sync(api): copy latest standalone code and merge alembic migrations

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-03 07:54:31 +00:00
parent 3a2231921a
commit b52fae5894
32 changed files with 717 additions and 498 deletions
@@ -4,6 +4,8 @@ Alerts are generated by StickerShock and ShrinkRay services and written to the D
 This service reads them for the API gateway.
 """

+from uuid import UUID
+
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -13,7 +15,7 @@ class AlertService:
    def __init__(self, db: AsyncSession) -> None:
        self.db = db

-    async def list_alerts(self, user_id: str) -> list[dict]:
+    async def list_alerts(self, user_id: UUID) -> list[dict]:
        """List shrinkflation events for products the user has purchased."""
        from cartsnitch_api.models import Purchase, PurchaseItem, ShrinkflationEvent

@@ -55,7 +57,7 @@ class AlertService:
            for e in events
        ]

-    async def get_settings(self, user_id: str) -> dict:
+    async def get_settings(self, user_id: UUID) -> dict:
        # Alert settings would be stored in a user_settings table.
        # For now, return defaults since the table doesn't exist yet in common lib.
        return {
@@ -64,7 +66,7 @@ class AlertService:
            "email_notifications": False,
        }

-    async def update_settings(self, user_id: str, **fields) -> dict:
+    async def update_settings(self, user_id: UUID, **fields) -> dict:
        # Would update user_settings table. Return merged defaults for now.
        current = await self.get_settings(user_id)
        for k, v in fields.items():
@@ -1,19 +1,68 @@
-"""Auth service — user profile management.
+"""Auth service — user registration, login, token management."""

-Registration, login, token management, and session handling are now
-handled by the Better-Auth service (auth/). This service provides
-user lookup and profile update operations for the API gateway.
-"""
+from uuid import UUID

 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

+from cartsnitch_api.auth.jwt import create_access_token, create_refresh_token, decode_token
+from cartsnitch_api.auth.passwords import hash_password, verify_password
+from cartsnitch_api.config import settings
+

 class AuthService:
    def __init__(self, db: AsyncSession) -> None:
        self.db = db

-    async def get_user(self, user_id: str) -> dict:
+    async def register(self, email: str, password: str, display_name: str) -> dict:
+        from cartsnitch_api.models import User
+
+        existing = await self.db.execute(select(User).where(User.email == email))
+        if existing.scalar_one_or_none():
+            raise ValueError("Email already registered")
+
+        user = User(
+            email=email,
+            hashed_password=hash_password(password),
+            display_name=display_name,
+        )
+        self.db.add(user)
+        await self.db.commit()
+        await self.db.refresh(user)
+
+        return self._make_token_response(user.id)
+
+    async def login(self, email: str, password: str) -> dict:
+        from cartsnitch_api.models import User
+
+        result = await self.db.execute(select(User).where(User.email == email))
+        user = result.scalar_one_or_none()
+        if not user or not verify_password(password, user.hashed_password):
+            raise ValueError("Invalid email or password")
+
+        return self._make_token_response(user.id)
+
+    async def refresh(self, refresh_token: str) -> dict:
+        from cartsnitch_api.models import User
+
+        try:
+            payload = decode_token(refresh_token)
+        except ValueError:
+            raise ValueError("Invalid refresh token") from None
+
+        if payload.get("type") != "refresh":
+            raise ValueError("Invalid token type") from None
+
+        user_id = UUID(payload["sub"])
+
+        # Verify the user still exists before issuing new tokens
+        result = await self.db.execute(select(User).where(User.id == user_id))
+        if not result.scalar_one_or_none():
+            raise ValueError("User no longer exists")
+
+        return self._make_token_response(user_id)
+
+    async def get_user(self, user_id: UUID) -> dict:
        from cartsnitch_api.models import User

        result = await self.db.execute(select(User).where(User.id == user_id))
@@ -28,7 +77,7 @@ class AuthService:
            "created_at": user.created_at,
        }

-    async def update_user(self, user_id: str, **fields) -> dict:
+    async def update_user(self, user_id: UUID, **fields) -> dict:
        from cartsnitch_api.models import User

        result = await self.db.execute(select(User).where(User.id == user_id))
@@ -56,7 +105,7 @@ class AuthService:
            "created_at": user.created_at,
        }

-    async def delete_user(self, user_id: str) -> None:
+    async def delete_user(self, user_id: UUID) -> None:
        from cartsnitch_api.models import User

        result = await self.db.execute(select(User).where(User.id == user_id))
@@ -66,3 +115,11 @@ class AuthService:

        await self.db.delete(user)
        await self.db.commit()
+
+    def _make_token_response(self, user_id: UUID) -> dict:
+        return {
+            "access_token": create_access_token(user_id),
+            "refresh_token": create_refresh_token(user_id),
+            "token_type": "bearer",
+            "expires_in": settings.jwt_access_token_expire_minutes * 60,
+        }
@@ -29,7 +29,7 @@ class CouponService:
        coupons = result.scalars().all()
        return [self._to_dict(c) for c in coupons]

-    async def relevant_coupons(self, user_id: str) -> list[dict]:
+    async def relevant_coupons(self, user_id: UUID) -> list[dict]:
        """Coupons for products the user has purchased."""
        from cartsnitch_api.models import Coupon, PurchaseItem

@@ -13,7 +13,7 @@ class PurchaseService:

    async def list_purchases(
        self,
-        user_id: str,
+        user_id: UUID,
        store_id: UUID | None = None,
        page: int = 1,
        page_size: int = 20,
@@ -56,7 +56,7 @@ class PurchaseService:
            for p, item_count, store_name in result.all()
        ]

-    async def get_purchase(self, purchase_id: UUID, user_id: str) -> dict:
+    async def get_purchase(self, purchase_id: UUID, user_id: UUID) -> dict:
        from cartsnitch_api.models import Purchase

        result = await self.db.execute(
@@ -88,7 +88,7 @@ class PurchaseService:
            ],
        }

-    async def get_stats(self, user_id: str) -> dict:
+    async def get_stats(self, user_id: UUID) -> dict:
        from cartsnitch_api.models import Purchase

        result = await self.db.execute(
@@ -1,6 +1,7 @@
 """Store service — list stores, manage user store account connections."""

 import json
+from uuid import UUID

 from cryptography.fernet import Fernet
 from sqlalchemy import select
@@ -34,7 +35,7 @@ class StoreService:
            for s in stores
        ]

-    async def list_user_stores(self, user_id: str) -> list[dict]:
+    async def list_user_stores(self, user_id: UUID) -> list[dict]:
        from cartsnitch_api.models import UserStoreAccount

        result = await self.db.execute(
@@ -59,7 +60,7 @@ class StoreService:
            for a in accounts
        ]

-    async def connect_store(self, user_id: str, store_slug: str, credentials: dict | None) -> dict:
+    async def connect_store(self, user_id: UUID, store_slug: str, credentials: dict | None) -> dict:
        from cartsnitch_api.models import Store, UserStoreAccount

        result = await self.db.execute(select(Store).where(Store.slug == store_slug))
@@ -106,7 +107,7 @@ class StoreService:
            "sync_status": "active",
        }

-    async def disconnect_store(self, user_id: str, store_slug: str) -> None:
+    async def disconnect_store(self, user_id: UUID, store_slug: str) -> None:
        from cartsnitch_api.models import Store, UserStoreAccount

        result = await self.db.execute(select(Store).where(Store.slug == store_slug))