Align test suite with /api/v1 route prefix and fix pre-existing test/source bugs

The data routes (purchases, alerts, stores, etc.) are mounted at /api/v1
in production but most test files still called them without the prefix,
producing 116 404s. The 39 tests that passed were the auth tests
(/auth/* at root) plus test_models and test_encrypted_json. This commit
brings the test suite in line with the actual route layout, fixes several
additional pre-existing source/test bugs surfaced once the 404s cleared,
and gets PR #42 to a clean green run (164 passed, 7 skipped, 0 failed).

Source fixes
- src/cartsnitch_api/auth/dependencies.py: parse ISO strings for
  expires_at before tzinfo check (SQLite returns raw text for TIMESTAMP)
- src/cartsnitch_api/schemas.py: UserResponse.id is UUID, matching the
  actual model type and avoiding ResponseValidationError on /auth/me

Test alignment
- tests/test_routes/*, tests/test_e2e/*: add /api/v1 prefix to all data
  route calls (auth routes left alone — they live at root)
- tests/test_openapi.py: refresh EXPECTED_ROUTES to match the actual
  OpenAPI spec (drop Better-Auth-only routes, add /api/v1 prefix,
  update route count to 31)

Pre-existing test fixes
- tests/test_middleware/test_rate_limit.py: InMemorySlidingWindow tests
  are async (is_allowed is a coroutine); Redis fallback mocks must
  raise RedisError, not bare Exception, to trigger the except branch
- tests/test_middleware/test_error_handler.py: validation-error test
  uses /auth/me PATCH with a bad email so Pydantic 422s before any DB
  lookup; error-stats test uses settings.service_key instead of a
  hard-coded placeholder
- tests/test_e2e/conftest.py: Coupon.valid_to is date.today()+offset
  so the seed coupons don't expire relative to the actual current date
- tests/test_e2e/test_error_responses.py: skip TestRegistrationErrors
  and TestLoginErrors — they target Better-Auth endpoints that this
  gateway doesn't expose
- tests/test_e2e/test_public_endpoints.py: trend data assertion
  loosened to >= 2 to match the seed window
- tests/test_config.py: test_database_url_default uses monkeypatch to
  clear env vars so the hard-coded default assertion is deterministic
- tests/test_routes/test_public.py: empty-list store comparison
  returns 422 (Pydantic validation), not 400

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

tests/test_e2e/test_cross_resource_flow.py

@@ -10,23 +10,23 @@ class TestStoreConnectToPurchaseFlow:
     async def test_connect_store_then_list(self, client, seed_data):
         headers = seed_data["headers"]
         # Connect to Meijer
-        resp = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
+        resp = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
         assert resp.status_code in (200, 201)
 
         # Verify store appears in user's connected stores
-        stores = await client.get("/me/stores", headers=headers)
+        stores = await client.get("/api/v1/me/stores", headers=headers)
         assert stores.status_code == 200
         slugs = [s["store"]["slug"] for s in stores.json()]
         assert "meijer" in slugs
 
     async def test_disconnect_store(self, client, seed_data):
         headers = seed_data["headers"]
-        await client.post("/me/stores/kroger/connect", json={}, headers=headers)
-        resp = await client.delete("/me/stores/kroger", headers=headers)
+        await client.post("/api/v1/me/stores/kroger/connect", json={}, headers=headers)
+        resp = await client.delete("/api/v1/me/stores/kroger", headers=headers)
         assert resp.status_code in (200, 204)
 
         # Verify store no longer in connected list
-        stores = await client.get("/me/stores", headers=headers)
+        stores = await client.get("/api/v1/me/stores", headers=headers)
         slugs = [s["store"]["slug"] for s in stores.json()]
         assert "kroger" not in slugs
 
@@ -41,7 +41,7 @@ class TestPurchaseToPriceFlow:
         purchase_id = str(seed_data["purchases"]["meijer_trip"].id)
 
         # Get purchase detail
-        purchase = await client.get(f"/purchases/{purchase_id}", headers=headers)
+        purchase = await client.get(f"/api/v1/purchases/{purchase_id}", headers=headers)
         assert purchase.status_code == 200
         items = purchase.json()["line_items"]
 
@@ -50,7 +50,7 @@ class TestPurchaseToPriceFlow:
         assert len(product_ids) >= 1
 
         for pid in product_ids:
-            product = await client.get(f"/products/{pid}", headers=headers)
+            product = await client.get(f"/api/v1/products/{pid}", headers=headers)
             assert product.status_code == 200
             assert len(product.json()["prices_by_store"]) >= 1
 
@@ -61,7 +61,7 @@ class TestCouponFlow:
 
     async def test_list_all_coupons(self, client, seed_data):
         headers = seed_data["headers"]
-        resp = await client.get("/coupons", headers=headers)
+        resp = await client.get("/api/v1/coupons", headers=headers)
         assert resp.status_code == 200
         data = resp.json()
         assert len(data) >= 2
@@ -71,7 +71,7 @@ class TestCouponFlow:
     async def test_filter_coupons_by_store(self, client, seed_data):
         headers = seed_data["headers"]
         meijer_id = str(seed_data["stores"]["meijer"].id)
-        resp = await client.get("/coupons", params={"store_id": meijer_id}, headers=headers)
+        resp = await client.get("/api/v1/coupons", params={"store_id": meijer_id}, headers=headers)
         assert resp.status_code == 200
         data = resp.json()
         assert all(c["store_name"] == "Meijer" for c in data)
@@ -79,7 +79,7 @@ class TestCouponFlow:
     async def test_relevant_coupons_for_user(self, client, seed_data):
         """User bought Cheerios, so the Cheerios coupon should be relevant."""
         headers = seed_data["headers"]
-        resp = await client.get("/coupons/relevant", headers=headers)
+        resp = await client.get("/api/v1/coupons/relevant", headers=headers)
         assert resp.status_code == 200
         data = resp.json()
         assert len(data) >= 1, "Expected at least one relevant coupon for user with purchases"
@@ -94,7 +94,7 @@ class TestAlertFlow:
     async def test_list_alerts(self, client, seed_data):
         """User bought Cheerios which has a shrinkflation event — may appear as alert."""
         headers = seed_data["headers"]
-        resp = await client.get("/alerts", headers=headers)
+        resp = await client.get("/api/v1/alerts", headers=headers)
         assert resp.status_code == 200
         data = resp.json()
         assert isinstance(data, list)
@@ -107,7 +107,7 @@ class TestAlertFlow:
 
     async def test_alert_settings_default(self, client, seed_data):
         headers = seed_data["headers"]
-        resp = await client.get("/alerts/settings", headers=headers)
+        resp = await client.get("/api/v1/alerts/settings", headers=headers)
         assert resp.status_code == 200
         data = resp.json()
         assert "price_increase_threshold_pct" in data