Add api usage tracking migration

lovable-dev[bot] · lovable-dev[bot] · commit 0e3b167c5186 · 2025-12-09T08:01:07.000Z
- Apply new 20251209074024_api_usage_tracking.sql to enable API usage tracking
- Create api_usage_logs table, add daily counters to tenants, and related indices/policies
- Prepare for per-tenant rate limiting and usage auditing across tenants

X-Lovable-Edit-ID: edt-94a767c9-1004-4865-a1b2-fd6b1da9f3cc
diff --git a/src/hooks/useQRMMetrics.ts b/src/hooks/useQRMMetrics.ts
@@ -39,7 +39,7 @@ export function useCellQRMMetrics(
       );
 
       if (rpcError) throw rpcError;
-      setMetrics(data as CellQRMMetrics);
+      setMetrics(data as unknown as CellQRMMetrics);
     } catch (err) {
       setError(err as Error);
       logger.error("Failed to fetch cell QRM metrics", err, {
@@ -138,7 +138,7 @@ export function useNextCellCapacity(
       );
 
       if (rpcError) throw rpcError;
-      setCapacity(data as NextCellCapacity);
+      setCapacity(data as unknown as NextCellCapacity);
     } catch (err) {
       setError(err as Error);
       logger.error("Failed to check next cell capacity", err, {
diff --git a/src/hooks/useRealtimeSubscription.ts b/src/hooks/useRealtimeSubscription.ts
@@ -146,8 +146,8 @@ export function useRealtimeSubscription(options: RealtimeSubscriptionOptions): v
       }
 
       channel = channel.on(
-        'postgres_changes',
-        config,
+        'postgres_changes' as any,
+        config as any,
         (payload: RealtimePostgresChangesPayload<Record<string, unknown>>) => {
           logger.debug('Realtime change received', {
             operation: 'useRealtimeSubscription',
diff --git a/src/integrations/supabase/types.ts b/src/integrations/supabase/types.ts
@@ -125,6 +125,51 @@ export type Database = {
         }
         Relationships: []
       }
+      api_usage_logs: {
+        Row: {
+          api_key_id: string | null
+          created_at: string | null
+          date: string
+          id: string
+          requests_count: number | null
+          tenant_id: string
+          updated_at: string | null
+        }
+        Insert: {
+          api_key_id?: string | null
+          created_at?: string | null
+          date?: string
+          id?: string
+          requests_count?: number | null
+          tenant_id: string
+          updated_at?: string | null
+        }
+        Update: {
+          api_key_id?: string | null
+          created_at?: string | null
+          date?: string
+          id?: string
+          requests_count?: number | null
+          tenant_id?: string
+          updated_at?: string | null
+        }
+        Relationships: [
+          {
+            foreignKeyName: "api_usage_logs_api_key_id_fkey"
+            columns: ["api_key_id"]
+            isOneToOne: false
+            referencedRelation: "api_keys"
+            referencedColumns: ["id"]
+          },
+          {
+            foreignKeyName: "api_usage_logs_tenant_id_fkey"
+            columns: ["tenant_id"]
+            isOneToOne: false
+            referencedRelation: "tenants"
+            referencedColumns: ["id"]
+          },
+        ]
+      }
       assignments: {
         Row: {
           assigned_by: string
@@ -2731,6 +2776,8 @@ export type Database = {
       tenants: {
         Row: {
           abbreviation: string | null
+          api_requests_reset_at: string | null
+          api_requests_today: number | null
           auto_stop_tracking: boolean | null
           billing_country_code: string | null
           billing_email: string | null
@@ -2779,6 +2826,8 @@ export type Database = {
         }
         Insert: {
           abbreviation?: string | null
+          api_requests_reset_at?: string | null
+          api_requests_today?: number | null
           auto_stop_tracking?: boolean | null
           billing_country_code?: string | null
           billing_email?: string | null
@@ -2827,6 +2876,8 @@ export type Database = {
         }
         Update: {
           abbreviation?: string | null
+          api_requests_reset_at?: string | null
+          api_requests_today?: number | null
           auto_stop_tracking?: boolean | null
           billing_country_code?: string | null
           billing_email?: string | null
@@ -3277,6 +3328,15 @@ export type Database = {
           unique_users: number
         }[]
       }
+      get_api_usage_stats: {
+        Args: { p_tenant_id?: string }
+        Returns: {
+          daily_limit: number
+          reset_at: string
+          this_month_requests: number
+          today_requests: number
+        }[]
+      }
       get_cell_qrm_metrics: {
         Args: { cell_id_param: string; tenant_id_param: string }
         Returns: Json
@@ -3460,6 +3520,10 @@ export type Database = {
         }
         Returns: boolean
       }
+      increment_api_usage: {
+        Args: { p_api_key_id?: string; p_tenant_id: string }
+        Returns: number
+      }
       is_demo_mode: { Args: { p_tenant_id: string }; Returns: boolean }
       is_root_admin: { Args: never; Returns: boolean }
       list_all_tenants: {
diff --git a/src/pages/common/MyPlan.tsx b/src/pages/common/MyPlan.tsx
@@ -73,7 +73,7 @@ const getPricingTiers = (t: (key: string) => string) => [
   },
 ];
 
-export const MyPlan: React.FC = () => {
+const MyPlan: React.FC = () => {
   const { t } = useTranslation();
   const {
     subscription,
@@ -406,3 +406,5 @@ export const MyPlan: React.FC = () => {
     </div>
   );
 };
+
+export default MyPlan;
diff --git a/src/pages/common/index.ts b/src/pages/common/index.ts
@@ -2,7 +2,7 @@
 export { default as About } from './About';
 export { default as ApiDocs } from './ApiDocs';
 export { default as Help } from './Help';
-export { MyPlan } from './MyPlan';
+export { default as MyPlan } from './MyPlan';
 export { default as Pricing } from './Pricing';
 export { default as PrivacyPolicy } from './PrivacyPolicy';
 export { default as SubscriptionBlocked } from './SubscriptionBlocked';
diff --git a/supabase/functions/_shared/handler.ts b/supabase/functions/_shared/handler.ts
@@ -101,6 +101,7 @@ export function createApiHandler(
         tenantId: "",
         apiKeyId: "",
         keyPrefix: "",
+        plan: "free",
       };
 
       // Authenticate unless public endpoint
diff --git a/supabase/functions/_shared/validation/errorHandler.ts b/supabase/functions/_shared/validation/errorHandler.ts
@@ -203,13 +203,13 @@ export function handleError(error: unknown): Response {
   // Rate limit errors (429)
   if (error instanceof RateLimitError) {
     const rateLimitHeaders = getRateLimitHeaders(error.rateLimitResult);
-    const body: ApiErrorResponse = {
+    const body = {
       success: false,
       error: {
         code: "RATE_LIMIT_EXCEEDED",
         message: error.message,
         statusCode: 429,
-        details: {
+        rateLimitInfo: {
           remaining: error.rateLimitResult.remaining,
           resetAt: new Date(error.rateLimitResult.resetAt).toISOString(),
           retryAfter: error.rateLimitResult.retryAfter,
diff --git a/supabase/migrations/20251209080006_960ebbd1-7c63-4a4b-a4b8-23122105b552.sql b/supabase/migrations/20251209080006_960ebbd1-7c63-4a4b-a4b8-23122105b552.sql
@@ -0,0 +1,131 @@
+-- API Usage Tracking Migration
+-- Adds daily API usage tracking for plan-based rate limiting
+
+-- Add API usage columns to tenants table for current day tracking
+ALTER TABLE public.tenants
+ADD COLUMN IF NOT EXISTS api_requests_today INTEGER DEFAULT 0,
+ADD COLUMN IF NOT EXISTS api_requests_reset_at TIMESTAMPTZ DEFAULT (CURRENT_DATE + INTERVAL '1 day');
+
+-- Create API usage logs table for historical tracking
+CREATE TABLE IF NOT EXISTS public.api_usage_logs (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  tenant_id UUID NOT NULL REFERENCES public.tenants(id) ON DELETE CASCADE,
+  api_key_id UUID REFERENCES public.api_keys(id) ON DELETE SET NULL,
+  date DATE NOT NULL DEFAULT CURRENT_DATE,
+  requests_count INTEGER DEFAULT 0,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+  UNIQUE(tenant_id, date)
+);
+
+-- Index for efficient lookups
+CREATE INDEX IF NOT EXISTS idx_api_usage_logs_tenant_date
+ON public.api_usage_logs(tenant_id, date DESC);
+
+-- RLS policies for api_usage_logs
+ALTER TABLE public.api_usage_logs ENABLE ROW LEVEL SECURITY;
+
+-- Users can view their own tenant's usage
+CREATE POLICY "Users can view own tenant API usage"
+ON public.api_usage_logs
+FOR SELECT
+USING (tenant_id = public.get_user_tenant_id());
+
+-- Service role can insert/update
+CREATE POLICY "Service role can manage API usage"
+ON public.api_usage_logs
+FOR ALL
+USING (auth.role() = 'service_role');
+
+-- Function to increment API usage (called from Edge Functions)
+CREATE OR REPLACE FUNCTION public.increment_api_usage(
+  p_tenant_id UUID,
+  p_api_key_id UUID DEFAULT NULL
+)
+RETURNS INTEGER
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+  v_today DATE := CURRENT_DATE;
+  v_new_count INTEGER;
+BEGIN
+  -- Upsert into daily usage log
+  INSERT INTO public.api_usage_logs (tenant_id, api_key_id, date, requests_count)
+  VALUES (p_tenant_id, p_api_key_id, v_today, 1)
+  ON CONFLICT (tenant_id, date)
+  DO UPDATE SET
+    requests_count = api_usage_logs.requests_count + 1,
+    updated_at = NOW()
+  RETURNING requests_count INTO v_new_count;
+
+  -- Also update tenant's current day counter
+  UPDATE public.tenants
+  SET
+    api_requests_today = CASE
+      WHEN api_requests_reset_at < NOW() THEN 1
+      ELSE api_requests_today + 1
+    END,
+    api_requests_reset_at = CASE
+      WHEN api_requests_reset_at < NOW() THEN CURRENT_DATE + INTERVAL '1 day'
+      ELSE api_requests_reset_at
+    END
+  WHERE id = p_tenant_id;
+
+  RETURN v_new_count;
+END;
+$$;
+
+-- Function to get current usage for a tenant
+CREATE OR REPLACE FUNCTION public.get_api_usage_stats(
+  p_tenant_id UUID DEFAULT NULL
+)
+RETURNS TABLE(
+  today_requests INTEGER,
+  this_month_requests BIGINT,
+  reset_at TIMESTAMPTZ,
+  daily_limit INTEGER
+)
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public
+AS $$
+DECLARE
+  v_tenant_id UUID := COALESCE(p_tenant_id, public.get_user_tenant_id());
+  v_plan TEXT;
+  v_daily_limit INTEGER;
+BEGIN
+  -- Get tenant plan
+  SELECT t.plan INTO v_plan
+  FROM public.tenants t
+  WHERE t.id = v_tenant_id;
+
+  -- Determine daily limit based on plan
+  v_daily_limit := CASE v_plan
+    WHEN 'free' THEN 100
+    WHEN 'pro' THEN 1000
+    WHEN 'premium' THEN 10000
+    WHEN 'enterprise' THEN NULL -- unlimited
+    ELSE 100
+  END;
+
+  RETURN QUERY
+  SELECT
+    COALESCE(t.api_requests_today, 0)::INTEGER as today_requests,
+    COALESCE((
+      SELECT SUM(requests_count)
+      FROM api_usage_logs
+      WHERE tenant_id = v_tenant_id
+      AND date >= DATE_TRUNC('month', CURRENT_DATE)
+    ), 0)::BIGINT as this_month_requests,
+    t.api_requests_reset_at as reset_at,
+    v_daily_limit as daily_limit
+  FROM public.tenants t
+  WHERE t.id = v_tenant_id;
+END;
+$$;
+
+-- Grant execute permissions
+GRANT EXECUTE ON FUNCTION public.increment_api_usage TO service_role;
+GRANT EXECUTE ON FUNCTION public.get_api_usage_stats TO authenticated;
