtype from the user reset is swallowed")
|
||||
void userResetRuntimeExceptionTolerated() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
// Production catches (Exception e); any RuntimeException is absorbed.
|
||||
doThrow(new IllegalStateException("transient"))
|
||||
.when(creditService)
|
||||
.resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
|
||||
s.resetCycleCredits();
|
||||
|
||||
verify(creditService).resetCycleCreditsForAllUsers(any(LocalDateTime.class));
|
||||
verify(creditService, never()).resetCycleCreditsForAllTeams(any(LocalDateTime.class));
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("performDailyMaintenance")
|
||||
class DailyMaintenance {
|
||||
|
||||
@Test
|
||||
@DisplayName("runs cleanly and never touches the credit service")
|
||||
void noOp_doesNotTouchCreditService() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
|
||||
s.performDailyMaintenance();
|
||||
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("is idempotent across repeated invocations")
|
||||
void repeatedInvocationsRemainNoOp() {
|
||||
CreditResetScheduler s = scheduler(props("0 0 2 1 * *", "UTC"));
|
||||
|
||||
s.performDailyMaintenance();
|
||||
s.performDailyMaintenance();
|
||||
s.performDailyMaintenance();
|
||||
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
+1
-1
@@ -11,7 +11,7 @@ import org.springframework.transaction.support.TransactionSynchronization;
|
||||
import org.springframework.transaction.support.TransactionSynchronizationManager;
|
||||
|
||||
/**
|
||||
* Pins the contract {@code CreditService.scheduleStripeReportAfterCommit} relies on: a {@link
|
||||
* Pins the contract {@code JobChargeService.close} relies on for its Stripe meter post: a {@link
|
||||
* TransactionSynchronization#afterCommit()} hook fires after a successful commit and never on
|
||||
* rollback.
|
||||
*/
|
||||
|
||||
@@ -1,612 +0,0 @@
|
||||
package stirling.software.saas.service;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyInt;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
import org.slf4j.MDC;
|
||||
|
||||
import stirling.software.common.model.enumeration.TeamRole;
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.billing.service.StripeUsageReportingService;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
import stirling.software.saas.model.CreditConsumptionResult;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.TeamMembership;
|
||||
import stirling.software.saas.repository.TeamCreditRepository;
|
||||
import stirling.software.saas.repository.TeamMembershipRepository;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link TeamCreditService}. Collaborators (repositories, billing/extension
|
||||
* services) are mocked; credit math is pure arithmetic so exact numbers are asserted. The waterfall
|
||||
* path is exercised across every branch: pool hit, no leader, metered-billing disabled, missing
|
||||
* Supabase id, Stripe report success/failure, and a thrown exception during reporting.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class TeamCreditServiceTest {
|
||||
|
||||
@Mock private TeamCreditRepository teamCreditRepository;
|
||||
@Mock private TeamMembershipRepository membershipRepository;
|
||||
@Mock private StripeUsageReportingService stripeUsageReportingService;
|
||||
@Mock private SaasUserExtensionService saasUserExtensionService;
|
||||
|
||||
// Real CreditsProperties carries the production default allocations (ROLE_PRO_USER -> 500).
|
||||
private final CreditsProperties creditsProperties = new CreditsProperties();
|
||||
|
||||
private TeamCreditService service;
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
service =
|
||||
new TeamCreditService(
|
||||
teamCreditRepository,
|
||||
membershipRepository,
|
||||
creditsProperties,
|
||||
stripeUsageReportingService,
|
||||
saasUserExtensionService);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
void clearMdc() {
|
||||
MDC.clear();
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// Fixtures
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
private static Team team(Long id) {
|
||||
Team t = new Team();
|
||||
t.setId(id);
|
||||
return t;
|
||||
}
|
||||
|
||||
private static User user(Long id, String username) {
|
||||
User u = new User();
|
||||
u.setId(id);
|
||||
u.setUsername(username);
|
||||
return u;
|
||||
}
|
||||
|
||||
private static TeamCredit credit(int cycleRemaining, int boughtRemaining) {
|
||||
TeamCredit c = new TeamCredit();
|
||||
c.setCycleCreditsRemaining(cycleRemaining);
|
||||
c.setCycleCreditsAllocated(cycleRemaining);
|
||||
c.setBoughtCreditsRemaining(boughtRemaining);
|
||||
c.setTotalBoughtCredits(boughtRemaining);
|
||||
return c;
|
||||
}
|
||||
|
||||
private static TeamMembership leaderMembership(User leader) {
|
||||
TeamMembership m = new TeamMembership();
|
||||
m.setRole(TeamRole.LEADER);
|
||||
m.setUser(leader);
|
||||
return m;
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// initializeTeamCredits
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("initializeTeamCredits")
|
||||
class InitializeTeamCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("returns the existing row without saving when credits already exist")
|
||||
void returnsExistingWithoutSaving() {
|
||||
Team team = team(100L);
|
||||
TeamCredit existing = credit(123, 0);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(existing));
|
||||
|
||||
TeamCredit result = service.initializeTeamCredits(team, user(1L, "primary"));
|
||||
|
||||
assertThat(result).isSameAs(existing);
|
||||
verify(teamCreditRepository, never()).save(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("seeds the fixed PRO allocation (500) into both cycle fields for a new team")
|
||||
void seedsFixedProAllocation() {
|
||||
Team team = team(100L);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
when(teamCreditRepository.save(any(TeamCredit.class)))
|
||||
.thenAnswer(inv -> inv.getArgument(0));
|
||||
|
||||
TeamCredit result = service.initializeTeamCredits(team, user(1L, "primary"));
|
||||
|
||||
// 500 is the production ROLE_PRO_USER default in CreditsProperties.
|
||||
assertThat(result.getCycleCreditsAllocated()).isEqualTo(500);
|
||||
assertThat(result.getCycleCreditsRemaining()).isEqualTo(500);
|
||||
assertThat(result.getLastCycleResetAt()).isNotNull();
|
||||
assertThat(result.getTeam()).isSameAs(team);
|
||||
|
||||
ArgumentCaptor<TeamCredit> captor = ArgumentCaptor.forClass(TeamCredit.class);
|
||||
verify(teamCreditRepository).save(captor.capture());
|
||||
assertThat(captor.getValue().getCycleCreditsRemaining()).isEqualTo(500);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("honours a custom ROLE_PRO_USER allocation from properties")
|
||||
void honoursCustomAllocation() {
|
||||
CreditsProperties custom = new CreditsProperties();
|
||||
custom.getCycle().setAllocations(Map.of("ROLE_PRO_USER", 750));
|
||||
TeamCreditService svc =
|
||||
new TeamCreditService(
|
||||
teamCreditRepository,
|
||||
membershipRepository,
|
||||
custom,
|
||||
stripeUsageReportingService,
|
||||
saasUserExtensionService);
|
||||
Team team = team(100L);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
when(teamCreditRepository.save(any(TeamCredit.class)))
|
||||
.thenAnswer(inv -> inv.getArgument(0));
|
||||
|
||||
TeamCredit result = svc.initializeTeamCredits(team, user(1L, "primary"));
|
||||
|
||||
assertThat(result.getCycleCreditsAllocated()).isEqualTo(750);
|
||||
assertThat(result.getCycleCreditsRemaining()).isEqualTo(750);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("falls back to 500 when the allocation map has no ROLE_PRO_USER entry")
|
||||
void fallsBackTo500WhenKeyMissing() {
|
||||
CreditsProperties custom = new CreditsProperties();
|
||||
custom.getCycle().setAllocations(Map.of("ROLE_USER", 50));
|
||||
TeamCreditService svc =
|
||||
new TeamCreditService(
|
||||
teamCreditRepository,
|
||||
membershipRepository,
|
||||
custom,
|
||||
stripeUsageReportingService,
|
||||
saasUserExtensionService);
|
||||
Team team = team(100L);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
when(teamCreditRepository.save(any(TeamCredit.class)))
|
||||
.thenAnswer(inv -> inv.getArgument(0));
|
||||
|
||||
TeamCredit result = svc.initializeTeamCredits(team, user(1L, "primary"));
|
||||
|
||||
assertThat(result.getCycleCreditsAllocated()).isEqualTo(500);
|
||||
assertThat(result.getCycleCreditsRemaining()).isEqualTo(500);
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// hasCreditsAvailable
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("hasCreditsAvailable")
|
||||
class HasCreditsAvailable {
|
||||
|
||||
@Test
|
||||
@DisplayName("true when the team pool has cycle or bought credits left")
|
||||
void trueWhenCreditsRemain() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(credit(3, 0)));
|
||||
assertThat(service.hasCreditsAvailable(100L)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("true when only bought credits remain")
|
||||
void trueWhenOnlyBoughtRemain() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(credit(0, 5)));
|
||||
assertThat(service.hasCreditsAvailable(100L)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("false when the pool is empty")
|
||||
void falseWhenPoolEmpty() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(credit(0, 0)));
|
||||
assertThat(service.hasCreditsAvailable(100L)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("false when no credit row exists for the team")
|
||||
void falseWhenNoRow() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
assertThat(service.hasCreditsAvailable(100L)).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// consumeCredit
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("consumeCredit")
|
||||
class ConsumeCredit {
|
||||
|
||||
@Test
|
||||
@DisplayName("true when the atomic update affected a row")
|
||||
void trueWhenRowUpdated() {
|
||||
when(teamCreditRepository.consumeCredit(100L, 2)).thenReturn(1);
|
||||
assertThat(service.consumeCredit(100L, 2)).isTrue();
|
||||
verify(teamCreditRepository).consumeCredit(100L, 2);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("false when the atomic update affected no rows (insufficient / conflict)")
|
||||
void falseWhenNoRowUpdated() {
|
||||
when(teamCreditRepository.consumeCredit(100L, 5)).thenReturn(0);
|
||||
assertThat(service.consumeCredit(100L, 5)).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// getCreditSummaryForUser
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("getCreditSummaryForUser")
|
||||
class GetCreditSummaryForUser {
|
||||
|
||||
@Test
|
||||
@DisplayName("empty when the user has no team assigned")
|
||||
void emptyWhenNoTeam() {
|
||||
User u = user(7L, "noteam");
|
||||
u.setTeam(null);
|
||||
|
||||
Optional<TeamCredit> result = service.getCreditSummaryForUser(u);
|
||||
|
||||
assertThat(result).isEmpty();
|
||||
verifyNoInteractions(teamCreditRepository);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("delegates to the repository for the user's team id")
|
||||
void delegatesToRepository() {
|
||||
User u = user(7L, "withteam");
|
||||
u.setTeam(team(200L));
|
||||
TeamCredit row = credit(10, 0);
|
||||
when(teamCreditRepository.findByTeamId(200L)).thenReturn(Optional.of(row));
|
||||
|
||||
Optional<TeamCredit> result = service.getCreditSummaryForUser(u);
|
||||
|
||||
assertThat(result).containsSame(row);
|
||||
verify(teamCreditRepository).findByTeamId(200L);
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// getTeamCredits
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("getTeamCredits")
|
||||
class GetTeamCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("passes through the repository optional when present")
|
||||
void presentPassesThrough() {
|
||||
TeamCredit row = credit(5, 5);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(row));
|
||||
assertThat(service.getTeamCredits(100L)).containsSame(row);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("empty when the repository has no row")
|
||||
void emptyWhenAbsent() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
assertThat(service.getTeamCredits(100L)).isEmpty();
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// addBoughtCredits
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("addBoughtCredits")
|
||||
class AddBoughtCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("adds to bought and total counters then saves")
|
||||
void addsAndSaves() {
|
||||
TeamCredit row = credit(0, 10);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(row));
|
||||
|
||||
service.addBoughtCredits(100L, 25);
|
||||
|
||||
assertThat(row.getBoughtCreditsRemaining()).isEqualTo(35);
|
||||
assertThat(row.getTotalBoughtCredits()).isEqualTo(35);
|
||||
verify(teamCreditRepository).save(row);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("throws IllegalArgumentException when no credit row exists")
|
||||
void throwsWhenMissing() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> service.addBoughtCredits(100L, 25))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessageContaining("Team credits not found");
|
||||
verify(teamCreditRepository, never()).save(any());
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// resetCycleCredits
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("resetCycleCredits")
|
||||
class ResetCycleCredits {
|
||||
|
||||
@Test
|
||||
@DisplayName("overwrites cycle allocation/remaining and reset timestamp then saves")
|
||||
void resetsAndSaves() {
|
||||
TeamCredit row = credit(1, 0);
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.of(row));
|
||||
LocalDateTime resetTime = LocalDateTime.of(2026, 1, 1, 2, 0);
|
||||
|
||||
service.resetCycleCredits(100L, 600, resetTime);
|
||||
|
||||
assertThat(row.getCycleCreditsAllocated()).isEqualTo(600);
|
||||
assertThat(row.getCycleCreditsRemaining()).isEqualTo(600);
|
||||
assertThat(row.getLastCycleResetAt()).isEqualTo(resetTime);
|
||||
verify(teamCreditRepository).save(row);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("throws IllegalArgumentException when no credit row exists")
|
||||
void throwsWhenMissing() {
|
||||
when(teamCreditRepository.findByTeamId(100L)).thenReturn(Optional.empty());
|
||||
|
||||
assertThatThrownBy(() -> service.resetCycleCredits(100L, 600, LocalDateTime.now()))
|
||||
.isInstanceOf(IllegalArgumentException.class)
|
||||
.hasMessageContaining("Team credits not found");
|
||||
verify(teamCreditRepository, never()).save(any());
|
||||
}
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------------------------
|
||||
// consumeCreditWithWaterfall
|
||||
// ----------------------------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("consumeCreditWithWaterfall")
|
||||
class ConsumeCreditWithWaterfall {
|
||||
|
||||
@Test
|
||||
@DisplayName("pool hit returns success(TEAM_CREDITS) and never touches overage billing")
|
||||
void poolHitShortCircuits() {
|
||||
when(teamCreditRepository.consumeCredit(100L, 3)).thenReturn(1);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 3);
|
||||
|
||||
assertThat(result.isSuccess()).isTrue();
|
||||
assertThat(result.getSource()).isEqualTo("TEAM_CREDITS");
|
||||
verifyNoInteractions(membershipRepository);
|
||||
verifyNoInteractions(saasUserExtensionService);
|
||||
verifyNoInteractions(stripeUsageReportingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("pool exhausted and no leader returns failure(NO_TEAM_LEADER)")
|
||||
void poolExhaustedNoLeader() {
|
||||
when(teamCreditRepository.consumeCredit(100L, 3)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of());
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 3);
|
||||
|
||||
assertThat(result.isSuccess()).isFalse();
|
||||
// failure(reason) sets the message to the reason code.
|
||||
assertThat(result.getMessage()).isEqualTo("NO_TEAM_LEADER");
|
||||
verifyNoInteractions(saasUserExtensionService);
|
||||
verifyNoInteractions(stripeUsageReportingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("leader without metered billing returns the no-overage failure message")
|
||||
void leaderMeteredBillingDisabled() {
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(UUID.randomUUID());
|
||||
when(teamCreditRepository.consumeCredit(100L, 3)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(false);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 3);
|
||||
|
||||
assertThat(result.isSuccess()).isFalse();
|
||||
assertThat(result.getMessage()).contains("Team credits exhausted");
|
||||
verifyNoInteractions(stripeUsageReportingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("leader with metered billing but no Supabase id returns LEADER_NO_SUPABASE_ID")
|
||||
void leaderMissingSupabaseId() {
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(null);
|
||||
when(teamCreditRepository.consumeCredit(100L, 3)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 3);
|
||||
|
||||
assertThat(result.isSuccess()).isFalse();
|
||||
assertThat(result.getMessage()).isEqualTo("LEADER_NO_SUPABASE_ID");
|
||||
verifyNoInteractions(stripeUsageReportingService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("successful Stripe overage report returns success(TEAM_LEADER_METERED)")
|
||||
void overageReportedSuccessfully() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(supabaseId);
|
||||
when(teamCreditRepository.consumeCredit(100L, 4)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
eq(supabaseId.toString()), eq(4), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
supabaseId.toString(), 4, "idem-key"))
|
||||
.thenReturn(true);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 4);
|
||||
|
||||
assertThat(result.isSuccess()).isTrue();
|
||||
assertThat(result.getSource()).isEqualTo("TEAM_LEADER_METERED");
|
||||
verify(stripeUsageReportingService)
|
||||
.reportUsageToStripe(supabaseId.toString(), 4, "idem-key");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("uses the MDC requestId as the stable operation id for the idempotency key")
|
||||
void usesMdcRequestIdForIdempotency() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(supabaseId);
|
||||
MDC.put("requestId", "req-123");
|
||||
when(teamCreditRepository.consumeCredit(100L, 2)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn(true);
|
||||
|
||||
service.consumeCreditWithWaterfall(100L, 2);
|
||||
|
||||
verify(stripeUsageReportingService)
|
||||
.generateIdempotencyKey(supabaseId.toString(), 2, "req-123");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("falls back to a random operation id when no requestId is in MDC")
|
||||
void generatesRandomOperationIdWhenNoMdc() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(supabaseId);
|
||||
// No MDC requestId set -> a random UUID string is generated.
|
||||
when(teamCreditRepository.consumeCredit(100L, 2)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn(true);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 2);
|
||||
|
||||
assertThat(result.isSuccess()).isTrue();
|
||||
ArgumentCaptor<String> opId = ArgumentCaptor.forClass(String.class);
|
||||
verify(stripeUsageReportingService)
|
||||
.generateIdempotencyKey(eq(supabaseId.toString()), eq(2), opId.capture());
|
||||
assertThat(opId.getValue()).isNotBlank();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("Stripe report returning false yields failure(STRIPE_REPORTING_FAILED)")
|
||||
void overageReportFailed() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(supabaseId);
|
||||
when(teamCreditRepository.consumeCredit(100L, 4)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn(false);
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 4);
|
||||
|
||||
assertThat(result.isSuccess()).isFalse();
|
||||
assertThat(result.getMessage()).contains("Unable to report usage to Stripe");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("exception during reporting is caught and surfaced as STRIPE_REPORTING_ERROR")
|
||||
void overageReportThrows() {
|
||||
UUID supabaseId = UUID.randomUUID();
|
||||
User leader = user(9L, "leader");
|
||||
leader.setSupabaseId(supabaseId);
|
||||
when(teamCreditRepository.consumeCredit(100L, 4)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(leader)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(leader)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenThrow(new RuntimeException("boom"));
|
||||
|
||||
CreditConsumptionResult result = service.consumeCreditWithWaterfall(100L, 4);
|
||||
|
||||
assertThat(result.isSuccess()).isFalse();
|
||||
assertThat(result.getMessage()).contains("Error reporting usage: boom");
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("picks the first leader when several leaders exist on the team")
|
||||
void picksFirstLeaderOfMany() {
|
||||
UUID firstSupabaseId = UUID.randomUUID();
|
||||
User first = user(1L, "first-leader");
|
||||
first.setSupabaseId(firstSupabaseId);
|
||||
User second = user(2L, "second-leader");
|
||||
second.setSupabaseId(UUID.randomUUID());
|
||||
when(teamCreditRepository.consumeCredit(100L, 1)).thenReturn(0);
|
||||
when(membershipRepository.findByTeamIdAndRole(100L, TeamRole.LEADER))
|
||||
.thenReturn(List.of(leaderMembership(first), leaderMembership(second)));
|
||||
when(saasUserExtensionService.isMeteredBillingEnabled(first)).thenReturn(true);
|
||||
when(stripeUsageReportingService.generateIdempotencyKey(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn("idem-key");
|
||||
when(stripeUsageReportingService.reportUsageToStripe(
|
||||
anyString(), anyInt(), anyString()))
|
||||
.thenReturn(true);
|
||||
|
||||
service.consumeCreditWithWaterfall(100L, 1);
|
||||
|
||||
// Only the first leader's identity is checked / reported on.
|
||||
verify(saasUserExtensionService).isMeteredBillingEnabled(first);
|
||||
verify(saasUserExtensionService, never()).isMeteredBillingEnabled(second);
|
||||
verify(stripeUsageReportingService)
|
||||
.generateIdempotencyKey(eq(firstSupabaseId.toString()), eq(1), anyString());
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,13 +1,9 @@
|
||||
package stirling.software.saas.service;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -25,20 +21,12 @@ import stirling.software.proprietary.security.database.repository.AuthorityRepos
|
||||
import stirling.software.proprietary.security.database.repository.UserRepository;
|
||||
import stirling.software.proprietary.security.model.Authority;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.config.CreditsProperties;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link UserRoleService}.
|
||||
*
|
||||
* <p>The service is a thin orchestrator: it flips a user's {@link Authority} row, mirrors the role
|
||||
* into the denormalized {@code roleName} column, and (for the upgrade/downgrade helpers) resets the
|
||||
* cycle credit allocation via {@link CreditService}. All collaborators are mocked; allocation math
|
||||
* is pure arithmetic and asserted exactly.
|
||||
*
|
||||
* <p>Allocation note: {@link CreditsProperties}'s default map already carries ROLE_USER=50 and
|
||||
* ROLE_PRO_USER=500, so {@code getOrDefault} returns those, NOT the inline 25/100 fallbacks baked
|
||||
* into the service. The inline fallbacks only surface when the allocations map lacks the key, which
|
||||
* is exercised separately with an emptied map.
|
||||
* <p>The service is a thin orchestrator: it flips a user's {@link Authority} row and mirrors the
|
||||
* role into the denormalized {@code roleName} column. All collaborators are mocked.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
@@ -46,33 +34,12 @@ class UserRoleServiceTest {
|
||||
|
||||
@Mock private UserRepository userRepository;
|
||||
@Mock private AuthorityRepository authorityRepository;
|
||||
@Mock private CreditService creditService;
|
||||
|
||||
private static final String ROLE_USER = Role.USER.getRoleId(); // "ROLE_USER"
|
||||
private static final String ROLE_PRO_USER = Role.PRO_USER.getRoleId(); // "ROLE_PRO_USER"
|
||||
|
||||
/** Build the service with the supplied properties (allocations differ per test). */
|
||||
private UserRoleService service(CreditsProperties props) {
|
||||
return new UserRoleService(userRepository, authorityRepository, creditService, props);
|
||||
}
|
||||
|
||||
/** Default properties: allocations map carries ROLE_USER=50, ROLE_PRO_USER=500. */
|
||||
private static CreditsProperties defaultProps() {
|
||||
return new CreditsProperties();
|
||||
}
|
||||
|
||||
/** Properties whose allocations map is empty, forcing the service's inline 25/100 fallbacks. */
|
||||
private static CreditsProperties emptyAllocationsProps() {
|
||||
CreditsProperties p = new CreditsProperties();
|
||||
p.getCycle().setAllocations(new HashMap<>());
|
||||
return p;
|
||||
}
|
||||
|
||||
/** Properties whose allocations map holds the exact values we want to assert against. */
|
||||
private static CreditsProperties propsWith(Map<String, Integer> allocations) {
|
||||
CreditsProperties p = new CreditsProperties();
|
||||
p.getCycle().setAllocations(new HashMap<>(allocations));
|
||||
return p;
|
||||
private UserRoleService service() {
|
||||
return new UserRoleService(userRepository, authorityRepository);
|
||||
}
|
||||
|
||||
private static User user(long id, String username, String currentRole) {
|
||||
@@ -107,7 +74,7 @@ class UserRoleServiceTest {
|
||||
@Test
|
||||
@DisplayName("flips the Authority row, mirrors roleName, and persists both")
|
||||
void flipsAuthorityAndMirrorsRoleName() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
@@ -120,15 +87,12 @@ class UserRoleServiceTest {
|
||||
// Denormalized column mirrored on the User entity and saved.
|
||||
assertThat(mirroredRoleName(u)).isEqualTo(ROLE_PRO_USER);
|
||||
verify(userRepository).save(u);
|
||||
// No credit reset on the bare changeRole path.
|
||||
verify(creditService, never())
|
||||
.resetCycleAllocationForRoleChange(Mockito.anyLong(), Mockito.anyInt());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("persists the authority before the user (authority-first ordering)")
|
||||
void persistsAuthorityBeforeUser() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
@@ -143,7 +107,7 @@ class UserRoleServiceTest {
|
||||
@Test
|
||||
@DisplayName("looks the authority up by the user's numeric id")
|
||||
void looksUpAuthorityByUserId() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
UserRoleService service = service();
|
||||
User u = user(99L, "[email protected]", ROLE_PRO_USER);
|
||||
Authority auth = authority(ROLE_PRO_USER);
|
||||
when(authorityRepository.findByUserId(99L)).thenReturn(auth);
|
||||
@@ -158,7 +122,7 @@ class UserRoleServiceTest {
|
||||
@Test
|
||||
@DisplayName("setting the same role is a harmless no-op rewrite that still persists")
|
||||
void sameRoleStillPersists() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
@@ -173,7 +137,7 @@ class UserRoleServiceTest {
|
||||
@Test
|
||||
@DisplayName("tolerates an empty authorities set on the User (logging reads roles as \"\")")
|
||||
void emptyAuthoritiesSetIsTolerated() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", null);
|
||||
// getRolesAsString() joins an empty set -> "" ; must not NPE in the debug log.
|
||||
Authority auth = authority(null);
|
||||
@@ -191,9 +155,9 @@ class UserRoleServiceTest {
|
||||
class DowngradeToFree {
|
||||
|
||||
@Test
|
||||
@DisplayName("sets ROLE_USER and resets credits to the configured FREE allocation (50)")
|
||||
void setsUserRoleAndResetsCreditsFromConfig() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
@DisplayName("sets ROLE_USER, mirrors roleName, and persists both")
|
||||
void setsUserRole() {
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", ROLE_PRO_USER);
|
||||
Authority auth = authority(ROLE_PRO_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
@@ -204,49 +168,6 @@ class UserRoleServiceTest {
|
||||
assertThat(mirroredRoleName(u)).isEqualTo(ROLE_USER);
|
||||
verify(authorityRepository).save(auth);
|
||||
verify(userRepository).save(u);
|
||||
// Config map has ROLE_USER=50, so getOrDefault returns 50 (NOT the inline 25 fallback).
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 50);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("uses the inline 25 fallback when the allocations map omits ROLE_USER")
|
||||
void usesInlineFallbackWhenAllocationMissing() {
|
||||
UserRoleService service = service(emptyAllocationsProps());
|
||||
User u = user(42L, "[email protected]", ROLE_PRO_USER);
|
||||
Authority auth = authority(ROLE_PRO_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.downgradeToFree(u);
|
||||
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 25);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("honours an explicit ROLE_USER allocation override")
|
||||
void honoursExplicitAllocationOverride() {
|
||||
UserRoleService service = service(propsWith(Map.of(ROLE_USER, 7)));
|
||||
User u = user(42L, "[email protected]", ROLE_PRO_USER);
|
||||
Authority auth = authority(ROLE_PRO_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.downgradeToFree(u);
|
||||
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 7);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("changes the role before resetting credits (role flip precedes the reset)")
|
||||
void changesRoleBeforeResettingCredits() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
User u = user(42L, "[email protected]", ROLE_PRO_USER);
|
||||
Authority auth = authority(ROLE_PRO_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.downgradeToFree(u);
|
||||
|
||||
InOrder order = Mockito.inOrder(userRepository, creditService);
|
||||
order.verify(userRepository).save(u);
|
||||
order.verify(creditService).resetCycleAllocationForRoleChange(42L, 50);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -255,9 +176,9 @@ class UserRoleServiceTest {
|
||||
class UpgradeToPro {
|
||||
|
||||
@Test
|
||||
@DisplayName("sets ROLE_PRO_USER and resets credits to the configured PRO allocation (500)")
|
||||
void setsProRoleAndResetsCreditsFromConfig() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
@DisplayName("sets ROLE_PRO_USER, mirrors roleName, and persists both")
|
||||
void setsProRole() {
|
||||
UserRoleService service = service();
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
@@ -268,111 +189,6 @@ class UserRoleServiceTest {
|
||||
assertThat(mirroredRoleName(u)).isEqualTo(ROLE_PRO_USER);
|
||||
verify(authorityRepository).save(auth);
|
||||
verify(userRepository).save(u);
|
||||
// Config map has ROLE_PRO_USER=500, so getOrDefault returns 500 (NOT inline 100).
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 500);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("uses the inline 100 fallback when the allocations map omits ROLE_PRO_USER")
|
||||
void usesInlineFallbackWhenAllocationMissing() {
|
||||
UserRoleService service = service(emptyAllocationsProps());
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.upgradeToPro(u);
|
||||
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 100);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("honours an explicit ROLE_PRO_USER allocation override")
|
||||
void honoursExplicitAllocationOverride() {
|
||||
UserRoleService service = service(propsWith(Map.of(ROLE_PRO_USER, 9999)));
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.upgradeToPro(u);
|
||||
|
||||
verify(creditService).resetCycleAllocationForRoleChange(42L, 9999);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("changes the role before resetting credits (role flip precedes the reset)")
|
||||
void changesRoleBeforeResettingCredits() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
User u = user(42L, "[email protected]", ROLE_USER);
|
||||
Authority auth = authority(ROLE_USER);
|
||||
when(authorityRepository.findByUserId(42L)).thenReturn(auth);
|
||||
|
||||
service.upgradeToPro(u);
|
||||
|
||||
InOrder order = Mockito.inOrder(userRepository, creditService);
|
||||
order.verify(userRepository).save(u);
|
||||
order.verify(creditService).resetCycleAllocationForRoleChange(42L, 500);
|
||||
}
|
||||
}
|
||||
|
||||
@Nested
|
||||
@DisplayName("getCreditAllocationForRole")
|
||||
class GetCreditAllocationForRole {
|
||||
|
||||
@Test
|
||||
@DisplayName("returns the configured allocation when the role is present in the map")
|
||||
void returnsConfiguredAllocation() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
|
||||
// Default map: ROLE_USER=50, ROLE_PRO_USER=500, ROLE_ADMIN=1000.
|
||||
assertThat(service.getCreditAllocationForRole(ROLE_USER)).isEqualTo(50);
|
||||
assertThat(service.getCreditAllocationForRole(ROLE_PRO_USER)).isEqualTo(500);
|
||||
assertThat(service.getCreditAllocationForRole("ROLE_ADMIN")).isEqualTo(1000);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("ROLE_USER falls back to 25 when missing from the allocations map")
|
||||
void userRoleFallsBackTo25() {
|
||||
UserRoleService service = service(emptyAllocationsProps());
|
||||
|
||||
assertThat(service.getCreditAllocationForRole(ROLE_USER)).isEqualTo(25);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("any non-ROLE_USER role falls back to 100 when missing from the map")
|
||||
void nonUserRoleFallsBackTo100() {
|
||||
UserRoleService service = service(emptyAllocationsProps());
|
||||
|
||||
assertThat(service.getCreditAllocationForRole(ROLE_PRO_USER)).isEqualTo(100);
|
||||
assertThat(service.getCreditAllocationForRole("ROLE_ADMIN")).isEqualTo(100);
|
||||
assertThat(service.getCreditAllocationForRole("ROLE_UNKNOWN")).isEqualTo(100);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("null role id is treated as non-ROLE_USER and falls back to 100")
|
||||
void nullRoleIdFallsBackTo100() {
|
||||
UserRoleService service = service(emptyAllocationsProps());
|
||||
|
||||
// getOrDefault(null, ...) misses (no null key); the ternary's equals(null) is false
|
||||
// -> 100. Must not NPE because Role.USER.getRoleId().equals(roleId) is null-safe.
|
||||
assertThat(service.getCreditAllocationForRole(null)).isEqualTo(100);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("a configured value of zero is returned verbatim, not replaced by a fallback")
|
||||
void zeroAllocationReturnedVerbatim() {
|
||||
UserRoleService service = service(propsWith(Map.of("ROLE_WEB_ONLY_USER", 0)));
|
||||
|
||||
assertThat(service.getCreditAllocationForRole("ROLE_WEB_ONLY_USER")).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("getCreditAllocationForRole never touches the persistence collaborators")
|
||||
void doesNotTouchRepositories() {
|
||||
UserRoleService service = service(defaultProps());
|
||||
|
||||
service.getCreditAllocationForRole(ROLE_USER);
|
||||
|
||||
Mockito.verifyNoInteractions(userRepository, authorityRepository, creditService);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,348 +0,0 @@
|
||||
package stirling.software.saas.util;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.anyString;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Nested;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.mockito.junit.jupiter.MockitoSettings;
|
||||
import org.mockito.quality.Strictness;
|
||||
|
||||
import stirling.software.proprietary.model.Team;
|
||||
import stirling.software.proprietary.security.model.Authority;
|
||||
import stirling.software.proprietary.security.model.User;
|
||||
import stirling.software.saas.model.TeamCredit;
|
||||
import stirling.software.saas.model.UserCredit;
|
||||
import stirling.software.saas.service.CreditService;
|
||||
import stirling.software.saas.service.SaasTeamExtensionService;
|
||||
import stirling.software.saas.service.TeamCreditService;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link CreditHeaderUtils#getRemainingCredits(User, CreditService,
|
||||
* TeamCreditService)}.
|
||||
*
|
||||
* <p>The method resolves a remaining-credit balance by routing between two pools:
|
||||
*
|
||||
* <ul>
|
||||
* <li><b>Team pool</b> - used only when the user is NOT a limited-API user, has a team, and that
|
||||
* team is not "personal" per {@link SaasTeamExtensionService#isPersonal}.
|
||||
* <li><b>Personal pool</b> - otherwise; looked up by Supabase id first, then API key, else -1.
|
||||
* </ul>
|
||||
*
|
||||
* Any thrown exception is swallowed and yields the sentinel {@code -1}. All collaborators are
|
||||
* mocked; the assertions are pure arithmetic on the resolved balance.
|
||||
*/
|
||||
@ExtendWith(MockitoExtension.class)
|
||||
@MockitoSettings(strictness = Strictness.LENIENT)
|
||||
class CreditHeaderUtilsTest {
|
||||
|
||||
@Mock private SaasTeamExtensionService saasTeamExtensionService;
|
||||
@Mock private CreditService creditService;
|
||||
@Mock private TeamCreditService teamCreditService;
|
||||
|
||||
@InjectMocks private CreditHeaderUtils creditHeaderUtils;
|
||||
|
||||
private static final long TEAM_ID = 77L;
|
||||
private static final UUID SUPABASE_ID = UUID.fromString("00000000-0000-0000-0000-000000000123");
|
||||
private static final String API_KEY = "api-key-abcdef";
|
||||
|
||||
// --- builders -------------------------------------------------------------------------------
|
||||
|
||||
private static User user() {
|
||||
User u = new User();
|
||||
u.setUsername("tester");
|
||||
return u;
|
||||
}
|
||||
|
||||
private static Team team(Long id) {
|
||||
Team t = new Team();
|
||||
t.setId(id);
|
||||
t.setName("team-" + id);
|
||||
return t;
|
||||
}
|
||||
|
||||
/** Authority ctor self-registers on the user's authority set. */
|
||||
private static void grant(User u, String role) {
|
||||
new Authority(role, u);
|
||||
}
|
||||
|
||||
private static UserCredit userCredit(int cycle, int bought) {
|
||||
UserCredit c = new UserCredit(user());
|
||||
c.setCycleCreditsRemaining(cycle);
|
||||
c.setBoughtCreditsRemaining(bought);
|
||||
return c;
|
||||
}
|
||||
|
||||
private static TeamCredit teamCredit(int cycle, int bought) {
|
||||
TeamCredit c = new TeamCredit(team(TEAM_ID));
|
||||
c.setCycleCreditsRemaining(cycle);
|
||||
c.setBoughtCreditsRemaining(bought);
|
||||
return c;
|
||||
}
|
||||
|
||||
private int call(User u) {
|
||||
return creditHeaderUtils.getRemainingCredits(u, creditService, teamCreditService);
|
||||
}
|
||||
|
||||
// --- team pool routing ----------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("team pool path (non-limited user on a non-personal team)")
|
||||
class TeamPool {
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"returns the team's total available credits and never touches personal lookups")
|
||||
void nonPersonalTeam_usesTeamPool() {
|
||||
User u = user();
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(TEAM_ID))
|
||||
.thenReturn(Optional.of(teamCredit(40, 10)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(50);
|
||||
|
||||
verify(teamCreditService).getTeamCredits(TEAM_ID);
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("missing team credit row yields the -1 sentinel")
|
||||
void nonPersonalTeam_missingRow_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(TEAM_ID)).thenReturn(Optional.empty());
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
|
||||
// Team path chosen, so the personal supabase lookup must never run.
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("zero team credits returns 0, not the sentinel")
|
||||
void nonPersonalTeam_zeroBalance_returnsZero() {
|
||||
User u = user();
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(TEAM_ID))
|
||||
.thenReturn(Optional.of(teamCredit(0, 0)));
|
||||
|
||||
assertThat(call(u)).isZero();
|
||||
}
|
||||
}
|
||||
|
||||
// --- personal pool routing ------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("personal pool path")
|
||||
class PersonalPool {
|
||||
|
||||
@Test
|
||||
@DisplayName("personal team falls through to the user's individual credits")
|
||||
void personalTeam_usesPersonalCredits() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(true);
|
||||
when(creditService.getUserCreditsBySupabaseId(SUPABASE_ID.toString()))
|
||||
.thenReturn(Optional.of(userCredit(15, 5)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(20);
|
||||
|
||||
// Personal path chosen -> team pool untouched.
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"no team at all uses personal credits and never consults the extension service")
|
||||
void noTeam_usesPersonalCredits() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
when(creditService.getUserCreditsBySupabaseId(SUPABASE_ID.toString()))
|
||||
.thenReturn(Optional.of(userCredit(7, 0)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(7);
|
||||
|
||||
verifyNoInteractions(saasTeamExtensionService);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("supabase id is preferred over api key when both are present")
|
||||
void supabaseIdPreferredOverApiKey() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
u.setApiKey(API_KEY);
|
||||
when(creditService.getUserCreditsBySupabaseId(SUPABASE_ID.toString()))
|
||||
.thenReturn(Optional.of(userCredit(3, 4)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(7);
|
||||
|
||||
verify(creditService).getUserCreditsBySupabaseId(SUPABASE_ID.toString());
|
||||
verify(creditService, never()).getUserCreditsByApiKey(anyString());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("falls back to api key lookup when supabase id is absent")
|
||||
void apiKeyFallback_whenNoSupabaseId() {
|
||||
User u = user();
|
||||
u.setApiKey(API_KEY);
|
||||
when(creditService.getUserCreditsByApiKey(API_KEY))
|
||||
.thenReturn(Optional.of(userCredit(9, 1)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(10);
|
||||
|
||||
verify(creditService).getUserCreditsByApiKey(API_KEY);
|
||||
verify(creditService, never()).getUserCreditsBySupabaseId(anyString());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("supabase lookup returning empty yields -1")
|
||||
void supabaseLookupEmpty_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
when(creditService.getUserCreditsBySupabaseId(SUPABASE_ID.toString()))
|
||||
.thenReturn(Optional.empty());
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("api key lookup returning empty yields -1")
|
||||
void apiKeyLookupEmpty_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setApiKey(API_KEY);
|
||||
when(creditService.getUserCreditsByApiKey(API_KEY)).thenReturn(Optional.empty());
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("neither supabase id nor api key present yields -1 with no lookups")
|
||||
void noIdentifiers_returnsMinusOne() {
|
||||
User u = user(); // no supabaseId, no apiKey, no team
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
|
||||
verifyNoInteractions(creditService);
|
||||
verifyNoInteractions(teamCreditService);
|
||||
}
|
||||
}
|
||||
|
||||
// --- limited-api user override --------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("limited-api users always read personal credits")
|
||||
class LimitedApiOverride {
|
||||
|
||||
@Test
|
||||
@DisplayName("ROLE_LIMITED_API_USER on a non-personal team still reads personal credits")
|
||||
void limitedApiUser_skipsTeamPool() {
|
||||
User u = user();
|
||||
u.setApiKey(API_KEY);
|
||||
u.setTeam(team(TEAM_ID));
|
||||
grant(u, "ROLE_LIMITED_API_USER");
|
||||
when(creditService.getUserCreditsByApiKey(API_KEY))
|
||||
.thenReturn(Optional.of(userCredit(2, 0)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(2);
|
||||
|
||||
// The team branch is gated out, so neither the extension nor team-credit services run.
|
||||
verifyNoInteractions(saasTeamExtensionService);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("ROLE_EXTRA_LIMITED_API_USER also forces the personal pool")
|
||||
void extraLimitedApiUser_skipsTeamPool() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
u.setTeam(team(TEAM_ID));
|
||||
grant(u, "ROLE_EXTRA_LIMITED_API_USER");
|
||||
when(creditService.getUserCreditsBySupabaseId(SUPABASE_ID.toString()))
|
||||
.thenReturn(Optional.of(userCredit(6, 0)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(6);
|
||||
|
||||
verifyNoInteractions(saasTeamExtensionService);
|
||||
verify(teamCreditService, never()).getTeamCredits(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"a non-limited role does not divert a non-personal team member off the team pool")
|
||||
void unrelatedRole_keepsTeamPool() {
|
||||
User u = user();
|
||||
u.setTeam(team(TEAM_ID));
|
||||
grant(u, "ROLE_USER");
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(TEAM_ID))
|
||||
.thenReturn(Optional.of(teamCredit(11, 0)));
|
||||
|
||||
assertThat(call(u)).isEqualTo(11);
|
||||
|
||||
verify(teamCreditService).getTeamCredits(TEAM_ID);
|
||||
verifyNoInteractions(creditService);
|
||||
}
|
||||
}
|
||||
|
||||
// --- error swallowing -----------------------------------------------------------------------
|
||||
|
||||
@Nested
|
||||
@DisplayName("exceptions are swallowed and produce the -1 sentinel")
|
||||
class ErrorHandling {
|
||||
|
||||
@Test
|
||||
@DisplayName("team credit service throwing is caught and returns -1")
|
||||
void teamServiceThrows_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam())).thenReturn(false);
|
||||
when(teamCreditService.getTeamCredits(TEAM_ID))
|
||||
.thenThrow(new RuntimeException("db down"));
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("credit service throwing on personal lookup is caught and returns -1")
|
||||
void creditServiceThrows_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
when(creditService.getUserCreditsBySupabaseId(anyString()))
|
||||
.thenThrow(new RuntimeException("lookup boom"));
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName(
|
||||
"extension service throwing during personal-team check is caught and returns -1")
|
||||
void extensionServiceThrows_returnsMinusOne() {
|
||||
User u = user();
|
||||
u.setSupabaseId(SUPABASE_ID);
|
||||
u.setTeam(team(TEAM_ID));
|
||||
when(saasTeamExtensionService.isPersonal(u.getTeam()))
|
||||
.thenThrow(new RuntimeException("extension boom"));
|
||||
|
||||
assertThat(call(u)).isEqualTo(-1);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user