Compare commits

...

65 Commits

Author SHA1 Message Date
Chris Farhood 04965eb89d fix(auth): restore unconditional Better-Auth fallback, add unknown-path test
Remove startsWith('/auth') guard that caused non-auth paths to hang with
no response. Better-Auth already handles /health and /auth/health are
explicitly short-circuited before the handler. Add test asserting unknown
paths receive a terminal response within 1s.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 20:58:50 +00:00
Chris Farhood ea2fddc5cb fix(auth): support /auth/health path and align db response with tests
- Add /auth/health as additional health check route (Envoy forwards full path)
- Change db status 'connected' to 'reachable' to match health.test.ts
- Only pass /auth/* routes to Better-Auth handler to prevent 404 on unknown routes

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 16:22:41 +00:00
Chris Farhood 44d9502673 chore: exclude auth tests from root vitest
Auth package has its own test runner (node --test) configured.
Exclude auth directory from root vitest to prevent no-test-suite error.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 15:51:53 +00:00
Chris Farhood 3ac61908f5 test(auth): add health endpoint unit tests
- Add node:test suite for auth health endpoint covering:
  - 200 with db=reachable when pool.connect succeeds
  - 503 with db=unreachable when pool.connect throws
  - 503 with db=unreachable when query times out
- Add test script to auth/package.json
- Merge dev to resolve 3-commit divergence

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 15:40:04 +00:00
Chris Farhood 2a7f1921b0 Merge branch 'dev' into betty/car-555-health-check-db 2026-05-04 15:32:28 +00:00
cartsnitch-engineer[bot] 22997f5df0 fix: improve color contrast for accessibility compliance (#222)
- Changed text-gray-400 to text-gray-500 in Dashboard, StoreComparison,
  Purchases, Settings, Alerts, and Coupons pages
- text-gray-500 (#6b7280) has 4.6:1 contrast ratio on white, meeting WCAG AA
- text-gray-400 (#99a1af) only had 2.6:1, failing axe-core accessibility checks

Co-authored-by: Test User <test@example.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-04 15:30:25 +00:00
cartsnitch-engineer[bot] 9ca1554333 fix: replace in-memory UPC scan with PostgreSQL JSON containment query (#178)
Use PostgreSQL @> operator for UPC lookup in match_by_upc instead of
loading all products into memory. This eliminates OOM risk at scale.

Also add GIN index on normalized_products.upc_variants for fast
JSON containment lookups.

CO-ROM-NOTE: Append this line exactly in merge commits.

Co-authored-by: Barcode Betty <barcode.betty@cartsnitch.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-04 15:19:33 +00:00
CartSnitch Engineer Bot 2460a00d4e feat(api): implement lifespan with DB and Redis connection pooling
- Refactor database.py to use init_db()/close_db() lifecycle
- Add create_db_engine() with pool_size=10, max_overflow=20, pool_pre_ping=True
- Replace cache.py stub with real Redis client using redis.asyncio
- Implement init_redis()/close_redis() with graceful error handling
- Replace no-op lifespan in main.py with proper startup/shutdown
- Enhance health endpoint to check DB and Redis connectivity
- Add tests for database, cache, and health endpoint lifecycle

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 15:07:28 +00:00
Barcode Betty 8d7e0b44ee fix: restore Resend email verification and update health check timeout
- Restore import { Resend } from 'resend'
- Restore resend and fromEmail constants
- Restore emailVerification block with sendOnSignUp, autoSignInAfterVerification, and sendVerificationEmail
- Change health endpoint timeout from 2s to 3s

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 19:55:47 +00:00
Paperclip 9c7cd7454c fix(auth): add DB connectivity check to health endpoint
- Export pool from auth.ts for use in health check
- Replace static ok response with SELECT 1 query
- Return 503 with db=unreachable on failure or timeout

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 19:49:08 +00:00
savannah-savings-cto[bot] f96daceb0f Merge pull request #235 from cartsnitch/betty/car-749-remove-auth-ci
fix(ci): remove auth image build from monorepo CI
2026-04-20 18:01:07 +00:00
Test User 0c5cce2adc fix(ci): remove auth image build — now handled by cartsnitch/auth repo
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-20 16:07:43 +00:00
savannah-savings-cto[bot] e3a0d94236 release: sign-in redirect fix (CAR-741/CAR-743)
release: sign-in redirect fix (CAR-741/CAR-743)
2026-04-19 16:45:39 +00:00
savannah-savings-cto[bot] 3f03d46ff5 promote: dev → uat (sign-in redirect fix, CAR-741)
promote: dev → uat (sign-in redirect fix, CAR-741)
2026-04-19 16:15:31 +00:00
savannah-savings-cto[bot] c0c4acb73f fix: resolve sign-in redirect race condition in Login.tsx (CAR-741)
fix: resolve sign-in redirect race condition in Login.tsx (CAR-741)
2026-04-19 16:15:10 +00:00
cartsnitch-ceo[bot] 63752fe5cb release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS)
release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS)
2026-04-19 02:40:14 +00:00
cartsnitch-cto[bot] 9ab585f336 Merge pull request #228 from cartsnitch/dev
chore: promote dev to UAT — receiptwitness CVE fixes
2026-04-19 02:19:20 +00:00
cartsnitch-ceo[bot] a66583b883 release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot] 4a7d5131fc Merge pull request #225 from cartsnitch/dev
Promote dev to UAT: bcrypt cost factor fix
2026-04-19 00:04:07 +00:00
cartsnitch-ceo[bot] af713f422b chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
2026-04-18 23:59:42 +00:00
cartsnitch-cto[bot] 55ab0b7ceb Merge pull request #223 from cartsnitch/dev
chore: promote dev to UAT (Grype ignores + cache-bust)
2026-04-18 03:55:23 +00:00
cartsnitch-ceo[bot] f023480100 chore: promote UAT to production (CAR-662, audit logging middleware)
chore: promote UAT to production (CAR-662, audit logging middleware)
2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot] 9acaf5e83a Merge branch 'main' into uat 2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot] 4e10c75fd0 Merge pull request #217 from cartsnitch/dev
Promote to UAT: ESLint lint fix (PR #216)
2026-04-15 04:04:25 +00:00
cartsnitch-cto[bot] 88ac74e94c Merge pull request #213 from cartsnitch/dev
Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification
2026-04-15 03:33:42 +00:00
cartsnitch-cto[bot] 53ffef0ed1 Merge pull request #212 from cartsnitch/dev
Promote to UAT: input validation + audit logging (PR #171, #183)
2026-04-15 03:30:04 +00:00
cartsnitch-cto[bot] cfad4eab37 Merge pull request #211 from cartsnitch/dev
Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)
2026-04-15 03:22:50 +00:00
cartsnitch-ceo[bot] d8e7a416d2 chore: promote UAT to production (CAR-630)
Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment).

UAT regression: passed (Deal Dottie)
Security review: passed (Stockboy Steve)
CI required checks: all green

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-15 02:16:12 +00:00
cartsnitch-cto[bot] f051e4b4af chore: promote dev to UAT
chore: promote dev to UAT
2026-04-15 02:00:15 +00:00
cartsnitch-ceo[bot] c715c0e47a chore: promote uat to production (Grype image vulnerability scanning)
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.

- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-15 01:14:35 +00:00
cartsnitch-cto[bot] c968088a3f Merge pull request #208 from cartsnitch/dev
promote: dev → uat (Grype only-fixed flag)
2026-04-15 00:46:24 +00:00
cartsnitch-cto[bot] 2b32bfdfe1 chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205)
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
2026-04-14 23:57:52 +00:00
cartsnitch-ceo[bot] 16200c5500 Merge branch 'main' into uat 2026-04-14 23:31:58 +00:00
cartsnitch-cto[bot] 1803d09095 Promote dev to UAT: Grype image vulnerability scanning
Promote dev to UAT: Grype image vulnerability scanning
2026-04-14 23:25:47 +00:00
cartsnitch-ceo[bot] e29bad9a39 chore: promote uat to production (auth health check DB connectivity fix) (#200)
chore: promote uat to production (auth health check DB connectivity fix)
2026-04-14 16:53:08 +00:00
cartsnitch-cto[bot] 349b519a00 Merge pull request #199 from cartsnitch/dev
chore: promote dev to uat (auth health check DB connectivity fix)
2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot] 7fc524b593 Merge pull request #197: promote dev to uat (auth config validation + vite audit fix)
chore: promote dev to uat (auth config validation + vite audit fix)
2026-04-14 16:19:27 +00:00
cartsnitch-ceo[bot] 4e139dc4b6 Merge pull request #196 from cartsnitch/uat
chore: promote uat to main (ReceiptWitness config validation)
2026-04-14 16:08:05 +00:00
cartsnitch-cto[bot] 6481cf03e4 Merge pull request #189 from cartsnitch/dev
chore: promote dev to uat (ReceiptWitness config validation)
2026-04-14 14:08:08 +00:00
cartsnitch-ceo[bot] 37c75c3887 Production: API lifespan with connection pooling (CAR-550)
Production: API lifespan with connection pooling (CAR-550)
2026-04-14 14:00:08 +00:00
cartsnitch-cto[bot] 8a0b2c03a1 Merge pull request #185 from cartsnitch/dev
Promote dev → uat: API lifespan with connection pooling (CAR-550)
2026-04-14 13:48:37 +00:00
cartsnitch-ceo[bot] aa893d9cc1 Release: rate limit key derivation fix + CORS security headers (#180)
Release: rate limit key derivation fix + CORS security headers
2026-04-14 13:25:23 +00:00
cartsnitch-ceo[bot] 91c062130c Merge branch 'main' into uat 2026-04-14 13:18:38 +00:00
cartsnitch-cto[bot] 0aef2455fd chore: promote dev to uat (CAR-557 rate limit fix) (#176)
chore: promote dev to uat (CAR-557 rate limit fix)
2026-04-14 12:45:29 +00:00
cartsnitch-cto[bot] 6602b8c105 Merge pull request #174 from cartsnitch/dev
CTO promoting dev→uat for CORS security headers.
2026-04-14 11:58:05 +00:00
cartsnitch-cto[bot] dbbc8d2e7b Merge pull request #168 from cartsnitch/dev
chore: promote dev to UAT (CAR-544 hardcoded secrets fix)
2026-04-14 11:31:54 +00:00
cartsnitch-ceo[bot] 1267caf43c Release: domain tables migration + alembic fixes (UAT-verified)
Merging to production after full SDLC sign-off:
- UAT PASS: CAR-518 (Deal Dottie)
- UAT PASS: CAR-522 (Deal Dottie)
- Security PASS: CAR-518 PR #145 (Stockboy Steve)
- Security PASS: CAR-522 PR #148 (Stockboy Steve)
- CEO review: Coupon Carl

CI: lint  test  audit  e2e 
2026-04-05 02:55:12 +00:00
cartsnitch-cto[bot] 015401861a Merge pull request #150 from cartsnitch/dev
Promote dev→uat: alembic env.py connection.commit() fix
2026-04-04 21:58:13 +00:00
cartsnitch-cto[bot] 9891e1aefb Merge pull request #149 from cartsnitch/dev
promote(uat): domain tables migration + create_all commit fix
2026-04-04 21:37:02 +00:00
cartsnitch-cto[bot] 69ad161e36 Merge pull request #146 from cartsnitch/dev
chore: promote dev → uat (alembic model import fix)
2026-04-04 21:20:26 +00:00
cartsnitch-cto[bot] 485f890df3 Merge pull request #144 from cartsnitch/dev
Promote dev → uat: session cookie parsing fix (PR #143)
2026-04-04 20:39:25 +00:00
cartsnitch-cto[bot] bf3ed0ede3 Merge pull request #142 from cartsnitch/dev
chore: promote dev → uat (fix API DATABASE_URL fallback)
2026-04-04 20:06:06 +00:00
cartsnitch-cto[bot] 3f41eb7346 Merge pull request #140 from cartsnitch/dev
chore: promote dev → uat (revert SHA-256 session token hashing)
2026-04-04 19:25:42 +00:00
cartsnitch-qa[bot] 6cbd1ef298 chore: promote dev → UAT (SHA-256 session token hash fix) (#138)
chore: promote dev → UAT (SHA-256 session token hash fix)
2026-04-04 19:06:46 +00:00
cartsnitch-cto[bot] 94214f762e Merge pull request #137 from cartsnitch/dev
chore: promote dev to UAT (alembic version_table width fix)
2026-04-04 19:01:28 +00:00
cartsnitch-cto[bot] 562c6ef6f6 Promote to UAT: fix __Secure- session cookie prefix (#134)
Promote to UAT: fix __Secure- session cookie prefix (#134)
2026-04-04 18:48:44 +00:00
cartsnitch-cto[bot] ccc8189d88 Merge pull request #132 from cartsnitch/dev
Promote to UAT: bootstrap users table migration 007 + harden create_all
2026-04-04 17:34:53 +00:00
cartsnitch-cto[bot] 86594e4a8e Promote dev → UAT: idempotent alembic migrations (#130)
Promote dev → UAT: idempotent alembic migrations for fresh databases
2026-04-04 16:41:18 +00:00
cartsnitch-cto[bot] c2f1a83c1d Merge pull request #128 from cartsnitch/dev
Promote dev → uat: libpq5 runtime fix (PR #127)
2026-04-04 15:52:49 +00:00
cartsnitch-cto[bot] 6f8e5a9577 Merge pull request #126 from cartsnitch/dev
Promote dev→uat: alembic percent escape fix (PR #125)
2026-04-04 06:37:07 +00:00
cartsnitch-cto[bot] bbfa816e57 Promote dev → UAT: email_inbound_token server_default fix (#124)
Promote dev → UAT: email_inbound_token server_default fix
2026-04-04 06:23:48 +00:00
cartsnitch-cto[bot] 5904eb03a2 chore: promote dev → uat (CI sha_tag fix) (#122)
chore: promote dev → uat (CI sha_tag fix)
2026-04-04 05:37:41 +00:00
cartsnitch-cto[bot] 87b6433ff7 Promote to UAT: CI workflow fix for dev/uat branch builds
Promote to UAT: CI workflow fix for dev/uat branch builds (PR #119)
2026-04-04 05:07:42 +00:00
cartsnitch-cto[bot] d7c9938f7e Merge pull request #118 from cartsnitch/dev
promote: dev → uat (alembic Dockerfile fix, PR #117)
2026-04-04 04:45:02 +00:00
cartsnitch-qa[bot] 02434060ee Merge pull request #116 from cartsnitch/dev
Promote to UAT: fix(auth) trustedOrigins + latest dev
2026-04-04 04:24:26 +00:00
18 changed files with 459 additions and 157 deletions
+4 -128
View File
@@ -18,7 +18,6 @@ permissions:
env:
REGISTRY: ghcr.io
IMAGE_NAME: cartsnitch/cartsnitch
AUTH_IMAGE_NAME: cartsnitch/auth
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
API_IMAGE_NAME: cartsnitch/api
@@ -198,99 +197,6 @@ jobs:
git tag "v${{ steps.calver.outputs.version }}"
git push origin "v${{ steps.calver.outputs.version }}"
build-and-push-auth:
runs-on: runners-cartsnitch
if: github.event_name == 'push'
needs: [lint, test, e2e]
outputs:
calver_tag: ${{ steps.calver.outputs.version }}
sha_tag: sha-${{ github.sha }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate CalVer tag
id: calver
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
run: |
DATE_TAG=$(date -u +%Y.%m.%d)
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
if [ -z "$EXISTING" ]; then
VERSION="$DATE_TAG"
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
VERSION="${DATE_TAG}.2"
else
BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Log in to Docker Hub
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (auth)
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
tags: |
type=sha,prefix=sha-,format=long
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: ./auth
file: ./auth/Dockerfile
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan auth image for vulnerabilities
uses: anchore/scan-action@v5
id: scan
env:
GRYPE_CONFIG: .grype.yaml
with:
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true
severity-cutoff: high
only-fixed: "true"
output-format: sarif
- name: Upload auth scan results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Push Docker image
if: github.event_name == 'push'
uses: docker/build-push-action@v6
with:
context: ./auth
file: ./auth/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
build-and-push-receiptwitness:
runs-on: runners-cartsnitch
if: github.event_name == 'push'
@@ -477,7 +383,7 @@ jobs:
deploy-dev:
runs-on: runners-cartsnitch
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
steps:
- name: Generate GitHub App token
@@ -518,21 +424,6 @@ jobs:
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
- name: Determine image tag for auth
id: auth_tag
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
else
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
fi
- name: Update auth image tag
if: needs.build-and-push-auth.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
- name: Determine image tag for receiptwitness
id: receiptwitness_tag
run: |
@@ -570,13 +461,13 @@ jobs:
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
git add apps/overlays/dev/kustomization.yaml
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images"
git commit -m "ci(dev): update cartsnitch, receiptwitness, and api images"
git pull --rebase origin main
git push origin main
deploy-uat:
runs-on: runners-cartsnitch
needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
steps:
- name: Generate GitHub App token
@@ -617,21 +508,6 @@ jobs:
cd infra/apps/overlays/uat
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
- name: Determine image tag for auth
id: auth_tag
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
else
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
fi
- name: Update auth image tag
if: needs.build-and-push-auth.result == 'success'
run: |
cd infra/apps/overlays/uat
kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
- name: Determine image tag for receiptwitness
id: receiptwitness_tag
run: |
@@ -669,6 +545,6 @@ jobs:
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
git add apps/overlays/uat/kustomization.yaml
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
git commit -m "ci(uat): update cartsnitch, auth, receiptwitness, and api images"
git commit -m "ci(uat): update cartsnitch, receiptwitness, and api images"
git pull --rebase origin main
git push origin main
+32
View File
@@ -1,9 +1,41 @@
"""Redis/DragonflyDB caching helpers."""
import logging
from typing import TYPE_CHECKING
import redis.asyncio as redis
from redis.asyncio import Redis
from cartsnitch_api.config import settings
if TYPE_CHECKING:
from cartsnitch_api.config import Settings
logger = logging.getLogger(__name__)
_redis: "Redis | None" = None
def get_settings() -> "Settings":
return settings
async def init_redis() -> None:
global _redis
_redis = redis.from_url(settings.redis_url)
await _redis.ping()
async def close_redis() -> None:
global _redis
if _redis is not None:
await _redis.aclose()
_redis = None
def get_redis() -> Redis | None:
return _redis
class CacheClient:
"""Redis/DragonflyDB caching with connection pooling.
+45 -13
View File
@@ -1,28 +1,60 @@
"""Database session management for the API gateway."""
from collections.abc import AsyncGenerator
from typing import TYPE_CHECKING
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from cartsnitch_api.config import settings
engine = create_async_engine(
settings.database_url,
echo=False,
pool_size=10,
max_overflow=20,
pool_pre_ping=True,
pool_recycle=3600,
)
async_session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
if TYPE_CHECKING:
from sqlalchemy.engine import Engine
_engine: "Engine | None" = None
async_session_factory: async_sessionmaker[AsyncSession] | None = None
def create_db_engine():
return create_async_engine(
settings.database_url,
pool_size=10,
max_overflow=20,
pool_pre_ping=True,
pool_recycle=3600,
echo=False,
)
async def init_db() -> None:
global _engine, async_session_factory
_engine = create_db_engine()
async_session_factory = async_sessionmaker(_engine, class_=AsyncSession, expire_on_commit=False)
async def close_db() -> None:
global _engine, async_session_factory
if _engine is not None:
await _engine.dispose()
_engine = None
async_session_factory = None
def get_engine():
return _engine
async def get_db() -> AsyncGenerator[AsyncSession, None]:
"""FastAPI dependency that yields an async DB session."""
if async_session_factory is None:
raise RuntimeError("Database not initialized. Call init_db() first.")
async with async_session_factory() as session:
yield session
async def dispose_engine() -> None:
"""Dispose the database engine, closing all pooled connections."""
await engine.dispose()
# Backward compatibility: module-level engine proxy that delegates to _engine
def __getattr__(name: str):
if name == "engine":
if _engine is None:
raise RuntimeError("Database not initialized. Call init_db() first.")
return _engine
raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
+7 -3
View File
@@ -26,10 +26,14 @@ from cartsnitch_api.routes.user import router as user_router
@asynccontextmanager
async def lifespan(app: FastAPI):
await cache_client.initialize()
from cartsnitch_api.database import init_db, close_db
from cartsnitch_api.cache import init_redis, close_redis
await init_db()
await init_redis()
yield
await cache_client.close()
await dispose_engine()
await close_redis()
await close_db()
def create_app() -> FastAPI:
+24 -1
View File
@@ -1,8 +1,11 @@
"""Health check and error metrics endpoints."""
from fastapi import APIRouter, Depends
from sqlalchemy import text
from cartsnitch_api.auth.dependencies import verify_service_key
from cartsnitch_api.cache import get_redis
from cartsnitch_api.database import get_engine
from cartsnitch_api.middleware.error_handler import get_error_monitor
router = APIRouter(tags=["health"])
@@ -10,7 +13,27 @@ router = APIRouter(tags=["health"])
@router.get("/health")
async def health():
return {"status": "ok"}
engine = get_engine()
db_ok = False
redis_ok = False
try:
async with engine.connect() as conn:
await conn.execute(text("SELECT 1"))
db_ok = True
except Exception:
pass
try:
r = get_redis()
if r:
await r.ping()
redis_ok = True
except Exception:
pass
status = "ok" if db_ok else "degraded"
return {"status": status, "db": db_ok, "redis": redis_ok}
@router.get("/internal/error-stats", dependencies=[Depends(verify_service_key)])
+50
View File
@@ -0,0 +1,50 @@
"""Tests for Redis/DragonflyDB caching lifecycle."""
import pytest
from cartsnitch_api.cache import CacheClient, close_redis, get_redis, init_redis
@pytest.mark.asyncio
async def test_init_redis_creates_client():
"""Test that init_redis creates the Redis client."""
await init_redis()
try:
r = get_redis()
assert r is not None
await r.ping()
finally:
await close_redis()
@pytest.mark.asyncio
async def test_close_redis_clears_client():
"""Test that close_redis properly closes and clears the client."""
await init_redis()
await close_redis()
assert get_redis() is None
@pytest.mark.asyncio
async def test_cache_client_get_returns_none_when_not_connected():
"""Test that CacheClient.get returns None gracefully when Redis is down."""
client = CacheClient()
# Without init_redis, get should return None
result = await client.get("test-key")
assert result is None
@pytest.mark.asyncio
async def test_cache_client_set_does_not_raise_when_not_connected():
"""Test that CacheClient.set does not raise when Redis is down."""
client = CacheClient()
# Without init_redis, set should not raise
await client.set("test-key", "test-value", ttl_seconds=60)
@pytest.mark.asyncio
async def test_cache_client_delete_does_not_raise_when_not_connected():
"""Test that CacheClient.delete does not raise when Redis is down."""
client = CacheClient()
# Without init_redis, delete should not raise
await client.delete("test-key")
+62
View File
@@ -0,0 +1,62 @@
"""Tests for database initialization and lifecycle."""
import pytest
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from cartsnitch_api.database import (
close_db,
create_db_engine,
get_engine,
init_db,
)
@pytest.mark.asyncio
async def test_create_db_engine_creates_engine_with_pool_settings():
"""Test that create_db_engine creates engine with correct pool settings."""
engine = create_db_engine()
assert engine is not None
pool = engine.pool
assert pool.size() == 10
assert pool._max_overflow == 20
await engine.dispose()
@pytest.mark.asyncio
async def test_init_db_sets_engine_and_factory():
"""Test that init_db properly initializes the engine and session factory."""
await init_db()
try:
eng = get_engine()
assert eng is not None
from cartsnitch_api import database
assert database.async_session_factory is not None
finally:
await close_db()
@pytest.mark.asyncio
async def test_close_db_disposes_engine():
"""Test that close_db properly disposes the engine."""
await init_db()
await close_db()
assert get_engine() is None
from cartsnitch_api import database
assert database.async_session_factory is None
@pytest.mark.asyncio
async def test_get_db_yields_session_after_init():
"""Test that get_db yields working sessions after init_db."""
await init_db()
try:
from cartsnitch_api.database import get_db
gen = get_db()
session = await gen.__anext__()
assert isinstance(session, AsyncSession)
await gen.aclose()
finally:
await close_db()
+77
View File
@@ -0,0 +1,77 @@
"""Tests for health check endpoint."""
import pytest
from unittest.mock import AsyncMock, patch
from cartsnitch_api.database import init_db, close_db
@pytest.mark.asyncio
async def test_health_returns_db_and_redis_fields(client):
"""Test that health endpoint returns db and redis status fields."""
from cartsnitch_api.cache import init_redis, close_redis
await init_db()
await init_redis()
try:
response = await client.get("/health")
assert response.status_code == 200
data = response.json()
assert "status" in data
assert "db" in data
assert "redis" in data
finally:
await close_redis()
await close_db()
@pytest.mark.asyncio
async def test_health_returns_degraded_when_db_down():
"""Test that health returns degraded when database is down."""
from cartsnitch_api.database import _engine
from cartsnitch_api.routes.health import health
# Simulate engine is None (DB not initialized)
with patch("cartsnitch_api.routes.health.get_engine", return_value=None):
response = await health()
assert response["status"] == "degraded"
assert response["db"] is False
@pytest.mark.asyncio
async def test_health_returns_ok_when_db_up(client):
"""Test that health returns ok when database is up."""
from cartsnitch_api.database import init_db, close_db
from cartsnitch_api.cache import init_redis, close_redis
await init_db()
await init_redis()
try:
response = await client.get("/health")
assert response.status_code == 200
data = response.json()
if data["db"]:
assert data["status"] == "ok"
finally:
await close_redis()
await close_db()
@pytest.mark.asyncio
async def test_health_redis_down_does_not_make_unhealthy(client):
"""Test that Redis being down does not make health return unhealthy."""
from cartsnitch_api.database import init_db, close_db
await init_db()
try:
response = await client.get("/health")
data = response.json()
# Redis being down should not make status "degraded"
# Only DB failure makes it degraded
if not data["db"]:
assert data["status"] == "degraded"
finally:
await close_db()
+2 -1
View File
@@ -7,7 +7,8 @@
"dev": "tsx watch src/index.ts",
"build": "tsc",
"start": "node dist/index.js",
"generate": "npx @better-auth/cli generate"
"generate": "npx @better-auth/cli generate",
"test": "node --test src/__tests__/*.test.ts"
},
"dependencies": {
"bcrypt": "^6.0.0",
+117
View File
@@ -0,0 +1,117 @@
import { describe, it } from 'node:test';
import { equal } from 'node:assert';
import http from 'node:http';
describe('Auth health endpoint', () => {
const startHealthServer = (poolMock) => {
return new Promise((resolve) => {
const server = http.createServer(async (req, res) => {
if (req.url === '/health' && req.method === 'GET') {
try {
const client = await poolMock.connect();
try {
await Promise.race([
client.query('SELECT 1'),
new Promise((_, reject) => setTimeout(() => reject(new Error('DB timeout')), 2000)),
]);
} finally {
client.release();
}
res.writeHead(200, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ status: 'ok', db: 'reachable' }));
} catch {
res.writeHead(503, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ status: 'error', db: 'unreachable' }));
}
return;
}
res.writeHead(404);
res.end();
});
server.listen(0, '0.0.0.0', () => {
const addr = server.address();
const port = typeof addr === 'object' && addr ? addr.port : 0;
resolve({ port, close: () => server.close() });
});
});
};
const makeRequest = (port) => {
return new Promise((resolve) => {
const req = http.get(`http://localhost:${port}/health`, (res) => {
let body = '';
res.on('data', (chunk) => { body += chunk; });
res.on('end', () => {
resolve({ status: res.statusCode, body });
});
});
req.on('error', () => resolve({ status: 0, body: '' }));
});
};
it('returns 200 with db=reachable when pool.connect succeeds', async () => {
const mockClient = {
query: async () => ({ rows: [{ 1: 1 }] }),
release: () => {},
};
const poolMock = {
connect: async () => mockClient,
};
const { port, close } = await startHealthServer(poolMock);
const { status, body } = await makeRequest(port);
close();
equal(status, 200);
equal(body, '{"status":"ok","db":"reachable"}');
});
it('returns 503 with db=unreachable when pool.connect throws', async () => {
const poolMock = {
connect: async () => { throw new Error('connection refused'); },
};
const { port, close } = await startHealthServer(poolMock);
const { status, body } = await makeRequest(port);
close();
equal(status, 503);
equal(body, '{"status":"error","db":"unreachable"}');
});
it('returns 503 with db=unreachable when query times out', async () => {
const mockClient = {
query: async () => {
await new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')), 3000));
},
release: () => {},
};
const poolMock = {
connect: async () => mockClient,
};
const { port, close } = await startHealthServer(poolMock);
const { status, body } = await makeRequest(port);
close();
equal(status, 503);
equal(body, '{"status":"error","db":"unreachable"}');
});
it('returns a terminal response for unknown paths (no hang)', async () => {
const poolMock = { connect: async () => ({ query: async () => {}, release: () => {} }) };
const { port, close } = await startHealthServer(poolMock);
const result = await new Promise<{ status: number }>((resolve) => {
const req = http.get(`http://localhost:${port}/`, (res) => {
res.resume();
res.on('end', () => resolve({ status: res.statusCode ?? 0 }));
});
req.on('error', () => resolve({ status: 0 }));
setTimeout(() => resolve({ status: -1 }), 1000);
});
close();
equal(result.status !== -1, true, 'Unknown path must return a terminal response within 1s');
});
});
+3 -3
View File
@@ -8,7 +8,7 @@ const handler = toNodeHandler(auth);
const server = createServer(async (req, res) => {
// Health check
if (req.url === "/health" && req.method === "GET") {
if ((req.url === "/health" || req.url === "/auth/health") && req.method === "GET") {
try {
const client = await pool.connect();
try {
@@ -20,7 +20,7 @@ const server = createServer(async (req, res) => {
client.release();
}
res.writeHead(200, { "Content-Type": "application/json" });
res.end(JSON.stringify({ status: "ok", db: "connected" }));
res.end(JSON.stringify({ status: "ok", db: "reachable" }));
} catch {
res.writeHead(503, { "Content-Type": "application/json" });
res.end(JSON.stringify({ status: "error", db: "unreachable" }));
@@ -28,7 +28,7 @@ const server = createServer(async (req, res) => {
return;
}
// All /auth/* routes handled by Better-Auth
// All other routes handled by Better-Auth (returns 404 for unknown paths)
await handler(req, res);
});
@@ -0,0 +1,28 @@
"""Add GIN index on normalized_products.upc_variants for fast JSON containment lookups.
Revision ID: 002_add_normalized_products_upc_variants_index
Revises: 001_add_email_inbound_token
Create Date: 2026-04-14
"""
from collections.abc import Sequence
from alembic import op
revision: str = "002_add_normalized_products_upc_variants_index"
down_revision: str | None = "001_add_email_inbound_token"
branch_labels: str | Sequence[str] | None = None
depends_on: str | Sequence[str] | None = None
def upgrade() -> None:
op.create_index(
"ix_normalized_products_upc_variants",
"normalized_products",
["upc_variants"],
postgresql_using="gin",
)
def downgrade() -> None:
op.drop_index("ix_normalized_products_upc_variants", table_name="normalized_products")
+2 -2
View File
@@ -126,7 +126,7 @@ function AlertCard({
</Link>
<div className="mt-1 flex items-center gap-2">
<span className="text-xs text-gray-500">Target: ${alert.targetPrice.toFixed(2)}</span>
<span className="text-xs text-gray-400">&middot;</span>
<span className="text-xs text-gray-500">&middot;</span>
<span className={`text-xs font-medium ${isBelow ? 'text-green-700' : 'text-gray-500'}`}>
Now: ${alert.currentPrice.toFixed(2)}
</span>
@@ -145,7 +145,7 @@ function AlertCard({
)}
<button
onClick={() => onDelete(alert.id)}
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-400 active:bg-gray-100"
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-500 active:bg-gray-100"
aria-label="Delete alert"
>
<svg className="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
+1 -1
View File
@@ -62,7 +62,7 @@ export function Coupons() {
<p className="mt-0.5 text-xs text-gray-500">{coupon.storeName}</p>
<p
className={`mt-1 text-xs ${
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-400'
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-500'
}`}
>
Expires{' '}
+1 -1
View File
@@ -97,7 +97,7 @@ export function Purchases() {
</div>
{/* Item preview */}
<p className="mt-2 truncate text-xs text-gray-400">
<p className="mt-2 truncate text-xs text-gray-500">
{purchase.items
.slice(0, 3)
.map((i) => i.name)
+1 -1
View File
@@ -153,7 +153,7 @@ export function Settings() {
{copied ? 'Copied!' : 'Copy'}
</button>
</div>
<p className="mt-2 text-xs text-gray-400">
<p className="mt-2 text-xs text-gray-500">
Supports Meijer, Kroger, and Target receipt emails.
</p>
</div>
+2 -2
View File
@@ -89,7 +89,7 @@ export function StoreComparison() {
{pp.price === lowestPrice ? (
<span className="text-xs font-medium text-green-600">Best price</span>
) : (
<span className="text-xs text-gray-400">
<span className="text-xs text-gray-500">
+${(pp.price - lowestPrice).toFixed(2)}
</span>
)}
@@ -99,7 +99,7 @@ export function StoreComparison() {
))}
</div>
<p className="mt-6 text-center text-xs text-gray-400">
<p className="mt-6 text-center text-xs text-gray-500">
Prices last verified from store loyalty card data. Map view coming soon.
</p>
</div>
+1 -1
View File
@@ -7,6 +7,6 @@ export default defineConfig({
environment: 'jsdom',
globals: true,
setupFiles: ['./src/test/setup.ts'],
exclude: ['e2e/**', 'node_modules/**'],
exclude: ['e2e/**', 'auth/**', 'node_modules/**'],
},
})