fix: service tokens

[skynet2]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @skynet2, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a crucial fix for service token generation, allowing the Time-To-Live (TTL) to be specified dynamically per request, enhancing control over token validity. Concurrently, it significantly refactors the transaction category management system by replacing single-transaction updates with a more efficient bulk operation. This change streamlines the process of assigning or clearing categories for multiple transactions, reducing API calls and optimizing database performance. The accompanying tests have been thoroughly updated to validate these new functionalities.

Highlights

• Service Token TTL Configuration: The Time-To-Live (TTL) for generated service tokens is now configurable per request. Instead of using a fixed service-level TTL, the ExpiresAt claim of the JWT is set based on the TTL provided in the GenerateTokenRequest, allowing for more dynamic token expiration management.
• Bulk Transaction Category Updates: The previous set_transaction_category tool has been replaced by a new bulk_set_transaction_category tool. This enhancement allows users to set or clear categories for multiple transactions in a single API call, significantly improving efficiency and reducing network overhead for batch operations.
• Optimized Database Interaction: The implementation for updating transaction categories has been optimized. Instead of fetching and saving individual transaction objects, the new bulk handler directly updates the category_id in the database for each transaction, leading to more efficient database operations.
• Testing Environment Expansion: The pkg/testingutils/gorm.go file has been updated to include tools.lan in the list of allowed database hosts, which may facilitate testing in specific local development environments.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a significant improvement by refactoring the transaction category setting functionality from a single-transaction operation to a bulk operation. This change is implemented across pkg/mcp/server.go and pkg/mcp/transaction_category_tool.go, along with corresponding updates in pkg/mcp/transaction_category_tool_test.go. Additionally, the JWT service token generation now correctly uses the requested TTL, and the associated test has been enhanced to verify the expiration time. A minor update to pkg/testingutils/gorm.go adds 'tools.lan' to allowed database hosts. Overall, the changes improve functionality, test coverage, and code clarity, though a potential silent failure in the bulk update needs addressing.

[gemini-code-assist]

The current implementation of the bulk update for category_id will silently succeed even if a transaction_id provided in the assignments array does not exist in the database. GORM's Update method returns nil error and RowsAffected as 0 when no records match the Where clause, rather than an error. This can lead to a misleading success message (e.g., "Updated 3 transactions") when some updates actually failed because the transaction IDs were invalid. It's important to explicitly check RowsAffected to ensure that the update was successful for each transaction.

Consider adding a check for RowsAffected after each update operation to verify that a transaction was indeed updated. If RowsAffected is 0, it indicates that the transaction ID was not found, and an appropriate error should be returned for that specific assignment.

        result := s.db.WithContext(queryCtx).Table("transactions").Where("id = ?", int64(txID)).Update("category_id", categoryID)
        if result.Error != nil {
            return mcp.NewToolResultError(fmt.Sprintf("failed to update transaction %d: %v", int64(txID), result.Error)), nil
        }
        if result.RowsAffected == 0 {
            return mcp.NewToolResultError(fmt.Sprintf("transaction %d not found or not updated", int64(txID))), nil
        }

[codecov]

Codecov Report

❌ Patch coverage is 91.66667% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.48%. Comparing base (220d4e1) to head (9cba7cb).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/mcp/transaction_category_tool.go	89.28%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #102      +/-   ##
==========================================
- Coverage   87.48%   87.48%   -0.01%     
==========================================
  Files          83       83              
  Lines        6833     6832       -1     
==========================================
- Hits         5978     5977       -1     
  Misses        611      611              
  Partials      244      244              

Flag	Coverage Δ
unittests	87.48% <91.66%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.