docs: sync from backend 259f3fb — H19-H21 auth save consolidation

This commit is contained in:
Siavash Sameni
2026-06-07 10:09:14 +04:00
parent ae10a16481
commit aac297d241
2 changed files with 17 additions and 6 deletions

View File

@@ -12,6 +12,16 @@ entries on top. Maintained by agents per the rule in `../AGENTS.md`.
---
### 2026-06-07 — backend@259f3fb, frontend@d9a59bd — DB audit H19-H21 auth save consolidation
**Commits:** `259f3fb` `d9a59bd`
**Touched:** backend `src/services/auth/authController.ts`, `__tests__/db-audit-auth-controller-saves.test.ts`, `scripts/smoke/db-audit-service-regressions.sh`, `package.json`, `package-lock.json`; frontend `Dockerfile`, `package.json`; docs `09 - Audits/DB Query & Schema Audit - 2026-06-06.md`, `09 - Audits/Activity Log.md`
**Why:** Close High H19-H21 from the DB Query & Schema Audit. Login, Google sign-in, and Telegram auth now use the token helper without immediate persistence, stage audited mutations, and perform one final user save through the transactional save path. Telegram Mini App retry behavior remains preserved with no replay/dedup rejection added.
**Verification:** backend `npm test -- --runTestsByPath __tests__/db-audit-auth-controller-saves.test.ts __tests__/auth-store-pg-query.test.ts --runInBand` (2 suites / 18 tests), `npm run typecheck`, `scripts/smoke/db-audit-service-regressions.sh` (19 suites / 77 tests), backend/frontend scoped `git diff --check`; frontend/backend version metadata confirmed at v2.9.37. Pushed to Forgejo.
**Linked docs updated:** [[09 - Audits/DB Query & Schema Audit - 2026-06-06]]
---
### 2026-06-07 — backend@5d7d2af, frontend@ade7352 — DB audit H10 sweep balance probe parallelism
**Commits:** `5d7d2af` `ade7352`