LinumIQ/linumiq-invoice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security hardening

Browse Source
This commit is contained in:
Gerhard Scheikl
2026-05-31 09:35:31 +02:00
parent d7d437a871
commit 01b4734477
31 changed files with 1234 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files
prisma/migrations/20260530205507_add_processed_webhook_status/migration.sql
+16
View File
@@ -0,0 +1,16 @@
-- RedefineTables
PRAGMA defer_foreign_keys=ON;
PRAGMA foreign_keys=OFF;
CREATE TABLE "new_ProcessedWebhook" (
"webhookId" TEXT NOT NULL PRIMARY KEY,
"topic" TEXT NOT NULL,
"shopDomain" TEXT NOT NULL,
"status" TEXT NOT NULL DEFAULT 'done',
"receivedAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
);
INSERT INTO "new_ProcessedWebhook" ("receivedAt", "shopDomain", "topic", "webhookId") SELECT "receivedAt", "shopDomain", "topic", "webhookId" FROM "ProcessedWebhook";
DROP TABLE "ProcessedWebhook";
ALTER TABLE "new_ProcessedWebhook" RENAME TO "ProcessedWebhook";
CREATE INDEX "ProcessedWebhook_shopDomain_topic_idx" ON "ProcessedWebhook"("shopDomain", "topic");
PRAGMA foreign_keys=ON;
PRAGMA defer_foreign_keys=OFF;
prisma/schema.prisma
+7
View File
@@ -188,6 +188,13 @@ model ProcessedWebhook {
webhookId String @id
topic String
shopDomain String
// Reserve/commit lifecycle for at-least-once side-effect processing:
// "processing" — reserved, side-effect work in flight (acts as the lock)
// "done" — work completed successfully; future retries are dropped
// A "processing" row older than the stale lease (see dedupe.server.ts) is
// treated as a crashed reservation and may be reclaimed. Existing rows
// migrated from the old (record-before-work) design default to "done".
status String @default("done")
receivedAt DateTime @default(now())
@@index([shopDomain, topic])