`5690fdf`

billing: TryAcquireWebhookEventLock sqlc query (transaction-scoped advisory lock)

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 5 hours ago

Status	File	+
M	`internal/billing/queries/billing.sql`	13
M	`internal/billing/sqlc/billing.sql.go`	21
M	`internal/billing/sqlc/querier.go`	11

internal/billing/queries/billing.sqlmodified

   WHERE provider = 'stripe'
     AND provider_event_id = sqlc.arg(provider_event_id)::text;
 +-- name: TryAcquireWebhookEventLock :one
 +-- PRO08 A3: transaction-scoped advisory lock keyed on the hash of
 +-- the provider_event_id. Two concurrent webhook deliveries for the
 +-- same event_id race past CreateWebhookEventReceipt before either has
 +-- marked it processed; without serialization, both proceed to apply
 +-- and double-mutate state. This lock makes the apply path mutually
 +-- exclusive per event. Returns true when acquired; false means
 +-- another worker holds it — caller should let Stripe retry.
 +--
 +-- pg_try_advisory_xact_lock takes a bigint; hashtext returns int4
 +-- which sign-extends safely. The lock auto-releases at txn end.
 +SELECT pg_try_advisory_xact_lock(hashtext($1)::bigint) AS acquired;
++
  -- name: ListFailedWebhookEvents :many
  -- Operator query for "events we received but failed to process."
  -- A row is "failed" when it has a non-empty process_error OR when

internal/billing/sqlc/billing.sql.gomodified

  	return err
+ }
 +const tryAcquireWebhookEventLock = `-- name: TryAcquireWebhookEventLock :one
 +SELECT pg_try_advisory_xact_lock(hashtext($1)::bigint) AS acquired
 +`
++
 +// PRO08 A3: transaction-scoped advisory lock keyed on the hash of
 +// the provider_event_id. Two concurrent webhook deliveries for the
 +// same event_id race past CreateWebhookEventReceipt before either has
 +// marked it processed; without serialization, both proceed to apply
 +// and double-mutate state. This lock makes the apply path mutually
 +// exclusive per event. Returns true when acquired; false means
 +// another worker holds it — caller should let Stripe retry.
 +//
 +// pg_try_advisory_xact_lock takes a bigint; hashtext returns int4
 +// which sign-extends safely. The lock auto-releases at txn end.
 +func (q *Queries) TryAcquireWebhookEventLock(ctx context.Context, db DBTX, hashtext string) (bool, error) {
 +	row := db.QueryRow(ctx, tryAcquireWebhookEventLock, hashtext)
 +	var acquired bool
 +	err := row.Scan(&acquired)
 +	return acquired, err
 +}
++
  const upsertInvoice = `-- name: UpsertInvoice :one
  INSERT INTO billing_invoices (

internal/billing/sqlc/querier.gomodified

  	// subsequent apply fails. Migration 0075's CHECK constraint enforces
  	// both-or-neither; callers must pass a non-zero subject.
  	SetWebhookEventSubject(ctx context.Context, db DBTX, arg SetWebhookEventSubjectParams) error
 +	// PRO08 A3: transaction-scoped advisory lock keyed on the hash of
 +	// the provider_event_id. Two concurrent webhook deliveries for the
 +	// same event_id race past CreateWebhookEventReceipt before either has
 +	// marked it processed; without serialization, both proceed to apply
 +	// and double-mutate state. This lock makes the apply path mutually
 +	// exclusive per event. Returns true when acquired; false means
 +	// another worker holds it — caller should let Stripe retry.
 +	//
 +	// pg_try_advisory_xact_lock takes a bigint; hashtext returns int4
 +	// which sign-extends safely. The lock auto-releases at txn end.
 +	TryAcquireWebhookEventLock(ctx context.Context, db DBTX, hashtext string) (bool, error)
  	// ─── billing_invoices ──────────────────────────────────────────────
  	// PRO03: writes both legacy `org_id` and polymorphic
  	// `(subject_kind, subject_id)`. Callers continue to bind org_id only;