tech/sendico
2
0
Fork 0
Code Issues 33 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request 'fixed verificaiton error' (#488) from ver-487 into main
Some checks failed
ci/woodpecker/push/gateway_chain Pipeline is pending
Details
ci/woodpecker/push/gateway_mntx Pipeline is pending
Details
ci/woodpecker/push/gateway_tgsettle Pipeline is pending
Details
ci/woodpecker/push/gateway_tron Pipeline is pending
Details
ci/woodpecker/push/ledger Pipeline is pending
Details
ci/woodpecker/push/notification Pipeline is pending
Details
ci/woodpecker/push/payments_orchestrator Pipeline is pending
Details
ci/woodpecker/push/payments_quotation Pipeline is pending
Details
ci/woodpecker/push/billing_documents Pipeline was successful
Details
ci/woodpecker/push/bff Pipeline was successful
Details
ci/woodpecker/push/billing_fees Pipeline was successful
Details
ci/woodpecker/push/discovery Pipeline was successful
Details
ci/woodpecker/push/fx_ingestor Pipeline was successful
Details
ci/woodpecker/push/fx_oracle Pipeline failed
Details
ci/woodpecker/push/frontend Pipeline failed
Details

Browse Source 
Reviewed-on: #488
This commit was merged in pull request #488.
This commit is contained in:
tech
2026-02-12 19:46:35 +00:00
parent 55624aa8b5 e605c734ad
commit b80dca0ce9
2 changed files with 45 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
api/pkg/db/internal/mongo/verificationimp/create.go
View File

@@ -29,6 +29,35 @@ func syntheticIdempotencyKey() string {
return "auto:" + bson.NewObjectID().Hex()
}
func verificationContextFilter(request *verification.Request) builder.Query {
return repository.Query().And(
repository.Filter("accountRef", request.AccountRef),
repository.Filter("purpose", request.Purpose),
repository.Filter("target", request.Target),
)
}
func activeContextFilter(request *verification.Request, now time.Time) builder.Query {
return repository.Query().And(
repository.Filter("accountRef", request.AccountRef),
repository.Filter("purpose", request.Purpose),
repository.Filter("target", request.Target),
repository.Filter("usedAt", nil),
repository.Query().Comparison(repository.Field("expiresAt"), builder.Gt, now),
)
}
func cooldownActiveContextFilter(request *verification.Request, now, cutoff time.Time) builder.Query {
return repository.Query().And(
repository.Filter("accountRef", request.AccountRef),
repository.Filter("purpose", request.Purpose),
repository.Filter("target", request.Target),
repository.Filter("usedAt", nil),
repository.Query().Comparison(repository.Field("expiresAt"), builder.Gt, now),
repository.Query().Comparison(repository.Field("createdAt"), builder.Gt, cutoff),
)
}
func idempotencyFilter(
request *verification.Request,
idempotencyKey string,
@@ -140,13 +169,7 @@ func (db *verificationDB) Create(
_, err = db.tf.CreateTransaction().Execute(ctx, func(tx context.Context) (any, error) {
now := time.Now().UTC()
baseFilter := repository.Query().And(
repository.Filter("accountRef", request.AccountRef),
repository.Filter("purpose", request.Purpose),
repository.Filter("target", request.Target),
repository.Filter("usedAt", nil),
repository.Query().Comparison(repository.Field("expiresAt"), builder.Gt, now),
)
activeFilter := activeContextFilter(request, now)
// Optional idempotency key support for safe retries.
if hasIdempotency {
@@ -177,12 +200,8 @@ func (db *verificationDB) Create(
if request.Cooldown != nil {
cutoff := now.Add(-*request.Cooldown)
cooldownFilter := baseFilter.And(
repository.Query().Comparison(repository.Field("createdAt"), builder.Gt, cutoff),
)
var recent model.VerificationToken
err := db.DBImp.FindOne(tx, cooldownFilter, &recent)
err := db.DBImp.FindOne(tx, cooldownActiveContextFilter(request, now, cutoff), &recent)
switch {
case err == nil:
return nil, verification.ErrorCooldownActive()
@@ -195,7 +214,7 @@ func (db *verificationDB) Create(
// 2) Invalidate active tokens for this context
if _, err := db.DBImp.PatchMany(
tx,
baseFilter,
activeFilter,
repository.Patch().Set(repository.Field("usedAt"), now),
); err != nil {
return nil, err

15
api/pkg/db/internal/mongo/verificationimp/verification_test.go
View File

@@ -849,15 +849,26 @@ func TestCreate_CooldownExpiresAllowsCreation(t *testing.T) {
accountRef := bson.NewObjectID()
// First creation without cooldown.
_, err := db.Create(ctx, req(accountRef, model.PurposePasswordReset, "", time.Hour))
firstRaw, err := db.Create(ctx, req(accountRef, model.PurposePasswordReset, "", time.Hour))
require.NoError(t, err)
time.Sleep(2 * time.Millisecond)
// Re-create with short cooldown — the prior token is old enough to be invalidated.
r2 := req(accountRef, model.PurposePasswordReset, "", time.Hour).WithCooldown(time.Millisecond)
_, err = db.Create(ctx, r2)
secondRaw, err := db.Create(ctx, r2)
require.NoError(t, err)
assert.NotEqual(t, firstRaw, secondRaw)
// Old token should be rotated out after successful re-issue.
_, err = db.Consume(ctx, accountRef, model.PurposePasswordReset, firstRaw)
require.Error(t, err)
assert.True(t, errors.Is(err, verification.ErrTokenAlreadyUsed))
// New token remains valid.
tok, err := db.Consume(ctx, accountRef, model.PurposePasswordReset, secondRaw)
require.NoError(t, err)
assert.Equal(t, accountRef, tok.AccountRef)
}
func TestCreate_CooldownNilIgnored(t *testing.T) {