feat(payments): trusted platform signal on the session
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 18s
CI / ui (pull_request) Successful in 1m7s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m42s
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 11s
CI / integration (pull_request) Successful in 18s
CI / ui (pull_request) Successful in 1m7s
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m42s
Record the execution platform (kind vk|telegram|direct + device subtype ios|android|web) on each session, captured at creation and carried gateway->backend as a trusted X-Platform header, so the upcoming store-compliance gate has an unforgeable execution context. - backend.sessions gains nullable platform_kind/platform_subtype columns (migration 00011, CHECK-constrained, jet regenerated); session.Platform captures them at mint, resolve returns them, middleware exposes platform(c). kind is derived from the establish endpoint, never a client field; the account-merge session mint inherits the caller's platform. - gateway derives the platform (VK subtype from the signed vk_platform via vkauth, Telegram/direct best-effort from the client) and injects X-Platform on every authenticated backend call through the request context. - ui submits a best-effort device subtype on the telegram/guest/email login requests (new FBS subtype field); VK is server-derived from the signed params. - an unattributed session is untrusted (view-only); VK/TG self-heal on the next cold-start re-mint, direct/email on re-login. Signal plumbing only, no user-visible change; X-Platform is inert until the gate consumes it.
This commit is contained in:
@@ -47,6 +47,33 @@ func TestVerifyValid(t *testing.T) {
|
||||
if id.ExternalID != "494075" || id.Language != "ru" {
|
||||
t.Fatalf("identity = %+v, want ExternalID=494075 Language=ru", id)
|
||||
}
|
||||
if id.Platform != "android" || id.Subtype() != "android" {
|
||||
t.Fatalf("platform = %q subtype = %q, want android/android", id.Platform, id.Subtype())
|
||||
}
|
||||
}
|
||||
|
||||
// TestSubtype locks the vk_platform -> device-family mapping (the trusted subtype),
|
||||
// notably that iPhone and iPad both surface as the store-frozen "ios" and that any
|
||||
// unrecognised or empty value falls back to web.
|
||||
func TestSubtype(t *testing.T) {
|
||||
for _, tc := range []struct {
|
||||
platform string
|
||||
want string
|
||||
}{
|
||||
{"mobile_iphone", "ios"},
|
||||
{"mobile_ipad", "ios"},
|
||||
{"mobile_iphone_messenger", "ios"},
|
||||
{"mobile_android", "android"},
|
||||
{"android", "android"},
|
||||
{"desktop_web", "web"},
|
||||
{"mobile_web", "web"},
|
||||
{"", "web"},
|
||||
{"something_new", "web"},
|
||||
} {
|
||||
if got := (vkauth.Identity{Platform: tc.platform}).Subtype(); got != tc.want {
|
||||
t.Errorf("Subtype(%q) = %q, want %q", tc.platform, got, tc.want)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TestVerifyCommaValue locks the URL-encoding of the one realistic special-char VK
|
||||
|
||||
Reference in New Issue
Block a user