feat(core): add quota guard for subject tokens (#6205)

packages/core/package.json

@@ -93,7 +93,7 @@
  "zod": "^3.22.4"
  },
  "devDependencies": {
- "@logto/cloud": "0.2.5-a7eedce",
+ "@logto/cloud": "0.2.5-3046fa6",
  "@silverhand/eslint-config": "6.0.1",
  "@silverhand/ts-config": "6.0.0",
  "@types/debug": "^4.1.7",

packages/core/src/libraries/quota.ts

@@ -73,6 +73,7 @@ export const createQuotaLibrary = (
  omniSignInEnabled: notNumber, // No limit for now
  builtInEmailConnectorEnabled: notNumber, // No limit for now
  customJwtEnabled: notNumber, // No limit for now
+ subjectTokenEnabled: notNumber, // No limit for now
  };
 
  const getTenantUsage = async (key: keyof FeatureQuota, queryKey?: string): Promise<number> => {

packages/core/src/routes/security/index.ts

@@ -6,11 +6,18 @@ import { object, string } from 'zod';
 import { subjectTokenExpiresIn, subjectTokenPrefix } from '#src/constants/index.js';
 import { EnvSet } from '#src/env-set/index.js';
 import koaGuard from '#src/middleware/koa-guard.js';
+import koaQuotaGuard from '#src/middleware/koa-quota-guard.js';
 
 import { type RouterInitArgs, type ManagementApiRouter } from '../types.js';
 
 export default function securityRoutes<T extends ManagementApiRouter>(...args: RouterInitArgs<T>) {
- const [router, { queries }] = args;
+ const [
+ router,
+ {
+ queries,
+ libraries: { quota },
+ },
+ ] = args;
  const {
  subjectTokens: { insertSubjectToken },
  } = queries;
@@ -21,6 +28,7 @@ export default function securityRoutes<T extends ManagementApiRouter>(...args: R
 
  router.post(
  '/security/subject-tokens',
+ koaQuotaGuard({ key: 'subjectTokenEnabled', quota }),
  koaGuard({
  body: object({
  userId: string(),