oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
3,174 Commits 2 Branches 0 Tags
9d1751ec57957547b0eb5d3bdf758c2ec82a3e37
Commit Graph

27 Commits

Author SHA1 Message Date
shaw
aa8ee33b0a refactor(affiliate): tighten DI and harden inviter code validation 
- Drop SetAffiliateService setters and ProvideAuthService /
  ProvidePaymentService / ProvideUserHandler wrappers in favor of direct
  Wire constructor injection. AffiliateService has no back-edge to
  Auth/Payment/User, so the indirection was never required.
- Change RegisterWithVerification's variadic affiliateCode to a fixed
  parameter; adjust all call sites.
- Validate aff_code length and charset in BindInviterByCode before any
  DB lookup, eliminating timing-side-channel and useless DB roundtrips
  on malformed input.
- Make affiliate cache invalidation synchronous; surface Redis errors
  via the project logger instead of swallowing them in a detached
  goroutine.
- Add an integration test guarding cross-layer tx propagation in
  AccrueQuota and a unit test pinning the aff_code format rules.
 2026-04-25 08:44:18 +08:00
IanShaw027
82259d1380 fix(auth): preserve resolved token version on oauth login 2026-04-22 16:01:25 +08:00
IanShaw027
36aed35957 fix(auth): harden oauth identity upgrade paths 2026-04-22 14:56:56 +08:00
IanShaw027
83cad63ce0 fix(auth): harden oauth callback adoption flows 2026-04-22 13:19:20 +08:00
IanShaw027
767f2f2dfe fix(auth): harden pending oauth and backend mode flows 2026-04-22 12:30:00 +08:00
IanShaw027
be9df2bea7 fix(auth): scrub legacy pending oauth tokens on upgrade 2026-04-22 11:29:05 +08:00
IanShaw027
454873221c test(auth): strengthen pending oauth legacy token assertions 2026-04-22 11:18:09 +08:00
IanShaw027
ca1f30a911 fix(auth): harden pending oauth session consumption 2026-04-22 11:17:38 +08:00
IanShaw027
b13e34f831 fix(ci): align auth and payment verification tests 2026-04-22 02:32:53 +08:00
IanShaw027
d4c0a99114 feat(auth): support unbinding third-party identities 2026-04-22 00:54:38 +08:00
IanShaw027
e4cfcae652 fix: reassign oauth adoption decisions on repeat login 2026-04-21 23:39:21 +08:00
IanShaw027
11db3989ce Fix repeated OAuth adoption prompt for existing logins 2026-04-21 23:35:59 +08:00
IanShaw027
d5819181ea feat(auth): reclaim stale identities and refresh profile UI 2026-04-21 07:49:40 -07:00
IanShaw027
d08757ce9e refactor(admin): remove auth migration reports 2026-04-21 17:34:18 +08:00
IanShaw027
7e89bca5e6 fix: tighten pending oauth email routing and binding state 2026-04-21 10:41:29 +08:00
IanShaw027
dcd5c43da4 feat: complete email binding and pending oauth verification flows 2026-04-21 10:00:06 +08:00
IanShaw027
09351e9459 fix auth completion and payment resume hardening 2026-04-21 08:23:26 +08:00
IanShaw027
7c6491c2d3 fix auth pending session hardening 2026-04-21 01:45:25 +08:00
IanShaw027
e4fe9fae2a Fix profile refresh identity compatibility 2026-04-21 00:42:55 +08:00
IanShaw027
9204145746 Close profile identity and avatar loop 2026-04-21 00:11:03 +08:00
IanShaw027
aaf4946b27 fix: normalize pending oauth email lookups 2026-04-20 21:59:03 +08:00
IanShaw027
5adefb466b fix: finalize oauth identity bindings 2026-04-20 21:24:33 +08:00
IanShaw027
fb6204ea8b feat: apply oauth first-bind defaults and pending bind 2fa 2026-04-20 19:53:22 +08:00
IanShaw027
6a75bd77e3 feat: add pending oauth email onboarding flow 2026-04-20 19:30:09 +08:00
IanShaw027
c6d8592484 feat: add profile auth identity binding flow 2026-04-20 18:28:44 +08:00
IanShaw027
e9de839d87 feat: rebuild auth identity foundation flow 2026-04-20 17:39:57 +08:00
IanShaw027
fbd0a2e3c4 feat: carry suggested third-party profile through pending oauth 2026-04-20 16:27:23 +08:00