vocdoni / saas-backend / 27427219008
60%
main: 60%

LAST BUILD BRANCH: f/new_org_bundles_endpoint
DEFAULT BRANCH: main
Ran
Jobs 1
Files 94
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 60.268% (+0.2%) from 60.094%
27427219008

Pull #520

github

altergui 
refactor(notifications): unify API email sends with CSP queue infrastructure

Move the circuit-breaker and queue mechanics out of csp/notifications/ into the
top-level notifications/ package as generic, reusable types (Breaker, Queue,
QueueItem). The CSP queue becomes a thin wrapper that maps NotificationChallenge
↔ QueueItem via a Meta field and feeds NotificationsSent from the inner Done
channel — external interface unchanged.

Wire a notifications.Queue into api.API (created in New, started in Start).
Rewrite sendMail to enqueue asynchronously instead of blocking the request
goroutine on SendNotification. Add a queueNotification helper for pre-built
notifications and use it in organizationCreateTicket, which was previously
calling a.mail.SendNotification directly (no retry, no circuit-breaker).

Add CreatedAt to db.UserVerification (set in SetVerificationCode) and use it in
recoverUserPasswordHandler to enforce a 60-second per-account cooldown, matching
the rate-limiting intent of the CSP OTP system.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(notifications): drop stale OTP/code emails before delivery

Add ExpiresAt time.Time to QueueItem (and NotificationChallenge). The queue
checks this field at deliver-time, before attempting the send: if the content
has expired it gives up immediately rather than handing a dead OTP or
password-reset link to the SMTP provider.

Callers set the deadline at enqueue time:
- CSP OTP challenges: time.Now() + notificationCoolDownTime (default 60s)
- Account verification / password-reset emails: time.Now() + VerificationCodeExpiration (10m)
- Org invitations: time.Now() + InvitationExpiration (5d)
- Member-import completion: no expiry (time.Time{} zero value)

Also adds expiresAt time.Time parameter to sendMail so every call site is
explicit about whether the content has a validity window.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(csp): separate OTP challenge TTL from notificat... (continued)
Pull Request #520: refactor(notifications): unify API email sends with CSP queue infrastructure

264 of 322 new or added lines in 13 files covered. (81.99%)

4 existing lines in 2 files now uncovered.

8050 of 13357 relevant lines covered (60.27%)

43.2 hits per line

Uncovered Changes

Lines Coverage File
26
86.73
 notifications/queue.go
11
39.07
 -0.14% api/users.go
7
63.64
 -6.36% api/notifications.go
6
90.48
 6.57% csp/notifications/queue.go
4
72.32
 -0.1% api/organizations.go
2
92.31
 -0.38% api/api.go
1
0.0
 0.0% cmd/service/main.go
1
65.96
 0.29% csp/auth.go

Coverage Regressions

Lines Coverage File
3
81.25
 -6.25% csp/notifications/challenge.go
1
63.64
 -6.36% api/notifications.go
Jobs
ID Job ID Ran Files Coverage
1 27427219008.1 94
60.27
 GitHub Action Run
Source Files on build 27427219008