Release 1.1.5 hotfix (#217)

* [SDP-1118] Hotfix: sanitize disbursement instructions (#211)
* chore bump go version to 1.22.1 (#216)

.github/workflows/ci.yml

@@ -21,12 +21,12 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 1.22.1
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # version v3.4.0
+        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # version v4.0.0
         with:
-          version: v1.52.2 # this is the golangci-lint version
+          version: v1.56.2 # this is the golangci-lint version
           args: --timeout 5m0s
 
       - name: Run ./gomod.sh
@@ -75,7 +75,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 1.22.1
 
       - name: Build Project
         run: go build ./...
@@ -112,7 +112,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 1.22.1
 
       - name: Run tests
         run: go test -race -coverpkg=./... -coverprofile=c.out ./...

CHANGELOG.md

@@ -8,6 +8,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 None
 
+## [1.1.5](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.1.4...1.1.5)
+
+### Fixed
+
+- Trim whitespaces for all disbursement instruction fields during CSV upload to avoid duplication of data  [#211](https://github.com/stellar/stellar-disbursement-platform-backend/pull/211)
+
+### Security
+
+- Upgrade golang version to 1.22.1 for security reasons [#216](https://github.com/stellar/stellar-disbursement-platform-backend/pull/216)
+
 ## [1.1.4](https://github.com/stellar/stellar-disbursement-platform-backend/compare/1.1.3...1.1.4)
 
 ### Fixed

Dockerfile

@@ -3,7 +3,7 @@
 # To push:
 #    make docker-push
 
-FROM golang:1.20-bullseye as build
+FROM golang:1.22.1-bullseye AS build
 ARG GIT_COMMIT
 
 WORKDIR /src/stellar-disbursement-platform

cmd/serve_test.go

@@ -156,7 +156,7 @@ func Test_serve(t *testing.T) {
 	mServer.On("StartMetricsServe", serveMetricOpts, mock.AnythingOfType("*serve.HTTPServer")).Once()
 	mServer.On("StartServe", serveOpts, mock.AnythingOfType("*serve.HTTPServer")).Once()
 	mServer.
-		On("GetSchedulerJobRegistrars", mock.AnythingOfType("*context.emptyCtx"), serveOpts, schedulerOptions, mock.Anything).
+		On("GetSchedulerJobRegistrars", mock.AnythingOfType("context.backgroundCtx"), serveOpts, schedulerOptions, mock.Anything).
 		Return([]scheduler.SchedulerJobRegisterOption{}, nil).
 		Once()
 	mServer.wg.Add(1)

go.mod

@@ -1,6 +1,6 @@
 module github.com/stellar/stellar-disbursement-platform-backend
 
-go 1.19
+go 1.22.1
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2

helmchart/sdp/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: stellar-disbursement-platform
 description: A Helm chart for the Stellar Disbursement Platform Backend (A.K.A. `sdp`)
 version: 0.9.4
-appVersion: "1.1.4"
+appVersion: "1.1.5"
 type: application
 maintainers:
   - name: Stellar Development Foundation

internal/data/disbursement_instructions.go

@@ -145,7 +145,6 @@ func (di DisbursementInstructionModel) ProcessAll(ctx context.Context, userID st
 						return fmt.Errorf("%w: receiver verification for %s doesn't match", ErrReceiverVerificationMismatch, receiver.PhoneNumber)
 					}
 					err = di.receiverVerificationModel.UpdateVerificationValue(ctx, dbTx, verification.ReceiverID, verification.VerificationField, instruction.VerificationValue)
-
 					if err != nil {
 						return fmt.Errorf("error updating receiver verification for disbursement id %s: %w", disbursement.ID, err)
 					}

internal/data/receiver_verification.go

@@ -169,7 +169,6 @@ func (m *ReceiverVerificationModel) UpdateVerificationValue(ctx context.Context,
 	`
 
 	_, err = sqlExec.ExecContext(ctx, query, hashedValue, receiverID, verificationField)
-
 	if err != nil {
 		return fmt.Errorf("error updating receiver verification: %w", err)
 	}

internal/serve/httphandler/disbursement_handler.go

@@ -434,16 +434,19 @@ func parseInstructionsFromCSV(file io.Reader, verificationField data.Verificatio
 		return nil, validator
 	}
 
+	var sanitizedInstructions []*data.DisbursementInstruction
 	for i, instruction := range instructions {
+		sanitizedInstruction := validator.SanitizeInstruction(instruction)
 		lineNumber := i + 2 // +1 for header row, +1 for 0-index
-		validator.ValidateInstruction(instruction, lineNumber)
+		validator.ValidateInstruction(sanitizedInstruction, lineNumber)
+		sanitizedInstructions = append(sanitizedInstructions, sanitizedInstruction)
 	}
 
-	validator.Check(len(instructions) > 0, "instructions", "no valid instructions found")
+	validator.Check(len(sanitizedInstructions) > 0, "instructions", "no valid instructions found")
 
 	if validator.HasErrors() {
 		return nil, validator
 	}
 
-	return instructions, nil
+	return sanitizedInstructions, nil
 }

internal/serve/validators/disbursement_instructions_validator.go

@@ -30,10 +30,10 @@ func NewDisbursementInstructionsValidator(verificationField data.VerificationFie
 }
 
 func (iv *DisbursementInstructionsValidator) ValidateInstruction(instruction *data.DisbursementInstruction, lineNumber int) {
-	phone := strings.TrimSpace(instruction.Phone)
-	id := strings.TrimSpace(instruction.ID)
-	amount := strings.TrimSpace(instruction.Amount)
-	verification := strings.TrimSpace(instruction.VerificationValue)
+	phone := instruction.Phone
+	id := instruction.ID
+	amount := instruction.Amount
+	verification := instruction.VerificationValue
 
 	// validate phone field
 	iv.CheckError(utils.ValidatePhoneNumber(phone), fmt.Sprintf("line %d - phone", lineNumber), "invalid phone format. Correct format: +380445555555")
@@ -65,3 +65,17 @@ func (iv *DisbursementInstructionsValidator) ValidateInstruction(instruction *da
 		log.Warnf("Verification field %v is not being validated for ValidateReceiver", iv)
 	}
 }
+
+func (iv *DisbursementInstructionsValidator) SanitizeInstruction(instruction *data.DisbursementInstruction) *data.DisbursementInstruction {
+	var sanitizedInstruction data.DisbursementInstruction
+	sanitizedInstruction.Phone = strings.TrimSpace(instruction.Phone)
+	sanitizedInstruction.ID = strings.TrimSpace(instruction.ID)
+	sanitizedInstruction.Amount = strings.TrimSpace(instruction.Amount)
+	sanitizedInstruction.VerificationValue = strings.TrimSpace(instruction.VerificationValue)
+
+	if instruction.ExternalPaymentId != nil {
+		externalPaymentId := strings.TrimSpace(*instruction.ExternalPaymentId)
+		sanitizedInstruction.ExternalPaymentId = &externalPaymentId
+	}
+	return &sanitizedInstruction
+}

internal/serve/validators/disbursement_instructions_validator_test.go

@@ -214,3 +214,56 @@ func Test_DisbursementInstructionsValidator_ValidateAndGetInstruction(t *testing
 		})
 	}
 }
+
+func Test_DisbursementInstructionsValidator_SanitizeInstruction(t *testing.T) {
+	externalPaymentID := "123456789"
+	externalPaymentIDWithSpaces := "  123456789  "
+	tests := []struct {
+		name                string
+		actual              *data.DisbursementInstruction
+		expectedInstruction *data.DisbursementInstruction
+	}{
+		{
+			name: "Sanitized instruction",
+			actual: &data.DisbursementInstruction{
+				Phone:             "  +380445555555  ",
+				ID:                "  123456789  ",
+				Amount:            "  100.5  ",
+				VerificationValue: "  1990-01-01  ",
+			},
+			expectedInstruction: &data.DisbursementInstruction{
+				Phone:             "+380445555555",
+				ID:                "123456789",
+				Amount:            "100.5",
+				VerificationValue: "1990-01-01",
+				ExternalPaymentId: nil,
+			},
+		},
+		{
+			name: "Sanitized instruction with external payment id",
+			actual: &data.DisbursementInstruction{
+				Phone:             "  +380445555555  ",
+				ID:                "  123456789  ",
+				Amount:            "  100.5  ",
+				VerificationValue: "  1990-01-01  ",
+				ExternalPaymentId: &externalPaymentIDWithSpaces,
+			},
+			expectedInstruction: &data.DisbursementInstruction{
+				Phone:             "+380445555555",
+				ID:                "123456789",
+				Amount:            "100.5",
+				VerificationValue: "1990-01-01",
+				ExternalPaymentId: &externalPaymentID,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			iv := NewDisbursementInstructionsValidator(data.VerificationFieldDateOfBirth)
+			sanitizedInstruction := iv.SanitizeInstruction(tt.actual)
+
+			assert.Equal(t, tt.expectedInstruction, sanitizedInstruction)
+		})
+	}
+}

internal/statistics/calculate_statistics.go

@@ -225,7 +225,6 @@ func getReceiverWalletsStats(ctx context.Context, sqlExec db.SQLExecuter, disbur
 		)
 
 		err = rows.Scan(&status, &count)
-
 		if err != nil {
 			return nil, fmt.Errorf("attributing values to rows: %w", err)
 		}

main.go

@@ -11,7 +11,7 @@ import (
 
 // Version is the official version of this application. Whenever it's changed
 // here, it also needs to be updated at the `helmchart/Chart.yaml#appVersion“.
-const Version = "1.1.4"
+const Version = "1.1.5"
 
 // GitCommit is populated at build time by
 // go build -ldflags "-X main.GitCommit=$GIT_COMMIT"