Compare commits
21 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 CartSnitch Engineer Bot
|
43cb62a4d6 | ||
|
cartsnitch-cto[bot]
|
4c36fd4156 | ||
|
cartsnitch-ceo[bot]
|
c9172f088f | ||
|
cartsnitch-engineer[bot]
|
ac4cba2b0d | ||
|
cartsnitch-cto[bot]
|
0c47be8ef3 | ||
|
cartsnitch-cto[bot]
|
440f92e96e | ||
|
cartsnitch-ceo[bot]
|
97bbdf68a5 | ||
|
CartSnitch Engineer Bot
|
02e5bee390 | ||
|
CartSnitch Engineer Bot
|
d475b3876a | ||
|
cartsnitch-qa[bot]
|
76bcc53992 | ||
|
cartsnitch-qa[bot]
|
470b615528 | ||
|
CartSnitch Engineer Bot
|
f26f8f7e56 | ||
|
cartsnitch-ceo[bot]
|
78b7831d43 | ||
|
CartSnitch Engineer Bot
|
e45b510519 | ||
|
CartSnitch Engineer Bot
|
f25044ea7e | ||
|
CartSnitch Engineer Bot
|
b637fd9c11 | ||
|
cartsnitch-engineer[bot]
|
983ee2c398 | ||
|
cartsnitch-engineer[bot]
|
8af7b37b38 | ||
|
Barcode Betty
|
b21a30b2e7 | ||
|
Barcode Betty
|
361ad3acc2 | ||
 Stockboy Steve
|
5e165d277e |
@@ -95,7 +95,7 @@ jobs:
|
||||
run: |
|
||||
CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
|
||||
npm install -g @lhci/cli
|
||||
LHCI_CHROME_PATH="$CHROME_PATH" lhci autorun
|
||||
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
|
||||
|
||||
build-and-push:
|
||||
runs-on: runners-cartsnitch
|
||||
|
||||
@@ -5,6 +5,7 @@ Sessions are verified by querying the shared sessions table directly.
|
||||
"""
|
||||
|
||||
from datetime import UTC, datetime
|
||||
from hashlib import sha256
|
||||
from uuid import UUID
|
||||
|
||||
from fastapi import Cookie, Depends, Header, HTTPException, Request, status
|
||||
@@ -19,18 +20,25 @@ from cartsnitch_api.database import get_db
|
||||
# but we support Bearer tokens for service-to-service or mobile clients.
|
||||
bearer_scheme = HTTPBearer(auto_error=False)
|
||||
|
||||
# Better-Auth session cookie name
|
||||
SESSION_COOKIE_NAME = "better-auth.session_token"
|
||||
# Better-Auth session cookie names.
|
||||
# Over HTTPS Better-Auth adds the __Secure- prefix automatically.
|
||||
SESSION_COOKIE_NAMES = [
|
||||
"__Secure-better-auth.session_token", # HTTPS (deployed)
|
||||
"better-auth.session_token", # HTTP (local dev)
|
||||
]
|
||||
|
||||
|
||||
async def _validate_session_token(token: str, db: AsyncSession) -> UUID:
|
||||
"""Validate a Better-Auth session token against the sessions table.
|
||||
|
||||
Returns the user_id (as UUID) if the session is valid and not expired.
|
||||
Better-Auth v1.5.6+ stores tokens as SHA-256 hashes, so we hash the
|
||||
incoming raw token before querying.
|
||||
"""
|
||||
hashed_token = sha256(token.encode("utf-8")).hexdigest()
|
||||
result = await db.execute(
|
||||
text("SELECT user_id, expires_at FROM sessions WHERE token = :token"),
|
||||
{"token": token},
|
||||
{"token": hashed_token},
|
||||
)
|
||||
row = result.first()
|
||||
|
||||
@@ -67,8 +75,12 @@ async def get_current_user(
|
||||
"""
|
||||
token: str | None = None
|
||||
|
||||
# 1. Check session cookie
|
||||
cookie_token = request.cookies.get(SESSION_COOKIE_NAME)
|
||||
# 1. Check session cookie (try both names for HTTP/HTTPS compatibility)
|
||||
cookie_token = None
|
||||
for name in SESSION_COOKIE_NAMES:
|
||||
cookie_token = request.cookies.get(name)
|
||||
if cookie_token:
|
||||
break
|
||||
if cookie_token:
|
||||
token = cookie_token
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
from contextlib import asynccontextmanager
|
||||
|
||||
from fastapi import FastAPI
|
||||
from fastapi import APIRouter, FastAPI
|
||||
|
||||
from cartsnitch_api.auth.routes import router as auth_router
|
||||
from cartsnitch_api.middleware.cors import add_cors_middleware
|
||||
@@ -46,15 +46,19 @@ def create_app() -> FastAPI:
|
||||
# Routers
|
||||
app.include_router(health_router)
|
||||
app.include_router(auth_router)
|
||||
app.include_router(stores_router)
|
||||
app.include_router(purchases_router)
|
||||
app.include_router(products_router)
|
||||
app.include_router(prices_router)
|
||||
app.include_router(coupons_router)
|
||||
app.include_router(shopping_router)
|
||||
app.include_router(alerts_router)
|
||||
app.include_router(scraping_router)
|
||||
app.include_router(public_router)
|
||||
|
||||
# Data endpoints mounted under /api/v1
|
||||
v1_router = APIRouter(prefix="/api/v1")
|
||||
v1_router.include_router(stores_router)
|
||||
v1_router.include_router(purchases_router)
|
||||
v1_router.include_router(products_router)
|
||||
v1_router.include_router(prices_router)
|
||||
v1_router.include_router(coupons_router)
|
||||
v1_router.include_router(shopping_router)
|
||||
v1_router.include_router(alerts_router)
|
||||
v1_router.include_router(scraping_router)
|
||||
v1_router.include_router(public_router)
|
||||
app.include_router(v1_router)
|
||||
|
||||
return app
|
||||
|
||||
|
||||
@@ -9,14 +9,14 @@ from sqlalchemy import Boolean, Date, DateTime, ForeignKey, Numeric, String
|
||||
from sqlalchemy.orm import Mapped, mapped_column, relationship
|
||||
|
||||
from cartsnitch_api.constants import DiscountType
|
||||
from cartsnitch_api.models.base import Base, TimestampMixin, UUIDPrimaryKeyMixin
|
||||
from cartsnitch_api.models.base import Base, UUIDPrimaryKeyMixin
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.product import NormalizedProduct
|
||||
from cartsnitch_api.models.store import Store
|
||||
|
||||
|
||||
class Coupon(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
class Coupon(UUIDPrimaryKeyMixin, Base):
|
||||
"""A coupon or deal for a product at a store."""
|
||||
|
||||
__tablename__ = "coupons"
|
||||
|
||||
@@ -9,7 +9,7 @@ from sqlalchemy import Date, ForeignKey, Index, Numeric, String
|
||||
from sqlalchemy.orm import Mapped, mapped_column, relationship
|
||||
|
||||
from cartsnitch_api.constants import PriceSource
|
||||
from cartsnitch_api.models.base import Base, TimestampMixin, UUIDPrimaryKeyMixin
|
||||
from cartsnitch_api.models.base import Base, UUIDPrimaryKeyMixin
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.product import NormalizedProduct
|
||||
@@ -17,7 +17,7 @@ if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.store import Store
|
||||
|
||||
|
||||
class PriceHistory(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
class PriceHistory(UUIDPrimaryKeyMixin, Base):
|
||||
"""A single price observation for a product at a store on a date."""
|
||||
|
||||
__tablename__ = "price_history"
|
||||
|
||||
@@ -18,7 +18,7 @@ from sqlalchemy import (
|
||||
)
|
||||
from sqlalchemy.orm import Mapped, mapped_column, relationship
|
||||
|
||||
from cartsnitch_api.models.base import Base, TimestampMixin, UUIDPrimaryKeyMixin
|
||||
from cartsnitch_api.models.base import Base, UUIDPrimaryKeyMixin
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.price import PriceHistory
|
||||
@@ -27,7 +27,7 @@ if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.user import User
|
||||
|
||||
|
||||
class Purchase(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
class Purchase(UUIDPrimaryKeyMixin, Base):
|
||||
"""A single shopping trip / receipt."""
|
||||
|
||||
__tablename__ = "purchases"
|
||||
@@ -61,7 +61,7 @@ class Purchase(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
)
|
||||
|
||||
|
||||
class PurchaseItem(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
class PurchaseItem(UUIDPrimaryKeyMixin, Base):
|
||||
"""Individual line item on a receipt."""
|
||||
|
||||
__tablename__ = "purchase_items"
|
||||
|
||||
@@ -9,13 +9,13 @@ from sqlalchemy import Date, ForeignKey, Numeric, String
|
||||
from sqlalchemy.orm import Mapped, mapped_column, relationship
|
||||
|
||||
from cartsnitch_api.constants import SizeUnit
|
||||
from cartsnitch_api.models.base import Base, TimestampMixin, UUIDPrimaryKeyMixin
|
||||
from cartsnitch_api.models.base import Base, UUIDPrimaryKeyMixin
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from cartsnitch_api.models.product import NormalizedProduct
|
||||
|
||||
|
||||
class ShrinkflationEvent(UUIDPrimaryKeyMixin, TimestampMixin, Base):
|
||||
class ShrinkflationEvent(UUIDPrimaryKeyMixin, Base):
|
||||
"""Detected shrinkflation event — product size changed while price held or rose."""
|
||||
|
||||
__tablename__ = "shrinkflation_events"
|
||||
|
||||
+7
-2
@@ -3,7 +3,12 @@
|
||||
"collect": {
|
||||
"staticDistDir": "./dist",
|
||||
"url": ["http://localhost:4173/"],
|
||||
"numberOfRuns": 1
|
||||
"numberOfRuns": 1,
|
||||
"settings": {
|
||||
"chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"],
|
||||
"skipAudits": ["bf-cache"],
|
||||
"disableFullPageScreenshot": true
|
||||
}
|
||||
},
|
||||
"assert": {
|
||||
"assertions": {
|
||||
@@ -16,4 +21,4 @@
|
||||
"target": "temporary-public-storage"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+2
-2
@@ -35,7 +35,7 @@ export function useProduct(id: string) {
|
||||
export function usePriceHistory(productId: string) {
|
||||
return useQuery({
|
||||
queryKey: ['priceHistory', productId],
|
||||
queryFn: () => api.get<PriceHistory[]>(`/products/${productId}/price-history`),
|
||||
queryFn: () => api.get<PriceHistory[]>(`/products/${productId}/prices`),
|
||||
enabled: !!productId,
|
||||
})
|
||||
}
|
||||
@@ -50,6 +50,6 @@ export function useCoupons() {
|
||||
export function usePriceAlerts() {
|
||||
return useQuery({
|
||||
queryKey: ['priceAlerts'],
|
||||
queryFn: () => api.get<PriceAlert[]>('/price-alerts'),
|
||||
queryFn: () => api.get<PriceAlert[]>('/alerts'),
|
||||
})
|
||||
}
|
||||
|
||||
+2
-2
@@ -15,7 +15,7 @@ const mockRoutes: Record<string, (path: string) => unknown> = {
|
||||
'/purchases': () => mockPurchases,
|
||||
'/products': () => mockProducts,
|
||||
'/coupons': () => mockCoupons,
|
||||
'/price-alerts': () => mockAlerts,
|
||||
'/alerts': () => mockAlerts,
|
||||
}
|
||||
|
||||
function matchMockRoute<T>(path: string): T | null {
|
||||
@@ -30,7 +30,7 @@ function matchMockRoute<T>(path: string): T | null {
|
||||
}
|
||||
|
||||
// /products/:id/price-history
|
||||
const priceHistoryMatch = path.match(/^\/products\/(.+)\/price-history$/)
|
||||
const priceHistoryMatch = path.match(/^\/products\/(.+)\/prices$/)
|
||||
if (priceHistoryMatch) {
|
||||
return getMockPriceHistory(priceHistoryMatch[1]) as T
|
||||
}
|
||||
|
||||
+8
-2
@@ -31,8 +31,14 @@ export function Login() {
|
||||
throw new Error(authError.message ?? 'Sign in failed')
|
||||
}
|
||||
|
||||
setAuthenticated(true)
|
||||
navigate('/')
|
||||
// After successful signIn, force a session fetch to confirm the cookie is set
|
||||
// before navigating to the protected route
|
||||
const sessionResult = await authClient.getSession()
|
||||
if (sessionResult.data) {
|
||||
navigate('/')
|
||||
} else {
|
||||
setError('Sign in failed. Please try again.')
|
||||
}
|
||||
} catch {
|
||||
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||
setAuthenticated(true)
|
||||
|
||||
@@ -38,8 +38,15 @@ export function Register() {
|
||||
throw new Error(authError.message ?? 'Registration failed')
|
||||
}
|
||||
|
||||
setAuthenticated(true)
|
||||
navigate('/')
|
||||
// After successful signUp, force a session fetch to confirm the cookie is set
|
||||
// before navigating to the protected route
|
||||
const sessionResult = await authClient.getSession()
|
||||
if (sessionResult.data) {
|
||||
navigate('/')
|
||||
} else {
|
||||
// Session not established — show success message and link to login
|
||||
setError('Account created! Please sign in.')
|
||||
}
|
||||
} catch {
|
||||
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||
setAuthenticated(true)
|
||||
|
||||
@@ -61,5 +61,5 @@ export const handlers = [
|
||||
http.get('/api/v1/products', () => HttpResponse.json(mockProducts)),
|
||||
http.get('/api/v1/products/prod_1', () => HttpResponse.json(mockProducts[0])),
|
||||
http.get('/api/v1/coupons', () => HttpResponse.json(mockCoupons)),
|
||||
http.get('/api/v1/price-alerts', () => HttpResponse.json(mockAlerts)),
|
||||
http.get('/api/v1/alerts', () => HttpResponse.json(mockAlerts)),
|
||||
]
|
||||
|
||||
Reference in New Issue
Block a user