feat(login-guard): unlock entire scope and report deleted keys
Frontend CI / Frontend (push) Successful in 3m13s
Backend CI / Backend (push) Successful in 15m21s

Admin login-lock reset now SCANs and clears all auth:login:* keys (any
scope) and surfaces redis_deleted_keys / fallback_deleted_keys back to
ops-web so the operator can tell whether the cache was actually hit.
Also tracks paired keys via a per-identifier index plus an unlock marker
so legacy/in-flight pair locks get cleared on the next acquire.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-02 20:56:38 +08:00
parent 22d0cd63a1
commit bbfeabdaa5
5 changed files with 494 additions and 39 deletions
@@ -292,10 +292,11 @@ func resetAdminUserLoginLockHandler(svc *app.AdminUserService) gin.HandlerFunc {
response.Error(c, err)
return
}
if err := svc.ResetLoginLock(c.Request.Context(), actorFromGin(c), id); err != nil {
result, err := svc.ResetLoginLock(c.Request.Context(), actorFromGin(c), id)
if err != nil {
response.Error(c, err)
return
}
response.Success(c, gin.H{"id": id})
response.Success(c, result)
}
}