skip /usage/plan request when api key is not provided#2059
Conversation
rafel-roboflow
requested review from
PawelPeczek-Roboflow,
dkosowski87,
grzegorz-roboflow,
hansent,
probicheaux and
yeldarby
as code owners
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| date_time_now: Optional[datetime.datetime] = None, | ||
| ) -> Dict[str, Union[str, bool]]: | ||
| if not api_key: | ||
| return self._get_default_plan() |
There was a problem hiding this comment.
Empty API key now bypasses quota enforcement checks
Medium Severity
When no API key is provided, _get_default_plan returns over_quota=False, is_enterprise=True, is_pro=True, and is_billed=True. Previously, the code would hit the /usage/plan endpoint, receive a 401, and the 4xx handler in refresh_api_key_plan_cache would set over_quota=True, is_enterprise=False, is_pro=False, and is_billed=False. The WebRTC code paths (is_over_quota) rely on over_quota to enforce usage limits — this change flips the behavior from restrictive to fully permissive for empty API keys, contrary to the PR's claim of "maintaining backward compatibility."
Additional Locations (1)
There was a problem hiding this comment.
I would need to force to return False for those, ... I guess makes sense as no-api key was given? I doubt about 'is over quota', because it's not really overquo
ta.
This reverts commit 9d69989.
…ndpoint-without-api-key-2
grzegorz-roboflow
deleted the
feat/dg-318-do-not-call-usage-plan-details-endpoint-without-api-key-2
branch
2 participants
What does this PR do?
Prevents unnecessary HTTP requests to
/usage/planendpoint when no API key is provided. Previously, the code would make the request regardless, resulting in 401 errors.Now
get_api_key_planreturns default values immediately when the API key is empty or None... avoiding many 401 logs.Related Issue(s): N/A
Type of Change
Testing
Test details:
Verified that
/usage/planrequests are no longer made when running inference without an API key configured.Checklist
Additional Context
The fix returns default plan values (enterprise=True, pro=True, billed=True, etc.) when no API key is provided, maintaining backward compatibility while avoiding unnecessary network calls and 401 error logs.
Note
Low Risk
Low risk: adds a simple early-return guard to avoid an external
/usage/planrequest whenapi_keyis empty, with no changes to auth, storage, or request logic when a key is present.Overview
Prevents plan lookups from calling the remote plan endpoint when
get_api_key_planis invoked with a missing/emptyapi_key.PlanDetails.get_api_key_plannow immediately returns a default plan dict (defaults for enterprise/pro/billed, etc.) with an emptyapi_key_hash, avoiding repeated 401s and noise when running without an API key.Written by Cursor Bugbot for commit 643da16. This will update automatically on new commits. Configure here.