latch-billing 0.1.2

Pure synchronous token billing core library - types, traits, and pricing models
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238

//! Quota module - defines traits for quota enforcement.
//!
//! **Design note**: Quota operations are **fail-closed** (unlike metering
//! which is fail-open). If quota check fails, the request MUST be denied.
//!
//! These are trait seams - the actual implementation is in Phase 2
//! (`tokenbill-tokio::quota_redis`).

use crate::identity::BillingSubject;
use crate::observation::MeterKind;
use std::collections::HashMap;

// ============================================================================
// Placeholder types for Phase 2
// ============================================================================
// These types are defined here as placeholders so that the trait signatures
// compile in Phase 1. The full implementation is in Phase 2.
//
// Phase 2 will expand these with proper fields.

/// Request to check if a quota allows an operation.
///
/// **Phase 2**: Will include subject, requested amount, quota type, etc.
#[derive(Debug, Clone)]
pub struct QuotaRequest {
    /// Who is being checked.
    pub subject: BillingSubject,
    /// What usage amount is being requested.
    pub requested: UsageAmount,
    /// Additional context (Phase 2).
    pub _placeholder: (),
}

/// The decision from a quota check.
#[derive(Debug, Clone)]
pub enum QuotaDecision {
    /// Request is allowed.
    Allowed {
        /// Remaining quota after this request (if known).
        remaining: Option<u64>,
    },
    /// Request is denied.
    Denied {
        /// Reason for denial.
        reason: String,
    },
}

/// Request to reserve quota (prior to consumption).
#[derive(Debug, Clone)]
pub struct ReservationRequest {
    /// Who is reserving.
    pub subject: BillingSubject,
    /// How much to reserve.
    pub amount: UsageAmount,
    /// Additional context (Phase 2).
    pub _placeholder: (),
}

/// An active reservation.
#[derive(Debug, Clone)]
pub struct Reservation {
    /// Unique reservation ID.
    pub id: String,
    /// Reserved amount.
    pub amount: UsageAmount,
    /// Additional context (Phase 2).
    pub _placeholder: (),
}

/// A usage amount for quota purposes.
///
/// Similar to `MeterSet` but used in quota context.
#[derive(Debug, Clone, Default)]
pub struct UsageAmount {
    /// Meter readings.
    pub meters: HashMap<MeterKind, u64>,
}

impl UsageAmount {
    /// Create a new empty `UsageAmount`.
    pub fn new() -> Self {
        Self {
            meters: HashMap::new(),
        }
    }

    /// Add a meter reading.
    pub fn insert(&mut self, kind: MeterKind, quantity: u64) {
        self.meters
            .entry(kind)
            .and_modify(|v| *v += quantity)
            .or_insert(quantity);
    }

    /// Get the quantity for a meter kind.
    pub fn get(&self, kind: &MeterKind) -> u64 {
        self.meters.get(kind).copied().unwrap_or(0)
    }
}

// ============================================================================
// Traits
// ============================================================================

/// Trait for synchronous quota authorization.
///
/// **Fail-closed**: If this returns `Err`, the request MUST be denied.
/// This is the opposite of metering which is fail-open.
///
/// # When to use
///
/// - Pre-request check: "Can this user afford this request?"
/// - Synchronous: must return quickly (< 10ms typically)
///
/// # Phase 2
///
/// Implementation: `RedisQuotaAuthorizer` (in `tokenbill-tokio`)
pub trait QuotaAuthorizer: Send + Sync {
    /// Check if a request is allowed under quota.
    ///
    /// # Errors
    ///
    /// - `QuotaError::ConnectionError`: fail-closed, deny request
    /// - `QuotaError::Exceeded`: quota exceeded, deny request
    /// - `QuotaError::Other`: fail-closed, deny request
    fn authorize(&self, request: &QuotaRequest) -> Result<QuotaDecision, QuotaError>;
}

/// Trait for quota reservation/commit/refund.
///
/// This is the "two-phase" quota pattern:
/// 1. `reserve()`: reserve quota before the request
/// 2. `commit()`: after request completes, commit actual usage
/// 3. `refund()`: if request fails, refund unused reservation
///
/// **Fail-closed**: All operations must succeed or the request is denied.
///
/// # Phase 2
///
/// Implementation: `RedisQuotaReservator` (in `tokenbill-tokio`)
pub trait QuotaReservator: Send + Sync {
    /// Reserve quota for a request.
    fn reserve(
        &self,
        reservation: &ReservationRequest,
    ) -> Result<Reservation, QuotaError>;

    /// Commit actual usage after request completes.
    ///
    /// `amount` is the actual usage (may be less than reserved).
    fn commit(&self, reservation_id: &str, amount: &UsageAmount)
        -> Result<(), QuotaError>;

    /// Refund an unused or partial reservation.
    fn refund(&self, reservation_id: &str, unused: &UsageAmount)
        -> Result<(), QuotaError>;
}

// ============================================================================
// Error type
// ============================================================================

/// Error type for quota operations.
///
/// **All quota errors are fail-closed** - they should result in
/// the request being denied.
#[derive(Debug, Clone)]
pub enum QuotaError {
    /// Quota exceeded.
    Exceeded {
        subject: String,
        limit: u64,
        requested: u64,
    },
    /// Connection error (e.g., Redis down).
    ConnectionError(String),
    /// Reservation not found (invalid/expired reservation ID).
    ReservationNotFound(String),
    /// Invalid reservation state.
    InvalidState(String),
    /// Generic error.
    Other(String),
}

impl std::fmt::Display for QuotaError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            QuotaError::Exceeded {
                subject,
                limit,
                requested,
            } => write!(
                f,
                "Quota exceeded for {subject}: limit={limit}, requested={requested}"
            ),
            QuotaError::ConnectionError(e) => {
                write!(f, "Quota connection error: {e}")
            }
            QuotaError::ReservationNotFound(id) => {
                write!(f, "Reservation not found: {id}")
            }
            QuotaError::InvalidState(e) => write!(f, "Invalid reservation state: {e}"),
            QuotaError::Other(e) => write!(f, "Quota error: {e}"),
        }
    }
}

impl std::error::Error for QuotaError {}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn usage_amount_insert_and_get() {
        let mut ua = UsageAmount::new();
        ua.insert(MeterKind::InputTokens, 100);
        ua.insert(MeterKind::InputTokens, 50);
        assert_eq!(ua.get(&MeterKind::InputTokens), 150);
    }

    #[test]
    fn usage_amount_default_empty() {
        let ua = UsageAmount::default();
        assert_eq!(ua.get(&MeterKind::InputTokens), 0);
    }

    #[test]
    fn quota_error_display() {
        let err = QuotaError::Exceeded {
            subject: "user-1".to_string(),
            limit: 1000,
            requested: 1500,
        };
        assert!(err.to_string().contains("exceeded"));
    }
}