@blamejs/blamejs-shop 0.4.27 → 0.4.29

package/lib/auto-discount.js

@@ -1159,16 +1159,23 @@ function create(opts) {
       throw new TypeError("autoDiscount.recordApplication: rule_slug " + JSON.stringify(slug) + " not found");
     }
 
+    // Idempotent per (rule, order): the unique index (migration 0231)
+    // makes a re-delivered record a no-op, and the redemption counter
+    // only advances when this call actually created the row — a retry
+    // can never double-count a cap.
     var id = b.uuid.v7();
-    await query(
+    var ins = await query(
       "INSERT INTO auto_discount_applications (id, rule_slug, order_id, customer_id, savings_minor, applied_at) " +
-      "VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
+      "VALUES (?1, ?2, ?3, ?4, ?5, ?6) " +
+      "ON CONFLICT(rule_slug, order_id) DO NOTHING",
       [id, slug, orderId, customerId, savings, appliedAt],
     );
-    await query(
-      "UPDATE auto_discount_rules SET redemptions_used = redemptions_used + 1, updated_at = ?1 WHERE slug = ?2",
-      [_now(), slug],
-    );
+    if (Number(ins.rowCount || 0) === 1) {
+      await query(
+        "UPDATE auto_discount_rules SET redemptions_used = redemptions_used + 1, updated_at = ?1 WHERE slug = ?2",
+        [_now(), slug],
+      );
+    }
     return {
       id:             id,
       rule_slug:      slug,
@@ -1179,6 +1186,167 @@ function create(opts) {
     };
   }
 
+  // ---- pre-charge redemption claims -----------------------------------
+  //
+  // A capped rule is a finite resource, so checkout RESERVES it before any
+  // money moves — the same reserve-then-settle discipline inventory holds
+  // follow — instead of best-effort recording after the fact (which let a
+  // single-use code apply to every concurrent order: the cap was only ever
+  // read at quote time and incremented unconditionally post-commit).
+  //
+  //   claimRedemption  — atomically reserve one redemption under BOTH caps,
+  //                      writing the application row up front keyed by a
+  //                      caller-supplied claim ref (the order doesn't exist
+  //                      yet). Fails CLOSED: { claimed: false, reason }.
+  //   linkClaimToOrder — re-key the claim row to the real order id once the
+  //                      order exists.
+  //   releaseClaim     — compensation for a checkout that died before its
+  //                      order existed: delete the claim row and return the
+  //                      reservation to the counter (floored at 0).
+  //
+  // The per-customer cap is enforced INSIDE the claim INSERT (a correlated
+  // COUNT in the WHERE), and the total cap inside a guarded UPDATE — both
+  // single statements, so concurrent claims serialize at the database and
+  // the loser is refused rather than both passing a stale read. A re-claim
+  // with the SAME (rule, claim_ref) — a checkout retry whose earlier
+  // rollback didn't complete — reuses the existing claim instead of
+  // double-reserving.
+
+  async function claimRedemption(input) {
+    if (!input || typeof input !== "object") {
+      throw new TypeError("autoDiscount.claimRedemption: input object required");
+    }
+    var slug     = _slug(input.rule_slug);
+    var claimRef = input.claim_ref;
+    if (typeof claimRef !== "string" || !claimRef.length || claimRef.length > 128) {
+      throw new TypeError("autoDiscount.claimRedemption: claim_ref must be a non-empty string (<= 128 chars)");
+    }
+    var savings = input.savings_minor == null ? 0 : input.savings_minor;
+    _nonNegInt(savings, "savings_minor");
+    var customerId = input.customer_id == null ? null : input.customer_id;
+    if (customerId != null && (typeof customerId !== "string" || !customerId.length)) {
+      throw new TypeError("autoDiscount.claimRedemption: customer_id must be a non-empty string when provided");
+    }
+    var rule = await getRule(slug);
+    if (!rule) {
+      throw new TypeError("autoDiscount.claimRedemption: rule_slug " + JSON.stringify(slug) + " not found");
+    }
+    var ts = _now();
+
+    // A claim this checkout already holds (a retry whose earlier rollback
+    // didn't complete) is reused, not re-reserved — its counter increment
+    // was already paid and its row already passed the caps.
+    var existing = (await query(
+      "SELECT id FROM auto_discount_applications WHERE rule_slug = ?1 AND order_id = ?2",
+      [slug, claimRef],
+    )).rows[0];
+    if (existing) {
+      return { claimed: true, id: existing.id, reused: true };
+    }
+
+    // Reserve against the TOTAL cap first — one guarded atomic increment;
+    // a refused update means the cap is exhausted (or was won by a
+    // concurrent claim, which is the same answer).
+    var counter = await query(
+      "UPDATE auto_discount_rules SET redemptions_used = redemptions_used + 1, updated_at = ?1 " +
+      "WHERE slug = ?2 AND (max_redemptions_total IS NULL OR redemptions_used < max_redemptions_total)",
+      [ts, slug],
+    );
+    if (Number(counter.rowCount || 0) === 0) {
+      return { claimed: false, reason: "total-cap" };
+    }
+
+    // Write the claim row gated on the PER-CUSTOMER cap — the COUNT runs
+    // inside the INSERT's WHERE, so two concurrent claims for the same
+    // customer serialize at the database and the loser is refused. A guest
+    // claim (no customer id) has no per-customer bound to enforce.
+    var id = b.uuid.v7();
+    var ins;
+    try {
+      ins = await query(
+        "INSERT INTO auto_discount_applications (id, rule_slug, order_id, customer_id, savings_minor, applied_at) " +
+        "SELECT ?1, ?2, ?3, ?4, ?5, ?6 " +
+        "WHERE ?4 IS NULL OR ?7 IS NULL OR " +
+        "(SELECT COUNT(*) FROM auto_discount_applications WHERE rule_slug = ?2 AND customer_id = ?4) < ?7",
+        [id, slug, claimRef, customerId, savings, ts, rule.max_redemptions_per_customer],
+      );
+    } catch (e) {
+      // UNIQUE(rule_slug, order_id) collision: this checkout already holds
+      // a claim from a prior attempt whose rollback didn't complete —
+      // reuse it (its counter reservation was already paid), after
+      // returning the increment this call just took.
+      if (/UNIQUE constraint failed/i.test((e && e.message) || "")) {
+        await query(
+          "UPDATE auto_discount_rules SET redemptions_used = " +
+          "CASE WHEN redemptions_used > 0 THEN redemptions_used - 1 ELSE 0 END, updated_at = ?1 WHERE slug = ?2",
+          [_now(), slug],
+        );
+        var held = (await query(
+          "SELECT id FROM auto_discount_applications WHERE rule_slug = ?1 AND order_id = ?2",
+          [slug, claimRef],
+        )).rows[0];
+        return { claimed: true, id: held ? held.id : null, reused: true };
+      }
+      throw e;
+    }
+    if (Number(ins.rowCount || 0) === 0) {
+      // Per-customer cap refused — return the total-cap reservation.
+      await query(
+        "UPDATE auto_discount_rules SET redemptions_used = " +
+        "CASE WHEN redemptions_used > 0 THEN redemptions_used - 1 ELSE 0 END, updated_at = ?1 WHERE slug = ?2",
+        [_now(), slug],
+      );
+      return { claimed: false, reason: "customer-cap" };
+    }
+    return { claimed: true, id: id };
+  }
+
+  async function linkClaimToOrder(input) {
+    if (!input || typeof input !== "object") {
+      throw new TypeError("autoDiscount.linkClaimToOrder: input object required");
+    }
+    var slug     = _slug(input.rule_slug);
+    var claimRef = input.claim_ref;
+    var orderId  = input.order_id;
+    if (typeof claimRef !== "string" || !claimRef.length) {
+      throw new TypeError("autoDiscount.linkClaimToOrder: claim_ref must be a non-empty string");
+    }
+    if (typeof orderId !== "string" || !orderId.length || orderId.length > 128) {
+      throw new TypeError("autoDiscount.linkClaimToOrder: order_id must be a non-empty string (<= 128 chars)");
+    }
+    var res = await query(
+      "UPDATE auto_discount_applications SET order_id = ?1 WHERE rule_slug = ?2 AND order_id = ?3",
+      [orderId, slug, claimRef],
+    );
+    return Number(res.rowCount || 0) === 1;
+  }
+
+  async function releaseClaim(input) {
+    if (!input || typeof input !== "object") {
+      throw new TypeError("autoDiscount.releaseClaim: input object required");
+    }
+    var slug     = _slug(input.rule_slug);
+    var claimRef = input.claim_ref;
+    if (typeof claimRef !== "string" || !claimRef.length) {
+      throw new TypeError("autoDiscount.releaseClaim: claim_ref must be a non-empty string");
+    }
+    // Delete-then-decrement, each guarded: the delete's rowCount is the
+    // claim's existence check (a double release finds no row and stops),
+    // and the decrement floors at zero so a release can never drive the
+    // counter negative.
+    var del = await query(
+      "DELETE FROM auto_discount_applications WHERE rule_slug = ?1 AND order_id = ?2",
+      [slug, claimRef],
+    );
+    if (Number(del.rowCount || 0) === 0) return false;
+    await query(
+      "UPDATE auto_discount_rules SET redemptions_used = " +
+      "CASE WHEN redemptions_used > 0 THEN redemptions_used - 1 ELSE 0 END, updated_at = ?1 WHERE slug = ?2",
+      [_now(), slug],
+    );
+    return true;
+  }
+
   // ---- metricsForRule ------------------------------------------------
 
   async function metricsForRule(input) {
@@ -1222,6 +1390,9 @@ function create(opts) {
     ruleForCode:        ruleForCode,
     evaluate:           evaluate,
     recordApplication:  recordApplication,
+    claimRedemption:    claimRedemption,
+    linkClaimToOrder:   linkClaimToOrder,
+    releaseClaim:       releaseClaim,
     metricsForRule:     metricsForRule,
   };
 }