tex: extend section on hibp integration

tex/part-theoretical.tex

@@ -705,22 +705,38 @@ records would be dropped entirely.
 
 Troy Hunt's \textbf{Have I Been Pwned?} online service
 (\url{https://haveibeenpwned.com/}) has been chosen as the online source of
-compromised data. The service offers public APIs that are protected by API keys
-due to abuse-prevention reasons.
+compromised data. The service offers public APIs, which were originally (and it
+was the intention of their author that they stay that way) provided free of
+charge and with little-to-no rate-limiting. A major overhaul in this regard has
+been revealed in November of 2022, where in addition to a new rate-limit
+system, different-levels-of-symbolic fees were introduced to obtain the API
+keys. These Apparently, the top consumers of the API seemed to utilise it
+orders of magnitude more than the average person, which led Hunt to devising a
+new, tiered API access system in which the \emph{little guys} would not be
+subsidising the \emph{big guys}\cite{hibpBillingChanges}. Additionally, the
+symbolic fee of \$3.50/mo for the entry-level, 10 requests per minute API key
+was meant to serve as a small barrier for (mis)users with nefarious purposes,
+but pose practically no obstacle for \emph{legitimate} users, which is entirely
+reasonable.
 
-The application's \texttt{hibp} module and database representation models
-the values returned by this API, which allows searching in large breaches using
-email addresses.
+The application's \texttt{hibp} module and database representation attempts to
+model the values returned by this API and declare actions to be performed upon
+the data, which is what facilitates the breach search functionality in the
+program.
 
-The architecture there is relatively simple: the application administrator
-configures an API key for the HIBP service, the user enters the query
-parameters, the application constructs a query, calls the API and waits for a
-response. As the API is rate-limited based on the key supplied, this can pose
-an issue and it has not been fully resolved in the UI. The application then
-parses the returned data and binds it to the local model for validation. If
-that goes well, the data is saved into the database as a cache and the search
-query is performed on the saved data. If it returns anything, it is displayed
-to the user for browsing.
+The architecture is relatively simple: the application administrator configures
+an API key for the HIBP service via the management interface, the user enters
+the query parameters and the application then constructs the API call that is
+sent to the API, awaiting the response. As the API is rate-limited
+(individually, based on the API key supplied), this \emph{could} pose an issue
+at high utilisation times, and thus needs to be handled in the backend as well
+as in the UI.
+
+After a response from the API server arrives, the application parses the
+returned data and attempts to \emph{bind} it to the pre-programmed \emph{model}
+for validation. If the data can be successfully validated, it is saved into the
+database as a cache and the search query is performed on the saved data. The
+result is then displayed to the user for browsing.
 
 
 \n{1}{Deployment recommendations}\label{sec:deploymentRecommendations}

tex/references.bib

@@ -413,4 +413,12 @@ institution = {International Organization for Standardization}
 	note={{Available from: \url{https://developers.redhat.com/blog/2019/01/15/podman-managing-containers-pods} [viewed 2023-07-24]}}
 }
 
+@misc{hibpBillingChanges,
+	author = {{Troy Hunt}},
+	year = 2022,
+	title = {{The Have I Been Pwned API Now Has Different Rate Limits and Annual Billing}},
+	howpublished = {[online]},
+	note={{Available from: \url{https://www.troyhunt.com/the-have-i-been-pwned-api-now-has-different-rate-limits-and-annual-billing/} [viewed 2023-08-15]}}
+}
+
 % =========================================================================== %