feat(payments): chip wallet, store-compliance gate and benefit application
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 22s
CI / ui (pull_request) Successful in 1m7s
CI / conformance (pull_request) Successful in 9s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m41s

Stand up the internal chip/benefit mechanic behind the narrow payments interface:
context-aware balances and benefits, an atomic chip spend, admin grants as
zero-price value sales, the one-directional store-compliance gate (VK/TG same-
origin only, web draws direct→vk→tg, VK-iOS frozen, untrusted fail-closed), and
per-origin hint and no-ads application with term stacking. Reads are served from
an in-process, account-keyed write-through cache (mirroring the suspension gate),
so hot paths issue no query to the payments schema.

Flip the online-game hint wallet and the ad-banner suppression from the deprecated
accounts.hint_balance / paid_account columns to the payments benefit (a hint
balance no longer suppresses the banner — only a no-ads benefit does), and fold
chip segments and benefits by origin on account merge, inside the merge tx. Add
the GET/POST /api/v1/user/wallet edge chain (REST → Connect → FlatBuffers) plus
its codec unit test; no wallet UI yet.

Bring the frozen owner decisions log into the repo at
docs/PAYMENTS_DECISIONS_ru.md (it was untracked under .vscode) and reference it
from PLAN.md; record the read-cache design and the present-sources interface in
PLAN.md and docs/PAYMENTS.md (+ RU mirror).
This commit is contained in:
Ilia Denisov
2026-07-08 06:06:40 +02:00
parent 711fabe9cc
commit 1c06d1d0d1
39 changed files with 2947 additions and 151 deletions
+36
View File
@@ -360,6 +360,42 @@ func (c *Client) Profile(ctx context.Context, userID string) (ProfileResp, error
return out, err
}
// WalletSegmentResp is one chip balance in the wallet: the funding source, the chip count, and
// whether it is spendable in the caller's current context.
type WalletSegmentResp struct {
Source string `json:"source"`
Chips int `json:"chips"`
Spendable bool `json:"spendable"`
}
// WalletResp is the caller's wallet: the context-visible chip segments and the context-applicable
// benefits (no-ads term end as unix millis / forever flag, and the available hints).
type WalletResp struct {
Segments []WalletSegmentResp `json:"segments"`
AdsForever bool `json:"ads_forever"`
AdsPaidUntil int64 `json:"ads_paid_until_ms"`
Hints int `json:"hints"`
}
// walletBuyBody is the chip-spend request body.
type walletBuyBody struct {
ProductID string `json:"product_id"`
}
// Wallet fetches the caller's wallet in their current execution context.
func (c *Client) Wallet(ctx context.Context, userID string) (WalletResp, error) {
var out WalletResp
err := c.do(ctx, http.MethodGet, "/api/v1/user/wallet", userID, "", nil, &out)
return out, err
}
// WalletBuy spends chips on a chip-priced value and returns the updated wallet.
func (c *Client) WalletBuy(ctx context.Context, userID, productID string) (WalletResp, error) {
var out WalletResp
err := c.do(ctx, http.MethodPost, "/api/v1/user/wallet/buy", userID, "", walletBuyBody{ProductID: productID}, &out)
return out, err
}
// BlockStatusResp is the caller's current manual-block state. Until is an RFC3339 UTC instant for
// a temporary block, empty for a permanent one or when not blocked; Reason is resolved to the
// account's language, empty when none was cited.
+28
View File
@@ -79,6 +79,34 @@ func encodeConfirmLinkResult(r backendclient.ConfirmLinkResp) []byte {
// encodeProfile builds a Profile payload, including the advertising-banner block
// when the backend marked the viewer eligible.
// encodeWallet builds the Wallet payload: the visible chip segments and the context-applicable
// benefits. Each WalletSegment table (and its source string) is built before the segments vector
// is opened, per FlatBuffers' rule against a nested table while another is under construction.
func encodeWallet(w backendclient.WalletResp) []byte {
b := flatbuffers.NewBuilder(128)
segs := make([]flatbuffers.UOffsetT, len(w.Segments))
for i, seg := range w.Segments {
src := b.CreateString(seg.Source)
fb.WalletSegmentStart(b)
fb.WalletSegmentAddSource(b, src)
fb.WalletSegmentAddChips(b, int32(seg.Chips))
fb.WalletSegmentAddSpendable(b, seg.Spendable)
segs[i] = fb.WalletSegmentEnd(b)
}
fb.WalletStartSegmentsVector(b, len(segs))
for i := len(segs) - 1; i >= 0; i-- {
b.PrependUOffsetT(segs[i])
}
segVec := b.EndVector(len(segs))
fb.WalletStart(b)
fb.WalletAddSegments(b, segVec)
fb.WalletAddAdsForever(b, w.AdsForever)
fb.WalletAddAdsPaidUntilMs(b, w.AdsPaidUntil)
fb.WalletAddHints(b, int32(w.Hints))
b.Finish(fb.WalletEnd(b))
return b.FinishedBytes()
}
func encodeProfile(p backendclient.ProfileResp) []byte {
b := flatbuffers.NewBuilder(192)
uid := b.CreateString(p.UserID)
+25
View File
@@ -52,6 +52,8 @@ const (
MsgFeedbackSubmit = "feedback.submit"
MsgFeedbackGet = "feedback.get"
MsgFeedbackUnread = "feedback.unread"
MsgWalletGet = "wallet.get"
MsgWalletBuy = "wallet.buy"
)
// Request is one decoded Execute call.
@@ -105,6 +107,8 @@ func NewRegistry(backend *backendclient.Client, tg TelegramValidator, opts ...Op
r.ops[MsgAuthEmailLogin] = Op{Handler: authEmailLoginHandler(backend), Email: true}
r.ops[MsgAuthEmailConfirmLink] = Op{Handler: authEmailConfirmLinkHandler(backend)}
r.ops[MsgProfileGet] = Op{Handler: profileHandler(backend), Auth: true}
r.ops[MsgWalletGet] = Op{Handler: walletHandler(backend), Auth: true}
r.ops[MsgWalletBuy] = Op{Handler: walletBuyHandler(backend), Auth: true}
r.ops[MsgBlockStatus] = Op{Handler: blockStatusHandler(backend), Auth: true}
r.ops[MsgGameSubmitPlay] = Op{Handler: submitPlayHandler(backend), Auth: true}
r.ops[MsgGameState] = Op{Handler: gameStateHandler(backend), Auth: true}
@@ -294,6 +298,27 @@ func profileHandler(backend *backendclient.Client) Handler {
}
}
func walletHandler(backend *backendclient.Client) Handler {
return func(ctx context.Context, req Request) ([]byte, error) {
w, err := backend.Wallet(ctx, req.UserID)
if err != nil {
return nil, err
}
return encodeWallet(w), nil
}
}
func walletBuyHandler(backend *backendclient.Client) Handler {
return func(ctx context.Context, req Request) ([]byte, error) {
in := fb.GetRootAsWalletBuyRequest(req.Payload, 0)
w, err := backend.WalletBuy(ctx, req.UserID, string(in.ProductId()))
if err != nil {
return nil, err
}
return encodeWallet(w), nil
}
}
func blockStatusHandler(backend *backendclient.Client) Handler {
return func(ctx context.Context, req Request) ([]byte, error) {
bs, err := backend.BlockStatus(ctx, req.UserID)