Merge pull request #2330 from Freika/feature/lite

Lite plan for Cloud

Author: Freika

CLAUDE.md

@@ -372,7 +372,8 @@ Even in these cases, wrap the integration in a Stimulus controller and connect i
 4. **Testing**: Include both unit and integration tests for location-based features
 5. **Performance**: Consider database indexes for geographic queries
 6. **Security**: Never log or expose user location data inappropriately
-7. **Public Sharing**: When implementing features that interact with stats, consider public sharing access patterns:
+7. **Migrations**: Put all migrations (schema and data) in `db/migrate/`, not `db/data/`. Data manipulation migrations use the same `ActiveRecord::Migration` class and should run in the standard migration sequence.
+8. **Public Sharing**: When implementing features that interact with stats, consider public sharing access patterns:
    - Use `public_accessible?` method to check if a stat can be publicly accessed
    - Support UUID-based access in API endpoints when appropriate
    - Respect expiration settings and disable sharing when expired

Gemfile

@@ -35,6 +35,7 @@ gem 'pg'
 gem 'prometheus_exporter'
 gem 'puma'
 gem 'pundit', '>= 2.5.1'
+gem 'rack-attack'
 gem 'rails', '~> 8.0'
 gem 'rails_icons'
 gem 'rails_pulse'

Gemfile.lock

@@ -393,6 +393,8 @@ GEM
     raabro (1.4.0)
     racc (1.8.1)
     rack (3.2.4)
+    rack-attack (6.8.0)
+      rack (>= 1.0, < 4)
     rack-oauth2 (2.3.0)
       activesupport
       attr_required
@@ -696,6 +698,7 @@ DEPENDENCIES
   pry-rails
   puma
   pundit (>= 2.5.1)
+  rack-attack
   rails (~> 8.0)
   rails_icons
   rails_pulse

app/assets/builds/tailwind.css

@@ -4,15 +4,15 @@ class Api::V1::PointsController < ApiController
   include SafeTimestampParser
 
   before_action :authenticate_active_api_user!, only: %i[create update destroy bulk_destroy]
+  before_action :require_write_api!, only: %i[create update destroy bulk_destroy]
   before_action :validate_points_limit, only: %i[create]
 
   def index
     start_at = params[:start_at].present? ? safe_timestamp(params[:start_at]) : nil
     end_at   = params[:end_at].present? ? safe_timestamp(params[:end_at]) : Time.zone.now.to_i
     order    = params[:order] || 'desc'
 
-    points = current_api_user
-             .points
+    points = scoped_points
              .without_raw_data
              .where(timestamp: start_at..end_at)
 

app/controllers/api/v1/points_controller.rb

@@ -10,6 +10,9 @@ def index
     }, status: :ok
   end
 
+  # NOTE: For Lite plan users, Pro-only settings (gated map layers, globe_projection)
+  # are silently stripped before persistence by TransportationThresholdsUpdater.
+  # The response reflects the filtered state via safe_settings.config.
   def update
     result = Users::TransportationThresholdsUpdater.new(current_api_user, settings_params).call
 

app/controllers/api/v1/settings_controller.rb

@@ -7,7 +7,20 @@ def callback
     decoded_token = Subscription::DecodeJwtToken.new(params[:token]).call
 
     user = User.find(decoded_token[:user_id])
-    user.update!(status: decoded_token[:status], active_until: decoded_token[:active_until])
+    attrs = { status: decoded_token[:status], active_until: decoded_token[:active_until] }
+
+    if decoded_token[:plan].present?
+      unless User.plans.key?(decoded_token[:plan])
+        return render json: { message: "Invalid plan: #{decoded_token[:plan]}" }, status: :unprocessable_content
+      end
+
+      attrs[:plan] = decoded_token[:plan]
+    end
+
+    user.update!(attrs)
+
+    # Bust rate-limit plan cache so new limits take effect immediately
+    Rails.cache.delete("rack_attack/plan/#{user.api_key}") if attrs.key?(:plan)
 
     render json: { message: 'Subscription updated successfully' }
   rescue JWT::DecodeError => e

app/controllers/api/v1/subscriptions_controller.rb

@@ -6,15 +6,16 @@ def index
 
     # First try to get points directly associated with the track
     points = track.points.without_raw_data.includes(:country).order(timestamp: :asc)
+    points = apply_plan_scope(points)
 
     # If no points are associated, fall back to fetching by time range
     # This handles tracks created before point association was implemented
     if points.empty?
-      points = current_api_user.points
-                               .without_raw_data
-                               .includes(:country)
-                               .where(timestamp: track.start_at.to_i..track.end_at.to_i)
-                               .order(timestamp: :asc)
+      points = scoped_points
+               .without_raw_data
+               .includes(:country)
+               .where(timestamp: track.start_at.to_i..track.end_at.to_i)
+               .order(timestamp: :asc)
     end
 
     # Support optional pagination (backward compatible - returns all if no page param)

app/controllers/api/v1/tracks/points_controller.rb

@@ -4,6 +4,7 @@ class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
   before_action :set_version_header
   before_action :authenticate_api_key
+  after_action :set_rate_limit_headers
 
   rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
 
@@ -37,6 +38,45 @@ def authenticate_api_key
     true
   end
 
+  def require_pro_api!
+    return unless current_api_user # auth already handled by authenticate_api_key
+    return if DawarichSettings.self_hosted?
+    return if current_api_user.pro?
+
+    render json: {
+      error: 'pro_plan_required',
+      message: 'This feature requires a Pro plan.',
+      upgrade_url: DawarichSettings::UPGRADE_URL
+    }, status: :forbidden
+  end
+
+  def require_write_api!
+    return unless current_api_user # auth already handled by authenticate_api_key
+    return if DawarichSettings.self_hosted?
+    return if current_api_user.pro?
+
+    render json: {
+      error: 'write_api_restricted',
+      message: 'Write API access requires a Pro plan. Your data was not modified.',
+      upgrade_url: DawarichSettings::UPGRADE_URL
+    }, status: :forbidden
+  end
+
+  # Returns points scoped to the user's plan data window.
+  # Lite users see only the last 12 months; Pro users see everything.
+  def scoped_points(user = current_api_user)
+    apply_plan_scope(user.points, user)
+  end
+
+  # Applies the 12-month plan window to any point relation.
+  # Use this when scoping points that don't start from user.points (e.g. track.points).
+  def apply_plan_scope(relation, user = current_api_user)
+    return relation if DawarichSettings.self_hosted?
+    return relation unless user&.lite?
+
+    relation.where('timestamp >= ?', 12.months.ago.to_i)
+  end
+
   def authenticate_active_api_user!
     if current_api_user.nil?
       render json: { error: 'User account is not active or has been deleted' }, status: :unauthorized
@@ -82,4 +122,21 @@ def validate_points_limit
 
     render json: { error: 'Points limit exceeded' }, status: :unauthorized if limit_exceeded
   end
+
+  def set_rate_limit_headers
+    return unless current_api_user
+    return if DawarichSettings.self_hosted?
+
+    throttle_data = request.env['rack.attack.throttle_data']&.dig('api/token')
+    return unless throttle_data
+
+    limit = throttle_data[:limit]
+    count = throttle_data[:count]
+    period = throttle_data[:period]
+    now = Time.zone.now.to_i
+
+    response.set_header('X-RateLimit-Limit', limit.to_s)
+    response.set_header('X-RateLimit-Remaining', [limit - count, 0].max.to_s)
+    response.set_header('X-RateLimit-Reset', (now + (period - (now % period))).to_s)
+  end
 end

app/controllers/api_controller.rb

@@ -66,6 +66,37 @@ def after_sign_in_path_for(resource)
     end
   end
 
+  def require_pro!
+    return if DawarichSettings.self_hosted?
+
+    unless current_user
+      respond_to do |format|
+        format.html { redirect_to new_user_session_path, alert: 'Please sign in to continue.', status: :see_other }
+        format.json { render json: { error: 'You need to sign in first.' }, status: :unauthorized }
+        format.turbo_stream do
+          redirect_to new_user_session_path, alert: 'Please sign in to continue.', status: :see_other
+        end
+      end
+      return
+    end
+
+    return if current_user.pro?
+
+    respond_to do |format|
+      format.html do
+        redirect_back fallback_location: root_path,
+                      alert: 'This feature requires a Pro plan.',
+                      status: :see_other
+      end
+      format.json { render json: { error: 'This feature requires a Pro plan.' }, status: :forbidden }
+      format.turbo_stream do
+        redirect_back fallback_location: root_path,
+                      alert: 'This feature requires a Pro plan.',
+                      status: :see_other
+      end
+    end
+  end
+
   def ensure_family_feature_enabled!
     return if DawarichSettings.family_feature_enabled?