Add pricing matrix

2026-02-28 07:46:36 +00:00 · 2026-02-09 18:04:18 -08:00
parent 2a10cb4e6d
commit b2f54044b0
8 changed files with 148 additions and 41 deletions
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -13,6 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { getUserDeviceName } from "@server/db/names";
 import { build } from "@server/build";
 import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
+import { tierMatrix } from "@server/lib/billing/tierMatrix";

 const getClientSchema = z.strictObject({
    clientId: z
@@ -327,7 +328,8 @@ export async function getClient(
            client.currentFingerprint
        );
        const isOrgLicensed = await isLicensedOrSubscribed(
-            client.clients.orgId
+            client.clients.orgId,
+            tierMatrix.devicePosture
        );
        const postureData: PostureData | null = rawPosture
            ? isOrgLicensed
--- a/server/routers/newt/getNewtToken.ts
+++ b/server/routers/newt/getNewtToken.ts
@@ -18,7 +18,7 @@ import config from "@server/lib/config";
 import { APP_VERSION } from "@server/lib/consts";

 export const newtGetTokenBodySchema = z.object({
-    newtId: z.string(),
+    // newtId: z.string(),
    secret: z.string(),
    token: z.string().optional()
 });
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -12,7 +12,8 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { build } from "@server/build";
 import { cache } from "@server/lib/cache";
 import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
-import { isSubscribed } from "#dynamic/lib/isSubscribed";
+import { TierFeature, tierMatrix } from "@server/lib/billing/tierMatrix";
+import { getOrgTierData } from "#dynamic/lib/billing";

 const updateOrgParamsSchema = z.strictObject({
    orgId: z.string()
@@ -87,26 +88,83 @@ export async function updateOrg(

        const { orgId } = parsedParams.data;

-        const isLicensed = await isLicensedOrSubscribed(orgId);
-        if (!isLicensed) {
+        // Check 2FA enforcement feature
+        const has2FAFeature = await isLicensedOrSubscribed(
+            orgId,
+            tierMatrix[TierFeature.TwoFactorEnforcement]
+        );
+        if (!has2FAFeature) {
            parsedBody.data.requireTwoFactor = undefined;
-            parsedBody.data.maxSessionLengthHours = undefined;
-            parsedBody.data.passwordExpiryDays = undefined;
        }

-        const subscribed = await isSubscribed(orgId);
-        if (
-            build == "saas" &&
-            subscribed &&
-            parsedBody.data.settingsLogRetentionDaysRequest &&
-            parsedBody.data.settingsLogRetentionDaysRequest > 30
-        ) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "You are not allowed to set log retention days greater than 30 with your current subscription"
-                )
-            );
+        // Check session duration policies feature
+        const hasSessionDurationFeature = await isLicensedOrSubscribed(
+            orgId,
+            tierMatrix[TierFeature.SessionDurationPolicies]
+        );
+        if (!hasSessionDurationFeature) {
+            parsedBody.data.maxSessionLengthHours = undefined;
+        }
+
+        // Check password expiration policies feature
+        const hasPasswordExpirationFeature = await isLicensedOrSubscribed(
+            orgId,
+            tierMatrix[TierFeature.PasswordExpirationPolicies]
+        );
+        if (!hasPasswordExpirationFeature) {
+            parsedBody.data.passwordExpiryDays = undefined;
+        }
+        if (build == "saas") {
+            const { tier } = await getOrgTierData(orgId);
+
+            // Determine max allowed retention days based on tier
+            let maxRetentionDays: number | null = null;
+            if (!tier) {
+                maxRetentionDays = 0;
+            } else if (tier === "tier1") {
+                maxRetentionDays = 7;
+            } else if (tier === "tier2") {
+                maxRetentionDays = 30;
+            } else if (tier === "tier3") {
+                maxRetentionDays = 90;
+            }
+            // For enterprise tier, no check (maxRetentionDays remains null)
+
+            if (maxRetentionDays !== null) {
+                if (
+                    parsedBody.data.settingsLogRetentionDaysRequest !== undefined &&
+                    parsedBody.data.settingsLogRetentionDaysRequest > maxRetentionDays
+                ) {
+                    return next(
+                        createHttpError(
+                            HttpCode.FORBIDDEN,
+                            `You are not allowed to set log retention days greater than ${maxRetentionDays} with your current subscription`
+                        )
+                    );
+                }
+                if (
+                    parsedBody.data.settingsLogRetentionDaysAccess !== undefined &&
+                    parsedBody.data.settingsLogRetentionDaysAccess > maxRetentionDays
+                ) {
+                    return next(
+                        createHttpError(
+                            HttpCode.FORBIDDEN,
+                            `You are not allowed to set log retention days greater than ${maxRetentionDays} with your current subscription`
+                        )
+                    );
+                }
+                if (
+                    parsedBody.data.settingsLogRetentionDaysAction !== undefined &&
+                    parsedBody.data.settingsLogRetentionDaysAction > maxRetentionDays
+                ) {
+                    return next(
+                        createHttpError(
+                            HttpCode.FORBIDDEN,
+                            `You are not allowed to set log retention days greater than ${maxRetentionDays} with your current subscription`
+                        )
+                    );
+                }
+            }
        }

        const updatedOrg = await db