[server] Use BillingModes for guarding the Stripe API

Author: geropl

components/gitpod-protocol/src/gitpod-service.ts

@@ -62,6 +62,7 @@ import { IDEServer } from "./ide-protocol";
 import { InstallationAdminSettings, TelemetryData } from "./installation-admin-protocol";
 import { Currency } from "./plans";
 import { BillableSession } from "./usage";
+import { BillingMode } from "./billing-modes";
 
 export interface GitpodClient {
     onInstanceUpdate(instance: WorkspaceInstance): void;
@@ -296,6 +297,9 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     listBilledUsage(attributionId: string): Promise<BillableSession[]>;
     setUsageAttribution(usageAttribution: string): Promise<void>;
 
+    getBillingModeForUser(): Promise<BillingMode>;
+    getBillingModeForTeam(teamId: string): Promise<BillingMode>;
+
     /**
      * Analytics
      */

components/server/ee/src/workspace/gitpod-server-impl.ts

@@ -106,10 +106,10 @@ import { ClientMetadata, traceClientMetadata } from "../../../src/websocket/webs
 import { BitbucketAppSupport } from "../bitbucket/bitbucket-app-support";
 import { URL } from "url";
 import { UserCounter } from "../user/user-counter";
-import { getExperimentsClientForBackend } from "@gitpod/gitpod-protocol/lib/experiments/configcat-server";
 import { AttributionId } from "@gitpod/gitpod-protocol/lib/attribution";
 import { CachingUsageServiceClientProvider } from "@gitpod/usage-api/lib/usage/v1/sugar";
 import * as usage from "@gitpod/usage-api/lib/usage/v1/usage_pb";
+import { BillingMode } from "@gitpod/gitpod-protocol/lib/billing-modes";
 
 @injectable()
 export class GitpodServerEEImpl extends GitpodServerImpl {
@@ -1919,24 +1919,34 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
         return subscription;
     }
 
-    protected async ensureIsUsageBasedFeatureFlagEnabled(user: User): Promise<void> {
-        const teams = await this.teamDB.findTeamsByUser(user.id);
-        const isUsageBasedBillingEnabled = await getExperimentsClientForBackend().getValueAsync(
-            "isUsageBasedBillingEnabled",
-            false,
-            {
-                user,
-                teams: teams,
-            },
+    protected async ensureStripeApisAllowed(sub: { user?: User; team?: Team }): Promise<void> {
+        this.ensureBillingMode(
+            sub,
+            // Stripe is allowed when you either are on the usage-based side already, or you can switch to)
+            (m) => m.mode === "usage-based" || (m.mode === "chargebee" && m.tier === "paid_cancelled_and_ubb"),
         );
-        if (!isUsageBasedBillingEnabled) {
-            throw new ResponseError(ErrorCodes.PERMISSION_DENIED, "not allowed");
+    }
+
+    protected async ensureBillingMode(
+        sub: { user?: User; team?: Team },
+        pred: (m: BillingMode) => boolean,
+    ): Promise<void> {
+        let billingMode: BillingMode | undefined = undefined;
+        if (sub.user) {
+            billingMode = await this.billingModes.getBillingModeForUser(sub.user);
+        } else if (sub.team) {
+            billingMode = await this.billingModes.getBillingModeForTeam(sub.team);
+        }
+
+        if (billingMode && pred(billingMode)) {
+            return;
         }
+        throw new ResponseError(ErrorCodes.PERMISSION_DENIED, "not allowed");
     }
 
     async getStripePublishableKey(ctx: TraceContext): Promise<string> {
         const user = this.checkAndBlockUser("getStripePublishableKey");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
+        await this.ensureStripeApisAllowed({ user });
         const publishableKey = this.config.stripeSecrets?.publishableKey;
         if (!publishableKey) {
             throw new ResponseError(
@@ -1949,7 +1959,7 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
 
     async getStripeSetupIntentClientSecret(ctx: TraceContext): Promise<string> {
         const user = this.checkAndBlockUser("getStripeSetupIntentClientSecret");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
+        await this.ensureStripeApisAllowed({ user });
         try {
             const setupIntent = await this.stripeService.createSetupIntent();
             if (!setupIntent.client_secret) {
@@ -1963,9 +1973,9 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
     }
 
     async findStripeSubscriptionIdForTeam(ctx: TraceContext, teamId: string): Promise<string | undefined> {
-        const user = this.checkAndBlockUser("findStripeSubscriptionIdForTeam");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
-        await this.guardTeamOperation(teamId, "get");
+        this.checkAndBlockUser("findStripeSubscriptionIdForTeam");
+        const team = await this.guardTeamOperation(teamId, "get");
+        await this.ensureStripeApisAllowed({ team });
         try {
             const customer = await this.stripeService.findCustomerByTeamId(teamId);
             if (!customer?.id) {
@@ -1990,9 +2000,8 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
         currency: Currency,
     ): Promise<void> {
         const user = this.checkAndBlockUser("subscribeUserToStripe");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
-        await this.guardTeamOperation(teamId, "update");
-        const team = await this.teamDB.findTeamById(teamId);
+        const team = await this.guardTeamOperation(teamId, "update");
+        await this.ensureStripeApisAllowed({ team });
         try {
             let customer = await this.stripeService.findCustomerByTeamId(team!.id);
             if (!customer) {
@@ -2028,10 +2037,9 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
     }
 
     async getStripePortalUrlForTeam(ctx: TraceContext, teamId: string): Promise<string> {
-        const user = this.checkAndBlockUser("getStripePortalUrlForTeam");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
-        await this.guardTeamOperation(teamId, "update");
-        const team = await this.teamDB.findTeamById(teamId);
+        this.checkAndBlockUser("getStripePortalUrlForTeam");
+        const team = await this.guardTeamOperation(teamId, "update");
+        await this.ensureStripeApisAllowed({ team });
         try {
             const url = await this.stripeService.getPortalUrlForTeam(team!);
             return url;
@@ -2046,8 +2054,8 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
 
     async getSpendingLimitForTeam(ctx: TraceContext, teamId: string): Promise<number | undefined> {
         const user = this.checkAndBlockUser("getSpendingLimitForTeam");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
-        await this.guardTeamOperation(teamId, "get");
+        const team = await this.guardTeamOperation(teamId, "get");
+        await this.ensureStripeApisAllowed({ team });
 
         const attributionId = AttributionId.render({ kind: "team", teamId });
         await this.guardCostCenterAccess(ctx, user.id, attributionId, "get");
@@ -2061,8 +2069,8 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
 
     async setSpendingLimitForTeam(ctx: TraceContext, teamId: string, spendingLimit: number): Promise<void> {
         const user = this.checkAndBlockUser("setSpendingLimitForTeam");
-        await this.ensureIsUsageBasedFeatureFlagEnabled(user);
-        await this.guardTeamOperation(teamId, "update");
+        const team = await this.guardTeamOperation(teamId, "update");
+        await this.ensureStripeApisAllowed({ team });
         if (typeof spendingLimit !== "number" || spendingLimit < 0) {
             throw new ResponseError(ErrorCodes.BAD_REQUEST, "Unexpected `spendingLimit` value.");
         }

components/server/src/auth/rate-limiter.ts

@@ -211,6 +211,9 @@ function getConfig(config: RateLimiterConfig): RateLimiterConfig {
         subscribeTeamToStripe: { group: "default", points: 1 },
         getStripePortalUrlForTeam: { group: "default", points: 1 },
         listBilledUsage: { group: "default", points: 1 },
+        getBillingModeForTeam: { group: "default", points: 1 },
+        getBillingModeForUser: { group: "default", points: 1 },
+
         trackEvent: { group: "default", points: 1 },
         trackLocation: { group: "default", points: 1 },
         identifyUser: { group: "default", points: 1 },

components/server/src/workspace/gitpod-server-impl.ts

@@ -108,7 +108,11 @@ import {
 } from "@gitpod/gitpod-protocol/lib/team-subscription-protocol";
 import { Cancelable } from "@gitpod/gitpod-protocol/lib/util/cancelable";
 import { log, LogContext } from "@gitpod/gitpod-protocol/lib/util/logging";
-import { InterfaceWithTraceContext, TraceContext } from "@gitpod/gitpod-protocol/lib/util/tracing";
+import {
+    InterfaceWithTraceContext,
+    TraceContext,
+    TraceContextWithSpan,
+} from "@gitpod/gitpod-protocol/lib/util/tracing";
 import {
     IdentifyMessage,
     RemoteIdentifyMessage,
@@ -170,6 +174,8 @@ import { Currency } from "@gitpod/gitpod-protocol/lib/plans";
 import { getExperimentsClientForBackend } from "@gitpod/gitpod-protocol/lib/experiments/configcat-server";
 import { BillableSession } from "@gitpod/gitpod-protocol/lib/usage";
 import { WorkspaceClusterImagebuilderClientProvider } from "./workspace-cluster-imagebuilder-client-provider";
+import { BillingMode } from "@gitpod/gitpod-protocol/lib/billing-modes";
+import { BillingModes } from "../billing/billing-mode";
 
 // shortcut
 export const traceWI = (ctx: TraceContext, wi: Omit<LogContext, "userId">) => TraceContext.setOWI(ctx, wi); // userId is already taken care of in WebsocketConnectionManager
@@ -238,6 +244,8 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
     @inject(IDEConfigService) protected readonly ideConfigService: IDEConfigService;
 
+    @inject(BillingModes) protected readonly billingModes: BillingModes;
+
     /** Id the uniquely identifies this server instance */
     public readonly uuid: string = uuidv4();
     public readonly clientMetadata: ClientMetadata;
@@ -2055,13 +2063,14 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         return await this.projectsService.getProjectEnvironmentVariables(projectId);
     }
 
-    protected async guardTeamOperation(teamId: string | undefined, op: ResourceAccessOp): Promise<void> {
+    protected async guardTeamOperation(teamId: string | undefined, op: ResourceAccessOp): Promise<Team> {
         const team = await this.teamDB.findTeamById(teamId || "");
         if (!team) {
             throw new ResponseError(ErrorCodes.NOT_FOUND, "Team not found");
         }
         const members = await this.teamDB.findMembersByTeam(team.id);
         await this.guardAccess({ kind: "team", subject: team, members }, op);
+        return team;
     }
 
     public async getTeams(ctx: TraceContext): Promise<Team[]> {
@@ -3211,6 +3220,22 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         }
     }
 
+    async getBillingModeForUser(ctx: TraceContextWithSpan): Promise<BillingMode> {
+        traceAPIParams(ctx, {});
+
+        const user = this.checkUser("getBillingModeForUser");
+        return this.billingModes.getBillingModeForUser(user);
+    }
+
+    async getBillingModeForTeam(ctx: TraceContextWithSpan, teamId: string): Promise<BillingMode> {
+        traceAPIParams(ctx, { teamId });
+
+        this.checkAndBlockUser("getBillingModeForTeam");
+        const team = await this.guardTeamOperation(teamId, "get");
+
+        return this.billingModes.getBillingModeForTeam(team);
+    }
+
     //
     //#endregion