Epic 5 Complete: Billing, Subscriptions, and Admin Features

Resolve all 5 deferred items from Epic 5 adversarial code review: - Migration 124: Add CASCADE to subscriptionstatus enum drop (prevent orphaned references) - Stripe rate limiting: In-memory per-user limiter (20 calls/60s) on verify-checkout-session - Subscription request cooldown: 24h cooldown before resubmitting rejected requests - Token reset date: Initialize on first subscription activation - Checkout URL validation: Confirmed HTTPS-only (Stripe always returns HTTPS) Implement Story 5.4 (Usage Tracking & Rate Limit Enforcement): - Page quota pre-check at HTTP upload layer - Extend UserRead schema with token quota fields - Frontend 402 error handling in document upload - Quota indicator in dashboard sidebar Story 5.5 (Admin Seed & Approval Flow): - Seed admin user migration with default credentials warning - Subscription approval/rejection routes with admin guard - 24h rejection cooldown enforcement Story 5.6 (Admin-Only Model Config): - Global model config visible across all search spaces - Per-search-space model configs with user access control - Superuser CRUD for global configs Additional fixes from code review: - PageLimitService: PAST_DUE subscriptions enforce free-tier limits - TokenQuotaService: PAST_DUE subscriptions enforce free-tier limits - Config routes: Fixed user_id.is_(None) filter on mutation endpoints - Stripe webhook: Added guard against silent plan downgrade on unrecognized price_id All changes formatted with Ruff (Python) and Biome (TypeScript). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 19:45:15 +02:00 · 2026-04-15 03:54:45 +07:00 · 2026-04-15 03:54:45 +07:00 · 4eb6ed18d6
commit 4eb6ed18d6
parent 20c4f128bb
41 changed files with 1771 additions and 318 deletions
--- a/surfsense_backend/app/services/token_quota_service.py
+++ b/surfsense_backend/app/services/token_quota_service.py
@ -97,6 +97,15 @@ class TokenQuotaService:
        tokens_used = user.tokens_used_this_month or 0
        token_limit = user.monthly_token_limit or 0

+        # PAST_DUE: enforce free-tier token limit to prevent usage without payment
+        if str(getattr(user, "subscription_status", "")).lower() == "past_due":
+            from app.config import config as app_config  # avoid circular import
+
+            free_limit = app_config.PLAN_LIMITS.get("free", {}).get(
+                "monthly_token_limit", 50000
+            )
+            token_limit = min(token_limit, free_limit)
+
        # Strict boundary: >= means at-limit is also exceeded
        if tokens_used + estimated_tokens >= token_limit and token_limit > 0:
            raise TokenQuotaExceededError(