forked from cartsnitch/cartsnitch
Compare commits
9 Commits
v2026.04.03.2
...
pr108
| Author | SHA1 | Date | |
|---|---|---|---|
| d0c31ffc26 | |||
| c8de30ec6e | |||
| 5e763bcb6d | |||
| c1dc3e77e0 | |||
| 1af98c40ab | |||
| 1aaa8e78fd | |||
| c3bfd3560b | |||
| d52fb83296 | |||
| 7c45b04dce |
@@ -18,6 +18,7 @@ from cartsnitch_api.routes.purchases import router as purchases_router
|
|||||||
from cartsnitch_api.routes.scraping import router as scraping_router
|
from cartsnitch_api.routes.scraping import router as scraping_router
|
||||||
from cartsnitch_api.routes.shopping import router as shopping_router
|
from cartsnitch_api.routes.shopping import router as shopping_router
|
||||||
from cartsnitch_api.routes.stores import router as stores_router
|
from cartsnitch_api.routes.stores import router as stores_router
|
||||||
|
from cartsnitch_api.routes.user import router as user_router
|
||||||
|
|
||||||
|
|
||||||
@asynccontextmanager
|
@asynccontextmanager
|
||||||
@@ -49,6 +50,7 @@ def create_app() -> FastAPI:
|
|||||||
|
|
||||||
# Data endpoints mounted under /api/v1
|
# Data endpoints mounted under /api/v1
|
||||||
v1_router = APIRouter(prefix="/api/v1")
|
v1_router = APIRouter(prefix="/api/v1")
|
||||||
|
v1_router.include_router(user_router)
|
||||||
v1_router.include_router(stores_router)
|
v1_router.include_router(stores_router)
|
||||||
v1_router.include_router(purchases_router)
|
v1_router.include_router(purchases_router)
|
||||||
v1_router.include_router(products_router)
|
v1_router.include_router(products_router)
|
||||||
|
|||||||
@@ -0,0 +1,26 @@
|
|||||||
|
"""User routes: per-user account endpoints (email-in address, etc.)."""
|
||||||
|
|
||||||
|
from fastapi import APIRouter, Depends, HTTPException, status
|
||||||
|
from sqlalchemy.ext.asyncio import AsyncSession
|
||||||
|
|
||||||
|
from cartsnitch_api.auth.dependencies import get_current_user
|
||||||
|
from cartsnitch_api.database import get_db
|
||||||
|
from cartsnitch_api.schemas import EmailInAddressResponse
|
||||||
|
from cartsnitch_api.services.auth import AuthService
|
||||||
|
|
||||||
|
router = APIRouter(tags=["user"])
|
||||||
|
|
||||||
|
|
||||||
|
@router.get("/me/email-in-address", response_model=EmailInAddressResponse)
|
||||||
|
async def get_email_in_address(
|
||||||
|
user_id: str = Depends(get_current_user),
|
||||||
|
db: AsyncSession = Depends(get_db),
|
||||||
|
):
|
||||||
|
svc = AuthService(db)
|
||||||
|
try:
|
||||||
|
email_address = await svc.get_email_in_address(user_id)
|
||||||
|
return EmailInAddressResponse(email_address=email_address)
|
||||||
|
except LookupError:
|
||||||
|
raise HTTPException(
|
||||||
|
status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
|
||||||
|
) from None
|
||||||
@@ -1,6 +1,7 @@
|
|||||||
"""Pydantic v2 request/response schemas for all API endpoints."""
|
"""Pydantic v2 request/response schemas for all API endpoints."""
|
||||||
|
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from uuid import UUID
|
||||||
|
|
||||||
from pydantic import BaseModel, EmailStr, Field
|
from pydantic import BaseModel, EmailStr, Field
|
||||||
|
|
||||||
@@ -21,6 +22,10 @@ class UserResponse(BaseModel):
|
|||||||
created_at: datetime
|
created_at: datetime
|
||||||
|
|
||||||
|
|
||||||
|
class EmailInAddressResponse(BaseModel):
|
||||||
|
email_address: str
|
||||||
|
|
||||||
|
|
||||||
# ---------- Stores ----------
|
# ---------- Stores ----------
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -66,3 +66,14 @@ class AuthService:
|
|||||||
|
|
||||||
await self.db.delete(user)
|
await self.db.delete(user)
|
||||||
await self.db.commit()
|
await self.db.commit()
|
||||||
|
|
||||||
|
async def get_email_in_address(self, user_id: str) -> str:
|
||||||
|
"""Return the per-user email-in address for receipt forwarding."""
|
||||||
|
from cartsnitch_api.models import User
|
||||||
|
|
||||||
|
result = await self.db.execute(select(User).where(User.id == user_id))
|
||||||
|
user = result.scalar_one_or_none()
|
||||||
|
if not user:
|
||||||
|
raise LookupError("User not found")
|
||||||
|
|
||||||
|
return f"{user.email_inbound_token}@email.cartsnitch.com"
|
||||||
|
|||||||
Generated
+548
-650
File diff suppressed because it is too large
Load Diff
+4
-1
@@ -50,6 +50,9 @@
|
|||||||
"overrides": {
|
"overrides": {
|
||||||
"@rollup/pluginutils": "5.3.0",
|
"@rollup/pluginutils": "5.3.0",
|
||||||
"flatted": "^3.4.2",
|
"flatted": "^3.4.2",
|
||||||
"serialize-javascript": "7.0.5"
|
"serialize-javascript": "7.0.5",
|
||||||
|
"brace-expansion": ">=1.1.13",
|
||||||
|
"lodash": ">=4.17.24",
|
||||||
|
"minimatch": "^10.2.4"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,7 +17,11 @@ TOKEN_PATTERN = re.compile(r"receipts\+([A-Za-z0-9_-]+)@")
|
|||||||
|
|
||||||
def verify_mailgun_signature(token: str, timestamp: str, signature: str) -> bool:
|
def verify_mailgun_signature(token: str, timestamp: str, signature: str) -> bool:
|
||||||
"""Verify Mailgun webhook signature."""
|
"""Verify Mailgun webhook signature."""
|
||||||
if abs(time.time() - int(timestamp)) > 300: # 5 min freshness
|
try:
|
||||||
|
ts = int(timestamp)
|
||||||
|
except (ValueError, TypeError):
|
||||||
|
return False
|
||||||
|
if abs(time.time() - ts) > 300: # 5 min freshness
|
||||||
return False
|
return False
|
||||||
key = settings.mailgun_webhook_signing_key.encode()
|
key = settings.mailgun_webhook_signing_key.encode()
|
||||||
hmac_digest = hmac.new(key, f"{timestamp}{token}".encode(), hashlib.sha256).hexdigest()
|
hmac_digest = hmac.new(key, f"{timestamp}{token}".encode(), hashlib.sha256).hexdigest()
|
||||||
|
|||||||
@@ -99,3 +99,27 @@ def test_stale_timestamp(client, mock_redis):
|
|||||||
assert response.status_code == 406
|
assert response.status_code == 406
|
||||||
assert response.json()["detail"] == "Invalid signature"
|
assert response.json()["detail"] == "Invalid signature"
|
||||||
mock_redis["enqueue"].assert_not_awaited()
|
mock_redis["enqueue"].assert_not_awaited()
|
||||||
|
|
||||||
|
|
||||||
|
def test_invalid_timestamp_returns_406(client, mock_redis):
|
||||||
|
"""Empty timestamp should return 406, not 500."""
|
||||||
|
with patch("receiptwitness.api.routes.settings") as mock_settings:
|
||||||
|
mock_settings.mailgun_webhook_signing_key = "test-secret"
|
||||||
|
form = {
|
||||||
|
"token": "test-token",
|
||||||
|
"timestamp": "",
|
||||||
|
"signature": "any-sig",
|
||||||
|
"sender": "sender@example.com",
|
||||||
|
"recipient": "receipts+user123@example.com",
|
||||||
|
"subject": "Receipt",
|
||||||
|
}
|
||||||
|
response = client.post("/inbound/email", data=form)
|
||||||
|
assert response.status_code == 406
|
||||||
|
assert response.json()["detail"] == "Invalid signature"
|
||||||
|
mock_redis["enqueue"].assert_not_awaited()
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_inbound_email_returns_405(client):
|
||||||
|
"""GET /inbound/email is not allowed."""
|
||||||
|
response = client.get("/inbound/email")
|
||||||
|
assert response.status_code == 405
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
import { useState, useEffect } from 'react'
|
||||||
import { Link, useNavigate } from 'react-router-dom'
|
import { Link, useNavigate } from 'react-router-dom'
|
||||||
import { authClient } from '../lib/auth-client.ts'
|
import { authClient } from '../lib/auth-client.ts'
|
||||||
import { useAuthStore } from '../stores/auth.ts'
|
import { useAuthStore } from '../stores/auth.ts'
|
||||||
@@ -9,6 +10,26 @@ export function Settings() {
|
|||||||
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||||
const navigate = useNavigate()
|
const navigate = useNavigate()
|
||||||
const { theme, setTheme } = useThemeStore()
|
const { theme, setTheme } = useThemeStore()
|
||||||
|
const [emailInAddress, setEmailInAddress] = useState<string | null>(null)
|
||||||
|
const [copied, setCopied] = useState(false)
|
||||||
|
|
||||||
|
useEffect(() => {
|
||||||
|
if (!session?.user) return
|
||||||
|
fetch('/api/v1/me/email-in-address', {
|
||||||
|
credentials: 'include',
|
||||||
|
})
|
||||||
|
.then((res) => res.json())
|
||||||
|
.then((data) => setEmailInAddress(data.email_address))
|
||||||
|
.catch(() => setEmailInAddress(null))
|
||||||
|
}, [session])
|
||||||
|
|
||||||
|
async function handleCopyEmail() {
|
||||||
|
if (emailInAddress) {
|
||||||
|
await navigator.clipboard.writeText(emailInAddress)
|
||||||
|
setCopied(true)
|
||||||
|
setTimeout(() => setCopied(false), 2000)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const user = session?.user
|
const user = session?.user
|
||||||
const connectedStores: string[] = []
|
const connectedStores: string[] = []
|
||||||
@@ -113,6 +134,30 @@ export function Settings() {
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
{/* Receipt Email section */}
|
||||||
|
<section className="mt-6">
|
||||||
|
<h2 className="mb-3 text-sm font-semibold text-gray-500">Receipt Email</h2>
|
||||||
|
<div className="rounded-xl bg-white p-4 shadow-sm">
|
||||||
|
<p className="mb-2 text-sm text-gray-600">
|
||||||
|
Forward your digital receipt emails to this address:
|
||||||
|
</p>
|
||||||
|
<div className="flex items-center gap-2">
|
||||||
|
<code className="flex-1 rounded-lg bg-gray-100 px-3 py-2 text-sm font-mono text-gray-800 truncate">
|
||||||
|
{emailInAddress ?? 'Loading...'}
|
||||||
|
</code>
|
||||||
|
<button
|
||||||
|
onClick={handleCopyEmail}
|
||||||
|
className="rounded-lg bg-brand-blue px-3 py-2 text-sm font-medium text-white hover:bg-brand-blue/90 transition-colors"
|
||||||
|
>
|
||||||
|
{copied ? 'Copied!' : 'Copy'}
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
<p className="mt-2 text-xs text-gray-400">
|
||||||
|
Supports Meijer, Kroger, and Target receipt emails.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
</div>
|
</div>
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user