From 1da3f7770fae6e6df2eff710e79de2dd831da985 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Tue, 6 Dec 2022 10:45:04 +0000
Subject: [PATCH] feat (projects): auth session limit

Add endpoint on project to set max number of sessions for project users.
---
 app/controllers/api/projects.php | 31 +++++++++++++++++++++++++++++++
 app/init.php                     |  1 +
 2 files changed, 32 insertions(+)

diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 1fc60c3725..d48fe20deb 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -576,6 +576,37 @@ App::patch('/v1/projects/:projectId/auth/:method')
         $response->dynamic($project, Response::MODEL_PROJECT);
     });
 
+App::patch('/v1/projects/:projectId/auth/max-sessions')
+    ->desc('Update Project users limit')
+    ->groups(['api', 'projects'])
+    ->label('scope', 'projects.write')
+    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
+    ->label('sdk.namespace', 'projects')
+    ->label('sdk.method', 'updateAuthLimit')
+    ->label('sdk.response.code', Response::STATUS_CODE_OK)
+    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
+    ->label('sdk.response.model', Response::MODEL_PROJECT)
+    ->param('projectId', '', new UID(), 'Project unique ID.')
+    ->param('limit', false, new Range(1, APP_LIMIT_USER_SESSIONS), 'Set the max number of users allowed in this project. Use 0 for unlimited.')
+    ->inject('response')
+    ->inject('dbForConsole')
+    ->action(function (string $projectId, int $limit, Response $response, Database $dbForConsole) {
+
+        $project = $dbForConsole->getDocument('projects', $projectId);
+
+        if ($project->isEmpty()) {
+            throw new Exception(Exception::PROJECT_NOT_FOUND);
+        }
+
+        $auths = $project->getAttribute('auths', []);
+        $auths['max-sessions'] = $limit;
+
+        $dbForConsole->updateDocument('projects', $project->getId(), $project
+            ->setAttribute('auths', $auths));
+
+        $response->dynamic($project, Response::MODEL_PROJECT);
+    });
+
 App::delete('/v1/projects/:projectId')
     ->desc('Delete Project')
     ->groups(['api', 'projects'])
diff --git a/app/init.php b/app/init.php
index ef9246e362..00423f5578 100644
--- a/app/init.php
+++ b/app/init.php
@@ -84,6 +84,7 @@ const APP_MODE_ADMIN = 'admin';
 const APP_PAGING_LIMIT = 12;
 const APP_LIMIT_COUNT = 5000;
 const APP_LIMIT_USERS = 10000;
+const APP_LIMIT_USER_SESSIONS = 10;
 const APP_LIMIT_ANTIVIRUS = 20000000; //20MB
 const APP_LIMIT_ENCRYPTION = 20000000; //20MB
 const APP_LIMIT_COMPRESSION = 20000000; //20MB