Release: develop -> master (#2867)

* fix: improve refund cronjob validation (#2866)

* fix: allow BankTxReturn refund without userData

The chargebackTx cronjob now handles two cases:
1. Entries WITH userData: check KYC/risk status as before
2. Entries WITHOUT userData: process without KYC/risk check

This enables automatic refunds for unassigned deposits that
have no associated user account.

* fix: require creditorData for automatic refund processing

Cronjob now only processes entries where chargebackCreditorData is set.
This prevents unnecessary errors from validateRequiredCreditorFields.

* fix: require creditorData for BuyCrypto bank refund processing

Cronjob now only processes bank refunds where chargebackCreditorData is set.
Checkout refunds don't need creditorData (handled by checkout provider).

* fix: exclude 4xx client errors from Application Insights failures (#2865)

* fix: exclude 4xx client errors from Application Insights failures

Add TelemetryProcessor to mark 4xx responses as success=true.
Only 5xx server errors should appear in the Failures dashboard.

This reduces noise from expected client errors (400 Bad Request,
401 Unauthorized, 404 Not Found) in failure metrics and alerts.

* fix: use correct type for responseCode (string, not number)

Application Insights SDK types define responseCode as string.
Use parseInt() for proper type conversion before comparison.

* [NO-TASK] Minor improvements

---------

Co-authored-by: TaprootFreak <142087526+TaprootFreak@users.noreply.github.com>
Co-authored-by: David May <david.leo.may@gmail.com>

Author: TaprootFreak

src/main.ts

@@ -26,6 +26,19 @@ async function bootstrap() {
   if (process.env.APPINSIGHTS_INSTRUMENTATIONKEY) {
     AppInsights.setup().setAutoDependencyCorrelation(true).setAutoCollectConsole(true, true);
     AppInsights.defaultClient.context.tags[AppInsights.defaultClient.context.keys.cloudRole] = 'dfx-api';
+
+    // Don't mark 4xx client errors as failures - only 5xx are real server errors
+    AppInsights.defaultClient.addTelemetryProcessor((envelope) => {
+      const data = envelope.data as { baseType?: string; baseData?: { responseCode?: string; success?: boolean } };
+      if (data.baseType === 'RequestData' && data.baseData?.responseCode) {
+        const responseCode = parseInt(data.baseData.responseCode, 10);
+        if (responseCode >= 400 && responseCode < 500) {
+          data.baseData.success = true;
+        }
+      }
+      return true;
+    });
+
     AppInsights.start();
   }
 

src/subdomains/core/buy-crypto/process/services/buy-crypto-preparation.service.ts

@@ -464,7 +464,9 @@ export class BuyCryptoPreparationService {
     };
     const entities = await this.buyCryptoRepo.find({
       where: [
-        { ...baseRequest, chargebackIban: Not(IsNull()) },
+        // Bank refund: requires creditorData for FiatOutput
+        { ...baseRequest, chargebackIban: Not(IsNull()), chargebackCreditorData: Not(IsNull()) },
+        // Checkout refund: no creditorData needed
         { ...baseRequest, checkoutTx: { id: Not(IsNull()) } },
       ],
       relations: { checkoutTx: true, bankTx: true, cryptoInput: true, transaction: { userData: true } },

src/subdomains/generic/gs/gs.service.ts

@@ -243,7 +243,7 @@ export class GsService {
     }
 
     // 10. Log query for audit trail
-    this.logger.info(`Debug query by ${userIdentifier}: ${sql.substring(0, 500)}${sql.length > 500 ? '...' : ''}`);
+    this.logger.verbose(`Debug query by ${userIdentifier}: ${sql.substring(0, 500)}${sql.length > 500 ? '...' : ''}`);
 
     // 11. Execute query with result limit
     try {
@@ -255,7 +255,7 @@ export class GsService {
 
       return result;
     } catch (e) {
-      this.logger.warn(`Debug query by ${userIdentifier} failed: ${e.message}`);
+      this.logger.info(`Debug query by ${userIdentifier} failed: ${e.message}`);
       throw new BadRequestException('Query execution failed');
     }
   }
@@ -285,7 +285,7 @@ export class GsService {
     kql += `\n| take ${template.defaultLimit}`;
 
     // Log for audit
-    this.logger.info(`Log query by ${userIdentifier}: template=${dto.template}, params=${JSON.stringify(dto)}`);
+    this.logger.verbose(`Log query by ${userIdentifier}: template=${dto.template}, params=${JSON.stringify(dto)}`);
 
     // Execute
     const timespan = `PT${dto.hours ?? 1}H`;
@@ -302,7 +302,7 @@ export class GsService {
         rows: response.tables[0].rows,
       };
     } catch (e) {
-      this.logger.warn(`Log query by ${userIdentifier} failed: ${e.message}`);
+      this.logger.info(`Log query by ${userIdentifier} failed: ${e.message}`);
       throw new BadRequestException('Query execution failed');
     }
   }

src/subdomains/supporting/bank-tx/bank-tx-return/bank-tx-return.service.ts

@@ -42,19 +42,30 @@ export class BankTxReturnService {
   }
 
   async chargebackTx(): Promise<void> {
+    const baseWhere = {
+      chargebackAllowedDate: IsNull(),
+      chargebackAllowedDateUser: Not(IsNull()),
+      chargebackAmount: Not(IsNull()),
+      chargebackIban: Not(IsNull()),
+      chargebackCreditorData: Not(IsNull()),
+      chargebackOutput: IsNull(),
+    };
+
     const entities = await this.bankTxReturnRepo.find({
-      where: {
-        chargebackAllowedDate: IsNull(),
-        chargebackAllowedDateUser: Not(IsNull()),
-        chargebackAmount: Not(IsNull()),
-        chargebackIban: Not(IsNull()),
-        chargebackOutput: IsNull(),
-        userData: {
-          kycStatus: In([KycStatus.NA, KycStatus.COMPLETED]),
-          status: Not(UserDataStatus.BLOCKED),
-          riskStatus: In([RiskStatus.NA, RiskStatus.RELEASED]),
+      where: [
+        {
+          ...baseWhere,
+          userData: IsNull(),
         },
-      },
+        {
+          ...baseWhere,
+          userData: {
+            kycStatus: In([KycStatus.NA, KycStatus.COMPLETED]),
+            status: Not(UserDataStatus.BLOCKED),
+            riskStatus: In([RiskStatus.NA, RiskStatus.RELEASED]),
+          },
+        },
+      ],
       relations: { bankTx: true, userData: true },
     });