moved tg settings to db

2026-03-05 14:46:26 +01:00
parent b499778bce
commit 71d99338f2
11 changed files with 307 additions and 102 deletions
--- a/api/gateway/tgsettle/internal/service/treasury/bot/router.go
+++ b/api/gateway/tgsettle/internal/service/treasury/bot/router.go
@@ -51,6 +51,16 @@ type TreasuryService interface {
 	CancelRequest(ctx context.Context, requestID string, telegramUserID string) (*storagemodel.TreasuryRequest, error)
 }

+type UserBinding struct {
+	TelegramUserID  string
+	LedgerAccountID string
+	AllowedChatIDs  []string
+}
+
+type UserBindingResolver interface {
+	ResolveUserBinding(ctx context.Context, telegramUserID string) (*UserBinding, error)
+}
+
 type limitError interface {
 	error
 	LimitKind() string
@@ -65,9 +75,7 @@ type Router struct {
 	send    SendTextFunc
 	tracker ScheduleTracker

-	allowedChats map[string]struct{}
-	userAccounts map[string]string
-	allowAnyChat bool
+	users UserBindingResolver
 }

 func NewRouter(
@@ -75,43 +83,23 @@ func NewRouter(
 	service TreasuryService,
 	send SendTextFunc,
 	tracker ScheduleTracker,
-	allowedChats []string,
-	userAccounts map[string]string,
+	users UserBindingResolver,
 ) *Router {
 	if logger != nil {
 		logger = logger.Named("treasury_router")
 	}
-	allowed := map[string]struct{}{}
-	for _, chatID := range allowedChats {
-		chatID = strings.TrimSpace(chatID)
-		if chatID == "" {
-			continue
-		}
-		allowed[chatID] = struct{}{}
-	}
-	users := map[string]string{}
-	for userID, accountID := range userAccounts {
-		userID = strings.TrimSpace(userID)
-		accountID = strings.TrimSpace(accountID)
-		if userID == "" || accountID == "" {
-			continue
-		}
-		users[userID] = accountID
-	}
 	return &Router{
-		logger:       logger,
-		service:      service,
-		dialogs:      NewDialogs(),
-		send:         send,
-		tracker:      tracker,
-		allowedChats: allowed,
-		userAccounts: users,
-		allowAnyChat: len(allowed) == 0,
+		logger:  logger,
+		service: service,
+		dialogs: NewDialogs(),
+		send:    send,
+		tracker: tracker,
+		users:   users,
 	}
 }

 func (r *Router) Enabled() bool {
-	return r != nil && r.service != nil && len(r.userAccounts) > 0
+	return r != nil && r.service != nil && r.users != nil
 }

 func (r *Router) HandleUpdate(ctx context.Context, update *model.TelegramWebhookUpdate) bool {
@@ -138,20 +126,28 @@ func (r *Router) HandleUpdate(ctx context.Context, update *model.TelegramWebhook
 		)
 	}

-	if !r.allowAnyChat {
-		if _, ok := r.allowedChats[chatID]; !ok {
-			r.logUnauthorized(update)
-			_ = r.sendText(ctx, chatID, unauthorizedChatMessage)
-			return true
+	binding, err := r.users.ResolveUserBinding(ctx, userID)
+	if err != nil {
+		if r.logger != nil {
+			r.logger.Warn("Failed to resolve treasury user binding",
+				zap.Error(err),
+				zap.String("telegram_user_id", userID),
+				zap.String("chat_id", chatID))
 		}
+		_ = r.sendText(ctx, chatID, "*Temporary issue*\nUnable to check treasury authorization right now. Please try again.")
+		return true
 	}
-
-	accountID, ok := r.userAccounts[userID]
-	if !ok || strings.TrimSpace(accountID) == "" {
+	if binding == nil || strings.TrimSpace(binding.LedgerAccountID) == "" {
 		r.logUnauthorized(update)
 		_ = r.sendText(ctx, chatID, unauthorizedMessage)
 		return true
 	}
+	if !isChatAllowed(chatID, binding.AllowedChatIDs) {
+		r.logUnauthorized(update)
+		_ = r.sendText(ctx, chatID, unauthorizedChatMessage)
+		return true
+	}
+	accountID := strings.TrimSpace(binding.LedgerAccountID)

 	switch command {
 	case CommandStart:
@@ -507,6 +503,22 @@ func (r *Router) resolveAccountProfile(ctx context.Context, ledgerAccountID stri
 	return profile
 }

+func isChatAllowed(chatID string, allowedChatIDs []string) bool {
+	chatID = strings.TrimSpace(chatID)
+	if chatID == "" {
+		return false
+	}
+	if len(allowedChatIDs) == 0 {
+		return true
+	}
+	for _, allowed := range allowedChatIDs {
+		if strings.TrimSpace(allowed) == chatID {
+			return true
+		}
+	}
+	return false
+}
+
 func formatSeconds(value int64) string {
 	if value == 1 {
 		return "1 second"
--- a/api/gateway/tgsettle/internal/service/treasury/bot/router_test.go
+++ b/api/gateway/tgsettle/internal/service/treasury/bot/router_test.go
@@ -12,6 +12,21 @@ import (

 type fakeService struct{}

+type fakeUserBindingResolver struct {
+	bindings map[string]*UserBinding
+	err      error
+}
+
+func (f fakeUserBindingResolver) ResolveUserBinding(_ context.Context, telegramUserID string) (*UserBinding, error) {
+	if f.err != nil {
+		return nil, f.err
+	}
+	if f.bindings == nil {
+		return nil, nil
+	}
+	return f.bindings[telegramUserID], nil
+}
+
 func (fakeService) ExecutionDelay() time.Duration {
 	return 30 * time.Second
 }
@@ -54,8 +69,15 @@ func TestRouterUnauthorizedInAllowedChatSendsAccessDenied(t *testing.T) {
 			return nil
 		},
 		nil,
-		[]string{"100"},
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+					AllowedChatIDs:  []string{"100"},
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -85,8 +107,15 @@ func TestRouterUnknownChatGetsDenied(t *testing.T) {
 			return nil
 		},
 		nil,
-		[]string{"100"},
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+					AllowedChatIDs:  []string{"100"},
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -116,8 +145,14 @@ func TestRouterEmptyAllowedChats_AllowsAnyChatForAuthorizedUser(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -151,8 +186,14 @@ func TestRouterEmptyAllowedChats_UnauthorizedUserGetsDenied(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -182,8 +223,14 @@ func TestRouterStartAuthorizedShowsWelcome(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -213,8 +260,14 @@ func TestRouterHelpAuthorizedShowsHelp(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -244,8 +297,14 @@ func TestRouterStartUnauthorizedGetsDenied(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
@@ -275,8 +334,14 @@ func TestRouterPlainTextWithoutSession_ShowsSupportedCommands(t *testing.T) {
 			return nil
 		},
 		nil,
-		nil,
-		map[string]string{"123": "acct-1"},
+		fakeUserBindingResolver{
+			bindings: map[string]*UserBinding{
+				"123": {
+					TelegramUserID:  "123",
+					LedgerAccountID: "acct-1",
+				},
+			},
+		},
 	)
 	handled := router.HandleUpdate(context.Background(), &model.TelegramWebhookUpdate{
 		Message: &model.TelegramMessage{
--- a/api/gateway/tgsettle/internal/service/treasury/config.go
+++ b/api/gateway/tgsettle/internal/service/treasury/config.go
@@ -2,15 +2,7 @@ package treasury

 import "time"

-type UserBinding struct {
-	TelegramUserID string
-	LedgerAccount  string
-}
-
 type Config struct {
-	AllowedChats []string
-	Users        []UserBinding
-
 	ExecutionDelay time.Duration
 	PollInterval   time.Duration

--- a/api/gateway/tgsettle/internal/service/treasury/module.go
+++ b/api/gateway/tgsettle/internal/service/treasury/module.go
@@ -26,6 +26,7 @@ type Module struct {
 func NewModule(
 	logger mlogger.Logger,
 	repo storage.TreasuryRequestsStore,
+	users storage.TreasuryTelegramUsersStore,
 	ledgerClient ledger.Client,
 	cfg Config,
 	send bot.SendTextFunc,
@@ -33,6 +34,9 @@ func NewModule(
 	if logger != nil {
 		logger = logger.Named("treasury")
 	}
+	if users == nil {
+		return nil, merrors.InvalidArgument("treasury telegram users store is required", "users")
+	}
 	service, err := NewService(
 		logger,
 		repo,
@@ -45,23 +49,13 @@ func NewModule(
 		return nil, err
 	}

-	users := map[string]string{}
-	for _, binding := range cfg.Users {
-		userID := strings.TrimSpace(binding.TelegramUserID)
-		accountID := strings.TrimSpace(binding.LedgerAccount)
-		if userID == "" || accountID == "" {
-			continue
-		}
-		users[userID] = accountID
-	}
-
 	module := &Module{
 		logger:  logger,
 		service: service,
 		ledger:  ledgerClient,
 	}
 	module.scheduler = NewScheduler(logger, service, NotifyFunc(send), cfg.PollInterval)
-	module.router = bot.NewRouter(logger, &botServiceAdapter{svc: service}, send, module.scheduler, cfg.AllowedChats, users)
+	module.router = bot.NewRouter(logger, &botServiceAdapter{svc: service}, send, module.scheduler, &botUsersAdapter{store: users})
 	return module, nil
 }

@@ -99,6 +93,28 @@ type botServiceAdapter struct {
 	svc *Service
 }

+type botUsersAdapter struct {
+	store storage.TreasuryTelegramUsersStore
+}
+
+func (a *botUsersAdapter) ResolveUserBinding(ctx context.Context, telegramUserID string) (*bot.UserBinding, error) {
+	if a == nil || a.store == nil {
+		return nil, merrors.Internal("treasury users store unavailable")
+	}
+	record, err := a.store.FindByTelegramUserID(ctx, telegramUserID)
+	if err != nil {
+		return nil, err
+	}
+	if record == nil {
+		return nil, nil
+	}
+	return &bot.UserBinding{
+		TelegramUserID:  strings.TrimSpace(record.TelegramUserID),
+		LedgerAccountID: strings.TrimSpace(record.LedgerAccountID),
+		AllowedChatIDs:  normalizeChatIDs(record.AllowedChatIDs),
+	}, nil
+}
+
 func (a *botServiceAdapter) ExecutionDelay() (delay time.Duration) {
 	if a == nil || a.svc == nil {
 		return 0
@@ -164,3 +180,26 @@ func (a *botServiceAdapter) CancelRequest(ctx context.Context, requestID string,
 	}
 	return a.svc.CancelRequest(ctx, requestID, telegramUserID)
 }
+
+func normalizeChatIDs(values []string) []string {
+	if len(values) == 0 {
+		return nil
+	}
+	out := make([]string, 0, len(values))
+	seen := map[string]struct{}{}
+	for _, next := range values {
+		next = strings.TrimSpace(next)
+		if next == "" {
+			continue
+		}
+		if _, ok := seen[next]; ok {
+			continue
+		}
+		seen[next] = struct{}{}
+		out = append(out, next)
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return out
+}