improvement(billing): add billing enforcement for webhook executions, consolidate helpers (#975)

* fix(billing): clinet-side envvar for billing

* remove unrelated files

* fix(billing): add billing enforcement for webhook executions, consolidate implementation

* cleanup

* add back server envvar

Author: waleedlatif1

apps/sim/app/api/billing/update-cost/route.ts

@@ -2,43 +2,23 @@ import crypto from 'crypto'
 import { eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
+import { checkInternalApiKey } from '@/lib/copilot/utils'
 import { env } from '@/lib/env'
-import { isProd } from '@/lib/environment'
+import { isBillingEnabled, isProd } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { db } from '@/db'
 import { userStats } from '@/db/schema'
 import { calculateCost } from '@/providers/utils'
 
 const logger = createLogger('billing-update-cost')
 
-// Schema for the request body
 const UpdateCostSchema = z.object({
   userId: z.string().min(1, 'User ID is required'),
   input: z.number().min(0, 'Input tokens must be a non-negative number'),
   output: z.number().min(0, 'Output tokens must be a non-negative number'),
   model: z.string().min(1, 'Model is required'),
 })
 
-// Authentication function (reused from copilot/methods route)
-function checkInternalApiKey(req: NextRequest) {
-  const apiKey = req.headers.get('x-api-key')
-  const expectedApiKey = env.INTERNAL_API_SECRET
-
-  if (!expectedApiKey) {
-    return { success: false, error: 'Internal API key not configured' }
-  }
-
-  if (!apiKey) {
-    return { success: false, error: 'API key required' }
-  }
-
-  if (apiKey !== expectedApiKey) {
-    return { success: false, error: 'Invalid API key' }
-  }
-
-  return { success: true }
-}
-
 /**
  * POST /api/billing/update-cost
  * Update user cost based on token usage with internal API key auth
@@ -50,6 +30,19 @@ export async function POST(req: NextRequest) {
   try {
     logger.info(`[${requestId}] Update cost request started`)
 
+    if (!isBillingEnabled) {
+      logger.debug(`[${requestId}] Billing is disabled, skipping cost update`)
+      return NextResponse.json({
+        success: true,
+        message: 'Billing disabled, cost update skipped',
+        data: {
+          billingEnabled: false,
+          processedAt: new Date().toISOString(),
+          requestId,
+        },
+      })
+    }
+
     // Check authentication (internal API key)
     const authResult = checkInternalApiKey(req)
     if (!authResult.success) {

apps/sim/app/api/chat/route.test.ts

@@ -246,7 +246,10 @@ describe('Chat API Route', () => {
           NEXT_PUBLIC_APP_URL: 'http://localhost:3000',
         },
         isTruthy: (value: string | boolean | number | undefined) =>
-          typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
+          typeof value === 'string'
+            ? value.toLowerCase() === 'true' || value === '1'
+            : Boolean(value),
+        getEnv: (variable: string) => process.env[variable],
       }))
 
       const validData = {
@@ -291,6 +294,7 @@ describe('Chat API Route', () => {
         },
         isTruthy: (value: string | boolean | number | undefined) =>
           typeof value === 'string' ? value === 'true' || value === '1' : Boolean(value),
+        getEnv: (variable: string) => process.env[variable],
       }))
 
       const validData = {

apps/sim/app/api/copilot/methods/route.ts

@@ -2,7 +2,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { copilotToolRegistry } from '@/lib/copilot/tools/server-tools/registry'
 import type { NotificationStatus } from '@/lib/copilot/types'
-import { env } from '@/lib/env'
+import { checkInternalApiKey } from '@/lib/copilot/utils'
 import { createLogger } from '@/lib/logs/console/logger'
 import { getRedisClient } from '@/lib/redis'
 import { createErrorResponse } from '@/app/api/copilot/methods/utils'
@@ -240,33 +240,12 @@ async function interruptHandler(toolCallId: string): Promise<{
   }
 }
 
-// Schema for method execution
 const MethodExecutionSchema = z.object({
   methodId: z.string().min(1, 'Method ID is required'),
   params: z.record(z.any()).optional().default({}),
   toolCallId: z.string().nullable().optional().default(null),
 })
 
-// Simple internal API key authentication
-function checkInternalApiKey(req: NextRequest) {
-  const apiKey = req.headers.get('x-api-key')
-  const expectedApiKey = env.INTERNAL_API_SECRET
-
-  if (!expectedApiKey) {
-    return { success: false, error: 'Internal API key not configured' }
-  }
-
-  if (!apiKey) {
-    return { success: false, error: 'API key required' }
-  }
-
-  if (apiKey !== expectedApiKey) {
-    return { success: false, error: 'Invalid API key' }
-  }
-
-  return { success: true }
-}
-
 /**
  * POST /api/copilot/methods
  * Execute a method based on methodId with internal API key auth

apps/sim/app/api/webhooks/trigger/[path]/route.ts

@@ -1,6 +1,7 @@
 import { tasks } from '@trigger.dev/sdk/v3'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
+import { checkServerSideUsageLimits } from '@/lib/billing'
 import { createLogger } from '@/lib/logs/console/logger'
 import {
   handleSlackChallenge,
@@ -245,7 +246,44 @@ export async function POST(
     // Continue processing - better to risk rate limit bypass than fail webhook
   }
 
-  // --- PHASE 4: Queue webhook execution via trigger.dev ---
+  // --- PHASE 4: Usage limit check ---
+  try {
+    const usageCheck = await checkServerSideUsageLimits(foundWorkflow.userId)
+    if (usageCheck.isExceeded) {
+      logger.warn(
+        `[${requestId}] User ${foundWorkflow.userId} has exceeded usage limits. Skipping webhook execution.`,
+        {
+          currentUsage: usageCheck.currentUsage,
+          limit: usageCheck.limit,
+          workflowId: foundWorkflow.id,
+          provider: foundWebhook.provider,
+        }
+      )
+
+      // Return 200 to prevent webhook provider retries, but indicate usage limit exceeded
+      if (foundWebhook.provider === 'microsoftteams') {
+        // Microsoft Teams requires specific response format
+        return NextResponse.json({
+          type: 'message',
+          text: 'Usage limit exceeded. Please upgrade your plan to continue.',
+        })
+      }
+
+      // Simple error response for other providers (return 200 to prevent retries)
+      return NextResponse.json({ message: 'Usage limit exceeded' }, { status: 200 })
+    }
+
+    logger.debug(`[${requestId}] Usage limit check passed for webhook`, {
+      provider: foundWebhook.provider,
+      currentUsage: usageCheck.currentUsage,
+      limit: usageCheck.limit,
+    })
+  } catch (usageError) {
+    logger.error(`[${requestId}] Error checking webhook usage limits:`, usageError)
+    // Continue processing - better to risk usage limit bypass than fail webhook
+  }
+
+  // --- PHASE 5: Queue webhook execution via trigger.dev ---
   try {
     // Queue the webhook execution task
     const handle = await tasks.trigger('webhook-execution', {

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/components/settings-navigation/settings-navigation.tsx

@@ -8,7 +8,7 @@ import {
   UserCircle,
   Users,
 } from 'lucide-react'
-import { getEnv } from '@/lib/env'
+import { isBillingEnabled } from '@/lib/environment'
 import { cn } from '@/lib/utils'
 import { useSubscriptionStore } from '@/stores/subscription/store'
 
@@ -98,9 +98,6 @@ export function SettingsNavigation({
   const { getSubscriptionStatus } = useSubscriptionStore()
   const subscription = getSubscriptionStatus()
 
-  // Get billing status
-  const isBillingEnabled = getEnv('NEXT_PUBLIC_BILLING_ENABLED') || false
-
   const navigationItems = allNavigationItems.filter((item) => {
     if (item.hideWhenBillingDisabled && !isBillingEnabled) {
       return false

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx

@@ -3,7 +3,7 @@
 import { useEffect, useRef, useState } from 'react'
 import { X } from 'lucide-react'
 import { Button, Dialog, DialogContent, DialogHeader, DialogTitle } from '@/components/ui'
-import { getEnv } from '@/lib/env'
+import { isBillingEnabled } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { cn } from '@/lib/utils'
 import {
@@ -44,9 +44,6 @@ export function SettingsModal({ open, onOpenChange }: SettingsModalProps) {
   const { activeOrganization } = useOrganizationStore()
   const hasLoadedInitialData = useRef(false)
 
-  // Get billing status
-  const isBillingEnabled = getEnv('NEXT_PUBLIC_BILLING_ENABLED') || false
-
   useEffect(() => {
     async function loadAllSettings() {
       if (!open) return

apps/sim/app/workspace/[workspaceId]/w/components/sidebar/sidebar.tsx

@@ -5,7 +5,7 @@ import { HelpCircle, LibraryBig, ScrollText, Search, Settings, Shapes } from 'lu
 import { useParams, usePathname, useRouter } from 'next/navigation'
 import { Button, ScrollArea, Tooltip, TooltipContent, TooltipTrigger } from '@/components/ui'
 import { useSession } from '@/lib/auth-client'
-import { getEnv } from '@/lib/env'
+import { isBillingEnabled } from '@/lib/environment'
 import { createLogger } from '@/lib/logs/console/logger'
 import { generateWorkspaceName } from '@/lib/naming'
 import { cn } from '@/lib/utils'
@@ -196,9 +196,6 @@ export function Sidebar() {
   const userPermissions = useUserPermissionsContext()
   const isLoading = workflowsLoading || sessionLoading
 
-  // Get billing status
-  const isBillingEnabled = getEnv('NEXT_PUBLIC_BILLING_ENABLED') || false
-
   // Add state to prevent multiple simultaneous workflow creations
   const [isCreatingWorkflow, setIsCreatingWorkflow] = useState(false)
   // Add state to prevent multiple simultaneous workspace creations

apps/sim/lib/billing/calculations/usage-monitor.ts

@@ -187,7 +187,7 @@ export async function checkServerSideUsageLimits(userId: string): Promise<{
       return {
         isExceeded: false,
         currentUsage: 0,
-        limit: 1000,
+        limit: 99999,
       }
     }
 

apps/sim/lib/billing/subscriptions/utils.test.ts

@@ -8,6 +8,9 @@ vi.mock('@/lib/env', () => ({
     TEAM_TIER_COST_LIMIT: 40,
     ENTERPRISE_TIER_COST_LIMIT: 200,
   },
+  isTruthy: (value: string | boolean | number | undefined) =>
+    typeof value === 'string' ? value.toLowerCase() === 'true' || value === '1' : Boolean(value),
+  getEnv: (variable: string) => process.env[variable],
 }))
 
 describe('Subscription Utilities', () => {

apps/sim/lib/copilot/utils.ts

@@ -0,0 +1,21 @@
+import type { NextRequest } from 'next/server'
+import { env } from '@/lib/env'
+
+export function checkInternalApiKey(req: NextRequest) {
+  const apiKey = req.headers.get('x-api-key')
+  const expectedApiKey = env.INTERNAL_API_SECRET
+
+  if (!expectedApiKey) {
+    return { success: false, error: 'Internal API key not configured' }
+  }
+
+  if (!apiKey) {
+    return { success: false, error: 'API key required' }
+  }
+
+  if (apiKey !== expectedApiKey) {
+    return { success: false, error: 'Invalid API key' }
+  }
+
+  return { success: true }
+}