Harden forward-auth, per-user isolation, and budget accuracy

Code-review fixes on the Authentik/budget/Resend work:

- UpsertForwardUser: avoid 500 lockout on username UNIQUE collision and
  on the concurrent first-login race; normalize emails (lower+trim) so
  case variants don't create duplicate accounts.
- Centralize email management in Authentik: when forward-auth mode is on,
  email is read-only in Veola for every user (not just forward rows);
  pure-local deployments keep editable email for Resend.
- Fail closed on per-user isolation: ownedItem rejects uid==0/orphaned
  items; dashboard and global results error on a userless request.
- Budget accuracy: count Apify usage only after a successful run, and
  count the billed Test Apify run.
- Efficiency: resolve the deal-email recipient once per poll; build the
  settings page once in PostEmailPrefs.
This commit is contained in:
prosolis
2026-06-20 14:05:04 -07:00
parent feea126c5e
commit 4fb1a4553e
10 changed files with 174 additions and 78 deletions

View File

@@ -1,6 +1,7 @@
package handlers
import (
"errors"
"net/http"
"veola/internal/db"
@@ -31,6 +32,11 @@ func (a *App) GetDashboardRefresh(w http.ResponseWriter, r *http.Request) {
func (a *App) dashboardData(r *http.Request) (templates.DashboardData, error) {
uid := a.userID(r)
// Fail closed: every store method below treats ownerID 0 as "all owners",
// so a userless request must error rather than render cross-tenant data.
if uid == 0 {
return templates.DashboardData{}, errors.New("dashboard: no authenticated user in context")
}
stats, err := a.Store.GetDashboardStatsForUser(r.Context(), uid)
if err != nil {
return templates.DashboardData{}, err