- Refactor database.py to use init_db()/close_db() lifecycle
- Add create_db_engine() with pool_size=10, max_overflow=20, pool_pre_ping=True
- Replace cache.py stub with real Redis client using redis.asyncio
- Implement init_redis()/close_redis() with graceful error handling
- Replace no-op lifespan in main.py with proper startup/shutdown
- Enhance health endpoint to check DB and Redis connectivity
- Add tests for database, cache, and health endpoint lifecycle
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Add days query param to GET /public/trends/{product_id} (ge=1, le=365)
- Add category query param to GET /public/store-comparison
- Add category and period query params to GET /public/inflation
- Add boundary and malicious input test cases
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replace hand-rolled JWT auth with Better-Auth session-based authentication.
- Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat,
Postgres adapter mapped to existing users table
- Add Alembic migration (002) creating sessions, accounts, verifications
tables and migrating password hashes to accounts table
- Update FastAPI auth dependency to validate sessions via shared DB
(supports both cookie and Bearer token)
- Remove registration/login/refresh endpoints from API gateway (now
handled by Better-Auth service)
- Update frontend to use better-auth/react client with httpOnly cookies
(no tokens in localStorage or memory)
- Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute
to use session-based auth
- Update all tests to create sessions directly in DB instead of JWT tokens
Resolves CAR-27
See plan: CAR-26#document-plan
Co-Authored-By: Paperclip <noreply@paperclip.ing>
CartSnitch Engineer Bot