Add team capabilities to service-utils (#6641)

jnsdls · arcoraven · web-flow · commit 169ae22a8678 · 2025-04-04T12:37:23.000+08:00
Co-authored-by: Phillip Ho &lt;arcoraven@gmail.com&gt;
diff --git a/.changeset/loose-comics-serve.md b/.changeset/loose-comics-serve.md
@@ -0,0 +1,5 @@
+---
+"@thirdweb-dev/service-utils": patch
+---
+
+add team capabilities
diff --git a/apps/dashboard/src/stories/stubs.ts b/apps/dashboard/src/stories/stubs.ts
@@ -56,6 +56,40 @@ export function teamStub(id: string, billingPlan: Team["billingPlan"]): Team {
       "chainsaw",
     ],
     stripeCustomerId: "cus_1234567890",
+    capabilities: {
+      rpc: {
+        enabled: true,
+        rateLimit: 1000,
+      },
+      storage: {
+        enabled: true,
+        download: {
+          rateLimit: 1000,
+        },
+        upload: {
+          totalFileSizeBytesLimit: 1_000_000_000,
+          rateLimit: 1000,
+        },
+      },
+      bundler: {
+        enabled: true,
+        rateLimit: 1000,
+        mainnetEnabled: true,
+      },
+      insight: {
+        enabled: true,
+        rateLimit: 1000,
+      },
+      embeddedWallets: {
+        enabled: true,
+        customAuth: true,
+        customBranding: true,
+      },
+      nebula: {
+        enabled: true,
+        rateLimit: 1000,
+      },
+    },
   };
 
   return team;
diff --git a/packages/service-utils/src/core/api.ts b/packages/service-utils/src/core/api.ts
@@ -43,6 +43,45 @@ export type ApiResponse = {
   };
 };
 
+/**
+ * Stores service-specific capabilities.
+ * This type should match the schema from API server.
+ */
+type TeamCapabilities = {
+  rpc: {
+    enabled: boolean;
+    rateLimit: number;
+  };
+  insight: {
+    enabled: boolean;
+    rateLimit: number;
+  };
+  storage: {
+    enabled: boolean;
+    download: {
+      rateLimit: number;
+    };
+    upload: {
+      totalFileSizeBytesLimit: number;
+      rateLimit: number;
+    };
+  };
+  nebula: {
+    enabled: boolean;
+    rateLimit: number;
+  };
+  bundler: {
+    enabled: boolean;
+    mainnetEnabled: boolean;
+    rateLimit: number;
+  };
+  embeddedWallets: {
+    enabled: boolean;
+    customAuth: boolean;
+    customBranding: boolean;
+  };
+};
+
 export type TeamResponse = {
   id: string;
   name: string;
@@ -68,6 +107,7 @@ export type TeamResponse = {
   canCreatePublicChains: boolean | null;
   enabledScopes: ServiceName[];
   isOnboarded: boolean;
+  capabilities: TeamCapabilities;
 };
 
 export type ProjectSecretKey = {
diff --git a/packages/service-utils/src/core/authorize/index.ts b/packages/service-utils/src/core/authorize/index.ts
@@ -1,6 +1,7 @@
 import {
   type CoreServiceConfig,
   type TeamAndProjectResponse,
+  type TeamResponse,
   fetchTeamAndProject,
 } from "../api.js";
 import { authorizeClient } from "./client.js";
@@ -129,6 +130,21 @@ export async function authorize(
       errorCode: "INVALID_KEY",
     };
   }
+  // check if the service is maybe disabled for the team (usually due to a billing issue / exceeding the free plan limit)
+  if (
+    !isServiceEnabledForTeam(
+      serviceConfig.serviceScope,
+      teamAndProjectResponse.team.capabilities,
+    )
+  ) {
+    return {
+      authorized: false,
+      status: 403,
+      errorMessage:
+        "You currently do not have access to this service. Please check if your subscription includes this service and is active.",
+      errorCode: "SERVICE_TEMPORARILY_DISABLED",
+    };
+  }
   // now we can validate the key itself
   const clientAuth = authorizeClient(authData, teamAndProjectResponse);
 
@@ -161,3 +177,26 @@ export async function authorize(
     authMethod: clientAuth.authMethod,
   };
 }
+
+function isServiceEnabledForTeam(
+  scope: CoreServiceConfig["serviceScope"],
+  teamCapabilities: TeamResponse["capabilities"],
+): boolean {
+  switch (scope) {
+    case "rpc":
+      return teamCapabilities.rpc.enabled;
+    case "bundler":
+      return teamCapabilities.bundler.enabled;
+    case "storage":
+      return teamCapabilities.storage.enabled;
+    case "insight":
+      return teamCapabilities.insight.enabled;
+    case "nebula":
+      return teamCapabilities.nebula.enabled;
+    case "embeddedWallets":
+      return teamCapabilities.embeddedWallets.enabled;
+    default:
+      // always return true for any legacy / un-named services
+      return true;
+  }
+}
diff --git a/packages/service-utils/src/mocks.ts b/packages/service-utils/src/mocks.ts
@@ -59,6 +59,40 @@ export const validTeamResponse: TeamResponse = {
   canCreatePublicChains: false,
   enabledScopes: ["storage", "rpc", "bundler"],
   isOnboarded: true,
+  capabilities: {
+    rpc: {
+      enabled: true,
+      rateLimit: 1000,
+    },
+    insight: {
+      enabled: true,
+      rateLimit: 1000,
+    },
+    storage: {
+      enabled: true,
+      download: {
+        rateLimit: 1000,
+      },
+      upload: {
+        totalFileSizeBytesLimit: 1_000_000_000,
+        rateLimit: 1000,
+      },
+    },
+    nebula: {
+      enabled: true,
+      rateLimit: 1000,
+    },
+    bundler: {
+      enabled: true,
+      mainnetEnabled: true,
+      rateLimit: 1000,
+    },
+    embeddedWallets: {
+      enabled: true,
+      customAuth: true,
+      customBranding: true,
+    },
+  },
 };
 
 export const validTeamAndProjectResponse: TeamAndProjectResponse = {

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@thirdweb-dev/service-utils": patch
 +---
++
 +add team capabilities