Wires the second source-adapter (Gumroad) plus the email delivery
that lets the server fulfill a sale end-to-end without operator
intervention.
Auth model: Gumroad doesn't HMAC the body, so we use their
recommended URL-secret pattern (?secret=...). Wrong/missing secret
returns 404 — no signal to a prober that the endpoint exists.
Webhook flow (server/app/routes/webhooks.py):
1. audit-log the raw payload (gumroad_events row) BEFORE anything
else, so a later failure leaves us replayable
2. parse via GumroadAdapter (server/app/adapters/gumroad.py)
3. mint_from_sale — UNIQUE(source, source_order_id) dedups
duplicate webhook retries
4. send the license email
5. mark gumroad_events.processed = true
Always returns 200 once auth passes. Non-2xx would trigger Gumroad's
3-day retry storm; we'd rather record the failure on the audit row
and replay manually after fixing whatever surfaced.
Product → tier mapping is per-source YAML at
server/config/products.yaml (lru_cached). Adding a SKU = edit yaml,
restart api. Unmapped product_id is an error on the audit row, not
a crash.
EmailService (server/app/email.py): provider-agnostic interface with
Postmark as the first implementation. When POSTMARK_TOKEN is unset
the factory returns LoggingEmailService instead, so the webhook
exercises end-to-end before Postmark is provisioned.
48 unit tests (was 21) including:
- Gumroad secret verify with constant-time compare
- Sale parsing: amount-in-cents, name fallback from email,
test=true tagging, missing-required fields, offer codes
- Product mapping lookups
- Email rendering text + HTML, HTML-escapes user input
- Postmark client via httpx.MockTransport (success and 4xx)
- Webhook end-to-end: secret check, audit log, idempotency on
retry, unmapped product, email failure keeps license
Smoke test (server/scripts/smoke.sh) extended to POST a synthetic
Ping payload, verify the row + audit log, prove wrong-secret is
rejected, prove duplicate sale_id stays one row.
SQLite-test compatibility:
- BigInteger primary key uses with_variant(Integer, "sqlite") since
SQLite only autoincrements INTEGER PRIMARY KEY.
- python-multipart pulled in for FastAPI Form parsing.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
149 lines
5.3 KiB
Bash
Executable File
149 lines
5.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# End-to-end smoke test for the license server.
|
|
#
|
|
# Builds the API image, brings up Postgres + API, runs the Alembic
|
|
# migration, mints a license through /internal/mint, verifies the
|
|
# resulting blob's Ed25519 signature against the dev pubkey, and
|
|
# confirms the row landed in the DB. Tears everything down at exit.
|
|
#
|
|
# Run from the server/ directory: ./scripts/smoke.sh
|
|
set -euo pipefail
|
|
|
|
cd "$(dirname "$0")/.."
|
|
|
|
PROJECT=dt-license-smoke
|
|
COMPOSE=(docker compose -p "$PROJECT" -f compose.test.yml)
|
|
|
|
cleanup() {
|
|
echo "--- Tearing down ---"
|
|
"${COMPOSE[@]}" down -v --remove-orphans >/dev/null 2>&1 || true
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
echo "--- Building image ---"
|
|
"${COMPOSE[@]}" build
|
|
|
|
echo "--- Starting stack ---"
|
|
"${COMPOSE[@]}" up -d
|
|
|
|
echo "--- Waiting for API health (max 60s) ---"
|
|
for i in $(seq 1 60); do
|
|
if curl -sf http://127.0.0.1:18090/health 2>/dev/null | grep -q '"status":"ok"'; then
|
|
echo "API up after ${i}s"
|
|
break
|
|
fi
|
|
sleep 1
|
|
done
|
|
|
|
echo "--- Running migrations ---"
|
|
"${COMPOSE[@]}" exec -T api alembic upgrade head
|
|
|
|
echo "--- Re-checking health post-migration ---"
|
|
curl -sf http://127.0.0.1:18090/health | tee /dev/stderr | grep -q '"db":"ok"'
|
|
|
|
echo "--- POST /internal/mint ---"
|
|
RESP=$(curl -s -w "\nHTTP=%{http_code}" -X POST http://127.0.0.1:18090/internal/mint \
|
|
-H "Authorization: Bearer test-admin-token" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"name":"Smoke Test","email":"smoke@example.com","tier":"core","source":"manual"}')
|
|
echo "$RESP"
|
|
HTTP_CODE=$(echo "$RESP" | tail -n1 | sed 's/HTTP=//')
|
|
RESP=$(echo "$RESP" | sed '$d')
|
|
if [ "$HTTP_CODE" != "201" ]; then
|
|
echo "MINT FAILED (HTTP $HTTP_CODE)"
|
|
"${COMPOSE[@]}" logs --tail 50 api
|
|
exit 1
|
|
fi
|
|
echo "$RESP" | python3 -m json.tool | head -8
|
|
|
|
BLOB=$(echo "$RESP" | python3 -c 'import json,sys; print(json.load(sys.stdin)["blob"])')
|
|
|
|
echo "--- Verifying blob signature against host dev pubkey ---"
|
|
python3 - <<EOF
|
|
import sys
|
|
sys.path.insert(0, "..")
|
|
from src.license.crypto import decode_blob, verify
|
|
payload = decode_blob("$BLOB")
|
|
sig = payload.pop("signature")
|
|
assert verify(payload, sig), "signature must verify"
|
|
assert payload["name"] == "Smoke Test"
|
|
assert payload["email"] == "smoke@example.com"
|
|
assert payload["tier"] == "core"
|
|
print("OK: signature verifies, payload matches")
|
|
EOF
|
|
|
|
echo "--- Verifying DB row ---"
|
|
"${COMPOSE[@]}" exec -T postgres \
|
|
psql -U dt_test -d dt_test -t -c \
|
|
"SELECT license_key, email, tier, source FROM licenses;" \
|
|
| grep -q smoke@example.com
|
|
|
|
echo "--- POST /webhooks/gumroad (synthetic Ping payload) ---"
|
|
WEBHOOK_RESP=$(curl -s -w "\nHTTP=%{http_code}" -X POST \
|
|
"http://127.0.0.1:18090/webhooks/gumroad?secret=test-gumroad-secret" \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
--data-urlencode "sale_id=GUM-SMOKE-001" \
|
|
--data-urlencode "email=webhook@example.com" \
|
|
--data-urlencode "full_name=Webhook Tester" \
|
|
--data-urlencode "product_id=datatools-core" \
|
|
--data-urlencode "price=9900" \
|
|
--data-urlencode "currency=usd" \
|
|
--data-urlencode "test=true")
|
|
WEBHOOK_CODE=$(echo "$WEBHOOK_RESP" | tail -n1 | sed 's/HTTP=//')
|
|
WEBHOOK_BODY=$(echo "$WEBHOOK_RESP" | sed '$d')
|
|
echo "$WEBHOOK_BODY" | python3 -m json.tool
|
|
if [ "$WEBHOOK_CODE" != "200" ] || ! echo "$WEBHOOK_BODY" | grep -q '"status":"ok"'; then
|
|
echo "WEBHOOK FAILED (HTTP $WEBHOOK_CODE)"
|
|
"${COMPOSE[@]}" logs --tail 30 api
|
|
exit 1
|
|
fi
|
|
|
|
echo "--- Verifying Gumroad mint landed in DB ---"
|
|
"${COMPOSE[@]}" exec -T postgres \
|
|
psql -U dt_test -d dt_test -t -c \
|
|
"SELECT license_key, email, tier, source, source_order_id FROM licenses WHERE source='gumroad';" \
|
|
| tee /dev/stderr | grep -q GUM-SMOKE-001
|
|
|
|
echo "--- Verifying gumroad_events audit row ---"
|
|
PROCESSED=$("${COMPOSE[@]}" exec -T postgres \
|
|
psql -U dt_test -d dt_test -At -c \
|
|
"SELECT processed FROM gumroad_events WHERE order_id='GUM-SMOKE-001' ORDER BY id LIMIT 1;")
|
|
if [ "$PROCESSED" != "t" ]; then
|
|
echo "FAIL: gumroad_events.processed=$PROCESSED (expected 't')"
|
|
exit 1
|
|
fi
|
|
echo "audit row processed=true"
|
|
|
|
echo "--- Verifying wrong-secret returns 404 ---"
|
|
WRONG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
|
|
"http://127.0.0.1:18090/webhooks/gumroad?secret=wrong-secret" \
|
|
--data-urlencode "sale_id=should-not-mint")
|
|
if [ "$WRONG_CODE" != "404" ]; then
|
|
echo "FAIL: wrong-secret should return 404, got $WRONG_CODE"
|
|
exit 1
|
|
fi
|
|
echo "wrong-secret correctly rejected"
|
|
|
|
echo "--- Verifying webhook idempotency on retry ---"
|
|
curl -s -o /dev/null -X POST \
|
|
"http://127.0.0.1:18090/webhooks/gumroad?secret=test-gumroad-secret" \
|
|
--data-urlencode "sale_id=GUM-SMOKE-001" \
|
|
--data-urlencode "email=webhook@example.com" \
|
|
--data-urlencode "full_name=Webhook Tester" \
|
|
--data-urlencode "product_id=datatools-core" \
|
|
--data-urlencode "price=9900" \
|
|
--data-urlencode "currency=usd"
|
|
ROW_COUNT=$("${COMPOSE[@]}" exec -T postgres psql -U dt_test -d dt_test -t -c \
|
|
"SELECT COUNT(*) FROM licenses WHERE source_order_id='GUM-SMOKE-001';" \
|
|
| tr -d ' ')
|
|
if [ "$ROW_COUNT" != "1" ]; then
|
|
echo "FAIL: duplicate webhook produced $ROW_COUNT rows (expected 1)"
|
|
exit 1
|
|
fi
|
|
echo "idempotency OK: still 1 license row after retry"
|
|
|
|
echo
|
|
echo "===================================="
|
|
echo " SMOKE TEST PASSED"
|
|
echo "===================================="
|