c884cdefde
Introduce a daily cap on non-channel outbound emails to prevent abuse. Fixes https://linear.app/chatwoot/issue/CW-6418/ses-incident-jan-28 ## Type of change - [x] New feature (non-breaking change which adds functionality) - [x] Breaking change (fix or feature that would cause existing functionality not to work as expected) ## Summary - Adds a Redis-based daily counter to rate limit outbound emails per account, preventing email abuse - Covers continuity emails (WebWidget/API), conversation transcripts, and agent notifications - Email channel replies are excluded (paid feature, not abusable) - Adds account suspension check in `ConversationReplyMailer` to block already-queued emails for suspended accounts ## Limit Resolution Hierarchy 1. Per-account override (`account.limits['emails']`) — SuperAdmin configurable 2. Enterprise plan-based (`ACCOUNT_EMAILS_PLAN_LIMITS` InstallationConfig) 3. Global default (`ACCOUNT_EMAILS_LIMIT` InstallationConfig, default: 100) 4. Fallback (`ChatwootApp.max_limit` — effectively unlimited) ## Enforcement Points | Path | Where | Behavior | |------|-------|----------| | WebWidget/API continuity | `SendEmailNotificationService#should_send_email_notification?` | Silently skipped | | Widget transcript | `Widget::ConversationsController#transcript` | Returns 429 | | API transcript | `ConversationsController#transcript` | Returns 429 | | Agent notifications | `Notification::EmailNotificationService#perform` | Silently skipped | | Email channel replies | Not rate limited | Paid feature | | Suspended accounts | `ConversationReplyMailer` | Blocked at mailer level |
64 lines
2.0 KiB
Ruby
64 lines
2.0 KiB
Ruby
require 'rails_helper'
|
|
|
|
RSpec.describe AccountEmailRateLimitable do
|
|
let(:account) { create(:account) }
|
|
|
|
describe '#email_rate_limit' do
|
|
it 'returns account-level override when set' do
|
|
account.update!(limits: { 'emails' => 50 })
|
|
expect(account.email_rate_limit).to eq(50)
|
|
end
|
|
|
|
it 'returns global config when no account override' do
|
|
InstallationConfig.where(name: 'ACCOUNT_EMAILS_LIMIT').first_or_create(value: 200)
|
|
expect(account.email_rate_limit).to eq(200)
|
|
end
|
|
|
|
it 'returns account override over global config' do
|
|
InstallationConfig.where(name: 'ACCOUNT_EMAILS_LIMIT').first_or_create(value: 200)
|
|
account.update!(limits: { 'emails' => 50 })
|
|
expect(account.email_rate_limit).to eq(50)
|
|
end
|
|
end
|
|
|
|
describe '#within_email_rate_limit?' do
|
|
before do
|
|
account.update!(limits: { 'emails' => 2 })
|
|
end
|
|
|
|
it 'returns true when under limit' do
|
|
expect(account).to be_within_email_rate_limit
|
|
end
|
|
|
|
it 'returns false when at limit' do
|
|
2.times { account.increment_email_sent_count }
|
|
expect(account).not_to be_within_email_rate_limit
|
|
end
|
|
end
|
|
|
|
describe '#increment_email_sent_count' do
|
|
it 'increments the counter' do
|
|
expect { account.increment_email_sent_count }.to change(account, :emails_sent_today).by(1)
|
|
end
|
|
|
|
it 'sets TTL on first increment' do
|
|
key = format(Redis::Alfred::ACCOUNT_OUTBOUND_EMAIL_COUNT_KEY, account_id: account.id, date: Time.zone.today.to_s)
|
|
allow(Redis::Alfred).to receive(:incr).and_return(1)
|
|
allow(Redis::Alfred).to receive(:expire)
|
|
|
|
account.increment_email_sent_count
|
|
|
|
expect(Redis::Alfred).to have_received(:expire).with(key, AccountEmailRateLimitable::OUTBOUND_EMAIL_TTL)
|
|
end
|
|
|
|
it 'does not reset TTL on subsequent increments' do
|
|
allow(Redis::Alfred).to receive(:incr).and_return(2)
|
|
allow(Redis::Alfred).to receive(:expire)
|
|
|
|
account.increment_email_sent_count
|
|
|
|
expect(Redis::Alfred).not_to have_received(:expire)
|
|
end
|
|
end
|
|
end
|