feat(server): mint API + Postgres schema + manual adapter (PR 1)
Source-agnostic license issuance service. FastAPI app fronts a Postgres `licenses` table; the only currently-wired source is `manual` (operator mints via /internal/mint). Gumroad webhook adapter lands in PR 2. Key design points: - Signing reuses src/license/crypto.py via a COPY into the image (single source of truth — blobs minted server-side verify against the same embedded pubkey on the buyer's machine). - Source adapter Protocol (app/adapters/base.py) is the seam for Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks only SaleEvent / RefundEvent. - (source, source_order_id) UNIQUE composite gives idempotent webhook retries without double-mint. - JSONB type uses with_variant(JSON, 'sqlite') so the same models drive both Postgres prod and SQLite tests (no testcontainers dep). - Bearer-token auth on /internal/*; the IP-loopback guard was removed after the docker bridge made it fight legitimate prod traffic (nginx defense + Bearer remain). - Secrets resolved via *_FILE env vars pointing at /run/secrets/<name>, so passwords never appear in `docker inspect`. 21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres docker-compose smoke test in server/scripts/smoke.sh that builds the image, runs the alembic migration, mints a license, verifies the signature against the host dev pubkey, and checks the DB row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
91
server/app/models.py
Normal file
91
server/app/models.py
Normal file
@@ -0,0 +1,91 @@
|
||||
"""ORM models for the licenses + gumroad_events tables.
|
||||
|
||||
Schema mirrors ``docs/LICENSE-SERVER.md``, generalized so any
|
||||
``source`` can populate it. The ``(source, source_order_id)``
|
||||
composite uniqueness key gives idempotent webhook retries — a
|
||||
storefront firing the same sale twice maps to the same row.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import datetime
|
||||
from typing import Optional
|
||||
|
||||
from sqlalchemy import (
|
||||
JSON,
|
||||
BigInteger,
|
||||
DateTime,
|
||||
Index,
|
||||
Numeric,
|
||||
String,
|
||||
UniqueConstraint,
|
||||
func,
|
||||
text,
|
||||
)
|
||||
from sqlalchemy.dialects.postgresql import JSONB
|
||||
from sqlalchemy.orm import Mapped, mapped_column
|
||||
|
||||
# JSONB on Postgres (indexable, queryable), plain JSON elsewhere
|
||||
# (SQLite for tests). Same Python interface either way.
|
||||
_JSON_TYPE = JSON().with_variant(JSONB(), "postgresql")
|
||||
|
||||
from app.db import Base
|
||||
|
||||
|
||||
class License(Base):
|
||||
__tablename__ = "licenses"
|
||||
|
||||
license_key: Mapped[str] = mapped_column(String, primary_key=True)
|
||||
name: Mapped[str] = mapped_column(String, nullable=False)
|
||||
email: Mapped[str] = mapped_column(String, nullable=False)
|
||||
tier: Mapped[str] = mapped_column(String, nullable=False)
|
||||
issued_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False)
|
||||
expires_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False)
|
||||
blob: Mapped[str] = mapped_column(String, nullable=False)
|
||||
|
||||
source: Mapped[str] = mapped_column(String, nullable=False)
|
||||
source_order_id: Mapped[Optional[str]] = mapped_column(String, nullable=True)
|
||||
promotion: Mapped[Optional[str]] = mapped_column(String, nullable=True)
|
||||
amount_paid: Mapped[Optional[float]] = mapped_column(Numeric(10, 2), nullable=True)
|
||||
currency: Mapped[Optional[str]] = mapped_column(String(3), nullable=True, server_default=text("'USD'"))
|
||||
|
||||
revoked_at: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)
|
||||
notes: Mapped[Optional[str]] = mapped_column(String, nullable=True)
|
||||
|
||||
created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False, server_default=func.now())
|
||||
updated_at: Mapped[datetime] = mapped_column(
|
||||
DateTime(timezone=True),
|
||||
nullable=False,
|
||||
server_default=func.now(),
|
||||
onupdate=func.now(),
|
||||
)
|
||||
|
||||
__table_args__ = (
|
||||
UniqueConstraint("source", "source_order_id", name="uq_licenses_source_order"),
|
||||
Index("ix_licenses_email_lower", func.lower(text("email"))),
|
||||
Index("ix_licenses_expires_active", "expires_at", postgresql_where=text("revoked_at IS NULL")),
|
||||
)
|
||||
|
||||
|
||||
class GumroadEvent(Base):
|
||||
"""Append-only audit log of every webhook delivery.
|
||||
|
||||
Stored regardless of processing outcome so we can replay failed
|
||||
events, investigate disputes, and reconstruct the customer
|
||||
record if the ``licenses`` table is ever corrupted.
|
||||
"""
|
||||
|
||||
__tablename__ = "gumroad_events"
|
||||
|
||||
id: Mapped[int] = mapped_column(BigInteger, primary_key=True, autoincrement=True)
|
||||
received_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), nullable=False, server_default=func.now())
|
||||
event_type: Mapped[str] = mapped_column(String, nullable=False)
|
||||
order_id: Mapped[Optional[str]] = mapped_column(String, nullable=True)
|
||||
raw_payload: Mapped[dict] = mapped_column(_JSON_TYPE, nullable=False)
|
||||
processed: Mapped[bool] = mapped_column(server_default=text("false"), nullable=False)
|
||||
error: Mapped[Optional[str]] = mapped_column(String, nullable=True)
|
||||
|
||||
__table_args__ = (
|
||||
Index("ix_gumroad_events_order_id", "order_id"),
|
||||
Index("ix_gumroad_events_unprocessed", "received_at", postgresql_where=text("processed = false")),
|
||||
)
|
||||
Reference in New Issue
Block a user