ce8b5026c1
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 10s
CI / integration (pull_request) Successful in 20s
CI / ui (pull_request) Has been skipped
CI / conformance (pull_request) Successful in 10s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m45s
Stand up the payments data foundation: a self-contained `payments` Postgres schema for the in-game currency, wallets, benefits, catalog, orders and the append-only operations ledger, behind a domain package — nothing wired to real money yet. - Migration 00010: the `payments` schema and a NOLOGIN confinement role (ALL on payments.*, nothing on backend); the ledger with a BEFORE UPDATE/DELETE append-only trigger and a partial idempotency index; the materialised balances/benefits; the catalog (atoms seeded) + products + per-method prices; the typed single-row config; orders and payment_events. There is no cross-schema foreign key — account_id is a plain uuid kept consistent in code, which keeps the domain extractable. Expand-contract and reversible. - Money is a bigint in the currency's minor units carried by a `Money` value type (exact, math/big): no float ever touches an amount, and a whole-unit currency cannot hold a fraction. - Extend jetgen to generate the payments schema; construct the service in the composition root behind a narrow interface with a boot reachability check. - Tests: integration (role confinement via SET ROLE, the append-only trigger, CHECK constraints, the idempotency index, and a forward+backward migration), Money unit tests, and an import-boundary test keeping the payments jet code private to the domain. - Docs: PLAN.md, docs/PAYMENTS.md (+ _ru mirror) updated to the built model.
58 lines
1.8 KiB
Go
58 lines
1.8 KiB
Go
package payments
|
|
|
|
import (
|
|
"go/parser"
|
|
"go/token"
|
|
"io/fs"
|
|
"path/filepath"
|
|
"runtime"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
// TestPaymentsSchemaImportBoundary enforces that only this package reaches the
|
|
// payments jet code. The payments schema is isolated behind this domain; the
|
|
// application connects to Postgres as a superuser that bypasses the schema
|
|
// grants, so the runtime wall that keeps every other package out of payments.*
|
|
// is this import boundary, not the DB privileges. If another package imported
|
|
// the generated payments tables it could issue SQL against the schema directly,
|
|
// breaking the single-writer guarantee and the domain's extractability.
|
|
func TestPaymentsSchemaImportBoundary(t *testing.T) {
|
|
const jetPkg = "scrabble/backend/internal/postgres/jet/payments"
|
|
|
|
_, thisFile, _, ok := runtime.Caller(0)
|
|
if !ok {
|
|
t.Fatal("cannot resolve the test file path")
|
|
}
|
|
// thisFile = .../backend/internal/payments/boundary_test.go
|
|
backendRoot := filepath.Clean(filepath.Join(filepath.Dir(thisFile), "..", ".."))
|
|
allowedPrefix := filepath.Join(backendRoot, "internal", "payments") + string(filepath.Separator)
|
|
|
|
fset := token.NewFileSet()
|
|
walkErr := filepath.WalkDir(backendRoot, func(path string, d fs.DirEntry, err error) error {
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if d.IsDir() || !strings.HasSuffix(path, ".go") {
|
|
return nil
|
|
}
|
|
file, perr := parser.ParseFile(fset, path, nil, parser.ImportsOnly)
|
|
if perr != nil {
|
|
return perr
|
|
}
|
|
for _, imp := range file.Imports {
|
|
p := strings.Trim(imp.Path.Value, `"`)
|
|
if p != jetPkg && !strings.HasPrefix(p, jetPkg+"/") {
|
|
continue
|
|
}
|
|
if !strings.HasPrefix(path, allowedPrefix) {
|
|
t.Errorf("%s imports %s — only internal/payments may reach the payments jet code", path, p)
|
|
}
|
|
}
|
|
return nil
|
|
})
|
|
if walkErr != nil {
|
|
t.Fatalf("walk backend tree: %v", walkErr)
|
|
}
|
|
}
|