fix: critical P0+P1 issues for code quality score 9.0

P0 (Critical): - api.ts: Add transaction rollback on INSERT failure in /api/deposit/deduct - Restores balance if transaction record fails to insert - Logs rollback success/failure for audit trail - Maintains data consistency despite D1's non-transactional nature P1 (Important): - summary-service.ts: Replace double type assertions with Type Guards - Add D1BufferedMessageRow, D1SummaryRow interfaces - Add isBufferedMessageRow, isSummaryRow type guards - Runtime validation with compile-time type safety - Remove all `as unknown as` patterns - webhook.ts: Add integer range validation for callback queries - Add parseIntSafe() utility with min/max bounds - Validate domain registration price (0-10,000,000 KRW) - Prevent negative/overflow/NaN injection attacks - search-tool.ts: Implement KV caching for translation API - Cache Korean→English translations for 24 hours - Use RATE_LIMIT_KV namespace with 'translate:' prefix - Reduce redundant OpenAI API calls for repeated queries Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 23:59:18 +09:00
parent 1708d78526
commit 97d6aa2850
4 changed files with 161 additions and 35 deletions
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -203,13 +203,28 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
      ).bind(user.id, body.amount, body.reason).run();

      if (!transactionInsert.success) {
-        logger.error('거래 기록 INSERT 실패 (외부 API)', undefined, {
-          userId: user.id,
-          telegram_id: body.telegram_id,
-          amount: body.amount,
-          reason: body.reason,
-          context: 'api_deposit_deduct'
-        });
+        // 잔액 복구 시도 (rollback)
+        try {
+          await env.DB.prepare(
+            'UPDATE user_deposits SET balance = balance + ?, version = version + 1, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?'
+          ).bind(body.amount, user.id).run();
+
+          logger.error('거래 기록 INSERT 실패 - 잔액 복구 완료', undefined, {
+            userId: user.id,
+            telegram_id: body.telegram_id,
+            amount: body.amount,
+            reason: body.reason,
+            context: 'api_deposit_deduct_rollback'
+          });
+        } catch (rollbackError) {
+          logger.error('잔액 복구 실패 - 수동 확인 필요', rollbackError as Error, {
+            userId: user.id,
+            telegram_id: body.telegram_id,
+            amount: body.amount,
+            context: 'api_deposit_deduct_rollback_failed'
+          });
+        }
+
        return Response.json({
          error: 'Transaction processing failed',
          message: '거래 처리 실패 - 관리자에게 문의하세요'