fix(auth): change users.id and user_id FKs from uuid to text

Better-Auth generates nanoid-style text IDs (e.g. pGud2ln2WAFHC0KYjBVKR4Rc7mM8OcTI),
but the users table was using PostgreSQL uuid type, causing INSERT failures on
registration. This changes User.id, UserStoreAccount.user_id, and Purchase.user_id
from uuid to text, with a corresponding Alembic migration.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

common/src/cartsnitch_common/models/purchase.py

@@ -32,7 +32,7 @@ class Purchase(UUIDPrimaryKeyMixin, TimestampMixin, Base):
 
     __tablename__ = "purchases"
 
-    user_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("users.id"), nullable=False)
+    user_id: Mapped[str] = mapped_column(ForeignKey("users.id"), nullable=False)
     store_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("stores.id"), nullable=False)
     store_location_id: Mapped[uuid.UUID | None] = mapped_column(ForeignKey("store_locations.id"))
     receipt_id: Mapped[str] = mapped_column(String(200), nullable=False)

common/src/cartsnitch_common/models/user.py

@@ -15,11 +15,12 @@ if TYPE_CHECKING:
     from cartsnitch_common.models.store import Store
 
 
-class User(UUIDPrimaryKeyMixin, TimestampMixin, Base):
+class User(TimestampMixin, Base):
     """Application user."""
 
     __tablename__ = "users"
 
+    id: Mapped[str] = mapped_column(Text, primary_key=True)
     email: Mapped[str] = mapped_column(String(255), nullable=False, unique=True)
     hashed_password: Mapped[str] = mapped_column(String(255), nullable=False)
     display_name: Mapped[str | None] = mapped_column(String(100))
@@ -37,7 +38,7 @@ class UserStoreAccount(UUIDPrimaryKeyMixin, TimestampMixin, Base):
     __tablename__ = "user_store_accounts"
     __table_args__ = (UniqueConstraint("user_id", "store_id", name="uq_user_store_account"),)
 
-    user_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("users.id"), nullable=False)
+    user_id: Mapped[str] = mapped_column(ForeignKey("users.id"), nullable=False)
     store_id: Mapped[uuid.UUID] = mapped_column(ForeignKey("stores.id"), nullable=False)
     # WARNING: Contains retailer session cookies/tokens. Encryption-at-rest
     # required before production deployment (e.g., pgcrypto or app-level encryption).

common/src/cartsnitch_common/schemas/purchase.py

@@ -40,7 +40,7 @@ class PurchaseItemRead(BaseModel):
 
 
 class PurchaseCreate(BaseModel):
-    user_id: uuid.UUID
+    user_id: str
     store_id: uuid.UUID
     store_location_id: uuid.UUID | None = None
     receipt_id: str
@@ -58,7 +58,7 @@ class PurchaseRead(BaseModel):
     model_config = {"from_attributes": True}
 
     id: uuid.UUID
-    user_id: uuid.UUID
+    user_id: str
     store_id: uuid.UUID
     store_location_id: uuid.UUID | None
     receipt_id: str

common/src/cartsnitch_common/schemas/user.py

@@ -17,7 +17,7 @@ class UserCreate(BaseModel):
 class UserRead(BaseModel):
     model_config = {"from_attributes": True}
 
-    id: uuid.UUID
+    id: str
     email: str
     display_name: str | None
     created_at: datetime
@@ -25,8 +25,8 @@ class UserRead(BaseModel):
 
 
 class UserStoreAccountCreate(BaseModel):
-    user_id: uuid.UUID
-    store_id: uuid.UUID
+    user_id: str
+    store_id: str
     session_data: dict | None = None
     status: AccountStatus = AccountStatus.ACTIVE
 
@@ -35,8 +35,8 @@ class UserStoreAccountRead(BaseModel):
     model_config = {"from_attributes": True}
 
     id: uuid.UUID
-    user_id: uuid.UUID
-    store_id: uuid.UUID
+    user_id: str
+    store_id: str
     status: AccountStatus
     session_expires_at: datetime | None
     last_sync_at: datetime | None