feat(server): mint API + Postgres schema + manual adapter (PR 1)
Source-agnostic license issuance service. FastAPI app fronts a Postgres `licenses` table; the only currently-wired source is `manual` (operator mints via /internal/mint). Gumroad webhook adapter lands in PR 2. Key design points: - Signing reuses src/license/crypto.py via a COPY into the image (single source of truth — blobs minted server-side verify against the same embedded pubkey on the buyer's machine). - Source adapter Protocol (app/adapters/base.py) is the seam for Gumroad / Lemon Squeezy / Stripe in later PRs; Mint API speaks only SaleEvent / RefundEvent. - (source, source_order_id) UNIQUE composite gives idempotent webhook retries without double-mint. - JSONB type uses with_variant(JSON, 'sqlite') so the same models drive both Postgres prod and SQLite tests (no testcontainers dep). - Bearer-token auth on /internal/*; the IP-loopback guard was removed after the docker bridge made it fight legitimate prod traffic (nginx defense + Bearer remain). - Secrets resolved via *_FILE env vars pointing at /run/secrets/<name>, so passwords never appear in `docker inspect`. 21 unit tests (SQLite in-memory, StaticPool) plus a real-Postgres docker-compose smoke test in server/scripts/smoke.sh that builds the image, runs the alembic migration, mints a license, verifies the signature against the host dev pubkey, and checks the DB row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
54
server/app/schemas.py
Normal file
54
server/app/schemas.py
Normal file
@@ -0,0 +1,54 @@
|
||||
"""Pydantic request/response models for the HTTP layer."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
from datetime import datetime
|
||||
from decimal import Decimal
|
||||
from enum import Enum
|
||||
from typing import Optional
|
||||
|
||||
from pydantic import BaseModel, ConfigDict, EmailStr, Field
|
||||
|
||||
|
||||
class TierName(str, Enum):
|
||||
lite = "lite"
|
||||
core = "core"
|
||||
pro = "pro"
|
||||
enterprise = "enterprise"
|
||||
|
||||
|
||||
class MintRequest(BaseModel):
|
||||
name: str = Field(min_length=1, max_length=200)
|
||||
email: EmailStr
|
||||
tier: TierName
|
||||
years: int = Field(default=1, ge=1, le=10)
|
||||
source: str = Field(default="manual", min_length=1, max_length=40)
|
||||
source_order_id: Optional[str] = Field(default=None, max_length=120)
|
||||
promotion: Optional[str] = Field(default=None, max_length=60)
|
||||
amount_paid: Optional[Decimal] = Field(default=None, ge=0, decimal_places=2)
|
||||
currency: Optional[str] = Field(default="USD", min_length=3, max_length=3)
|
||||
notes: Optional[str] = Field(default=None, max_length=2000)
|
||||
|
||||
|
||||
class RevokeRequest(BaseModel):
|
||||
license_key: str = Field(min_length=1, max_length=120)
|
||||
reason: Optional[str] = Field(default=None, max_length=500)
|
||||
|
||||
|
||||
class LicenseResponse(BaseModel):
|
||||
model_config = ConfigDict(from_attributes=True)
|
||||
|
||||
license_key: str
|
||||
name: str
|
||||
email: str
|
||||
tier: str
|
||||
issued_at: datetime
|
||||
expires_at: datetime
|
||||
blob: str
|
||||
source: str
|
||||
source_order_id: Optional[str]
|
||||
promotion: Optional[str]
|
||||
amount_paid: Optional[Decimal]
|
||||
currency: Optional[str]
|
||||
revoked_at: Optional[datetime]
|
||||
notes: Optional[str]
|
||||
Reference in New Issue
Block a user