fix(upgrade): preserve legacy auth and payment compatibility

backend/migrations/118_wechat_dual_mode_and_auth_source_defaults.sql

@@ -3,6 +3,7 @@ VALUES
     (
         'wechat_connect_open_enabled',
         CASE
+            WHEN NOT EXISTS (SELECT 1 FROM settings WHERE key = 'wechat_connect_enabled') THEN ''
             WHEN COALESCE((SELECT value FROM settings WHERE key = 'wechat_connect_enabled'), 'false') <> 'true' THEN 'false'
             WHEN LOWER(TRIM(COALESCE((SELECT value FROM settings WHERE key = 'wechat_connect_mode'), 'open'))) = 'mp' THEN 'false'
             ELSE 'true'
@@ -11,6 +12,7 @@ VALUES
     (
         'wechat_connect_mp_enabled',
         CASE
+            WHEN NOT EXISTS (SELECT 1 FROM settings WHERE key = 'wechat_connect_enabled') THEN ''
             WHEN COALESCE((SELECT value FROM settings WHERE key = 'wechat_connect_enabled'), 'false') <> 'true' THEN 'false'
             WHEN LOWER(TRIM(COALESCE((SELECT value FROM settings WHERE key = 'wechat_connect_mode'), 'open'))) = 'mp' THEN 'true'
             ELSE 'false'

backend/migrations/120_enforce_payment_orders_out_trade_no_unique_notx.sql

@@ -1,8 +1,6 @@
 -- Build the payment order uniqueness guarantee online.
 -- Create the new partial unique index concurrently first so writes keep flowing,
 -- then remove the legacy index name once the replacement is ready.
-DROP INDEX CONCURRENTLY IF EXISTS paymentorder_out_trade_no_unique;
-
 CREATE UNIQUE INDEX CONCURRENTLY IF NOT EXISTS paymentorder_out_trade_no_unique
     ON payment_orders (out_trade_no)
     WHERE out_trade_no <> '';

backend/migrations/123_fix_legacy_auth_source_grant_on_signup_defaults.sql

@@ -1,39 +1,3 @@
-WITH migration_110 AS (
-    SELECT applied_at
-    FROM schema_migrations
-    WHERE filename = '110_pending_auth_and_provider_default_grants.sql'
-),
-legacy_provider_defaults AS (
-    SELECT provider_type
-    FROM (
-        VALUES ('email'), ('linuxdo'), ('oidc'), ('wechat')
-    ) AS providers(provider_type)
-    CROSS JOIN migration_110
-    JOIN settings balance
-      ON balance.key = 'auth_source_default_' || providers.provider_type || '_balance'
-    JOIN settings concurrency
-      ON concurrency.key = 'auth_source_default_' || providers.provider_type || '_concurrency'
-    JOIN settings subscriptions
-      ON subscriptions.key = 'auth_source_default_' || providers.provider_type || '_subscriptions'
-    JOIN settings grant_on_signup
-      ON grant_on_signup.key = 'auth_source_default_' || providers.provider_type || '_grant_on_signup'
-    JOIN settings grant_on_first_bind
-      ON grant_on_first_bind.key = 'auth_source_default_' || providers.provider_type || '_grant_on_first_bind'
-    WHERE balance.value = '0'
-      AND concurrency.value = '5'
-      AND subscriptions.value = '[]'
-      AND grant_on_signup.value = 'true'
-      AND grant_on_first_bind.value = 'false'
-      AND balance.updated_at BETWEEN migration_110.applied_at - INTERVAL '1 minute' AND migration_110.applied_at + INTERVAL '1 minute'
-      AND concurrency.updated_at BETWEEN migration_110.applied_at - INTERVAL '1 minute' AND migration_110.applied_at + INTERVAL '1 minute'
-      AND subscriptions.updated_at BETWEEN migration_110.applied_at - INTERVAL '1 minute' AND migration_110.applied_at + INTERVAL '1 minute'
-      AND grant_on_signup.updated_at BETWEEN migration_110.applied_at - INTERVAL '1 minute' AND migration_110.applied_at + INTERVAL '1 minute'
-      AND grant_on_first_bind.updated_at BETWEEN migration_110.applied_at - INTERVAL '1 minute' AND migration_110.applied_at + INTERVAL '1 minute'
-)
-UPDATE settings
-SET
-    value = 'false',
-    updated_at = NOW()
-FROM legacy_provider_defaults
-WHERE settings.key = 'auth_source_default_' || legacy_provider_defaults.provider_type || '_grant_on_signup'
-  AND settings.value = 'true';
+-- Intentionally left as a no-op.
+-- Legacy installs may have intentionally kept the original signup grant defaults,
+-- and we cannot distinguish those cases safely from untouched migration 110 rows.

backend/migrations/auth_identity_payment_migrations_regression_test.go

@@ -24,6 +24,7 @@ func TestMigration118DoesNotForceOverwriteAuthSourceGrantDefaults(t *testing.T)
 	require.NotContains(t, sql, "UPDATE settings")
 	require.NotContains(t, sql, "SET value = 'false'")
 	require.True(t, strings.Contains(sql, "ON CONFLICT (key) DO NOTHING"))
+	require.Contains(t, sql, "THEN ''")
 }
 
 func TestAuthIdentityReportTypeWideningRunsBeforeLongReportWritersAndStillReconcilesAt121(t *testing.T) {
@@ -63,6 +64,7 @@ func TestMigration119DefersPaymentIndexRolloutToOnlineFollowup(t *testing.T) {
 
 	followupSQL := string(followupContent)
 	require.Contains(t, followupSQL, "CREATE UNIQUE INDEX CONCURRENTLY IF NOT EXISTS paymentorder_out_trade_no_unique")
+	require.NotContains(t, followupSQL, "DROP INDEX CONCURRENTLY IF EXISTS paymentorder_out_trade_no_unique")
 	require.Contains(t, followupSQL, "DROP INDEX CONCURRENTLY IF EXISTS paymentorder_out_trade_no")
 	require.Contains(t, followupSQL, "WHERE out_trade_no <> ''")
 
@@ -92,9 +94,7 @@ func TestMigration123BackfillsLegacyAuthSourceGrantDefaultsSafely(t *testing.T)
 	require.NoError(t, err)
 
 	sql := string(content)
-	require.Contains(t, sql, "110_pending_auth_and_provider_default_grants.sql")
-	require.Contains(t, sql, "schema_migrations")
-	require.Contains(t, sql, "updated_at")
-	require.Contains(t, sql, "'_grant_on_signup'")
-	require.Contains(t, sql, "value = 'false'")
+	require.Contains(t, sql, "Intentionally left as a no-op")
+	require.NotContains(t, sql, "UPDATE settings")
+	require.NotContains(t, sql, "value = 'false'")
 }