Skip to content

chore: Integrate confirmation booking audit #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tomerqodo wants to merge 2 commits into
base: cursor_combined_20260121_qodo_grep_cursor_copilot_1_base_chore_integrate_confirmation_booking_audit_pr714
Choose a base branch
from
Open

chore: Integrate confirmation booking audit #73

tomerqodo wants to merge 2 commits into from

Conversation

@tomerqodo
Copy link

@tomerqodo tomerqodo commented Jan 21, 2026
edited by cursor bot
Loading

Benchmark PR from qodo-benchmark#714

Note

Introduces end-to-end booking audit context and events for confirmations and rejections.

  • Audit context propagation: Passes actor and actionSource through confirmHandler, handleConfirmation, API v2 confirmBooking/declineBooking, magic link routes, and payment webhooks; TRPC bookings.confirm injects actor and WEBAPP source
  • Audit events: Emits onBookingAccepted/onBulkBookingsAccepted from handleConfirmation and onBookingRejected/onBulkBookingsRejected from confirm.handler, including status transitions and optional rejection reason
  • Action sources: Adds MAGIC_LINK to BookingAuditSource (DB + types) and validates sources; magic link endpoints now call confirmHandler with MAGIC_LINK
  • App actor for webhooks: New getAppActor utility; handlePaymentSuccess now accepts an object incl. appSlug, derives actor, and calls handleConfirmation with WEBHOOK source; updates Alby/BTCPay/HitPay/PayPal/Stripe webhook handlers accordingly
  • Booking-audit services: Adds queueBulkRejectedAudit to producer interface and tasker implementation; updates RejectedAuditActionService schema to use BookingStatusChangeSchema and simplified display
  • Tests: Adds/updates route tests for magic links and verify-token, payment success tests for new signature, confirm handler tests covering accepted/rejected (single/bulk), and an integration test for accepted action
  • Minor: export makeUserActor via platform libraries; non-functional formatting changes

Written by Cursor Bugbot for commit 1c943ca. Configure here.

cursor[bot]
cursor bot reviewed Jan 21, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

packages/features/bookings/lib/handleConfirmation.ts
oldStatus: BookingStatus.ACCEPTED,
uid: booking.uid,
},
];
Copy link

@cursor cursor bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incorrect oldStatus recorded for single booking acceptance

Medium Severity

For non-recurring bookings, the oldStatus is hardcoded to BookingStatus.ACCEPTED instead of using booking.status. Since the booking parameter includes the original status before confirmation, the audit data will incorrectly show { old: ACCEPTED, new: ACCEPTED } instead of the actual transition like { old: PENDING, new: ACCEPTED }.

Fix in Cursor Fix in Web

packages/trpc/server/routers/viewer/bookings/confirm.handler.ts
rejectedBookings = updatedRecurringBookings.map((recurringBooking) => ({
uid: recurringBooking.uid,
oldStatus: recurringBooking.status,
}));
Copy link

@cursor cursor bot Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong status used for recurring booking rejection audit

Medium Severity

For recurring booking rejections, the code fetches updatedRecurringBookings after the status has already been changed to REJECTED, then uses that status as oldStatus. This results in audit data showing { old: REJECTED, new: REJECTED } instead of the correct { old: PENDING, new: REJECTED }. The code should use unconfirmedRecurringBookings which was fetched before the update.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

❗️ migrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomerqodo