feat(server): mint API + Postgres schema + manual adapter (PR 1)

Source-agnostic license issuance service. FastAPI app fronts a
Postgres `licenses` table; the only currently-wired source is
`manual` (operator mints via /internal/mint). Gumroad webhook
adapter lands in PR 2.

Key design points:

- Signing reuses src/license/crypto.py via a COPY into the image
  (single source of truth — blobs minted server-side verify against
  the same embedded pubkey on the buyer's machine).
- Source adapter Protocol (app/adapters/base.py) is the seam for
  Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks
  only SaleEvent / RefundEvent.
- (source, source_order_id) UNIQUE composite gives idempotent
  webhook retries without double-mint.
- JSONB type uses with_variant(JSON, 'sqlite') so the same models
  drive both Postgres prod and SQLite tests (no testcontainers dep).
- Bearer-token auth on /internal/*; the IP-loopback guard was
  removed after the docker bridge made it fight legitimate prod
  traffic (nginx defense + Bearer remain).
- Secrets resolved via *_FILE env vars pointing at
  /run/secrets/<name>, so passwords never appear in `docker inspect`.

21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres
docker-compose smoke test in server/scripts/smoke.sh that builds the
image, runs the alembic migration, mints a license, verifies the
signature against the host dev pubkey, and checks the DB row.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-14 00:46:54 +00:00
parent 4179cb5156
commit bab2c9468c
29 changed files with 1519 additions and 0 deletions

View File

@@ -0,0 +1,80 @@
"""Initial schema — licenses + gumroad_events.
Revision ID: 0001_initial
Revises:
Create Date: 2026-05-14
"""
from __future__ import annotations
from typing import Sequence, Union
import sqlalchemy as sa
from alembic import op
from sqlalchemy.dialects import postgresql
revision: str = "0001_initial"
down_revision: Union[str, None] = None
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
op.create_table(
"licenses",
sa.Column("license_key", sa.String(), primary_key=True),
sa.Column("name", sa.String(), nullable=False),
sa.Column("email", sa.String(), nullable=False),
sa.Column("tier", sa.String(), nullable=False),
sa.Column("issued_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
sa.Column("blob", sa.String(), nullable=False),
sa.Column("source", sa.String(), nullable=False),
sa.Column("source_order_id", sa.String(), nullable=True),
sa.Column("promotion", sa.String(), nullable=True),
sa.Column("amount_paid", sa.Numeric(10, 2), nullable=True),
sa.Column("currency", sa.String(length=3), server_default=sa.text("'USD'"), nullable=True),
sa.Column("revoked_at", sa.DateTime(timezone=True), nullable=True),
sa.Column("notes", sa.String(), nullable=True),
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.UniqueConstraint("source", "source_order_id", name="uq_licenses_source_order"),
)
op.create_index(
"ix_licenses_email_lower",
"licenses",
[sa.text("lower(email)")],
)
op.create_index(
"ix_licenses_expires_active",
"licenses",
["expires_at"],
postgresql_where=sa.text("revoked_at IS NULL"),
)
op.create_table(
"gumroad_events",
sa.Column("id", sa.BigInteger(), primary_key=True, autoincrement=True),
sa.Column("received_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
sa.Column("event_type", sa.String(), nullable=False),
sa.Column("order_id", sa.String(), nullable=True),
sa.Column("raw_payload", postgresql.JSONB(), nullable=False),
sa.Column("processed", sa.Boolean(), server_default=sa.text("false"), nullable=False),
sa.Column("error", sa.String(), nullable=True),
)
op.create_index("ix_gumroad_events_order_id", "gumroad_events", ["order_id"])
op.create_index(
"ix_gumroad_events_unprocessed",
"gumroad_events",
["received_at"],
postgresql_where=sa.text("processed = false"),
)
def downgrade() -> None:
op.drop_index("ix_gumroad_events_unprocessed", table_name="gumroad_events")
op.drop_index("ix_gumroad_events_order_id", table_name="gumroad_events")
op.drop_table("gumroad_events")
op.drop_index("ix_licenses_expires_active", table_name="licenses")
op.drop_index("ix_licenses_email_lower", table_name="licenses")
op.drop_table("licenses")