api/core: align invitations + audit; dev mock for invitations; Decimal fix; docs update #89
Conversation
🔧 Fixed SQLx compilation type inconsistency - commit directly to let CI regenerate cache Co-Authored-By: Claude <noreply@anthropic.com>
- 在get_supported_currencies中正确处理symbol的Option<String>类型 - 在get_family_currency_settings中正确处理base_currency的Option<String>类型 - 使用unwrap_or_default()和unwrap_or_else()安全处理可空字段 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed import declaration positioning in 12 Flutter files - Formatted 234 Flutter files (12 with actual changes) - Removed unused imports from key files - Fixed critical syntax errors preventing compilation - Added CI local verification script - Added SQLx offline cache (59 files) - Generated comprehensive test reports Current status: - Rust API: All tests passing - Flutter: Builds successfully, 1498 warnings remaining (down from 1505) - CI: Core functionality working Technical debt: - 91 use_build_context_synchronously warnings need manual review - 152 prefer_const_constructors optimizations available - 32 unused imports remaining - Various deprecated API usages to update 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Implement batch_import_templates endpoint for importing system category templates - Support multiple conflict resolution strategies (skip, rename, update) - Add SQLx offline cache for new queries - Fix currency service compilation errors 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
…iew; show details bottom sheet after import
- 修复 category_management_enhanced.dart 中缺失的导入引用 - 补全 UserCategoriesNotifier 中缺失的 createCategory 和 refreshFromBackend 方法 - 修复 main_network_test.dart 中不存在的provider引用 - 解决 SystemCategoryTemplate 命名冲突问题 - 修复类型安全问题 (String? vs String) - 添加向后兼容的provider定义 - 生成详细的修复报告文档 修复后状态: - 从无法编译状态恢复到可编译运行 - 核心分类导入功能可正常工作 - 显著减少编译错误数量 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
解决了与 main 分支的合并冲突: - 保持使用 CategoryService 而不是 CategoryServiceIntegrated - 移除不存在的 category_service_integrated.dart 导入 - 确保编译错误修复与最新 main 兼容
…ing CategoryService.getTemplatesWithEtag
…ary, final classification/parent preview
…actions) in import dialog
…ocal Flutter analyze non-blocking; tighten Rust clippy in CI
chore(api, flutter): lint-only cleanup, align ImportActionDetail; stabilize local CI
* chore(api): feature-gate demo endpoints; align local CI clippy mode * chore(flutter): phase 1 analyzer cleanup (remove unused import; add material import for Icons)
…ehavioral changes)
…ial import fixer) (#23)
- Fix syntax errors from aggressive const additions - Remove const keywords from constructors with variable parameters - Apply withOpacity -> withValues modernization (333 instances) - Remove unused imports from app_router.dart (5 imports) - Fix malformed method names from sed replacements - Reduce analyzer issues from 3340 to 2204 (1136 issues resolved) This continues the analyzer cleanup initiative started in PR #22, focusing on mechanical fixes to prepare for stricter linting rules.
(cherry picked from commit a76b781)
- Remove 23 unused imports across 22 files - Fix unused import script to handle warning format - Clean up import blocks for better code organization - Prepare for stricter analyzer rules Files affected: - lib/devtools/dev_quick_actions_stub.dart - lib/models/family.dart, invitation.dart - lib/providers/family_provider.dart - lib/screens/auth/registration_wizard.dart - lib/screens/family/* (3 files) - lib/screens/management/* (3 files) - lib/screens/settings/theme_settings_screen.dart - lib/services/* (4 files) - lib/widgets/* (2 files) - test/currency_notifier_quiet_test.dart
…/dynamic patterns (app_router, transaction_card, budget_summary, core/app)
…n across UI to resolve analyzer syntax errors
…rs and fix helper method names (missing comma/semicolon side-effects)
…nts) and align helper names; unblock analyzer
…apping; provider disposed guard
…ency selection tests; ensure explicit refresh triggers fetch
…t); make family base_currency non-Option
…eleton; add decimal migration with forced balance verification + audit + rollback
…count stats with explicit numeric casts
…ion context (CORS_DEV=1); fix Decimal mapping in accounts handler; update docs to use invitations; prepare API SQLx cache
Summary of ChangesHello @zensgit, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request represents a significant leap in the API's stability, security, and data integrity. It tackles fundamental issues like ensuring transactional atomicity for core user flows, enhancing system resilience against common vulnerabilities like SQL and CSV injection, and solidifying financial calculations with precise decimal handling. Furthermore, it streamlines API routing, improves password management, and introduces an idempotency framework for reliable request processing. The extensive merge conflict resolution process underscores a concerted effort to consolidate disparate development efforts into a cohesive and robust codebase. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Pull Request Overview
This large pull request implements comprehensive additions and fixes for the jive-core library and jive-api, focusing on three main areas: f64 precision bug fixes with Money types, transaction split security improvements, and invitation/audit system enhancements.
Key changes:
- Complete f64 precision bug fix implementation with Decimal-based Money types and comprehensive API adapter layer
- Critical transaction split vulnerability fix with robust validation and concurrency control
- Invitation system enhancements with dev mode support and comprehensive documentation updates
Reviewed Changes
Copilot reviewed 53 out of 118 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| jive-core/src/api/dto/mod.rs | New API DTO module with transaction data transfer objects |
| jive-core/src/api/config.rs | API configuration management with validation and environment-specific settings |
| jive-core/scripts/audit_split_data.sql | Comprehensive audit script for transaction split data integrity checking |
| jive-core/TRANSACTION_SPLIT_FIX_COMPLETE_REPORT.md | Detailed technical report documenting transaction split security fix implementation |
| jive-core/SPLIT_TRANSACTION_TESTS.md | Complete test suite documentation for transaction splitting functionality |
| jive-core/SPLIT_TRANSACTION_FIX.md | Production-grade implementation guide for secure transaction splitting |
| jive-core/PROJECT_COMPLETION_SUMMARY.md | High-level project completion summary for f64 precision bug fix |
| jive-core/INFRASTRUCTURE_SUPPLEMENTS_REPORT.md | Technical documentation for idempotency framework implementation |
| jive-core/IMPLEMENTATION_COMPLETE_REPORT.md | Implementation completion report for transaction split fixes |
| jive-core/F64_PRECISION_BUG_FIX_COMPLETE_GUIDE.md | Comprehensive guide for f64 precision bug fix implementation |
| jive-core/DOMAIN_LAYER_FOUNDATION_REPORT.md | Documentation of domain layer foundation with Money types and strong-typed IDs |
| jive-core/Cargo.toml | Updated dependencies including Redis support and feature gates |
| jive-core/CURRENT_STATUS_REPORT.md | Current status report showing project completion and compilation status |
| jive-core/CRITICAL_BUG_FIX_SPLIT_TRANSACTION.md | Critical security vulnerability analysis and fix documentation |
| jive-core/APPLICATION_LAYER_INTERFACES_REPORT.md | Application layer interfaces documentation with CQRS pattern implementation |
| jive-core/API_ADAPTER_LAYER_REPORT.md | API adapter layer implementation preventing f64 usage through string-based amounts |
| jive-api/target/.rustc_info.json | Updated Rust compiler information |
| jive-api/src/main.rs | Added invitation management API routes with dev mode context support |
| jive-api/src/handlers/invitation_handler.rs | Enhanced invitation handler with mock context support for development |
| jive-api/src/handlers/accounts.rs | Fixed account queries to properly cast NUMERIC types |
| jive-api/migrations/test_idempotency_migrations.sql | Comprehensive test script for idempotency migration validation |
| jive-api/migrations/046_create_idempotency_cleanup_job.sql | Idempotency cleanup stored procedure creation |
| jive-api/migrations/046_create_idempotency_cleanup_job.down.sql | Rollback script for idempotency cleanup job |
| jive-api/migrations/045_create_idempotency_records.sql | Core idempotency records table creation with proper constraints |
| jive-api/migrations/045_create_idempotency_records.down.sql | Rollback script for idempotency records table |
| database/migrations/fix_multi_family_schema.sql | Updated with clarification about current implementation |
| JIVE_RBAC_DESIGN_SPECIFICATION.md | Added note about current implementation using invitations table |
| JIVE_RBAC_DESIGN_SPECIFICATION (2).md | Added note about current implementation using invitations table |
Files not reviewed (20)
- jive-api/.sqlx/query-1a60d1207fa4af06e02f770592f1e3ab1ef0ae87c6632d0f6bc1ee31b679cdf4.json: Language not supported
- jive-api/.sqlx/query-1dade7571ba6291d0ff148280c26f57632846cbc7ab93c8a6c58cf276c745e69.json: Language not supported
- jive-api/.sqlx/query-55d06f356978b20c3de14d2cdd717e364f68bee20f1b8949af098d2c15d254a4.json: Language not supported
- jive-api/.sqlx/query-58b695f0150b71a738eb029c044762f511b83788937bff81674a9ccf5a5f1a51.json: Language not supported
- jive-api/.sqlx/query-99269899ec267be4fbc9deb9c4b7a400a30bfb68de4be9f87e8dc5bc66f054ce.json: Language not supported
- jive-api/.sqlx/query-a0d2dfbf3b31cbde7611cc07eb8c33fcdd4b9dfe43055726985841977b8723e5.json: Language not supported
- jive-api/.sqlx/query-ac132e2c8e41d82e8b400df59d5dcb749454225cef654590d46e53bc6420fea4.json: Language not supported
- jive-api/.sqlx/query-d9740c18a47d026853f7b8542fe0f3b90ec7a106b9277dcb40fe7bcef98e7bf7.json: Language not supported
- jive-api/.sqlx/query-d9c2adc5f3a0d08582f6de1e1cf90fda34420de3a7c5e024a356e68b0dd64081.json: Language not supported
- jive-api/.sqlx/query-f17a00d3f66b7b8b0caf3f09c537719a175f66d73ed5a5d4b8739fe1c159bd83.json: Language not supported
- jive-core/.sqlx/query-123d9e6d5fcadaeea574ec13a03da5e0c5e17c3029720b722648209a91f8fb63.json: Language not supported
- jive-core/.sqlx/query-1d8bff78a95d43533d88deac9d47c66679c21314fe8965df823dd9c9648dc755.json: Language not supported
- jive-core/.sqlx/query-463784dc10fc4e5b7e8594b99019f47aa379645cef1702fcc12f119fdb4a52ea.json: Language not supported
- jive-core/.sqlx/query-5be96bcf78a6bffb6dee6d553ffbe70ea25c503ddb72fd5952bb39aedd6d5f38.json: Language not supported
- jive-core/.sqlx/query-a0064d2bf16fdf42919193eff40402381219a3eea980534d1d2f674cff49bd28.json: Language not supported
- jive-core/.sqlx/query-aadc36effd36aa92f2ec7dc1eb560b7f72d62f68a687937850287724e0f40e9c.json: Language not supported
- jive-core/.sqlx/query-b29971144776effd991b6cc6e1b1a940b273a005f74e1a71a57129a33168a102.json: Language not supported
- jive-core/.sqlx/query-b49b7d2e8f9f773d347f1ea12199bbcf1b6ecef3195e40c1f75effdad91d818c.json: Language not supported
- jive-core/.sqlx/query-d767aed5aed104bf81708f43b22dcd9afc62c1eb79daa79852f84f9d7cc24ba6.json: Language not supported
- jive-core/.sqlx/query-e26b83dfcdba1f26e57e9b01d87c22cbda526b4310da28e3716694e40316223d.json: Language not supported
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| @@ -0,0 +1,236 @@ | |||
| -- Historical Data Audit Script | |||
| -- Purpose: Check for existing data integrity issues in transaction splits | |||
| -- Created: 2025-10-14 | |||
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| -- Created: 2025-10-14 | |
| -- Created: 2024-10-14 |
Copilot uses AI. Check for mistakes.
| # Transaction Split Fix - Complete Development Report | ||
|
|
||
| **项目**: Jive Money - Transaction Split Security Fix | ||
| **日期**: 2025-10-14 |
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **日期**: 2025-10-14 | |
| **日期**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
| **Project**: jive-flutter-rust | ||
| **Issue**: Catastrophic f64 precision loss in financial calculations | ||
| **Solution**: Decimal-based Money type with interface-first design | ||
| **Date**: 2025-10-14 |
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **Date**: 2025-10-14 | |
| **Date**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
|
|
||
| **任务编号**: Task 1 | ||
| **任务名称**: 创建领域层基础(Money, IDs, Types, Errors) | ||
| **开发日期**: 2025-10-14 |
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **开发日期**: 2025-10-14 | |
| **开发日期**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,269 @@ | |||
| # Jive-Core Current Status Report | |||
|
|
|||
| **Date**: 2025-10-14 | |||
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **Date**: 2025-10-14 | |
| **Date**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
|
|
||
| **任务编号**: Task 2 | ||
| **任务名称**: 定义应用层接口(Commands, Results, Services) | ||
| **开发日期**: 2025-10-14 |
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **开发日期**: 2025-10-14 | |
| **开发日期**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,779 @@ | |||
| # API Adapter Layer Implementation Report | |||
|
|
|||
| **Date**: 2025-10-14 | |||
There was a problem hiding this comment.
Corrected date format - should be 2024-10-14 based on the PR creation context
| **Date**: 2025-10-14 | |
| **Date**: 2024-10-14 |
Copilot uses AI. Check for mistakes.
| @@ -0,0 +1,281 @@ | |||
| -- Test Script for Idempotency Migrations | |||
| -- Purpose: Verify that migrations 045 and 046 work correctly | |||
| -- Usage: psql -h localhost -U postgres -d jive_money -f test_idempotency_migrations.sql | |||
There was a problem hiding this comment.
Consider adding example with connection parameters and suggesting to run this against a test database copy rather than production
| -- Usage: psql -h localhost -U postgres -d jive_money -f test_idempotency_migrations.sql | |
| -- Usage: psql -h localhost -U postgres -d jive_money_test -f test_idempotency_migrations.sql | |
| -- NOTE: Run this script only against a test or development copy of your database, NOT production! |
Copilot uses AI. Check for mistakes.
| COMMENT ON COLUMN idempotency_records.expires_at IS 'Automatic expiry timestamp (TTL) - records past this time can be cleaned up'; | ||
|
|
||
| -- Grant permissions (adjust as needed for your setup) | ||
| -- GRANT SELECT, INSERT, UPDATE, DELETE ON idempotency_records TO jive_api_user; |
There was a problem hiding this comment.
The commented GRANT statement should specify principle of least privilege - the application likely doesn't need UPDATE permissions on idempotency records since they should be immutable after creation
| -- GRANT SELECT, INSERT, UPDATE, DELETE ON idempotency_records TO jive_api_user; | |
| -- GRANT SELECT, INSERT, DELETE ON idempotency_records TO jive_api_user; |
Copilot uses AI. Check for mistakes.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a variety of changes, including schema alignment for invitations and audit logs, a fix for Decimal type mismatches in SQLx queries, and the addition of a development mock for testing invitations. The changes are extensive and well-documented through numerous detailed reports. The introduction of the dev mock for invitations via an optional ServiceContext is a clever approach for local testing. The database schema updates and documentation changes are consistent with the stated goals. However, there are a couple of issues in the generated documentation and SQLx metadata files that need attention.
| "nullable": [ | ||
| false, | ||
| false | ||
| true | ||
| ] |
There was a problem hiding this comment.
The nullability metadata for the count column, which corresponds to COUNT(*), has been changed from false to true. This is incorrect, as the COUNT(*) aggregate function in SQL never returns NULL; it returns 0 if no rows match. This incorrect metadata could lead to unnecessary Option<> wrappers in the Rust code and potential runtime errors if not handled with care. This issue also appears in other updated .sqlx files for COUNT(*) queries (e.g., query-99269899ec267be4fbc9deb9c4b7a400a30bfb68de4be9f87e8dc5bc66f054ce.json, query-a0d2dfbf3b31cbde7611cc07eb8c33fcdd4b9dfe43055726985841977b8723e5.json, query-d9740c18a47d026853f7b8542fe0f3b90ec7a106b9277dcb40fe7bcef98e7bf7.json). While this might be a tool-related issue with sqlx-cli, it's important to ensure the query metadata is accurate. It's recommended to investigate why sqlx-cli is generating incorrect nullability information and correct it.
| ### 根本原因 | ||
| 在 Axum 框架中,对同一路径多次调用 `.route()` 会导致路由覆盖,而不是添加新的方法处理器。这是 Axum 的设计特性,但我们的代码错误地使用了这个 API。 | ||
|
|
||
| ### 错误示例 | ||
| ```rust | ||
| // ❌ 错误的写法 - 后面的路由会覆盖前面的 | ||
| .route("/api/v1/accounts", get(list_accounts)) | ||
| .route("/api/v1/accounts", post(create_account)) // 这会覆盖上面的 GET | ||
|
|
||
| .route("/api/v1/accounts/:id", get(get_account)) | ||
| .route("/api/v1/accounts/:id", put(update_account)) // 这会覆盖 GET | ||
| .route("/api/v1/accounts/:id", delete(delete_account)) // 这会覆盖 PUT | ||
| ``` | ||
|
|
||
| ### 实际影响 | ||
| - **GET /api/v1/accounts/:id** → ❌ 404 Not Found | ||
| - **PUT /api/v1/accounts/:id** → ❌ 404 Not Found | ||
| - **DELETE /api/v1/accounts/:id** → ✅ 正常工作(最后注册的) | ||
|
|
||
| 只有最后注册的方法能正常工作,前面的都被覆盖了! |
There was a problem hiding this comment.
The initial description of the Axum routing issue is misleading. It states that calling .route() multiple times for the same path with different HTTP methods causes overwriting, which is incorrect for Axum; it actually merges the methods. While the "附注与澄清" section at the end of the document correctly clarifies this behavior, the initial incorrect explanation can cause confusion. To improve clarity, the main problem description should be updated to accurately reflect Axum's routing behavior from the start.
… and currency_service
* api: unify Decimal mapping in accounts handler; fix clippy in metrics and currency_service * api: fix Decimal/f64 mismatches and Option<DateTime> handling; refactor dynamic SQLx reads for accounts + currency/exchange * api/migrations: make net worth tables idempotent; ensure pgcrypto; fix IF NOT EXISTS for indexes/triggers * chore: workspace sync before merging base into PR branch * tests: remove WIP contract serialization test from this PR
* api: unify Decimal mapping in accounts handler; fix clippy in metrics and currency_service * api: fix Decimal/f64 mismatches and Option<DateTime> handling; refactor dynamic SQLx reads for accounts + currency/exchange * api/migrations: make net worth tables idempotent; ensure pgcrypto; fix IF NOT EXISTS for indexes/triggers
…reintroduce via PR
* api: move Transaction model and service to Decimal amounts; refresh SQLx cache verified * tests: add transaction amount serialization contract (Decimal as string)
…migration) * tests: add budget report/progress decimal serialization contract (ignored until Decimal migration) * ci: retrigger workflows for budget decimal contract tests [skip ci? false]
* flutter: wire budget models into BudgetProgress (factory) + widget test * flutter: wire BudgetReport into provider totals; keep fallback to local sums
* chore: wip local changes before rebase * ci: trigger for core gating SQLx prep * core(accounts): start aligning Account entity to ledger_id; switch to runtime sqlx::query_as for repository (prep for schema alignment)
…Error mapping * chore: wip local changes before rebase * ci: trigger for core gating SQLx prep * core(accounts): start aligning Account entity to ledger_id; switch to runtime sqlx::query_as for repository (prep for schema alignment) * ci: retrigger for core accounts alignment PR * core(tx-mapper): align TransferResponse, ImportError mapping, ImportPolicy parsing, and ValidationError construction
* chore: wip local changes before rebase * ci: trigger for core gating SQLx prep * core(accounts): start aligning Account entity to ledger_id; switch to runtime sqlx::query_as for repository (prep for schema alignment) * ci: retrigger for core accounts alignment PR * core(tx-mapper): align TransferResponse, ImportError mapping, ImportPolicy parsing, and ValidationError construction * ci: trigger for tx-mapper alignment PR * core(accounts): align read queries to ledger_id with JOIN ledgers; prep for SQLx cache refresh
…oject Account * flutter: wire budget models into BudgetProgress (factory) + widget test * core(accounts): align update_status/update_balance to API schema; project Account from updated row
1 participant
Title: api/core: align invitations + audit; dev mock for invitations; Decimal fix; docs update
Purpose
jive-api/migrations(invitations,family_audit_logs).Summary of Approach
invitationsandfamily_audit_logs(lowercase role/status, UUIDinvite_token).get_invitation,get_invitation_by_token,list_pending_invitations,list_audit_logs.CORS_DEV=1.invitationsconsistently and add notes to historical docs..sqlxviamake api-sqlx-prepare-localagainst Docker DB (5433).Testing Evidence
make api-sqlx-prepare-local→ succeeded and wrote.sqlx.make api-dev-docker-dbGET /healthworks; startup logs show dev mode and invitation routes.POST /api/v1/invitationswith body{ "invitee_email":"test@example.com","role":"member","expires_in_days":7 }GET /api/v1/invitations/pendingPOST /api/v1/invitations/acceptwith either{ "invite_code": "..." }or{ "invite_token": "uuid" }Migration Notes
jive-api/migrations’sinvitationsandfamily_audit_logs.CORS_DEV=1; secure mode unaffected.Rollback Plan
make api-sqlx-prepare-local.invitation_handler.rsif undesired.Follow-ups (separate PR)
jive-core/.sqlxonce stabilized..sqlxcheck to CI for core if desired once above is complete.Requested Reviewers