Session 10: Internal auth refactor, prefetch cascade keys, Sentry, welcome email (1286 tests)
This commit is contained in:
+137
-1
@@ -4,7 +4,143 @@
|
||||
2026-06-10
|
||||
|
||||
## Current Phase
|
||||
SHIP BUILD v9.0 — Critical site fixes, data-source upgrade, production readiness (Session 9)
|
||||
SHIP BUILD v10.0 — Internal-auth refactor, soccer prefetch cascade, Sentry, welcome email (Session 10)
|
||||
|
||||
## Session 10 (2026-06-10) — SHIPPED
|
||||
|
||||
### FIX 1 — Internal auth refactor + /pipeline off-host support
|
||||
|
||||
Pre-audit revealed the spec's premise was wrong: `/api/grading/pipeline`
|
||||
and `/api/grading/resolve` ALREADY EXISTED with `requireInternal`
|
||||
middleware inline in each route file. The actual n8n bug was a header-
|
||||
name mismatch (n8n sends `x-internal-key`, code read
|
||||
`X-VYNDR-Internal-Key`) PLUS a hard loopback-IP check that blocks any
|
||||
caller from a separate container.
|
||||
|
||||
- **`src/middleware/internalAuth.js`** (new) — centralized middleware.
|
||||
Accepts BOTH `x-internal-key` (Session 10 short form, n8n) AND
|
||||
`X-VYNDR-Internal-Key` (legacy, poller + existing tests). Timing-safe
|
||||
string compare. `loopbackOnly` is now an OPT-IN flag (default off).
|
||||
- **`src/routes/grading.js`** — replaced inline `requireInternal` with
|
||||
the centralized middleware. `/resolve` uses `{loopbackOnly: true}`
|
||||
(poller from localhost). `/pipeline` uses the off-host variant
|
||||
(n8n from a separate container). `__helpers.requireInternal` kept
|
||||
exported for the existing test suite — backwards compatible.
|
||||
- **`src/routes/corrections.js`** — same refactor; `/correct` stays
|
||||
loopback-only (morning sweep is co-located).
|
||||
- **`/api/grading/pipeline`** body shape — empty body now iterates
|
||||
`nba/wnba/mlb` (n8n's "Morning Ops" workflow case). Single-sport
|
||||
body still works and returns the legacy summary object so existing
|
||||
per-sport tests continue to pass.
|
||||
|
||||
### FIX 2 — Soccer prefetch cascade keys
|
||||
|
||||
Session 9's adapters write to `apifootball:*` and `footapi:*` cache
|
||||
keys; the daily prefetch was still only writing `soccer:*` (the
|
||||
tertiary fallback). The cascade in `soccerFeatureExtractor` never
|
||||
hit PRIMARY because nothing populated those keys.
|
||||
|
||||
- **`scripts/soccer-data-prefetch.js`** — new `enrichFromApiFootball()`
|
||||
walks finished WC fixtures via `apiFootballAdapter.getFixtures` +
|
||||
`getFixturePlayerStats`, aggregates per-player season stats across
|
||||
matches (minutes, goals, assists, shots, tackles, cards, rating),
|
||||
collapses to per-90 rates, and writes
|
||||
`apifootball:player_by_name:{normalizedName}` (24h TTL). Hard-capped
|
||||
at `--max-players=80` per run.
|
||||
- **CLI flags added** — `--source=api-football|footapi|football-data|all`
|
||||
(default `all`), `--max-players=N`, `--season=N`. Existing `--leagues`
|
||||
and `--dry-run` flags unchanged.
|
||||
- **`enrichRefereesFromFootApi()`** — best-effort referee enrichment.
|
||||
Writes `footapi:referee_by_name:{name}` (7d TTL).
|
||||
- **Behavior preserved** — legacy `soccer:player:*` writes still happen
|
||||
when `football-data` source is selected (and it's the default in
|
||||
`all` mode). The cascade resolves at PRIMARY when api-football data
|
||||
is available, TERTIARY otherwise.
|
||||
- **Boot guard relaxed** — previously bailed when
|
||||
`FOOTBALL_DATA_API_KEY` was unset; now bails only when EVERY source
|
||||
is unavailable. The script can run on api-football alone.
|
||||
|
||||
### FIX 3 — Sentry error tracking
|
||||
|
||||
- **`src/utils/sentry.js`** (new) — graceful no-op when `SENTRY_DSN`
|
||||
is unset (every Sentry surface becomes a noop). Initialized at the
|
||||
top of `src/app.js` BEFORE express is required.
|
||||
- **`Sentry.setupExpressErrorHandler(app)`** mounted AFTER all routes
|
||||
in `app.js` — catches uncaught route errors automatically.
|
||||
- **PII scrubbing** — `beforeSend` strips `user.ip_address`,
|
||||
`user.email`, `request.cookies`, `request.headers.authorization`,
|
||||
`request.headers.cookie`, and BOTH internal-key headers. Bearer
|
||||
tokens never reach Sentry.
|
||||
- **Sampling** — 10% traces, 100% errors. Free-tier friendly.
|
||||
- **Frontend** — manual init via `web/src/components/SentryInit.tsx`
|
||||
(client component, mounted in root layout). Lazy `import('@sentry/nextjs')`
|
||||
fires on mount only if `NEXT_PUBLIC_SENTRY_DSN` is set. Avoids the
|
||||
`withSentryConfig` plugin which conflicts with standalone output
|
||||
mode (per Session 10 spec note).
|
||||
|
||||
### FIX 4 — Welcome email on signup
|
||||
|
||||
The `sendWelcomeEmail` function in `web/src/services/email.ts` already
|
||||
existed; nobody called it.
|
||||
|
||||
- **Copy updated** — 5/month → 3/day, NexaPay → Stripe founder pricing
|
||||
($14.99/mo locked for life), added the soccer/World Cup mention per
|
||||
Session 10 spec. Both HTML and plain-text variants.
|
||||
- **`web/src/app/api/welcome-email/route.ts`** (new) — POST endpoint,
|
||||
bearer-auth required. Reads Supabase `user_metadata` via the
|
||||
service-role admin client, checks `welcome_email_sent`, sends if
|
||||
absent, sets the flag. Idempotent — re-trigger is a cheap noop.
|
||||
**No migration needed** — `user_metadata` is the Supabase auth
|
||||
user's existing JSONB scratchpad.
|
||||
- **Trigger** — `web/src/app/welcome/page.tsx` fires the POST once on
|
||||
mount via `useRef` guard. Server-side idempotency keeps it safe
|
||||
across refreshes too.
|
||||
- **Graceful failure** — if `RESEND_API_KEY` is unset, send returns
|
||||
`{ ok: false }` but the flag is still set (manual operator override
|
||||
if a batch needs re-sending).
|
||||
|
||||
### Tests added
|
||||
|
||||
| Suite | Tests |
|
||||
|--------------------------------------------------------|-------|
|
||||
| `tests/unit/internalAuth.test.js` | 15 |
|
||||
| `tests/unit/soccerDataPrefetchCascade.test.js` | 20 |
|
||||
| `tests/unit/sentry.test.js` | 10 |
|
||||
| Existing suites (pipeline, resolution, prefetch) re-verified | 0 new |
|
||||
| **Session 10 total** | **45+** |
|
||||
|
||||
### Quality gates
|
||||
- `npm test`: **1286 / 1286 passing** (1240 + 46 new), 100 suites, 0 regressions
|
||||
- `web/npm run build`: clean — Sentry mount + `/api/welcome-email` prerender
|
||||
- License audit: only permissive licenses (Sentry adds nothing exotic)
|
||||
|
||||
### Env vars to set in Coolify
|
||||
|
||||
```
|
||||
# Already required from prior sessions:
|
||||
VYNDR_INTERNAL_KEY=<existing — header is now x-internal-key OR X-VYNDR-Internal-Key>
|
||||
RESEND_API_KEY=<existing>
|
||||
RESEND_FROM_EMAIL=<existing, defaults to "VYNDR <grades@vyndr.app>">
|
||||
|
||||
# New in Session 10 (all optional — wrappers degrade gracefully):
|
||||
SENTRY_DSN=<from sentry.io project settings>
|
||||
NEXT_PUBLIC_SENTRY_DSN=<same DSN — needs the NEXT_PUBLIC_ prefix to reach browser bundle>
|
||||
```
|
||||
|
||||
### Open items
|
||||
- Soccer prefetch hasn't run against live api-football yet — first
|
||||
cron tick after deploy will populate the cascade. Until then, the
|
||||
feature extractor resolves at tertiary (football-data).
|
||||
- Sentry's frontend manual-init pattern means errors before the React
|
||||
tree mounts (e.g. SSR errors) bypass Sentry. The backend handler
|
||||
catches Express-side errors; for browser-side SSR errors we'd need
|
||||
`instrumentation.ts`, deferred.
|
||||
- Welcome email idempotency relies on Supabase `user_metadata`. If a
|
||||
user signs in via SSO and never lands on `/welcome`, they don't get
|
||||
the email. Acceptable Day-1 — track via PostHog if it becomes a
|
||||
real conversion gap.
|
||||
|
||||
---
|
||||
|
||||
## Session 9 (2026-06-10) — SHIPPED
|
||||
|
||||
|
||||
Reference in New Issue
Block a user