kaffa/telegram-bot-workers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
72 Commits 1 Branch 0 Tags
97d6aa28502dcded2c0bf1a17a90594a843c07d5
Commit Graph

7 Commits

Author SHA1 Message Date
kappa
97d6aa2850 fix: critical P0+P1 issues for code quality score 9.0 
P0 (Critical):
- api.ts: Add transaction rollback on INSERT failure in /api/deposit/deduct
  - Restores balance if transaction record fails to insert
  - Logs rollback success/failure for audit trail
  - Maintains data consistency despite D1's non-transactional nature

P1 (Important):
- summary-service.ts: Replace double type assertions with Type Guards
  - Add D1BufferedMessageRow, D1SummaryRow interfaces
  - Add isBufferedMessageRow, isSummaryRow type guards
  - Runtime validation with compile-time type safety
  - Remove all `as unknown as` patterns

- webhook.ts: Add integer range validation for callback queries
  - Add parseIntSafe() utility with min/max bounds
  - Validate domain registration price (0-10,000,000 KRW)
  - Prevent negative/overflow/NaN injection attacks

- search-tool.ts: Implement KV caching for translation API
  - Cache Korean→English translations for 24 hours
  - Use RATE_LIMIT_KV namespace with 'translate:' prefix
  - Reduce redundant OpenAI API calls for repeated queries

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-19 23:59:18 +09:00
kappa
1708d78526 fix: apply optimistic locking to deposit API and add weather types 
Security (P1):
- Add optimistic locking to /api/deposit/deduct endpoint
- Prevent race conditions on concurrent balance deductions
- Return 409 Conflict on version mismatch with retry hint

Type Safety (P1):
- Add WttrResponse, WttrCurrentCondition, WttrWeatherDay types
- Remove `as any` from weather-tool.ts
- Add safety checks for malformed API responses

Both P1 issues from security review resolved.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-19 23:49:16 +09:00
kappa
45e0677ab0 refactor: code quality improvements (P3) 
## Type Safety
- Add zod runtime validation for external API responses
  * Namecheap API responses (domain-register.ts)
  * n8n webhook responses (n8n-service.ts)
  * User request bodies (routes/api.ts)
  * Replaced unsafe type assertions with safeParse()
  * Proper error handling and logging

## Dead Code Removal
- Remove unused callDepositAgent function (127 lines)
  * Legacy Assistants API code no longer needed
  * Now using direct code execution
  * File reduced from 469 → 345 lines (26.4% reduction)

## Configuration Management
- Extract hardcoded URLs to environment variables
  * Added 7 new vars in wrangler.toml:
    OPENAI_API_BASE, NAMECHEAP_API_URL, WHOIS_API_URL,
    CONTEXT7_API_BASE, BRAVE_API_BASE, WTTR_IN_URL, HOSTING_SITE_URL
  * Updated Env interface in types.ts
  * All URLs have fallback to current production values
  * Enables environment-specific configuration (dev/staging/prod)

## Dependencies
- Add zod 4.3.5 for runtime type validation

## Files Modified
- Configuration: wrangler.toml, types.ts, package.json
- Services: 11 TypeScript files with URL/validation updates
- Total: 15 files, +196/-189 lines

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-19 22:06:01 +09:00
kappa
4f68dd3ebb fix: critical security and data integrity improvements (P1/P2) 
## P1 Critical Issues
- Add D1 batch result verification to prevent partial transaction failures
  * deposit-agent.ts: deposit confirmation and admin approval
  * domain-register.ts: domain registration payment
  * deposit-matcher.ts: SMS auto-matching
  * summary-service.ts: profile system updates
  * routes/api.ts: external API deposit deduction

- Remove internal error details from API responses
  * All 500 errors now return generic "Internal server error"
  * Detailed errors logged internally via console.error

- Enforce WEBHOOK_SECRET validation
  * Reject requests when WEBHOOK_SECRET is not configured
  * Prevent accidental production deployment without security

## P2 High Priority Issues
- Add SQL LIMIT parameter validation (1-100 range)
- Enforce CORS Origin header validation for /api/contact
- Optimize domain suggestion API calls (parallel processing)
  * 80% performance improvement for TLD price fetching
  * Individual error handling per TLD
- Add sensitive data masking in logs (user IDs)
  * New maskUserId() helper function
  * GDPR compliance for user privacy

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-19 21:53:18 +09:00
kappa
410676e322 feat(domain): enhance domain info lookup & handler refactoring 
- 도메인 조회(info): 내 도메인 아니면 자동으로 WHOIS 조회 (naver.com 등 지원)
- SMS 파싱: 정규식 실패 시 AI 폴백 로직 추가
- 리팩토링: UserService, ConversationService 분리
- 문서: README.md 및 CODE_REVIEW.md 업데이트
 2026-01-19 17:12:07 +09:00
kappa
c0e47482c4 feat(phase-5-3): 모니터링 강화 
logger.ts, metrics.ts, /api/metrics 추가
Version: e3bcb4ae
 2026-01-19 16:43:36 +09:00
kappa
ab6c9a2efa refactor: 파일 분리 리팩토링 (routes, services, tools, utils) 
아키텍처 개선:
- index.ts: 921줄 → 205줄 (77% 감소)
- openai-service.ts: 1,356줄 → 148줄 (89% 감소)

새로운 디렉토리 구조:
- src/routes/ - Webhook, API, Health check 핸들러
  - webhook.ts (287줄)
  - api.ts (318줄)
  - health.ts (14줄)

- src/services/ - 비즈니스 로직
  - bank-sms-parser.ts (143줄)
  - deposit-matcher.ts (88줄)

- src/tools/ - Function Calling 도구 모듈화
  - weather-tool.ts (37줄)
  - search-tool.ts (156줄)
  - domain-tool.ts (725줄)
  - deposit-tool.ts (183줄)
  - utility-tools.ts (60줄)
  - index.ts (104줄) - 도구 레지스트리

- src/utils/ - 유틸리티 함수
  - email-decoder.ts - Quoted-Printable 디코더

타입 에러 수정:
- routes/webhook.ts: text undefined 체크
- summary-service.ts: D1 타입 캐스팅
- summary-service.ts: Workers AI 타입 처리
- n8n-service.ts: Workers AI 타입 + 미사용 변수 제거

빌드 검증:
- TypeScript 타입 체크 통과
- Wrangler dev 로컬 빌드 성공

문서:
- REFACTORING_SUMMARY.md 추가
- ROUTE_ARCHITECTURE.md 추가

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-19 15:36:17 +09:00