cartsnitch/api

Author	SHA1	Message	Date
Barcode Betty	ae2fc15a5b	fix: resolve lint errors in test files [CAR-932] CI / lint (pull_request) Has been cancelled Details CI / typecheck (pull_request) Has been cancelled Details CI / test (pull_request) Has been cancelled Details CI / build-and-push (pull_request) Has been cancelled Details CI / deploy-dev (pull_request) Has been cancelled Details CI / deploy-uat (pull_request) Has been cancelled Details Fix 56 lint errors in test files that were blocking CI: - E501: Split long SQL INSERT statements across multiple lines - F401: Remove unused imports (os, unittest.mock.patch) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 22:09:33 +00:00
Barcode Betty	8a4c194e39	feat: Redis-backed rate limiting with stricter auth limits - Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings - Add rate_limit_redis_enabled flag for opt-in Redis usage - Refactor _SlidingWindowCounter into InMemorySlidingWindow class - Add RedisSlidingWindow using sorted sets with fallback to in-memory - Add third _auth_strict_limiter for POST /auth/* paths (5 req/min) - Add protocol-based backend selection at module load time - Update tests for auth strict limiter and Redis fallback behavior Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 02:10:02 +00:00
Paperclip	26f3415eab	feat: Redis-backed rate limiting with stricter auth limits - Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings to config.py - Refactor rate_limit.py to use protocol/ABC pattern with InMemorySlidingWindow and RedisSlidingWindow implementations - Add RedisSlidingWindow using sorted sets for distributed rate limiting - Add auth_strict_limiter for /auth/* POST endpoints (5 req/min per IP) - Fall back to in-memory when Redis is unavailable - Update tests to cover new functionality Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 15:46:52 +00:00
CartSnitch Engineer Bot	b5df9aba1e	fix(security): use SHA-256 hash for rate limit key instead of token suffix Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 11:36:17 +00:00
CartSnitch Engineer Bot	bbbf97d027	fix(api): revert auth/type regressions from standalone sync, keep email-in feature only - Revert auth/dependencies.py to cookie+Bearer dual auth with str user IDs - Add GET /auth/me/email-in-address endpoint for receipt email routing - Update User model: add email_inbound_token, change id/store_id/user_id to str - Update AuthService and UserResponse to use str user IDs - Update route count test: 33 -> 34 routes - Restore e2e test for email-in-address endpoint Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-03 09:40:39 +00:00
CartSnitch Engineer Bot	18ff5795ac	fix(auth): revert to Better-Auth session-cookie auth, preserve email-in feature - Revert auth/dependencies.py, auth/routes.py, services/auth.py, schemas.py to Better-Auth session-cookie auth (removed JWT register/login/refresh) - Preserve GET /auth/me/email-in-address endpoint - Fix UUIDString TypeDecorator: process_result_value returns uuid.UUID (not str) so SQLAlchemy 2.0 sentinel tracking matches UUID-to-UUID - Fix seed_data fixture: look up real user_id from session token via sessions table; purchases now reference actual user FK - Update purchase_data fixture to use session-cookie auth - Update test_auth_endpoints, test_auth_validation to cookie-based tests - Remove TestRegistrationErrors and TestLoginErrors (no longer applicable) - Update test_openapi.py expected routes and count - Update test_error_handler.py to use PATCH /auth/me validation Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-03 09:15:00 +00:00
Coupon Carl	b7e6f637a7	feat: merge cartsnitch/api into api/ subdirectory Consolidate API gateway service into monorepo. Squashed from https://github.com/cartsnitch/api main (89bacb1). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 02:24:02 +00:00

7 Commits