LeadMagnet/leadchat

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sojan Jose	053b7774dd	fix: Render all account limit fields (#13435 ) ## Bug Explanation - The Super Admin limits form renders inputs by iterating the keys of `account.limits`. - When `account.limits` was present, `AccountLimitsField#to_s` returned only that hash (no defaults). - On save, `SuperAdmin::AccountsController` compacts the limits hash, removing blank keys. - Result: if only one key (e.g., `agents`) was saved, the other keys were missing from the hash and their fields disappeared on the next render. ## Fix - Always start from a defaults hash of all expected limit keys and merge in any saved overrides. - This keeps the UI stable and ensures all limit inputs remain visible even when the stored hash is partial. - Upgraded meta_request to `0.8.5` to stop a dev‑only `SystemStackError` caused by JSON‑encoding ActiveRecord::Transaction in Rails 7.2. No production behavior changes. ## Reproduction Steps 1. In Super Admin, edit an account and set only `agents` in the limits; leave other limit fields blank and save. 2. Re-open the same account in Super Admin. 3. Observe that only `agents` is rendered and other limit fields are missing. ## Testing - Tested on UI --------- Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>	2026-02-04 20:21:07 +05:30
Vishnu Narayanan	c884cdefde	feat: add per-account daily rate limit for outbound emails (#13411 ) Introduce a daily cap on non-channel outbound emails to prevent abuse. Fixes https://linear.app/chatwoot/issue/CW-6418/ses-incident-jan-28 ## Type of change - [x] New feature (non-breaking change which adds functionality) - [x] Breaking change (fix or feature that would cause existing functionality not to work as expected) ## Summary - Adds a Redis-based daily counter to rate limit outbound emails per account, preventing email abuse - Covers continuity emails (WebWidget/API), conversation transcripts, and agent notifications - Email channel replies are excluded (paid feature, not abusable) - Adds account suspension check in `ConversationReplyMailer` to block already-queued emails for suspended accounts ## Limit Resolution Hierarchy 1. Per-account override (`account.limits['emails']`) — SuperAdmin configurable 2. Enterprise plan-based (`ACCOUNT_EMAILS_PLAN_LIMITS` InstallationConfig) 3. Global default (`ACCOUNT_EMAILS_LIMIT` InstallationConfig, default: 100) 4. Fallback (`ChatwootApp.max_limit` — effectively unlimited) ## Enforcement Points \| Path \| Where \| Behavior \| \|------\|-------\|----------\| \| WebWidget/API continuity \| `SendEmailNotificationService#should_send_email_notification?` \| Silently skipped \| \| Widget transcript \| `Widget::ConversationsController#transcript` \| Returns 429 \| \| API transcript \| `ConversationsController#transcript` \| Returns 429 \| \| Agent notifications \| `Notification::EmailNotificationService#perform` \| Silently skipped \| \| Email channel replies \| Not rate limited \| Paid feature \| \| Suspended accounts \| `ConversationReplyMailer` \| Blocked at mailer level \|	2026-02-03 02:06:51 +05:30
Sojan Jose	c63b583f90	chore: improve plan-based feature handling with plan hierarchy (#11335 ) - Refactor HandleStripeEventService to better manage features by plan - Add constants for features available in each plan tier (Startup, Business, Enterprise) - Add channel_instagram to Startup plan features - Improve downgrade handling to properly disable higher-tier features - Clean up and optimize tests for maintainability - Add comprehensive test coverage for plan upgrades and downgrades --------- Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>	2025-04-28 14:13:56 -07:00

Author

SHA1

Message

Date

Sojan Jose

053b7774dd

fix: Render all account limit fields (#13435 )

## Bug Explanation
- The Super Admin limits form renders inputs by iterating the keys of
`account.limits`.
- When `account.limits` was present, `AccountLimitsField#to_s` returned
only that hash (no defaults).
- On save, `SuperAdmin::AccountsController` compacts the limits hash,
removing blank keys.
- Result: if only one key (e.g., `agents`) was saved, the other keys
were missing from the hash and their fields disappeared on the next
render.

## Fix
- Always start from a defaults hash of all expected limit keys and merge
in any saved overrides.
- This keeps the UI stable and ensures all limit inputs remain visible
even when the stored hash is partial.
- Upgraded meta_request to `0.8.5` to stop a dev‑only `SystemStackError`
caused by JSON‑encoding ActiveRecord::Transaction in Rails 7.2. No
production behavior changes.

## Reproduction Steps
1. In Super Admin, edit an account and set only `agents` in the limits;
leave other limit fields blank and save.
2. Re-open the same account in Super Admin.
3. Observe that only `agents` is rendered and other limit fields are
missing.

## Testing
- Tested on UI

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>

2026-02-04 20:21:07 +05:30

Vishnu Narayanan

c884cdefde

feat: add per-account daily rate limit for outbound emails (#13411 )

Introduce a daily cap on non-channel outbound emails to prevent abuse.

Fixes https://linear.app/chatwoot/issue/CW-6418/ses-incident-jan-28

## Type of change

- [x] New feature (non-breaking change which adds functionality)
- [x] Breaking change (fix or feature that would cause existing
functionality not to work as expected)

## Summary
- Adds a Redis-based daily counter to rate limit outbound emails per
account, preventing email abuse
- Covers continuity emails (WebWidget/API), conversation transcripts,
and agent notifications
  - Email channel replies are excluded (paid feature, not abusable)
- Adds account suspension check in `ConversationReplyMailer` to block
already-queued emails for suspended accounts

  ## Limit Resolution Hierarchy
1. Per-account override (`account.limits['emails']`) — SuperAdmin
configurable
2. Enterprise plan-based (`ACCOUNT_EMAILS_PLAN_LIMITS`
InstallationConfig)
3. Global default (`ACCOUNT_EMAILS_LIMIT` InstallationConfig, default:
100)
  4. Fallback (`ChatwootApp.max_limit` — effectively unlimited)

  ## Enforcement Points
  | Path | Where | Behavior |
  |------|-------|----------|
| WebWidget/API continuity |
`SendEmailNotificationService#should_send_email_notification?` |
Silently skipped |
| Widget transcript | `Widget::ConversationsController#transcript` |
Returns 429 |
| API transcript | `ConversationsController#transcript` | Returns 429 |
| Agent notifications | `Notification::EmailNotificationService#perform`
| Silently skipped |
  | Email channel replies | Not rate limited | Paid feature |
| Suspended accounts | `ConversationReplyMailer` | Blocked at mailer
level |

2026-02-03 02:06:51 +05:30

Sojan Jose

c63b583f90

chore: improve plan-based feature handling with plan hierarchy (#11335 )

- Refactor HandleStripeEventService to better manage features by plan
- Add constants for features available in each plan tier (Startup,
Business, Enterprise)
- Add channel_instagram to Startup plan features
- Improve downgrade handling to properly disable higher-tier features
- Clean up and optimize tests for maintainability
- Add comprehensive test coverage for plan upgrades and downgrades

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>

2025-04-28 14:13:56 -07:00

3 Commits