From ebdde5994d0b731692324df67ee5aaa16696bcc2 Mon Sep 17 00:00:00 2001
From: Marshall Bowers <elliott.codes@gmail.com>
Date: Mon, 12 Aug 2024 14:10:08 -0400
Subject: [PATCH] collab: Don't issue LLM API tokens if the user has not
 accepted the ToS (#16123)

This PR adds a check to the LLM API token issuance to ensure that we
only issue tokens to users that have accepted the terms of service.

Release Notes:

- N/A
---
 crates/collab/src/rpc.rs | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/crates/collab/src/rpc.rs b/crates/collab/src/rpc.rs
index 08c725eb5b..0420730b58 100644
--- a/crates/collab/src/rpc.rs
+++ b/crates/collab/src/rpc.rs
@@ -4916,8 +4916,20 @@ async fn get_llm_api_token(
         Err(anyhow!("permission denied"))?
     }
 
+    let db = session.db().await;
+
+    let user_id = session.user_id();
+    let user = db
+        .get_user_by_id(user_id)
+        .await?
+        .ok_or_else(|| anyhow!("user {} not found", user_id))?;
+
+    if user.accepted_tos_at.is_none() {
+        Err(anyhow!("terms of service not accepted"))?
+    }
+
     let token = LlmTokenClaims::create(
-        session.user_id(),
+        user.id,
         session.is_staff(),
         session.current_plan().await?,
         &session.app_state.config,