Hi -- I have a user who was able to

Hi -- I have a user who was able to submit 39 events in a single day (August 26) to a feature that should have limited them to 3 per month.

The

track

track

code is guarded by a

check

check

check

check as follows:

    const { data } = await autumn.check({
      customer_id: userId,
      feature_id: "premium-messages-monthly",
    });

    if (!data?.allowed) {
      return new Response("Forbidden", { status: 403 });
    }

    await autumn.track({
      customer_id: userId,
      event_name: "premium-messages",
    });

    const { data } = await autumn.check({
      customer_id: userId,
      feature_id: "premium-messages-monthly",
    });

    if (!data?.allowed) {
      return new Response("Forbidden", { status: 403 });
    }

    await autumn.track({
      customer_id: userId,
      event_name: "premium-messages",
    });

    const { data } = await autumn.check({
      customer_id: userId,
      feature_id: "premium-messages-monthly",
    });

    if (!data?.allowed) {
      return new Response("Forbidden", { status: 403 });
    }

    await autumn.track({
      customer_id: userId,
      event_name: "premium-messages",
    });

    const { data } = await autumn.check({
      customer_id: userId,
      feature_id: "premium-messages-monthly",
    });

    if (!data?.allowed) {
      return new Response("Forbidden", { status: 403 });
    }

    await autumn.track({
      customer_id: userId,
      event_name: "premium-messages",
    });

Can someone help me understand how this was possible? This cost me money because the resource they were able to abuse was expensive.

Hi -- I have a user who was able to

Similar Threads

Similar Threads

Similar Threads