feat: merge cartsnitch/api into api/ subdirectory

Consolidate API gateway service into monorepo. Squashed from https://github.com/cartsnitch/api main (89bacb1). Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-28 02:24:02 +00:00
commit b7e6f637a7
91 changed files with 6296 additions and 0 deletions
@@ -0,0 +1,55 @@
+"""Alembic environment configuration for CartSnitch."""
+
+import os
+from logging.config import fileConfig
+
+from sqlalchemy import engine_from_config, pool
+
+from alembic import context
+from cartsnitch_api.models import Base  # noqa: F401 — imports all models for autogenerate
+
+config = context.config
+if config.config_file_name is not None:
+    fileConfig(config.config_file_name)
+
+db_url = os.environ.get("CARTSNITCH_DATABASE_URL_SYNC")
+if not db_url:
+    raise RuntimeError(
+        "CARTSNITCH_DATABASE_URL_SYNC must be set. "
+        "Example: postgresql://user:pass@localhost:5432/cartsnitch"
+    )
+config.set_main_option("sqlalchemy.url", db_url)
+
+target_metadata = Base.metadata
+
+
+def run_migrations_offline() -> None:
+    """Run migrations in 'offline' mode."""
+    url = config.get_main_option("sqlalchemy.url")
+    context.configure(
+        url=url,
+        target_metadata=target_metadata,
+        literal_binds=True,
+        dialect_opts={"paramstyle": "named"},
+    )
+    with context.begin_transaction():
+        context.run_migrations()
+
+
+def run_migrations_online() -> None:
+    """Run migrations in 'online' mode."""
+    connectable = engine_from_config(
+        config.get_section(config.config_ini_section, {}),
+        prefix="sqlalchemy.",
+        poolclass=pool.NullPool,
+    )
+    with connectable.connect() as connection:
+        context.configure(connection=connection, target_metadata=target_metadata)
+        with context.begin_transaction():
+            context.run_migrations()
+
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()
@@ -0,0 +1,25 @@
+"""${message}
+
+Revision ID: ${up_revision}
+Revises: ${down_revision | comma,n}
+Create Date: ${create_date}
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+${imports if imports else ""}
+
+revision: str = ${repr(up_revision)}
+down_revision: Union[str, None] = ${repr(down_revision)}
+branch_labels: Union[str, Sequence[str], None] = ${repr(branch_labels)}
+depends_on: Union[str, Sequence[str], None] = ${repr(depends_on)}
+
+
+def upgrade() -> None:
+    ${upgrades if upgrades else "pass"}
+
+
+def downgrade() -> None:
+    ${downgrades if downgrades else "pass"}
@@ -0,0 +1,89 @@
+"""Encrypt existing plaintext session_data with Fernet.
+
+Revision ID: 001_encrypt_session_data
+Revises:
+Create Date: 2026-03-19
+"""
+
+import json
+import os
+
+import sqlalchemy as sa
+from cryptography.fernet import Fernet
+from sqlalchemy import text
+
+from alembic import op
+
+revision = "001_encrypt_session_data"
+down_revision = None
+branch_labels = None
+depends_on = None
+
+
+def _get_fernet() -> Fernet:
+    key = os.environ.get("CARTSNITCH_FERNET_KEY")
+    if not key:
+        raise RuntimeError("CARTSNITCH_FERNET_KEY must be set to run this migration")
+    return Fernet(key.encode())
+
+
+def _is_fernet_token(value: str) -> bool:
+    """Check if a string looks like a Fernet token (base64 starting with gAAAAA)."""
+    return value.startswith("gAAAAA")
+
+
+def upgrade() -> None:
+    # Change column type from JSON to TEXT to hold Fernet ciphertext
+    op.alter_column(
+        "user_store_accounts",
+        "session_data",
+        type_=sa.Text(),
+        existing_type=sa.JSON(),
+        existing_nullable=True,
+        postgresql_using="session_data::text",
+    )
+
+    conn = op.get_bind()
+    rows = conn.execute(
+        text("SELECT id, session_data FROM user_store_accounts WHERE session_data IS NOT NULL")
+    ).fetchall()
+
+    f = _get_fernet()
+    for row_id, session_data in rows:
+        raw = str(session_data)
+        if _is_fernet_token(raw):
+            continue
+        plaintext = raw if isinstance(session_data, str) else json.dumps(session_data)
+        encrypted = f.encrypt(plaintext.encode()).decode()
+        conn.execute(
+            text("UPDATE user_store_accounts SET session_data = :data WHERE id = :id"),
+            {"data": encrypted, "id": row_id},
+        )
+
+
+def downgrade() -> None:
+    conn = op.get_bind()
+    rows = conn.execute(
+        text("SELECT id, session_data FROM user_store_accounts WHERE session_data IS NOT NULL")
+    ).fetchall()
+
+    f = _get_fernet()
+    for row_id, session_data in rows:
+        raw = str(session_data)
+        if not _is_fernet_token(raw):
+            continue
+        decrypted = f.decrypt(raw.encode()).decode()
+        conn.execute(
+            text("UPDATE user_store_accounts SET session_data = :data WHERE id = :id"),
+            {"data": decrypted, "id": row_id},
+        )
+
+    # Revert column type from TEXT back to JSON
+    op.alter_column(
+        "user_store_accounts",
+        "session_data",
+        type_=sa.JSON(),
+        existing_type=sa.Text(),
+        existing_nullable=True,
+        postgresql_using="session_data::json",
+    )