forked from cartsnitch/cartsnitch
Compare commits
116 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5464e1a671 | |||
| 9cc1e49d86 | |||
| 2c4e9985b1 | |||
| 821f1d20b3 | |||
| 555ced4fdc | |||
| 4797f07af9 | |||
| 96331c9fa7 | |||
| a4e0b664e1 | |||
| f4bbddd0dd | |||
| 5a97290356 | |||
| 32495b150b | |||
| b39280ee2a | |||
| 752d7ed3d0 | |||
| 1f317a0616 | |||
| 912239a97b | |||
| 59850c0cb4 | |||
| 757444e582 | |||
| 00fe9f14ea | |||
| ff1e1351f1 | |||
| d57a90ed59 | |||
| 7e9f7c0ef9 | |||
| d15893b984 | |||
| 48136a6d8f | |||
| e120aeee2f | |||
| d4e13ef286 | |||
| 4e72e61f6d | |||
| 04965eb89d | |||
| 48a999d569 | |||
| ea2fddc5cb | |||
| 8a44ee9c38 | |||
| 44d9502673 | |||
| 3ac61908f5 | |||
| 2a7f1921b0 | |||
| 22997f5df0 | |||
| 9ca1554333 | |||
| 2460a00d4e | |||
| 8d7e0b44ee | |||
| 9c7cd7454c | |||
| f96daceb0f | |||
| 0c5cce2adc | |||
| e3a0d94236 | |||
| 3f03d46ff5 | |||
| c0c4acb73f | |||
| a35c264823 | |||
| 63752fe5cb | |||
| 9ab585f336 | |||
| 78b3a71450 | |||
| 3216e6a1c2 | |||
| a66583b883 | |||
| 4a7d5131fc | |||
| 56b1ff9a36 | |||
| b660336897 | |||
| af713f422b | |||
| 55ab0b7ceb | |||
| 93a94e9777 | |||
| 1bb669f3ca | |||
| 82978f072b | |||
| 9ba745b5a9 | |||
| c13e640864 | |||
| c7b7494151 | |||
| f023480100 | |||
| 9acaf5e83a | |||
| 4e10c75fd0 | |||
| ffdc26cce5 | |||
| 2e96e8f0a7 | |||
| 88ac74e94c | |||
| 66279716ba | |||
| 15ab4ed38c | |||
| fbd77a9434 | |||
| fef5e86645 | |||
| cf39ed1dcd | |||
| 53ffef0ed1 | |||
| cfad4eab37 | |||
| d8e7a416d2 | |||
| c03e599ae3 | |||
| f051e4b4af | |||
| c715c0e47a | |||
| c968088a3f | |||
| 2b32bfdfe1 | |||
| 16200c5500 | |||
| 1803d09095 | |||
| e29bad9a39 | |||
| 349b519a00 | |||
| 7fc524b593 | |||
| 4e139dc4b6 | |||
| 1ce5d738d1 | |||
| 4c217757c3 | |||
| 121dc5724e | |||
| ee45400c7c | |||
| 6481cf03e4 | |||
| 37c75c3887 | |||
| 8a0b2c03a1 | |||
| aa893d9cc1 | |||
| 91c062130c | |||
| 0aef2455fd | |||
| 6602b8c105 | |||
| dbbc8d2e7b | |||
| 1267caf43c | |||
| 015401861a | |||
| 9891e1aefb | |||
| 69ad161e36 | |||
| 485f890df3 | |||
| bf3ed0ede3 | |||
| 3f41eb7346 | |||
| 6cbd1ef298 | |||
| 94214f762e | |||
| 562c6ef6f6 | |||
| ccc8189d88 | |||
| 86594e4a8e | |||
| c2f1a83c1d | |||
| 6f8e5a9577 | |||
| bbfa816e57 | |||
| 5904eb03a2 | |||
| 87b6433ff7 | |||
| d7c9938f7e | |||
| 02434060ee |
@@ -16,15 +16,15 @@ permissions:
|
||||
security-events: write
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
REGISTRY: git.farh.net
|
||||
IMAGE_NAME: cartsnitch/cartsnitch
|
||||
AUTH_IMAGE_NAME: cartsnitch/auth
|
||||
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
|
||||
API_IMAGE_NAME: cartsnitch/api
|
||||
AUTH_IMAGE_NAME: cartsnitch/auth
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
@@ -38,7 +38,7 @@ jobs:
|
||||
run: npx tsc --noEmit
|
||||
|
||||
test:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
@@ -50,7 +50,7 @@ jobs:
|
||||
run: npx vitest run
|
||||
|
||||
audit:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
@@ -62,7 +62,7 @@ jobs:
|
||||
run: npm audit --audit-level=high
|
||||
|
||||
e2e:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
@@ -74,7 +74,7 @@ jobs:
|
||||
- run: npx playwright test
|
||||
|
||||
lighthouse:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
needs: [test]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
@@ -99,7 +99,7 @@ jobs:
|
||||
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
|
||||
|
||||
build-and-push:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test, e2e]
|
||||
outputs:
|
||||
@@ -134,13 +134,13 @@ jobs:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to GHCR
|
||||
- name: Log in to Gitea registry
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -166,6 +166,8 @@ jobs:
|
||||
- name: Scan frontend image for vulnerabilities
|
||||
uses: anchore/scan-action@v5
|
||||
id: scan
|
||||
env:
|
||||
GRYPE_CONFIG: .grype.yaml
|
||||
with:
|
||||
image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
|
||||
fail-build: true
|
||||
@@ -173,11 +175,7 @@ jobs:
|
||||
only-fixed: "true"
|
||||
output-format: sarif
|
||||
|
||||
- name: Upload frontend scan results to GitHub Security
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||
|
||||
|
||||
- name: Push Docker image
|
||||
if: github.event_name == 'push'
|
||||
@@ -196,99 +194,8 @@ jobs:
|
||||
git tag "v${{ steps.calver.outputs.version }}"
|
||||
git push origin "v${{ steps.calver.outputs.version }}"
|
||||
|
||||
build-and-push-auth:
|
||||
runs-on: runners-cartsnitch
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test, e2e]
|
||||
outputs:
|
||||
calver_tag: ${{ steps.calver.outputs.version }}
|
||||
sha_tag: sha-${{ github.sha }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Generate CalVer tag
|
||||
id: calver
|
||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||
run: |
|
||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
||||
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
|
||||
if [ -z "$EXISTING" ]; then
|
||||
VERSION="$DATE_TAG"
|
||||
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
|
||||
VERSION="${DATE_TAG}.2"
|
||||
else
|
||||
BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
|
||||
VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
|
||||
fi
|
||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to GHCR
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Extract metadata (auth)
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
|
||||
tags: |
|
||||
type=sha,prefix=sha-,format=long
|
||||
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
|
||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
|
||||
|
||||
- name: Build Docker image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: ./auth
|
||||
file: ./auth/Dockerfile
|
||||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Scan auth image for vulnerabilities
|
||||
uses: anchore/scan-action@v5
|
||||
id: scan
|
||||
with:
|
||||
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
|
||||
fail-build: true
|
||||
severity-cutoff: high
|
||||
only-fixed: "true"
|
||||
output-format: sarif
|
||||
|
||||
- name: Upload auth scan results to GitHub Security
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||
|
||||
- name: Push Docker image
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: ./auth
|
||||
file: ./auth/Dockerfile
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
|
||||
build-and-push-receiptwitness:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test]
|
||||
outputs:
|
||||
@@ -317,13 +224,13 @@ jobs:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to GHCR
|
||||
- name: Log in to Gitea registry
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -343,12 +250,16 @@ jobs:
|
||||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Scan receiptwitness image for vulnerabilities
|
||||
uses: anchore/scan-action@v5
|
||||
id: scan
|
||||
env:
|
||||
GRYPE_CONFIG: .grype.yaml
|
||||
with:
|
||||
image: "${{ env.REGISTRY }}/${{ env.RECEIPTWITNESS_IMAGE_NAME }}:sha-${{ github.sha }}"
|
||||
fail-build: true
|
||||
@@ -356,11 +267,7 @@ jobs:
|
||||
only-fixed: "true"
|
||||
output-format: sarif
|
||||
|
||||
- name: Upload receiptwitness scan results to GitHub Security
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||
|
||||
|
||||
- name: Push Docker image
|
||||
if: github.event_name == 'push'
|
||||
@@ -371,10 +278,12 @@ jobs:
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
|
||||
build-and-push-api:
|
||||
runs-on: runners-cartsnitch
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test]
|
||||
outputs:
|
||||
@@ -403,13 +312,13 @@ jobs:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to GHCR
|
||||
- name: Log in to Gitea registry
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata (API)
|
||||
id: meta
|
||||
@@ -429,12 +338,16 @@ jobs:
|
||||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Scan api image for vulnerabilities
|
||||
uses: anchore/scan-action@v5
|
||||
id: scan
|
||||
env:
|
||||
GRYPE_CONFIG: .grype.yaml
|
||||
with:
|
||||
image: "${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }}:sha-${{ github.sha }}"
|
||||
fail-build: true
|
||||
@@ -442,11 +355,7 @@ jobs:
|
||||
only-fixed: "true"
|
||||
output-format: sarif
|
||||
|
||||
- name: Upload api scan results to GitHub Security
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||
|
||||
|
||||
- name: Push Docker image
|
||||
if: github.event_name == 'push'
|
||||
@@ -457,27 +366,108 @@ jobs:
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
|
||||
build-and-push-auth:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'push'
|
||||
needs: [lint, test]
|
||||
outputs:
|
||||
calver_tag: ${{ steps.calver.outputs.version }}
|
||||
sha_tag: sha-${{ github.sha }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Generate CalVer tag
|
||||
id: calver
|
||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||
run: |
|
||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
||||
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
|
||||
if [ -z "$EXISTING" ]; then VERSION="$DATE_TAG"
|
||||
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then VERSION="${DATE_TAG}.2"
|
||||
else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi
|
||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to Gitea registry
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata (auth)
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
|
||||
tags: |
|
||||
type=sha,prefix=sha-,format=long
|
||||
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
|
||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
|
||||
|
||||
- name: Build Docker image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: ./auth
|
||||
file: ./auth/Dockerfile
|
||||
load: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Scan auth image for vulnerabilities
|
||||
uses: anchore/scan-action@v5
|
||||
id: scan
|
||||
env:
|
||||
GRYPE_CONFIG: .grype.yaml
|
||||
with:
|
||||
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
|
||||
fail-build: true
|
||||
severity-cutoff: high
|
||||
only-fixed: "true"
|
||||
output-format: sarif
|
||||
|
||||
|
||||
|
||||
- name: Push Docker image
|
||||
if: github.event_name == 'push'
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: ./auth
|
||||
file: ./auth/Dockerfile
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
build-args: |
|
||||
APT_CACHE_BUST=${{ github.run_id }}
|
||||
cache-from: type=gha
|
||||
|
||||
deploy-dev:
|
||||
runs-on: runners-cartsnitch
|
||||
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
|
||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
|
||||
steps:
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v1
|
||||
with:
|
||||
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: infra
|
||||
|
||||
- name: Checkout infra repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: cartsnitch/infra
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
||||
ref: main
|
||||
path: infra
|
||||
|
||||
@@ -500,22 +490,7 @@ jobs:
|
||||
if: needs.build-and-push.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for auth
|
||||
id: auth_tag
|
||||
run: |
|
||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Update auth image tag
|
||||
if: needs.build-and-push-auth.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch=git.farh.net/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for receiptwitness
|
||||
id: receiptwitness_tag
|
||||
@@ -530,7 +505,7 @@ jobs:
|
||||
if: needs.build-and-push-receiptwitness.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness=git.farh.net/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for api
|
||||
id: api_tag
|
||||
@@ -545,37 +520,44 @@ jobs:
|
||||
if: needs.build-and-push-api.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/api=git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for auth
|
||||
id: auth_tag
|
||||
run: |
|
||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Update auth image tag
|
||||
if: needs.build-and-push-auth.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/dev
|
||||
kustomize edit set image ghcr.io/cartsnitch/auth=git.farh.net/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
||||
|
||||
- name: Commit and push to infra
|
||||
run: |
|
||||
cd infra
|
||||
git config user.name "cartsnitch-ci[bot]"
|
||||
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||
git config user.email "cartsnitch-ci[bot]@users.noreply.git.farh.net"
|
||||
git add apps/overlays/dev/kustomization.yaml
|
||||
git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images"
|
||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||
git commit -m "ci(dev): update cartsnitch, receiptwitness, api, and auth images"
|
||||
git pull --rebase origin main
|
||||
git push origin main
|
||||
|
||||
deploy-uat:
|
||||
runs-on: runners-cartsnitch
|
||||
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
|
||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
|
||||
steps:
|
||||
- name: Generate GitHub App token
|
||||
id: app-token
|
||||
uses: actions/create-github-app-token@v1
|
||||
with:
|
||||
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||
owner: ${{ github.repository_owner }}
|
||||
repositories: infra
|
||||
|
||||
- name: Checkout infra repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: cartsnitch/infra
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
||||
ref: main
|
||||
path: infra
|
||||
|
||||
@@ -598,22 +580,7 @@ jobs:
|
||||
if: needs.build-and-push.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for auth
|
||||
id: auth_tag
|
||||
run: |
|
||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Update auth image tag
|
||||
if: needs.build-and-push-auth.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch=git.farh.net/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for receiptwitness
|
||||
id: receiptwitness_tag
|
||||
@@ -628,7 +595,7 @@ jobs:
|
||||
if: needs.build-and-push-receiptwitness.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness=git.farh.net/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for api
|
||||
id: api_tag
|
||||
@@ -643,14 +610,30 @@ jobs:
|
||||
if: needs.build-and-push-api.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||
kustomize edit set image ghcr.io/cartsnitch/api=git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||
|
||||
- name: Determine image tag for auth
|
||||
id: auth_tag
|
||||
run: |
|
||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Update auth image tag
|
||||
if: needs.build-and-push-auth.result == 'success'
|
||||
run: |
|
||||
cd infra/apps/overlays/uat
|
||||
kustomize edit set image ghcr.io/cartsnitch/auth=git.farh.net/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
||||
|
||||
- name: Commit and push to infra
|
||||
run: |
|
||||
cd infra
|
||||
git config user.name "cartsnitch-ci[bot]"
|
||||
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||
git config user.email "cartsnitch-ci[bot]@users.noreply.git.farh.net"
|
||||
git add apps/overlays/uat/kustomization.yaml
|
||||
git commit -m "ci(uat): update cartsnitch, auth, receiptwitness, and api images"
|
||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||
git commit -m "ci(uat): update cartsnitch, receiptwitness, api, and auth images"
|
||||
git pull --rebase origin main
|
||||
git push origin main
|
||||
+108
@@ -0,0 +1,108 @@
|
||||
ignore:
|
||||
# Python 3.12 CVEs — only fixed in 3.13+, cannot upgrade major version safely
|
||||
- vulnerability: CVE-2025-13836
|
||||
- vulnerability: CVE-2026-4519
|
||||
|
||||
# Chrome CVEs — Playwright bundles Chromium and controls version separately.
|
||||
# Chrome is not a system package that can be upgraded via apt-get upgrade.
|
||||
# These CVEs are specific to the Chromium version bundled with Playwright.
|
||||
# Upstream fix: upgrade Playwright to a version that includes patched Chrome.
|
||||
- vulnerability: CVE-2026-2313
|
||||
- vulnerability: CVE-2026-2314
|
||||
- vulnerability: CVE-2026-2315
|
||||
- vulnerability: CVE-2026-2319
|
||||
- vulnerability: CVE-2026-2321
|
||||
- vulnerability: CVE-2026-2441
|
||||
- vulnerability: CVE-2026-2648
|
||||
- vulnerability: CVE-2026-2649
|
||||
- vulnerability: CVE-2026-2650
|
||||
- vulnerability: CVE-2026-3061
|
||||
- vulnerability: CVE-2026-3062
|
||||
- vulnerability: CVE-2026-3536
|
||||
- vulnerability: CVE-2026-3537
|
||||
- vulnerability: CVE-2026-3538
|
||||
- vulnerability: CVE-2026-3539
|
||||
- vulnerability: CVE-2026-3540
|
||||
- vulnerability: CVE-2026-3541
|
||||
- vulnerability: CVE-2026-3542
|
||||
- vulnerability: CVE-2026-3543
|
||||
- vulnerability: CVE-2026-3544
|
||||
- vulnerability: CVE-2026-3545
|
||||
- vulnerability: CVE-2026-3913
|
||||
- vulnerability: CVE-2026-3914
|
||||
- vulnerability: CVE-2026-3915
|
||||
- vulnerability: CVE-2026-3916
|
||||
- vulnerability: CVE-2026-3917
|
||||
- vulnerability: CVE-2026-3918
|
||||
- vulnerability: CVE-2026-3919
|
||||
- vulnerability: CVE-2026-3920
|
||||
- vulnerability: CVE-2026-3921
|
||||
- vulnerability: CVE-2026-3922
|
||||
- vulnerability: CVE-2026-3923
|
||||
- vulnerability: CVE-2026-3924
|
||||
- vulnerability: CVE-2026-3926
|
||||
- vulnerability: CVE-2026-3931
|
||||
- vulnerability: CVE-2026-3932
|
||||
- vulnerability: CVE-2026-3936
|
||||
- vulnerability: CVE-2026-5858
|
||||
- vulnerability: CVE-2026-5859
|
||||
- vulnerability: CVE-2026-5860
|
||||
- vulnerability: CVE-2026-5861
|
||||
- vulnerability: CVE-2026-5862
|
||||
- vulnerability: CVE-2026-5863
|
||||
- vulnerability: CVE-2026-5865
|
||||
- vulnerability: CVE-2026-5866
|
||||
- vulnerability: CVE-2026-5868
|
||||
- vulnerability: CVE-2026-5870
|
||||
- vulnerability: CVE-2026-5871
|
||||
- vulnerability: CVE-2026-5872
|
||||
- vulnerability: CVE-2026-5873
|
||||
- vulnerability: CVE-2026-5874
|
||||
- vulnerability: CVE-2026-5877
|
||||
- vulnerability: CVE-2026-5879
|
||||
- vulnerability: CVE-2026-5883
|
||||
- vulnerability: CVE-2026-5884
|
||||
- vulnerability: CVE-2026-5902
|
||||
- vulnerability: CVE-2026-5904
|
||||
- vulnerability: CVE-2026-5907
|
||||
- vulnerability: CVE-2026-5908
|
||||
- vulnerability: CVE-2026-5909
|
||||
- vulnerability: CVE-2026-5910
|
||||
- vulnerability: CVE-2026-5912
|
||||
- vulnerability: CVE-2026-5913
|
||||
- vulnerability: CVE-2026-5914
|
||||
- vulnerability: CVE-2026-5915
|
||||
- vulnerability: CVE-2026-6296
|
||||
- vulnerability: CVE-2026-6297
|
||||
- vulnerability: CVE-2026-6299
|
||||
- vulnerability: CVE-2026-6300
|
||||
- vulnerability: CVE-2026-6301
|
||||
- vulnerability: CVE-2026-6302
|
||||
- vulnerability: CVE-2026-6303
|
||||
- vulnerability: CVE-2026-6304
|
||||
- vulnerability: CVE-2026-6305
|
||||
- vulnerability: CVE-2026-6306
|
||||
- vulnerability: CVE-2026-6307
|
||||
- vulnerability: CVE-2026-6308
|
||||
- vulnerability: CVE-2026-6309
|
||||
- vulnerability: CVE-2026-6310
|
||||
- vulnerability: CVE-2026-6311
|
||||
- vulnerability: CVE-2026-6314
|
||||
- vulnerability: CVE-2026-6315
|
||||
- vulnerability: CVE-2026-6316
|
||||
- vulnerability: CVE-2026-6317
|
||||
- vulnerability: CVE-2026-6318
|
||||
- vulnerability: CVE-2026-6319
|
||||
- vulnerability: CVE-2026-6358
|
||||
- vulnerability: CVE-2026-6359
|
||||
- vulnerability: CVE-2026-6360
|
||||
- vulnerability: CVE-2026-6361
|
||||
- vulnerability: CVE-2026-6363
|
||||
|
||||
# Node.js CVE — comes from Playwright's bundled tooling (playwright-core uses Node.js
|
||||
# for its CLI). The system Node.js is not used by receiptwitness service.
|
||||
# Fix requires upgrading Playwright to a version that ships with patched Node.js.
|
||||
- vulnerability: CVE-2026-21710
|
||||
|
||||
# cryptography GHSA — fixed by upgrading to >=46.0 per requirements
|
||||
- vulnerability: GHSA-r6ph-v2qm-q3c2
|
||||
@@ -1 +1,315 @@
|
||||
# CartSnitch
|
||||
|
||||
**Grocery price intelligence — know what you're paying, every time.**
|
||||
|
||||
CartSnitch is a self-hosted grocery price intelligence platform that connects to your store loyalty accounts, tracks prices across retailers, monitors shrinkflation, and helps you find the best deals.
|
||||
|
||||
---
|
||||
|
||||
## Project Overview
|
||||
|
||||
CartSnitch solves the problem of **grocery price opacity**. Most shoppers don't know if they're getting a good deal, whether prices have spiked since their last visit, or if the "sale" is actually a worse price than a competitor. CartSnitch makes prices transparent.
|
||||
|
||||
**Core features:**
|
||||
- Connect Meijer, Kroger, Target loyalty accounts
|
||||
- View purchase history across all stores in one timeline
|
||||
- Track per-item price charts across stores over time
|
||||
- Receive shrinkflation and price increase alerts
|
||||
- Browse active coupons and deals
|
||||
- Generate optimized shopping lists with store-split plans
|
||||
- Public price transparency dashboards
|
||||
|
||||
---
|
||||
|
||||
## Architecture
|
||||
|
||||
CartSnitch is a polyglot microservices platform. The monorepo contains the frontend PWA and core services.
|
||||
|
||||
```
|
||||
┌─────────────────────────────────────────────────────────────────┐
|
||||
│ CartSnitch PWA │
|
||||
│ (React, mobile-first PWA) │
|
||||
└──────────┬────────────────────┬────────────────────┬───────────┘
|
||||
│ │ │
|
||||
▼ ▼ ▼
|
||||
┌──────────────────┐ ┌─────────────────┐ ┌─────────────────────┐
|
||||
│ Auth Service │ │ API Gateway │ │ ReceiptWitness │
|
||||
│ (Better-Auth) │ │ (Python/FastAPI)│ │ (Python/Scrapers) │
|
||||
│ Session mgmt │ │ REST + proxy │ │ Purchase ingestion │
|
||||
└────────┬─────────┘ └────────┬────────┘ └──────────┬──────────┘
|
||||
│ │ │
|
||||
└──────────────────────┼────────────────────────┘
|
||||
▼
|
||||
┌────────────────────────┐
|
||||
│ CloudNativePG (PGSQL) │
|
||||
│ Shared database │
|
||||
└────────────────────────┘
|
||||
```
|
||||
|
||||
### Services in This Repo
|
||||
|
||||
| Directory | Service | Description |
|
||||
|-----------|---------|-------------|
|
||||
| `/` (root) | Frontend | React PWA, mobile-first |
|
||||
| `auth/` | Auth | Better-Auth service — session management, email/password, OAuth |
|
||||
| `api/` | API Gateway | Frontend-facing REST API, Python/FastAPI |
|
||||
| `common/` | Common | Shared Python models, Pydantic schemas, Alembic migrations |
|
||||
| `receiptwitness/` | ReceiptWitness | Purchase data ingestion via retailer scrapers |
|
||||
|
||||
### Other CartSnitch Repos
|
||||
|
||||
| Repo | Service |
|
||||
|------|---------|
|
||||
| `cartsnitch/stickershock` | Price increase detection & CPI comparison |
|
||||
| `cartsnitch/shrinkray` | Shrinkflation monitoring |
|
||||
| `cartsnitch/clipartist` | Coupon/deal watching |
|
||||
| `cartsnitch/infra` | Kubernetes manifests, Flux kustomizations |
|
||||
|
||||
---
|
||||
|
||||
## Tech Stack
|
||||
|
||||
### Frontend
|
||||
- **React 18+** with TypeScript
|
||||
- **Vite** — build tool
|
||||
- **Tailwind CSS v4** — mobile-first responsive design
|
||||
- **Workbox** — service worker, offline caching, PWA manifest
|
||||
- **Recharts** — price trend visualizations
|
||||
- **TanStack Query** — data fetching and caching
|
||||
- **React Router v7** — client-side routing
|
||||
- **Zustand** — lightweight state management
|
||||
|
||||
### Backend Services
|
||||
- **Better-Auth** — authentication (session management, email/password, OAuth)
|
||||
- **Node.js** (API Gateway)
|
||||
- **Python/FastAPI** (API Gateway, ReceiptWitness)
|
||||
- **PostgreSQL** via CloudNativePG
|
||||
- **DragonflyDB** for caching
|
||||
|
||||
### Infrastructure
|
||||
- **Kubernetes** (k3s-compatible)
|
||||
- **Flux CD** — GitOps deployment
|
||||
- **GitHub Actions** — CI/CD
|
||||
- **CalVer** (`YYYY.MM.DD[.N]`) — image tagging
|
||||
- **Bitnami Sealed Secrets** — secret management
|
||||
- **Authentik** — OIDC/OAuth2 provider
|
||||
|
||||
---
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Node.js 20+
|
||||
- npm or pnpm
|
||||
- PostgreSQL (local or containerized)
|
||||
- Docker (for running services locally)
|
||||
|
||||
### Local Development
|
||||
|
||||
1. **Clone the repo**
|
||||
```bash
|
||||
git clone https://github.com/cartsnitch/cartsnitch.git
|
||||
cd cartsnitch
|
||||
```
|
||||
|
||||
2. **Install dependencies**
|
||||
```bash
|
||||
npm install
|
||||
```
|
||||
|
||||
3. **Set up environment variables**
|
||||
```bash
|
||||
cp .env.example .env
|
||||
# Edit .env with your local settings
|
||||
```
|
||||
|
||||
4. **Start the frontend dev server**
|
||||
```bash
|
||||
npm run dev
|
||||
```
|
||||
The PWA will be available at `http://localhost:5173`.
|
||||
|
||||
5. **Run tests**
|
||||
```bash
|
||||
npm test
|
||||
```
|
||||
|
||||
6. **Build for production**
|
||||
```bash
|
||||
npm run build
|
||||
```
|
||||
|
||||
### Running Backend Services Locally
|
||||
|
||||
The frontend PWA communicates with three backend services. For full local development, you'll need to run each service:
|
||||
|
||||
```bash
|
||||
# Auth service (Better-Auth)
|
||||
cd auth
|
||||
npm install
|
||||
npm run dev
|
||||
|
||||
# API Gateway (separate repo: cartsnitch/api)
|
||||
# See api/README.md
|
||||
|
||||
# ReceiptWitness (separate repo: cartsnitch/receiptwitness)
|
||||
# See receiptwitness/README.md
|
||||
```
|
||||
|
||||
### Environment Variables
|
||||
|
||||
| Variable | Description | Default |
|
||||
|----------|-------------|---------|
|
||||
| `VITE_API_URL` | API Gateway base URL | `http://localhost:3000` |
|
||||
| `VITE_AUTH_URL` | Auth service base URL | `http://localhost:3001` |
|
||||
|
||||
---
|
||||
|
||||
## Contributing
|
||||
|
||||
We welcome contributions. Please follow the workflow below.
|
||||
|
||||
### Branching Strategy
|
||||
|
||||
- Branch from `dev`
|
||||
- Use prefix: `feature/`, `fix/`, `docs/`, `chore/`
|
||||
- Examples: `feature/shopping-list-optimization`, `fix/price-chart-zoom`
|
||||
|
||||
### Commit Convention
|
||||
|
||||
We use [Conventional Commits](https://www.conventionalcommits.org/):
|
||||
|
||||
```
|
||||
feat: add shopping list export
|
||||
fix: correct price chart date formatting
|
||||
docs: update API documentation
|
||||
chore: update dependencies
|
||||
```
|
||||
|
||||
### Pull Request Workflow
|
||||
|
||||
1. Open a PR against `dev`
|
||||
2. CI must pass (lint, type check, tests, e2e)
|
||||
3. QA reviews and approves
|
||||
4. CTO merges to `dev`
|
||||
5. Dev deploys automatically
|
||||
6. CTO promotes `dev → uat`
|
||||
7. UAT and security review
|
||||
8. CEO merges `uat → main`
|
||||
9. Production deploys automatically
|
||||
|
||||
**Never push directly to `main`, `dev`, or `uat`.**
|
||||
|
||||
### Code Standards
|
||||
|
||||
- ESLint for linting
|
||||
- TypeScript strict mode
|
||||
- Mobile-first responsive design
|
||||
- Accessibility (WCAG 2.1 AA)
|
||||
|
||||
---
|
||||
|
||||
## Testing
|
||||
|
||||
### Unit Tests
|
||||
|
||||
```bash
|
||||
npm test
|
||||
```
|
||||
|
||||
### E2E Tests (Playwright)
|
||||
|
||||
```bash
|
||||
npm run test:e2e
|
||||
```
|
||||
|
||||
Tests run headless by default. For headed mode:
|
||||
|
||||
```bash
|
||||
npm run test:e2e:headed
|
||||
```
|
||||
|
||||
### Lighthouse CI
|
||||
|
||||
Performance audits run automatically in CI. To run locally:
|
||||
|
||||
```bash
|
||||
npm run build
|
||||
npm run preview
|
||||
# In another terminal:
|
||||
npx lighthouse http://localhost:4173 --output=html --output-path=./report/lighthouse.html
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## CI/CD Pipeline
|
||||
|
||||
All branches (`main`, `dev`, `uat`) run through GitHub Actions on every push.
|
||||
|
||||
### Pipeline Stages
|
||||
|
||||
| Job | Trigger | Purpose |
|
||||
|-----|---------|---------|
|
||||
| `lint` | Every push | ESLint + TypeScript type check |
|
||||
| `test` | Every push | Unit tests via Vitest |
|
||||
| `audit` | Every push | Security vulnerability scan |
|
||||
| `e2e` | Every push | Playwright end-to-end tests |
|
||||
| `lighthouse` | After test | Performance budget check |
|
||||
| `build-and-push` | On push to main/dev/uat | Build and push Docker images to GHCR |
|
||||
| `deploy-dev` | On push to dev or main | Update `cartsnitch/infra` → auto-deploy to dev |
|
||||
| `deploy-uat` | On push to uat or main | Update `cartsnitch/infra` → auto-deploy to uat |
|
||||
|
||||
### Image Tagging
|
||||
|
||||
- **Production (`main`):** CalVer tag (`YYYY.MM.DD[.N]`) + `latest`
|
||||
- **Development (`dev`):** SHA tag (`sha-<short-sha>`)
|
||||
|
||||
### Deployment Environments
|
||||
|
||||
| Environment | Namespace | URL | Trigger |
|
||||
|-------------|-----------|-----|---------|
|
||||
| Dev | `cartsnitch-dev` | `cartsnitch.dev.farh.net` | Push to `dev` branch |
|
||||
| UAT | `cartsnitch-uat` | `cartsnitch.uat.farh.net` | Push to `uat` branch |
|
||||
| Production | `cartsnitch` | `cartsnitch.farh.net` | Push to `main` branch |
|
||||
|
||||
---
|
||||
|
||||
## Deployment
|
||||
|
||||
### Infrastructure
|
||||
|
||||
The infrastructure repository ([cartsnitch/infra](https://github.com/cartsnitch/infra)) contains Kubernetes manifests and Flux Kustomize overlays.
|
||||
|
||||
### Flux GitOps Flow
|
||||
|
||||
1. CI builds and pushes a new Docker image
|
||||
2. CI opens a PR to `cartsnitch/infra` updating the image tag
|
||||
3. On merge, Flux reconciles the manifests and rolls out the new image
|
||||
|
||||
### Forcing a Rollout
|
||||
|
||||
To force pods to pick up a new `:latest` image:
|
||||
|
||||
```bash
|
||||
kubectl rollout restart deployment/<name> -n <namespace>
|
||||
```
|
||||
|
||||
### Secrets
|
||||
|
||||
Secrets are managed via **Bitnami Sealed Secrets**. No plain Kubernetes secrets are used.
|
||||
|
||||
---
|
||||
|
||||
## Related Projects
|
||||
|
||||
- [StickerShock](https://github.com/cartsnitch/stickershock) — Price increase detection
|
||||
- [ShrinkRay](https://github.com/cartsnitch/shrinkray) — Shrinkflation monitoring
|
||||
- [ClipArtist](https://github.com/cartsnitch/clipartist) — Coupon/deal optimization
|
||||
- [Infra](https://github.com/cartsnitch/infra) — Kubernetes infrastructure
|
||||
|
||||
---
|
||||
|
||||
## License
|
||||
|
||||
MIT © 2025 CartSnitch
|
||||
|
||||
@@ -15,7 +15,7 @@ permissions:
|
||||
packages: write
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
REGISTRY: git.farh.net
|
||||
IMAGE_NAME: cartsnitch/api
|
||||
|
||||
jobs:
|
||||
@@ -130,13 +130,13 @@ jobs:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Log in to GHCR
|
||||
- name: Log in to Gitea registry
|
||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
||||
|
||||
- name: Extract metadata
|
||||
id: meta
|
||||
@@ -1,5 +1,6 @@
|
||||
FROM python:3.12-slim AS build
|
||||
|
||||
ARG APT_CACHE_BUST=0
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
libpq-dev \
|
||||
build-essential \
|
||||
@@ -12,6 +13,7 @@ RUN pip install --no-cache-dir --prefix=/install .
|
||||
|
||||
FROM python:3.12-slim AS prod
|
||||
|
||||
ARG APT_CACHE_BUST=0
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends libpq5 && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@@ -1,9 +1,41 @@
|
||||
"""Redis/DragonflyDB caching helpers."""
|
||||
|
||||
import logging
|
||||
from typing import TYPE_CHECKING
|
||||
|
||||
import redis.asyncio as redis
|
||||
from redis.asyncio import Redis
|
||||
|
||||
from cartsnitch_api.config import settings
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from cartsnitch_api.config import Settings
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
_redis: "Redis | None" = None
|
||||
|
||||
|
||||
def get_settings() -> "Settings":
|
||||
return settings
|
||||
|
||||
|
||||
async def init_redis() -> None:
|
||||
global _redis
|
||||
_redis = redis.from_url(settings.redis_url)
|
||||
await _redis.ping()
|
||||
|
||||
|
||||
async def close_redis() -> None:
|
||||
global _redis
|
||||
if _redis is not None:
|
||||
await _redis.aclose()
|
||||
_redis = None
|
||||
|
||||
|
||||
def get_redis() -> Redis | None:
|
||||
return _redis
|
||||
|
||||
|
||||
class CacheClient:
|
||||
"""Redis/DragonflyDB caching with connection pooling.
|
||||
@@ -47,5 +79,30 @@ class CacheClient:
|
||||
return
|
||||
await self._client.delete(key)
|
||||
|
||||
async def invalidate_price_cache(self, product_id: str) -> None:
|
||||
"""Invalidate all price-related cache entries for a product."""
|
||||
if not self._client:
|
||||
return
|
||||
pattern = f"price:*:{product_id}"
|
||||
await self._delete_pattern(pattern)
|
||||
|
||||
async def invalidate_product_cache(self, product_id: str) -> None:
|
||||
"""Invalidate the product detail cache entry."""
|
||||
if not self._client:
|
||||
return
|
||||
await self._client.delete(f"product:{product_id}")
|
||||
|
||||
async def _delete_pattern(self, pattern: str) -> None:
|
||||
"""Delete all keys matching a pattern using SCAN."""
|
||||
if not self._client:
|
||||
return
|
||||
cursor = 0
|
||||
while True:
|
||||
cursor, keys = await self._client.scan(cursor=cursor, match=pattern, count=100)
|
||||
if keys:
|
||||
await self._client.delete(*keys)
|
||||
if cursor == 0:
|
||||
break
|
||||
|
||||
|
||||
cache_client = CacheClient()
|
||||
|
||||
@@ -32,6 +32,9 @@ class Settings(BaseSettings):
|
||||
|
||||
rate_limit_requests: int = 60
|
||||
rate_limit_window_seconds: int = 60
|
||||
rate_limit_auth_requests: int = 5
|
||||
rate_limit_auth_window_seconds: int = 60
|
||||
rate_limit_redis_enabled: bool = True
|
||||
rate_limit_enabled: bool = True
|
||||
|
||||
_PLACEHOLDER_VALUES = {"change-me-in-production"}
|
||||
@@ -72,7 +75,9 @@ class Settings(BaseSettings):
|
||||
def normalize_database_url(self):
|
||||
"""Normalize postgresql:// → postgresql+asyncpg:// for the asyncpg driver."""
|
||||
if self.database_url.startswith("postgresql://"):
|
||||
self.database_url = self.database_url.replace("postgresql://", "postgresql+asyncpg://", 1)
|
||||
self.database_url = self.database_url.replace(
|
||||
"postgresql://", "postgresql+asyncpg://", 1
|
||||
)
|
||||
return self
|
||||
|
||||
|
||||
|
||||
@@ -1,28 +1,60 @@
|
||||
"""Database session management for the API gateway."""
|
||||
|
||||
from collections.abc import AsyncGenerator
|
||||
from typing import TYPE_CHECKING
|
||||
|
||||
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
|
||||
|
||||
from cartsnitch_api.config import settings
|
||||
|
||||
engine = create_async_engine(
|
||||
settings.database_url,
|
||||
echo=False,
|
||||
pool_size=10,
|
||||
max_overflow=20,
|
||||
pool_pre_ping=True,
|
||||
pool_recycle=3600,
|
||||
)
|
||||
async_session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
|
||||
if TYPE_CHECKING:
|
||||
from sqlalchemy.engine import Engine
|
||||
|
||||
|
||||
_engine: "Engine | None" = None
|
||||
async_session_factory: async_sessionmaker[AsyncSession] | None = None
|
||||
|
||||
|
||||
def create_db_engine():
|
||||
return create_async_engine(
|
||||
settings.database_url,
|
||||
pool_size=10,
|
||||
max_overflow=20,
|
||||
pool_pre_ping=True,
|
||||
pool_recycle=3600,
|
||||
echo=False,
|
||||
)
|
||||
|
||||
|
||||
async def init_db() -> None:
|
||||
global _engine, async_session_factory
|
||||
_engine = create_db_engine()
|
||||
async_session_factory = async_sessionmaker(_engine, class_=AsyncSession, expire_on_commit=False)
|
||||
|
||||
|
||||
async def close_db() -> None:
|
||||
global _engine, async_session_factory
|
||||
if _engine is not None:
|
||||
await _engine.dispose()
|
||||
_engine = None
|
||||
async_session_factory = None
|
||||
|
||||
|
||||
def get_engine():
|
||||
return _engine
|
||||
|
||||
|
||||
async def get_db() -> AsyncGenerator[AsyncSession, None]:
|
||||
"""FastAPI dependency that yields an async DB session."""
|
||||
if async_session_factory is None:
|
||||
raise RuntimeError("Database not initialized. Call init_db() first.")
|
||||
async with async_session_factory() as session:
|
||||
yield session
|
||||
|
||||
|
||||
async def dispose_engine() -> None:
|
||||
"""Dispose the database engine, closing all pooled connections."""
|
||||
await engine.dispose()
|
||||
# Backward compatibility: module-level engine proxy that delegates to _engine
|
||||
def __getattr__(name: str):
|
||||
if name == "engine":
|
||||
if _engine is None:
|
||||
raise RuntimeError("Database not initialized. Call init_db() first.")
|
||||
return _engine
|
||||
raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
|
||||
|
||||
@@ -6,7 +6,6 @@ from fastapi import APIRouter, FastAPI
|
||||
|
||||
from cartsnitch_api.auth.routes import router as auth_router
|
||||
from cartsnitch_api.cache import cache_client
|
||||
from cartsnitch_api.database import dispose_engine
|
||||
from cartsnitch_api.middleware.cors import add_cors_middleware
|
||||
from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
|
||||
from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
|
||||
@@ -26,10 +25,14 @@ from cartsnitch_api.routes.user import router as user_router
|
||||
|
||||
@asynccontextmanager
|
||||
async def lifespan(app: FastAPI):
|
||||
await cache_client.initialize()
|
||||
from cartsnitch_api.database import init_db, close_db
|
||||
from cartsnitch_api.cache import init_redis, close_redis
|
||||
|
||||
await init_db()
|
||||
await init_redis()
|
||||
yield
|
||||
await cache_client.close()
|
||||
await dispose_engine()
|
||||
await close_redis()
|
||||
await close_db()
|
||||
|
||||
|
||||
def create_app() -> FastAPI:
|
||||
|
||||
@@ -5,18 +5,31 @@ Per-IP limiting on public endpoints, per-token limiting on authenticated endpoin
|
||||
"""
|
||||
|
||||
import hashlib
|
||||
import logging
|
||||
import time
|
||||
import uuid
|
||||
from collections import defaultdict
|
||||
from threading import Lock
|
||||
from typing import Protocol
|
||||
|
||||
from fastapi import FastAPI, Request, status
|
||||
from fastapi.responses import JSONResponse
|
||||
from redis.asyncio import Redis, RedisError
|
||||
from starlette.middleware.base import BaseHTTPMiddleware
|
||||
|
||||
from cartsnitch_api.config import settings
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
class _SlidingWindowCounter:
|
||||
|
||||
class RateLimitBackend(Protocol):
|
||||
"""Protocol for rate limit backends."""
|
||||
|
||||
async def is_allowed(self, key: str) -> tuple[bool, int, int]:
|
||||
"""Check if request is allowed. Returns (allowed, remaining, retry_after)."""
|
||||
|
||||
|
||||
class InMemorySlidingWindow:
|
||||
"""Thread-safe in-memory sliding window rate limiter."""
|
||||
|
||||
def __init__(self, max_requests: int, window_seconds: int) -> None:
|
||||
@@ -25,13 +38,12 @@ class _SlidingWindowCounter:
|
||||
self._hits: dict[str, list[float]] = defaultdict(list)
|
||||
self._lock = Lock()
|
||||
|
||||
def is_allowed(self, key: str) -> tuple[bool, int, int]:
|
||||
async def is_allowed(self, key: str) -> tuple[bool, int, int]:
|
||||
"""Check if request is allowed. Returns (allowed, remaining, retry_after)."""
|
||||
now = time.monotonic()
|
||||
cutoff = now - self.window_seconds
|
||||
|
||||
with self._lock:
|
||||
# Prune expired entries
|
||||
self._hits[key] = [t for t in self._hits[key] if t > cutoff]
|
||||
|
||||
current_count = len(self._hits[key])
|
||||
@@ -44,15 +56,84 @@ class _SlidingWindowCounter:
|
||||
return True, remaining, 0
|
||||
|
||||
|
||||
# Module-level counters — one for public (per-IP), one for auth (per-token)
|
||||
_public_limiter = _SlidingWindowCounter(
|
||||
max_requests=settings.rate_limit_requests,
|
||||
window_seconds=settings.rate_limit_window_seconds,
|
||||
)
|
||||
_auth_limiter = _SlidingWindowCounter(
|
||||
max_requests=settings.rate_limit_requests * 5, # 300/min for authenticated users
|
||||
window_seconds=settings.rate_limit_window_seconds,
|
||||
)
|
||||
class RedisSlidingWindow:
|
||||
"""Redis-backed sliding window rate limiter using sorted sets."""
|
||||
|
||||
def __init__(self, redis: Redis, max_requests: int, window_seconds: int) -> None:
|
||||
self.redis = redis
|
||||
self.max_requests = max_requests
|
||||
self.window_seconds = window_seconds
|
||||
|
||||
async def is_allowed(self, key: str) -> tuple[bool, int, int]:
|
||||
"""Check if request is allowed. Returns (allowed, remaining, retry_after)."""
|
||||
try:
|
||||
now = time.monotonic()
|
||||
cutoff = now - self.window_seconds
|
||||
now_ms = int(now * 1000)
|
||||
cutoff_ms = int(cutoff * 1000)
|
||||
|
||||
pipe = self.redis.pipeline()
|
||||
pipe.zremrangebyscore(key, 0, cutoff_ms)
|
||||
pipe.zcard(key)
|
||||
results = await pipe.execute()
|
||||
|
||||
current_count = results[1]
|
||||
|
||||
if current_count >= self.max_requests:
|
||||
oldest = await self.redis.zrange(key, 0, 0, withscores=True)
|
||||
if oldest:
|
||||
retry_after = int((oldest[0][1] - cutoff) / 1000) + 1
|
||||
else:
|
||||
retry_after = self.window_seconds
|
||||
return False, 0, retry_after
|
||||
|
||||
member = f"{now_ms}:{uuid.uuid4().hex[:8]}"
|
||||
pipe = self.redis.pipeline()
|
||||
pipe.zadd(key, {member: now_ms})
|
||||
pipe.expire(key, self.window_seconds)
|
||||
await pipe.execute()
|
||||
|
||||
remaining = self.max_requests - current_count - 1
|
||||
return True, remaining, 0
|
||||
|
||||
except RedisError as e:
|
||||
logger.warning("Redis rate limit error, falling back to in-memory: %s", e)
|
||||
in_memory = InMemorySlidingWindow(self.max_requests, self.window_seconds)
|
||||
return await in_memory.is_allowed(key)
|
||||
|
||||
|
||||
_redis_client: Redis | None = None
|
||||
_use_redis = False
|
||||
|
||||
if settings.rate_limit_redis_enabled:
|
||||
try:
|
||||
_redis_client = Redis.from_url(settings.redis_url)
|
||||
_use_redis = True
|
||||
logger.info("Rate limiting will use Redis at %s", settings.redis_url)
|
||||
except Exception as e:
|
||||
logger.warning("Failed to connect to Redis for rate limiting, using in-memory: %s", e)
|
||||
_use_redis = False
|
||||
|
||||
if _use_redis and _redis_client:
|
||||
_public_limiter = RedisSlidingWindow(
|
||||
_redis_client, settings.rate_limit_requests, settings.rate_limit_window_seconds
|
||||
)
|
||||
_auth_limiter = RedisSlidingWindow(
|
||||
_redis_client, settings.rate_limit_requests * 5, settings.rate_limit_window_seconds
|
||||
)
|
||||
_auth_strict_limiter = RedisSlidingWindow(
|
||||
_redis_client, settings.rate_limit_auth_requests, settings.rate_limit_auth_window_seconds
|
||||
)
|
||||
else:
|
||||
_public_limiter = InMemorySlidingWindow(
|
||||
settings.rate_limit_requests, settings.rate_limit_window_seconds
|
||||
)
|
||||
_auth_limiter = InMemorySlidingWindow(
|
||||
settings.rate_limit_requests * 5, settings.rate_limit_window_seconds
|
||||
)
|
||||
_auth_strict_limiter = InMemorySlidingWindow(
|
||||
settings.rate_limit_auth_requests, settings.rate_limit_auth_window_seconds
|
||||
)
|
||||
|
||||
|
||||
def _get_client_ip(request: Request) -> str:
|
||||
@@ -63,30 +144,30 @@ def _get_client_ip(request: Request) -> str:
|
||||
return request.client.host if request.client else "unknown"
|
||||
|
||||
|
||||
def _get_rate_limit_key(request: Request) -> tuple[str, _SlidingWindowCounter]:
|
||||
def _get_rate_limit_key(request: Request) -> tuple[str, RateLimitBackend]:
|
||||
"""Determine rate limit key and which limiter to use."""
|
||||
if request.url.path.startswith("/public"):
|
||||
return f"ip:{_get_client_ip(request)}", _public_limiter
|
||||
|
||||
# For authenticated endpoints, use Bearer token as key if present
|
||||
if request.url.path.startswith("/auth/") and request.method == "POST":
|
||||
return f"ip:{_get_client_ip(request)}", _auth_strict_limiter
|
||||
|
||||
auth_header = request.headers.get("authorization", "")
|
||||
if auth_header.startswith("Bearer "):
|
||||
token = auth_header[7:]
|
||||
token_hash = hashlib.sha256(token.encode()).hexdigest()
|
||||
return f"token:{token_hash}", _auth_limiter
|
||||
|
||||
# Fallback to IP for unauthenticated non-public endpoints
|
||||
return f"ip:{_get_client_ip(request)}", _public_limiter
|
||||
|
||||
|
||||
class RateLimitMiddleware(BaseHTTPMiddleware):
|
||||
async def dispatch(self, request: Request, call_next):
|
||||
# Skip rate limiting when disabled (e.g. in tests) or for health checks
|
||||
if not settings.rate_limit_enabled or request.url.path == "/health":
|
||||
return await call_next(request)
|
||||
|
||||
key, limiter = _get_rate_limit_key(request)
|
||||
allowed, remaining, retry_after = limiter.is_allowed(key)
|
||||
allowed, remaining, retry_after = await limiter.is_allowed(key)
|
||||
|
||||
if not allowed:
|
||||
return JSONResponse(
|
||||
|
||||
@@ -1,8 +1,11 @@
|
||||
"""Health check and error metrics endpoints."""
|
||||
|
||||
from fastapi import APIRouter, Depends
|
||||
from sqlalchemy import text
|
||||
|
||||
from cartsnitch_api.auth.dependencies import verify_service_key
|
||||
from cartsnitch_api.cache import get_redis
|
||||
from cartsnitch_api.database import get_engine
|
||||
from cartsnitch_api.middleware.error_handler import get_error_monitor
|
||||
|
||||
router = APIRouter(tags=["health"])
|
||||
@@ -10,7 +13,27 @@ router = APIRouter(tags=["health"])
|
||||
|
||||
@router.get("/health")
|
||||
async def health():
|
||||
return {"status": "ok"}
|
||||
engine = get_engine()
|
||||
db_ok = False
|
||||
redis_ok = False
|
||||
|
||||
try:
|
||||
async with engine.connect() as conn:
|
||||
await conn.execute(text("SELECT 1"))
|
||||
db_ok = True
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
try:
|
||||
r = get_redis()
|
||||
if r:
|
||||
await r.ping()
|
||||
redis_ok = True
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
status = "ok" if db_ok else "degraded"
|
||||
return {"status": status, "db": db_ok, "redis": redis_ok}
|
||||
|
||||
|
||||
@router.get("/internal/error-stats", dependencies=[Depends(verify_service_key)])
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
"""Tests for Redis/DragonflyDB caching lifecycle."""
|
||||
|
||||
import pytest
|
||||
|
||||
from cartsnitch_api.cache import CacheClient, close_redis, get_redis, init_redis
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_init_redis_creates_client():
|
||||
"""Test that init_redis creates the Redis client."""
|
||||
await init_redis()
|
||||
try:
|
||||
r = get_redis()
|
||||
assert r is not None
|
||||
await r.ping()
|
||||
finally:
|
||||
await close_redis()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_close_redis_clears_client():
|
||||
"""Test that close_redis properly closes and clears the client."""
|
||||
await init_redis()
|
||||
await close_redis()
|
||||
assert get_redis() is None
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_cache_client_get_returns_none_when_not_connected():
|
||||
"""Test that CacheClient.get returns None gracefully when Redis is down."""
|
||||
client = CacheClient()
|
||||
# Without init_redis, get should return None
|
||||
result = await client.get("test-key")
|
||||
assert result is None
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_cache_client_set_does_not_raise_when_not_connected():
|
||||
"""Test that CacheClient.set does not raise when Redis is down."""
|
||||
client = CacheClient()
|
||||
# Without init_redis, set should not raise
|
||||
await client.set("test-key", "test-value", ttl_seconds=60)
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_cache_client_delete_does_not_raise_when_not_connected():
|
||||
"""Test that CacheClient.delete does not raise when Redis is down."""
|
||||
client = CacheClient()
|
||||
# Without init_redis, delete should not raise
|
||||
await client.delete("test-key")
|
||||
@@ -0,0 +1,62 @@
|
||||
"""Tests for database initialization and lifecycle."""
|
||||
|
||||
import pytest
|
||||
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
|
||||
|
||||
from cartsnitch_api.database import (
|
||||
close_db,
|
||||
create_db_engine,
|
||||
get_engine,
|
||||
init_db,
|
||||
)
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_db_engine_creates_engine_with_pool_settings():
|
||||
"""Test that create_db_engine creates engine with correct pool settings."""
|
||||
engine = create_db_engine()
|
||||
assert engine is not None
|
||||
pool = engine.pool
|
||||
assert pool.size() == 10
|
||||
assert pool._max_overflow == 20
|
||||
await engine.dispose()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_init_db_sets_engine_and_factory():
|
||||
"""Test that init_db properly initializes the engine and session factory."""
|
||||
await init_db()
|
||||
try:
|
||||
eng = get_engine()
|
||||
assert eng is not None
|
||||
from cartsnitch_api import database
|
||||
|
||||
assert database.async_session_factory is not None
|
||||
finally:
|
||||
await close_db()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_close_db_disposes_engine():
|
||||
"""Test that close_db properly disposes the engine."""
|
||||
await init_db()
|
||||
await close_db()
|
||||
assert get_engine() is None
|
||||
from cartsnitch_api import database
|
||||
|
||||
assert database.async_session_factory is None
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_db_yields_session_after_init():
|
||||
"""Test that get_db yields working sessions after init_db."""
|
||||
await init_db()
|
||||
try:
|
||||
from cartsnitch_api.database import get_db
|
||||
|
||||
gen = get_db()
|
||||
session = await gen.__anext__()
|
||||
assert isinstance(session, AsyncSession)
|
||||
await gen.aclose()
|
||||
finally:
|
||||
await close_db()
|
||||
@@ -1,49 +1,184 @@
|
||||
"""Tests for rate limiting middleware."""
|
||||
|
||||
from unittest.mock import MagicMock
|
||||
import time
|
||||
from unittest.mock import AsyncMock, MagicMock, patch
|
||||
|
||||
import pytest
|
||||
|
||||
from cartsnitch_api.middleware.rate_limit import _SlidingWindowCounter, _get_rate_limit_key
|
||||
from cartsnitch_api.config import settings
|
||||
from cartsnitch_api.middleware.rate_limit import (
|
||||
InMemorySlidingWindow,
|
||||
RedisSlidingWindow,
|
||||
_get_client_ip,
|
||||
_get_rate_limit_key,
|
||||
)
|
||||
|
||||
|
||||
class TestSlidingWindowCounter:
|
||||
class TestInMemorySlidingWindow:
|
||||
def test_allows_within_limit(self):
|
||||
counter = _SlidingWindowCounter(max_requests=5, window_seconds=60)
|
||||
limiter = InMemorySlidingWindow(max_requests=5, window_seconds=60)
|
||||
for i in range(5):
|
||||
allowed, remaining, retry = counter.is_allowed("test-key")
|
||||
allowed, remaining, retry = limiter.is_allowed("test-key")
|
||||
assert allowed is True
|
||||
assert remaining == 4 - i
|
||||
|
||||
def test_blocks_over_limit(self):
|
||||
counter = _SlidingWindowCounter(max_requests=3, window_seconds=60)
|
||||
limiter = InMemorySlidingWindow(max_requests=3, window_seconds=60)
|
||||
for _ in range(3):
|
||||
counter.is_allowed("test-key")
|
||||
limiter.is_allowed("test-key")
|
||||
|
||||
allowed, remaining, retry = counter.is_allowed("test-key")
|
||||
allowed, remaining, retry = limiter.is_allowed("test-key")
|
||||
assert allowed is False
|
||||
assert remaining == 0
|
||||
assert retry > 0
|
||||
|
||||
def test_separate_keys(self):
|
||||
counter = _SlidingWindowCounter(max_requests=2, window_seconds=60)
|
||||
# Fill key-a
|
||||
counter.is_allowed("key-a")
|
||||
counter.is_allowed("key-a")
|
||||
allowed_a, _, _ = counter.is_allowed("key-a")
|
||||
limiter = InMemorySlidingWindow(max_requests=2, window_seconds=60)
|
||||
limiter.is_allowed("key-a")
|
||||
limiter.is_allowed("key-a")
|
||||
allowed_a, _, _ = limiter.is_allowed("key-a")
|
||||
assert allowed_a is False
|
||||
|
||||
# key-b should still be allowed
|
||||
allowed_b, remaining, _ = counter.is_allowed("key-b")
|
||||
allowed_b, remaining, _ = limiter.is_allowed("key-b")
|
||||
assert allowed_b is True
|
||||
assert remaining == 1
|
||||
|
||||
def test_resets_after_window_expires(self):
|
||||
limiter = InMemorySlidingWindow(max_requests=2, window_seconds=1)
|
||||
for _ in range(2):
|
||||
limiter.is_allowed("test-key")
|
||||
allowed, remaining, _ = limiter.is_allowed("test-key")
|
||||
assert allowed is False
|
||||
|
||||
time.sleep(1.1)
|
||||
allowed, remaining, _ = limiter.is_allowed("test-key")
|
||||
assert allowed is True
|
||||
assert remaining == 1
|
||||
|
||||
|
||||
class TestGetClientIp:
|
||||
def test_x_forwarded_for_single(self):
|
||||
req = MagicMock()
|
||||
req.headers = {"x-forwarded-for": "192.168.1.1"}
|
||||
req.client = None
|
||||
assert _get_client_ip(req) == "192.168.1.1"
|
||||
|
||||
def test_x_forwarded_for_multiple(self):
|
||||
req = MagicMock()
|
||||
req.headers = {"x-forwarded-for": "192.168.1.1, 10.0.0.1, 172.16.0.1"}
|
||||
req.client = None
|
||||
assert _get_client_ip(req) == "192.168.1.1"
|
||||
|
||||
def test_x_forwarded_for_with_port(self):
|
||||
req = MagicMock()
|
||||
req.headers = {"x-forwarded-for": "192.168.1.1:8080"}
|
||||
req.client = None
|
||||
assert _get_client_ip(req) == "192.168.1.1"
|
||||
|
||||
def test_no_forwarded_header(self):
|
||||
req = MagicMock()
|
||||
req.headers = {}
|
||||
req.client.host = "127.0.0.1"
|
||||
assert _get_client_ip(req) == "127.0.0.1"
|
||||
|
||||
def test_no_client(self):
|
||||
req = MagicMock()
|
||||
req.headers = {}
|
||||
req.client = None
|
||||
assert _get_client_ip(req) == "unknown"
|
||||
|
||||
|
||||
class TestGetRateLimitKey:
|
||||
def _make_request(
|
||||
self,
|
||||
path: str = "/purchases",
|
||||
method: str = "GET",
|
||||
auth_header: str = "",
|
||||
headers: dict | None = None,
|
||||
) -> MagicMock:
|
||||
req = MagicMock()
|
||||
req.url.path = path
|
||||
req.method = method
|
||||
req.headers = dict(headers) if headers else {}
|
||||
if auth_header:
|
||||
req.headers["authorization"] = auth_header
|
||||
return req
|
||||
|
||||
def test_public_path_uses_public_limiter(self):
|
||||
req = self._make_request("/public/inflation")
|
||||
key, limiter = _get_rate_limit_key(req)
|
||||
assert key.startswith("ip:")
|
||||
assert limiter.max_requests == settings.rate_limit_requests
|
||||
|
||||
def test_auth_post_path_uses_strict_limiter(self):
|
||||
req = self._make_request("/auth/login", method="POST")
|
||||
key, limiter = _get_rate_limit_key(req)
|
||||
assert key.startswith("ip:")
|
||||
assert limiter.max_requests == settings.rate_limit_auth_requests
|
||||
assert limiter.window_seconds == settings.rate_limit_auth_window_seconds
|
||||
|
||||
def test_auth_get_path_uses_auth_limiter(self):
|
||||
req = self._make_request("/auth/me", method="GET")
|
||||
key, limiter = _get_rate_limit_key(req)
|
||||
assert key.startswith("ip:")
|
||||
assert limiter.max_requests == settings.rate_limit_requests * 5
|
||||
|
||||
def test_authenticated_token_uses_auth_limiter(self):
|
||||
req = self._make_request("/purchases", auth_header="Bearer token123")
|
||||
key, limiter = _get_rate_limit_key(req)
|
||||
assert key.startswith("token:")
|
||||
assert limiter.max_requests == settings.rate_limit_requests * 5
|
||||
|
||||
def test_distinct_tokens_produce_distinct_keys(self):
|
||||
req1 = self._make_request("/purchases", auth_header="Bearer token_alpha_12345")
|
||||
req2 = self._make_request("/purchases", auth_header="Bearer token_beta_67890")
|
||||
key1, _ = _get_rate_limit_key(req1)
|
||||
key2, _ = _get_rate_limit_key(req2)
|
||||
assert key1 != key2
|
||||
|
||||
def test_same_token_produces_same_key(self):
|
||||
req1 = self._make_request("/purchases", auth_header="Bearer same_token_value_abc")
|
||||
req2 = self._make_request("/purchases", auth_header="Bearer same_token_value_abc")
|
||||
key1, _ = _get_rate_limit_key(req1)
|
||||
key2, _ = _get_rate_limit_key(req2)
|
||||
assert key1 == key2
|
||||
|
||||
def test_key_does_not_contain_raw_token_suffix(self):
|
||||
raw_token = "my_secret_jwt_token_xyz"
|
||||
req = self._make_request("/purchases", auth_header=f"Bearer {raw_token}")
|
||||
key, _ = _get_rate_limit_key(req)
|
||||
assert raw_token[-16:] not in key
|
||||
assert raw_token not in key
|
||||
|
||||
|
||||
class TestRedisSlidingWindowFallback:
|
||||
@pytest.mark.asyncio
|
||||
async def test_fallback_on_redis_connection_error(self):
|
||||
mock_redis = AsyncMock()
|
||||
mock_redis.pipeline.return_value = AsyncMock()
|
||||
pipe_mock = AsyncMock()
|
||||
pipe_mock.execute.side_effect = Exception("Connection refused")
|
||||
mock_redis.pipeline.return_value = pipe_mock
|
||||
|
||||
limiter = RedisSlidingWindow(mock_redis, max_requests=5, window_seconds=60)
|
||||
allowed, remaining, retry = await limiter.is_allowed("test-key")
|
||||
assert allowed is True
|
||||
assert remaining == 4
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_fallback_on_redis_error_during_pipeline(self):
|
||||
mock_redis = AsyncMock()
|
||||
pipe_mock = AsyncMock()
|
||||
pipe_mock.execute.side_effect = Exception("Redis error")
|
||||
mock_redis.pipeline.return_value = pipe_mock
|
||||
|
||||
limiter = RedisSlidingWindow(mock_redis, max_requests=3, window_seconds=60)
|
||||
allowed, remaining, retry = await limiter.is_allowed("test-key")
|
||||
assert allowed is True
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_rate_limit_returns_429(client):
|
||||
"""Public endpoint should return 429 after limit exceeded."""
|
||||
# The default limit is 60/min — we won't hit it in normal tests,
|
||||
# but we verify the middleware adds rate limit headers.
|
||||
resp = await client.get("/public/inflation")
|
||||
assert "x-ratelimit-limit" in resp.headers
|
||||
assert "x-ratelimit-remaining" in resp.headers
|
||||
@@ -51,36 +186,6 @@ async def test_rate_limit_returns_429(client):
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_health_skips_rate_limit(client):
|
||||
"""Health endpoint should not have rate limit headers."""
|
||||
resp = await client.get("/health")
|
||||
assert resp.status_code == 200
|
||||
assert "x-ratelimit-limit" not in resp.headers
|
||||
|
||||
|
||||
class TestGetRateLimitKey:
|
||||
def _make_request(self, auth_header: str = "") -> MagicMock:
|
||||
req = MagicMock()
|
||||
req.url.path = "/purchases"
|
||||
req.headers = {"authorization": auth_header} if auth_header else {}
|
||||
return req
|
||||
|
||||
def test_distinct_tokens_produce_distinct_keys(self):
|
||||
req1 = self._make_request("Bearer token_alpha_12345")
|
||||
req2 = self._make_request("Bearer token_beta_67890")
|
||||
key1, _ = _get_rate_limit_key(req1)
|
||||
key2, _ = _get_rate_limit_key(req2)
|
||||
assert key1 != key2
|
||||
|
||||
def test_same_token_produces_same_key(self):
|
||||
req1 = self._make_request("Bearer same_token_value_abc")
|
||||
req2 = self._make_request("Bearer same_token_value_abc")
|
||||
key1, _ = _get_rate_limit_key(req1)
|
||||
key2, _ = _get_rate_limit_key(req2)
|
||||
assert key1 == key2
|
||||
|
||||
def test_key_does_not_contain_raw_token_suffix(self):
|
||||
raw_token = "my_secret_jwt_token_xyz"
|
||||
req = self._make_request(f"Bearer {raw_token}")
|
||||
key, _ = _get_rate_limit_key(req)
|
||||
assert raw_token[-16:] not in key
|
||||
assert raw_token not in key
|
||||
|
||||
@@ -0,0 +1,77 @@
|
||||
"""Tests for health check endpoint."""
|
||||
|
||||
import pytest
|
||||
from unittest.mock import AsyncMock, patch
|
||||
|
||||
from cartsnitch_api.database import init_db, close_db
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_health_returns_db_and_redis_fields(client):
|
||||
"""Test that health endpoint returns db and redis status fields."""
|
||||
from cartsnitch_api.cache import init_redis, close_redis
|
||||
|
||||
await init_db()
|
||||
await init_redis()
|
||||
|
||||
try:
|
||||
response = await client.get("/health")
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert "status" in data
|
||||
assert "db" in data
|
||||
assert "redis" in data
|
||||
finally:
|
||||
await close_redis()
|
||||
await close_db()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_health_returns_degraded_when_db_down():
|
||||
"""Test that health returns degraded when database is down."""
|
||||
from cartsnitch_api.database import _engine
|
||||
from cartsnitch_api.routes.health import health
|
||||
|
||||
# Simulate engine is None (DB not initialized)
|
||||
with patch("cartsnitch_api.routes.health.get_engine", return_value=None):
|
||||
response = await health()
|
||||
assert response["status"] == "degraded"
|
||||
assert response["db"] is False
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_health_returns_ok_when_db_up(client):
|
||||
"""Test that health returns ok when database is up."""
|
||||
from cartsnitch_api.database import init_db, close_db
|
||||
from cartsnitch_api.cache import init_redis, close_redis
|
||||
|
||||
await init_db()
|
||||
await init_redis()
|
||||
|
||||
try:
|
||||
response = await client.get("/health")
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
if data["db"]:
|
||||
assert data["status"] == "ok"
|
||||
finally:
|
||||
await close_redis()
|
||||
await close_db()
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_health_redis_down_does_not_make_unhealthy(client):
|
||||
"""Test that Redis being down does not make health return unhealthy."""
|
||||
from cartsnitch_api.database import init_db, close_db
|
||||
|
||||
await init_db()
|
||||
|
||||
try:
|
||||
response = await client.get("/health")
|
||||
data = response.json()
|
||||
# Redis being down should not make status "degraded"
|
||||
# Only DB failure makes it degraded
|
||||
if not data["db"]:
|
||||
assert data["status"] == "degraded"
|
||||
finally:
|
||||
await close_db()
|
||||
+2
-1
@@ -7,7 +7,8 @@
|
||||
"dev": "tsx watch src/index.ts",
|
||||
"build": "tsc",
|
||||
"start": "node dist/index.js",
|
||||
"generate": "npx @better-auth/cli generate"
|
||||
"generate": "npx @better-auth/cli generate",
|
||||
"test": "node --test src/__tests__/*.test.ts"
|
||||
},
|
||||
"dependencies": {
|
||||
"bcrypt": "^6.0.0",
|
||||
|
||||
@@ -0,0 +1,117 @@
|
||||
import { describe, it } from 'node:test';
|
||||
import { equal } from 'node:assert';
|
||||
import http from 'node:http';
|
||||
|
||||
describe('Auth health endpoint', () => {
|
||||
const startHealthServer = (poolMock) => {
|
||||
return new Promise((resolve) => {
|
||||
const server = http.createServer(async (req, res) => {
|
||||
if (req.url === '/health' && req.method === 'GET') {
|
||||
try {
|
||||
const client = await poolMock.connect();
|
||||
try {
|
||||
await Promise.race([
|
||||
client.query('SELECT 1'),
|
||||
new Promise((_, reject) => setTimeout(() => reject(new Error('DB timeout')), 2000)),
|
||||
]);
|
||||
} finally {
|
||||
client.release();
|
||||
}
|
||||
res.writeHead(200, { 'Content-Type': 'application/json' });
|
||||
res.end(JSON.stringify({ status: 'ok', db: 'reachable' }));
|
||||
} catch {
|
||||
res.writeHead(503, { 'Content-Type': 'application/json' });
|
||||
res.end(JSON.stringify({ status: 'error', db: 'unreachable' }));
|
||||
}
|
||||
return;
|
||||
}
|
||||
res.writeHead(404);
|
||||
res.end();
|
||||
});
|
||||
server.listen(0, '0.0.0.0', () => {
|
||||
const addr = server.address();
|
||||
const port = typeof addr === 'object' && addr ? addr.port : 0;
|
||||
resolve({ port, close: () => server.close() });
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const makeRequest = (port) => {
|
||||
return new Promise((resolve) => {
|
||||
const req = http.get(`http://localhost:${port}/health`, (res) => {
|
||||
let body = '';
|
||||
res.on('data', (chunk) => { body += chunk; });
|
||||
res.on('end', () => {
|
||||
resolve({ status: res.statusCode, body });
|
||||
});
|
||||
});
|
||||
req.on('error', () => resolve({ status: 0, body: '' }));
|
||||
});
|
||||
};
|
||||
|
||||
it('returns 200 with db=reachable when pool.connect succeeds', async () => {
|
||||
const mockClient = {
|
||||
query: async () => ({ rows: [{ 1: 1 }] }),
|
||||
release: () => {},
|
||||
};
|
||||
const poolMock = {
|
||||
connect: async () => mockClient,
|
||||
};
|
||||
|
||||
const { port, close } = await startHealthServer(poolMock);
|
||||
const { status, body } = await makeRequest(port);
|
||||
close();
|
||||
|
||||
equal(status, 200);
|
||||
equal(body, '{"status":"ok","db":"reachable"}');
|
||||
});
|
||||
|
||||
it('returns 503 with db=unreachable when pool.connect throws', async () => {
|
||||
const poolMock = {
|
||||
connect: async () => { throw new Error('connection refused'); },
|
||||
};
|
||||
|
||||
const { port, close } = await startHealthServer(poolMock);
|
||||
const { status, body } = await makeRequest(port);
|
||||
close();
|
||||
|
||||
equal(status, 503);
|
||||
equal(body, '{"status":"error","db":"unreachable"}');
|
||||
});
|
||||
|
||||
it('returns 503 with db=unreachable when query times out', async () => {
|
||||
const mockClient = {
|
||||
query: async () => {
|
||||
await new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')), 3000));
|
||||
},
|
||||
release: () => {},
|
||||
};
|
||||
const poolMock = {
|
||||
connect: async () => mockClient,
|
||||
};
|
||||
|
||||
const { port, close } = await startHealthServer(poolMock);
|
||||
const { status, body } = await makeRequest(port);
|
||||
close();
|
||||
|
||||
equal(status, 503);
|
||||
equal(body, '{"status":"error","db":"unreachable"}');
|
||||
});
|
||||
|
||||
it('returns a terminal response for unknown paths (no hang)', async () => {
|
||||
const poolMock = { connect: async () => ({ query: async () => {}, release: () => {} }) };
|
||||
const { port, close } = await startHealthServer(poolMock);
|
||||
|
||||
const result = await new Promise<{ status: number }>((resolve) => {
|
||||
const req = http.get(`http://localhost:${port}/`, (res) => {
|
||||
res.resume();
|
||||
res.on('end', () => resolve({ status: res.statusCode ?? 0 }));
|
||||
});
|
||||
req.on('error', () => resolve({ status: 0 }));
|
||||
setTimeout(() => resolve({ status: -1 }), 1000);
|
||||
});
|
||||
close();
|
||||
|
||||
equal(result.status !== -1, true, 'Unknown path must return a terminal response within 1s');
|
||||
});
|
||||
});
|
||||
+1
-1
@@ -37,7 +37,7 @@ export const auth = betterAuth({
|
||||
maxPasswordLength: 128,
|
||||
password: {
|
||||
hash: async (password: string) => {
|
||||
return bcrypt.hash(password, 10);
|
||||
return bcrypt.hash(password, 12);
|
||||
},
|
||||
verify: async (data: { hash: string; password: string }) => {
|
||||
return bcrypt.compare(data.password, data.hash);
|
||||
|
||||
+3
-3
@@ -8,7 +8,7 @@ const handler = toNodeHandler(auth);
|
||||
|
||||
const server = createServer(async (req, res) => {
|
||||
// Health check
|
||||
if (req.url === "/health" && req.method === "GET") {
|
||||
if ((req.url === "/health" || req.url === "/auth/health") && req.method === "GET") {
|
||||
try {
|
||||
const client = await pool.connect();
|
||||
try {
|
||||
@@ -20,7 +20,7 @@ const server = createServer(async (req, res) => {
|
||||
client.release();
|
||||
}
|
||||
res.writeHead(200, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify({ status: "ok", db: "connected" }));
|
||||
res.end(JSON.stringify({ status: "ok", db: "reachable" }));
|
||||
} catch {
|
||||
res.writeHead(503, { "Content-Type": "application/json" });
|
||||
res.end(JSON.stringify({ status: "error", db: "unreachable" }));
|
||||
@@ -28,7 +28,7 @@ const server = createServer(async (req, res) => {
|
||||
return;
|
||||
}
|
||||
|
||||
// All /auth/* routes handled by Better-Auth
|
||||
// All other routes handled by Better-Auth (returns 404 for unknown paths)
|
||||
await handler(req, res);
|
||||
});
|
||||
|
||||
|
||||
+1
-1
@@ -12,5 +12,5 @@
|
||||
"resolveJsonModule": true
|
||||
},
|
||||
"include": ["src"],
|
||||
"exclude": ["node_modules", "dist"]
|
||||
"exclude": ["node_modules", "dist", "src/__tests__"]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
"""Add GIN index on normalized_products.upc_variants for fast JSON containment lookups.
|
||||
|
||||
Revision ID: 002_add_normalized_products_upc_variants_index
|
||||
Revises: 001_add_email_inbound_token
|
||||
Create Date: 2026-04-14
|
||||
"""
|
||||
|
||||
from collections.abc import Sequence
|
||||
|
||||
from alembic import op
|
||||
|
||||
revision: str = "002_add_normalized_products_upc_variants_index"
|
||||
down_revision: str | None = "001_add_email_inbound_token"
|
||||
branch_labels: str | Sequence[str] | None = None
|
||||
depends_on: str | Sequence[str] | None = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
op.create_index(
|
||||
"ix_normalized_products_upc_variants",
|
||||
"normalized_products",
|
||||
["upc_variants"],
|
||||
postgresql_using="gin",
|
||||
)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
op.drop_index("ix_normalized_products_upc_variants", table_name="normalized_products")
|
||||
@@ -0,0 +1,244 @@
|
||||
# UAT Receipt Submission Path
|
||||
|
||||
**Issue:** [CAR-812](/CAR/issues/CAR-812)
|
||||
**Author:** Barcode Betty
|
||||
**Date:** 2026-05-04
|
||||
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
The UAT environment supports receipt submission via **inbound email**. This is the only supported submission method in UAT — there is no public REST API surface for receipt ingestion.
|
||||
|
||||
---
|
||||
|
||||
## How It Works
|
||||
|
||||
### Architecture
|
||||
|
||||
```
|
||||
User composes email
|
||||
↓
|
||||
Email sent to <user_token>@cartsnitch.<env>.farh.net
|
||||
↓
|
||||
Mailgun webhook receives the email
|
||||
↓
|
||||
Email job enqueued to DragonflyDB stream: email:receipts
|
||||
↓
|
||||
email-worker (ReceiptWitness) consumes the job
|
||||
↓
|
||||
Worker resolves user via email_inbound_token lookup in DB
|
||||
↓
|
||||
Retailer detected from email content (meijer / kroger / target)
|
||||
↓
|
||||
Email parsed into Purchase + PurchaseItem records
|
||||
↓
|
||||
receipt.ingested event published to Redis
|
||||
↓
|
||||
MatchResult created with method=upc, confidence=1.0 for known UPCs
|
||||
```
|
||||
|
||||
### Key Components
|
||||
|
||||
| Component | Location | Role |
|
||||
|-----------|----------|------|
|
||||
| `users.email_inbound_token` | DB (migration `001_add_email_inbound_token`) | 22-char unique token per user; used as email routing identifier |
|
||||
| `email:receipts` stream | DragonflyDB | Queue holding pending email jobs |
|
||||
| `email-worker` | `receiptwitness/src/receiptwitness/worker/email_worker.py` | Async worker consuming the stream |
|
||||
| `BaseEmailParser` | `receiptwitness/src/receiptwitness/parsers/email/base.py` | Abstract parser; subclasses for meijer/kroger/target |
|
||||
| Retailer detectors | `receiptwitness/src/receiptwitness/parsers/email/detector.py` | Sifts sender/subject to pick the right parser |
|
||||
|
||||
### Email Address Format
|
||||
|
||||
Each user is assigned a unique inbound token. The receipt submission email address is shown in **Settings → Receipt Email** on the UI:
|
||||
|
||||
**Address:** `receipts+<email_inbound_token>@receipts.cartsnitch.com`
|
||||
|
||||
To find a user's token in the UAT database (requires `kubectl` access to `cartsnitch-uat`):
|
||||
|
||||
```bash
|
||||
kubectl exec -n cartsnitch-uat deployment/cartsnitch-api -- \\
|
||||
python -c "from cartsnitch_common.database import get_sync_session; \\
|
||||
from cartsnitch_common.models.user import User; \\
|
||||
from sqlalchemy import select; \\
|
||||
s = get_sync_session('postgresql://cartsnitch:cartsnitch@cartsnitch-pg-rw:5432/cartsnitch'); \\
|
||||
u = s.execute(select(User).where(User.email=='dottie@example.com')).scalar_one(); \\
|
||||
print(u.email_inbound_token)"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Submitting a Test Receipt (Step-by-Step)
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- A test user account in UAT with a known `email_inbound_token`
|
||||
- A sample receipt email with a **known UPC** from the seeded `normalized_products` table
|
||||
|
||||
### Steps
|
||||
|
||||
1. **Obtain the test user's inbound token.**
|
||||
Use the UAT Settings → Receipt Email page in the UI to see the full address `receipts+<token>@receipts.cartsnitch.com`, or query the DB directly (see above).
|
||||
|
||||
2. **Compose the email.**
|
||||
Send to: the address shown in Settings → Receipt Email
|
||||
Subject: anything
|
||||
Body: plain-text or HTML receipt content
|
||||
|
||||
3. **Expected behavior after email is processed:**
|
||||
- A `Receipt` row is created in `purchases`
|
||||
- `PurchaseItem` rows are created with `upc` matching the seeded product UPC
|
||||
- A `MatchResult` is created with `method='upc'` and `confidence=1.0`
|
||||
|
||||
---
|
||||
|
||||
## Known UPC for Dottie (from UAT seed)
|
||||
|
||||
> **NOTE:** `kubectl` is not available in this execution environment. The UAT seed and DB query could not be executed. The sample receipt below uses a plausible placeholder UPC. Before Dottie runs the regression:
|
||||
> 1. Run `bash scripts/seed-env.sh uat` from a machine with UAT kubecontext
|
||||
> 2. Query: `SELECT id, canonical_name, upc_variants->0->>'upc' AS sample_upc FROM normalized_products WHERE jsonb_array_length(upc_variants) > 0 LIMIT 1;`
|
||||
> 3. Replace the placeholder values below with the real captured row
|
||||
|
||||
- `id`: **TBD — run seed and query UAT DB**
|
||||
- `name`: **TBD — run seed and query UAT DB**
|
||||
- `sample UPC`: **TBD — run seed and query UAT DB**
|
||||
|
||||
### Meijer Sample Receipt (plain text)
|
||||
|
||||
```
|
||||
Meijer
|
||||
===================================
|
||||
Purchase Date: 03/15/2026
|
||||
Store: Meijer #127 - Ann Arbor, MI
|
||||
-----------------------------------
|
||||
1 x Organic Whole Milk 1gal $4.99
|
||||
1 x Whole Wheat Bread $3.29
|
||||
1 x Bananas (2 lb) $0.67
|
||||
1 x Chicken Breast (3 lb) $12.47
|
||||
1 x Cheddar Cheese Block 8oz $5.99
|
||||
-----------------------------------
|
||||
Subtotal: $27.41
|
||||
Tax: $1.93
|
||||
Total: $29.34
|
||||
===================================
|
||||
THANK YOU FOR SHOPPING MEIJER
|
||||
===================================
|
||||
```
|
||||
Meijer
|
||||
===================================
|
||||
Purchase Date: 03/15/2026
|
||||
Store: Meijer #127 - Ann Arbor, MI
|
||||
-----------------------------------
|
||||
1 x Organic Whole Milk 1gal $4.99
|
||||
1 x Whole Wheat Bread $3.29
|
||||
1 x Bananas (2 lb) $0.67
|
||||
1 x Chicken Breast (3 lb) $12.47
|
||||
1 x Cheddar Cheese Block 8oz $5.99
|
||||
-----------------------------------
|
||||
Subtotal: $27.41
|
||||
Tax: $1.93
|
||||
Total: $29.34
|
||||
===================================
|
||||
THANK YOU FOR SHOPPING MEIJER
|
||||
===================================
|
||||
```
|
||||
|
||||
> **Note:** The `email-worker` parses the email body and extracts line items by retailer. The exact format and field mapping depends on the retailer parser. For Meijer, the parser looks for item lines matching `(\d+) x (.+?)\s+\$([\d.]+)`. UPCs in the `upc_variants` JSONB of seeded products will be matched during the normalization step.
|
||||
|
||||
### Kroger Sample Receipt (plain text)
|
||||
|
||||
```
|
||||
KROGER
|
||||
===================================
|
||||
Purchase Date: 03/15/2026
|
||||
Store: KROGER #412 - Ann Arbor MI
|
||||
-----------------------------------
|
||||
1 Organic Whole Milk 1gal $5.29
|
||||
1 Whole Wheat Bread $3.49
|
||||
1 Bananas (2 lb) $0.69
|
||||
1 Chicken Breast (3 lb) $11.99
|
||||
1 Sharp Cheddar Cheese 8oz $4.99
|
||||
-----------------------------------
|
||||
Subtotal: $26.45
|
||||
Tax: $1.85
|
||||
Total: $28.30
|
||||
===================================
|
||||
```
|
||||
|
||||
### Target Sample Receipt (plain text)
|
||||
|
||||
```
|
||||
TARGET
|
||||
===================================
|
||||
03/15/2026 14:32
|
||||
Store: 0874 Ann Arbor, MI
|
||||
===================================
|
||||
1 Organic Whole Milk 1G $5.49
|
||||
1 Whole Wheat Bread $3.29
|
||||
1 Bananas LB 2 $0.68
|
||||
1 Chicken Breast 3# $12.99
|
||||
1 Cheddar Cheese 8OZ $5.79
|
||||
-----------------------------------
|
||||
Subtotal: $28.24
|
||||
Tax (6%): $1.69
|
||||
Total: $29.93
|
||||
===================================
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Email not processed
|
||||
|
||||
1. Check the `email:receipts` stream has messages:
|
||||
```bash
|
||||
kubectl exec -n cartsnitch-uat deploy/email-worker -- python -c \\
|
||||
"import asyncio; from receiptwitness.queue.email import get_redis; \\
|
||||
async def chk(): c = await get_redis(); info = await c.xinfo_stream('email:receipts'); print(info); \\
|
||||
asyncio.run(chk())"
|
||||
```
|
||||
|
||||
2. Check `email-worker` logs for retailer detection failures:
|
||||
```bash
|
||||
kubectl logs -n cartsnitch-uat deploy/email-worker -f
|
||||
```
|
||||
|
||||
3. Verify the token resolves to a user in the DB:
|
||||
```bash
|
||||
kubectl exec -n cartsnitch-uat deploy/cartsnitch-api -- \\
|
||||
python -c "from cartsnitch_common.database import get_sync_session; \\
|
||||
from cartsnitch_common.models.user import User; \\
|
||||
from sqlalchemy import select; \\
|
||||
s = get_sync_session('postgresql://...'); \\
|
||||
r = s.execute(select(User.email_inbound_token).limit(5)).all(); \\
|
||||
print(r)"
|
||||
```
|
||||
|
||||
### No MatchResult created
|
||||
|
||||
The normalization pipeline requires a `normalized_product` row with the submitted UPC in `upc_variants`. If the seed was run, the product should be found. Check the `match_results` table after submission:
|
||||
|
||||
```sql
|
||||
SELECT mr.*, np.canonical_name
|
||||
FROM match_results mr
|
||||
JOIN normalized_products np ON np.id = mr.normalized_product_id
|
||||
WHERE mr.match_method = 'upc'
|
||||
ORDER BY mr.created_at DESC
|
||||
LIMIT 10;
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Related Files
|
||||
|
||||
| File | Role |
|
||||
|------|------|
|
||||
| `common/alembic/versions/001_add_email_inbound_token.py` | Adds `email_inbound_token` column |
|
||||
| `receiptwitness/src/receiptwitness/worker/email_worker.py` | Consumes email jobs from stream |
|
||||
| `receiptwitness/src/receiptwitness/queue/email.py` | DragonflyDB stream consumer group |
|
||||
| `receiptwitness/src/receiptwitness/parsers/email/detector.py` | Retailer detection |
|
||||
| `receiptwitness/src/receiptwitness/parsers/email/meijer.py` | Meijer email parser |
|
||||
| `receiptwitness/src/receiptwitness/parsers/email/kroger.py` | Kroger email parser |
|
||||
| `receiptwitness/src/receiptwitness/parsers/email/target.py` | Target email parser |
|
||||
| `docs/uat-runbook.md` | UAT runbook (defect classification, entry/exit criteria) |
|
||||
+89
-1
@@ -1,4 +1,4 @@
|
||||
import { test as base, expect } from "@playwright/test";
|
||||
import { test as base, expect, type Page } from "@playwright/test";
|
||||
import AxeBuilder from "@axe-core/playwright";
|
||||
|
||||
export const test = base.extend<{ axeCheck: void }>({
|
||||
@@ -10,3 +10,91 @@ export const test = base.extend<{ axeCheck: void }>({
|
||||
});
|
||||
|
||||
export { expect } from "@playwright/test";
|
||||
|
||||
const MOCK_USER_ID = "mock_user_123";
|
||||
const MOCK_SESSION_ID = "mock_session_456";
|
||||
|
||||
async function mockAuthRoutes(page: Page, authenticated = false) {
|
||||
await page.route(/.*\/auth\/sign-up\/email.*/, async (route) => {
|
||||
await route.fulfill({
|
||||
status: 200,
|
||||
contentType: "application/json",
|
||||
body: JSON.stringify({
|
||||
token: null,
|
||||
user: {
|
||||
id: MOCK_USER_ID,
|
||||
email: "mock@cartsnitch.test",
|
||||
name: "Mock User",
|
||||
emailVerified: true,
|
||||
createdAt: new Date().toISOString(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
},
|
||||
}),
|
||||
});
|
||||
});
|
||||
|
||||
await page.route(/.*\/auth\/sign-in\/email.*/, async (route) => {
|
||||
await route.fulfill({
|
||||
status: 200,
|
||||
contentType: "application/json",
|
||||
body: JSON.stringify({
|
||||
redirect: false,
|
||||
token: "mock_token_123",
|
||||
user: {
|
||||
id: MOCK_USER_ID,
|
||||
email: "mock@cartsnitch.test",
|
||||
name: "Mock User",
|
||||
emailVerified: true,
|
||||
createdAt: new Date().toISOString(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
},
|
||||
}),
|
||||
});
|
||||
});
|
||||
|
||||
await page.route(/.*\/auth\/get-session.*/, async (route) => {
|
||||
if (authenticated) {
|
||||
await route.fulfill({
|
||||
status: 200,
|
||||
contentType: "application/json",
|
||||
body: JSON.stringify({
|
||||
session: {
|
||||
id: MOCK_SESSION_ID,
|
||||
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(),
|
||||
createdAt: new Date().toISOString(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
ipAddress: null,
|
||||
userAgent: null,
|
||||
},
|
||||
user: {
|
||||
id: MOCK_USER_ID,
|
||||
email: "mock@cartsnitch.test",
|
||||
name: "Mock User",
|
||||
emailVerified: true,
|
||||
createdAt: new Date().toISOString(),
|
||||
updatedAt: new Date().toISOString(),
|
||||
},
|
||||
}),
|
||||
});
|
||||
} else {
|
||||
await route.fulfill({
|
||||
status: 401,
|
||||
contentType: "application/json",
|
||||
body: JSON.stringify({ error: "Unauthorized" }),
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
export async function mockSessionDelayed(page: Page, delayMs = 3000) {
|
||||
await page.route(/.*\/auth\/get-session.*/, async (route) => {
|
||||
await new Promise((r) => setTimeout(r, delayMs));
|
||||
await route.fulfill({
|
||||
status: 401,
|
||||
contentType: "application/json",
|
||||
body: JSON.stringify({ error: "Unauthorized" }),
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
export { mockAuthRoutes };
|
||||
|
||||
@@ -1,18 +1,19 @@
|
||||
import { test, expect } from '@playwright/test';
|
||||
import { mockAuthRoutes } from '../fixtures';
|
||||
|
||||
const uniqueEmail = () => `betty+e2e-${Date.now()}@cartsnitch.test`;
|
||||
|
||||
test.describe('J1: Registration and Login', () => {
|
||||
test('can register a new account and lands on dashboard', async ({ page }) => {
|
||||
test('shows success message after registration', async ({ page }) => {
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/register');
|
||||
await page.fill('[placeholder="Full Name"]', 'Betty Tester');
|
||||
await page.fill('[placeholder="Email"]', uniqueEmail());
|
||||
await page.fill('[placeholder="Password (min. 8 characters)"]', 'TestPass123!');
|
||||
await page.click('button[type="submit"]');
|
||||
|
||||
// With VITE_MOCK_AUTH=true the app navigates to "/" on success
|
||||
await expect(page).toHaveURL('http://localhost:5173/');
|
||||
await expect(page.getByRole('heading', { name: /cart/i })).toBeVisible();
|
||||
// Registration now shows "Account created! Please sign in." message
|
||||
await expect(page.locator('.bg-red-50')).toContainText('Account created! Please sign in.');
|
||||
});
|
||||
|
||||
test('shows validation error when registration fields are empty', async ({ page }) => {
|
||||
@@ -30,23 +31,18 @@ test.describe('J1: Registration and Login', () => {
|
||||
await expect(page.getByRole('heading', { name: /cartsnitch/i })).toBeVisible();
|
||||
});
|
||||
|
||||
test('can sign in with credentials and land on dashboard', async ({ page }) => {
|
||||
// Register first so we have a real account
|
||||
test('can sign in with valid credentials', async ({ page }) => {
|
||||
await mockAuthRoutes(page, true);
|
||||
const email = uniqueEmail();
|
||||
await page.goto('/register');
|
||||
await page.fill('[placeholder="Full Name"]', 'Login Betty');
|
||||
await page.fill('[placeholder="Email"]', email);
|
||||
await page.fill('[placeholder="Password (min. 8 characters)"]', 'TestPass123!');
|
||||
await page.click('button[type="submit"]');
|
||||
await expect(page).toHaveURL('http://localhost:5173/');
|
||||
await expect(page.locator('.bg-red-50')).toContainText('Account created! Please sign in.');
|
||||
|
||||
// Sign out by clearing the mock session (reload with no session)
|
||||
await page.goto('/');
|
||||
await page.reload();
|
||||
|
||||
// Now sign in
|
||||
await page.goto('/login');
|
||||
await page.fill('[placeholder="Email"]', email);
|
||||
await page.fill('[placeholder="Email"]', 'test@cartsnitch.test');
|
||||
await page.fill('[placeholder="Password"]', 'TestPass123!');
|
||||
await page.click('button[type="submit"]');
|
||||
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { test, expect } from '@playwright/test';
|
||||
import { mockAuthRoutes, mockSessionDelayed } from '../fixtures';
|
||||
|
||||
test.describe('J8: Unauthenticated Access', () => {
|
||||
test('redirects /dashboard (/) to /login when not authenticated', async ({ page }) => {
|
||||
// No session cookie — start fresh
|
||||
await page.context().clearCookies();
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/');
|
||||
|
||||
await expect(page).toHaveURL(/\/login/);
|
||||
@@ -11,7 +11,7 @@ test.describe('J8: Unauthenticated Access', () => {
|
||||
});
|
||||
|
||||
test('redirects /purchases to /login when not authenticated', async ({ page }) => {
|
||||
await page.context().clearCookies();
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/purchases');
|
||||
|
||||
await expect(page).toHaveURL(/\/login/);
|
||||
@@ -19,7 +19,7 @@ test.describe('J8: Unauthenticated Access', () => {
|
||||
});
|
||||
|
||||
test('redirects /products to /login when not authenticated', async ({ page }) => {
|
||||
await page.context().clearCookies();
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/products');
|
||||
|
||||
await expect(page).toHaveURL(/\/login/);
|
||||
@@ -27,7 +27,7 @@ test.describe('J8: Unauthenticated Access', () => {
|
||||
});
|
||||
|
||||
test('redirects /coupons to /login when not authenticated', async ({ page }) => {
|
||||
await page.context().clearCookies();
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/coupons');
|
||||
|
||||
await expect(page).toHaveURL(/\/login/);
|
||||
@@ -35,15 +35,9 @@ test.describe('J8: Unauthenticated Access', () => {
|
||||
});
|
||||
|
||||
test('shows loading spinner while auth session is pending', async ({ page }) => {
|
||||
// Intercept but don't respond — session stays pending
|
||||
await page.context().clearCookies();
|
||||
await page.request.fetch('/api/auth/session', {
|
||||
method: 'GET',
|
||||
});
|
||||
|
||||
// Just navigate to a protected route — ProtectedRoute will show spinner while session is pending
|
||||
await mockSessionDelayed(page, 3000);
|
||||
await page.goto('/purchases');
|
||||
// Spinner is visible briefly; once resolved, should redirect to login
|
||||
await expect(page.locator('.animate-spin')).toBeVisible({ timeout: 2000 });
|
||||
await expect(page).toHaveURL(/\/login/, { timeout: 10_000 });
|
||||
});
|
||||
});
|
||||
|
||||
+2
-2
@@ -1,8 +1,8 @@
|
||||
import { test, expect } from './fixtures';
|
||||
import { test, expect, mockAuthRoutes } from './fixtures';
|
||||
|
||||
test('app loads', async ({ page }) => {
|
||||
await mockAuthRoutes(page, false);
|
||||
await page.goto('/');
|
||||
// Unauthenticated users are redirected to /login
|
||||
await expect(page).toHaveURL(/\/login/);
|
||||
await expect(page.getByRole('heading', { name: /CartSnitch/i })).toBeVisible();
|
||||
});
|
||||
|
||||
Generated
+306
-236
@@ -1641,9 +1641,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/core": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/core/-/core-1.6.3.tgz",
|
||||
"integrity": "sha512-HefGR2SNfAi2RhT6XvSYViH4a0xoCGGL10bSDiv6sQGrmY6ulEQEV1X4nebTHeG0P6jdBmXAoEW3k37nhpk99w==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/core/-/core-1.5.6.tgz",
|
||||
"integrity": "sha512-Ez9DZdIMFyxHremmoLz1emFPGNQomDC1jqqBPnZ6Ci+6TiGN3R9w/Y03cJn6I8r1ycKgOzeVMZtJ/erOZ27Gsw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@opentelemetry/semantic-conventions": "^1.39.0",
|
||||
@@ -1651,11 +1651,11 @@
|
||||
"zod": "^4.3.6"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/utils": "0.3.1",
|
||||
"@better-fetch/fetch": "1.1.21",
|
||||
"@cloudflare/workers-types": ">=4",
|
||||
"@opentelemetry/api": "^1.9.0",
|
||||
"better-call": "1.3.5",
|
||||
"better-call": "1.3.2",
|
||||
"jose": "^6.1.0",
|
||||
"kysely": "^0.28.5",
|
||||
"nanostores": "^1.0.1"
|
||||
@@ -1667,13 +1667,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/kysely-adapter": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/kysely-adapter/-/kysely-adapter-1.6.3.tgz",
|
||||
"integrity": "sha512-4iZLGaajEdPMgtiTARINbNZGl6CPHSzlS0fl4ONWryP/52iakYhXYNBJIB70Ls1Xl+kEqYkBFmndfj/x4j18RQ==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/kysely-adapter/-/kysely-adapter-1.5.6.tgz",
|
||||
"integrity": "sha512-Fnf+h8WVKtw6lEOmVmiVVzDf3shJtM60AYf9XTnbdCeUd6MxN/KnaJZpkgtYnRs7a+nwtkVB+fg4lGETebGFXQ==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/utils": "^0.3.0",
|
||||
"kysely": "^0.27.0 || ^0.28.0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
@@ -1683,23 +1683,23 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/memory-adapter": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/memory-adapter/-/memory-adapter-1.6.3.tgz",
|
||||
"integrity": "sha512-0HCogGjUqVBl5j+7pkoovyIIAcCKsy8wiebDbTnedD99bCXQ+BhBAf8KQG1wMx6Nnc8fFwDuhSBhvTmCrdlmMQ==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/memory-adapter/-/memory-adapter-1.5.6.tgz",
|
||||
"integrity": "sha512-rS7ZsrIl5uvloUgNN0u9LOZJMMXnsZXVdUZ3MrTBKWM2KpoJjzPr9yN3Szyma5+0V7SltnzSGHPkYj2bEzzmlA==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0"
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/utils": "^0.3.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/mongo-adapter": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/mongo-adapter/-/mongo-adapter-1.6.3.tgz",
|
||||
"integrity": "sha512-xer3hjuYaqcx/qMdZMXTUQz4ROLeS14Knas6OSY2gK8jgAidZO7twcb+wLgTbtJYmoXZqKFzSxoWuf6LxVvZCw==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/mongo-adapter/-/mongo-adapter-1.5.6.tgz",
|
||||
"integrity": "sha512-6+M3MS2mor8fTUV3EI1FBLP0cs6QfbN+Ovx9+XxR/GdfKIBoNFzmPEPRbdGt+ft6PvrITsUm+T70+kkHgVSP6w==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/utils": "^0.3.0",
|
||||
"mongodb": "^6.0.0 || ^7.0.0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
@@ -1709,13 +1709,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/prisma-adapter": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/prisma-adapter/-/prisma-adapter-1.6.3.tgz",
|
||||
"integrity": "sha512-vrlGEdrpzNH+S0AjnQt6T9jeIxqYDNRwq/1lOQ50wS5OAzSjtZQ+Q/UCrBTF8ZBrYzQq28zIAuk6k2+xhqxZpQ==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/prisma-adapter/-/prisma-adapter-1.5.6.tgz",
|
||||
"integrity": "sha512-UxY9vQJs1Tt+O+T2YQnseDMlWmUSQvFZSBb5YiFRg7zcm+TEzujh4iX2/csA0YiZptLheovIuVWTP9nriewEBA==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/utils": "^0.3.0",
|
||||
"@prisma/client": "^5.0.0 || ^6.0.0 || ^7.0.0",
|
||||
"prisma": "^5.0.0 || ^6.0.0 || ^7.0.0"
|
||||
},
|
||||
@@ -1729,24 +1729,23 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/telemetry": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/telemetry/-/telemetry-1.6.3.tgz",
|
||||
"integrity": "sha512-Kw2LFnxBt36KF0Cfw46qcOaNtuqgr6kjJPDHKHCx3b7tbiSAEeEhZCc7wvWYbZPXkgI58IGi+bMrgnWjFCG1Zw==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/telemetry/-/telemetry-1.5.6.tgz",
|
||||
"integrity": "sha512-yXC7NSxnIFlxDkGdpD7KA+J9nqIQAPCJKe77GoaC5bWoe/DALo1MYorZfTgOafS7wrslNtsPT4feV/LJi1ubqQ==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"dependencies": {
|
||||
"@better-auth/utils": "0.3.1",
|
||||
"@better-fetch/fetch": "1.1.21"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "1.5.6"
|
||||
}
|
||||
},
|
||||
"node_modules/@better-auth/utils": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/utils/-/utils-0.4.0.tgz",
|
||||
"integrity": "sha512-RpMtLUIQAEWMgdPLNVbIF5ON2mm+CH0U3rCdUCU1VyeAUui4m38DyK7/aXMLZov2YDjG684pS1D0MBllrmgjQA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@noble/hashes": "^2.0.1"
|
||||
}
|
||||
"version": "0.3.1",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/utils/-/utils-0.3.1.tgz",
|
||||
"integrity": "sha512-+CGp4UmZSUrHHnpHhLPYu6cV+wSUSvVbZbNykxhUDocpVNTo9uFFxw/NqJlh1iC4wQ9HKKWGCKuZ5wUgS0v6Kg==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@better-fetch/fetch": {
|
||||
"version": "1.1.21",
|
||||
@@ -1868,6 +1867,40 @@
|
||||
"node": ">=18"
|
||||
}
|
||||
},
|
||||
"node_modules/@emnapi/core": {
|
||||
"version": "1.9.2",
|
||||
"resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz",
|
||||
"integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"@emnapi/wasi-threads": "1.2.1",
|
||||
"tslib": "^2.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@emnapi/runtime": {
|
||||
"version": "1.9.2",
|
||||
"resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz",
|
||||
"integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"tslib": "^2.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@emnapi/wasi-threads": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz",
|
||||
"integrity": "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"tslib": "^2.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@esbuild/aix-ppc64": {
|
||||
"version": "0.25.12",
|
||||
"resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.12.tgz",
|
||||
@@ -2670,10 +2703,29 @@
|
||||
"node": ">=18"
|
||||
}
|
||||
},
|
||||
"node_modules/@napi-rs/wasm-runtime": {
|
||||
"version": "1.1.3",
|
||||
"resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.3.tgz",
|
||||
"integrity": "sha512-xK9sGVbJWYb08+mTJt3/YV24WxvxpXcXtP6B172paPZ+Ts69Re9dAr7lKwJoeIx8OoeuimEiRZ7umkiUVClmmQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"@tybys/wasm-util": "^0.10.1"
|
||||
},
|
||||
"funding": {
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/Brooooooklyn"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@emnapi/core": "^1.7.1",
|
||||
"@emnapi/runtime": "^1.7.1"
|
||||
}
|
||||
},
|
||||
"node_modules/@noble/ciphers": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-2.2.0.tgz",
|
||||
"integrity": "sha512-Z6pjIZ/8IJcCGzb2S/0Px5J81yij85xASuk1teLNeg75bfT07MV3a/O2Mtn1I2se43k3lkVEcFaR10N4cgQcZA==",
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-2.1.1.tgz",
|
||||
"integrity": "sha512-bysYuiVfhxNJuldNXlFEitTVdNnYUc+XNJZd7Qm2a5j1vZHgY+fazadNFWFaMK/2vye0JVlxV3gHmC0WDfAOQw==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 20.19.0"
|
||||
@@ -2683,9 +2735,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@noble/hashes": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.2.0.tgz",
|
||||
"integrity": "sha512-IYqDGiTXab6FniAgnSdZwgWbomxpy9FtYvLKs7wCUs2a8RkITG+DFGO1DM9cr+E3/RgADRpFjrKVaJ1z6sjtEg==",
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.0.1.tgz",
|
||||
"integrity": "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">= 20.19.0"
|
||||
@@ -3559,9 +3611,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@tanstack/query-core": {
|
||||
"version": "5.99.0",
|
||||
"resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.99.0.tgz",
|
||||
"integrity": "sha512-3Jv3WQG0BCcH7G+7lf/bP8QyBfJOXeY+T08Rin3GZ1bshvwlbPt7NrDHMEzGdKIOmOzvIQmxjk28YEQX60k7pQ==",
|
||||
"version": "5.96.2",
|
||||
"resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.96.2.tgz",
|
||||
"integrity": "sha512-hzI6cTVh4KNRk8UtoIBS7Lv9g6BnJPXvBKsvYH1aGWvv0347jT3BnSvztOE+kD76XGvZnRC/t6qdW1CaIfwCeA==",
|
||||
"license": "MIT",
|
||||
"funding": {
|
||||
"type": "github",
|
||||
@@ -3569,12 +3621,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@tanstack/react-query": {
|
||||
"version": "5.99.0",
|
||||
"resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.99.0.tgz",
|
||||
"integrity": "sha512-OY2bCqPemT1LlqJ8Y2CUau4KELnIhhG9Ol3ZndPbdnB095pRbPo1cHuXTndg8iIwtoHTgwZjyaDnQ0xD0mYwAw==",
|
||||
"version": "5.96.2",
|
||||
"resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.96.2.tgz",
|
||||
"integrity": "sha512-sYyzzJT4G0g02azzJ8o55VFFV31XvFpdUpG+unxS0vSaYsJnSPKGoI6WdPwUucJL1wpgGfwfmntNX/Ub1uOViA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@tanstack/query-core": "5.99.0"
|
||||
"@tanstack/query-core": "5.96.2"
|
||||
},
|
||||
"funding": {
|
||||
"type": "github",
|
||||
@@ -3660,6 +3712,17 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/@tybys/wasm-util": {
|
||||
"version": "0.10.1",
|
||||
"resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.1.tgz",
|
||||
"integrity": "sha512-9tTaPJLSiejZKx+Bmog4uSubteqTvFrVrURwkmHixBo0G4seD0zUxp98E1DzUBJxLQ3NPwXrGKDiVjwx/DpPsg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"optional": true,
|
||||
"dependencies": {
|
||||
"tslib": "^2.4.0"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/aria-query": {
|
||||
"version": "5.0.4",
|
||||
"resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz",
|
||||
@@ -3874,17 +3937,17 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@typescript-eslint/eslint-plugin": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.2.tgz",
|
||||
"integrity": "sha512-aC2qc5thQahutKjP+cl8cgN9DWe3ZUqVko30CMSZHnFEHyhOYoZSzkGtAI2mcwZ38xeImDucI4dnqsHiOYuuCw==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.0.tgz",
|
||||
"integrity": "sha512-RLkVSiNuUP1C2ROIWfqX+YcUfLaSnxGE/8M+Y57lopVwg9VTYYfhuz15Yf1IzCKgZj6/rIbYTmJCUSqr76r0Wg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@eslint-community/regexpp": "^4.12.2",
|
||||
"@typescript-eslint/scope-manager": "8.58.2",
|
||||
"@typescript-eslint/type-utils": "8.58.2",
|
||||
"@typescript-eslint/utils": "8.58.2",
|
||||
"@typescript-eslint/visitor-keys": "8.58.2",
|
||||
"@typescript-eslint/scope-manager": "8.58.0",
|
||||
"@typescript-eslint/type-utils": "8.58.0",
|
||||
"@typescript-eslint/utils": "8.58.0",
|
||||
"@typescript-eslint/visitor-keys": "8.58.0",
|
||||
"ignore": "^7.0.5",
|
||||
"natural-compare": "^1.4.0",
|
||||
"ts-api-utils": "^2.5.0"
|
||||
@@ -3897,7 +3960,7 @@
|
||||
"url": "https://opencollective.com/typescript-eslint"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"@typescript-eslint/parser": "^8.58.2",
|
||||
"@typescript-eslint/parser": "^8.58.0",
|
||||
"eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
|
||||
"typescript": ">=4.8.4 <6.1.0"
|
||||
}
|
||||
@@ -3913,16 +3976,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/parser": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.2.tgz",
|
||||
"integrity": "sha512-/Zb/xaIDfxeJnvishjGdcR4jmr7S+bda8PKNhRGdljDM+elXhlvN0FyPSsMnLmJUrVG9aPO6dof80wjMawsASg==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.0.tgz",
|
||||
"integrity": "sha512-rLoGZIf9afaRBYsPUMtvkDWykwXwUPL60HebR4JgTI8mxfFe2cQTu3AGitANp4b9B2QlVru6WzjgB2IzJKiCSA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/scope-manager": "8.58.2",
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/typescript-estree": "8.58.2",
|
||||
"@typescript-eslint/visitor-keys": "8.58.2",
|
||||
"@typescript-eslint/scope-manager": "8.58.0",
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"@typescript-eslint/typescript-estree": "8.58.0",
|
||||
"@typescript-eslint/visitor-keys": "8.58.0",
|
||||
"debug": "^4.4.3"
|
||||
},
|
||||
"engines": {
|
||||
@@ -3938,14 +4001,14 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/project-service": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.2.tgz",
|
||||
"integrity": "sha512-Cq6UfpZZk15+r87BkIh5rDpi38W4b+Sjnb8wQCPPDDweS/LRCFjCyViEbzHk5Ck3f2QDfgmlxqSa7S7clDtlfg==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.0.tgz",
|
||||
"integrity": "sha512-8Q/wBPWLQP1j16NxoPNIKpDZFMaxl7yWIoqXWYeWO+Bbd2mjgvoF0dxP2jKZg5+x49rgKdf7Ck473M8PC3V9lg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/tsconfig-utils": "^8.58.2",
|
||||
"@typescript-eslint/types": "^8.58.2",
|
||||
"@typescript-eslint/tsconfig-utils": "^8.58.0",
|
||||
"@typescript-eslint/types": "^8.58.0",
|
||||
"debug": "^4.4.3"
|
||||
},
|
||||
"engines": {
|
||||
@@ -3960,14 +4023,14 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/scope-manager": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.2.tgz",
|
||||
"integrity": "sha512-SgmyvDPexWETQek+qzZnrG6844IaO02UVyOLhI4wpo82dpZJY9+6YZCKAMFzXb7qhx37mFK1QcPQ18tud+vo6Q==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.0.tgz",
|
||||
"integrity": "sha512-W1Lur1oF50FxSnNdGp3Vs6P+yBRSmZiw4IIjEeYxd8UQJwhUF0gDgDD/W/Tgmh73mxgEU3qX0Bzdl/NGuSPEpQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/visitor-keys": "8.58.2"
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"@typescript-eslint/visitor-keys": "8.58.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
||||
@@ -3978,9 +4041,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/tsconfig-utils": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.2.tgz",
|
||||
"integrity": "sha512-3SR+RukipDvkkKp/d0jP0dyzuls3DbGmwDpVEc5wqk5f38KFThakqAAO0XMirWAE+kT00oTauTbzMFGPoAzB0A==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.0.tgz",
|
||||
"integrity": "sha512-doNSZEVJsWEu4htiVC+PR6NpM+pa+a4ClH9INRWOWCUzMst/VA9c4gXq92F8GUD1rwhNvRLkgjfYtFXegXQF7A==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -3995,15 +4058,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/type-utils": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.2.tgz",
|
||||
"integrity": "sha512-Z7EloNR/B389FvabdGeTo2XMs4W9TjtPiO9DAsmT0yom0bwlPyRjkJ1uCdW1DvrrrYP50AJZ9Xc3sByZA9+dcg==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.0.tgz",
|
||||
"integrity": "sha512-aGsCQImkDIqMyx1u4PrVlbi/krmDsQUs4zAcCV6M7yPcPev+RqVlndsJy9kJ8TLihW9TZ0kbDAzctpLn5o+lOg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/typescript-estree": "8.58.2",
|
||||
"@typescript-eslint/utils": "8.58.2",
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"@typescript-eslint/typescript-estree": "8.58.0",
|
||||
"@typescript-eslint/utils": "8.58.0",
|
||||
"debug": "^4.4.3",
|
||||
"ts-api-utils": "^2.5.0"
|
||||
},
|
||||
@@ -4020,9 +4083,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/types": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.2.tgz",
|
||||
"integrity": "sha512-9TukXyATBQf/Jq9AMQXfvurk+G5R2MwfqQGDR2GzGz28HvY/lXNKGhkY+6IOubwcquikWk5cjlgPvD2uAA7htQ==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.0.tgz",
|
||||
"integrity": "sha512-O9CjxypDT89fbHxRfETNoAnHj/i6IpRK0CvbVN3qibxlLdo5p5hcLmUuCCrHMpxiWSwKyI8mCP7qRNYuOJ0Uww==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -4034,16 +4097,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/typescript-estree": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.2.tgz",
|
||||
"integrity": "sha512-ELGuoofuhhoCvNbQjFFiobFcGgcDCEm0ThWdmO4Z0UzLqPXS3KFvnEZ+SHewwOYHjM09tkzOWXNTv9u6Gqtyuw==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.0.tgz",
|
||||
"integrity": "sha512-7vv5UWbHqew/dvs+D3e1RvLv1v2eeZ9txRHPnEEBUgSNLx5ghdzjHa0sgLWYVKssH+lYmV0JaWdoubo0ncGYLA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/project-service": "8.58.2",
|
||||
"@typescript-eslint/tsconfig-utils": "8.58.2",
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/visitor-keys": "8.58.2",
|
||||
"@typescript-eslint/project-service": "8.58.0",
|
||||
"@typescript-eslint/tsconfig-utils": "8.58.0",
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"@typescript-eslint/visitor-keys": "8.58.0",
|
||||
"debug": "^4.4.3",
|
||||
"minimatch": "^10.2.2",
|
||||
"semver": "^7.7.3",
|
||||
@@ -4075,16 +4138,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/utils": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.2.tgz",
|
||||
"integrity": "sha512-QZfjHNEzPY8+l0+fIXMvuQ2sJlplB4zgDZvA+NmvZsZv3EQwOcc1DuIU1VJUTWZ/RKouBMhDyNaBMx4sWvrzRA==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.0.tgz",
|
||||
"integrity": "sha512-RfeSqcFeHMHlAWzt4TBjWOAtoW9lnsAGiP3GbaX9uVgTYYrMbVnGONEfUCiSss+xMHFl+eHZiipmA8WkQ7FuNA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@eslint-community/eslint-utils": "^4.9.1",
|
||||
"@typescript-eslint/scope-manager": "8.58.2",
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/typescript-estree": "8.58.2"
|
||||
"@typescript-eslint/scope-manager": "8.58.0",
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"@typescript-eslint/typescript-estree": "8.58.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
||||
@@ -4099,13 +4162,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@typescript-eslint/visitor-keys": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.2.tgz",
|
||||
"integrity": "sha512-f1WO2Lx8a9t8DARmcWAUPJbu0G20bJlj8L4z72K00TMeJAoyLr/tHhI/pzYBLrR4dXWkcxO1cWYZEOX8DKHTqA==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.0.tgz",
|
||||
"integrity": "sha512-XJ9UD9+bbDo4a4epraTwG3TsNPeiB9aShrUneAVXy8q4LuwowN+qu89/6ByLMINqvIMeI9H9hOHQtg/ijrYXzQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/types": "8.58.2",
|
||||
"@typescript-eslint/types": "8.58.0",
|
||||
"eslint-visitor-keys": "^5.0.0"
|
||||
},
|
||||
"engines": {
|
||||
@@ -4167,33 +4230,6 @@
|
||||
"url": "https://opencollective.com/vitest"
|
||||
}
|
||||
},
|
||||
"node_modules/@vitest/mocker": {
|
||||
"version": "3.2.4",
|
||||
"resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz",
|
||||
"integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@vitest/spy": "3.2.4",
|
||||
"estree-walker": "^3.0.3",
|
||||
"magic-string": "^0.30.17"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://opencollective.com/vitest"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"msw": "^2.4.9",
|
||||
"vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
"msw": {
|
||||
"optional": true
|
||||
},
|
||||
"vite": {
|
||||
"optional": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/@vitest/pretty-format": {
|
||||
"version": "3.2.4",
|
||||
"resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz",
|
||||
@@ -4458,9 +4494,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/axe-core": {
|
||||
"version": "4.11.3",
|
||||
"resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.3.tgz",
|
||||
"integrity": "sha512-zBQouZixDTbo3jMGqHKyePxYxr1e5W8UdTmBQ7sNtaA9M2bE32daxxPLS/jojhKOHxQ7LWwPjfiwf/fhaJWzlg==",
|
||||
"version": "4.11.2",
|
||||
"resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.2.tgz",
|
||||
"integrity": "sha512-byD6KPdvo72y/wj2T/4zGEvvlis+PsZsn/yPS3pEO+sFpcrqRpX/TJCxvVaEsNeMrfQbCr7w163YqoD9IYwHXw==",
|
||||
"dev": true,
|
||||
"license": "MPL-2.0",
|
||||
"engines": {
|
||||
@@ -4520,9 +4556,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/baseline-browser-mapping": {
|
||||
"version": "2.10.19",
|
||||
"resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.19.tgz",
|
||||
"integrity": "sha512-qCkNLi2sfBOn8XhZQ0FXsT1Ki/Yo5P90hrkRamVFRS7/KV9hpfA4HkoWNU152+8w0zPjnxo5psx5NL3PSGgv5g==",
|
||||
"version": "2.10.13",
|
||||
"resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.13.tgz",
|
||||
"integrity": "sha512-BL2sTuHOdy0YT1lYieUxTw/QMtPBC3pmlJC6xk8BBYVv6vcw3SGdKemQ+Xsx9ik2F/lYDO9tqsFQH1r9PFuHKw==",
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"bin": {
|
||||
@@ -4533,26 +4569,26 @@
|
||||
}
|
||||
},
|
||||
"node_modules/better-auth": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.6.3.tgz",
|
||||
"integrity": "sha512-jMsoSYQyO8nNRuLEoCP+OUShLyeIGU8ioPYqra0IteLjnS3WNjHj21YE/COSJ/V/f0H5SInZiF+uXcEEHREDMQ==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/better-auth/-/better-auth-1.5.6.tgz",
|
||||
"integrity": "sha512-QSpJTqaT1XVfWRQe/fm3PgeuwOIlz1nWX/Dx7nsHStJ382bLzmDbQk2u7IT0IJ6wS5SRxfqEE1Ev9TXontgyAQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@better-auth/core": "1.6.3",
|
||||
"@better-auth/drizzle-adapter": "1.6.3",
|
||||
"@better-auth/kysely-adapter": "1.6.3",
|
||||
"@better-auth/memory-adapter": "1.6.3",
|
||||
"@better-auth/mongo-adapter": "1.6.3",
|
||||
"@better-auth/prisma-adapter": "1.6.3",
|
||||
"@better-auth/telemetry": "1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/drizzle-adapter": "1.5.6",
|
||||
"@better-auth/kysely-adapter": "1.5.6",
|
||||
"@better-auth/memory-adapter": "1.5.6",
|
||||
"@better-auth/mongo-adapter": "1.5.6",
|
||||
"@better-auth/prisma-adapter": "1.5.6",
|
||||
"@better-auth/telemetry": "1.5.6",
|
||||
"@better-auth/utils": "0.3.1",
|
||||
"@better-fetch/fetch": "1.1.21",
|
||||
"@noble/ciphers": "^2.1.1",
|
||||
"@noble/hashes": "^2.0.1",
|
||||
"better-call": "1.3.5",
|
||||
"better-call": "1.3.2",
|
||||
"defu": "^6.1.4",
|
||||
"jose": "^6.1.3",
|
||||
"kysely": "^0.28.14",
|
||||
"kysely": "^0.28.12",
|
||||
"nanostores": "^1.1.1",
|
||||
"zod": "^4.3.6"
|
||||
},
|
||||
@@ -4638,13 +4674,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/better-auth/node_modules/@better-auth/drizzle-adapter": {
|
||||
"version": "1.6.3",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/drizzle-adapter/-/drizzle-adapter-1.6.3.tgz",
|
||||
"integrity": "sha512-P5erUYKoctOnOf+hd3umkOhOqJA+WuDByzmgnxZMBQLhgmusn5cgW10449B9aZu8HxIcU/tUQo/8ucwXHNzZ0A==",
|
||||
"version": "1.5.6",
|
||||
"resolved": "https://registry.npmjs.org/@better-auth/drizzle-adapter/-/drizzle-adapter-1.5.6.tgz",
|
||||
"integrity": "sha512-VfFFmaoFw3ug12SiSuIwzrMoHyIVmkMGWm9gZ4sXdYYVX4HboCL4m3fjzOhppcmK5OGatRuU+N1UX6wxCITcXw==",
|
||||
"license": "MIT",
|
||||
"peerDependencies": {
|
||||
"@better-auth/core": "^1.6.3",
|
||||
"@better-auth/utils": "0.4.0",
|
||||
"@better-auth/core": "1.5.6",
|
||||
"@better-auth/utils": "^0.3.0",
|
||||
"drizzle-orm": ">=0.41.0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
@@ -4654,12 +4690,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/better-call": {
|
||||
"version": "1.3.5",
|
||||
"resolved": "https://registry.npmjs.org/better-call/-/better-call-1.3.5.tgz",
|
||||
"integrity": "sha512-kOFJkBP7utAQLEYrobZm3vkTH8mXq5GNgvjc5/XEST1ilVHaxXUXfeDeFlqoETMtyqS4+3/h4ONX2i++ebZrvA==",
|
||||
"version": "1.3.2",
|
||||
"resolved": "https://registry.npmjs.org/better-call/-/better-call-1.3.2.tgz",
|
||||
"integrity": "sha512-4cZIfrerDsNTn3cm+MhLbUePN0gdwkhSXEuG7r/zuQ8c/H7iU0/jSK5TD3FW7U0MgKHce/8jGpPYNO4Ve+4NBw==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@better-auth/utils": "^0.4.0",
|
||||
"@better-auth/utils": "^0.3.1",
|
||||
"@better-fetch/fetch": "^1.1.21",
|
||||
"rou3": "^0.7.12",
|
||||
"set-cookie-parser": "^3.0.1"
|
||||
@@ -4738,15 +4774,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/call-bind": {
|
||||
"version": "1.0.9",
|
||||
"resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.9.tgz",
|
||||
"integrity": "sha512-a/hy+pNsFUTR+Iz8TCJvXudKVLAnz/DyeSUo10I5yvFDQJBFU2s9uqQpoSrJlroHUKoKqzg+epxyP9lqFdzfBQ==",
|
||||
"version": "1.0.8",
|
||||
"resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz",
|
||||
"integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"call-bind-apply-helpers": "^1.0.2",
|
||||
"es-define-property": "^1.0.1",
|
||||
"get-intrinsic": "^1.3.0",
|
||||
"call-bind-apply-helpers": "^1.0.0",
|
||||
"es-define-property": "^1.0.0",
|
||||
"get-intrinsic": "^1.2.4",
|
||||
"set-function-length": "^1.2.2"
|
||||
},
|
||||
"engines": {
|
||||
@@ -4798,9 +4834,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/caniuse-lite": {
|
||||
"version": "1.0.30001788",
|
||||
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz",
|
||||
"integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==",
|
||||
"version": "1.0.30001784",
|
||||
"resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001784.tgz",
|
||||
"integrity": "sha512-WU346nBTklUV9YfUl60fqRbU5ZqyXlqvo1SgigE1OAXK5bFL8LL9q1K7aap3N739l4BvNqnkm3YrGHiY9sfUQw==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
@@ -5342,9 +5378,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/defu": {
|
||||
"version": "6.1.7",
|
||||
"resolved": "https://registry.npmjs.org/defu/-/defu-6.1.7.tgz",
|
||||
"integrity": "sha512-7z22QmUWiQ/2d0KkdYmANbRUVABpZ9SNYyH5vx6PZ+nE5bcC0l7uFvEfHlyld/HcGBFTL536ClDt3DEcSlEJAQ==",
|
||||
"version": "6.1.6",
|
||||
"resolved": "https://registry.npmjs.org/defu/-/defu-6.1.6.tgz",
|
||||
"integrity": "sha512-f8mefEW4WIVg4LckePx3mALjQSPQgFlg9U8yaPdlsbdYcHQyj9n2zL2LJEA52smeYxOvmd/nB7TpMtHGMTHcug==",
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/delayed-stream": {
|
||||
@@ -5417,9 +5453,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/electron-to-chromium": {
|
||||
"version": "1.5.336",
|
||||
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.336.tgz",
|
||||
"integrity": "sha512-AbH9q9J455r/nLmdNZes0G0ZKcRX73FicwowalLs6ijwOmCJSRRrLX63lcAlzy9ux3dWK1w1+1nsBJEWN11hcQ==",
|
||||
"version": "1.5.331",
|
||||
"resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.331.tgz",
|
||||
"integrity": "sha512-IbxXrsTlD3hRodkLnbxAPP4OuJYdWCeM3IOdT+CpcMoIwIoDfCmRpEtSPfwBXxVkg9xmBeY7Lz2Eo2TDn/HC3Q==",
|
||||
"dev": true,
|
||||
"license": "ISC"
|
||||
},
|
||||
@@ -5458,9 +5494,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/es-abstract": {
|
||||
"version": "1.24.2",
|
||||
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.2.tgz",
|
||||
"integrity": "sha512-2FpH9Q5i2RRwyEP1AylXe6nYLR5OhaJTZwmlcP0dL/+JCbgg7yyEo/sEK6HeGZRf3dFpWwThaRHVApXSkW3xeg==",
|
||||
"version": "1.24.1",
|
||||
"resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
|
||||
"integrity": "sha512-zHXBLhP+QehSSbsS9Pt23Gg964240DPd6QCf8WpkqEXxQ7fhdZzYsocOr5u7apWonsS5EjZDmTF+/slGMyasvw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
@@ -6256,9 +6292,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/globals": {
|
||||
"version": "17.5.0",
|
||||
"resolved": "https://registry.npmjs.org/globals/-/globals-17.5.0.tgz",
|
||||
"integrity": "sha512-qoV+HK2yFl/366t2/Cb3+xxPUo5BuMynomoDmiaZBIdbs+0pYbjfZU+twLhGKp4uCZ/+NbtpVepH5bGCxRyy2g==",
|
||||
"version": "17.4.0",
|
||||
"resolved": "https://registry.npmjs.org/globals/-/globals-17.4.0.tgz",
|
||||
"integrity": "sha512-hjrNztw/VajQwOLsMNT1cbJiH2muO3OROCHnbehc8eY5JyD2gqz4AcMHPqgaOR59DjgUjYAYLeH699g/eWi2jw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
@@ -7229,9 +7265,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/kysely": {
|
||||
"version": "0.28.16",
|
||||
"resolved": "https://registry.npmjs.org/kysely/-/kysely-0.28.16.tgz",
|
||||
"integrity": "sha512-3i5pmOiZvMDj00qhrIVbH0AnioVTx22DMP7Vn5At4yJO46iy+FM8Y/g61ltenLVSo3fiO8h8Q3QOFgf/gQ72ww==",
|
||||
"version": "0.28.15",
|
||||
"resolved": "https://registry.npmjs.org/kysely/-/kysely-0.28.15.tgz",
|
||||
"integrity": "sha512-r2clcf7HLWvDXaVUEvQymXJY4i3bSOIV3xsL/Upy3ZfSv5HeKsk9tsqbBptLvth5qHEIhxeHTA2jNLyQABkLBA==",
|
||||
"license": "MIT",
|
||||
"engines": {
|
||||
"node": ">=20.0.0"
|
||||
@@ -7694,9 +7730,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/msw": {
|
||||
"version": "2.13.3",
|
||||
"resolved": "https://registry.npmjs.org/msw/-/msw-2.13.3.tgz",
|
||||
"integrity": "sha512-/F49bxavkNGfreMlrKmTxZs6YorjfMbbDLd89Q3pWi+cXGtQQNXXaHt4MkXN7li91xnQJ24HWXqW9QDm5id33w==",
|
||||
"version": "2.12.14",
|
||||
"resolved": "https://registry.npmjs.org/msw/-/msw-2.12.14.tgz",
|
||||
"integrity": "sha512-4KXa4nVBIBjbDbd7vfQNuQ25eFxug0aropCQFoI0JdOBuJWamkT1yLVIWReFI8SiTRc+H1hKzaNk+cLk2N9rtQ==",
|
||||
"devOptional": true,
|
||||
"hasInstallScript": true,
|
||||
"license": "MIT",
|
||||
@@ -7712,7 +7748,7 @@
|
||||
"outvariant": "^1.4.3",
|
||||
"path-to-regexp": "^6.3.0",
|
||||
"picocolors": "^1.1.1",
|
||||
"rettime": "^0.11.7",
|
||||
"rettime": "^0.10.1",
|
||||
"statuses": "^2.0.2",
|
||||
"strict-event-emitter": "^0.5.1",
|
||||
"tough-cookie": "^6.0.0",
|
||||
@@ -7739,22 +7775,22 @@
|
||||
}
|
||||
},
|
||||
"node_modules/msw/node_modules/tldts": {
|
||||
"version": "7.0.28",
|
||||
"resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.28.tgz",
|
||||
"integrity": "sha512-+Zg3vWhRUv8B1maGSTFdev9mjoo8Etn2Ayfs4cnjlD3CsGkxXX4QyW3j2WJ0wdjYcYmy7Lx2RDsZMhgCWafKIw==",
|
||||
"version": "7.0.27",
|
||||
"resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.27.tgz",
|
||||
"integrity": "sha512-I4FZcVFcqCRuT0ph6dCDpPuO4Xgzvh+spkcTr1gK7peIvxWauoloVO0vuy1FQnijT63ss6AsHB6+OIM4aXHbPg==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"tldts-core": "^7.0.28"
|
||||
"tldts-core": "^7.0.27"
|
||||
},
|
||||
"bin": {
|
||||
"tldts": "bin/cli.js"
|
||||
}
|
||||
},
|
||||
"node_modules/msw/node_modules/tldts-core": {
|
||||
"version": "7.0.28",
|
||||
"resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.28.tgz",
|
||||
"integrity": "sha512-7W5Efjhsc3chVdFhqtaU0KtK32J37Zcr9RKtID54nG+tIpcY79CQK/veYPODxtD/LJ4Lue66jvrQzIX2Z2/pUQ==",
|
||||
"version": "7.0.27",
|
||||
"resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.27.tgz",
|
||||
"integrity": "sha512-YQ7uPjgWUibIK6DW5lrKujGwUKhLevU4hcGbP5O6TcIUb+oTjJYJVWPS4nZsIHrEEEG6myk/oqAJUEQmpZrHsg==",
|
||||
"devOptional": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
@@ -8033,9 +8069,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/path-scurry/node_modules/lru-cache": {
|
||||
"version": "11.3.5",
|
||||
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.5.tgz",
|
||||
"integrity": "sha512-NxVFwLAnrd9i7KUBxC4DrUhmgjzOs+1Qm50D3oF1/oL+r1NpZ4gA7xvG0/zJ8evR7zIKn4vLf7qTNduWFtCrRw==",
|
||||
"version": "11.2.7",
|
||||
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.7.tgz",
|
||||
"integrity": "sha512-aY/R+aEsRelme17KGQa/1ZSIpLpNYYrhcrepKTZgE+W3WM16YMCaPwOHLHsmopZHELU0Ojin1lPVxKR0MihncA==",
|
||||
"dev": true,
|
||||
"license": "BlueOak-1.0.0",
|
||||
"engines": {
|
||||
@@ -8128,9 +8164,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/postcss": {
|
||||
"version": "8.5.9",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.9.tgz",
|
||||
"integrity": "sha512-7a70Nsot+EMX9fFU3064K/kdHWZqGVY+BADLyXc8Dfv+mTLLVl6JzJpPaCZ2kQL9gIJvKXSLMHhqdRRjwQeFtw==",
|
||||
"version": "8.5.13",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
|
||||
"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
|
||||
"devOptional": true,
|
||||
"funding": [
|
||||
{
|
||||
@@ -8253,9 +8289,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/react-is": {
|
||||
"version": "19.2.5",
|
||||
"resolved": "https://registry.npmjs.org/react-is/-/react-is-19.2.5.tgz",
|
||||
"integrity": "sha512-Dn0t8IQhCmeIT3wu+Apm1/YVsJXsGWi6k4sPdnBIdqMVtHtv0IGi6dcpNpNkNac0zB2uUAqNX3MHzN8c+z2rwQ==",
|
||||
"version": "19.2.4",
|
||||
"resolved": "https://registry.npmjs.org/react-is/-/react-is-19.2.4.tgz",
|
||||
"integrity": "sha512-W+EWGn2v0ApPKgKKCy/7s7WHXkboGcsrXE+2joLyVxkbyVQfO3MUEaUQDHoSmb8TFFrSKYa9mw64WZHNHSDzYA==",
|
||||
"license": "MIT",
|
||||
"peer": true
|
||||
},
|
||||
@@ -8293,9 +8329,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/react-router": {
|
||||
"version": "7.14.1",
|
||||
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.1.tgz",
|
||||
"integrity": "sha512-5BCvFskyAAVumqhEKh/iPhLOIkfxcEUz8WqFIARCkMg8hZZzDYX9CtwxXA0e+qT8zAxmMC0x3Ckb9iMONwc5jg==",
|
||||
"version": "7.14.0",
|
||||
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.0.tgz",
|
||||
"integrity": "sha512-m/xR9N4LQLmAS0ZhkY2nkPA1N7gQ5TUVa5n8TgANuDTARbn1gt+zLPXEm7W0XDTbrQ2AJSJKhoa6yx1D8BcpxQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"cookie": "^1.0.1",
|
||||
@@ -8315,12 +8351,12 @@
|
||||
}
|
||||
},
|
||||
"node_modules/react-router-dom": {
|
||||
"version": "7.14.1",
|
||||
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.1.tgz",
|
||||
"integrity": "sha512-ZkrQuwwhGibjQLqH1eCdyiZyLWglPxzxdl5tgwgKEyCSGC76vmAjleGocRe3J/MLfzMUIKwaFJWpFVJhK3d2xA==",
|
||||
"version": "7.14.0",
|
||||
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.0.tgz",
|
||||
"integrity": "sha512-2G3ajSVSZMEtmTjIklRWlNvo8wICEpLihfD/0YMDxbWK2UyP5EGfnoIn9AIQGnF3G/FX0MRbHXdFcD+rL1ZreQ==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"react-router": "7.14.1"
|
||||
"react-router": "7.14.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=20.0.0"
|
||||
@@ -8485,9 +8521,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/regjsparser": {
|
||||
"version": "0.13.1",
|
||||
"resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.1.tgz",
|
||||
"integrity": "sha512-dLsljMd9sqwRkby8zhO1gSg3PnJIBFid8f4CQj/sXx+7cKx+E7u0PKhZ+U4wmhx7EfmtvnA318oVaIkAB1lRJw==",
|
||||
"version": "0.13.0",
|
||||
"resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.0.tgz",
|
||||
"integrity": "sha512-NZQZdC5wOE/H3UT28fVGL+ikOZcEzfMGk/c3iN9UGxzWHMa1op7274oyiUVrAG4B2EuFhus8SvkaYnhvW92p9Q==",
|
||||
"dev": true,
|
||||
"license": "BSD-2-Clause",
|
||||
"dependencies": {
|
||||
@@ -8524,13 +8560,12 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/resolve": {
|
||||
"version": "1.22.12",
|
||||
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz",
|
||||
"integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==",
|
||||
"version": "1.22.11",
|
||||
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.11.tgz",
|
||||
"integrity": "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"es-errors": "^1.3.0",
|
||||
"is-core-module": "^2.16.1",
|
||||
"path-parse": "^1.0.7",
|
||||
"supports-preserve-symlinks-flag": "^1.0.0"
|
||||
@@ -8556,9 +8591,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/rettime": {
|
||||
"version": "0.11.7",
|
||||
"resolved": "https://registry.npmjs.org/rettime/-/rettime-0.11.7.tgz",
|
||||
"integrity": "sha512-DoAm1WjR1eH7z8sHPtvvUMIZh4/CSKkGCz6CxPqOrEAnOGtOuHSnSE9OC+razqxKuf4ub7pAYyl/vZV0vGs5tg==",
|
||||
"version": "0.10.1",
|
||||
"resolved": "https://registry.npmjs.org/rettime/-/rettime-0.10.1.tgz",
|
||||
"integrity": "sha512-uyDrIlUEH37cinabq0AX4QbgV4HbFZ/gqoiunWQ1UqBtRvTTytwhNYjE++pO/MjPTZL5KQCf2bEoJ/BJNVQ5Kw==",
|
||||
"devOptional": true,
|
||||
"license": "MIT"
|
||||
},
|
||||
@@ -8823,14 +8858,14 @@
|
||||
}
|
||||
},
|
||||
"node_modules/side-channel-list": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
|
||||
"integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
|
||||
"integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"es-errors": "^1.3.0",
|
||||
"object-inspect": "^1.13.4"
|
||||
"object-inspect": "^1.13.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">= 0.4"
|
||||
@@ -9370,14 +9405,14 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/tinyglobby": {
|
||||
"version": "0.2.16",
|
||||
"resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
|
||||
"integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==",
|
||||
"version": "0.2.15",
|
||||
"resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
|
||||
"integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"fdir": "^6.5.0",
|
||||
"picomatch": "^4.0.4"
|
||||
"picomatch": "^4.0.3"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=12.0.0"
|
||||
@@ -9475,6 +9510,14 @@
|
||||
"typescript": ">=4.8.4"
|
||||
}
|
||||
},
|
||||
"node_modules/tslib": {
|
||||
"version": "2.8.1",
|
||||
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
|
||||
"integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
|
||||
"dev": true,
|
||||
"license": "0BSD",
|
||||
"optional": true
|
||||
},
|
||||
"node_modules/type-check": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
|
||||
@@ -9597,16 +9640,16 @@
|
||||
}
|
||||
},
|
||||
"node_modules/typescript-eslint": {
|
||||
"version": "8.58.2",
|
||||
"resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.58.2.tgz",
|
||||
"integrity": "sha512-V8iSng9mRbdZjl54VJ9NKr6ZB+dW0J3TzRXRGcSbLIej9jV86ZRtlYeTKDR/QLxXykocJ5icNzbsl2+5TzIvcQ==",
|
||||
"version": "8.58.0",
|
||||
"resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.58.0.tgz",
|
||||
"integrity": "sha512-e2TQzKfaI85fO+F3QywtX+tCTsu/D3WW5LVU6nz8hTFKFZ8yBJ6mSYRpXqdR3mFjPWmO0eWsTa5f+UpAOe/FMA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@typescript-eslint/eslint-plugin": "8.58.2",
|
||||
"@typescript-eslint/parser": "8.58.2",
|
||||
"@typescript-eslint/typescript-estree": "8.58.2",
|
||||
"@typescript-eslint/utils": "8.58.2"
|
||||
"@typescript-eslint/eslint-plugin": "8.58.0",
|
||||
"@typescript-eslint/parser": "8.58.0",
|
||||
"@typescript-eslint/typescript-estree": "8.58.0",
|
||||
"@typescript-eslint/utils": "8.58.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
|
||||
@@ -10022,6 +10065,33 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/vitest/node_modules/@vitest/mocker": {
|
||||
"version": "3.2.4",
|
||||
"resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz",
|
||||
"integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@vitest/spy": "3.2.4",
|
||||
"estree-walker": "^3.0.3",
|
||||
"magic-string": "^0.30.17"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://opencollective.com/vitest"
|
||||
},
|
||||
"peerDependencies": {
|
||||
"msw": "^2.4.9",
|
||||
"vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
|
||||
},
|
||||
"peerDependenciesMeta": {
|
||||
"msw": {
|
||||
"optional": true
|
||||
},
|
||||
"vite": {
|
||||
"optional": true
|
||||
}
|
||||
}
|
||||
},
|
||||
"node_modules/w3c-xmlserializer": {
|
||||
"version": "5.0.0",
|
||||
"resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz",
|
||||
|
||||
@@ -9,7 +9,7 @@ export default defineConfig({
|
||||
},
|
||||
],
|
||||
webServer: {
|
||||
command: 'VITE_MOCK_AUTH=true npm run dev',
|
||||
command: 'npm run dev',
|
||||
url: 'http://localhost:5173',
|
||||
reuseExistingServer: !process.env.CI,
|
||||
},
|
||||
|
||||
@@ -5,6 +5,7 @@ WORKDIR /app
|
||||
|
||||
# build-essential and libpq-dev are needed to compile any C-extension wheels
|
||||
# (e.g. psycopg2 fallback). No git needed — common/ is copied from the repo root.
|
||||
ARG APT_CACHE_BUST=1
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
libpq-dev \
|
||||
build-essential \
|
||||
@@ -25,6 +26,7 @@ FROM python:3.12-slim AS prod
|
||||
WORKDIR /app
|
||||
|
||||
# Install Playwright system dependencies for Chromium
|
||||
ARG APT_CACHE_BUST=1
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \
|
||||
libnss3 \
|
||||
libatk1.0-0 \
|
||||
|
||||
@@ -11,7 +11,7 @@ dependencies = [
|
||||
"cartsnitch-common>=0.1.0",
|
||||
"playwright>=1.49,<2.0",
|
||||
"playwright-stealth>=1.0,<2.0",
|
||||
"cryptography>=42.0,<44.0",
|
||||
"cryptography>=46.0,<47.0",
|
||||
"fastapi>=0.115,<1.0",
|
||||
"uvicorn[standard]>=0.30,<1.0",
|
||||
"beautifulsoup4>=4.12,<5.0",
|
||||
|
||||
Executable
+38
@@ -0,0 +1,38 @@
|
||||
#!/usr/bin/env bash
|
||||
# =============================================================================
|
||||
# apply-seed-job.sh — Apply the seed Job manifest for a given environment.
|
||||
#
|
||||
# Usage:
|
||||
# ./apply-seed-job.sh <env>
|
||||
#
|
||||
# Example:
|
||||
# ./apply-seed-job.sh uat
|
||||
# ./apply-seed-job.sh dev
|
||||
# =============================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ENV="${1:-}"
|
||||
HELP_FLAG=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--help) HELP_FLAG="1"; shift ;;
|
||||
*) ENV="$1"; shift ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -n "$HELP_FLAG" ]] || [[ -z "$ENV" ]]; then
|
||||
echo "Usage: $0 <env>"
|
||||
echo " env dev or uat"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ "$ENV" != "dev" && "$ENV" != "uat" ]]; then
|
||||
echo "ERROR: Invalid environment: $ENV (must be 'dev' or 'uat')" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SCRIPT_DIR="$(dirname "$0")"
|
||||
sed "s/__ENV__/${ENV}/g" "${SCRIPT_DIR}/seed-env-job.yaml" | kubectl apply -f -
|
||||
echo "Seed job applied for environment: $ENV"
|
||||
@@ -58,4 +58,4 @@ spec:
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
memory: 512Mi
|
||||
+2
-103
@@ -1,104 +1,3 @@
|
||||
#!/usr/bin/env bash
|
||||
# =============================================================================
|
||||
# seed-dev.sh — Run the CartSnitch seed runner against the dev database.
|
||||
#
|
||||
# Usage:
|
||||
# ./seed-dev.sh Run full seed against dev
|
||||
# ./seed-dev.sh --dry-run Show planned record counts without writing
|
||||
# ./seed-dev.sh --help Show this help
|
||||
#
|
||||
# Prerequisites:
|
||||
# - kubectl configured for the cartsnitch-dev cluster
|
||||
# - Namespace cartsnitch-dev exists (CNPG Postgres must be running)
|
||||
#
|
||||
# What it does:
|
||||
# 1. Starts a background port-forward to cartsnitch-pg-rw:5432
|
||||
# 2. Waits for the tunnel to be ready
|
||||
# 3. Runs python -m cartsnitch_common.seed with --database-url pointing
|
||||
# to localhost:<forwarded-port>/cartsnitch
|
||||
# 4. Cleans up the port-forward on exit (normal, interrupt, or error)
|
||||
# =============================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# --- Config -------------------------------------------------------------------
|
||||
readonly NAMESPACE="cartsnitch-dev"
|
||||
readonly SVC_NAME="cartsnitch-pg-rw"
|
||||
readonly LOCAL_PORT="5433" # use a non-privileged port to avoid conflicts
|
||||
readonly DB_NAME="cartsnitch"
|
||||
readonly PG_USER="cartsnitch"
|
||||
# Retrieve password from the CNPG credentials secret
|
||||
readonly PG_PASSWORD="$(
|
||||
kubectl get secret cartsnitch-pg-credentials \
|
||||
-n "$NAMESPACE" \
|
||||
-o jsonpath='{.data.password}' \
|
||||
| base64 -d
|
||||
)"
|
||||
readonly DB_URL="postgresql://${PG_USER}:${PG_PASSWORD}@localhost:${LOCAL_PORT}/${DB_NAME}"
|
||||
|
||||
# --- Helpers ------------------------------------------------------------------
|
||||
log() { echo "[seed-dev] $*"; }
|
||||
fail() { log "ERROR: $*" >&2; exit 1; }
|
||||
|
||||
# Cleanup port-forward and exit.
|
||||
cleanup() {
|
||||
if [[ -n "${PF_PID:-}" ]]; then
|
||||
log "Stopping port-forward (PID $PF_PID)..."
|
||||
kill "$PF_PID" 2>/dev/null || true
|
||||
wait "$PF_PID" 2>/dev/null || true
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# --- Args ---------------------------------------------------------------------
|
||||
DRY_RUN=""
|
||||
HELP_FLAG=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--dry-run) DRY_RUN="--dry-run"; shift ;;
|
||||
--help) HELP_FLAG="1"; shift ;;
|
||||
*) fail "Unknown argument: $1";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -n "$HELP_FLAG" ]]; then
|
||||
sed -n '3,/^# ---/p' "$0" | head -n -1 | sed 's/^# //'
|
||||
echo ""
|
||||
echo "Additional arguments are passed through to the seed runner."
|
||||
echo "Common seed-runner options:"
|
||||
echo " --dry-run Show planned record counts without writing"
|
||||
echo " --seed N Set random seed (default: 42)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# --- Prerequisites ------------------------------------------------------------
|
||||
if ! command -v kubectl &>/dev/null; then
|
||||
fail "kubectl not found — must be installed and configured."
|
||||
fi
|
||||
|
||||
# --- Port-forward -------------------------------------------------------------
|
||||
log "Starting port-forward ${SVC_NAME}:5432 -> localhost:${LOCAL_PORT} ..."
|
||||
kubectl port-forward \
|
||||
-n "$NAMESPACE" \
|
||||
svc/"$SVC_NAME" \
|
||||
"${LOCAL_PORT}:5432" \
|
||||
&>/dev/null &
|
||||
PF_PID=$!
|
||||
|
||||
# Give the tunnel a moment to establish
|
||||
sleep 2
|
||||
|
||||
# Verify the tunnel is up
|
||||
if ! kill -0 "$PF_PID" 2>/dev/null; then
|
||||
fail "Port-forward failed to start."
|
||||
fi
|
||||
log "Port-forward active (PID $PF_PID) on localhost:${LOCAL_PORT}"
|
||||
|
||||
# --- Seed --------------------------------------------------------------------
|
||||
log "Running seed against dev database..."
|
||||
set -x
|
||||
python -m cartsnitch_common.seed --database-url "$DB_URL" $DRY_RUN
|
||||
set +x
|
||||
|
||||
log "Done."
|
||||
# Backward-compat wrapper — delegates to seed-env.sh dev
|
||||
exec "$(dirname "$0")/seed-env.sh" dev "$@"
|
||||
@@ -0,0 +1,58 @@
|
||||
# seed-env-job.yaml
|
||||
# K8s Job to run the CartSnitch seed runner against any CartSnitch database.
|
||||
#
|
||||
# Usage (via apply-seed-job.sh):
|
||||
# bash scripts/apply-seed-job.sh dev
|
||||
# bash scripts/apply-seed-job.sh uat
|
||||
#
|
||||
# To view logs:
|
||||
# kubectl logs -n cartsnitch-<env> job/seed-env -f
|
||||
#
|
||||
# To re-run after fixing issues:
|
||||
# kubectl delete -f - -n cartsnitch-<env> && bash scripts/apply-seed-job.sh <env>
|
||||
#
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: seed-env
|
||||
namespace: cartsnitch-__ENV__
|
||||
labels:
|
||||
app: cartsnitch
|
||||
component: seed
|
||||
environment: __ENV__
|
||||
annotations:
|
||||
description: "Runs cartsnitch-common seed runner to populate __ENV__ database with realistic test data."
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
concurrencyPolicy: Forbid
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: cartsnitch
|
||||
component: seed
|
||||
environment: __ENV__
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: seed
|
||||
image: python:3.12-slim
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
pip install --no-cache-dir "cartsnitch-common @ git+https://github.com/cartsnitch/common.git@main" && \
|
||||
python -m cartsnitch_common.seed --database-url "$${DATABASE_URL}"
|
||||
env:
|
||||
- name: DATABASE_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cartsnitch-secrets
|
||||
key: database-url-pg
|
||||
optional: false
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
Executable
+122
@@ -0,0 +1,122 @@
|
||||
#!/usr/bin/env bash
|
||||
# =============================================================================
|
||||
# seed-env.sh — Run the CartSnitch seed runner against any CartSnitch database.
|
||||
#
|
||||
# Usage:
|
||||
# ./seed-env.sh [--env dev|uat] [--dry-run] [--help]
|
||||
# ./seed-env.sh uat --dry-run Run dry-run against UAT
|
||||
# ./seed-env.sh dev Run full seed against dev (default)
|
||||
#
|
||||
# Prerequisites:
|
||||
# - kubectl configured for the target cluster
|
||||
# - Namespace cartsnitch-<env> exists (CNPG Postgres must be running)
|
||||
#
|
||||
# What it does:
|
||||
# 1. Starts a background port-forward to cartsnitch-pg-rw:5432
|
||||
# 2. Waits for the tunnel to be ready
|
||||
# 3. Runs python -m cartsnitch_common.seed with --database-url pointing
|
||||
# to localhost:<forwarded-port>/cartsnitch
|
||||
# 4. Cleans up the port-forward on exit (normal, interrupt, or error)
|
||||
# =============================================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# --- Config -------------------------------------------------------------------
|
||||
ENV="dev"
|
||||
if [[ "${1:-}" == "dev" || "${1:-}" == "uat" ]]; then
|
||||
ENV="$1"; shift
|
||||
fi
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--env) ENV="$2"; shift 2 ;;
|
||||
--dry-run|--help) break ;;
|
||||
*) break ;;
|
||||
esac
|
||||
done
|
||||
|
||||
NAMESPACE="cartsnitch-${ENV}"
|
||||
SVC_NAME="cartsnitch-pg-rw"
|
||||
LOCAL_PORT="5433"
|
||||
DB_NAME="cartsnitch"
|
||||
PG_USER="cartsnitch"
|
||||
PG_PASSWORD="$(
|
||||
kubectl get secret cartsnitch-pg-credentials \
|
||||
-n "$NAMESPACE" \
|
||||
-o jsonpath='{.data.password}' \
|
||||
| base64 -d
|
||||
)"
|
||||
DB_URL="postgresql://${PG_USER}:${PG_PASSWORD}@localhost:${LOCAL_PORT}/${DB_NAME}"
|
||||
|
||||
# --- Helpers ------------------------------------------------------------------
|
||||
log() { echo "[seed-env] [$ENV] $*"; }
|
||||
fail() { log "ERROR: $*" >&2; exit 1; }
|
||||
|
||||
cleanup() {
|
||||
if [[ -n "${PF_PID:-}" ]]; then
|
||||
log "Stopping port-forward (PID $PF_PID)..."
|
||||
kill "$PF_PID" 2>/dev/null || true
|
||||
wait "$PF_PID" 2>/dev/null || true
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# --- Args ---------------------------------------------------------------------
|
||||
DRY_RUN=""
|
||||
HELP_FLAG=""
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--dry-run) DRY_RUN="--dry-run"; shift ;;
|
||||
--help) HELP_FLAG="1"; shift ;;
|
||||
*) fail "Unknown argument: $1";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -n "$HELP_FLAG" ]]; then
|
||||
echo "Usage: $0 [--env dev|uat] [--dry-run] [--help]"
|
||||
echo ""
|
||||
echo "Positional / keyword arguments:"
|
||||
echo " --env dev|uat Target environment (default: dev)"
|
||||
echo " --dry-run Show planned record counts without writing"
|
||||
echo " --help Show this help"
|
||||
echo ""
|
||||
echo "Additional arguments are passed through to the seed runner."
|
||||
echo "Common seed-runner options:"
|
||||
echo " --seed N Set random seed (default: 42)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# --- Validate env --------------------------------------------------------------
|
||||
if [[ "$ENV" != "dev" && "$ENV" != "uat" ]]; then
|
||||
fail "Invalid environment: $ENV (must be 'dev' or 'uat')"
|
||||
fi
|
||||
|
||||
# --- Prerequisites ------------------------------------------------------------
|
||||
if ! command -v kubectl &>/dev/null; then
|
||||
fail "kubectl not found — must be installed and configured."
|
||||
fi
|
||||
|
||||
# --- Port-forward -------------------------------------------------------------
|
||||
log "Starting port-forward ${SVC_NAME}:5432 -> localhost:${LOCAL_PORT} ..."
|
||||
kubectl port-forward \
|
||||
-n "$NAMESPACE" \
|
||||
svc/"$SVC_NAME" \
|
||||
"${LOCAL_PORT}:5432" \
|
||||
&>/dev/null &
|
||||
PF_PID=$!
|
||||
|
||||
sleep 2
|
||||
|
||||
if ! kill -0 "$PF_PID" 2>/dev/null; then
|
||||
fail "Port-forward failed to start."
|
||||
fi
|
||||
log "Port-forward active (PID $PF_PID) on localhost:${LOCAL_PORT}"
|
||||
|
||||
# --- Seed --------------------------------------------------------------------
|
||||
log "Running seed against ${ENV} database..."
|
||||
set -x
|
||||
python -m cartsnitch_common.seed --database-url "$DB_URL" $DRY_RUN
|
||||
set +x
|
||||
|
||||
log "Done."
|
||||
@@ -1,25 +1,8 @@
|
||||
import { useEffect } from 'react'
|
||||
import { Navigate, Outlet } from 'react-router-dom'
|
||||
import { authClient } from '../lib/auth-client.ts'
|
||||
import { useAuthStore } from '../stores/auth.ts'
|
||||
|
||||
export function ProtectedRoute() {
|
||||
const isMockAuth = import.meta.env.VITE_MOCK_AUTH === 'true'
|
||||
const { data: session, isPending } = authClient.useSession()
|
||||
const isAuthenticated = useAuthStore((s) => s.isAuthenticated)
|
||||
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||
|
||||
useEffect(() => {
|
||||
if (!isMockAuth) {
|
||||
setAuthenticated(!!session)
|
||||
}
|
||||
}, [session, setAuthenticated, isMockAuth])
|
||||
|
||||
// In mock auth mode, rely on Zustand store (set by Login/Register pages)
|
||||
if (isMockAuth) {
|
||||
if (!isAuthenticated) return <Navigate to="/login" replace />
|
||||
return <Outlet />
|
||||
}
|
||||
|
||||
if (isPending) {
|
||||
return (
|
||||
|
||||
@@ -126,7 +126,7 @@ function AlertCard({
|
||||
</Link>
|
||||
<div className="mt-1 flex items-center gap-2">
|
||||
<span className="text-xs text-gray-500">Target: ${alert.targetPrice.toFixed(2)}</span>
|
||||
<span className="text-xs text-gray-400">·</span>
|
||||
<span className="text-xs text-gray-500">·</span>
|
||||
<span className={`text-xs font-medium ${isBelow ? 'text-green-700' : 'text-gray-500'}`}>
|
||||
Now: ${alert.currentPrice.toFixed(2)}
|
||||
</span>
|
||||
@@ -145,7 +145,7 @@ function AlertCard({
|
||||
)}
|
||||
<button
|
||||
onClick={() => onDelete(alert.id)}
|
||||
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-400 active:bg-gray-100"
|
||||
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-500 active:bg-gray-100"
|
||||
aria-label="Delete alert"
|
||||
>
|
||||
<svg className="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
|
||||
|
||||
@@ -62,7 +62,7 @@ export function Coupons() {
|
||||
<p className="mt-0.5 text-xs text-gray-500">{coupon.storeName}</p>
|
||||
<p
|
||||
className={`mt-1 text-xs ${
|
||||
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-400'
|
||||
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-500'
|
||||
}`}
|
||||
>
|
||||
Expires{' '}
|
||||
|
||||
@@ -79,21 +79,21 @@ function AuthenticatedDashboard({ userName }: { userName: string }) {
|
||||
<div className="rounded-xl bg-white p-4 shadow-sm">
|
||||
<p className="text-xs font-medium text-gray-500">Watching</p>
|
||||
<p className="mt-1 text-2xl font-bold text-gray-900">{watchingAlerts.length}</p>
|
||||
<p className="text-xs text-gray-400">price alerts</p>
|
||||
<p className="text-xs text-gray-600">price alerts</p>
|
||||
</div>
|
||||
<div className="rounded-xl bg-white p-4 shadow-sm">
|
||||
<p className="text-xs font-medium text-gray-500">This Month</p>
|
||||
<p className="mt-1 text-2xl font-bold text-gray-900">
|
||||
${recentPurchases.reduce((sum, p) => sum + p.total, 0).toFixed(0)}
|
||||
</p>
|
||||
<p className="text-xs text-gray-400">grocery spend</p>
|
||||
<p className="text-xs text-gray-600">grocery spend</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{/* Price trend sparklines */}
|
||||
<section className="mt-6">
|
||||
<h2 className="mb-3 text-lg font-semibold text-gray-700">Price Trends</h2>
|
||||
<div className="rounded-xl bg-white p-4 shadow-sm text-center text-sm text-gray-400">
|
||||
<div className="rounded-xl bg-white p-4 shadow-sm text-center text-sm text-gray-600">
|
||||
Connect a store to see price trends
|
||||
</div>
|
||||
</section>
|
||||
|
||||
+7
-14
@@ -1,15 +1,12 @@
|
||||
import { useState } from 'react'
|
||||
import { Link, useNavigate } from 'react-router-dom'
|
||||
import { Link } from 'react-router-dom'
|
||||
import { authClient } from '../lib/auth-client.ts'
|
||||
import { useAuthStore } from '../stores/auth.ts'
|
||||
|
||||
export function Login() {
|
||||
const [email, setEmail] = useState('')
|
||||
const [password, setPassword] = useState('')
|
||||
const [error, setError] = useState('')
|
||||
const [loading, setLoading] = useState(false)
|
||||
const navigate = useNavigate()
|
||||
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||
|
||||
async function handleSubmit(e: React.FormEvent) {
|
||||
e.preventDefault()
|
||||
@@ -31,21 +28,17 @@ export function Login() {
|
||||
throw new Error(authError.message ?? 'Sign in failed')
|
||||
}
|
||||
|
||||
// After successful signIn, force a session fetch to confirm the cookie is set
|
||||
// before navigating to the protected route
|
||||
// After successful signIn, force a full page reload so Better-Auth's
|
||||
// useSession() reinitializes with fresh cookie-backed session state.
|
||||
// Using React Router's navigate() races with Better-Auth's internal update.
|
||||
const sessionResult = await authClient.getSession()
|
||||
if (sessionResult.data) {
|
||||
navigate('/')
|
||||
window.location.href = '/'
|
||||
} else {
|
||||
setError('Sign in failed. Please try again.')
|
||||
}
|
||||
} catch {
|
||||
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||
setAuthenticated(true)
|
||||
navigate('/')
|
||||
} else {
|
||||
setError('Invalid email or password. Please try again.')
|
||||
}
|
||||
setError('Invalid email or password. Please try again.')
|
||||
} finally {
|
||||
setLoading(false)
|
||||
}
|
||||
@@ -100,4 +93,4 @@ export function Login() {
|
||||
</p>
|
||||
</main>
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -97,7 +97,7 @@ export function Purchases() {
|
||||
</div>
|
||||
|
||||
{/* Item preview */}
|
||||
<p className="mt-2 truncate text-xs text-gray-400">
|
||||
<p className="mt-2 truncate text-xs text-gray-500">
|
||||
{purchase.items
|
||||
.slice(0, 3)
|
||||
.map((i) => i.name)
|
||||
|
||||
+3
-57
@@ -1,7 +1,6 @@
|
||||
import { useState } from 'react'
|
||||
import { Link, useNavigate } from 'react-router-dom'
|
||||
import { Link } from 'react-router-dom'
|
||||
import { authClient } from '../lib/auth-client.ts'
|
||||
import { useAuthStore } from '../stores/auth.ts'
|
||||
|
||||
export function Register() {
|
||||
const [name, setName] = useState('')
|
||||
@@ -9,11 +8,6 @@ export function Register() {
|
||||
const [password, setPassword] = useState('')
|
||||
const [error, setError] = useState('')
|
||||
const [loading, setLoading] = useState(false)
|
||||
const [registrationComplete, setRegistrationComplete] = useState(false)
|
||||
const [resendLoading, setResendLoading] = useState(false)
|
||||
const [resendMessage, setResendMessage] = useState('')
|
||||
const navigate = useNavigate()
|
||||
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||
|
||||
async function handleSubmit(e: React.FormEvent) {
|
||||
e.preventDefault()
|
||||
@@ -41,62 +35,14 @@ export function Register() {
|
||||
throw new Error(authError.message ?? 'Registration failed')
|
||||
}
|
||||
|
||||
setRegistrationComplete(true)
|
||||
setError('Account created! Please sign in.')
|
||||
} catch {
|
||||
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||
setAuthenticated(true)
|
||||
navigate('/')
|
||||
} else {
|
||||
setError('Registration failed. Please try again.')
|
||||
}
|
||||
setError('Registration failed. Please try again.')
|
||||
} finally {
|
||||
setLoading(false)
|
||||
}
|
||||
}
|
||||
|
||||
async function handleResendVerification() {
|
||||
setResendLoading(true)
|
||||
setResendMessage('')
|
||||
try {
|
||||
const { error } = await authClient.sendVerificationEmail({ email })
|
||||
if (error) {
|
||||
setResendMessage('Failed to resend. Please try again.')
|
||||
} else {
|
||||
setResendMessage('Verification email sent!')
|
||||
}
|
||||
} finally {
|
||||
setResendLoading(false)
|
||||
}
|
||||
}
|
||||
|
||||
if (registrationComplete) {
|
||||
return (
|
||||
<div className="flex min-h-screen flex-col items-center justify-center px-4">
|
||||
<h1 className="mb-2 text-3xl font-bold text-gray-900">Check your email</h1>
|
||||
<p className="mb-8 text-sm text-gray-500">
|
||||
We sent a verification link to {email}. Click it to activate your account.
|
||||
</p>
|
||||
<button
|
||||
type="button"
|
||||
onClick={handleResendVerification}
|
||||
disabled={resendLoading}
|
||||
className="min-h-12 rounded-xl bg-brand-blue px-6 py-3 text-base font-medium text-white active:bg-brand-blue/90 disabled:opacity-60"
|
||||
>
|
||||
{resendLoading ? 'Sending...' : 'Resend email'}
|
||||
</button>
|
||||
{resendMessage && (
|
||||
<p className="mt-4 text-sm text-gray-500">{resendMessage}</p>
|
||||
)}
|
||||
<p className="mt-6 text-sm text-gray-500">
|
||||
Already have an account?{' '}
|
||||
<Link to="/login" className="text-brand-blue">
|
||||
Sign in
|
||||
</Link>
|
||||
</p>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="flex min-h-screen flex-col items-center justify-center px-4">
|
||||
<h1 className="mb-2 text-3xl font-bold text-gray-900">Create Account</h1>
|
||||
|
||||
@@ -153,7 +153,7 @@ export function Settings() {
|
||||
{copied ? 'Copied!' : 'Copy'}
|
||||
</button>
|
||||
</div>
|
||||
<p className="mt-2 text-xs text-gray-400">
|
||||
<p className="mt-2 text-xs text-gray-500">
|
||||
Supports Meijer, Kroger, and Target receipt emails.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
@@ -89,7 +89,7 @@ export function StoreComparison() {
|
||||
{pp.price === lowestPrice ? (
|
||||
<span className="text-xs font-medium text-green-600">Best price</span>
|
||||
) : (
|
||||
<span className="text-xs text-gray-400">
|
||||
<span className="text-xs text-gray-500">
|
||||
+${(pp.price - lowestPrice).toFixed(2)}
|
||||
</span>
|
||||
)}
|
||||
@@ -99,7 +99,7 @@ export function StoreComparison() {
|
||||
))}
|
||||
</div>
|
||||
|
||||
<p className="mt-6 text-center text-xs text-gray-400">
|
||||
<p className="mt-6 text-center text-xs text-gray-500">
|
||||
Prices last verified from store loyalty card data. Map view coming soon.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
+1
-1
@@ -7,6 +7,6 @@ export default defineConfig({
|
||||
environment: 'jsdom',
|
||||
globals: true,
|
||||
setupFiles: ['./src/test/setup.ts'],
|
||||
exclude: ['e2e/**', 'node_modules/**'],
|
||||
exclude: ['e2e/**', 'auth/**', 'node_modules/**'],
|
||||
},
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user