fix(api): tenant-проверка account/template в CreateDomain (HIGH), атомарный import через транзакцию (MEDIUM)

This commit is contained in:
2026-07-03 15:08:16 +07:00
parent ae6a4d7f4c
commit 2aca92d070
5 changed files with 288 additions and 11 deletions
+55
View File
@@ -7,6 +7,7 @@ import (
"github.com/google/uuid"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/vasyakrg/dns-autoresolver/internal/provider"
"github.com/vasyakrg/dns-autoresolver/internal/store/db"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
@@ -88,3 +89,57 @@ func TestTemplateJSONBRoundTrip(t *testing.T) {
t.Fatal(err)
}
}
func TestImportDomains_CommitsAllOnSuccess(t *testing.T) {
s, ctx := newStore(t)
acc, err := s.Queries().CreateAccount(ctx, db.CreateAccountParams{
ID: uuid.New(), ProjectID: defaultProject, Provider: "selectel", SecretEnc: "enc-blob",
})
if err != nil {
t.Fatal(err)
}
zones := []provider.Zone{
{ID: "z1", Name: "a.example.com"},
{ID: "z2", Name: "b.example.com"},
}
doms, err := s.ImportDomains(ctx, defaultProject, acc.ID, zones)
if err != nil {
t.Fatal(err)
}
if len(doms) != 2 {
t.Fatalf("expected 2 domains returned, got %d", len(doms))
}
list, err := s.ListDomains(ctx, defaultProject)
if err != nil {
t.Fatal(err)
}
if len(list) != 2 {
t.Fatalf("expected 2 persisted domains, got %d", len(list))
}
}
// TestImportDomains_RollsBackAllOnError verifies the transactional contract:
// if any zone in the batch fails to insert (here, an FK violation because
// the account doesn't exist), none of the batch is left committed.
func TestImportDomains_RollsBackAllOnError(t *testing.T) {
s, ctx := newStore(t)
bogusAccountID := uuid.New() // no matching provider_accounts row
zones := []provider.Zone{
{ID: "z1", Name: "a.example.com"},
{ID: "z2", Name: "b.example.com"},
}
if _, err := s.ImportDomains(ctx, defaultProject, bogusAccountID, zones); err == nil {
t.Fatal("expected FK violation error, got nil")
}
list, err := s.ListDomains(ctx, defaultProject)
if err != nil {
t.Fatal(err)
}
if len(list) != 0 {
t.Fatalf("expected 0 domains after rollback, got %d", len(list))
}
}
+39
View File
@@ -5,6 +5,7 @@ import (
"github.com/google/uuid"
"github.com/vasyakrg/dns-autoresolver/internal/provider"
"github.com/vasyakrg/dns-autoresolver/internal/store/db"
"github.com/vasyakrg/dns-autoresolver/internal/store/dto"
)
@@ -109,6 +110,16 @@ func (s *Store) DeleteTemplate(ctx context.Context, id, projectID uuid.UUID) err
return s.q.DeleteTemplate(ctx, db.DeleteTemplateParams{ID: id, ProjectID: projectID})
}
// GetTemplate is a scoped lookup used to verify a template belongs to
// projectID before it is referenced elsewhere (e.g. CreateDomain).
func (s *Store) GetTemplate(ctx context.Context, id, projectID uuid.UUID) (Template, error) {
t, err := s.q.GetTemplate(ctx, db.GetTemplateParams{ID: id, ProjectID: projectID})
if err != nil {
return Template{}, err
}
return templateFromDB(t), nil
}
type Domain struct {
ID uuid.UUID
ProjectID uuid.UUID
@@ -151,3 +162,31 @@ func (s *Store) ListDomains(ctx context.Context, projectID uuid.UUID) ([]Domain,
func (s *Store) DeleteDomain(ctx context.Context, id, projectID uuid.UUID) error {
return s.q.DeleteDomain(ctx, db.DeleteDomainParams{ID: id, ProjectID: projectID})
}
// ImportDomains creates one domain per zone inside a single transaction: if
// any zone fails to be created, the whole batch is rolled back so callers
// never observe a partially-imported set of domains.
func (s *Store) ImportDomains(ctx context.Context, projectID, accountID uuid.UUID, zones []provider.Zone) ([]Domain, error) {
tx, err := s.pool.Begin(ctx)
if err != nil {
return nil, err
}
defer tx.Rollback(ctx) // no-op once Commit has succeeded
q := s.q.WithTx(tx)
out := make([]Domain, 0, len(zones))
for _, z := range zones {
d, err := q.CreateDomain(ctx, db.CreateDomainParams{
ID: uuid.New(), ProjectID: projectID, ProviderAccountID: accountID,
ZoneName: z.Name, ZoneID: z.ID, TemplateID: nil,
})
if err != nil {
return nil, err
}
out = append(out, domainFromDB(d))
}
if err := tx.Commit(ctx); err != nil {
return nil, err
}
return out, nil
}