Stage 11: account linking & merge (email + Telegram Login Widget)
Tests · Go / test (push) Successful in 7s
Tests · Integration / integration (push) Successful in 11s
Tests · UI / test (push) Successful in 20s
Tests · Go / test (pull_request) Successful in 6s
Tests · Integration / integration (pull_request) Successful in 11s
Tests · UI / test (pull_request) Successful in 19s
Tests · Go / test (push) Successful in 7s
Tests · Integration / integration (push) Successful in 11s
Tests · UI / test (push) Successful in 20s
Tests · Go / test (pull_request) Successful in 6s
Tests · Integration / integration (pull_request) Successful in 11s
Tests · UI / test (pull_request) Successful in 19s
Link an email (confirm-code) or Telegram (web Login Widget) to the current account; if the identity already has its own account, merge the two into the one in use (the current account is primary, except a guest initiator whose durable counterpart wins). The merge runs in one transaction (internal/accountmerge): stats + hint wallet summed, paid_account ORed, identities/games/chat/complaints transferred, friends/blocks de-duplicated, the secondary kept as a merged_into tombstone so a shared finished game's no-cascade FKs hold; a shared active game blocks the merge. - migration 00009: accounts.paid_account, merged_into, merged_at (+ jetgen) - internal/link orchestrator; session.RevokeAllForAccount on merge - connector ValidateLoginWidget RPC + loginwidget HMAC validator - edge ops link.email.request/confirm/merge, link.telegram.confirm/merge; supersedes the Stage 8 email.bind.* surface (request never reveals 'taken' before the code is verified, so a probe cannot enumerate addresses) - UI Profile link section + irreversible-merge dialog; Telegram web sign-in - focused regression tests (merge core, guest inversion, active-game refusal, finished-shared-game kept), gateway transcode + connector + UI codec/e2e - docs: PLAN, ARCHITECTURE 3/4/9, FUNCTIONAL(+ru), module READMEs
This commit is contained in:
Ilia Denisov
@@ -4,6 +4,8 @@ import (
|
||||
"context"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// Cache is the in-memory write-through projection of the active rows in
|
||||
@@ -93,3 +95,19 @@ func (c *Cache) Remove(tokenHash string) {
|
||||
defer c.mu.Unlock()
|
||||
delete(c.byHash, tokenHash)
|
||||
}
|
||||
|
||||
// RemoveByAccount evicts every cached session belonging to accountID. The
|
||||
// account-merge flow uses it to drop a retired secondary account's sessions
|
||||
// (Stage 11); a linear scan is adequate at the cache's size.
|
||||
func (c *Cache) RemoveByAccount(accountID uuid.UUID) {
|
||||
if c == nil {
|
||||
return
|
||||
}
|
||||
c.mu.Lock()
|
||||
defer c.mu.Unlock()
|
||||
for hash, s := range c.byHash {
|
||||
if s.AccountID == accountID {
|
||||
delete(c.byHash, hash)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,3 +71,14 @@ func (svc *Service) Revoke(ctx context.Context, token string) error {
|
||||
svc.cache.Remove(hash)
|
||||
return nil
|
||||
}
|
||||
|
||||
// RevokeAllForAccount revokes every active session of accountID and evicts them
|
||||
// from the cache. The account-merge flow calls it to retire a secondary account
|
||||
// (Stage 11). It is idempotent.
|
||||
func (svc *Service) RevokeAllForAccount(ctx context.Context, accountID uuid.UUID) error {
|
||||
if _, err := svc.store.RevokeAllForAccount(ctx, accountID, time.Now().UTC()); err != nil {
|
||||
return err
|
||||
}
|
||||
svc.cache.RemoveByAccount(accountID)
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -110,6 +110,34 @@ func (s *Store) RevokeByTokenHash(ctx context.Context, tokenHash string, at time
|
||||
return modelToSession(row), true, nil
|
||||
}
|
||||
|
||||
// RevokeAllForAccount transitions every active session of accountID to revoked
|
||||
// and returns the post-update rows (so the caller can evict them from the cache).
|
||||
// It backs the account-merge flow, which retires a secondary account's sessions
|
||||
// (Stage 11). No matching rows is not an error.
|
||||
func (s *Store) RevokeAllForAccount(ctx context.Context, accountID uuid.UUID, at time.Time) ([]Session, error) {
|
||||
stmt := table.Sessions.
|
||||
UPDATE(table.Sessions.Status, table.Sessions.RevokedAt).
|
||||
SET(postgres.String(StatusRevoked), postgres.TimestampzT(at)).
|
||||
WHERE(
|
||||
table.Sessions.AccountID.EQ(postgres.UUID(accountID)).
|
||||
AND(table.Sessions.Status.EQ(postgres.String(StatusActive))),
|
||||
).
|
||||
RETURNING(table.Sessions.AllColumns)
|
||||
|
||||
var rows []model.Sessions
|
||||
if err := stmt.QueryContext(ctx, s.db, &rows); err != nil {
|
||||
if errors.Is(err, qrm.ErrNoRows) {
|
||||
return nil, nil
|
||||
}
|
||||
return nil, fmt.Errorf("session: revoke all for account %s: %w", accountID, err)
|
||||
}
|
||||
out := make([]Session, 0, len(rows))
|
||||
for _, row := range rows {
|
||||
out = append(out, modelToSession(row))
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
// ListActive loads every active session. Cache.Warm calls this at boot.
|
||||
func (s *Store) ListActive(ctx context.Context) ([]Session, error) {
|
||||
stmt := postgres.SELECT(table.Sessions.AllColumns).
|
||||
|
||||
Reference in New Issue
Block a user