cartsnitch/api
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Promote CAR-1132 (SQLite UUID binding fix) dev -> uat #46

Merged
Savannah Savings merged 43 commits from dev into uat 2026-06-09 01:02:05 +00:00
Conversation 0 Commits 43 Files Changed 25
+344 -309
25 changed files with 344 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/ci.yml
+4 -3
View File
@@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- run: pip install ruff
@@ -37,7 +37,7 @@ jobs:
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- name: Install system dependencies
@@ -79,7 +79,7 @@ jobs:
CARTSNITCH_FERNET_KEY: wXWQsC0FZlhSz2t_tfVQjNUSP8vgAGG3o3pkjrX8Bw0=
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- name: Install system dependencies
@@ -89,6 +89,7 @@ jobs:
run: pytest --tb=short -q
build-and-push:
if: github.event_name == 'push'
runs-on: ubuntu-latest
needs: [lint, test]
outputs:
src/cartsnitch_api/auth/dependencies.py
+5
View File
@@ -43,6 +43,11 @@ async def _validate_session_token(token: str, db: AsyncSession) -> str:
)
user_id, expires_at = row
# SQLite stores TIMESTAMP as TEXT and returns it as a string via raw
# SQL — normalise to a tz-aware datetime here so the comparison below
# works regardless of driver.
if isinstance(expires_at, str):
expires_at = datetime.fromisoformat(expires_at)
if expires_at.tzinfo is None:
# Treat naive datetimes as UTC
expires_at = expires_at.replace(tzinfo=UTC)
src/cartsnitch_api/middleware/rate_limit.py
+3
View File
@@ -108,6 +108,9 @@ class RedisSlidingWindow:
_redis_client: Redis | None = None
_use_redis = False
_public_limiter: RateLimitBackend
_auth_limiter: RateLimitBackend
_auth_strict_limiter: RateLimitBackend
if settings.rate_limit_redis_enabled:
try:
src/cartsnitch_api/schemas.py
+1 -1
View File
@@ -16,7 +16,7 @@ class UpdateUserRequest(BaseModel):
class UserResponse(BaseModel):
id: str
id: UUID
email: str
display_name: str
created_at: datetime
tests/conftest.py
+132 -42
View File
@@ -10,22 +10,112 @@ from datetime import UTC, datetime, timedelta
import pytest
from httpx import ASGITransport, AsyncClient
from sqlalchemy import create_engine, event, text
from sqlalchemy import String, TypeDecorator, Uuid, create_engine, event, text
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.types import CHAR
from cartsnitch_api.config import settings as cartsnitch_settings
from cartsnitch_api.database import get_db
from cartsnitch_api.main import create_app
from cartsnitch_api.middleware import rate_limit as _rate_limit_module
from cartsnitch_api.models import Base
class _StringUUID(TypeDecorator):
"""TypeDecorator that lets Text/String/UUID columns accept uuid.UUID on bind.
SQLite has no native UUID type — passing a ``uuid.UUID`` raises
``type 'UUID' is not supported``. This stores UUID values as their hex
string in the DB, accepts either uuid.UUID or str at bind time, and
returns uuid.UUID on read so existing test assertions like
``isinstance(store.id, uuid.UUID)`` still work.
"""
impl = CHAR(36)
cache_ok = True
def process_bind_param(self, value, dialect):
if value is None:
return None
if isinstance(value, uuid.UUID):
return str(value)
return str(value)
def process_result_value(self, value, dialect):
if value is None:
return None
if isinstance(value, uuid.UUID):
return value
return uuid.UUID(value)
def _set_timestamp_defaults(mapper, connection, target):
"""Populate created_at/updated_at before insert for SQLite compatibility."""
"""Populate created_at/updated_at and missing PK IDs for SQLite.
SQLite can't bind ``uuid.UUID`` objects to Text/String columns, and has
no server-side default for ``func.now()`` or ``gen_random_uuid()``. We
strip those server_defaults elsewhere; this listener fills in
Python-side timestamp defaults at insert time, generates IDs for PK
columns that have no default, and populates ``func.now()`` columns
whose server_default was stripped (e.g. ``ingested_at``). UUID values
for non-PK columns are converted by the ``_StringUUID`` TypeDecorator.
"""
now = datetime.now(UTC)
for col in [c for c in mapper.columns if c.key in ("created_at", "updated_at")]:
if getattr(target, col.key, None) is None:
setattr(target, col.key, now)
for col in mapper.columns:
key = col.key
if key in ("created_at", "updated_at"):
if getattr(target, key, None) is None:
setattr(target, key, now)
continue
if col.primary_key and getattr(target, key, None) is None:
setattr(target, key, str(uuid.uuid4()))
continue
if getattr(col, "_sqlite_default_now", False) and getattr(target, key, None) is None:
setattr(target, key, now)
def _adapt_columns_for_sqlite():
"""Strip Postgres-only server_defaults and adapt UUID columns for SQLite.
Must be called BEFORE ``Base.metadata.create_all`` so the DDL reflects
the adapted column types.
"""
for tbl in Base.metadata.tables.values():
for col in tbl.columns.values():
# Strip PostgreSQL-specific function server_defaults (gen_random_uuid,
# gen_random_bytes, now()) but keep simple string-literal defaults
# like ``server_default="false"`` since they work in SQLite.
sd = col.server_default
if sd is not None:
sd_text = str(sd.arg) if hasattr(sd, "arg") else str(sd)
sd_text = sd_text.lower()
if any(x in sd_text for x in ["gen_random_uuid", "gen_random_bytes", "now()"]):
col.server_default = None
if "now()" in sd_text and not col.nullable:
col._sqlite_default_now = True # type: ignore[attr-defined]
# Replace UUID column types with a SQLite-compatible TypeDecorator
if isinstance(col.type, Uuid):
col.type = _StringUUID()
# Text/String PK columns without a default need the _StringUUID type
# so the before_insert listener can generate hex-string IDs.
if col.primary_key and col.default is None and col.server_default is None:
if not isinstance(col.type, _StringUUID):
col.type = _StringUUID()
# FK columns that may receive uuid.UUID values from test code
if col.foreign_keys and not col.primary_key and isinstance(col.type, String):
col.type = _StringUUID()
def _register_event_listeners():
"""Attach before_insert listener to every mapped class."""
for cls in Base.registry._class_registry.values():
if hasattr(cls, "__mapper__"):
event.listen(cls, "before_insert", _set_timestamp_defaults)
TEST_JWT_SECRET = secrets.token_urlsafe(32)
@@ -52,38 +142,52 @@ TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
@pytest.fixture(autouse=True)
def disable_rate_limiting():
"""Disable rate limiting for all tests to prevent 429 interference."""
"""Disable rate limiting for all tests to prevent 429 interference.
The rate_limit module creates its Redis client at import time when
``settings.rate_limit_redis_enabled`` is true. We can't undo that by
flipping the setting inside the fixture — the client and the
Redis-backed limiters are already constructed. So we swap them out
for the in-memory limiters directly on the module, which also
prevents "Event loop is closed" errors when the redis client tries
to disconnect after the test event loop ends.
"""
cartsnitch_settings.rate_limit_enabled = False
cartsnitch_settings.rate_limit_redis_enabled = False
original_public = _rate_limit_module._public_limiter
original_auth = _rate_limit_module._auth_limiter
original_auth_strict = _rate_limit_module._auth_strict_limiter
_rate_limit_module._redis_client = None
_rate_limit_module._use_redis = False
_rate_limit_module._public_limiter = _rate_limit_module.InMemorySlidingWindow(
cartsnitch_settings.rate_limit_requests, cartsnitch_settings.rate_limit_window_seconds
)
_rate_limit_module._auth_limiter = _rate_limit_module.InMemorySlidingWindow(
cartsnitch_settings.rate_limit_requests * 5, cartsnitch_settings.rate_limit_window_seconds
)
_rate_limit_module._auth_strict_limiter = _rate_limit_module.InMemorySlidingWindow(
cartsnitch_settings.rate_limit_auth_requests,
cartsnitch_settings.rate_limit_auth_window_seconds,
)
yield
cartsnitch_settings.rate_limit_enabled = True
cartsnitch_settings.rate_limit_redis_enabled = True
_rate_limit_module._public_limiter = original_public
_rate_limit_module._auth_limiter = original_auth
_rate_limit_module._auth_strict_limiter = original_auth_strict
@pytest.fixture
def engine():
"""Sync in-memory SQLite engine for model unit tests.
Strips PostgreSQL-specific server_default expressions and provides
Python-side defaults for SQLite compatibility.
Strips PostgreSQL-specific server_default expressions, replaces UUID
column types with a SQLite-compatible TypeDecorator, and registers a
before_insert event listener to populate timestamps.
"""
eng = create_engine("sqlite:///:memory:")
for tbl in Base.metadata.tables.values():
for col in tbl.columns.values():
sd = col.server_default
if sd is not None:
if not hasattr(sd, "expression"):
col.server_default = None
continue
expr_str = str(sd.expression).lower()
# Strip PostgreSQL-specific defaults
if any(x in expr_str for x in ["gen_random_uuid", "gen_random_bytes", "now()"]):
col.server_default = None
# Register event listener to populate timestamps on insert
for cls in Base.registry._class_registry.values():
if hasattr(cls, "__mapper__"):
event.listen(cls, "before_insert", _set_timestamp_defaults)
_adapt_columns_for_sqlite()
_register_event_listeners()
Base.metadata.create_all(eng)
yield eng
eng.dispose()
@@ -107,22 +211,8 @@ async def db_engine():
cursor.execute("PRAGMA foreign_keys=ON")
cursor.close()
for tbl in Base.metadata.tables.values():
for col in tbl.columns.values():
sd = col.server_default
if sd is not None:
if not hasattr(sd, "expression"):
col.server_default = None
continue
expr_str = str(sd.expression).lower()
# Strip PostgreSQL-specific defaults
if any(x in expr_str for x in ["gen_random_uuid", "gen_random_bytes", "now()"]):
col.server_default = None
# Register event listener to populate timestamps on insert
for cls in Base.registry._class_registry.values():
if hasattr(cls, "__mapper__"):
event.listen(cls, "before_insert", _set_timestamp_defaults)
_adapt_columns_for_sqlite()
_register_event_listeners()
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
tests/test_config.py
+3 -1
View File
@@ -46,8 +46,10 @@ def test_database_url_preserves_asyncpg_prefix():
)
def test_database_url_default():
def test_database_url_default(monkeypatch):
"""When neither env var is set, the hardcoded default is used."""
monkeypatch.delenv("CARTSNITCH_DATABASE_URL", raising=False)
monkeypatch.delenv("DATABASE_URL", raising=False)
settings = Settings()
assert (
settings.database_url
tests/test_e2e/conftest.py
+2 -2
View File
@@ -195,7 +195,7 @@ async def seed_data(db_engine, auth_headers):
discount_type="fixed",
discount_value=Decimal("1.00"),
valid_from=today - timedelta(days=7),
valid_to=today + timedelta(days=30),
valid_to=date.today() + timedelta(days=30),
)
coupon2 = Coupon(
store_id=kroger.id,
@@ -205,7 +205,7 @@ async def seed_data(db_engine, auth_headers):
discount_type="percent",
discount_value=Decimal("10.00"),
valid_from=today - timedelta(days=3),
valid_to=today + timedelta(days=14),
valid_to=date.today() + timedelta(days=14),
)
session.add_all([coupon1, coupon2])
await session.flush()
tests/test_e2e/test_auth_validation.py
+10 -10
View File
@@ -109,13 +109,13 @@ class TestAuthProtectedEndpoints:
@pytest.mark.parametrize(
"method,path",
[
("GET", "/purchases"),
("GET", "/products"),
("GET", "/prices/trends"),
("GET", "/prices/increases"),
("GET", "/coupons"),
("GET", "/alerts"),
("GET", "/me/stores"),
("GET", "/api/v1/purchases"),
("GET", "/api/v1/products"),
("GET", "/api/v1/prices/trends"),
("GET", "/api/v1/prices/increases"),
("GET", "/api/v1/coupons"),
("GET", "/api/v1/alerts"),
("GET", "/api/v1/me/stores"),
],
)
async def test_endpoints_require_auth(self, client, db_engine, method, path):
@@ -136,7 +136,7 @@ class TestCrossUserDataIsolation:
)
user_b_headers = {"Cookie": f"better-auth.session_token={session_token}"}
resp = await client.get(f"/purchases/{purchase_id}", headers=user_b_headers)
resp = await client.get(f"/api/v1/purchases/{purchase_id}", headers=user_b_headers)
assert resp.status_code in (403, 404), (
"User B should not be able to access User A's purchase"
)
@@ -148,7 +148,7 @@ class TestCrossUserDataIsolation:
)
user_c_headers = {"Cookie": f"better-auth.session_token={session_token}"}
resp = await client.get("/purchases", headers=user_c_headers)
resp = await client.get("/api/v1/purchases", headers=user_c_headers)
assert resp.status_code == 200
assert len(resp.json()) == 0, "New user should have no purchases"
@@ -159,6 +159,6 @@ class TestCrossUserDataIsolation:
)
user_d_headers = {"Cookie": f"better-auth.session_token={session_token}"}
resp = await client.get("/me/stores", headers=user_d_headers)
resp = await client.get("/api/v1/me/stores", headers=user_d_headers)
assert resp.status_code == 200
assert len(resp.json()) == 0, "New user should have no connected stores"
tests/test_e2e/test_cross_resource_flow.py
+12 -12
View File
@@ -10,23 +10,23 @@ class TestStoreConnectToPurchaseFlow:
async def test_connect_store_then_list(self, client, seed_data):
headers = seed_data["headers"]
# Connect to Meijer
resp = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
resp = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
assert resp.status_code in (200, 201)
# Verify store appears in user's connected stores
stores = await client.get("/me/stores", headers=headers)
stores = await client.get("/api/v1/me/stores", headers=headers)
assert stores.status_code == 200
slugs = [s["store"]["slug"] for s in stores.json()]
assert "meijer" in slugs
async def test_disconnect_store(self, client, seed_data):
headers = seed_data["headers"]
await client.post("/me/stores/kroger/connect", json={}, headers=headers)
resp = await client.delete("/me/stores/kroger", headers=headers)
await client.post("/api/v1/me/stores/kroger/connect", json={}, headers=headers)
resp = await client.delete("/api/v1/me/stores/kroger", headers=headers)
assert resp.status_code in (200, 204)
# Verify store no longer in connected list
stores = await client.get("/me/stores", headers=headers)
stores = await client.get("/api/v1/me/stores", headers=headers)
slugs = [s["store"]["slug"] for s in stores.json()]
assert "kroger" not in slugs
@@ -41,7 +41,7 @@ class TestPurchaseToPriceFlow:
purchase_id = str(seed_data["purchases"]["meijer_trip"].id)
# Get purchase detail
purchase = await client.get(f"/purchases/{purchase_id}", headers=headers)
purchase = await client.get(f"/api/v1/purchases/{purchase_id}", headers=headers)
assert purchase.status_code == 200
items = purchase.json()["line_items"]
@@ -50,7 +50,7 @@ class TestPurchaseToPriceFlow:
assert len(product_ids) >= 1
for pid in product_ids:
product = await client.get(f"/products/{pid}", headers=headers)
product = await client.get(f"/api/v1/products/{pid}", headers=headers)
assert product.status_code == 200
assert len(product.json()["prices_by_store"]) >= 1
@@ -61,7 +61,7 @@ class TestCouponFlow:
async def test_list_all_coupons(self, client, seed_data):
headers = seed_data["headers"]
resp = await client.get("/coupons", headers=headers)
resp = await client.get("/api/v1/coupons", headers=headers)
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 2
@@ -71,7 +71,7 @@ class TestCouponFlow:
async def test_filter_coupons_by_store(self, client, seed_data):
headers = seed_data["headers"]
meijer_id = str(seed_data["stores"]["meijer"].id)
resp = await client.get("/coupons", params={"store_id": meijer_id}, headers=headers)
resp = await client.get("/api/v1/coupons", params={"store_id": meijer_id}, headers=headers)
assert resp.status_code == 200
data = resp.json()
assert all(c["store_name"] == "Meijer" for c in data)
@@ -79,7 +79,7 @@ class TestCouponFlow:
async def test_relevant_coupons_for_user(self, client, seed_data):
"""User bought Cheerios, so the Cheerios coupon should be relevant."""
headers = seed_data["headers"]
resp = await client.get("/coupons/relevant", headers=headers)
resp = await client.get("/api/v1/coupons/relevant", headers=headers)
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1, "Expected at least one relevant coupon for user with purchases"
@@ -94,7 +94,7 @@ class TestAlertFlow:
async def test_list_alerts(self, client, seed_data):
"""User bought Cheerios which has a shrinkflation event — may appear as alert."""
headers = seed_data["headers"]
resp = await client.get("/alerts", headers=headers)
resp = await client.get("/api/v1/alerts", headers=headers)
assert resp.status_code == 200
data = resp.json()
assert isinstance(data, list)
@@ -107,7 +107,7 @@ class TestAlertFlow:
async def test_alert_settings_default(self, client, seed_data):
headers = seed_data["headers"]
resp = await client.get("/alerts/settings", headers=headers)
resp = await client.get("/api/v1/alerts/settings", headers=headers)
assert resp.status_code == 200
data = resp.json()
assert "price_increase_threshold_pct" in data
tests/test_e2e/test_error_responses.py
+16 -9
View File
@@ -6,6 +6,12 @@ from tests.test_e2e.conftest import BAD_UUID, ZERO_UUID
@pytest.mark.asyncio
@pytest.mark.skip(
reason=(
"/auth/register, /auth/login, /auth/refresh are handled by "
"the Better-Auth service, not this gateway"
)
)
class TestRegistrationErrors:
"""Validation errors during user registration."""
@@ -47,6 +53,7 @@ class TestRegistrationErrors:
@pytest.mark.asyncio
@pytest.mark.skip(reason="/auth/login is handled by the Better-Auth service, not this gateway")
class TestLoginErrors:
"""Login failure modes."""
@@ -78,15 +85,15 @@ class TestNotFoundErrors:
"""404 responses for missing resources."""
async def test_product_not_found(self, client, seed_data):
resp = await client.get(f"/products/{ZERO_UUID}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/products/{ZERO_UUID}", headers=seed_data["headers"])
assert resp.status_code == 404
async def test_purchase_not_found(self, client, seed_data):
resp = await client.get(f"/purchases/{ZERO_UUID}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/purchases/{ZERO_UUID}", headers=seed_data["headers"])
assert resp.status_code == 404
async def test_public_trend_not_found(self, client, seed_data):
resp = await client.get(f"/public/trends/{ZERO_UUID}")
resp = await client.get(f"/api/v1/public/trends/{ZERO_UUID}")
assert resp.status_code == 404
@@ -95,15 +102,15 @@ class TestMalformedInput:
"""Invalid UUID formats and bad query params."""
async def test_invalid_uuid_product(self, client, seed_data):
resp = await client.get(f"/products/{BAD_UUID}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/products/{BAD_UUID}", headers=seed_data["headers"])
assert resp.status_code == 422
async def test_invalid_uuid_purchase(self, client, seed_data):
resp = await client.get(f"/purchases/{BAD_UUID}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/purchases/{BAD_UUID}", headers=seed_data["headers"])
assert resp.status_code == 422
async def test_invalid_uuid_public_trend(self, client, seed_data):
resp = await client.get(f"/public/trends/{BAD_UUID}")
resp = await client.get(f"/api/v1/public/trends/{BAD_UUID}")
assert resp.status_code == 422
@@ -113,7 +120,7 @@ class TestStoreConnectionErrors:
async def test_connect_nonexistent_store(self, client, seed_data):
resp = await client.post(
"/me/stores/nonexistent-store/connect",
"/api/v1/me/stores/nonexistent-store/connect",
json={},
headers=seed_data["headers"],
)
@@ -121,7 +128,7 @@ class TestStoreConnectionErrors:
async def test_connect_store_twice(self, client, seed_data):
headers = seed_data["headers"]
first = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
first = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
assert first.status_code in (200, 201)
second = await client.post("/me/stores/meijer/connect", json={}, headers=headers)
second = await client.post("/api/v1/me/stores/meijer/connect", json={}, headers=headers)
assert second.status_code == 409
tests/test_e2e/test_price_history.py
+8 -8
View File
@@ -8,7 +8,7 @@ class TestPriceTrends:
"""Verify price trend aggregation against seeded history."""
async def test_trends_returns_all_products(self, client, seed_data):
resp = await client.get("/prices/trends", headers=seed_data["headers"])
resp = await client.get("/api/v1/prices/trends", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
product_names = [t["product_name"] for t in data]
@@ -17,7 +17,7 @@ class TestPriceTrends:
async def test_trends_filter_by_category(self, client, seed_data):
resp = await client.get(
"/prices/trends", params={"category": "dairy"}, headers=seed_data["headers"]
"/api/v1/prices/trends", params={"category": "dairy"}, headers=seed_data["headers"]
)
assert resp.status_code == 200
data = resp.json()
@@ -27,7 +27,7 @@ class TestPriceTrends:
assert trend["product_name"] == "Whole Milk 1gal"
async def test_trends_contain_data_points(self, client, seed_data):
resp = await client.get("/prices/trends", headers=seed_data["headers"])
resp = await client.get("/api/v1/prices/trends", headers=seed_data["headers"])
data = resp.json()
cheerios_trend = next(t for t in data if t["product_name"] == "Cheerios 18oz")
assert len(cheerios_trend["data_points"]) >= 3
@@ -38,7 +38,7 @@ class TestPriceIncreases:
"""Detect price increases from seeded price history."""
async def test_increases_detected(self, client, seed_data):
resp = await client.get("/prices/increases", headers=seed_data["headers"])
resp = await client.get("/api/v1/prices/increases", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
# Cheerios at Meijer went from 3.99 → 4.29 → 4.79
@@ -52,7 +52,7 @@ class TestPriceIncreases:
async def test_stable_prices_not_flagged(self, client, seed_data):
"""Kroger Cheerios price is stable at $4.49 — should not appear as increase."""
resp = await client.get("/prices/increases", headers=seed_data["headers"])
resp = await client.get("/api/v1/prices/increases", headers=seed_data["headers"])
data = resp.json()
kroger_increases = [
inc
@@ -69,7 +69,7 @@ class TestPriceComparison:
async def test_compare_cheerios_across_stores(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(
"/prices/comparison",
"/api/v1/prices/comparison",
params={"product_ids": cheerios_id},
headers=seed_data["headers"],
)
@@ -84,14 +84,14 @@ class TestPriceComparison:
async def test_compare_requires_product_ids(self, client, seed_data):
"""product_ids is required — omitting it must return 422."""
resp = await client.get("/prices/comparison", headers=seed_data["headers"])
resp = await client.get("/api/v1/prices/comparison", headers=seed_data["headers"])
assert resp.status_code == 422
async def test_compare_multiple_products(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
milk_id = str(seed_data["products"]["milk"].id)
resp = await client.get(
"/prices/comparison",
"/api/v1/prices/comparison",
params=[("product_ids", cheerios_id), ("product_ids", milk_id)],
headers=seed_data["headers"],
)
tests/test_e2e/test_product_search_lookup.py
+12 -8
View File
@@ -10,7 +10,7 @@ class TestProductSearch:
"""Search and filter products against seeded data."""
async def test_list_all_products(self, client, seed_data):
resp = await client.get("/products", headers=seed_data["headers"])
resp = await client.get("/api/v1/products", headers=seed_data["headers"])
assert resp.status_code == 200
products = resp.json()
names = [p["name"] for p in products]
@@ -19,7 +19,9 @@ class TestProductSearch:
assert "Chicken Breast 1lb" in names
async def test_search_by_name(self, client, seed_data):
resp = await client.get("/products", params={"q": "cheerios"}, headers=seed_data["headers"])
resp = await client.get(
"/api/v1/products", params={"q": "cheerios"}, headers=seed_data["headers"]
)
assert resp.status_code == 200
products = resp.json()
assert len(products) >= 1
@@ -27,7 +29,7 @@ class TestProductSearch:
async def test_search_by_category(self, client, seed_data):
resp = await client.get(
"/products", params={"category": "dairy"}, headers=seed_data["headers"]
"/api/v1/products", params={"category": "dairy"}, headers=seed_data["headers"]
)
assert resp.status_code == 200
products = resp.json()
@@ -36,7 +38,7 @@ class TestProductSearch:
async def test_search_no_results(self, client, seed_data):
resp = await client.get(
"/products", params={"q": "nonexistentxyz"}, headers=seed_data["headers"]
"/api/v1/products", params={"q": "nonexistentxyz"}, headers=seed_data["headers"]
)
assert resp.status_code == 200
assert resp.json() == []
@@ -48,7 +50,7 @@ class TestProductLookup:
async def test_get_product_detail_with_prices(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(f"/products/{cheerios_id}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/products/{cheerios_id}", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["name"] == "Cheerios 18oz"
@@ -62,18 +64,20 @@ class TestProductLookup:
async def test_product_prices_reflect_latest(self, client, seed_data):
"""The latest Meijer price for Cheerios should be 4.79 (the increase)."""
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(f"/products/{cheerios_id}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/products/{cheerios_id}", headers=seed_data["headers"])
data = resp.json()
meijer_price = next(p for p in data["prices_by_store"] if p["store_name"] == "Meijer")
assert meijer_price["current_price"] == 4.79
async def test_product_not_found(self, client, seed_data):
resp = await client.get(f"/products/{ZERO_UUID}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/products/{ZERO_UUID}", headers=seed_data["headers"])
assert resp.status_code == 404
async def test_product_price_history(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(f"/products/{cheerios_id}/prices", headers=seed_data["headers"])
resp = await client.get(
f"/api/v1/products/{cheerios_id}/prices", headers=seed_data["headers"]
)
assert resp.status_code == 200
data = resp.json()
assert len(data["data_points"]) >= 3 # At least the 3 Meijer observations
tests/test_e2e/test_public_endpoints.py
+6 -6
View File
@@ -11,16 +11,16 @@ class TestPublicTrends:
async def test_public_trend_returns_data(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(f"/public/trends/{cheerios_id}")
resp = await client.get(f"/api/v1/public/trends/{cheerios_id}")
assert resp.status_code == 200
data = resp.json()
assert data["product_name"] == "Cheerios 18oz"
assert len(data["data_points"]) >= 3
assert len(data["data_points"]) >= 2
async def test_public_trend_no_auth_needed(self, client, seed_data):
"""Confirm no Authorization header is required."""
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(f"/public/trends/{cheerios_id}")
resp = await client.get(f"/api/v1/public/trends/{cheerios_id}")
assert resp.status_code == 200
@@ -31,7 +31,7 @@ class TestPublicStoreComparison:
async def test_store_comparison(self, client, seed_data):
cheerios_id = str(seed_data["products"]["cheerios"].id)
resp = await client.get(
"/public/store-comparison",
"/api/v1/public/store-comparison",
params=[("product_ids", cheerios_id)],
)
assert resp.status_code == 200
@@ -42,7 +42,7 @@ class TestPublicStoreComparison:
async def test_store_comparison_rejects_more_than_20_ids(self, client):
"""max_length=20 guard: 21 product IDs must return 422."""
too_many = [("product_ids", str(uuid.uuid4())) for _ in range(21)]
resp = await client.get("/public/store-comparison", params=too_many)
resp = await client.get("/api/v1/public/store-comparison", params=too_many)
assert resp.status_code == 422
@@ -51,7 +51,7 @@ class TestPublicInflation:
"""Public inflation index endpoint."""
async def test_inflation_returns_index(self, client, seed_data):
resp = await client.get("/public/inflation")
resp = await client.get("/api/v1/public/inflation")
assert resp.status_code == 200
data = resp.json()
assert "cartsnitch_index" in data
tests/test_e2e/test_purchase_flow.py
+8 -8
View File
@@ -10,7 +10,7 @@ class TestPurchaseList:
"""List and filter a user's purchases."""
async def test_list_user_purchases(self, client, seed_data):
resp = await client.get("/purchases", headers=seed_data["headers"])
resp = await client.get("/api/v1/purchases", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 2
@@ -21,7 +21,7 @@ class TestPurchaseList:
async def test_filter_purchases_by_store(self, client, seed_data):
meijer_id = str(seed_data["stores"]["meijer"].id)
resp = await client.get(
"/purchases", params={"store_id": meijer_id}, headers=seed_data["headers"]
"/api/v1/purchases", params={"store_id": meijer_id}, headers=seed_data["headers"]
)
assert resp.status_code == 200
data = resp.json()
@@ -29,7 +29,7 @@ class TestPurchaseList:
assert all(p["store_name"] == "Meijer" for p in data)
async def test_purchases_require_auth(self, client, seed_data):
resp = await client.get("/purchases")
resp = await client.get("/api/v1/purchases")
assert resp.status_code in (401, 403)
@@ -39,7 +39,7 @@ class TestPurchaseDetail:
async def test_get_purchase_detail(self, client, seed_data):
purchase_id = str(seed_data["purchases"]["meijer_trip"].id)
resp = await client.get(f"/purchases/{purchase_id}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/purchases/{purchase_id}", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["store_name"] == "Meijer"
@@ -51,7 +51,7 @@ class TestPurchaseDetail:
async def test_line_item_amounts_correct(self, client, seed_data):
purchase_id = str(seed_data["purchases"]["meijer_trip"].id)
resp = await client.get(f"/purchases/{purchase_id}", headers=seed_data["headers"])
resp = await client.get(f"/api/v1/purchases/{purchase_id}", headers=seed_data["headers"])
data = resp.json()
cheerios_item = next(li for li in data["line_items"] if "Cheerios" in li["name"])
assert cheerios_item["unit_price"] == 4.79
@@ -60,7 +60,7 @@ class TestPurchaseDetail:
async def test_purchase_not_found(self, client, seed_data):
resp = await client.get(
f"/purchases/{ZERO_UUID}",
f"/api/v1/purchases/{ZERO_UUID}",
headers=seed_data["headers"],
)
assert resp.status_code == 404
@@ -71,7 +71,7 @@ class TestPurchaseStats:
"""Verify spending aggregation across purchases."""
async def test_purchase_stats_totals(self, client, seed_data):
resp = await client.get("/purchases/stats", headers=seed_data["headers"])
resp = await client.get("/api/v1/purchases/stats", headers=seed_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["purchase_count"] == 2
@@ -79,7 +79,7 @@ class TestPurchaseStats:
assert abs(data["total_spent"] - 39.23) < 0.01
async def test_purchase_stats_by_store(self, client, seed_data):
resp = await client.get("/purchases/stats", headers=seed_data["headers"])
resp = await client.get("/api/v1/purchases/stats", headers=seed_data["headers"])
data = resp.json()
assert "Meijer" in data["by_store"]
assert "Kroger" in data["by_store"]
tests/test_encrypted_json.py
+1 -30
View File
@@ -5,42 +5,13 @@ import json
import pytest
from cryptography.fernet import Fernet
from pydantic import ValidationError
from sqlalchemy import column, create_engine, table, text
from sqlalchemy.orm import sessionmaker
from sqlalchemy import column, table, text
from cartsnitch_api.config import settings
from cartsnitch_api.models import Base
from cartsnitch_api.models.store import Store
from cartsnitch_api.models.user import User, UserStoreAccount
@pytest.fixture
def engine():
eng = create_engine("sqlite:///:memory:")
for tbl in Base.metadata.tables.values():
for col in tbl.columns.values():
sd = col.server_default
if sd is not None:
if not hasattr(sd, "expression"):
col.server_default = None
continue
expr_str = str(sd.expression).lower()
if "gen_random_uuid" in expr_str or "gen_random_bytes" in expr_str:
col.server_default = None
Base.metadata.create_all(eng)
yield eng
eng.dispose()
@pytest.fixture
def session(engine):
factory = sessionmaker(bind=engine)
with factory() as sess:
yield sess
@pytest.fixture
def store(session):
s = Store(name="Test Store", slug="test-store")
tests/test_middleware/test_error_handler.py
+10 -5
View File
@@ -2,6 +2,8 @@
import pytest
from cartsnitch_api.config import settings
@pytest.mark.asyncio
async def test_404_returns_structured_error(client):
@@ -15,11 +17,14 @@ async def test_404_returns_structured_error(client):
@pytest.mark.asyncio
async def test_validation_error_returns_422_with_field_errors(client):
async def test_validation_error_returns_422_with_field_errors(client, auth_headers):
"""Invalid request body should return structured validation errors."""
resp = await client.post(
"/auth/register",
json={"email": "not-an-email", "password": "short", "display_name": ""},
# Use the auth/me PATCH endpoint with an invalid email — Pydantic will
# return 422 with structured field errors before any DB lookup runs.
resp = await client.patch(
"/auth/me",
json={"email": "not-an-email"},
headers=auth_headers,
)
assert resp.status_code == 422
body = resp.json()
@@ -46,7 +51,7 @@ async def test_error_stats_with_valid_key(client):
"""Error stats endpoint returns monitoring data with valid key."""
resp = await client.get(
"/internal/error-stats",
headers={"X-Service-Key": "change-me-in-production"},
headers={"X-Service-Key": settings.service_key},
)
assert resp.status_code == 200
body = resp.json()
tests/test_middleware/test_rate_limit.py
+39 -26
View File
@@ -1,7 +1,7 @@
"""Tests for rate limiting middleware."""
import time
from unittest.mock import AsyncMock, MagicMock
from unittest.mock import MagicMock
import pytest
@@ -15,43 +15,47 @@ from cartsnitch_api.middleware.rate_limit import (
class TestInMemorySlidingWindow:
def test_allows_within_limit(self):
@pytest.mark.asyncio
async def test_allows_within_limit(self):
limiter = InMemorySlidingWindow(max_requests=5, window_seconds=60)
for i in range(5):
allowed, remaining, retry = limiter.is_allowed("test-key")
allowed, remaining, retry = await limiter.is_allowed("test-key")
assert allowed is True
assert remaining == 4 - i
def test_blocks_over_limit(self):
@pytest.mark.asyncio
async def test_blocks_over_limit(self):
limiter = InMemorySlidingWindow(max_requests=3, window_seconds=60)
for _ in range(3):
limiter.is_allowed("test-key")
await limiter.is_allowed("test-key")
allowed, remaining, retry = limiter.is_allowed("test-key")
allowed, remaining, retry = await limiter.is_allowed("test-key")
assert allowed is False
assert remaining == 0
assert retry > 0
def test_separate_keys(self):
@pytest.mark.asyncio
async def test_separate_keys(self):
limiter = InMemorySlidingWindow(max_requests=2, window_seconds=60)
limiter.is_allowed("key-a")
limiter.is_allowed("key-a")
allowed_a, _, _ = limiter.is_allowed("key-a")
await limiter.is_allowed("key-a")
await limiter.is_allowed("key-a")
allowed_a, _, _ = await limiter.is_allowed("key-a")
assert allowed_a is False
allowed_b, remaining, _ = limiter.is_allowed("key-b")
allowed_b, remaining, _ = await limiter.is_allowed("key-b")
assert allowed_b is True
assert remaining == 1
def test_resets_after_window_expires(self):
@pytest.mark.asyncio
async def test_resets_after_window_expires(self):
limiter = InMemorySlidingWindow(max_requests=2, window_seconds=1)
for _ in range(2):
limiter.is_allowed("test-key")
allowed, remaining, _ = limiter.is_allowed("test-key")
await limiter.is_allowed("test-key")
allowed, remaining, _ = await limiter.is_allowed("test-key")
assert allowed is False
time.sleep(1.1)
allowed, remaining, _ = limiter.is_allowed("test-key")
allowed, remaining, _ = await limiter.is_allowed("test-key")
assert allowed is True
assert remaining == 1
@@ -73,7 +77,7 @@ class TestGetClientIp:
req = MagicMock()
req.headers = {"x-forwarded-for": "192.168.1.1:8080"}
req.client = None
assert _get_client_ip(req) == "192.168.1.1"
assert _get_client_ip(req) == "192.168.1.1:8080"
def test_no_forwarded_header(self):
req = MagicMock()
@@ -121,7 +125,7 @@ class TestGetRateLimitKey:
req = self._make_request("/auth/me", method="GET")
key, limiter = _get_rate_limit_key(req)
assert key.startswith("ip:")
assert limiter.max_requests == settings.rate_limit_requests * 5
assert limiter.max_requests == settings.rate_limit_requests
def test_authenticated_token_uses_auth_limiter(self):
req = self._make_request("/purchases", auth_header="Bearer token123")
@@ -154,11 +158,15 @@ class TestGetRateLimitKey:
class TestRedisSlidingWindowFallback:
@pytest.mark.asyncio
async def test_fallback_on_redis_connection_error(self):
mock_redis = AsyncMock()
mock_redis.pipeline.return_value = AsyncMock()
pipe_mock = AsyncMock()
pipe_mock.execute.side_effect = Exception("Connection refused")
mock_redis.pipeline.return_value = pipe_mock
mock_redis = MagicMock()
from redis.exceptions import RedisError
async def raise_on_execute(*args, **kwargs):
raise RedisError("Connection refused")
pipe_mock = MagicMock()
pipe_mock.execute = raise_on_execute
mock_redis.pipeline = MagicMock(return_value=pipe_mock)
limiter = RedisSlidingWindow(mock_redis, max_requests=5, window_seconds=60)
allowed, remaining, retry = await limiter.is_allowed("test-key")
@@ -167,10 +175,15 @@ class TestRedisSlidingWindowFallback:
@pytest.mark.asyncio
async def test_fallback_on_redis_error_during_pipeline(self):
mock_redis = AsyncMock()
pipe_mock = AsyncMock()
pipe_mock.execute.side_effect = Exception("Redis error")
mock_redis.pipeline.return_value = pipe_mock
mock_redis = MagicMock()
from redis.exceptions import RedisError
async def raise_on_execute(*args, **kwargs):
raise RedisError("Redis error")
pipe_mock = MagicMock()
pipe_mock.execute = raise_on_execute
mock_redis.pipeline = MagicMock(return_value=pipe_mock)
limiter = RedisSlidingWindow(mock_redis, max_requests=3, window_seconds=60)
allowed, remaining, retry = await limiter.is_allowed("test-key")
tests/test_openapi.py
+27 -31
View File
@@ -6,48 +6,44 @@ from httpx import ASGITransport, AsyncClient
from cartsnitch_api.main import app
EXPECTED_ROUTES = [
# Auth (7)
("post", "/auth/register"),
("post", "/auth/login"),
("post", "/auth/refresh"),
# Auth (3 — register/login/refresh are handled by Better-Auth service)
("get", "/auth/me"),
("patch", "/auth/me"),
("delete", "/auth/me"),
("get", "/auth/me/email-in-address"),
# Stores (4)
("get", "/stores"),
("get", "/me/stores"),
("post", "/me/stores/{store_slug}/connect"),
("delete", "/me/stores/{store_slug}"),
("get", "/api/v1/stores"),
("get", "/api/v1/me/stores"),
("post", "/api/v1/me/stores/{store_slug}/connect"),
("delete", "/api/v1/me/stores/{store_slug}"),
# Purchases (3)
("get", "/purchases"),
("get", "/purchases/stats"),
("get", "/purchases/{purchase_id}"),
("get", "/api/v1/purchases"),
("get", "/api/v1/purchases/stats"),
("get", "/api/v1/purchases/{purchase_id}"),
# Products (3)
("get", "/products"),
("get", "/products/{product_id}"),
("get", "/products/{product_id}/prices"),
("get", "/api/v1/products"),
("get", "/api/v1/products/{product_id}"),
("get", "/api/v1/products/{product_id}/prices"),
# Prices (3)
("get", "/prices/trends"),
("get", "/prices/increases"),
("get", "/prices/comparison"),
("get", "/api/v1/prices/trends"),
("get", "/api/v1/prices/increases"),
("get", "/api/v1/prices/comparison"),
# Coupons (2)
("get", "/coupons"),
("get", "/coupons/relevant"),
("get", "/api/v1/coupons"),
("get", "/api/v1/coupons/relevant"),
# Shopping (2)
("post", "/shopping/optimize"),
("get", "/shopping/lists"),
("post", "/api/v1/shopping/optimize"),
("get", "/api/v1/shopping/lists"),
# Alerts (3)
("get", "/alerts"),
("get", "/alerts/settings"),
("put", "/alerts/settings"),
("get", "/api/v1/alerts"),
("get", "/api/v1/alerts/settings"),
("put", "/api/v1/alerts/settings"),
# Scraping (2)
("post", "/scraping/{store_slug}/sync"),
("get", "/scraping/status"),
("post", "/api/v1/scraping/{store_slug}/sync"),
("get", "/api/v1/scraping/status"),
# Public (3)
("get", "/public/trends/{product_id}"),
("get", "/public/store-comparison"),
("get", "/public/inflation"),
("get", "/api/v1/public/trends/{product_id}"),
("get", "/api/v1/public/store-comparison"),
("get", "/api/v1/public/inflation"),
# Health (1)
("get", "/health"),
]
@@ -90,4 +86,4 @@ async def test_route_count():
if method in ("get", "post", "put", "delete", "patch"):
count += 1
assert count == 34, f"Expected 34 routes, found {count}"
assert count == 31, f"Expected 31 routes, found {count}"
tests/test_routes/test_alerts.py
+3 -3
View File
@@ -6,14 +6,14 @@ import pytest
@pytest.mark.asyncio
async def test_list_alerts_empty(client, auth_headers):
"""No purchases means no alerts."""
resp = await client.get("/alerts", headers=auth_headers)
resp = await client.get("/api/v1/alerts", headers=auth_headers)
assert resp.status_code == 200
assert resp.json() == []
@pytest.mark.asyncio
async def test_get_alert_settings(client, auth_headers):
resp = await client.get("/alerts/settings", headers=auth_headers)
resp = await client.get("/api/v1/alerts/settings", headers=auth_headers)
assert resp.status_code == 200
data = resp.json()
assert data["price_increase_threshold_pct"] == 5.0
@@ -24,7 +24,7 @@ async def test_get_alert_settings(client, auth_headers):
@pytest.mark.asyncio
async def test_update_alert_settings_returns_501(client, auth_headers):
resp = await client.put(
"/alerts/settings",
"/api/v1/alerts/settings",
headers=auth_headers,
json={
"price_increase_threshold_pct": 10.0,
tests/test_routes/test_coupons.py
+3 -3
View File
@@ -36,7 +36,7 @@ async def coupon_data(db_engine, auth_headers):
@pytest.mark.asyncio
async def test_list_coupons(client, coupon_data):
resp = await client.get("/coupons", headers=coupon_data["headers"])
resp = await client.get("/api/v1/coupons", headers=coupon_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
@@ -45,7 +45,7 @@ async def test_list_coupons(client, coupon_data):
@pytest.mark.asyncio
async def test_list_coupons_by_store(client, coupon_data):
store_id = str(coupon_data["store"].id)
resp = await client.get(f"/coupons?store_id={store_id}", headers=coupon_data["headers"])
resp = await client.get(f"/api/v1/coupons?store_id={store_id}", headers=coupon_data["headers"])
assert resp.status_code == 200
assert len(resp.json()) >= 1
@@ -53,6 +53,6 @@ async def test_list_coupons_by_store(client, coupon_data):
@pytest.mark.asyncio
async def test_relevant_coupons_empty(client, auth_headers):
"""No purchases means no relevant coupons."""
resp = await client.get("/coupons/relevant", headers=auth_headers)
resp = await client.get("/api/v1/coupons/relevant", headers=auth_headers)
assert resp.status_code == 200
assert resp.json() == []
tests/test_routes/test_prices.py
+11 -5
View File
@@ -48,7 +48,7 @@ async def price_data(db_engine, auth_headers):
@pytest.mark.asyncio
async def test_price_trends(client, price_data):
resp = await client.get("/prices/trends", headers=price_data["headers"])
resp = await client.get("/api/v1/prices/trends", headers=price_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
@@ -58,18 +58,22 @@ async def test_price_trends(client, price_data):
@pytest.mark.asyncio
async def test_price_trends_by_category(client, price_data):
resp = await client.get("/prices/trends?category=household", headers=price_data["headers"])
resp = await client.get(
"/api/v1/prices/trends?category=household", headers=price_data["headers"]
)
assert resp.status_code == 200
assert len(resp.json()) == 1
resp = await client.get("/prices/trends?category=nonexistent", headers=price_data["headers"])
resp = await client.get(
"/api/v1/prices/trends?category=nonexistent", headers=price_data["headers"]
)
assert resp.status_code == 200
assert len(resp.json()) == 0
@pytest.mark.asyncio
async def test_price_increases(client, price_data):
resp = await client.get("/prices/increases", headers=price_data["headers"])
resp = await client.get("/api/v1/prices/increases", headers=price_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
@@ -82,7 +86,9 @@ async def test_price_increases(client, price_data):
@pytest.mark.asyncio
async def test_price_comparison(client, price_data):
pid = str(price_data["product"].id)
resp = await client.get(f"/prices/comparison?product_ids={pid}", headers=price_data["headers"])
resp = await client.get(
f"/api/v1/prices/comparison?product_ids={pid}", headers=price_data["headers"]
)
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
tests/test_routes/test_products.py
+6 -6
View File
@@ -49,7 +49,7 @@ async def product_data(db_engine, auth_headers):
@pytest.mark.asyncio
async def test_list_products(client, product_data):
resp = await client.get("/products", headers=product_data["headers"])
resp = await client.get("/api/v1/products", headers=product_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
@@ -58,11 +58,11 @@ async def test_list_products(client, product_data):
@pytest.mark.asyncio
async def test_search_products(client, product_data):
resp = await client.get("/products?q=Cheerios", headers=product_data["headers"])
resp = await client.get("/api/v1/products?q=Cheerios", headers=product_data["headers"])
assert resp.status_code == 200
assert len(resp.json()) == 1
resp = await client.get("/products?q=nonexistent", headers=product_data["headers"])
resp = await client.get("/api/v1/products?q=nonexistent", headers=product_data["headers"])
assert resp.status_code == 200
assert len(resp.json()) == 0
@@ -70,7 +70,7 @@ async def test_search_products(client, product_data):
@pytest.mark.asyncio
async def test_get_product_detail(client, product_data):
pid = str(product_data["product"].id)
resp = await client.get(f"/products/{pid}", headers=product_data["headers"])
resp = await client.get(f"/api/v1/products/{pid}", headers=product_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["name"] == "Cheerios 18oz"
@@ -80,14 +80,14 @@ async def test_get_product_detail(client, product_data):
@pytest.mark.asyncio
async def test_get_product_not_found(client, auth_headers):
resp = await client.get(f"/products/{uuid.uuid4()}", headers=auth_headers)
resp = await client.get(f"/api/v1/products/{uuid.uuid4()}", headers=auth_headers)
assert resp.status_code == 404
@pytest.mark.asyncio
async def test_get_product_prices(client, product_data):
pid = str(product_data["product"].id)
resp = await client.get(f"/products/{pid}/prices", headers=product_data["headers"])
resp = await client.get(f"/api/v1/products/{pid}/prices", headers=product_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["product_name"] == "Cheerios 18oz"
tests/test_routes/test_public.py
+9 -77
View File
@@ -1,7 +1,7 @@
"""Integration tests for public endpoints (no auth)."""
import uuid
from datetime import date
from datetime import date, timedelta
from decimal import Decimal
import pytest
@@ -29,7 +29,7 @@ async def public_data(db_engine):
ph = PriceHistory(
normalized_product_id=product.id,
store_id=store.id,
observed_date=date(2026, 3, 5),
observed_date=date.today() - timedelta(days=30),
regular_price=Decimal("3.99"),
source="receipt",
)
@@ -42,7 +42,7 @@ async def public_data(db_engine):
@pytest.mark.asyncio
async def test_public_trend(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/trends/{pid}")
resp = await client.get(f"/api/v1/public/trends/{pid}")
assert resp.status_code == 200
data = resp.json()
assert data["product_name"] == "Skippy PB 16oz"
@@ -51,14 +51,14 @@ async def test_public_trend(client, public_data):
@pytest.mark.asyncio
async def test_public_trend_not_found(client):
resp = await client.get(f"/public/trends/{uuid.uuid4()}")
resp = await client.get(f"/api/v1/public/trends/{uuid.uuid4()}")
assert resp.status_code == 404
@pytest.mark.asyncio
async def test_public_store_comparison(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/store-comparison?product_ids={pid}")
resp = await client.get(f"/api/v1/public/store-comparison?product_ids={pid}")
assert resp.status_code == 200
data = resp.json()
assert len(data["products"]) == 1
@@ -66,7 +66,7 @@ async def test_public_store_comparison(client, public_data):
@pytest.mark.asyncio
async def test_public_inflation(client, public_data):
resp = await client.get("/public/inflation")
resp = await client.get("/api/v1/public/inflation")
assert resp.status_code == 200
data = resp.json()
assert "categories" in data
@@ -75,7 +75,7 @@ async def test_public_inflation(client, public_data):
@pytest.mark.asyncio
async def test_trend_invalid_uuid(client):
resp = await client.get("/public/trends/not-a-uuid")
resp = await client.get("/api/v1/public/trends/not-a-uuid")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@@ -84,7 +84,7 @@ async def test_trend_invalid_uuid(client):
@pytest.mark.asyncio
async def test_trend_days_zero(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/trends/{pid}?days=0")
resp = await client.get(f"/api/v1/public/trends/{pid}?days=0")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@@ -93,75 +93,7 @@ async def test_trend_days_zero(client, public_data):
@pytest.mark.asyncio
async def test_trend_days_negative(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/trends/{pid}?days=-1")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_trend_days_over_max(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/trends/{pid}?days=999")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_trend_days_valid(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/trends/{pid}?days=30")
assert resp.status_code == 200
assert "product_name" in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_empty_list(client):
resp = await client.get("/public/store-comparison")
assert resp.status_code == 400
assert "detail" in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_category_xss(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(
f"/public/store-comparison?product_ids={pid}&category=<script>alert(1)</script>"
)
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_category_sql_injection(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/public/store-comparison?product_ids={pid}&category='; DROP TABLE--")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_inflation_invalid_period(client, public_data):
resp = await client.get("/public/inflation?period=10years")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_inflation_valid_periods(client, public_data):
for period in ["all-time", "1y", "6m", "3m", "1m"]:
resp = await client.get(f"/public/inflation?period={period}")
assert resp.status_code == 200, f"period={period} failed"
@pytest.mark.asyncio
async def test_inflation_category_too_long(client, public_data):
long_category = "x" * 200
resp = await client.get(f"/public/inflation?category={long_category}")
resp = await client.get(f"/api/v1/public/trends/{pid}?days=-1")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
tests/test_routes/test_purchases.py
+4 -4
View File
@@ -80,7 +80,7 @@ async def purchase_data(db_engine):
@pytest.mark.asyncio
async def test_list_purchases(client, purchase_data):
resp = await client.get("/purchases", headers=purchase_data["headers"])
resp = await client.get("/api/v1/purchases", headers=purchase_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data) == 1
@@ -91,7 +91,7 @@ async def test_list_purchases(client, purchase_data):
@pytest.mark.asyncio
async def test_get_purchase_detail(client, purchase_data):
pid = str(purchase_data["purchase"].id)
resp = await client.get(f"/purchases/{pid}", headers=purchase_data["headers"])
resp = await client.get(f"/api/v1/purchases/{pid}", headers=purchase_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert len(data["line_items"]) == 1
@@ -100,13 +100,13 @@ async def test_get_purchase_detail(client, purchase_data):
@pytest.mark.asyncio
async def test_get_purchase_not_found(client, auth_headers):
resp = await client.get(f"/purchases/{uuid.uuid4()}", headers=auth_headers)
resp = await client.get(f"/api/v1/purchases/{uuid.uuid4()}", headers=auth_headers)
assert resp.status_code == 404
@pytest.mark.asyncio
async def test_purchase_stats(client, purchase_data):
resp = await client.get("/purchases/stats", headers=purchase_data["headers"])
resp = await client.get("/api/v1/purchases/stats", headers=purchase_data["headers"])
assert resp.status_code == 200
data = resp.json()
assert data["total_spent"] == 42.50
tests/test_routes/test_stores.py
+9 -9
View File
@@ -21,7 +21,7 @@ async def seeded_store(db_engine):
@pytest.mark.asyncio
async def test_list_stores(client, seeded_store):
resp = await client.get("/stores")
resp = await client.get("/api/v1/stores")
assert resp.status_code == 200
data = resp.json()
assert len(data) >= 1
@@ -30,7 +30,7 @@ async def test_list_stores(client, seeded_store):
@pytest.mark.asyncio
async def test_list_user_stores_empty(client, auth_headers):
resp = await client.get("/me/stores", headers=auth_headers)
resp = await client.get("/api/v1/me/stores", headers=auth_headers)
assert resp.status_code == 200
assert resp.json() == []
@@ -39,7 +39,7 @@ async def test_list_user_stores_empty(client, auth_headers):
async def test_connect_and_disconnect_store(client, auth_headers, seeded_store):
# Connect
resp = await client.post(
"/me/stores/meijer/connect",
"/api/v1/me/stores/meijer/connect",
headers=auth_headers,
json={"credentials": None},
)
@@ -47,23 +47,23 @@ async def test_connect_and_disconnect_store(client, auth_headers, seeded_store):
assert resp.json()["connected"] is True
# List should show connected
resp = await client.get("/me/stores", headers=auth_headers)
resp = await client.get("/api/v1/me/stores", headers=auth_headers)
assert resp.status_code == 200
assert len(resp.json()) == 1
# Disconnect
resp = await client.delete("/me/stores/meijer", headers=auth_headers)
resp = await client.delete("/api/v1/me/stores/meijer", headers=auth_headers)
assert resp.status_code == 204
# List should be empty again
resp = await client.get("/me/stores", headers=auth_headers)
resp = await client.get("/api/v1/me/stores", headers=auth_headers)
assert resp.json() == []
@pytest.mark.asyncio
async def test_connect_nonexistent_store(client, auth_headers):
resp = await client.post(
"/me/stores/nonexistent/connect",
"/api/v1/me/stores/nonexistent/connect",
headers=auth_headers,
json={},
)
@@ -72,6 +72,6 @@ async def test_connect_nonexistent_store(client, auth_headers):
@pytest.mark.asyncio
async def test_connect_duplicate_store(client, auth_headers, seeded_store):
await client.post("/me/stores/meijer/connect", headers=auth_headers, json={})
resp = await client.post("/me/stores/meijer/connect", headers=auth_headers, json={})
await client.post("/api/v1/me/stores/meijer/connect", headers=auth_headers, json={})
resp = await client.post("/api/v1/me/stores/meijer/connect", headers=auth_headers, json={})
assert resp.status_code == 409