fix: disable email transcript for free plans (#13509)

- Block email transcript functionality for accounts without a paid plan to prevent SES abuse.
2026-02-11 21:21:36 +05:30
parent 7b512bd00e
commit 00ed074d72
5 changed files with 17 additions and 1 deletions
--- a/app/controllers/api/v1/accounts/conversations_controller.rb
+++ b/app/controllers/api/v1/accounts/conversations_controller.rb
@@ -70,6 +70,7 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro

  def transcript
    render json: { error: 'email param missing' }, status: :unprocessable_entity and return if params[:email].blank?
+    return render_payment_required('Email transcript is not available on your plan') unless @conversation.account.email_transcript_enabled?
    return head :too_many_requests unless @conversation.account.within_email_rate_limit?

    ConversationReplyMailer.with(account: @conversation.account).conversation_transcript(@conversation, params[:email])&.deliver_later
--- a/app/controllers/api/v1/widget/conversations_controller.rb
+++ b/app/controllers/api/v1/widget/conversations_controller.rb
@@ -35,7 +35,9 @@ class Api::V1::Widget::ConversationsController < Api::V1::Widget::BaseController
  end

  def transcript
-    return head :too_many_requests unless conversation.present? && conversation.account.within_email_rate_limit?
+    return head :too_many_requests if conversation.blank?
+    return head :payment_required unless conversation.account.email_transcript_enabled?
+    return head :too_many_requests unless conversation.account.within_email_rate_limit?

    send_transcript_email
    head :ok
--- a/app/models/concerns/account_email_rate_limitable.rb
+++ b/app/models/concerns/account_email_rate_limitable.rb
@@ -12,6 +12,10 @@ module AccountEmailRateLimitable
    Redis::Alfred.get(email_count_cache_key).to_i
  end

+  def email_transcript_enabled?
+    true
+  end
+
  def within_email_rate_limit?
    return true if emails_sent_today < email_rate_limit

--- a/app/services/action_service.rb
+++ b/app/services/action_service.rb
@@ -75,6 +75,8 @@ class ActionService
  end

  def send_email_transcript(emails)
+    return unless @account.email_transcript_enabled?
+
    emails = emails[0].gsub(/\s+/, '').split(',')

    emails.each do |email|
--- a/enterprise/app/models/enterprise/account/plan_usage_and_limits.rb
+++ b/enterprise/app/models/enterprise/account/plan_usage_and_limits.rb
@@ -32,6 +32,13 @@ module Enterprise::Account::PlanUsageAndLimits # rubocop:disable Metrics/ModuleL
    save
  end

+  def email_transcript_enabled?
+    default_plan = InstallationConfig.find_by(name: 'CHATWOOT_CLOUD_PLANS')&.value&.first
+    return true if default_plan.blank?
+
+    plan_name.present? && plan_name != default_plan['name']
+  end
+
  def email_rate_limit
    account_limit || plan_email_limit || global_limit || default_limit
  end