Hard-cap workspaces in free plan

[ubinatus]

Preliminary Checks

• [X] I have reviewed the documentation: https://unkey.dev/docs
• [X] I have searched for existing issues: https://github.com/unkeyed/unkey/issues
• [X] This issue is not a question, general help request, or anything other than a bug report directly related to Unkey. Please ask questions in our Discord community: https://unkey.dev/discord.

Reproduction / Replay Link (Optional)

No response

Issue Summary

Current workspaces under the Free plan are capable of use unlimited resources by just interacting with the Unkey API. There is no hard-cap that toggles the workspace enabled to false.

In the internal billing package, the QUOTA variable it's currently for the dashboard to display a banner when the user exceeded their monthly usage, but it still will let them create more resources.

https://github.com/unkeyed/unkey/blob/093875915d0838ad0742bc05b05af1bf10c48818/internal/billing/src/quota.ts#L8-L12

Steps to Reproduce

1. Create a free workspace
2. Modify the workspace usage in Tinybird to the limit (e.g. set the current month verifications to 2.5k).
3. Try to verify a key and it will be allowed even if it the workspace already exceeded the usage.

Expected behavior

Maybe there should be a hard-cap to avoid freerides from workspaces that don't have a paid plan.

A solution could be setting a workflow with a cron trigger so that in a specific interval that retrieves the free plan with exceeded usage and disables the workspaces.

• Since the Unkey's usage by workspace is held in Tinybird (for active keys, verifications and ratelimits), maybe this will require creating a custom pipe for optimization.

By disabling the workspace the Unkey API will already prevent those exceeded usages, as it throws whenever a workspace.enabled is false. https://github.com/unkeyed/unkey/blob/093875915d0838ad0742bc05b05af1bf10c48818/apps/api/src/pkg/keys/service.ts#L266-L268

Other information

No response

Screenshots

No response

Version info

- OS: Windows 95
- Node: v20.11.1
- npm: v10.2.4

[linear[bot]]

ENG-1047 Hard-cap workspaces in free plan

[perkinsjr]

We intentionally soft cap this due to the nature of the critical path. All users are warned in the application and via email when the go over, and subsequently reminded if they continue. We can disable workspaces as needed.

[ubinatus]

Hi James! Thanks for the explanation. Understood, right. Makes sense not to hard cap API keys as it indeed represents a critical path for the user. Was just pointing this issue out just in case, since I saw that the enabled workspace property was not being set in the codebase.

Yeah, saw the QUOTA being used in a banner but missed seeing how else those workspaces were notified when this usage limit was reached.