groombook-cto[bot]
d433c902b4
* Fix invoice status transitions, tip-split validation, refund idempotency, and tip-split response format - Add ALLOWED_TRANSITIONS state machine for invoice status changes (GRO-637) - Replace floating-point tip-split validation with integer basis-points math - Add idempotency key support to refund endpoint with new refunds table - Return full invoice shape from POST /:id/tip-splits matching GET response - All existing tests pass Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(invoices): wrap refund flow in transaction for idempotency safety - Wrap idempotency check + processRefund() + db.insert() in db.transaction() - This prevents duplicate Stripe refunds if the DB insert fails after Stripe processes the refund - Add migration 0027_refunds for the refunds table (was missing) - Removes out-of-scope changes from PR #278 (csrf.ts, appointmentGroups, appointments, book, groomingLogs, services, stripe-webhooks) Fixes GRO-637 per CTO review Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(api): wire up CSRF middleware for protected routes Register csrfMiddleware in the protected API routes after authMiddleware and resolveStaffMiddleware to protect against CSRF attacks on state- changing operations (POST, PUT, PATCH, DELETE). Addresses CTO review feedback on PR #278. * fix(api): remove CSRF middleware that breaks POST/PUT/PATCH/DELETE The CSRF middleware requires x-csrf-token header but the frontend never sends it, which would break all mutating operations with 403 errors. CSRF protection should be implemented in a separate coordinated PR with frontend changes. Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: Flea Flicker <flea-flicker@groombook.ai>
202 lines
4.0 KiB
JSON
202 lines
4.0 KiB
JSON
{
|
|
"version": "7",
|
|
"dialect": "postgresql",
|
|
"entries": [
|
|
{
|
|
"idx": 0,
|
|
"version": "7",
|
|
"when": 1773771452946,
|
|
"tag": "0000_colossal_colossus",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 1,
|
|
"version": "7",
|
|
"when": 1742241600000,
|
|
"tag": "0001_pet_health_alerts",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 2,
|
|
"version": "7",
|
|
"when": 1773777600000,
|
|
"tag": "0002_invoices",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 3,
|
|
"version": "7",
|
|
"when": 1742169600000,
|
|
"tag": "0003_recurring_series",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 4,
|
|
"version": "7",
|
|
"when": 1773779939000,
|
|
"tag": "0004_reminder_logs",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 5,
|
|
"version": "7",
|
|
"when": 1773783000000,
|
|
"tag": "0005_appointment_groups",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 6,
|
|
"version": "7",
|
|
"when": 1773783600000,
|
|
"tag": "0006_pet_profile_attributes",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 7,
|
|
"version": "7",
|
|
"when": 1773820800000,
|
|
"tag": "0007_tip_splitting",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 8,
|
|
"version": "7",
|
|
"when": 1773907200000,
|
|
"tag": "0008_business_settings",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 9,
|
|
"version": "7",
|
|
"when": 1773993600000,
|
|
"tag": "0009_client_soft_delete",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 10,
|
|
"version": "7",
|
|
"when": 1742500800000,
|
|
"tag": "0010_impersonation_sessions",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 11,
|
|
"version": "7",
|
|
"when": 1742587200000,
|
|
"tag": "0011_impersonation_indexes",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 12,
|
|
"version": "7",
|
|
"when": 1774080000000,
|
|
"tag": "0012_pet_photo",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 13,
|
|
"version": "7",
|
|
"when": 1774166400000,
|
|
"tag": "0013_appointment_confirmation",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 14,
|
|
"version": "7",
|
|
"when": 1774252800000,
|
|
"tag": "0014_customer_notes",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 15,
|
|
"version": "7",
|
|
"when": 1774339200000,
|
|
"tag": "0015_waitlist",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 16,
|
|
"version": "7",
|
|
"when": 1774425600000,
|
|
"tag": "0016_ical_token",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 17,
|
|
"version": "7",
|
|
"when": 1774512000000,
|
|
"tag": "0017_better_auth_tables",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 18,
|
|
"version": "7",
|
|
"when": 1774598400000,
|
|
"tag": "0018_backfill_staff_user_id",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 19,
|
|
"version": "7",
|
|
"when": 1774729055924,
|
|
"tag": "0019_concerned_sunfire",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 20,
|
|
"version": "7",
|
|
"when": 1775050467192,
|
|
"tag": "0020_typical_daimon_hellstrom",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 21,
|
|
"version": "7",
|
|
"when": 1775136867192,
|
|
"tag": "0021_pet_image",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 22,
|
|
"version": "7",
|
|
"when": 1775223267192,
|
|
"tag": "0022_logo_key",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 23,
|
|
"version": "7",
|
|
"when": 1775309667192,
|
|
"tag": "0023_auth_provider_config",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 24,
|
|
"version": "7",
|
|
"when": 1775396067192,
|
|
"tag": "0024_invoice_indexes",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 25,
|
|
"version": "7",
|
|
"when": 1775482467192,
|
|
"tag": "0025_rate_limit",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 26,
|
|
"version": "7",
|
|
"when": 1775568867192,
|
|
"tag": "0026_stripe_payment",
|
|
"breakpoints": true
|
|
},
|
|
{
|
|
"idx": 27,
|
|
"version": "7",
|
|
"when": 1775655267192,
|
|
"tag": "0027_refunds",
|
|
"breakpoints": true
|
|
}
|
|
]
|
|
} |