From de35e86426f7845538b869d3552fc7dcdc948d51 Mon Sep 17 00:00:00 2001
From: gioelecerati <50955448+gioelecerati@users.noreply.github.com>
Date: Mon, 12 Feb 2024 17:22:37 +0100
Subject: [PATCH] access-control: added refresh interval for policies (#2029)

---
 .../api/src/controllers/access-control.ts     | 25 ++++++++++---------
 packages/api/src/schema/api-schema.yaml       |  5 ++++
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/packages/api/src/controllers/access-control.ts b/packages/api/src/controllers/access-control.ts
index 7840a7bdf8..c275ec6a8e 100644
--- a/packages/api/src/controllers/access-control.ts
+++ b/packages/api/src/controllers/access-control.ts
@@ -26,11 +26,10 @@ const WEBHOOK_TIMEOUT = 30 * 1000;
 const MAX_ALLOWED_VIEWERS_FOR_FREE_TIER = 30;
 const app = Router();
 
-interface HitRecord {
-  timestamp: number;
-}
-
-const playbackHits: Record<string, HitRecord[]> = {};
+type GateConfig = {
+  refresh_interval: number;
+  rate_limit: number;
+};
 
 async function fireGateWebhook(
   webhook: DBWebhook,
@@ -133,16 +132,18 @@ app.post(
 
     const playbackPolicyType = content.playbackPolicy?.type ?? "public";
 
-    let response = {};
+    let config: Partial<GateConfig> = {};
 
     if (user.createdAt > HACKER_DISABLE_CUTOFF_DATE) {
       if (isFreeTierUser(user)) {
-        response = {
-          rateLimit: MAX_ALLOWED_VIEWERS_FOR_FREE_TIER,
-        };
+        config.rate_limit = MAX_ALLOWED_VIEWERS_FOR_FREE_TIER;
       }
     }
 
+    if (content.playbackPolicy?.refreshInterval) {
+      config.refresh_interval = content.playbackPolicy.refreshInterval;
+    }
+
     if (
       playbackPolicyType !== "public" &&
       req.body.pub === req.config.accessControlAdminPubkey &&
@@ -156,7 +157,7 @@ app.post(
     switch (playbackPolicyType) {
       case "public":
         res.status(200);
-        return res.json(response);
+        return res.json(config);
       case "jwt":
         if (!req.body.pub) {
           console.log(`
@@ -215,7 +216,7 @@ app.post(
 
         tracking.recordSigningKeyValidation(signingKey.id);
         res.status(200);
-        return res.json(response);
+        return res.json(config);
       case "webhook":
         if (!req.body.accessKey || req.body.type !== "accessKey") {
           throw new ForbiddenError(
@@ -240,7 +241,7 @@ app.post(
         );
         if (statusCode >= 200 && statusCode < 300) {
           res.status(200);
-          return res.json(response);
+          return res.json(config);
         } else if (statusCode === 0) {
           console.log(`
             access-control: gate: content with playbackId=${playbackId} is gated but webhook=${webhook.id} failed, disallowing playback
diff --git a/packages/api/src/schema/api-schema.yaml b/packages/api/src/schema/api-schema.yaml
index 8121b3a877..45463efadc 100644
--- a/packages/api/src/schema/api-schema.yaml
+++ b/packages/api/src/schema/api-schema.yaml
@@ -2044,6 +2044,11 @@ components:
           type: object
           description: User-defined webhook context
           additionalProperties: true
+        refreshInterval:
+          type: number
+          description: |
+            Interval (in seconds) at which the playback policy should be
+            refreshed (default 600 seconds)
     room:
       type: object
       required: