From cf164157200e638d2c6b8dcc57548e0e579883b2 Mon Sep 17 00:00:00 2001 From: "Pawla Abdul (Bot)" Date: Sat, 4 Apr 2026 06:17:37 +0000 Subject: [PATCH] fix(api): add server_default to users.email_inbound_token Better-Auth creates users via raw SQL INSERT (not through SQLAlchemy), so it bypasses ORM defaults and causes HTTP 500 on sign-up/sign-in. Adds PostgreSQL server_default so INSERT without email_inbound_token auto-generates a URL-safe token matching Python secrets.token_urlsafe(16). Co-Authored-By: Paperclip --- .../006_email_inbound_token_server_default.py | 32 +++++++++++++++++++ common/src/cartsnitch_common/models/user.py | 10 ++++-- 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 api/alembic/versions/006_email_inbound_token_server_default.py diff --git a/api/alembic/versions/006_email_inbound_token_server_default.py b/api/alembic/versions/006_email_inbound_token_server_default.py new file mode 100644 index 0000000..ac1c678 --- /dev/null +++ b/api/alembic/versions/006_email_inbound_token_server_default.py @@ -0,0 +1,32 @@ +"""Add server_default to users.email_inbound_token. + +Revision ID: 006_email_inbound_token_server_default +Revises: 005_add_email_inbound_token +Create Date: 2026-04-04 +""" + +import sqlalchemy as sa +from alembic import op + +revision = "006_email_inbound_token_server_default" +down_revision = "005_add_email_inbound_token" +branch_labels = None +depends_on = None + + +def upgrade() -> None: + op.alter_column( + "users", + "email_inbound_token", + server_default=sa.text( + "replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')" + ), + ) + + +def downgrade() -> None: + op.alter_column( + "users", + "email_inbound_token", + server_default=None, + ) diff --git a/common/src/cartsnitch_common/models/user.py b/common/src/cartsnitch_common/models/user.py index 68e631b..991123b 100644 --- a/common/src/cartsnitch_common/models/user.py +++ b/common/src/cartsnitch_common/models/user.py @@ -5,7 +5,7 @@ import uuid from datetime import datetime from typing import TYPE_CHECKING -from sqlalchemy import JSON, Boolean, DateTime, ForeignKey, String, Text, UniqueConstraint +from sqlalchemy import JSON, Boolean, DateTime, ForeignKey, String, Text, UniqueConstraint, text from sqlalchemy.orm import Mapped, mapped_column, relationship from cartsnitch_common.constants import AccountStatus @@ -23,7 +23,13 @@ class User(UUIDPrimaryKeyMixin, TimestampMixin, Base): email: Mapped[str] = mapped_column(String(255), nullable=False, unique=True) email_inbound_token: Mapped[str] = mapped_column( - String(22), nullable=False, unique=True, default=lambda: secrets.token_urlsafe(16) + String(22), + nullable=False, + unique=True, + default=lambda: secrets.token_urlsafe(16), + server_default=text( + "replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')" + ), ) hashed_password: Mapped[str | None] = mapped_column(String(255), nullable=True) display_name: Mapped[str | None] = mapped_column(String(100))