feat(server): mint API + Postgres schema + manual adapter (PR 1)

Source-agnostic license issuance service. FastAPI app fronts a
Postgres `licenses` table; the only currently-wired source is
`manual` (operator mints via /internal/mint). Gumroad webhook
adapter lands in PR 2.

Key design points:

- Signing reuses src/license/crypto.py via a COPY into the image
  (single source of truth — blobs minted server-side verify against
  the same embedded pubkey on the buyer's machine).
- Source adapter Protocol (app/adapters/base.py) is the seam for
  Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks
  only SaleEvent / RefundEvent.
- (source, source_order_id) UNIQUE composite gives idempotent
  webhook retries without double-mint.
- JSONB type uses with_variant(JSON, 'sqlite') so the same models
  drive both Postgres prod and SQLite tests (no testcontainers dep).
- Bearer-token auth on /internal/*; the IP-loopback guard was
  removed after the docker bridge made it fight legitimate prod
  traffic (nginx defense + Bearer remain).
- Secrets resolved via *_FILE env vars pointing at
  /run/secrets/<name>, so passwords never appear in `docker inspect`.

21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres
docker-compose smoke test in server/scripts/smoke.sh that builds the
image, runs the alembic migration, mints a license, verifies the
signature against the host dev pubkey, and checks the DB row.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-14 00:46:54 +00:00
parent 4179cb5156
commit bab2c9468c
29 changed files with 1519 additions and 0 deletions

46
server/alembic/env.py Normal file
View File

@@ -0,0 +1,46 @@
"""Alembic environment.
Reads the runtime database URL from ``app.db`` (which resolves the
password from the secrets file), so ``alembic upgrade head`` Just
Works inside the API container with no extra env wiring.
"""
from __future__ import annotations
from logging.config import fileConfig
from alembic import context
from app.db import Base, engine
from app import models # noqa: F401 — imported for side-effect of registering models
config = context.config
if config.config_file_name is not None:
fileConfig(config.config_file_name)
target_metadata = Base.metadata
def run_migrations_offline() -> None:
context.configure(
url=str(engine.url),
target_metadata=target_metadata,
literal_binds=True,
dialect_opts={"paramstyle": "named"},
)
with context.begin_transaction():
context.run_migrations()
def run_migrations_online() -> None:
with engine.connect() as connection:
context.configure(connection=connection, target_metadata=target_metadata)
with context.begin_transaction():
context.run_migrations()
if context.is_offline_mode():
run_migrations_offline()
else:
run_migrations_online()

View File

@@ -0,0 +1,26 @@
"""${message}
Revision ID: ${up_revision}
Revises: ${down_revision | comma,n}
Create Date: ${create_date}
"""
from __future__ import annotations
from typing import Sequence, Union
from alembic import op
import sqlalchemy as sa
${imports if imports else ""}
revision: str = ${repr(up_revision)}
down_revision: Union[str, None] = ${repr(down_revision)}
branch_labels: Union[str, Sequence[str], None] = ${repr(branch_labels)}
depends_on: Union[str, Sequence[str], None] = ${repr(depends_on)}
def upgrade() -> None:
${upgrades if upgrades else "pass"}
def downgrade() -> None:
${downgrades if downgrades else "pass"}

View File

@@ -0,0 +1,80 @@
"""Initial schema — licenses + gumroad_events.
Revision ID: 0001_initial
Revises:
Create Date: 2026-05-14
"""
from __future__ import annotations
from typing import Sequence, Union
import sqlalchemy as sa
from alembic import op
from sqlalchemy.dialects import postgresql
revision: str = "0001_initial"
down_revision: Union[str, None] = None
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
op.create_table(
"licenses",
sa.Column("license_key", sa.String(), primary_key=True),
sa.Column("name", sa.String(), nullable=False),
sa.Column("email", sa.String(), nullable=False),
sa.Column("tier", sa.String(), nullable=False),
sa.Column("issued_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("blob", sa.String(), nullable=False),
sa.Column("source", sa.String(), nullable=False),
sa.Column("source_order_id", sa.String(), nullable=True),
sa.Column("promotion", sa.String(), nullable=True),
sa.Column("amount_paid", sa.Numeric(10, 2), nullable=True),
sa.Column("currency", sa.String(length=3), server_default=sa.text("'USD'"), nullable=True),
sa.Column("revoked_at", sa.DateTime(timezone=True), nullable=True),
sa.Column("notes", sa.String(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.UniqueConstraint("source", "source_order_id", name="uq_licenses_source_order"),
)
op.create_index(
"ix_licenses_email_lower",
"licenses",
[sa.text("lower(email)")],
)
op.create_index(
"ix_licenses_expires_active",
"licenses",
["expires_at"],
postgresql_where=sa.text("revoked_at IS NULL"),
)
op.create_table(
"gumroad_events",
sa.Column("id", sa.BigInteger(), primary_key=True, autoincrement=True),
sa.Column("received_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.Column("event_type", sa.String(), nullable=False),
sa.Column("order_id", sa.String(), nullable=True),
sa.Column("raw_payload", postgresql.JSONB(), nullable=False),
sa.Column("processed", sa.Boolean(), server_default=sa.text("false"), nullable=False),
sa.Column("error", sa.String(), nullable=True),
)
op.create_index("ix_gumroad_events_order_id", "gumroad_events", ["order_id"])
op.create_index(
"ix_gumroad_events_unprocessed",
"gumroad_events",
["received_at"],
postgresql_where=sa.text("processed = false"),
)
def downgrade() -> None:
op.drop_index("ix_gumroad_events_unprocessed", table_name="gumroad_events")
op.drop_index("ix_gumroad_events_order_id", table_name="gumroad_events")
op.drop_table("gumroad_events")
op.drop_index("ix_licenses_expires_active", table_name="licenses")
op.drop_index("ix_licenses_email_lower", table_name="licenses")
op.drop_table("licenses")