tenseleyflow/shithub / 28e7461

+// IsBillingEventStaleForPrincipal reports whether an incoming Stripe

+// event's timestamp is older than the last event we've already applied

+// for this principal. PRO08 D4: the handler refuses stale events so

+// reverse-ordered retries can't regress state (e.g., a stale

+// subscription.updated[active] arriving after a fresh

+// subscription.updated[canceled] re-activating the principal).

+//

+// Returns false when there's no prior event on file (the first event

+// is never stale) or when the row simply doesn't exist (defaults to

+// allow; the caller's own ErrNoRows path handles missing-state).

+func IsBillingEventStaleForPrincipal(ctx context.Context, deps Deps, p Principal, eventAt time.Time) (bool, error) {

+	if err := validateDeps(deps); err != nil {

+		return false, err

+	}

+	if err := p.Validate(); err != nil {

+		return false, err

+	}

+	if eventAt.IsZero() {

+		return false, nil

+	}

+	q := billingdb.New()

+	switch p.Kind {

+	case SubjectKindOrg:

+		stale, err := q.IsOrgBillingEventStale(ctx, deps.Pool, billingdb.IsOrgBillingEventStaleParams{

+			OrgID:   p.ID,

+			EventAt: pgTime(eventAt),

+		})

+		if err != nil {

+			if errors.Is(err, pgx.ErrNoRows) {

+				return false, nil

+			}

+			return false, err

+		}

+		return stale, nil

+	case SubjectKindUser:

+		stale, err := q.IsUserBillingEventStale(ctx, deps.Pool, billingdb.IsUserBillingEventStaleParams{

+			UserID:  p.ID,

+			EventAt: pgTime(eventAt),

+		})

+		if err != nil {

+			if errors.Is(err, pgx.ErrNoRows) {

+				return false, nil

+			}

+			return false, err

+		}

+		return stale, nil

+	}

+	return false, nil

+}

+

+// TouchBillingLastEventAtForPrincipal bumps last_event_at on the

+// principal's billing-state row. PRO08 D4: called after a successful

+// apply so subsequent staleness checks have a baseline. The query

+// uses GREATEST(prev, incoming) so an out-of-order-but-recent retry

+// doesn't regress the timestamp.

+func TouchBillingLastEventAtForPrincipal(ctx context.Context, deps Deps, p Principal, eventAt time.Time) error {

+	if err := validateDeps(deps); err != nil {

+		return err

+	}

+	if err := p.Validate(); err != nil {

+		return err

+	}

+	if eventAt.IsZero() {

+		return nil

+	}

+	q := billingdb.New()

+	switch p.Kind {

+	case SubjectKindOrg:

+		return q.TouchOrgBillingLastEventAt(ctx, deps.Pool, billingdb.TouchOrgBillingLastEventAtParams{

+			OrgID:   p.ID,

+			EventAt: pgTime(eventAt),

+		})

+	case SubjectKindUser:

+		return q.TouchUserBillingLastEventAt(ctx, deps.Pool, billingdb.TouchUserBillingLastEventAtParams{

+			UserID:  p.ID,

+			EventAt: pgTime(eventAt),

+		})

+	}

+	return nil

+}

+

+-- name: IsOrgBillingEventStale :one

+-- PRO08 D4: returns true when an incoming Stripe event's timestamp

+-- is older than the last event we've already applied for this org.

+-- Stripe doesn't guarantee delivery order across retries; without

+-- this guard a stale `subscription.updated[active]` could re-activate

+-- a canceled subscription. Returns false when no prior event has

+-- been recorded (last_event_at IS NULL) — the first event is never

+-- stale.

+SELECT COALESCE(last_event_at > sqlc.arg(event_at)::timestamptz, false)::boolean AS stale

+  FROM org_billing_states

+ WHERE org_id = sqlc.arg(org_id)::bigint;

+

+-- name: IsUserBillingEventStale :one

+SELECT COALESCE(last_event_at > sqlc.arg(event_at)::timestamptz, false)::boolean AS stale

+  FROM user_billing_states

+ WHERE user_id = sqlc.arg(user_id)::bigint;

+

+-- name: TouchOrgBillingLastEventAt :exec

+-- PRO08 D4: bump last_event_at on successful apply. Conditional so

+-- a fresh apply driven by an out-of-order-but-recent retry doesn't

+-- regress the timestamp (GREATEST). NULL last_event_at acquires the

+-- incoming value.

+UPDATE org_billing_states

+   SET last_event_at = GREATEST(COALESCE(last_event_at, sqlc.arg(event_at)::timestamptz), sqlc.arg(event_at)::timestamptz)

+ WHERE org_id = sqlc.arg(org_id)::bigint;

+

+-- name: TouchUserBillingLastEventAt :exec

+UPDATE user_billing_states

+   SET last_event_at = GREATEST(COALESCE(last_event_at, sqlc.arg(event_at)::timestamptz), sqlc.arg(event_at)::timestamptz)

+ WHERE user_id = sqlc.arg(user_id)::bigint;

+

+    RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+    RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+    RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+    RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM org_billing_states WHERE org_id = $1

+		&i.LastEventAt,

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM org_billing_states

+		&i.LastEventAt,

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM org_billing_states

+		&i.LastEventAt,

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM user_billing_states WHERE user_id = $1

+		&i.LastEventAt,

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM user_billing_states

+		&i.LastEventAt,

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM user_billing_states

+		&i.LastEventAt,

+const isOrgBillingEventStale = `-- name: IsOrgBillingEventStale :one

+SELECT COALESCE(last_event_at > $1::timestamptz, false)::boolean AS stale

+  FROM org_billing_states

+ WHERE org_id = $2::bigint

+`

+

+type IsOrgBillingEventStaleParams struct {

+	EventAt pgtype.Timestamptz

+	OrgID   int64

+}

+

+// PRO08 D4: returns true when an incoming Stripe event's timestamp

+// is older than the last event we've already applied for this org.

+// Stripe doesn't guarantee delivery order across retries; without

+// this guard a stale `subscription.updated[active]` could re-activate

+// a canceled subscription. Returns false when no prior event has

+// been recorded (last_event_at IS NULL) — the first event is never

+// stale.

+func (q *Queries) IsOrgBillingEventStale(ctx context.Context, db DBTX, arg IsOrgBillingEventStaleParams) (bool, error) {

+	row := db.QueryRow(ctx, isOrgBillingEventStale, arg.EventAt, arg.OrgID)

+	var stale bool

+	err := row.Scan(&stale)

+	return stale, err

+}

+

+const isUserBillingEventStale = `-- name: IsUserBillingEventStale :one

+SELECT COALESCE(last_event_at > $1::timestamptz, false)::boolean AS stale

+  FROM user_billing_states

+ WHERE user_id = $2::bigint

+`

+

+type IsUserBillingEventStaleParams struct {

+	EventAt pgtype.Timestamptz

+	UserID  int64

+}

+

+func (q *Queries) IsUserBillingEventStale(ctx context.Context, db DBTX, arg IsUserBillingEventStaleParams) (bool, error) {

+	row := db.QueryRow(ctx, isUserBillingEventStale, arg.EventAt, arg.UserID)

+	var stale bool

+	err := row.Scan(&stale)

+	return stale, err

+}

+

+    RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+		&i.LastEventAt,

+    RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+    RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+		&i.LastEventAt,

+    RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+SELECT user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at FROM state

+	LastEventAt              pgtype.Timestamptz

+		&i.LastEventAt,

+RETURNING org_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, billable_seats, seat_snapshot_at, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+		&i.LastEventAt,

+RETURNING user_id, provider, stripe_customer_id, stripe_subscription_id, stripe_subscription_item_id, plan, subscription_status, current_period_start, current_period_end, cancel_at_period_end, trial_end, past_due_at, canceled_at, locked_at, lock_reason, grace_until, last_webhook_event_id, created_at, updated_at, last_event_at

+		&i.LastEventAt,

+const touchOrgBillingLastEventAt = `-- name: TouchOrgBillingLastEventAt :exec

+UPDATE org_billing_states

+   SET last_event_at = GREATEST(COALESCE(last_event_at, $1::timestamptz), $1::timestamptz)

+ WHERE org_id = $2::bigint

+`

+

+type TouchOrgBillingLastEventAtParams struct {

+	EventAt pgtype.Timestamptz

+	OrgID   int64

+}

+

+// PRO08 D4: bump last_event_at on successful apply. Conditional so

+// a fresh apply driven by an out-of-order-but-recent retry doesn't

+// regress the timestamp (GREATEST). NULL last_event_at acquires the

+// incoming value.

+func (q *Queries) TouchOrgBillingLastEventAt(ctx context.Context, db DBTX, arg TouchOrgBillingLastEventAtParams) error {

+	_, err := db.Exec(ctx, touchOrgBillingLastEventAt, arg.EventAt, arg.OrgID)

+	return err

+}

+

+const touchUserBillingLastEventAt = `-- name: TouchUserBillingLastEventAt :exec

+UPDATE user_billing_states

+   SET last_event_at = GREATEST(COALESCE(last_event_at, $1::timestamptz), $1::timestamptz)

+ WHERE user_id = $2::bigint

+`

+

+type TouchUserBillingLastEventAtParams struct {

+	EventAt pgtype.Timestamptz

+	UserID  int64

+}

+

+func (q *Queries) TouchUserBillingLastEventAt(ctx context.Context, db DBTX, arg TouchUserBillingLastEventAtParams) error {

+	_, err := db.Exec(ctx, touchUserBillingLastEventAt, arg.EventAt, arg.UserID)

+	return err

+}

+

+	// PRO08 D4: returns true when an incoming Stripe event's timestamp

+	// is older than the last event we've already applied for this org.

+	// Stripe doesn't guarantee delivery order across retries; without

+	// this guard a stale `subscription.updated[active]` could re-activate

+	// a canceled subscription. Returns false when no prior event has

+	// been recorded (last_event_at IS NULL) — the first event is never

+	// stale.

+	IsOrgBillingEventStale(ctx context.Context, db DBTX, arg IsOrgBillingEventStaleParams) (bool, error)

+	IsUserBillingEventStale(ctx context.Context, db DBTX, arg IsUserBillingEventStaleParams) (bool, error)

+	// PRO08 D4: bump last_event_at on successful apply. Conditional so

+	// a fresh apply driven by an out-of-order-but-recent retry doesn't

+	// regress the timestamp (GREATEST). NULL last_event_at acquires the

+	// incoming value.

+	TouchOrgBillingLastEventAt(ctx context.Context, db DBTX, arg TouchOrgBillingLastEventAtParams) error

+	TouchUserBillingLastEventAt(ctx context.Context, db DBTX, arg TouchUserBillingLastEventAtParams) error