sync(api): copy latest standalone code and merge alembic migrations

Co-Authored-By: Paperclip <noreply@paperclip.ing>

tests/conftest.py

@@ -1,16 +1,8 @@
-"""Shared test fixtures with in-memory SQLite database.
-
-Session-based auth: tests create users and sessions directly in the DB,
-matching the Better-Auth session validation flow.
-"""
-
-import secrets
-import uuid
-from datetime import UTC, datetime, timedelta
+"""Shared test fixtures with in-memory SQLite database."""
 
 import pytest
 from httpx import ASGITransport, AsyncClient
-from sqlalchemy import create_engine, event, text
+from sqlalchemy import create_engine, event
 from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
 from sqlalchemy.orm import sessionmaker
 
@@ -59,46 +51,6 @@ async def db_engine():
 
     async with engine.begin() as conn:
         await conn.run_sync(Base.metadata.create_all)
-        # Create Better-Auth tables (not managed by SQLAlchemy models)
-        await conn.execute(text("""
-            CREATE TABLE IF NOT EXISTS sessions (
-                id TEXT PRIMARY KEY,
-                token TEXT NOT NULL UNIQUE,
-                user_id TEXT NOT NULL,
-                expires_at TIMESTAMP NOT NULL,
-                ip_address TEXT,
-                user_agent TEXT,
-                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
-                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
-            )
-        """))
-        await conn.execute(text("""
-            CREATE TABLE IF NOT EXISTS accounts (
-                id TEXT PRIMARY KEY,
-                user_id TEXT NOT NULL,
-                account_id TEXT NOT NULL,
-                provider_id TEXT NOT NULL,
-                access_token TEXT,
-                refresh_token TEXT,
-                access_token_expires_at TIMESTAMP,
-                refresh_token_expires_at TIMESTAMP,
-                scope TEXT,
-                id_token TEXT,
-                password TEXT,
-                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
-                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
-            )
-        """))
-        await conn.execute(text("""
-            CREATE TABLE IF NOT EXISTS verifications (
-                id TEXT PRIMARY KEY,
-                identifier TEXT NOT NULL,
-                value TEXT NOT NULL,
-                expires_at TIMESTAMP NOT NULL,
-                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
-                updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
-            )
-        """))
 
     yield engine
 
@@ -133,55 +85,17 @@ async def client(db_engine):
     app.dependency_overrides.clear()
 
 
-async def _create_test_user_and_session(client: AsyncClient, db_engine, **user_overrides) -> tuple[dict, str]:
-    """Create a test user and a valid session directly in the DB.
-
-    Returns (user_dict, session_token).
-    """
-    user_id = str(uuid.uuid4())
-    email = user_overrides.get("email", "test@example.com")
-    display_name = user_overrides.get("display_name", "Test User")
-    session_token = secrets.token_urlsafe(32)
-    session_id = str(uuid.uuid4())
-    now = datetime.now(UTC).isoformat()
-    expires = (datetime.now(UTC) + timedelta(days=7)).isoformat()
-
-    async with db_engine.begin() as conn:
-        await conn.execute(
-            text(
-                "INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
-                "VALUES (:id, :email, :hashed_password, :display_name, :email_verified, :created_at, :updated_at)"
-            ),
-            {
-                "id": user_id,
-                "email": email,
-                "hashed_password": "not-used-with-better-auth",
-                "display_name": display_name,
-                "email_verified": False,
-                "created_at": now,
-                "updated_at": now,
-            },
-        )
-        await conn.execute(
-            text(
-                "INSERT INTO sessions (id, token, user_id, expires_at, created_at, updated_at) "
-                "VALUES (:id, :token, :user_id, :expires_at, :created_at, :updated_at)"
-            ),
-            {
-                "id": session_id,
-                "token": session_token,
-                "user_id": user_id,
-                "expires_at": expires,
-                "created_at": now,
-                "updated_at": now,
-            },
-        )
-
-    return {"id": user_id, "email": email, "display_name": display_name}, session_token
-
-
 @pytest.fixture
-async def auth_headers(client, db_engine):
-    """Create a test user with a valid session and return auth headers."""
-    _, session_token = await _create_test_user_and_session(client, db_engine)
-    return {"Cookie": f"better-auth.session_token={session_token}"}
+async def auth_headers(client):
+    """Register a test user and return auth headers."""
+    resp = await client.post(
+        "/auth/register",
+        json={
+            "email": "test@example.com",
+            "password": "testpass123",
+            "display_name": "Test User",
+        },
+    )
+    assert resp.status_code == 201
+    token = resp.json()["access_token"]
+    return {"Authorization": f"Bearer {token}"}