feat(server): mint API + Postgres schema + manual adapter (PR 1)
Source-agnostic license issuance service. FastAPI app fronts a Postgres `licenses` table; the only currently-wired source is `manual` (operator mints via /internal/mint). Gumroad webhook adapter lands in PR 2. Key design points: - Signing reuses src/license/crypto.py via a COPY into the image (single source of truth — blobs minted server-side verify against the same embedded pubkey on the buyer's machine). - Source adapter Protocol (app/adapters/base.py) is the seam for Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks only SaleEvent / RefundEvent. - (source, source_order_id) UNIQUE composite gives idempotent webhook retries without double-mint. - JSONB type uses with_variant(JSON, 'sqlite') so the same models drive both Postgres prod and SQLite tests (no testcontainers dep). - Bearer-token auth on /internal/*; the IP-loopback guard was removed after the docker bridge made it fight legitimate prod traffic (nginx defense + Bearer remain). - Secrets resolved via *_FILE env vars pointing at /run/secrets/<name>, so passwords never appear in `docker inspect`. 21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres docker-compose smoke test in server/scripts/smoke.sh that builds the image, runs the alembic migration, mints a license, verifies the signature against the host dev pubkey, and checks the DB row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
52
server/app/adapters/manual.py
Normal file
52
server/app/adapters/manual.py
Normal file
@@ -0,0 +1,52 @@
|
||||
"""Manual adapter — operator-initiated mints (comps, support replacements).
|
||||
|
||||
There is no webhook to verify and no payload to parse: the operator
|
||||
hands us the buyer details directly via the CLI, and we construct a
|
||||
:class:`SaleEvent` from them. ``source='manual'`` separates these
|
||||
rows from storefront-driven mints in the DB.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from decimal import Decimal
|
||||
from typing import Any, Optional
|
||||
|
||||
from app.adapters.base import RefundEvent, SaleEvent
|
||||
|
||||
|
||||
class ManualAdapter:
|
||||
source_name = "manual"
|
||||
|
||||
def verify_webhook(self, *, body: bytes, headers: dict[str, str]) -> bool:
|
||||
return False # manual flows never come through webhooks
|
||||
|
||||
def parse_sale(self, payload: dict[str, Any]) -> Optional[SaleEvent]:
|
||||
return self.build_sale(**payload)
|
||||
|
||||
def parse_refund(self, payload: dict[str, Any]) -> Optional[RefundEvent]:
|
||||
return None
|
||||
|
||||
def build_sale(
|
||||
self,
|
||||
*,
|
||||
name: str,
|
||||
email: str,
|
||||
tier: str,
|
||||
years: int = 1,
|
||||
promotion: Optional[str] = None,
|
||||
amount_paid: Optional[Decimal] = None,
|
||||
currency: Optional[str] = "USD",
|
||||
notes: Optional[str] = None,
|
||||
) -> SaleEvent:
|
||||
return SaleEvent(
|
||||
source=self.source_name,
|
||||
source_order_id=None,
|
||||
buyer_name=name,
|
||||
buyer_email=email,
|
||||
tier=tier,
|
||||
years=years,
|
||||
promotion=promotion,
|
||||
amount_paid=amount_paid,
|
||||
currency=currency,
|
||||
notes=notes,
|
||||
)
|
||||
Reference in New Issue
Block a user