iachat

History

Vishnu Narayanan c884cdefde feat: add per-account daily rate limit for outbound emails (#13411 ) Introduce a daily cap on non-channel outbound emails to prevent abuse. Fixes https://linear.app/chatwoot/issue/CW-6418/ses-incident-jan-28 ## Type of change - [x] New feature (non-breaking change which adds functionality) - [x] Breaking change (fix or feature that would cause existing functionality not to work as expected) ## Summary - Adds a Redis-based daily counter to rate limit outbound emails per account, preventing email abuse - Covers continuity emails (WebWidget/API), conversation transcripts, and agent notifications - Email channel replies are excluded (paid feature, not abusable) - Adds account suspension check in `ConversationReplyMailer` to block already-queued emails for suspended accounts ## Limit Resolution Hierarchy 1. Per-account override (`account.limits['emails']`) — SuperAdmin configurable 2. Enterprise plan-based (`ACCOUNT_EMAILS_PLAN_LIMITS` InstallationConfig) 3. Global default (`ACCOUNT_EMAILS_LIMIT` InstallationConfig, default: 100) 4. Fallback (`ChatwootApp.max_limit` — effectively unlimited) ## Enforcement Points \| Path \| Where \| Behavior \| \|------\|-------\|----------\| \| WebWidget/API continuity \| `SendEmailNotificationService#should_send_email_notification?` \| Silently skipped \| \| Widget transcript \| `Widget::ConversationsController#transcript` \| Returns 429 \| \| API transcript \| `ConversationsController#transcript` \| Returns 429 \| \| Agent notifications \| `Notification::EmailNotificationService#perform` \| Silently skipped \| \| Email channel replies \| Not rate limited \| Paid feature \| \| Suspended accounts \| `ConversationReplyMailer` \| Blocked at mailer level \|		2026-02-03 02:06:51 +05:30
..
channel	fix: Setup webhooks for manual WhatsApp Cloud channel creation (#13278 )	2026-01-19 14:12:36 +04:00
concerns	feat: add per-account daily rate limit for outbound emails (#13411 )	2026-02-03 02:06:51 +05:30
enterprise/audit	feat: Add conversation delete feature (#11677 )	2025-06-05 15:53:17 -05:00
integrations	feat: new Captain Editor (#13235 )	2026-01-21 13:39:07 +05:30
.keep	Fix url in emails, add frontendURL helper (#19 )	2019-08-25 19:59:28 +05:30
account_spec.rb	feat: add global config for captain settings (#13141 )	2026-01-12 19:54:19 +05:30
account_user_spec.rb	chore: Add permissions to auth data (#9695 )	2024-06-28 12:52:48 -07:00
agent_bot_inbox_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
agent_bot_spec.rb	feat: Implement UI for Agent Bots in settings and remove CSML support (#11276 )	2025-04-16 18:02:49 +05:30
application_record_external_credentials_encryption_spec.rb	feat: Secure external credentials with database encryption (#12648 )	2025-10-13 18:05:12 +05:30
article_spec.rb	chore: Update LLM formatter classes to include additional details (#11491 )	2025-05-15 17:47:37 -07:00
assignment_policy_spec.rb	feat: Add assignment policies controllers with jbuilder views (#12199 )	2025-08-18 19:15:21 -07:00
attachment_spec.rb	feat: TikTok channel (#12741 )	2025-12-17 07:54:50 -08:00
automation_rule_spec.rb	feat: Add support for labels in automations (#11658 )	2025-09-18 14:17:54 +05:30
campaign_spec.rb	chore: Add validations to campaign model	2025-03-19 17:29:08 -07:00
category_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
contact_inbox_spec.rb	fix: Change contact_inboxes.source_id to text column (#12882 )	2025-11-17 16:09:36 +05:30
contact_spec.rb	feat: Introduce the crm_v2 feature flag for CRM changes (#12014 )	2025-07-23 17:07:02 +04:00
conversation_participants_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
conversation_spec.rb	fix: prevent NoMethodError in mute helpers when contact is nil (#13277 )	2026-01-15 22:00:09 -08:00
csat_survey_response_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
data_import_spec.rb	chore: Add delay before running dataimport job (#8039 )	2023-10-03 22:18:57 -07:00
folder_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
inbox_member_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
inbox_spec.rb	feat: remove colon and semicolons when sanitizing inbox name (#11889 )	2025-07-08 09:41:40 +05:30
installation_config_spec.rb	Feature: Installation global config (#839 ) (#840 )	2020-05-10 22:40:36 +05:30
label_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
macro_spec.rb	test: reset `Current.user` after spec (#8123 )	2023-10-17 18:06:54 +05:30
mention_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
message_spec.rb	feat: allow agent bot and captain responses to reset waiting since (#13181 )	2026-01-07 13:57:43 +05:30
note_spec.rb	feat(ee): Add Captain features (#10665 )	2025-01-14 16:15:47 -08:00
notification_setting_spec.rb	Feature: Add new notification settings for user (#569 )	2020-02-29 20:41:09 +05:30
notification_spec.rb	feat: speed up circleci and github actions (#12849 )	2025-11-19 15:32:48 +05:30
platform_app_permissible_spec.rb	feat: Add Platform APIs (#1456 )	2021-01-14 20:35:22 +05:30
platform_app_spec.rb	chore: Limit objects returned by conversation API (#2721 )	2021-07-31 21:19:42 +05:30
portal_spec.rb	chore: Clean up report & knowledge base policies (#11234 )	2025-04-03 16:00:32 -07:00
related_category_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
reporting_event_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
team_member_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
team_spec.rb	feat: invalidate cache after inbox members or team members update (#10869 )	2025-02-20 21:28:38 -08:00
user_spec.rb	fix: linear and user association spec (#13056 )	2025-12-12 18:53:26 +05:30
webhook_spec.rb	chore: Enable the new Rubocop rules (#7122 )	2023-05-19 14:37:10 +05:30
working_hour_spec.rb	fix: Update timezone to get `wday` from working_hours (#5605 )	2022-10-12 14:32:54 -07:00