feat: add quotas (#4779)

adds possibilities to cap authenticated requests and execution seconds of actions on a defined intervall

internal/command/command.go

@@ -19,6 +19,7 @@ import (
 	"github.com/zitadel/zitadel/internal/repository/keypair"
 	"github.com/zitadel/zitadel/internal/repository/org"
 	proj_repo "github.com/zitadel/zitadel/internal/repository/project"
+	"github.com/zitadel/zitadel/internal/repository/quota"
 	usr_repo "github.com/zitadel/zitadel/internal/repository/user"
 	usr_grant_repo "github.com/zitadel/zitadel/internal/repository/usergrant"
 	"github.com/zitadel/zitadel/internal/static"
@@ -110,6 +111,7 @@ func StartCommands(es *eventstore.Eventstore,
 	proj_repo.RegisterEventMappers(repo.eventstore)
 	keypair.RegisterEventMappers(repo.eventstore)
 	action.RegisterEventMappers(repo.eventstore)
+	quota.RegisterEventMappers(repo.eventstore)
 
 	repo.userPasswordAlg = crypto.NewBCrypt(defaults.SecretGenerators.PasswordSaltCost)
 	repo.machineKeySize = int(defaults.SecretGenerators.MachineKeySize)
@@ -129,6 +131,7 @@ func StartCommands(es *eventstore.Eventstore,
 
 func AppendAndReduce(object interface {
 	AppendEvents(...eventstore.Event)
+	// TODO: Why is it allowed to return an error here?
 	Reduce() error
 }, events ...eventstore.Event) error {
 	object.AppendEvents(events...)

internal/command/instance.go

@@ -18,6 +18,7 @@ import (
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/org"
 	"github.com/zitadel/zitadel/internal/repository/project"
+	"github.com/zitadel/zitadel/internal/repository/quota"
 	"github.com/zitadel/zitadel/internal/repository/user"
 )
 
@@ -116,6 +117,9 @@ type InstanceSetup struct {
 		RefreshTokenIdleExpiration time.Duration
 		RefreshTokenExpiration     time.Duration
 	}
+	Quotas *struct {
+		Items []*AddQuota
+	}
 }
 
 type ZitadelConfig struct {
@@ -261,6 +265,19 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str
 		prepareAddDefaultEmailTemplate(instanceAgg, setup.EmailTemplate),
 	}
 
+	if setup.Quotas != nil {
+		for _, q := range setup.Quotas.Items {
+			quotaId, err := c.idGenerator.Next()
+			if err != nil {
+				return "", "", nil, nil, err
+			}
+
+			quotaAggregate := quota.NewAggregate(quotaId, instanceID, instanceID)
+
+			validations = append(validations, c.AddQuotaCommand(quotaAggregate, q))
+		}
+	}
+
 	for _, msg := range setup.MessageTexts {
 		validations = append(validations, prepareSetInstanceCustomMessageTexts(instanceAgg, msg))
 	}

internal/command/quota.go

@@ -0,0 +1,207 @@
+package command
+
+import (
+	"context"
+	"net/url"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/command/preparation"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/id"
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+type QuotaUnit string
+
+const (
+	QuotaRequestsAllAuthenticated QuotaUnit = "requests.all.authenticated"
+	QuotaActionsAllRunsSeconds    QuotaUnit = "actions.all.runs.seconds"
+)
+
+func (q *QuotaUnit) Enum() quota.Unit {
+	switch *q {
+	case QuotaRequestsAllAuthenticated:
+		return quota.RequestsAllAuthenticated
+	case QuotaActionsAllRunsSeconds:
+		return quota.ActionsAllRunsSeconds
+	default:
+		return quota.Unimplemented
+	}
+}
+
+func (c *Commands) AddQuota(
+	ctx context.Context,
+	q *AddQuota,
+) (*domain.ObjectDetails, error) {
+	instanceId := authz.GetInstance(ctx).InstanceID()
+
+	wm, err := c.getQuotaWriteModel(ctx, instanceId, instanceId, q.Unit.Enum())
+	if err != nil {
+		return nil, err
+	}
+
+	if wm.active {
+		return nil, errors.ThrowAlreadyExists(nil, "COMMAND-WDfFf", "Errors.Quota.AlreadyExists")
+	}
+
+	aggregateId, err := c.idGenerator.Next()
+	if err != nil {
+		return nil, err
+	}
+	aggregate := quota.NewAggregate(aggregateId, instanceId, instanceId)
+
+	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.AddQuotaCommand(aggregate, q))
+	if err != nil {
+		return nil, err
+	}
+	events, err := c.eventstore.Push(ctx, cmds...)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(wm, events...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&wm.WriteModel), nil
+}
+
+func (c *Commands) RemoveQuota(ctx context.Context, unit QuotaUnit) (*domain.ObjectDetails, error) {
+	instanceId := authz.GetInstance(ctx).InstanceID()
+
+	wm, err := c.getQuotaWriteModel(ctx, instanceId, instanceId, unit.Enum())
+	if err != nil {
+		return nil, err
+	}
+
+	if !wm.active {
+		return nil, errors.ThrowNotFound(nil, "COMMAND-WDfFf", "Errors.Quota.NotFound")
+	}
+
+	aggregate := quota.NewAggregate(wm.AggregateID, instanceId, instanceId)
+
+	events := []eventstore.Command{
+		quota.NewRemovedEvent(ctx, &aggregate.Aggregate, unit.Enum()),
+	}
+	pushedEvents, err := c.eventstore.Push(ctx, events...)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(wm, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&wm.WriteModel), nil
+}
+
+func (c *Commands) getQuotaWriteModel(ctx context.Context, instanceId, resourceOwner string, unit quota.Unit) (*quotaWriteModel, error) {
+	wm := newQuotaWriteModel(instanceId, resourceOwner, unit)
+	return wm, c.eventstore.FilterToQueryReducer(ctx, wm)
+}
+
+type QuotaNotification struct {
+	Percent uint16
+	Repeat  bool
+	CallURL string
+}
+
+type QuotaNotifications []*QuotaNotification
+
+func (q *QuotaNotifications) toAddedEventNotifications(idGenerator id.Generator) ([]*quota.AddedEventNotification, error) {
+	if q == nil {
+		return nil, nil
+	}
+
+	notifications := make([]*quota.AddedEventNotification, len(*q))
+	for idx, notification := range *q {
+
+		id, err := idGenerator.Next()
+		if err != nil {
+			return nil, err
+		}
+
+		notifications[idx] = &quota.AddedEventNotification{
+			ID:      id,
+			Percent: notification.Percent,
+			Repeat:  notification.Repeat,
+			CallURL: notification.CallURL,
+		}
+	}
+
+	return notifications, nil
+}
+
+type AddQuota struct {
+	Unit          QuotaUnit
+	From          time.Time
+	ResetInterval time.Duration
+	Amount        uint64
+	Limit         bool
+	Notifications QuotaNotifications
+}
+
+func (q *AddQuota) validate() error {
+	for _, notification := range q.Notifications {
+		u, err := url.Parse(notification.CallURL)
+		if err != nil {
+			return errors.ThrowInvalidArgument(err, "QUOTA-bZ0Fj", "Errors.Quota.Invalid.CallURL")
+		}
+
+		if !u.IsAbs() || u.Host == "" {
+			return errors.ThrowInvalidArgument(nil, "QUOTA-HAYmN", "Errors.Quota.Invalid.CallURL")
+		}
+
+		if notification.Percent < 1 {
+			return errors.ThrowInvalidArgument(nil, "QUOTA-pBfjq", "Errors.Quota.Invalid.Percent")
+		}
+	}
+
+	if q.Unit.Enum() == quota.Unimplemented {
+		return errors.ThrowInvalidArgument(nil, "QUOTA-OTeSh", "Errors.Quota.Invalid.Unimplemented")
+	}
+
+	if q.Amount < 1 {
+		return errors.ThrowInvalidArgument(nil, "QUOTA-hOKSJ", "Errors.Quota.Invalid.Amount")
+	}
+
+	if q.ResetInterval < time.Minute {
+		return errors.ThrowInvalidArgument(nil, "QUOTA-R5otd", "Errors.Quota.Invalid.ResetInterval")
+	}
+
+	if !q.Limit && len(q.Notifications) == 0 {
+		return errors.ThrowInvalidArgument(nil, "QUOTA-4Nv68", "Errors.Quota.Invalid.Noop")
+	}
+
+	return nil
+}
+
+func (c *Commands) AddQuotaCommand(a *quota.Aggregate, q *AddQuota) preparation.Validation {
+	return func() (preparation.CreateCommands, error) {
+
+		if err := q.validate(); err != nil {
+			return nil, err
+		}
+
+		return func(ctx context.Context, filter preparation.FilterToQueryReducer) (cmd []eventstore.Command, err error) {
+
+				notifications, err := q.Notifications.toAddedEventNotifications(c.idGenerator)
+				if err != nil {
+					return nil, err
+				}
+
+				return []eventstore.Command{quota.NewAddedEvent(
+					ctx,
+					&a.Aggregate,
+					q.Unit.Enum(),
+					q.From,
+					q.ResetInterval,
+					q.Amount,
+					q.Limit,
+					notifications,
+				)}, err
+			},
+			nil
+	}
+}

internal/command/quota_model.go

@@ -0,0 +1,54 @@
+package command
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+type quotaWriteModel struct {
+	eventstore.WriteModel
+	unit   quota.Unit
+	active bool
+	config *quota.AddedEvent
+}
+
+// newQuotaWriteModel aggregateId is filled by reducing unit matching events
+func newQuotaWriteModel(instanceId, resourceOwner string, unit quota.Unit) *quotaWriteModel {
+	return &quotaWriteModel{
+		WriteModel: eventstore.WriteModel{
+			InstanceID:    instanceId,
+			ResourceOwner: resourceOwner,
+		},
+		unit: unit,
+	}
+}
+
+func (wm *quotaWriteModel) Query() *eventstore.SearchQueryBuilder {
+	query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		ResourceOwner(wm.ResourceOwner).
+		AddQuery().
+		InstanceID(wm.InstanceID).
+		AggregateTypes(quota.AggregateType).
+		EventTypes(
+			quota.AddedEventType,
+			quota.RemovedEventType,
+		).EventData(map[string]interface{}{"unit": wm.unit})
+
+	return query.Builder()
+}
+
+func (wm *quotaWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *quota.AddedEvent:
+			wm.AggregateID = e.Aggregate().ID
+			wm.active = true
+			wm.config = e
+		case *quota.RemovedEvent:
+			wm.AggregateID = e.Aggregate().ID
+			wm.active = false
+			wm.config = nil
+		}
+	}
+	return wm.WriteModel.Reduce()
+}

internal/command/quota_notifications.go

@@ -0,0 +1,59 @@
+package command
+
+import (
+	"context"
+	"math"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+func (c *Commands) GetDueQuotaNotifications(ctx context.Context, config *quota.AddedEvent, periodStart time.Time, usedAbs uint64) ([]*quota.NotifiedEvent, error) {
+	if len(config.Notifications) == 0 {
+		return nil, nil
+	}
+
+	aggregate := config.Aggregate()
+	wm, err := c.getQuotaNotificationsWriteModel(ctx, aggregate, periodStart)
+	if err != nil {
+		return nil, err
+	}
+
+	usedRel := uint16(math.Floor(float64(usedAbs*100) / float64(config.Amount)))
+
+	var dueNotifications []*quota.NotifiedEvent
+	for _, notification := range config.Notifications {
+		if notification.Percent > usedRel {
+			continue
+		}
+
+		threshold := notification.Percent
+		if notification.Repeat {
+			threshold = uint16(math.Min(1, math.Floor(float64(usedRel)/float64(notification.Percent)))) * notification.Percent
+		}
+
+		if wm.latestNotifiedThresholds[notification.ID] < threshold {
+			dueNotifications = append(
+				dueNotifications,
+				quota.NewNotifiedEvent(
+					ctx,
+					&aggregate,
+					config.Unit,
+					notification.ID,
+					notification.CallURL,
+					periodStart,
+					threshold,
+					usedAbs,
+				),
+			)
+		}
+	}
+
+	return dueNotifications, nil
+}
+
+func (c *Commands) getQuotaNotificationsWriteModel(ctx context.Context, aggregate eventstore.Aggregate, periodStart time.Time) (*quotaNotificationsWriteModel, error) {
+	wm := newQuotaNotificationsWriteModel(aggregate.ID, aggregate.InstanceID, aggregate.ResourceOwner, periodStart)
+	return wm, c.eventstore.FilterToQueryReducer(ctx, wm)
+}

internal/command/quota_notifications_model.go

@@ -0,0 +1,45 @@
+package command
+
+import (
+	"time"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+type quotaNotificationsWriteModel struct {
+	eventstore.WriteModel
+	periodStart              time.Time
+	latestNotifiedThresholds map[string]uint16
+}
+
+func newQuotaNotificationsWriteModel(aggregateId, instanceId, resourceOwner string, periodStart time.Time) *quotaNotificationsWriteModel {
+	return &quotaNotificationsWriteModel{
+		WriteModel: eventstore.WriteModel{
+			AggregateID:   aggregateId,
+			InstanceID:    instanceId,
+			ResourceOwner: resourceOwner,
+		},
+		periodStart:              periodStart,
+		latestNotifiedThresholds: make(map[string]uint16),
+	}
+}
+
+func (wm *quotaNotificationsWriteModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		ResourceOwner(wm.ResourceOwner).
+		AddQuery().
+		InstanceID(wm.InstanceID).
+		AggregateTypes(quota.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		CreationDateAfter(wm.periodStart).
+		EventTypes(quota.NotifiedEventType).Builder()
+}
+
+func (wm *quotaNotificationsWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		e := event.(*quota.NotifiedEvent)
+		wm.latestNotifiedThresholds[e.ID] = e.Threshold
+	}
+	return wm.WriteModel.Reduce()
+}

internal/command/quota_period.go

@@ -0,0 +1,25 @@
+package command
+
+import (
+	"context"
+	"time"
+
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+func (c *Commands) GetCurrentQuotaPeriod(ctx context.Context, instanceID string, unit quota.Unit) (*quota.AddedEvent, time.Time, error) {
+	wm, err := c.getQuotaWriteModel(ctx, instanceID, instanceID, unit)
+	if err != nil || !wm.active {
+		return nil, time.Time{}, err
+	}
+
+	return wm.config, pushPeriodStart(wm.config.From, wm.config.ResetInterval, time.Now()), nil
+}
+
+func pushPeriodStart(from time.Time, interval time.Duration, now time.Time) time.Time {
+	next := from.Add(interval)
+	if next.After(now) {
+		return from
+	}
+	return pushPeriodStart(next, interval, now)
+}

internal/command/quota_report.go

@@ -0,0 +1,58 @@
+package command
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/zitadel/zitadel/internal/repository/quota"
+)
+
+// ReportUsage calls notification hooks and emits the notified events
+func (c *Commands) ReportUsage(ctx context.Context, dueNotifications []*quota.NotifiedEvent) error {
+	for _, notification := range dueNotifications {
+
+		if err := notify(ctx, notification); err != nil {
+			if err != nil {
+				return err
+			}
+		}
+
+		if _, err := c.eventstore.Push(ctx, notification); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func notify(ctx context.Context, notification *quota.NotifiedEvent) error {
+	payload, err := json.Marshal(notification)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, notification.CallURL, bytes.NewReader(payload))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+
+	if err = resp.Body.Close(); err != nil {
+		return err
+	}
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return fmt.Errorf("calling url %s returned %s", notification.CallURL, resp.Status)
+	}
+
+	return nil
+}