feat(render+identity): daily render-limit — consume on submit, refund on admin-stop

Business rule: each user has a daily render limit. Admin-stop refunds the used charge (not the user's fault); a user's own cancel does not. - identity: ConsumeRenderChargeAsync / RefundRenderChargeAsync on DailyRemainRenderCount with lazy daily reset (mig 24: daily_renders_reset_at). Convention: max=0 ⇒ UNLIMITED, so existing 0/0 users keep rendering until an admin sets a real limit. - identity InternalController (service-token): POST /v1/internal/render-charge/{consume,refund} - render-svc: identityclient + on Create consume (block 429 when limit reached, fail-open on identity outage); on admin Stop refund the job owner; user /cancel unchanged - compose: IDENTITY_URL for render-svc, ServiceToken for identity-svc Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-03 02:18:00 +03:30
parent 7f7feabb85
commit 1f52f53cf7
9 changed files with 215 additions and 13 deletions
@@ -0,0 +1,11 @@
+-- =====================================================================
+-- IDENTITY SCHEMA — Part 24: daily render-quota reset timestamp
+-- Supports lazy daily reset of DailyRemainRenderCount. Convention:
+-- max_daily_render_count = 0  ⇒  UNLIMITED (no enforcement) — so existing
+-- users (all 0/0) keep rendering until an admin sets a real limit.
+-- =====================================================================
+
+SET search_path TO identity, public;
+
+ALTER TABLE identity.users
+    ADD COLUMN IF NOT EXISTS daily_renders_reset_at TIMESTAMPTZ;