Add-on minute checkout session setup

.github/workflows/k3d-ci.yaml

@@ -112,7 +112,7 @@ jobs:
           version: 3.10.2
 
       - name: Create secret
-        run: kubectl create secret generic btrix-subs-app-secret --from-literal=BTRIX_SUBS_APP_URL=${{ env.ECHO_SERVER_HOST_URL }}/portalUrl
+        run: kubectl create secret generic btrix-subs-app-secret --from-literal=BTRIX_SUBS_APP_URL=${{ env.ECHO_SERVER_HOST_URL }}
 
       - name: Start Cluster with Helm
         run: |

.github/workflows/k3d-nightly-ci.yaml

@@ -93,6 +93,12 @@ jobs:
         with:
           version: 3.10.2
 
+      - name: Create Secret
+        run: >
+          kubectl create secret generic btrix-subs-app-secret
+          --from-literal=BTRIX_SUBS_APP_URL=${{ env.ECHO_SERVER_HOST_URL }}
+          --from-literal=BTRIX_SUBS_APP_API_KEY=TEST_PRESHARED_SECRET_PASSWORD
+
       - name: Start Cluster with Helm
         run: |
           helm upgrade --install -f ./chart/values.yaml -f ./chart/test/test.yaml -f ./chart/test/test-nightly-addons.yaml btrix ./chart/

.github/workflows/microk8s-ci.yaml

@@ -60,7 +60,7 @@ jobs:
           cache-to: type=gha,scope=frontend,mode=max
 
       - name: Create Secret
-        run: sudo microk8s kubectl create secret generic btrix-subs-app-secret --from-literal=BTRIX_SUBS_APP_URL=${{ env.ECHO_SERVER_HOST_URL }}/portalUrl
+        run: sudo microk8s kubectl create secret generic btrix-subs-app-secret --from-literal=BTRIX_SUBS_APP_URL=${{ env.ECHO_SERVER_HOST_URL }}
 
       - name: Start Cluster with Helm
         run: |

backend/btrixcloud/auth.py

@@ -66,7 +66,9 @@ class OA2BearerOrQuery(OAuth2PasswordBearer):
     """Override bearer check to also test query"""
 
     async def __call__(
-        self, request: Request = None, websocket: WebSocket = None  # type: ignore
+        self,
+        request: Request = None,  # type: ignore
+        websocket: WebSocket = None,  # type: ignore
     ) -> str:
         param = None
         exc = None
@@ -163,7 +165,7 @@ async def get_current_user(
                 headers={"WWW-Authenticate": "Bearer"},
             )
 
-    async def shared_secret_or_active_user(
+    async def shared_secret_or_superuser(
         token: str = Depends(oauth2_scheme),
     ) -> User:
         # allow superadmin access if token matches the known shared secret
@@ -257,4 +259,4 @@ async def refresh_jwt(user=Depends(current_active_user)):
         user_info = await user_manager.get_user_info_with_orgs(user)
         return get_bearer_response(user, user_info)
 
-    return auth_jwt_router, current_active_user, shared_secret_or_active_user
+    return auth_jwt_router, current_active_user, shared_secret_or_superuser

backend/btrixcloud/main.py

@@ -172,9 +172,7 @@ def main() -> None:
 
     user_manager = init_user_manager(mdb, email, invites)
 
-    current_active_user, shared_secret_or_active_user = init_users_api(
-        app, user_manager
-    )
+    current_active_user, shared_secret_or_superuser = init_users_api(app, user_manager)
 
     org_ops = init_orgs_api(
         app,
@@ -183,9 +181,10 @@ def main() -> None:
         crawl_manager,
         invites,
         current_active_user,
+        shared_secret_or_superuser,
     )
 
-    init_subs_api(app, mdb, org_ops, user_manager, shared_secret_or_active_user)
+    init_subs_api(app, mdb, org_ops, user_manager, shared_secret_or_superuser)
 
     event_webhook_ops = init_event_webhooks_api(mdb, org_ops, app_root)
 

backend/btrixcloud/models.py

@@ -1857,6 +1857,8 @@ class OrgQuotasIn(BaseModel):
     extraExecMinutes: Optional[int] = None
     giftedExecMinutes: Optional[int] = None
 
+    context: str | None = None
+
 
 # ============================================================================
 class Plan(BaseModel):
@@ -1980,6 +1982,30 @@ class SubscriptionPortalUrlResponse(BaseModel):
     portalUrl: str = ""
 
 
+# ============================================================================
+class AddonMinutesPricing(BaseModel):
+    """Addon minutes pricing"""
+
+    value: float
+    currency: str
+
+
+# ============================================================================
+class CheckoutAddonMinutesRequest(BaseModel):
+    """Request for additional minutes checkout session"""
+
+    orgId: str
+    subId: str
+    minutes: int | None = None
+    return_url: str
+
+
+class CheckoutAddonMinutesResponse(BaseModel):
+    """Response for additional minutes checkout session"""
+
+    checkoutUrl: str
+
+
 # ============================================================================
 class Subscription(BaseModel):
     """subscription data"""
@@ -2058,6 +2084,7 @@ class OrgQuotaUpdate(BaseModel):
 
     modified: datetime
     update: OrgQuotas
+    context: str | None = None
 
 
 # ============================================================================

backend/btrixcloud/orgs.py

@@ -12,8 +12,19 @@
 from uuid import UUID, uuid4
 from tempfile import NamedTemporaryFile
 
-from typing import Optional, TYPE_CHECKING, Dict, Callable, List, AsyncGenerator, Any
+from typing import (
+    Awaitable,
+    Optional,
+    TYPE_CHECKING,
+    Dict,
+    Callable,
+    List,
+    Literal,
+    AsyncGenerator,
+    Any,
+)
 
+from motor.motor_asyncio import AsyncIOMotorDatabase
 from pydantic import ValidationError
 from pymongo import ReturnDocument
 from pymongo.collation import Collation
@@ -547,9 +558,15 @@ async def update_subscription_data(
 
         org = Organization.from_dict(org_data)
         if update.quotas:
-            # don't change gifted minutes here
+            # don't change gifted or extra minutes here
             update.quotas.giftedExecMinutes = None
-            await self.update_quotas(org, update.quotas)
+            update.quotas.extraExecMinutes = None
+            await self.update_quotas(
+                org,
+                update.quotas,
+                mode="set",
+                context=f"subscription_change:{update.planId}",
+            )
 
         return org
 
@@ -600,9 +617,17 @@ async def update_proxies(self, org: Organization, proxies: OrgProxies) -> None:
             },
         )
 
-    async def update_quotas(self, org: Organization, quotas: OrgQuotasIn) -> None:
+    async def update_quotas(
+        self,
+        org: Organization,
+        quotas: OrgQuotasIn,
+        mode: Literal["set", "add"],
+        context: str | None = None,
+    ) -> None:
         """update organization quotas"""
 
+        quotas.context = None
+
         previous_extra_mins = (
             org.quotas.extraExecMinutes
             if (org.quotas and org.quotas.extraExecMinutes)
@@ -614,51 +639,65 @@ async def update_quotas(self, org: Organization, quotas: OrgQuotasIn) -> None:
             else 0
         )
 
-        update = quotas.dict(
-            exclude_unset=True, exclude_defaults=True, exclude_none=True
-        )
+        if mode == "add":
+            increment_update: dict[str, Any] = {
+                "$inc": {},
+            }
 
-        quota_updates = []
-        for prev_update in org.quotaUpdates or []:
-            quota_updates.append(prev_update.dict())
-        quota_updates.append(OrgQuotaUpdate(update=update, modified=dt_now()).dict())
+            for field, value in quotas.model_dump(
+                exclude_unset=True, exclude_defaults=True, exclude_none=True
+            ).items():
+                if field == "context" or value is None:
+                    continue
+                inc = max(value, -org.quotas.model_dump().get(field, 0))
+                increment_update["$inc"][f"quotas.{field}"] = inc
 
-        await self.orgs.find_one_and_update(
-            {"_id": org.id},
-            {
-                "$set": {
-                    "quotas": update,
-                    "quotaUpdates": quota_updates,
-                }
+            updated_org = await self.orgs.find_one_and_update(
+                {"_id": org.id},
+                increment_update,
+                projection={"quotas": True},
+                return_document=ReturnDocument.AFTER,
+            )
+            quotas = OrgQuotasIn(**updated_org["quotas"])
+
+        update: dict[str, dict[str, dict[str, Any] | int]] = {
+            "$push": {
+                "quotaUpdates": OrgQuotaUpdate(
+                    modified=dt_now(),
+                    update=OrgQuotas(
+                        **quotas.model_dump(
+                            exclude_unset=True, exclude_defaults=True, exclude_none=True
+                        )
+                    ),
+                    context=context,
+                ).model_dump()
             },
-        )
+            "$inc": {},
+            "$set": {},
+        }
+
+        if mode == "set":
+            increment_update = quotas.model_dump(
+                exclude_unset=True, exclude_defaults=True, exclude_none=True
+            )
+            update["$set"]["quotas"] = increment_update
 
         # Inc org available fields for extra/gifted execution time as needed
         if quotas.extraExecMinutes is not None:
             extra_secs_diff = (quotas.extraExecMinutes - previous_extra_mins) * 60
             if org.extraExecSecondsAvailable + extra_secs_diff <= 0:
-                await self.orgs.find_one_and_update(
-                    {"_id": org.id},
-                    {"$set": {"extraExecSecondsAvailable": 0}},
-                )
+                update["$set"]["extraExecSecondsAvailable"] = 0
             else:
-                await self.orgs.find_one_and_update(
-                    {"_id": org.id},
-                    {"$inc": {"extraExecSecondsAvailable": extra_secs_diff}},
-                )
+                update["$inc"]["extraExecSecondsAvailable"] = extra_secs_diff
 
         if quotas.giftedExecMinutes is not None:
             gifted_secs_diff = (quotas.giftedExecMinutes - previous_gifted_mins) * 60
             if org.giftedExecSecondsAvailable + gifted_secs_diff <= 0:
-                await self.orgs.find_one_and_update(
-                    {"_id": org.id},
-                    {"$set": {"giftedExecSecondsAvailable": 0}},
-                )
+                update["$set"]["giftedExecSecondsAvailable"] = 0
             else:
-                await self.orgs.find_one_and_update(
-                    {"_id": org.id},
-                    {"$inc": {"giftedExecSecondsAvailable": gifted_secs_diff}},
-                )
+                update["$inc"]["giftedExecSecondsAvailable"] = gifted_secs_diff
+
+        await self.orgs.find_one_and_update({"_id": org.id}, update)
 
     async def update_event_webhook_urls(
         self, org: Organization, urls: OrgWebhookUrls
@@ -1128,7 +1167,7 @@ async def json_items_gen(
                     yield b"\n"
                 doc_index += 1
 
-            yield f']{"" if skip_closing_comma else ","}\n'.encode("utf-8")
+            yield f"]{'' if skip_closing_comma else ','}\n".encode("utf-8")
 
         async def json_closing_gen() -> AsyncGenerator:
             """Async generator to close JSON document"""
@@ -1436,10 +1475,12 @@ async def delete_org_and_data(
     async def recalculate_storage(self, org: Organization) -> dict[str, bool]:
         """Recalculate org storage use"""
         try:
-            total_crawl_size, crawl_size, upload_size = (
-                await self.base_crawl_ops.calculate_org_crawl_file_storage(
-                    org.id,
-                )
+            (
+                total_crawl_size,
+                crawl_size,
+                upload_size,
+            ) = await self.base_crawl_ops.calculate_org_crawl_file_storage(
+                org.id,
             )
             profile_size = await self.profile_ops.calculate_org_profile_file_storage(
                 org.id
@@ -1496,12 +1537,13 @@ async def inc_org_bytes_stored_field(self, oid: UUID, field: str, size: int):
 # ============================================================================
 # pylint: disable=too-many-statements, too-many-arguments
 def init_orgs_api(
-    app,
-    mdb,
+    app: APIRouter,
+    mdb: AsyncIOMotorDatabase[Any],
     user_manager: UserManager,
     crawl_manager: CrawlManager,
     invites: InviteOps,
-    user_dep: Callable,
+    user_dep: Callable[[str], Awaitable[User]],
+    superuser_or_shared_secret_dep: Callable[[str], Awaitable[User]],
 ):
     """Init organizations api router for /orgs"""
     # pylint: disable=too-many-locals,invalid-name
@@ -1520,6 +1562,20 @@ async def org_dep(oid: UUID, user: User = Depends(user_dep)):
 
         return org
 
+    async def org_superuser_or_shared_secret_dep(
+        oid: UUID, user: User = Depends(superuser_or_shared_secret_dep)
+    ):
+        org = await ops.get_org_for_user_by_id(oid, user)
+        if not org:
+            raise HTTPException(status_code=404, detail="org_not_found")
+        if not org.is_viewer(user):
+            raise HTTPException(
+                status_code=403,
+                detail="User does not have permission to view this organization",
+            )
+
+        return org
+
     async def org_crawl_dep(
         org: Organization = Depends(org_dep), user: User = Depends(user_dep)
     ):
@@ -1656,7 +1712,18 @@ async def update_quotas(
         if not user.is_superuser:
             raise HTTPException(status_code=403, detail="Not Allowed")
 
-        await ops.update_quotas(org, quotas)
+        await ops.update_quotas(org, quotas, mode="set", context=quotas.context)
+
+        return {"updated": True}
+
+    @app.post(
+        "/orgs/{oid}/quotas/add", tags=["organizations"], response_model=UpdatedResponse
+    )
+    async def update_quotas_add(
+        quotas: OrgQuotasIn,
+        org: Organization = Depends(org_superuser_or_shared_secret_dep),
+    ):
+        await ops.update_quotas(org, quotas, mode="add", context=quotas.context)
 
         return {"updated": True}