Revalidate community order channel ownership lazily at order creation time

[Luquitasjeffrey]

• Add unique constraints on community group, dispute channel and order channels
• Revalidate community order channel ownership by community owner lazily, at order creation time

Summary by CodeRabbit

• Bug Fixes

  • Orders are now marked CLOSED and the user receives a friendly error if channel validation fails (no exception thrown).

• Improvements

  • Community identifiers now enforce uniqueness and channel resolution checks owner/admin status before publishing orders.
  • Order channel lists may be empty when appropriate.

• Tools

  • Interactive migration to detect and clean duplicated community channel/group entries.

• Tests

  • Comprehensive test suite covering the migration and edge cases.

• Localization

  • Added "order_channel_validation_failed" translations in multiple languages.

[coderabbitai]

Warning

Rate limit exceeded

@Luquitasjeffrey has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 40 minutes and 42 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e3af4946-ff24-4d74-b863-0e0768ac051c

📥 Commits

Reviewing files that changed from the base of the PR and between d79306f and 673b23e.

📒 Files selected for processing (2)

• models/community.ts
• util/index.ts

Walkthrough

Community schema now enforces uniqueness; getOrderChannel can validate channel admin status using the Telegram bot; publishers close and save orders when channel validation fails; an interactive migration and tests clear duplicated community Telegram metadata and add locale messages.

Changes

Order Channel Validation with Community Constraints

Layer / File(s)	Summary
Community schema constraints models/community.ts	Community schema enforces uniqueness on order_channels[].name, group, and dispute_channel, and allows empty order_channels arrays.
Order channel validation with owner check util/index.ts	getOrderChannel imports User, accepts an optional bot?: Telegram, looks up community owner via User.findById, and when bot is provided uses isGroupAdmin to validate the resolved channel; returns undefined if owner missing or validation fails.
Order message publishing with validation bot/messages.ts	publishBuyOrderMessage and publishSellOrderMessage pass bot context to getOrderChannel, send order_channel_validation_failed if undefined, set order.status = CLOSED, await order.save(), and return early.
Migration to clear duplicated community channels/groups scripts/migrate_duplicated_community_channels_and_groups.ts	Interactive migration detects duplicated group, dispute_channel, and order_channels[].name, checks creator admin status via Telegraf/isGroupAdmin, clears conflicting fields (clearing all order channel names on conflict), and prompts YES before saving.
Tests for migration script tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts	Mocha/Chai/Sinon suite (with proxyquire) stubs DB, Telegraf, isGroupAdmin, readline, and logger; covers no-duplicates, grouped dupes, multi-duplicates, admin NO, and selective clearing cases.
Localization strings locales/*.yaml	Add order_channel_validation_failed translation key across multiple locales to inform users when order publishing fails due to channel/community validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• mostronatorcoder
• grunch

Poem

🐰 I hopped through schemas, fields, and names,
I checked the owners, and admin claims,
When channels failed, I closed the door,
Cleared duped groups from field and store,
A tidy hop — no mess remains.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective: validating community order channel ownership at order creation time using lazy evaluation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch revalidate-community-channel-ownership-lazily

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

models/community.ts (1)

19-25: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Unique constraint on embedded OrderChannel.name prevents multi-tenancy.

The unique: true constraint on OrderChannelSchema.name (line 20) creates a global unique index across all order_channels in all communities. This means only one community can use any given channel name (e.g., "@bitcoinchannel"), even though different communities should independently manage their own channels.

In Mongoose, unique indexes on embedded array schema fields are enforced at the collection level, not scoped to the parent document. Remove unique: true from line 20 and implement validation at the application level if deduplication within a single community is needed.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@models/community.ts` around lines 19 - 25, Remove the global unique index on
the embedded order channel name by deleting the unique: true option on
OrderChannelSchema's name field (IOrderChannel.name) so Mongoose doesn't create
a collection-level unique index; then add application-level validation to
enforce uniqueness scoped to a single community (e.g., check for duplicate
channel names within the community document in the add/update handler or
pre-save hook on the Community model) and return a validation error if a
duplicate name is attempted within that community.

🧹 Nitpick comments (2)

util/index.ts (2)

337-350: ⚡ Quick win

Add logging when channel validation fails.

When the community owner is missing (line 338-340) or channel validation fails (line 347-348), the function returns undefined without logging the reason. This makes debugging difficult and provides no audit trail for security-related validation failures.

📊 Proposed enhancement

    const communityOwner = await User.findById(community.creator_id);
    if (!communityOwner) {
+     logger.error(`Community owner not found for community ${community._id}, creator_id: ${community.creator_id}`);
      return undefined;
    }

    if (bot && channel) {
      // Validate order channel if the caller of this function passed the bot instance to perform the validation
      // If it was not passed as a parameter the order channel can be trusted because its for ui purposes (listorders for example)
      // This validation is performed lazily when publishing the order to the community order channel
      const isChannelOk = await isGroupAdmin(channel, communityOwner, bot);
      if (!isChannelOk.success) {
+       logger.error(`Channel validation failed for community ${community._id}, channel: ${channel}, reason: ${isChannelOk.message}`);
        return undefined;
      }
    }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@util/index.ts` around lines 337 - 350, Add explicit logging for the two
early-return cases: when User.findById(community.creator_id) yields no
communityOwner and when isGroupAdmin(channel, communityOwner, bot) returns
isChannelOk.success === false. Update the block around communityOwner lookup
(the User.findById call and the subsequent if (!communityOwner) return) to log a
clear message including community.id and community.creator_id; and update the
channel validation branch around isGroupAdmin (the isChannelOk check) to log the
validation result, channel id, community.id and communityOwner id before
returning. Use the module's existing logger (e.g., processLogger or logger) and
include enough context to trace which community and channel failed.

---

331-335: ⚡ Quick win

Remove unnecessary async keyword from forEach callback.

The async keyword on line 331 serves no purpose since the callback contains no await expressions. This is misleading and suggests asynchronous operations that don't exist.

♻️ Proposed fix

    } else {
-     community.order_channels.forEach(async (c: IOrderChannel) => {
+     community.order_channels.forEach((c: IOrderChannel) => {
        if (c.type === order.type) {
          channel = c.name;
        }
      });
    }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@util/index.ts` around lines 331 - 335, The forEach callback passed to
community.order_channels.forEach is unnecessarily declared async (callback
signature: async (c: IOrderChannel) => { ... }) even though it contains no
await; remove the async keyword so the callback becomes (c: IOrderChannel) => {
if (c.type === order.type) { channel = c.name; } } to avoid misleading readers
and accidental unhandled promise behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@bot/messages.ts`:
- Around line 789-794: When getOrderChannel returns undefined, notify the user
before closing the order: instead of only setting order.status = 'CLOSED' and
throwing, send a localized user-facing message (use ctx.reply or
ctx.telegram.sendMessage and your i18n helper with the key
order_channel_validation_failed) then mark the order CLOSED and persist it
(order.save()) and finally throw or return; also add the new localization string
order_channel_validation_failed to locales/en.yaml (and other languages) with
the provided text so users see "Unable to publish your order. The community
channel could not be validated. Please contact the community administrator."

In `@models/community.ts`:
- Line 67: The schema fields `group` and `dispute_channel` in
models/community.ts currently use `unique: true`, which creates non-sparse
MongoDB unique indexes and will fail if existing documents have null/undefined
values; update both field definitions to either add `sparse: true` (allowing
multiple nulls) or remove `unique` and instead create an explicit
sparse/case-insensitive index (similar to `group_idx` in models/indexes.ts), and
if you choose to keep uniqueness, add a short migration that populates or
deduplicates existing null/empty values before app startup (createIndexes in
app.ts) so index creation cannot fail.

---

Outside diff comments:
In `@models/community.ts`:
- Around line 19-25: Remove the global unique index on the embedded order
channel name by deleting the unique: true option on OrderChannelSchema's name
field (IOrderChannel.name) so Mongoose doesn't create a collection-level unique
index; then add application-level validation to enforce uniqueness scoped to a
single community (e.g., check for duplicate channel names within the community
document in the add/update handler or pre-save hook on the Community model) and
return a validation error if a duplicate name is attempted within that
community.

---

Nitpick comments:
In `@util/index.ts`:
- Around line 337-350: Add explicit logging for the two early-return cases: when
User.findById(community.creator_id) yields no communityOwner and when
isGroupAdmin(channel, communityOwner, bot) returns isChannelOk.success ===
false. Update the block around communityOwner lookup (the User.findById call and
the subsequent if (!communityOwner) return) to log a clear message including
community.id and community.creator_id; and update the channel validation branch
around isGroupAdmin (the isChannelOk check) to log the validation result,
channel id, community.id and communityOwner id before returning. Use the
module's existing logger (e.g., processLogger or logger) and include enough
context to trace which community and channel failed.
- Around line 331-335: The forEach callback passed to
community.order_channels.forEach is unnecessarily declared async (callback
signature: async (c: IOrderChannel) => { ... }) even though it contains no
await; remove the async keyword so the callback becomes (c: IOrderChannel) => {
if (c.type === order.type) { channel = c.name; } } to avoid misleading readers
and accidental unhandled promise behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5da0bc3f-766e-4043-a74f-1b327dc8a4fb

📥 Commits

Reviewing files that changed from the base of the PR and between 41751eb and 08a3f6c.

📒 Files selected for processing (3)

• bot/messages.ts
• models/community.ts
• util/index.ts

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

scripts/migrate_duplicated_community_channels_and_groups.ts (2)

142-146: ⚡ Quick win

Consider adding error handling for save operations.

If any c.save() call fails, the script will crash without completing the migration. Consider wrapping saves in try-catch or using Promise.allSettled to handle partial failures gracefully.

♻️ Proposed improvement

         console.log('Saving changes...');
-        for (const c of communities) {
-          if (affectedCommunities.has(c._id.toString())) {
-            await c.save();
+        const savePromises = communities
+          .filter(c => affectedCommunities.has(c._id.toString()))
+          .map(c => c.save().catch(err => {
+            console.error(`Failed to save community ${c._id}:`, err);
+            return err;
+          }));
+        
+        const results = await Promise.allSettled(savePromises);
+        const failures = results.filter(r => r.status === 'rejected');
+        if (failures.length > 0) {
+          console.error(`${failures.length} communities failed to save.`);
-          }
         }
         console.log('Done.');

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/migrate_duplicated_community_channels_and_groups.ts` around lines 142
- 146, Wrap each c.save() in error handling so a failed save doesn't crash the
whole migration: inside the for (const c of communities) loop check
affectedCommunities.has(c._id.toString()) then try { await c.save(); } catch
(err) { log the error and continue } or accumulate save promises and use
Promise.allSettled to inspect results and log failures; reference the loop
variables communities, affectedCommunities, and the c.save() call when
implementing this change.

---

81-81: ⚡ Quick win

Avoid type assertion undefined as any which bypasses type safety.

Setting required fields to undefined using as any circumvents TypeScript's type checking. Consider updating the Community model schema to make these fields optional, or use a more explicit approach.

♻️ Alternative approach

If the model supports it, use explicit typing:

-        c.group = undefined as any;
+        c.group = undefined;

Or consider using null if the schema allows it, which is more explicit about intentional absence.

Also applies to: 94-94, 117-117

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/migrate_duplicated_community_channels_and_groups.ts` at line 81, The
code is using `c.group = undefined as any` (and similar at lines 94 and 117),
which bypasses TypeScript safety; instead update the Community type/schema to
allow the field to be optional or nullable (e.g., change the Community
interface/property to `group?: Group | null` or `group: Group | null`) and then
set `c.group = null` (or `delete c.group`) when you mean to remove it, or cast
the object to a Partial<Community> only where you intentionally mutate optional
fields; locate assignments to `c.group` in this file and replace `undefined as
any` with a null/optional-safe approach.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/migrate_duplicated_community_channels_and_groups.ts`:
- Around line 116-118: The loop in the migration currently leaves objects with
undefined names in c.order_channels; instead clear the array entirely so the
community "loses all order_channels". Replace the logic that iterates over
c.order_channels (the for (const ch of c.order_channels) { ch.name = undefined
as any; } block) with code that empties the array (e.g., set c.order_channels =
[] or c.order_channels.length = 0) so tests and the console message ("loses all
order_channels") reflect a cleared list.

In `@tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts`:
- Line 15: The variable consoleLogStub is declared but never used, causing
ESLint failures; either remove the unused declaration entirely if you don't need
to silence logs, or keep the stub but rename it to _consoleLogStub (or prefix
with an underscore) so ESLint recognizes it as intentionally unused, and if
silencing is intended ensure you actually assign it to stub console.log in the
"Silence console" section (use consoleLogStub = sinon.stub(console, 'log') or
similar) and restore it after tests.

---

Nitpick comments:
In `@scripts/migrate_duplicated_community_channels_and_groups.ts`:
- Around line 142-146: Wrap each c.save() in error handling so a failed save
doesn't crash the whole migration: inside the for (const c of communities) loop
check affectedCommunities.has(c._id.toString()) then try { await c.save(); }
catch (err) { log the error and continue } or accumulate save promises and use
Promise.allSettled to inspect results and log failures; reference the loop
variables communities, affectedCommunities, and the c.save() call when
implementing this change.
- Line 81: The code is using `c.group = undefined as any` (and similar at lines
94 and 117), which bypasses TypeScript safety; instead update the Community
type/schema to allow the field to be optional or nullable (e.g., change the
Community interface/property to `group?: Group | null` or `group: Group | null`)
and then set `c.group = null` (or `delete c.group`) when you mean to remove it,
or cast the object to a Partial<Community> only where you intentionally mutate
optional fields; locate assignments to `c.group` in this file and replace
`undefined as any` with a null/optional-safe approach.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e713a016-fcca-4390-a8b0-43d313163aac

📥 Commits

Reviewing files that changed from the base of the PR and between 08a3f6c and d4e9b60.

📒 Files selected for processing (3)

• models/community.ts
• scripts/migrate_duplicated_community_channels_and_groups.ts
• tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• models/community.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@bot/messages.ts`:
- Around line 735-741: Persist the order closure before attempting Telegram
notifications: set order.status = 'CLOSED' and await order.save() immediately
(using the same order.save call currently on Line 739/799) so the DB reflects
closure even if messaging fails, then call bot.telegram.sendMessage(...) in a
try/catch and log or ignore send errors; update both places around the
sendMessage -> order.save sequence to ensure closure is always persisted first
and notifications are isolated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 927c6e9f-7d53-4841-862d-43714426c412

📥 Commits

Reviewing files that changed from the base of the PR and between d4e9b60 and 518f5ad.

📒 Files selected for processing (12)

• bot/messages.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts

✅ Files skipped from review due to trivial changes (6)

• locales/uk.yaml
• locales/es.yaml
• locales/en.yaml
• locales/it.yaml
• locales/de.yaml
• locales/ru.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts

[mostronatorcoder]

The publish-time ownership revalidation looks correct and does address the reported bug. I also agree with enforcing global uniqueness for group and dispute_channel, since allowing multiple communities to share those identifiers would create ambiguity and operational issues.

My remaining concern is specifically about order_channels.name:

1. order_channels.name is defined inside an embedded array schema, and adding unique: true, sparse: true there is a much trickier change than the top-level group / dispute_channel constraints. Even if global uniqueness is the intended business rule, I would like this handled more explicitly because unique indexes on embedded array fields can be harder to reason about and maintain.

2. The migration does not cleanly remove conflicting order channels. It sets each conflicted ch.name = undefined, which leaves partially-cleared embedded documents behind. If a community is losing conflicting order channels, those entries should be removed cleanly instead of leaving invalid/incomplete objects in the array.

3. Please add logging when channel validation fails due to missing community owner or failed admin check. This path is security-relevant and currently has very little observability.

4. Minor: forEach(async ...) in getOrderChannel should be replaced with a normal synchronous iteration.

Summary: I agree with the direction of the fix and with making group / dispute_channel globally unique. I am only requesting changes on the order_channels implementation details before approving.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@models/community.ts`:
- Line 20: Change the IOrderChannel interface so its name property is optional
(declare name?: string in IOrderChannel) to match the mongoose schema; then
update all call sites that assume a non-null name (e.g., the usages in
util/index.ts that access .name directly) to safely handle undefined by adding
null-checks or using optional chaining and fallback values where appropriate so
runtime accesses no longer rely on a guaranteed string.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 91b6d3ad-3c83-490f-a3fc-22cf5b362649

📥 Commits

Reviewing files that changed from the base of the PR and between 518f5ad and d79306f.

📒 Files selected for processing (14)

• bot/messages.ts
• locales/de.yaml
• locales/en.yaml
• locales/es.yaml
• locales/fa.yaml
• locales/fr.yaml
• locales/it.yaml
• locales/ko.yaml
• locales/pt.yaml
• locales/ru.yaml
• locales/uk.yaml
• models/community.ts
• scripts/migrate_duplicated_community_channels_and_groups.ts
• tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts

✅ Files skipped from review due to trivial changes (8)

• locales/es.yaml
• locales/fa.yaml
• locales/en.yaml
• locales/fr.yaml
• locales/de.yaml
• locales/ko.yaml
• locales/ru.yaml
• locales/pt.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• bot/messages.ts
• locales/it.yaml
• scripts/migrate_duplicated_community_channels_and_groups.ts
• tests/scripts/migrate_duplicated_community_channels_and_groups.spec.ts

[mostronatorcoder]

This now looks good to me.

The publish-time ownership revalidation correctly addresses the reported bug, the migration now clears conflicting order_channels cleanly, and the unnecessary async iteration was removed. Adding logging on channel validation failure also improves observability in a security-relevant path.

Minor non-blocking note: it would still be useful to log when the community owner cannot be found before returning undefined, for completeness and easier debugging of inconsistent community state.