fix: respect app quota status

2025-06-14 20:41:18 -04:00 · 2025-06-14 20:41:18 -04:00 · 9bb5f38f76
commit 9bb5f38f76
parent 39574df691
2 changed files with 14 additions and 2 deletions
--- a/crates/app/src/routes/api/v1/apps.rs
+++ b/crates/app/src/routes/api/v1/apps.rs
@ -9,7 +9,7 @@ use crate::{
 use axum::{Extension, Json, extract::Path, response::IntoResponse};
 use axum_extra::extract::CookieJar;
 use tetratto_core::model::{
-    apps::ThirdPartyApp,
+    apps::{AppQuota, ThirdPartyApp},
    oauth::{AuthGrant, PkceChallengeMethod},
    permissions::FinePermission,
    ApiReturn, Error,
@ -202,6 +202,18 @@ pub async fn grant_request(
        return Json(Error::MiscError("This app already has a grant".to_string()).into());
    }

+    // check number of existing grants
+    if app.quota_status == AppQuota::Limited && app.grants >= 5 {
+        return Json(
+            Error::MiscError(
+                "This app has reached its limit. Tell the owner to apply for an extension"
+                    .to_string(),
+            )
+            .into(),
+        );
+    }
+
+    // ...
    let grant = AuthGrant {
        app: app.id,
        challenge: req.challenge,
--- a/crates/core/src/model/oauth.rs
+++ b/crates/core/src/model/oauth.rs
@ -38,7 +38,7 @@ pub enum PkceChallengeMethod {

 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 pub enum AppScope {
-    /// Read the profile of other user's on behalf of the user.
+    /// Read the profile of other users on behalf of the user.
    UserReadProfiles,
    /// Read the user's profile (username, bio, etc).
    UserReadProfile,