cartsnitch/api
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: cartsnitch/api:betty/fix-lint-errors
Branches Tags
cartsnitch/api:main cartsnitch/api:dev cartsnitch/api:uat cartsnitch/api:betty/car-1362-cache-remove-uat cartsnitch/api:betty/car-1362-push-unknown-fix cartsnitch/api:betty/car-1362-remove-gha-cache-dev cartsnitch/api:betty/car-1330-buildpush-registry-token-dev cartsnitch/api:betty/car-1330-buildpush-registry-token-uat cartsnitch/api:betty/car-1330-dev-ci-fix cartsnitch/api:betty/car-1340-uat-ci-fix cartsnitch/api:barcode-betty/fix-car-1135-dispose-engine cartsnitch/api:betty/car-1132-comprehensive-fix cartsnitch/api:promote/car1077-dev-uat cartsnitch/api:betty/fix-postgres-pool cartsnitch/api:betty/fix-sqlite-uuid-server-default cartsnitch/api:betty/fix-ci-test-failures-v2 cartsnitch/api:remove-deploy-dev-uat-jobs cartsnitch/api:betty/fix-ci-test-failures cartsnitch/api:barcode-betty/fix-lint-f402 cartsnitch/api:betty/fix-email-inbound-token-tests cartsnitch/api:barcode-betty/car-1004-fix-ruff-lint cartsnitch/api:betty/fix-lint-errors cartsnitch/api:fix/cart-995-gitea-registry-migration cartsnitch/api:fix-gitea-registry-migration cartsnitch/api:betty/car-995-gitea-registry cartsnitch/api:betty/car-932-dispose-import-v3 cartsnitch/api:barcode-betty/car-995-gitea-registry cartsnitch/api:betty/car-932-fix-dispose-engine cartsnitch/api:betty/car-964-gitea-registry-v2 cartsnitch/api:barcode-betty/gitea-registry cartsnitch/api:barcode-betty/fix-dispose-engine-import cartsnitch/api:savannah/fix-ci-uat-trigger cartsnitch/api:barcode-betty/fix-ci-uat-trigger cartsnitch/api:betty/car-869-gitea-actions-api cartsnitch/api:betty/car-723-final-review cartsnitch/api:betty/car-723-ci-workflow cartsnitch/api:feat/car-723-migrate-api-to-new-repo
...
pull from: cartsnitch/api:betty/fix-sqlite-uuid-server-default
Branches Tags
cartsnitch/api:dev cartsnitch/api:uat cartsnitch/api:betty/car-1362-cache-remove-uat cartsnitch/api:betty/car-1362-push-unknown-fix cartsnitch/api:betty/car-1362-remove-gha-cache-dev cartsnitch/api:betty/car-1330-buildpush-registry-token-dev cartsnitch/api:betty/car-1330-buildpush-registry-token-uat cartsnitch/api:betty/car-1330-dev-ci-fix cartsnitch/api:betty/car-1340-uat-ci-fix cartsnitch/api:barcode-betty/fix-car-1135-dispose-engine cartsnitch/api:betty/car-1132-comprehensive-fix cartsnitch/api:promote/car1077-dev-uat cartsnitch/api:betty/fix-postgres-pool cartsnitch/api:betty/fix-sqlite-uuid-server-default cartsnitch/api:betty/fix-ci-test-failures-v2 cartsnitch/api:remove-deploy-dev-uat-jobs cartsnitch/api:main cartsnitch/api:betty/fix-ci-test-failures cartsnitch/api:barcode-betty/fix-lint-f402 cartsnitch/api:betty/fix-email-inbound-token-tests cartsnitch/api:barcode-betty/car-1004-fix-ruff-lint cartsnitch/api:betty/fix-lint-errors cartsnitch/api:fix/cart-995-gitea-registry-migration cartsnitch/api:fix-gitea-registry-migration cartsnitch/api:betty/car-995-gitea-registry cartsnitch/api:betty/car-932-dispose-import-v3 cartsnitch/api:barcode-betty/car-995-gitea-registry cartsnitch/api:betty/car-932-fix-dispose-engine cartsnitch/api:betty/car-964-gitea-registry-v2 cartsnitch/api:barcode-betty/gitea-registry cartsnitch/api:barcode-betty/fix-dispose-engine-import cartsnitch/api:savannah/fix-ci-uat-trigger cartsnitch/api:barcode-betty/fix-ci-uat-trigger cartsnitch/api:betty/car-869-gitea-actions-api cartsnitch/api:betty/car-723-final-review cartsnitch/api:betty/car-723-ci-workflow cartsnitch/api:feat/car-723-migrate-api-to-new-repo

14 Commits
betty/fix-lint-errors ... betty/fix-sqlite-uuid-server-default

Author SHA1 Message Date
Flea Flicker 8c78fde48d Fix SQLite UUID and server_default incompatibilities in test fixtures
CI / lint (pull_request) Failing after 7s
Details
CI / typecheck (pull_request) Failing after 48s
Details
CI / test (pull_request) Failing after 1m35s
Details
CI / build-and-push (pull_request) Has been skipped
Details 
Adds SQLiteCompatibleUUID TypeDecorator and _StringUUID fallback to handle
PostgreSQL UUID and Text PK columns when using SQLite test database.

- SQLiteCompatibleUUID: converts uuid.UUID to CHAR(32) hex string for bind,
  returns uuid.UUID on result fetch
- _StringUUID: handles Text PK/FK columns that tests bind UUID values into
- _adapt_uuid_columns_for_sqlite: replaces PostgresUUID column types
- _adapt_text_pk_columns_for_uuid: replaces Text PK types
- _adapt_fk_columns_for_uuid: replaces Text FK types
- _strip_postgres_server_defaults: removes gen_random_uuid/gen_random_bytes
  server_defaults that SQLite can't evaluate

Updates test_encrypted_json.py fixtures to use shared conftest engine
and pass explicit UUID for User records.

Fixes CAR-1111.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-01 11:37:05 +00:00
Barcode Betty 84c143c4e7 Remove deploy-dev/deploy-uat CI jobs (CAR-1069) (#37)
CI / lint (push) Failing after 3s
Details
CI / typecheck (push) Failing after 19s
Details
CI / lint (pull_request) Failing after 4s
Details
CI / test (push) Failing after 30s
Details
CI / build-and-push (push) Has been skipped
Details
CI / typecheck (pull_request) Failing after 18s
Details
CI / test (pull_request) Failing after 29s
Details
CI / build-and-push (pull_request) Has been skipped
Details 
Co-authored-by: Barcode Betty <32+cs_betty@noreply.git.farh.net>
Co-committed-by: Barcode Betty <32+cs_betty@noreply.git.farh.net>
 2026-05-27 01:56:53 +00:00
Savannah Savings 1c42e4b0af Merge pull request 'Fix: strip PostgreSQL server_defaults from SQLite test fixtures' (#32) from betty/fix-email-inbound-token-tests into dev
CI / lint (push) Failing after 7s
Details
CI / typecheck (push) Failing after 17s
Details
CI / test (push) Failing after 18s
Details
CI / build-and-push (push) Has been skipped
Details
CI / deploy-uat (push) Has been skipped
Details
CI / deploy-dev (push) Failing after 25s
Details 
Merge PR #32: Fix SQLite server_default stripping for test fixtures
 2026-05-23 23:46:59 +00:00
Barcode Betty 6755ca8c27 Fix: strip PostgreSQL server_default from UUID + gen_random_bytes columns for SQLite tests
CI / lint (pull_request) Failing after 3s
Details
CI / typecheck (pull_request) Failing after 19s
Details
CI / test (pull_request) Failing after 16s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
The sync engine fixture (engine) and async engine fixture (db_engine) now
iterate all Base.metadata tables and null server_default on any column
whose SQL text contains 'gen_random_uuid' or 'gen_random_bytes'. This
covers all UUIDPrimaryKeyMixin columns (Purchase, PurchaseItem, Store,
StoreLocation, Coupon, NormalizedProduct, PriceHistory,
ShrinkflationEvent, UserStoreAccount) as well as the
email_inbound_token gen_random_bytes expression in User.

Without this, SQLite raises 'type UUID is not supported' when the ORM
tries to bind Python UUID objects, and NOT NULL constraint failures when
server_default expressions reference non-existent PostgreSQL functions.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 23:36:08 +00:00
Savannah Savings 280882f515 Merge pull request 'Fix test failures: email_inbound_token server_default for SQLite' (#29) from betty/fix-email-inbound-token-tests into dev
CI / test (push) Failing after 1m19s
Details
CI / build-and-push (push) Has been skipped
Details
CI / lint (push) Successful in 5s
Details
CI / typecheck (push) Failing after 29s
Details
CI / deploy-uat (push) Has been skipped
Details
CI / deploy-dev (push) Failing after 28s
Details
CI / lint (pull_request) Successful in 6s
Details
CI / typecheck (pull_request) Failing after 31s
Details
CI / test (pull_request) Failing after 43s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Fix test failures: email_inbound_token server_default for SQLite (#29)

Strip PostgreSQL-only server_default from email_inbound_token before SQLite create_all(). Add email_inbound_token to test user INSERT statements.

Reviewed-by: Savannah Savings (CTO)
Approved-by: Checkout Charlie (QA)
 2026-05-23 23:25:03 +00:00
Savannah Savings ec4eaa1f03 Merge pull request 'Fix ruff lint errors across codebase' (#30) from barcode-betty/car-1004-fix-ruff-lint into dev
CI / build-and-push (push) Has been skipped
Details
CI / deploy-uat (push) Has been skipped
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / test (push) Failing after 1s
Details
CI / deploy-dev (push) Failing after 1s
Details
CI / typecheck (push) Failing after 0s
Details
CI / typecheck (pull_request) Failing after 17s
Details
CI / lint (push) Failing after 1s
Details
CI / lint (pull_request) Failing after 3s
Details
CI / test (pull_request) Failing after 49s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Merge PR #30: Fix ruff lint errors across codebase

Fixes 56 ruff lint errors (E501, F401, I001) in cartsnitch/api.
QA: cs_charlie APPROVED
CTO: cs_savannah APPROVED
 2026-05-23 23:11:54 +00:00
Barcode Betty 0e3c9fb52e Fix: strip PostgreSQL server_default from email_inbound_token for SQLite
CI / lint (pull_request) Failing after 5s
Details
CI / typecheck (pull_request) Failing after 32s
Details
CI / test (pull_request) Failing after 1m23s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
The email_inbound_token column uses a PostgreSQL-only server_default
(gen_random_bytes/encode/trim) that SQLite cannot parse.
Strip the server_default before metadata.create_all() in both the
sync engine and async db_engine fixtures so tests run against SQLite.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 23:07:39 +00:00
Barcode Betty cc6ca5982c fix: resolve email_inbound_token conflict in test fixtures
CI / lint (pull_request) Failing after 7s
Details
CI / typecheck (pull_request) Failing after 31s
Details
CI / test (pull_request) Failing after 51s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Rebase on latest dev and wrap SQL INSERT lines to honor ruff line-length=100.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 23:00:02 +00:00
Barcode Betty c9fd066c31 fix: resolve email_inbound_token conflict in test fixtures
CI / lint (pull_request) Failing after 7s
Details
CI / typecheck (pull_request) Failing after 31s
Details
CI / test (pull_request) Failing after 49s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
2026-05-23 22:57:16 +00:00
Barcode Betty c68838acf2 Fix ruff lint errors across codebase
CI / lint (pull_request) Successful in 5s
Details
CI / typecheck (pull_request) Failing after 29s
Details
CI / test (pull_request) Failing after 48s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
- Auto-fix F401 (unused imports) and I001 (unsorted imports) with ruff --fix
- Manually fix E501 (line too long) in alembic migrations and src/ models
- Run ruff format to ensure consistent formatting

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 22:47:17 +00:00
Savannah Savings 4751154679 Merge pull request 'Fix ruff lint errors across codebase' (#28) from cs_betty/api:betty/car-932-lint-fixes into dev
CI / lint (push) Failing after 3s
Details
CI / typecheck (push) Failing after 29s
Details
CI / test (push) Failing after 48s
Details
CI / build-and-push (push) Has been skipped
Details
CI / deploy-uat (push) Has been skipped
Details
CI / deploy-dev (push) Failing after 27s
Details 
Merge PR #28: Fix ruff lint errors across codebase
 2026-05-23 22:44:02 +00:00
Savannah Savings 71cf0a4563 Merge pull request 'ci: migrate from ghcr.io to Gitea built-in registry' (#25) from fix/cart-995-gitea-registry-migration into dev
CI / lint (push) Failing after 5s
Details
CI / lint (pull_request) Failing after 5s
Details
CI / typecheck (pull_request) Failing after 16s
Details
CI / typecheck (push) Failing after 30s
Details
CI / test (push) Failing after 51s
Details
CI / build-and-push (push) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (push) Has been skipped
Details
CI / test (pull_request) Failing after 1m51s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (push) Failing after 32s
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
ci: migrate from ghcr.io to Gitea built-in registry (#25)

CAR-995: Update CI workflow to use Gitea built-in container registry.
- REGISTRY env var: ghcr.io -> git.farh.net
- Replace Docker Hub/GHCR login with direct docker login using github.token
- Remove Docker Hub credentials from service containers
- Update deploy kustomize image refs to use env vars
 2026-05-23 22:31:36 +00:00
Barcode Betty 9659e63208 ci: migrate from ghcr.io to Gitea built-in registry
CI / lint (pull_request) Failing after 8s
Details
CI / typecheck (pull_request) Failing after 29s
Details
CI / test (pull_request) Failing after 50s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
- Update REGISTRY env var: ghcr.io -> git.farh.net
- Replace Docker Hub + GHCR login with Gitea login step
- Remove credentials blocks from postgres and redis service definitions
- Update deploy-dev/deploy-uat kustomize image refs to use $REGISTRY var

Fixes QA FAIL from PR #23: missing Gitea login step.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 22:14:55 +00:00
Barcode Betty ae2fc15a5b fix: resolve lint errors in test files [CAR-932]
CI / lint (pull_request) Has been cancelled
Details
CI / typecheck (pull_request) Has been cancelled
Details
CI / test (pull_request) Has been cancelled
Details
CI / build-and-push (pull_request) Has been cancelled
Details
CI / deploy-dev (pull_request) Has been cancelled
Details
CI / deploy-uat (pull_request) Has been cancelled
Details 
Fix 56 lint errors in test files that were blocking CI:
- E501: Split long SQL INSERT statements across multiple lines
- F401: Remove unused imports (os, unittest.mock.patch)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 22:09:33 +00:00
22 changed files with 2551 additions and 204 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yml
+4 -108
View File
@@ -15,7 +15,7 @@ permissions:
packages: write
env:
REGISTRY: ghcr.io
REGISTRY: git.farh.net
IMAGE_NAME: cartsnitch/api
jobs:
@@ -51,9 +51,6 @@ jobs:
services:
postgres:
image: postgres:15-alpine
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
env:
POSTGRES_USER: cartsnitch
POSTGRES_PASSWORD: cartsnitch_test
@@ -67,9 +64,6 @@ jobs:
--health-retries 5
redis:
image: redis:7-alpine
credentials:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
ports:
- 6379:6379
options: >-
@@ -122,19 +116,8 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "CalVer tag: $VERSION"
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to Gitea Container Registry
run: echo "${{ github.token }}" | docker login git.farh.net -u ${{ github.actor }} --password-stdin
- name: Extract metadata
id: meta
@@ -171,7 +154,7 @@ jobs:
only-fixed: "true"
output-format: sarif
- name: Push Docker image
if: github.event_name == 'push'
@@ -192,90 +175,3 @@ jobs:
git tag "v${{ steps.calver.outputs.version }}"
git push origin "v${{ steps.calver.outputs.version }}"
deploy-dev:
runs-on: ubuntu-latest
needs: [build-and-push]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
steps:
- name: Checkout infra repo
uses: actions/checkout@v4
with:
repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }}
ref: main
path: infra
- name: Install kubectl
uses: azure/setup-kubectl@v4
- name: Install kustomize
uses: imranismail/setup-kustomize@v2
- name: Determine image tag
id: api_tag
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
else
echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
fi
- name: Update api image tag
if: needs.build-and-push.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
- name: Commit and push to infra
run: |
cd infra
git config user.name "cartsnitch-ci[bot]"
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
git add apps/overlays/dev/kustomization.yaml
git commit -m "ci(dev): update api image"
git pull --rebase origin main
git push origin main
deploy-uat:
runs-on: ubuntu-latest
needs: [build-and-push]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
steps:
- name: Checkout infra repo
uses: actions/checkout@v4
with:
repository: cartsnitch/infra
token: ${{ secrets.GITEA_TOKEN }}
ref: main
path: infra
- name: Install kubectl
uses: azure/setup-kubectl@v4
- name: Install kustomize
uses: imranismail/setup-kustomize@v2
- name: Determine image tag
id: api_tag
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
else
echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
fi
- name: Update api image tag
if: needs.build-and-push.result == 'success'
run: |
cd infra/apps/overlays/uat
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
- name: Commit and push to infra
run: |
cd infra
git config user.name "cartsnitch-ci[bot]"
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
git add apps/overlays/uat/kustomization.yaml
git commit -m "ci(uat): update api image"
git pull --rebase origin main
git push origin main
.mcp.json
+11
View File
@@ -0,0 +1,11 @@
{
"mcpServers": {
"gitea": {
"type": "http",
"url": "https://git-mcp.farh.net/mcp",
"headers": {
"Authorization": "Bearer ${GITEA_TOKEN}"
}
}
}
}
alembic/env.py
+6 -1
View File
@@ -45,7 +45,11 @@ def run_migrations_online() -> None:
poolclass=pool.NullPool,
)
with connectable.connect() as connection:
context.configure(connection=connection, target_metadata=target_metadata, version_table_column_width=128)
context.configure(
connection=connection,
target_metadata=target_metadata,
version_table_column_width=128,
)
with context.begin_transaction():
context.run_migrations()
# Create any tables defined in models but not yet created by migrations.
@@ -56,6 +60,7 @@ def run_migrations_online() -> None:
connection.commit()
except Exception as exc:
import logging
logging.getLogger("alembic.env").warning(
"create_all failed (non-fatal, migrations should handle table creation): %s", exc
)
alembic/versions/002_better_auth_tables.py
+44 -9
View File
@@ -30,7 +30,10 @@ def upgrade() -> None:
if inspector.has_table("users"):
existing_user_cols = [c["name"] for c in inspector.get_columns("users")]
if "email_verified" not in existing_user_cols:
op.add_column("users", sa.Column("email_verified", sa.Boolean(), nullable=False, server_default="false"))
op.add_column(
"users",
sa.Column("email_verified", sa.Boolean(), nullable=False, server_default="false"),
)
if "image" not in existing_user_cols:
op.add_column("users", sa.Column("image", sa.Text(), nullable=True))
@@ -44,8 +47,18 @@ def upgrade() -> None:
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("ip_address", sa.Text(), nullable=True),
sa.Column("user_agent", sa.Text(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.PrimaryKeyConstraint("id"),
)
op.create_index("ix_sessions_token", "sessions", ["token"], unique=True)
@@ -66,8 +79,18 @@ def upgrade() -> None:
sa.Column("scope", sa.Text(), nullable=True),
sa.Column("id_token", sa.Text(), nullable=True),
sa.Column("password", sa.Text(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.PrimaryKeyConstraint("id"),
)
op.create_index("ix_accounts_user_id", "accounts", ["user_id"])
@@ -80,8 +103,18 @@ def upgrade() -> None:
sa.Column("identifier", sa.Text(), nullable=False),
sa.Column("value", sa.Text(), nullable=False),
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.PrimaryKeyConstraint("id"),
)
@@ -96,8 +129,10 @@ def upgrade() -> None:
user_id_str = str(user_id)
conn.execute(
text(
"INSERT INTO accounts (id, user_id, account_id, provider_id, password, created_at, updated_at) "
"VALUES (gen_random_uuid()::text, :user_id, :account_id, 'credential', :password, now(), now())"
"INSERT INTO accounts "
"(id, user_id, account_id, provider_id, password, created_at, updated_at) "
"VALUES (gen_random_uuid()::text, :user_id, :account_id, "
"'credential', :password, now(), now())"
),
{"user_id": user_id_str, "account_id": user_id_str, "password": hashed_password},
)
alembic/versions/004_fix_user_id_text.py
+12 -2
View File
@@ -40,7 +40,12 @@ def upgrade() -> None:
return # already TEXT — nothing to do
# Step 1: Drop existing FK constraints (ignore if they don't exist)
op.execute(text("ALTER TABLE user_store_accounts DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"))
op.execute(
text(
"ALTER TABLE user_store_accounts "
"DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"
)
)
op.execute(text("ALTER TABLE purchases DROP CONSTRAINT IF EXISTS purchases_user_id_fkey"))
# Step 2: Alter users.id from uuid to text
@@ -89,7 +94,12 @@ def upgrade() -> None:
def downgrade() -> None:
# Drop FK constraints
op.execute(text("ALTER TABLE user_store_accounts DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"))
op.execute(
text(
"ALTER TABLE user_store_accounts "
"DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"
)
)
op.execute(text("ALTER TABLE purchases DROP CONSTRAINT IF EXISTS purchases_user_id_fkey"))
# Revert users.id from text to uuid
alembic/versions/005_add_email_inbound_token.py
+1 -1
View File
@@ -20,7 +20,7 @@ depends_on = None
def upgrade() -> None:
conn = op.get_bind()
inspector = sa.inspect(conn)
# Guard: on a fresh DB Base.metadata.create_all creates users table with the column already present
# Guard: on fresh DB, Base.metadata.create_all already has the column
if not inspector.has_table("users"):
return
existing_cols = [c["name"] for c in inspector.get_columns("users")]
alembic/versions/006_email_inbound_token_server_default.py
+3 -1
View File
@@ -6,6 +6,7 @@ Create Date: 2026-04-04
"""
import sqlalchemy as sa
from alembic import op
revision = "006_email_inbound_token_server_default"
@@ -29,7 +30,8 @@ def upgrade() -> None:
"users",
"email_inbound_token",
server_default=sa.text(
"replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
"replace(replace(trim(trailing '=' from "
"encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
),
)
alembic/versions/007_bootstrap_users_table.py
+13 -3
View File
@@ -27,7 +27,8 @@ def upgrade() -> None:
if inspector.has_table("users"):
return # Table already exists (non-fresh DB or create_all already ran)
conn.execute(text("""
conn.execute(
text("""
CREATE TABLE users (
id TEXT PRIMARY KEY,
email VARCHAR(255) NOT NULL UNIQUE,
@@ -36,11 +37,20 @@ def upgrade() -> None:
email_verified BOOLEAN NOT NULL DEFAULT false,
image TEXT,
email_inbound_token VARCHAR(22) NOT NULL UNIQUE
DEFAULT replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_'),
DEFAULT (
replace(
replace(
trim(trailing '=' from encode(gen_random_bytes(16), 'base64')),
'+', '-'
),
'/', '_'
)
),
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
)
"""))
""")
)
def downgrade() -> None:
alembic/versions/008_create_domain_tables.py
+150 -26
View File
@@ -29,8 +29,18 @@ def upgrade() -> None:
sa.Column("slug", sa.String(20), nullable=False, unique=True),
sa.Column("logo_url", sa.String(500), nullable=True),
sa.Column("website_url", sa.String(500), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 2. store_locations
@@ -45,8 +55,18 @@ def upgrade() -> None:
sa.Column("zip", sa.String(10), nullable=False),
sa.Column("lat", sa.Float(), nullable=True),
sa.Column("lng", sa.Float(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 3. normalized_products
@@ -61,8 +81,18 @@ def upgrade() -> None:
sa.Column("size", sa.String(50), nullable=True),
sa.Column("size_unit", sa.String(10), nullable=True),
sa.Column("upc_variants", sa.JSON(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 4. purchases
@@ -72,7 +102,9 @@ def upgrade() -> None:
sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
sa.Column("user_id", sa.Text(), sa.ForeignKey("users.id"), nullable=False),
sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
sa.Column("store_location_id", sa.Uuid(), sa.ForeignKey("store_locations.id"), nullable=True),
sa.Column(
"store_location_id", sa.Uuid(), sa.ForeignKey("store_locations.id"), nullable=True
),
sa.Column("receipt_id", sa.String(200), nullable=False),
sa.Column("purchase_date", sa.Date(), nullable=False),
sa.Column("total", sa.Numeric(10, 2), nullable=False),
@@ -81,9 +113,24 @@ def upgrade() -> None:
sa.Column("savings_total", sa.Numeric(10, 2), nullable=True),
sa.Column("source_url", sa.String(500), nullable=True),
sa.Column("raw_data", sa.JSON(), nullable=True),
sa.Column("ingested_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"ingested_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.UniqueConstraint("user_id", "store_id", "receipt_id", name="uq_purchase_receipt"),
sa.Index("ix_purchases_user_store", "user_id", "store_id"),
)
@@ -104,9 +151,24 @@ def upgrade() -> None:
sa.Column("coupon_discount", sa.Numeric(10, 2), nullable=True),
sa.Column("loyalty_discount", sa.Numeric(10, 2), nullable=True),
sa.Column("category_raw", sa.String(100), nullable=True),
sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"normalized_product_id",
sa.Uuid(),
sa.ForeignKey("normalized_products.id"),
nullable=True,
),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 6. coupons
@@ -115,7 +177,12 @@ def upgrade() -> None:
"coupons",
sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=True),
sa.Column(
"normalized_product_id",
sa.Uuid(),
sa.ForeignKey("normalized_products.id"),
nullable=True,
),
sa.Column("title", sa.String(300), nullable=False),
sa.Column("description", sa.String(1000), nullable=True),
sa.Column("discount_type", sa.String(20), nullable=False),
@@ -127,8 +194,18 @@ def upgrade() -> None:
sa.Column("coupon_code", sa.String(100), nullable=True),
sa.Column("source_url", sa.String(500), nullable=True),
sa.Column("scraped_at", sa.DateTime(timezone=True), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 7. price_history
@@ -136,7 +213,12 @@ def upgrade() -> None:
op.create_table(
"price_history",
sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=False),
sa.Column(
"normalized_product_id",
sa.Uuid(),
sa.ForeignKey("normalized_products.id"),
nullable=False,
),
sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
sa.Column("observed_date", sa.Date(), nullable=False),
sa.Column("regular_price", sa.Numeric(10, 2), nullable=False),
@@ -144,10 +226,27 @@ def upgrade() -> None:
sa.Column("loyalty_price", sa.Numeric(10, 2), nullable=True),
sa.Column("coupon_price", sa.Numeric(10, 2), nullable=True),
sa.Column("source", sa.String(20), nullable=False),
sa.Column("purchase_item_id", sa.Uuid(), sa.ForeignKey("purchase_items.id"), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Index("ix_price_history_product_store_date", "normalized_product_id", "store_id", "observed_date"),
sa.Column(
"purchase_item_id", sa.Uuid(), sa.ForeignKey("purchase_items.id"), nullable=True
),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Index(
"ix_price_history_product_store_date",
"normalized_product_id",
"store_id",
"observed_date",
),
)
# 8. shrinkflation_events
@@ -155,7 +254,12 @@ def upgrade() -> None:
op.create_table(
"shrinkflation_events",
sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=False),
sa.Column(
"normalized_product_id",
sa.Uuid(),
sa.ForeignKey("normalized_products.id"),
nullable=False,
),
sa.Column("detected_date", sa.Date(), nullable=False),
sa.Column("old_size", sa.String(50), nullable=False),
sa.Column("new_size", sa.String(50), nullable=False),
@@ -165,8 +269,18 @@ def upgrade() -> None:
sa.Column("price_at_new_size", sa.Numeric(10, 2), nullable=True),
sa.Column("confidence", sa.Numeric(3, 2), server_default=text("1.00"), nullable=False),
sa.Column("notes", sa.String(1000), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
)
# 9. user_store_accounts
@@ -180,8 +294,18 @@ def upgrade() -> None:
sa.Column("session_expires_at", sa.DateTime(timezone=True), nullable=True),
sa.Column("last_sync_at", sa.DateTime(timezone=True), nullable=True),
sa.Column("status", sa.String(20), server_default=text("'active'"), nullable=False),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
sa.Column(
"created_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.Column(
"updated_at",
sa.DateTime(timezone=True),
server_default=sa.func.now(),
nullable=False,
),
sa.UniqueConstraint("user_id", "store_id", name="uq_user_store_account"),
)
alembic/versions/009_add_gin_index_upc_variants.py
+1
View File
@@ -6,6 +6,7 @@ Create Date: 2026-04-14
"""
import sqlalchemy as sa
from alembic import op
revision = "009_add_gin_index_upc_variants"
pyproject.toml
+6 -1
View File
@@ -15,12 +15,17 @@ dependencies = [
"sqlalchemy[asyncio]>=2.0.35",
"asyncpg>=0.30.0",
"alembic>=1.13,<2.0",
"psycopg2>=2.9,<3.0",
"psycopg2-binary>=2.9,<3.0",
"python-jose[cryptography]>=3.3.0",
"passlib[bcrypt]>=1.7.4",
"httpx>=0.27.0",
"redis[hiredis]>=5.2.0",
"cryptography>=43.0.0",
"pytest[dev]>=9.0.3",
"pytest-asyncio[dev]>=1.3.0",
"aiosqlite[dev]>=0.22.1",
"ruff[dev]>=0.15.14",
"mypy[dev]>=1.19.0",
]
[project.optional-dependencies]
src/cartsnitch_api/auth/dependencies.py
+2 -1
View File
@@ -5,7 +5,8 @@ Sessions are verified by querying the shared sessions table directly.
"""
from datetime import UTC, datetime
from fastapi import Cookie, Depends, Header, HTTPException, Request, status
from fastapi import Depends, Header, HTTPException, Request, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from sqlalchemy import text
from sqlalchemy.ext.asyncio import AsyncSession
src/cartsnitch_api/auth/routes.py
-3
View File
@@ -6,13 +6,10 @@ endpoints that query our own user data from the shared database.
"""
from fastapi import APIRouter, Depends, HTTPException, status
from pydantic import BaseModel
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from cartsnitch_api.auth.dependencies import get_current_user
from cartsnitch_api.database import get_db
from cartsnitch_api.models import User
from cartsnitch_api.schemas import (
UpdateUserRequest,
UserResponse,
src/cartsnitch_api/main.py
+2 -1
View File
@@ -6,10 +6,10 @@ from fastapi import APIRouter, FastAPI
from cartsnitch_api.auth.routes import router as auth_router
from cartsnitch_api.cache import cache_client
from cartsnitch_api.middleware.audit import add_audit_middleware
from cartsnitch_api.middleware.cors import add_cors_middleware
from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
from cartsnitch_api.middleware.audit import add_audit_middleware
from cartsnitch_api.routes.alerts import router as alerts_router
from cartsnitch_api.routes.coupons import router as coupons_router
from cartsnitch_api.routes.health import router as health_router
@@ -26,6 +26,7 @@ from cartsnitch_api.routes.user import router as user_router
@asynccontextmanager
async def lifespan(app: FastAPI):
from cartsnitch_api.database import dispose_engine
await cache_client.initialize()
yield
await cache_client.close()
src/cartsnitch_api/models/user.py
+3 -4
View File
@@ -26,9 +26,7 @@ class User(TimestampMixin, Base):
email: Mapped[str] = mapped_column(String(255), nullable=False, unique=True)
hashed_password: Mapped[str | None] = mapped_column(String(255), nullable=True)
display_name: Mapped[str | None] = mapped_column(String(100))
email_verified: Mapped[bool] = mapped_column(
Boolean, nullable=False, server_default="false"
)
email_verified: Mapped[bool] = mapped_column(Boolean, nullable=False, server_default="false")
image: Mapped[str | None] = mapped_column(Text, nullable=True)
email_inbound_token: Mapped[str] = mapped_column(
String(22),
@@ -36,7 +34,8 @@ class User(TimestampMixin, Base):
unique=True,
default=lambda: secrets.token_urlsafe(16),
server_default=sa.text(
"replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
"replace(replace(trim(trailing '=' from "
"encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
),
)
tests/conftest.py
+144 -22
View File
@@ -5,20 +5,133 @@ matching the Better-Auth session validation flow.
"""
import secrets
import uuid
import uuid as uuid_lib
from datetime import UTC, datetime, timedelta
import pytest
from httpx import ASGITransport, AsyncClient
from sqlalchemy import create_engine, event, text
from sqlalchemy import create_engine, event, text, TypeDecorator, String
import sqlalchemy as sa
from sqlalchemy.dialects.postgresql import UUID as PostgresUUID
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.types import CHAR, TypeEngine
from cartsnitch_api.config import settings as cartsnitch_settings
from cartsnitch_api.database import get_db
from cartsnitch_api.main import create_app
from cartsnitch_api.models import Base
cartsnitch_settings = None
class SQLiteCompatibleUUID(TypeDecorator):
"""Adapts PostgreSQL UUID for use with SQLite at test runtime.
Stores as CHAR(32) hex string, converts to Python uuid.UUID on read.
"""
impl = CHAR(32)
cache_ok = True
def process_bind_param(self, value, dialect):
if value is None:
return None
if isinstance(value, uuid_lib.UUID):
return value.hex
return str(value)
def process_result_value(self, value, dialect):
if value is None:
return None
return uuid_lib.UUID(hex=value)
class _StringUUID(TypeDecorator):
"""Fallback TypeDecorator that accepts both UUID objects and strings.
Used when the model uses Text but tests pass uuid.UUID values.
Stores as native string, returns uuid.UUID on read.
"""
impl = String(36)
cache_ok = True
def process_bind_param(self, value, dialect):
if value is None:
return None
if isinstance(value, uuid_lib.UUID):
return value.hex
return str(value)
def process_result_value(self, value, dialect):
if value is None:
return None
try:
return uuid_lib.UUID(hex=value)
except Exception:
return value
def _adapt_uuid_columns_for_sqlite(googol=None):
"""Replace PostgreSQL UUID column types with SQLiteCompatibleUUID.
PostgreSQL UUID columns generate DDL using gen_random_uuid() which SQLite
doesn't support. This replaces those column types so SQLite can bind UUIDs
as hex strings. Also sets a Python-side default so INSERTs without explicit
id succeed. Accepts an optional connection arg from run_sync.
"""
for table in Base.metadata.tables.values():
for column in table.columns.values():
if isinstance(column.type, PostgresUUID):
column.type = SQLiteCompatibleUUID()
if column.server_default is None and column.default is None:
column.default = uuid_lib.uuid4
def _adapt_text_pk_columns_for_uuid(googol=None):
"""Replace Text primary key columns that tests bind uuid.UUID values into.
User.id is a Text column but tests pass uuid.UUID objects. SQLite can't
bind UUID directly so we swap these to a compatible type. Accepts an
optional connection arg from run_sync.
"""
for table in Base.metadata.tables.values():
for column in table.columns.values():
if column.primary_key and isinstance(column.type, sa.Text):
column.type = _StringUUID()
def _adapt_fk_columns_for_uuid(googol=None):
"""Replace FK columns that reference UUID PKs but are typed as Text.
purchase.user_id, user_store_accounts.user_id/store_id, etc. are typed as str
but tests pass uuid.UUID objects for them. Accepts an optional connection arg
from run_sync.
"""
for table in Base.metadata.tables.values():
for column in table.columns.values():
if column.foreign_keys:
for fk in column.foreign_keys:
if isinstance(column.type, (sa.Text, sa.String)) and column.type.length in (None, 255):
column.type = _StringUUID()
def _strip_postgres_server_defaults(googol=None):
"""Remove PostgreSQL-specific server_default expressions for SQLite compatibility.
PostgreSQL functions like gen_random_uuid() and the base64 encoding expression
in email_inbound_token are not valid in SQLite. Accepts an optional connection
arg from run_sync.
"""
for table in Base.metadata.tables.values():
for column in table.columns.values():
if column.server_default is not None:
sd = str(column.server_default.arg)
if "gen_random_uuid" in sd or "gen_random_bytes" in sd:
column.server_default = None
TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
TEST_JWT_SECRET = secrets.token_urlsafe(32)
TEST_SERVICE_KEY = secrets.token_urlsafe(32)
TEST_FERNET_KEY = "7reF42nmTwbdN21PBoubGp7h_FU8qSimstmlaMLoRK8="
@@ -26,33 +139,35 @@ TEST_FERNET_KEY = "7reF42nmTwbdN21PBoubGp7h_FU8qSimstmlaMLoRK8="
@pytest.fixture(autouse=True)
def setup_test_settings():
original_jwt = cartsnitch_settings.jwt_secret_key
original_service = cartsnitch_settings.service_key
original_fernet = cartsnitch_settings.fernet_key
cartsnitch_settings.jwt_secret_key = TEST_JWT_SECRET
cartsnitch_settings.service_key = TEST_SERVICE_KEY
cartsnitch_settings.fernet_key = TEST_FERNET_KEY
from cartsnitch_api.config import settings as real_settings
original_jwt = real_settings.jwt_secret_key
original_service = real_settings.service_key
original_fernet = real_settings.fernet_key
real_settings.jwt_secret_key = TEST_JWT_SECRET
real_settings.service_key = TEST_SERVICE_KEY
real_settings.fernet_key = TEST_FERNET_KEY
yield
cartsnitch_settings.jwt_secret_key = original_jwt
cartsnitch_settings.service_key = original_service
cartsnitch_settings.fernet_key = original_fernet
TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
real_settings.jwt_secret_key = original_jwt
real_settings.service_key = original_service
real_settings.fernet_key = original_fernet
@pytest.fixture(autouse=True)
def disable_rate_limiting():
"""Disable rate limiting for all tests to prevent 429 interference."""
cartsnitch_settings.rate_limit_enabled = False
from cartsnitch_api.config import settings as real_settings
real_settings.rate_limit_enabled = False
yield
cartsnitch_settings.rate_limit_enabled = True
real_settings.rate_limit_enabled = True
@pytest.fixture
def engine():
"""Sync in-memory SQLite engine for model unit tests."""
eng = create_engine("sqlite:///:memory:")
_adapt_uuid_columns_for_sqlite()
_adapt_text_pk_columns_for_uuid()
_adapt_fk_columns_for_uuid()
_strip_postgres_server_defaults()
Base.metadata.create_all(eng)
yield eng
eng.dispose()
@@ -77,6 +192,10 @@ async def db_engine():
cursor.close()
async with engine.begin() as conn:
await conn.run_sync(_adapt_uuid_columns_for_sqlite)
await conn.run_sync(_adapt_text_pk_columns_for_uuid)
await conn.run_sync(_adapt_fk_columns_for_uuid)
await conn.run_sync(_strip_postgres_server_defaults)
await conn.run_sync(Base.metadata.create_all)
# Create Better-Auth tables (not managed by SQLAlchemy models)
await conn.execute(
@@ -166,19 +285,21 @@ async def _create_test_user_and_session(
Returns (user_dict, session_token). Better-Auth stores the raw token
in the DB, so we insert it as-is.
"""
user_id = str(uuid.uuid4())
user_id = str(uuid_lib.uuid4())
email = user_overrides.get("email", "test@example.com")
display_name = user_overrides.get("display_name", "Test User")
session_token = secrets.token_urlsafe(32)
session_id = str(uuid.uuid4())
session_id = str(uuid_lib.uuid4())
now = datetime.now(UTC).isoformat()
expires = (datetime.now(UTC) + timedelta(days=7)).isoformat()
async with db_engine.begin() as conn:
await conn.execute(
text(
"INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
"VALUES (:id, :email, :hashed_password, :display_name, :email_verified, :created_at, :updated_at)"
"INSERT INTO users (id, email, hashed_password, display_name, "
"email_verified, email_inbound_token, created_at, updated_at) "
"VALUES (:id, :email, :hashed_password, :display_name, "
":email_verified, :email_inbound_token, :created_at, :updated_at)"
),
{
"id": user_id,
@@ -186,6 +307,7 @@ async def _create_test_user_and_session(
"hashed_password": "not-used-with-better-auth",
"display_name": display_name,
"email_verified": False,
"email_inbound_token": secrets.token_urlsafe(16),
"created_at": now,
"updated_at": now,
},
tests/test_auth/test_auth_endpoints.py
+4 -2
View File
@@ -138,8 +138,9 @@ async def test_expired_session_rejected(client, db_engine):
async with db_engine.begin() as conn:
await conn.execute(
text(
"INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
"VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
"INSERT INTO users (id, email, hashed_password, display_name, "
"email_verified, email_inbound_token, created_at, updated_at) "
"VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
),
{
"id": user_id,
@@ -147,6 +148,7 @@ async def test_expired_session_rejected(client, db_engine):
"hp": "unused",
"dn": "Expired User",
"ev": False,
"token": secrets.token_urlsafe(16),
"ca": now,
"ua": now,
},
tests/test_config.py
+12 -5
View File
@@ -1,7 +1,5 @@
"""Tests for Settings config, specifically the database_url env var fallback."""
import os
from cartsnitch_api.config import Settings
@@ -30,7 +28,10 @@ def test_database_url_normalizes_plain_postgresql_prefix():
"DATABASE_URL": "postgresql://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
}
settings = Settings(**env)
assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
assert (
settings.database_url
== "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
)
def test_database_url_preserves_asyncpg_prefix():
@@ -39,10 +40,16 @@ def test_database_url_preserves_asyncpg_prefix():
"CARTSNITCH_DATABASE_URL": "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
}
settings = Settings(**env)
assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
assert (
settings.database_url
== "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
)
def test_database_url_default():
"""When neither env var is set, the hardcoded default is used."""
settings = Settings()
assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
assert (
settings.database_url
== "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
)
tests/test_e2e/test_auth_validation.py
+4 -2
View File
@@ -65,8 +65,9 @@ class TestSessionValidation:
async with db_engine.begin() as conn:
await conn.execute(
text(
"INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
"VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
"INSERT INTO users (id, email, hashed_password, display_name, "
"email_verified, email_inbound_token, created_at, updated_at) "
"VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
),
{
"id": user_id,
@@ -74,6 +75,7 @@ class TestSessionValidation:
"hp": "unused",
"dn": "Expired User",
"ev": False,
"token": secrets.token_urlsafe(16),
"ca": now,
"ua": now,
},
tests/test_encrypted_json.py
+7 -11
View File
@@ -1,11 +1,12 @@
"""Tests for EncryptedJSON TypeDecorator and session_data encryption."""
import json
import uuid as uuid_lib
import pytest
from cryptography.fernet import Fernet
from pydantic import ValidationError
from sqlalchemy import column, create_engine, table, text
from sqlalchemy import column, table, text
from sqlalchemy.orm import sessionmaker
from cartsnitch_api.config import settings
@@ -15,18 +16,13 @@ from cartsnitch_api.models.user import User, UserStoreAccount
@pytest.fixture
def engine():
eng = create_engine("sqlite:///:memory:")
Base.metadata.create_all(eng)
yield eng
eng.dispose()
def engine(engine):
yield engine
@pytest.fixture
def session(engine):
factory = sessionmaker(bind=engine)
with factory() as sess:
yield sess
def session(session):
yield session
@pytest.fixture
@@ -40,7 +36,7 @@ def store(session):
@pytest.fixture
def user(session):
u = User(email="alice@example.com", hashed_password="fakehash")
u = User(id=uuid_lib.uuid4(), email="alice@example.com", hashed_password="fakehash")
session.add(u)
session.commit()
session.refresh(u)
tests/test_middleware/test_rate_limit.py
+1 -1
View File
@@ -1,7 +1,7 @@
"""Tests for rate limiting middleware."""
import time
from unittest.mock import AsyncMock, MagicMock, patch
from unittest.mock import AsyncMock, MagicMock
import pytest
uv.lock
Generated
+2121
View File
File diff suppressed because it is too large Load Diff