NowChess/NowChessSystems
4
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

fix(review): address PR review findings
Build & Test (NowChessSystems) TeamCity build failed
Details

Browse Source 
- Restore @RolesAllowed("Admin") on official bot creation (security regression)
- Pre-assign UUID before first persist in createOfficialBotAccount/syncOfficialBots
  to eliminate two-persist fragility (token-less entity on second-write failure)
- Add nullable = false to OfficialBotAccount.token column
- Replace JSON string interpolation in publishBotGameStart with objectMapper
- Replace specific hprof PID filename in .gitignore with *.hprof wildcard

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
LQ63
2026-06-09 13:55:36 +02:00
parent c9cf92266c
commit 4021a39912
5 changed files with 22 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/account/src/main/scala/de/nowchess/account/domain/UserAccount.scala
+1 -1
View File
@@ -76,6 +76,6 @@ class OfficialBotAccount extends PanacheEntityBase:
var createdAt: Instant = uninitialized
@Column(length = 1024)
@Column(nullable = false, length = 1024)
var token: String = uninitialized
// scalafix:on
modules/account/src/main/scala/de/nowchess/account/resource/AccountResource.scala
+1 -1
View File
@@ -195,7 +195,7 @@ class AccountResource:
@POST
@Path("/official-bots")
@RolesAllowed(Array("**"))
@RolesAllowed(Array("Admin"))
def createOfficialBot(req: CreateBotAccountRequest): Response =
accountService.createOfficialBotAccount(req.name) match
case Right(bot) =>
modules/account/src/main/scala/de/nowchess/account/service/AccountService.scala
+6 -4
View File
@@ -201,11 +201,12 @@ class AccountService:
@Transactional
def createOfficialBotAccount(botName: String): Either[AccountError, OfficialBotAccount] =
val id = UUID.randomUUID()
val bot = new OfficialBotAccount()
bot.id = id
bot.name = botName
bot.createdAt = Instant.now()
officialBotAccountRepository.persist(bot)
bot.token = generateBotToken(bot.id, bot.name)
bot.token = generateBotToken(id, botName)
officialBotAccountRepository.persist(bot)
Right(bot)
@@ -213,11 +214,12 @@ class AccountService:
def syncOfficialBots(botNames: List[String]): Unit =
botNames.foreach { name =>
if officialBotAccountRepository.findByName(name).isEmpty then
val id = UUID.randomUUID()
val bot = new OfficialBotAccount()
bot.id = id
bot.name = name
bot.createdAt = Instant.now()
officialBotAccountRepository.persist(bot)
bot.token = generateBotToken(bot.id, bot.name)
bot.token = generateBotToken(id, name)
officialBotAccountRepository.persist(bot)
log.infof("Auto-registered official bot: %s", name)
}