refactor(triggers): review followups — fire-now, dedupe trigger pages, hardening
Build / build (push) Failing after 34s
Build / build (push) Failing after 34s
Follow-ups on commit 39e1e36 addressing review feedback from
go-reviewer / security-reviewer / typescript-reviewer.
Backend:
- New POST /api/triggers/{id}/fire (AdminOnly, schedule-only): operator
"Fire now" button — dispatches immediately without waiting for the
next natural interval. Persists last_fired_at BEFORE dispatch, same
ordering as the scheduler. Per-trigger in-flight guard (429 if a
fire is already running) to defend against rapid double-clicks /
runaway scripts. Refuses request when AdminOnly claims are absent
rather than logging an unattributable deploy.
- SetTriggerLastFired now validates timestamp parses as RFC3339 before
writing. Rejects empty string explicitly — empty-clears semantics
were dead (no caller) and would silently re-fire on next tick if
ever accidentally written. A future reset-cadence flow must add a
dedicated ClearTriggerLastFired so the call site is grep-able and
separately auditable.
- Scheduler logs WARN on catch-up fires (now - lastFired > 2× interval)
so the "surprise burst at restart" pattern shows up in audit logs.
- BindingResult reason strings extracted to package consts
(webhook.Reason*) so the scheduler and api fire-now classifications
stay in sync without string-matching drift.
- SECURITY NOTE on FanOutForTrigger documents that the
WebhookRequireSignature gate is ingress-only by design.
Frontend:
- Refactored /triggers/new (770 LOC → 155 LOC) and /triggers/[id]
(~350 LOC dropped) to use the shared TriggerKindForm. Eliminates the
triplicated per-kind state + buildConfig + canSubmit + template that
caused the d-unit regex drift in the prior commit.
- New seedTriggerKindFormState helper on TriggerKindForm primes the
form from a server-returned trigger config with defensive type
guards; resets per-kind slots first so re-seeding across kinds
doesn't inherit stale state.
- /triggers/[id] gains a Schedule status panel with Last Fired + Fire
Now button (gated on binding_count > 0). Confirmation dialog,
result flash, timer cleanup on unmount + new-fire (no stale-closure
race). EN+RU i18n parity.
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
@@ -307,7 +308,17 @@ func (s *Store) EnsureTriggerWebhookSecret(id string) (string, error) {
|
||||
// so the value is stable across timezones. Updating last_fired_at does
|
||||
// not bump updated_at — last_fired_at is operational state, while
|
||||
// updated_at tracks user-visible config edits.
|
||||
//
|
||||
// ts must parse as RFC3339 — a defense-in-depth check so a careless
|
||||
// caller cannot corrupt the column with a garbage string the scheduler
|
||||
// would refuse to parse on every tick. To clear the column (effectively
|
||||
// "fire on next tick"), use a separate API rather than passing empty
|
||||
// here; the narrow contract keeps the call site grep-able and forces
|
||||
// any reset-cadence flow to be explicitly designed and authorized.
|
||||
func (s *Store) SetTriggerLastFired(id, ts string) error {
|
||||
if _, err := time.Parse(time.RFC3339, ts); err != nil {
|
||||
return fmt.Errorf("invalid last_fired_at %q (want RFC3339): %w", ts, err)
|
||||
}
|
||||
result, err := s.db.Exec(
|
||||
`UPDATE triggers SET last_fired_at = ? WHERE id = ?`,
|
||||
ts, id,
|
||||
|
||||
Reference in New Issue
Block a user