moved tg settings to db

api/gateway/tgsettle/internal/service/treasury/bot/router.go

@@ -51,6 +51,16 @@ type TreasuryService interface {
 	CancelRequest(ctx context.Context, requestID string, telegramUserID string) (*storagemodel.TreasuryRequest, error)
 }
 
+type UserBinding struct {
+	TelegramUserID  string
+	LedgerAccountID string
+	AllowedChatIDs  []string
+}
+
+type UserBindingResolver interface {
+	ResolveUserBinding(ctx context.Context, telegramUserID string) (*UserBinding, error)
+}
+
 type limitError interface {
 	error
 	LimitKind() string
@@ -65,9 +75,7 @@ type Router struct {
 	send    SendTextFunc
 	tracker ScheduleTracker
 
-	allowedChats map[string]struct{}
-	userAccounts map[string]string
-	allowAnyChat bool
+	users UserBindingResolver
 }
 
 func NewRouter(
@@ -75,43 +83,23 @@ func NewRouter(
 	service TreasuryService,
 	send SendTextFunc,
 	tracker ScheduleTracker,
-	allowedChats []string,
-	userAccounts map[string]string,
+	users UserBindingResolver,
 ) *Router {
 	if logger != nil {
 		logger = logger.Named("treasury_router")
 	}
-	allowed := map[string]struct{}{}
-	for _, chatID := range allowedChats {
-		chatID = strings.TrimSpace(chatID)
-		if chatID == "" {
-			continue
-		}
-		allowed[chatID] = struct{}{}
-	}
-	users := map[string]string{}
-	for userID, accountID := range userAccounts {
-		userID = strings.TrimSpace(userID)
-		accountID = strings.TrimSpace(accountID)
-		if userID == "" || accountID == "" {
-			continue
-		}
-		users[userID] = accountID
-	}
 	return &Router{
-		logger:       logger,
-		service:      service,
-		dialogs:      NewDialogs(),
-		send:         send,
-		tracker:      tracker,
-		allowedChats: allowed,
-		userAccounts: users,
-		allowAnyChat: len(allowed) == 0,
+		logger:  logger,
+		service: service,
+		dialogs: NewDialogs(),
+		send:    send,
+		tracker: tracker,
+		users:   users,
 	}
 }
 
 func (r *Router) Enabled() bool {
-	return r != nil && r.service != nil && len(r.userAccounts) > 0
+	return r != nil && r.service != nil && r.users != nil
 }
 
 func (r *Router) HandleUpdate(ctx context.Context, update *model.TelegramWebhookUpdate) bool {
@@ -138,20 +126,28 @@ func (r *Router) HandleUpdate(ctx context.Context, update *model.TelegramWebhook
 		)
 	}
 
-	if !r.allowAnyChat {
-		if _, ok := r.allowedChats[chatID]; !ok {
-			r.logUnauthorized(update)
-			_ = r.sendText(ctx, chatID, unauthorizedChatMessage)
-			return true
+	binding, err := r.users.ResolveUserBinding(ctx, userID)
+	if err != nil {
+		if r.logger != nil {
+			r.logger.Warn("Failed to resolve treasury user binding",
+				zap.Error(err),
+				zap.String("telegram_user_id", userID),
+				zap.String("chat_id", chatID))
 		}
+		_ = r.sendText(ctx, chatID, "*Temporary issue*\nUnable to check treasury authorization right now. Please try again.")
+		return true
 	}
-
-	accountID, ok := r.userAccounts[userID]
-	if !ok || strings.TrimSpace(accountID) == "" {
+	if binding == nil || strings.TrimSpace(binding.LedgerAccountID) == "" {
 		r.logUnauthorized(update)
 		_ = r.sendText(ctx, chatID, unauthorizedMessage)
 		return true
 	}
+	if !isChatAllowed(chatID, binding.AllowedChatIDs) {
+		r.logUnauthorized(update)
+		_ = r.sendText(ctx, chatID, unauthorizedChatMessage)
+		return true
+	}
+	accountID := strings.TrimSpace(binding.LedgerAccountID)
 
 	switch command {
 	case CommandStart:
@@ -507,6 +503,22 @@ func (r *Router) resolveAccountProfile(ctx context.Context, ledgerAccountID stri
 	return profile
 }
 
+func isChatAllowed(chatID string, allowedChatIDs []string) bool {
+	chatID = strings.TrimSpace(chatID)
+	if chatID == "" {
+		return false
+	}
+	if len(allowedChatIDs) == 0 {
+		return true
+	}
+	for _, allowed := range allowedChatIDs {
+		if strings.TrimSpace(allowed) == chatID {
+			return true
+		}
+	}
+	return false
+}
+
 func formatSeconds(value int64) string {
 	if value == 1 {
 		return "1 second"