qzl/eryao
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: preserve points balance across account re-registration

Browse Source 
Persist a per-email balance snapshot before account deletion and restore it on same-email re-registration, preventing both unintended balance reset and repeated signup bonus grants.
This commit is contained in:
qzl
2026-04-13 11:28:58 +08:00
parent ed8c2e3058
commit c55be6d3fd
9 changed files with 223 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/protocols/common/user-points-chat-data-protocol.md
+4 -3
View File
@@ -4,7 +4,7 @@ This protocol defines the canonical data contract for user profile, points accou
Protocol verification status:
- Last audited migration: `backend/alembic/versions/20260411_0003_points_audit_and_register_bonus_claims.py`
- Last audited migration: `backend/alembic/versions/20260413_0004_register_bonus_claims_snapshot.py`
- Last audited models: `backend/src/models/profile.py`, `backend/src/models/user_points.py`, `backend/src/models/points_ledger.py`, `backend/src/models/points_audit_ledger.py`, `backend/src/models/register_bonus_claims.py`, `backend/src/models/agent_chat_session.py`, `backend/src/models/agent_chat_message.py`
- Current status: aligned with register bonus moved to application service
@@ -95,13 +95,14 @@ Protocol verification status:
### register_bonus_claims
- PK: `id`
- Core fields: `email_hash`, `user_email_snapshot`, `first_user_id`, `grant_event_id`, `created_at`, `updated_at`
- Core fields: `email_hash`, `user_email_snapshot`, `first_user_id_snapshot`, `balance_snapshot`, `grant_event_id`, `created_at`, `updated_at`
- Constraints:
- `email_hash` unique
- `grant_event_id` unique
- Notes:
- `email_hash` must be HMAC-SHA256 over normalized email (`trim + lower`)
- key source: backend config `points_policy.register_bonus_hmac_key`
- `balance_snapshot` stores the latest pre-delete account balance for same-email re-registration recovery
#### points_ledger.metadata (schema_version=1)
@@ -145,7 +146,7 @@ JSON constraints:
- Function: `public.initialize_profile_and_invite_code_on_signup()`
- Side effects: profile init + invite code init
- Application service (in `POST /auth/email-session`):
- `grant_register_bonus_if_eligible()` grants register bonus via `register_bonus_claims` ledger
- `grant_register_bonus_if_eligible()` restores `balance_snapshot` first when present; otherwise grants register bonus via `register_bonus_claims`
- Bonus amount from `config.points_policy.register_bonus_points`
### sessions