Rate limit apply for gateway connections

Author: shanakama

.vscode/launch.json

@@ -68,4 +68,4 @@
             ],
         },
     ]
-}
+}

platform-api/src/config/config.go

@@ -66,9 +66,11 @@ type JWT struct {
 
 // WebSocket holds WebSocket-specific configuration
 type WebSocket struct {
-	MaxConnections    int `envconfig:"WS_MAX_CONNECTIONS" default:"1000"`
-	ConnectionTimeout int `envconfig:"WS_CONNECTION_TIMEOUT" default:"30"` // seconds
-	RateLimitPerMin   int `envconfig:"WS_RATE_LIMIT_PER_MINUTE" default:"10"`
+	MaxConnections        int `envconfig:"WS_MAX_CONNECTIONS" default:"1000"`
+	ConnectionTimeout     int `envconfig:"WS_CONNECTION_TIMEOUT" default:"30"` // seconds
+	RateLimitPerMin       int `envconfig:"WS_RATE_LIMIT_PER_MINUTE" default:"10"`
+	FreeOrgMaxConnections int `envconfig:"WS_FREE_ORG_MAX_CONNECTIONS" default:"3"`
+	PaidOrgMaxConnections int `envconfig:"WS_PAID_ORG_MAX_CONNECTIONS" default:"10"`
 }
 
 // Database holds database-specific configuration

platform-api/src/internal/constants/constants.go

@@ -106,3 +106,15 @@ const (
 	AssociationTypeGateway   = "gateway"
 	AssociationTypeDevPortal = "dev_portal"
 )
+
+// Organization Tier Constants
+const (
+	OrgTierFree = "free"
+	OrgTierPaid = "paid"
+)
+
+// ValidOrgTiers Valid organization tiers
+var ValidOrgTiers = map[string]bool{
+	OrgTierFree: true,
+	OrgTierPaid: true,
+}

platform-api/src/internal/database/schema.sql

@@ -21,6 +21,7 @@ CREATE TABLE IF NOT EXISTS organizations (
     handle VARCHAR(255) UNIQUE NOT NULL,
     name VARCHAR(255) NOT NULL,
     region VARCHAR(63) NOT NULL,
+    tier VARCHAR(20) NOT NULL DEFAULT 'free' CHECK (tier IN ('free', 'paid')),
     created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
     updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
 );

platform-api/src/internal/dto/organization.go

@@ -27,6 +27,7 @@ type CreateOrganizationRequest struct {
 	Handle string `json:"handle" yaml:"handle" binding:"required"`
 	Name   string `json:"name" yaml:"name" binding:"required"`
 	Region string `json:"region" yaml:"region" binding:"required"`
+	Tier   string `json:"tier,omitempty" yaml:"tier,omitempty"`
 }
 
 // Organization represents an organization entity in the API management platform
@@ -35,6 +36,7 @@ type Organization struct {
 	Handle    string    `json:"handle" yaml:"handle"`
 	Name      string    `json:"name" yaml:"name"`
 	Region    string    `json:"region" yaml:"region"`
+	Tier      string    `json:"tier" yaml:"tier"`
 	CreatedAt time.Time `json:"createdAt" yaml:"createdAt"`
 	UpdatedAt time.Time `json:"updatedAt" yaml:"updatedAt"`
 }

platform-api/src/internal/handler/websocket.go

@@ -23,6 +23,7 @@ import (
 	"sync"
 	"time"
 
+	"platform-api/src/internal/constants"
 	"platform-api/src/internal/dto"
 	"platform-api/src/internal/service"
 	"platform-api/src/internal/utils"
@@ -36,6 +37,7 @@ import (
 type WebSocketHandler struct {
 	manager        *ws.Manager
 	gatewayService *service.GatewayService
+	orgService     *service.OrganizationService
 	upgrader       websocket.Upgrader
 
 	// Rate limiting: track connection attempts per IP
@@ -45,10 +47,12 @@ type WebSocketHandler struct {
 }
 
 // NewWebSocketHandler creates a new WebSocket handler
-func NewWebSocketHandler(manager *ws.Manager, gatewayService *service.GatewayService, rateLimitCount int) *WebSocketHandler {
+func NewWebSocketHandler(manager *ws.Manager, gatewayService *service.GatewayService,
+	orgService *service.OrganizationService, rateLimitCount int) *WebSocketHandler {
 	return &WebSocketHandler{
 		manager:        manager,
 		gatewayService: gatewayService,
+		orgService:     orgService,
 		upgrader: websocket.Upgrader{
 			CheckOrigin: func(r *http.Request) bool {
 				// TODO: Implement proper origin checking in production
@@ -93,6 +97,22 @@ func (h *WebSocketHandler) Connect(c *gin.Context) {
 		return
 	}
 
+	// Fetch organization to get tier
+	org, err := h.orgService.GetOrganizationByUUID(gateway.OrganizationID)
+	if err != nil {
+		log.Printf("[ERROR] Failed to fetch organization: gatewayID=%s orgID=%s error=%v",
+			gateway.ID, gateway.OrganizationID, err)
+		c.JSON(http.StatusInternalServerError, utils.NewErrorResponse(500, "Internal Server Error",
+			"Failed to fetch organization details"))
+		return
+	}
+
+	// Default to free tier if organization not found or tier not set
+	orgTier := constants.OrgTierFree
+	if org != nil && org.Tier != "" {
+		orgTier = org.Tier
+	}
+
 	// Upgrade HTTP connection to WebSocket
 	conn, err := h.upgrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
@@ -105,16 +125,35 @@ func (h *WebSocketHandler) Connect(c *gin.Context) {
 	transport := ws.NewWebSocketTransport(conn)
 
 	// Register connection with manager
-	connection, err := h.manager.Register(gateway.ID, transport, apiKey)
+	connection, err := h.manager.Register(gateway.ID, transport, apiKey, gateway.OrganizationID, orgTier)
 	if err != nil {
-		log.Printf("[ERROR] Connection registration failed: gatewayID=%s error=%v", gateway.ID, err)
-		// Send error message before closing
-		errorMsg := map[string]string{
-			"type":    "error",
-			"message": err.Error(),
-		}
-		if jsonErr, _ := json.Marshal(errorMsg); jsonErr != nil {
-			conn.WriteMessage(websocket.TextMessage, jsonErr)
+		log.Printf("[ERROR] Connection registration failed: gatewayID=%s orgID=%s error=%v",
+			gateway.ID, gateway.OrganizationID, err)
+
+		// Check if this is an org connection limit error
+		if orgLimitErr, ok := err.(*ws.OrgConnectionLimitError); ok {
+			errorMsg := map[string]interface{}{
+				"type":         "error",
+				"code":         "ORG_CONNECTION_LIMIT_EXCEEDED",
+				"message":      "Organization connection limit reached",
+				"currentCount": orgLimitErr.CurrentCount,
+				"maxAllowed":   orgLimitErr.MaxAllowed,
+				"tier":         orgLimitErr.Tier,
+			}
+			if jsonErr, _ := json.Marshal(errorMsg); jsonErr != nil {
+				conn.WriteMessage(websocket.TextMessage, jsonErr)
+			}
+			log.Printf("[WARN] Organization connection limit exceeded: orgID=%s tier=%s count=%d max=%d",
+				orgLimitErr.OrganizationID, orgLimitErr.Tier, orgLimitErr.CurrentCount, orgLimitErr.MaxAllowed)
+		} else {
+			// Generic error
+			errorMsg := map[string]string{
+				"type":    "error",
+				"message": err.Error(),
+			}
+			if jsonErr, _ := json.Marshal(errorMsg); jsonErr != nil {
+				conn.WriteMessage(websocket.TextMessage, jsonErr)
+			}
 		}
 		conn.Close()
 		return

platform-api/src/internal/model/organization.go

@@ -27,6 +27,7 @@ type Organization struct {
 	Handle    string    `json:"handle" db:"handle"`
 	Name      string    `json:"name" db:"name"`
 	Region    string    `json:"region" db:"region"`
+	Tier      string    `json:"tier" db:"tier"`
 	CreatedAt time.Time `json:"createdAt" db:"created_at"`
 	UpdatedAt time.Time `json:"updatedAt" db:"updated_at"`
 }

platform-api/src/internal/repository/organization.go

@@ -42,23 +42,24 @@ func (r *OrganizationRepo) CreateOrganization(org *model.Organization) error {
 	org.UpdatedAt = time.Now()
 
 	query := `
-		INSERT INTO organizations (uuid, handle, name, region, created_at, updated_at)
-		VALUES (?, ?, ?, ?, ?, ?)
+		INSERT INTO organizations (uuid, handle, name, region, tier, created_at, updated_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?)
 	`
-	_, err := r.db.Exec(r.db.Rebind(query), org.ID, org.Handle, org.Name, org.Region, org.CreatedAt, org.UpdatedAt)
+	_, err := r.db.Exec(r.db.Rebind(query), org.ID, org.Handle, org.Name, org.Region, org.Tier, org.CreatedAt, org.UpdatedAt)
+
 	return err
 }
 
 // GetOrganizationByIdOrHandle retrieves an organization by id or handle
 func (r *OrganizationRepo) GetOrganizationByIdOrHandle(id, handle string) (*model.Organization, error) {
 	org := &model.Organization{}
 	query := `
-		SELECT uuid, handle, name, region, created_at, updated_at
+		SELECT uuid, handle, name, region, tier, created_at, updated_at
 		FROM organizations
 		WHERE uuid = ? OR handle = ?
 	`
 	err := r.db.QueryRow(r.db.Rebind(query), id, handle).Scan(
-		&org.ID, &org.Handle, &org.Name, &org.Region, &org.CreatedAt, &org.UpdatedAt,
+		&org.ID, &org.Handle, &org.Name, &org.Region, &org.Tier, &org.CreatedAt, &org.UpdatedAt,
 	)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
@@ -73,12 +74,12 @@ func (r *OrganizationRepo) GetOrganizationByIdOrHandle(id, handle string) (*mode
 func (r *OrganizationRepo) GetOrganizationByUUID(orgId string) (*model.Organization, error) {
 	org := &model.Organization{}
 	query := `
-		SELECT uuid, handle, name, region, created_at, updated_at
+		SELECT uuid, handle, name, region, tier, created_at, updated_at
 		FROM organizations
 		WHERE uuid = ?
 	`
 	err := r.db.QueryRow(r.db.Rebind(query), orgId).Scan(
-		&org.ID, &org.Handle, &org.Name, &org.Region, &org.CreatedAt, &org.UpdatedAt,
+		&org.ID, &org.Handle, &org.Name, &org.Region, &org.Tier, &org.CreatedAt, &org.UpdatedAt,
 	)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
@@ -93,12 +94,12 @@ func (r *OrganizationRepo) GetOrganizationByUUID(orgId string) (*model.Organizat
 func (r *OrganizationRepo) GetOrganizationByHandle(handle string) (*model.Organization, error) {
 	org := &model.Organization{}
 	query := `
-		SELECT uuid, handle, name, region, created_at, updated_at
+		SELECT uuid, handle, name, region, tier, created_at, updated_at
 		FROM organizations
 		WHERE handle = ?
 	`
 	err := r.db.QueryRow(r.db.Rebind(query), handle).Scan(
-		&org.ID, &org.Handle, &org.Name, &org.Region, &org.CreatedAt, &org.UpdatedAt,
+		&org.ID, &org.Handle, &org.Name, &org.Region, &org.Tier, &org.CreatedAt, &org.UpdatedAt,
 	)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
@@ -114,10 +115,11 @@ func (r *OrganizationRepo) UpdateOrganization(org *model.Organization) error {
 	org.UpdatedAt = time.Now()
 	query := `
 		UPDATE organizations
-		SET handle = ?, name = ?, region = ?, updated_at = ?
+		SET handle = ?, name = ?, region = ?, tier = ?, updated_at = ?
 		WHERE uuid = ?
 	`
-	_, err := r.db.Exec(r.db.Rebind(query), org.Handle, org.Name, org.Region, org.UpdatedAt, org.ID)
+	_, err := r.db.Exec(r.db.Rebind(query), org.Handle, org.Name, org.Region, org.Tier, org.UpdatedAt, org.ID)
+
 	return err
 }
 
@@ -131,7 +133,7 @@ func (r *OrganizationRepo) DeleteOrganization(orgId string) error {
 // ListOrganizations retrieves organizations with pagination
 func (r *OrganizationRepo) ListOrganizations(limit, offset int) ([]*model.Organization, error) {
 	query := `
-		SELECT uuid, handle, name, region, created_at, updated_at
+		SELECT uuid, handle, name, region, tier, created_at, updated_at
 		FROM organizations
 		ORDER BY created_at DESC
 		LIMIT ? OFFSET ?
@@ -145,7 +147,7 @@ func (r *OrganizationRepo) ListOrganizations(limit, offset int) ([]*model.Organi
 	var organizations []*model.Organization
 	for rows.Next() {
 		org := &model.Organization{}
-		err := rows.Scan(&org.ID, &org.Handle, &org.Name, &org.Region, &org.CreatedAt, &org.UpdatedAt)
+		err := rows.Scan(&org.ID, &org.Handle, &org.Name, &org.Region, &org.Tier, &org.CreatedAt, &org.UpdatedAt)
 		if err != nil {
 			return nil, err
 		}

platform-api/src/internal/server/server.go

@@ -79,9 +79,11 @@ func StartPlatformAPIServer(cfg *config.Server) (*Server, error) {
 
 	// Initialize WebSocket manager first (needed for GatewayEventsService)
 	wsConfig := websocket.ManagerConfig{
-		MaxConnections:    cfg.WebSocket.MaxConnections,
-		HeartbeatInterval: 20 * time.Second,
-		HeartbeatTimeout:  time.Duration(cfg.WebSocket.ConnectionTimeout) * time.Second,
+		MaxConnections:        cfg.WebSocket.MaxConnections,
+		HeartbeatInterval:     20 * time.Second,
+		HeartbeatTimeout:      time.Duration(cfg.WebSocket.ConnectionTimeout) * time.Second,
+		FreeOrgMaxConnections: cfg.WebSocket.FreeOrgMaxConnections,
+		PaidOrgMaxConnections: cfg.WebSocket.PaidOrgMaxConnections,
 	}
 	wsManager := websocket.NewManager(wsConfig)
 
@@ -109,7 +111,7 @@ func StartPlatformAPIServer(cfg *config.Server) (*Server, error) {
 	apiHandler := handler.NewAPIHandler(apiService)
 	devPortalHandler := handler.NewDevPortalHandler(devPortalService)
 	gatewayHandler := handler.NewGatewayHandler(gatewayService)
-	wsHandler := handler.NewWebSocketHandler(wsManager, gatewayService, cfg.WebSocket.RateLimitPerMin)
+	wsHandler := handler.NewWebSocketHandler(wsManager, gatewayService, orgService, cfg.WebSocket.RateLimitPerMin)
 	internalGatewayHandler := handler.NewGatewayInternalAPIHandler(gatewayService, internalGatewayService)
 	gitHandler := handler.NewGitHandler(gitService)
 	deploymentHandler := handler.NewDeploymentHandler(deploymentService)
@@ -145,8 +147,9 @@ func StartPlatformAPIServer(cfg *config.Server) (*Server, error) {
 	gitHandler.RegisterRoutes(router)
 	deploymentHandler.RegisterRoutes(router)
 
-	log.Printf("[INFO] WebSocket manager initialized: maxConnections=%d heartbeatTimeout=%ds rateLimitPerMin=%d",
-		cfg.WebSocket.MaxConnections, cfg.WebSocket.ConnectionTimeout, cfg.WebSocket.RateLimitPerMin)
+	log.Printf("[INFO] WebSocket manager initialized: maxConnections=%d heartbeatTimeout=%ds rateLimitPerMin=%d freeOrgMaxConns=%d paidOrgMaxConns=%d",
+		cfg.WebSocket.MaxConnections, cfg.WebSocket.ConnectionTimeout, cfg.WebSocket.RateLimitPerMin,
+		cfg.WebSocket.FreeOrgMaxConnections, cfg.WebSocket.PaidOrgMaxConnections)
 
 	return &Server{
 		router:      router,

platform-api/src/internal/service/organization.go

@@ -49,6 +49,10 @@ func NewOrganizationService(orgRepo repository.OrganizationRepository,
 }
 
 func (s *OrganizationService) RegisterOrganization(id string, handle string, name string, region string) (*dto.Organization, error) {
+	return s.RegisterOrganizationWithTier(id, handle, name, region, constants.OrgTierFree)
+}
+
+func (s *OrganizationService) RegisterOrganizationWithTier(id string, handle string, name string, region string, tier string) (*dto.Organization, error) {
 	// Validate handle is URL friendly
 	if !s.isURLFriendly(handle) {
 		return nil, constants.ErrInvalidHandle
@@ -70,12 +74,18 @@ func (s *OrganizationService) RegisterOrganization(id string, handle string, nam
 		name = handle // Default name to handle if not provided
 	}
 
+	// Default tier to free if not specified or invalid
+	if tier == "" || !constants.ValidOrgTiers[tier] {
+		tier = constants.OrgTierFree
+	}
+
 	// Create organization in platform-api database first
 	org := &dto.Organization{
 		ID:        id,
 		Handle:    handle,
 		Name:      name,
 		Region:    region,
+		Tier:      tier,
 		CreatedAt: time.Now(),
 		UpdatedAt: time.Now(),
 	}
@@ -151,6 +161,7 @@ func (s *OrganizationService) dtoToModel(dto *dto.Organization) *model.Organizat
 		Handle:    dto.Handle,
 		Name:      dto.Name,
 		Region:    dto.Region,
+		Tier:      dto.Tier,
 		CreatedAt: dto.CreatedAt,
 		UpdatedAt: dto.UpdatedAt,
 	}
@@ -166,6 +177,7 @@ func (s *OrganizationService) modelToDTO(model *model.Organization) *dto.Organiz
 		Handle:    model.Handle,
 		Name:      model.Name,
 		Region:    model.Region,
+		Tier:      model.Tier,
 		CreatedAt: model.CreatedAt,
 		UpdatedAt: model.UpdatedAt,
 	}