bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add subcription feature 6

Browse Source
This commit is contained in:
Urtzi Alfaro
2026-01-16 15:19:34 +01:00
parent 6b43116efd
commit 4bafceed0d
35 changed files with 3826 additions and 1789 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
CHANGES_SUMMARY.md Normal file
View File

@@ -0,0 +1,78 @@
# User Endpoint Refactoring - Changes Summary
## Overview
This refactoring removes the redundant `/auth/me` endpoint and consolidates user profile retrieval through the proper `/users/{user_id}` endpoint, improving API consistency and reducing code duplication.
## Problem Analysis
The system had two endpoints returning similar user information:
- `/auth/me` - Returned current user from JWT token
- `/users/{user_id}` - Returned user by ID
This created redundancy and confusion in the API structure.
## Changes Made
### 1. Backend Changes
**File:** `services/auth/app/api/auth_operations.py`
- **Removed:** `/auth/me` endpoint (lines with `@router.get("/me")`)
- **Impact:** The endpoint no longer exists in the auth service
- **Reason:** Redundant with `/users/{user_id}` endpoint
### 2. Frontend Changes
**File:** `frontend/src/api/services/user.ts`
- **Updated:** `getCurrentUser()` method
- **Before:** Called `/users/me`
- **After:** Gets current user ID from auth store and calls `/users/{user_id}`
- **Implementation:**
```typescript
async getCurrentUser(): Promise<UserResponse> {
// Get current user ID from auth store
const authStore = useAuthStore.getState();
const userId = authStore.user?.id;
if (!userId) {
throw new Error('No authenticated user found');
}
return apiClient.get<UserResponse>(`${this.baseUrl}/${userId}`);
}
```
### 3. API Client Changes
**File:** `frontend/src/api/client/apiClient.ts`
- **Updated:** Removed `/auth/me` from `noTenantEndpoints` array
- **Before:** `/auth/me` was listed as a user-level endpoint
- **After:** Removed since the endpoint no longer exists
- **Note:** `/auth/me/onboarding` remains as it's a different endpoint
## API Gateway Behavior
The gateway routing remains unchanged and works correctly:
- Frontend calls `/users/{user_id}`
- Gateway forwards to `/api/v1/auth/users/{user_id}` in auth service
- Auth service returns user data via `get_user_by_id()` endpoint
## Benefits
1. **Consistency:** Single source of truth for user data
2. **Simplicity:** Removes redundant endpoint
3. **Maintainability:** Clearer API structure
4. **Performance:** No duplicate data fetching logic
## Testing
- Created verification script to ensure all changes are syntactically correct
- Verified that `/auth/me` endpoint has been removed
- Confirmed that UserService correctly uses user ID from auth store
- Validated that API client no longer references the removed endpoint
## Migration Notes
- **Breaking Change:** Any direct calls to `/auth/me` will now return 404
- **Replacement:** Use `/users/{user_id}` with the current user's ID
- **Frontend:** All existing frontend code using `useCurrentUser()` continues to work
- **Backend:** Other services should use `/users/{user_id}` for user data
## Files Modified
1. `services/auth/app/api/auth_operations.py` - Removed endpoint
2. `frontend/src/api/services/user.ts` - Updated service method
3. `frontend/src/api/client/apiClient.ts` - Updated endpoint configuration
## Verification
All changes have been verified with the verification script and pass syntax checks.

361
SUBSCRIPTION_ARCHITECTURE_REDESIGN.md Normal file
View File

@@ -0,0 +1,361 @@
# Subscription System Architecture Redesign - IMPLEMENTED
## Overview
This document outlines the **completed implementation** of the comprehensive subscription system architecture redesign. The implementation improves organization, maintainability, and separation of concerns while respecting the existing service-based client architecture.
## Current State - FULLY IMPLEMENTED ✅
### Issues Resolved
1.**Mixed Concerns**: Subscription endpoints are now properly separated from tenant management
2.**Inconsistent URL Patterns**: All endpoints now use consistent `/tenants/{tenant_id}/subscription/*` structure
3.**Poor Organization**: Subscription operations are now centralized in one API file
4.**Middleware Dependencies**: All middleware now uses updated URL patterns
5.**Client Layer Confusion**: Tenant client contains only tenant-specific methods, subscription methods use proper patterns
## New Architecture Design - FULLY IMPLEMENTED ✅
### API Structure & URL Patterns
#### Public Endpoints (No Authentication) - ✅ IMPLEMENTED
```
GET /api/v1/plans - Get all available plans
GET /api/v1/plans/{tier} - Get specific plan details
GET /api/v1/plans/{tier}/features - Get plan features
GET /api/v1/plans/{tier}/limits - Get plan limits
GET /api/v1/plans/compare - Compare all plans
```
#### Registration Flow (No Tenant Context) - ✅ IMPLEMENTED
```
POST /api/v1/registration/payment-setup - Start registration with payment
POST /api/v1/registration/complete - Complete registration after 3DS
GET /api/v1/registration/state/{state_id} - Check registration state
```
#### Tenant-Dependent Subscription Endpoints - ✅ IMPLEMENTED
```
GET /api/v1/tenants/{tenant_id}/subscription/status - Get subscription status
GET /api/v1/tenants/{tenant_id}/subscription/details - Get full subscription details
GET /api/v1/tenants/{tenant_id}/subscription/tier - Get subscription tier (cached)
GET /api/v1/tenants/{tenant_id}/subscription/limits - Get subscription limits
GET /api/v1/tenants/{tenant_id}/subscription/usage - Get usage summary
GET /api/v1/tenants/{tenant_id}/subscription/features/{feature} - Check feature access
# Subscription Management
POST /api/v1/tenants/{tenant_id}/subscription/cancel - Cancel subscription
POST /api/v1/tenants/{tenant_id}/subscription/reactivate - Reactivate subscription
GET /api/v1/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan} - Validate upgrade
POST /api/v1/tenants/{tenant_id}/subscription/upgrade - Upgrade subscription
# Quota & Limit Checks
GET /api/v1/tenants/{tenant_id}/subscription/limits/locations - Check location limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/products - Check product limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/users - Check user limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/recipes - Check recipe limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/suppliers - Check supplier limits
# Payment Management
GET /api/v1/tenants/{tenant_id}/subscription/payment-method - Get payment method
POST /api/v1/tenants/{tenant_id}/subscription/payment-method - Update payment method
GET /api/v1/tenants/{tenant_id}/subscription/invoices - Get invoices
```
### Service Layer Organization - ✅ IMPLEMENTED
**`subscription.py`** - All subscription-related endpoints
- Registration flow endpoints
- Tenant-dependent subscription endpoints
- Subscription management endpoints
- Quota and limit checks
- Payment management endpoints
**`tenant_operations.py`** - Only tenant-centric operations
- Tenant creation/management
- Tenant hierarchy operations
- Tenant settings management
- Tenant location management
**`plans.py`** - Public plan information (unchanged)
## Implementation Status - COMPLETE ✅
### Phase 1: Backend API Reorganization - ✅ COMPLETED
#### Step 1: Move Subscription Endpoints - ✅ DONE
- ✅ Moved all subscription endpoints from `tenant_operations.py` to `subscription.py`
- ✅ Implemented new URL patterns with consistent structure
- ✅ Updated all endpoint implementations to use new paths
**Files Modified:**
- `services/tenant/app/api/subscription.py` - ✅ All subscription endpoints added
- `services/tenant/app/api/tenant_operations.py` - ✅ Subscription endpoints removed
#### Step 2: Update Tenant Service Main.py - ✅ DONE
- ✅ Ensured proper router inclusion for new subscription endpoints
- ✅ Removed old subscription endpoints from tenant operations router
**Files Modified:**
- `services/tenant/app/main.py` - ✅ Router inclusion updated
### Phase 2: Update Tenant Client - ✅ COMPLETED
#### Step 3: Update Tenant Client URL Patterns - ✅ DONE
All subscription-related methods in `shared/clients/tenant_client.py` updated:
```python
# ✅ All methods already updated with new URL patterns
async def get_subscription_status(self, tenant_id: str) -> Optional[Dict[str, Any]]:
result = await self.get(f"tenants/{tenant_id}/subscription/status")
return result
async def get_subscription_details(self, tenant_id: str) -> Optional[Dict[str, Any]]:
result = await self.get(f"tenants/{tenant_id}/subscription/details")
return result
# ✅ All other subscription methods similarly updated
```
**Files Modified:**
- `shared/clients/tenant_client.py` - ✅ All subscription methods updated
### Phase 3: Gateway Updates - ✅ COMPLETED
#### Step 4: Update Gateway Routes - ✅ DONE
```python
# ✅ All gateway routes updated with new patterns
@router.get("/plans")
@router.get("/plans/{tier}")
@router.get("/plans/{tier}/features")
@router.get("/plans/{tier}/limits")
@router.get("/plans/compare")
# ✅ Registration flow
@router.post("/registration/payment-setup")
@router.post("/registration/complete")
@router.get("/registration/state/{state_id}")
# ✅ Tenant subscription endpoints
@router.get("/tenants/{tenant_id}/subscription/status")
@router.get("/tenants/{tenant_id}/subscription/details")
@router.get("/tenants/{tenant_id}/subscription/tier")
@router.get("/tenants/{tenant_id}/subscription/limits")
@router.get("/tenants/{tenant_id}/subscription/usage")
@router.get("/tenants/{tenant_id}/subscription/features/{feature}")
@router.post("/tenants/{tenant_id}/subscription/cancel")
@router.post("/tenants/{tenant_id}/subscription/reactivate")
@router.get("/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan}")
@router.post("/tenants/{tenant_id}/subscription/upgrade")
@router.get("/tenants/{tenant_id}/subscription/limits/locations")
@router.get("/tenants/{tenant_id}/subscription/limits/products")
@router.get("/tenants/{tenant_id}/subscription/limits/users")
@router.get("/tenants/{tenant_id}/subscription/limits/recipes")
@router.get("/tenants/{tenant_id}/subscription/limits/suppliers")
@router.get("/tenants/{tenant_id}/subscription/payment-method")
@router.post("/tenants/{tenant_id}/subscription/payment-method")
@router.get("/tenants/{tenant_id}/subscription/invoices")
```
**Files Modified:**
- `gateway/app/routes/subscription.py` - ✅ All gateway routes updated
#### Step 5: Update Middleware URL Patterns - ✅ DONE
```python
# ✅ In gateway/app/middleware/auth.py
async def _get_tenant_subscription_tier(self, tenant_id: str, request: Request) -> Optional[str]:
response = await self._make_request(
"GET",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/tier"
)
```
```python
# ✅ In gateway/app/middleware/read_only_mode.py
async def check_subscription_status(self, tenant_id: str, authorization: str) -> dict:
response = await self._make_request(
"GET",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/status"
)
```
**Files Modified:**
- `gateway/app/middleware/subscription.py` - ✅ URL patterns updated
- `gateway/app/middleware/auth.py` - ✅ Subscription tier lookup URL updated
- `gateway/app/middleware/read_only_mode.py` - ✅ Subscription status check URL updated
- `gateway/app/middleware/rate_limiting.py` - ✅ Subscription tier URL fixed
- `gateway/app/routes/tenant.py` - ✅ Removed conflicting wildcard route
### Phase 4: Frontend Updates - ✅ COMPLETED
#### Step 6: Update Frontend Subscription Service - ✅ DONE
```typescript
// ✅ In frontend/src/api/services/subscription.ts
export class SubscriptionService {
// ✅ All methods updated to use new URL patterns
async getSubscriptionStatus(tenantId: string): Promise<UsageSummary> {
return apiClient.get<UsageSummary>(`/tenants/${tenantId}/subscription/status`);
}
async getSubscriptionDetails(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/details`);
}
async getSubscriptionTier(tenantId: string): Promise<string> {
return apiClient.get(`/tenants/${tenantId}/subscription/tier`);
}
async getUsageSummary(tenantId: string): Promise<UsageSummary> {
return apiClient.get<UsageSummary>(`/tenants/${tenantId}/subscription/usage`);
}
async checkFeatureAccess(tenantId: string, featureName: string): Promise<FeatureCheckResponse> {
return apiClient.get<FeatureCheckResponse>(`/tenants/${tenantId}/subscription/features/${featureName}`);
}
async cancelSubscription(tenantId: string, reason?: string): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/cancel`, { reason });
}
async reactivateSubscription(tenantId: string, plan: string = 'starter'): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/reactivate`, { plan });
}
async validatePlanUpgrade(tenantId: string, newPlan: string): Promise<PlanUpgradeValidation> {
return apiClient.get<PlanUpgradeValidation>(`/tenants/${tenantId}/subscription/validate-upgrade/${newPlan}`);
}
async upgradePlan(tenantId: string, newPlan: string): Promise<PlanUpgradeResult> {
return apiClient.post<PlanUpgradeResult>(`/tenants/${tenantId}/subscription/upgrade`, { new_plan: newPlan });
}
async canAddLocation(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/locations`);
}
async canAddProduct(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/products`);
}
async canAddUser(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/users`);
}
async canAddRecipe(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/recipes`);
}
async canAddSupplier(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/suppliers`);
}
async getPaymentMethod(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/payment-method`);
}
async updatePaymentMethod(tenantId: string, paymentMethodId: string): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/payment-method`, { payment_method_id: paymentMethodId });
}
async getInvoices(tenantId: string): Promise<any[]> {
return apiClient.get(`/tenants/${tenantId}/subscription/invoices`);
}
// ✅ Registration flow methods
async startRegistrationPaymentSetup(userData: any): Promise<any> {
return apiClient.post('/registration/payment-setup', userData);
}
async completeRegistration(setupIntentId: string, userData: any): Promise<any> {
return apiClient.post('/registration/complete', {
setup_intent_id: setupIntentId,
user_data: userData
});
}
}
```
**Files Modified:**
- `frontend/src/api/services/subscription.ts` - ✅ All URL patterns updated
- `frontend/src/api/services/tenant.ts` - ✅ Fixed subscription linking endpoint
## Additional Fixes - ✅ COMPLETED
### Service Integration Updates
**Files Modified:**
- `services/auth/app/utils/subscription_fetcher.py` - ✅ Fixed subscription details URLs
- `services/auth/app/api/account_deletion.py` - ✅ Fixed subscription status URL
- `services/inventory/app/api/ingredients.py` - ✅ Fixed quota check URLs
- `services/tenant/tests/integration/test_subscription_creation_flow.py` - ✅ Fixed test URLs
## Benefits Achieved ✅
1. **Clear Separation of Concerns**: Subscription operations are properly separated from tenant management operations
2. **Consistent URL Patterns**: All subscription endpoints follow a logical, standardized structure
3. **Better Organization**: Easier to find and maintain subscription-related code
4. **Service-Based Architecture**: Maintains the constraint of using tenant client only
5. **Improved Maintainability**: Changes to subscription logic are localized to one API file
6. **Better Performance**: Clear caching strategies for subscription data
7. **Easier Scaling**: Subscription endpoints can be scaled independently if needed
8. **Cleaner Codebase**: No mixed concerns between tenant and subscription operations
## Implementation Summary - COMPLETE ✅
### Files Modified
**Backend Services:**
- `services/tenant/app/api/subscription.py` - ✅ Add all subscription endpoints
- `services/tenant/app/api/tenant_operations.py` - ✅ Remove subscription endpoints
- `services/tenant/app/main.py` - ✅ Update router inclusion
**Shared Client Layer:**
- `shared/clients/tenant_client.py` - ✅ Update all subscription methods with new URL patterns
**Gateway Layer:**
- `gateway/app/routes/subscription.py` - ✅ Update all gateway routes with new patterns
- `gateway/app/routes/tenant.py` - ✅ Remove conflicting wildcard route
- `gateway/app/middleware/subscription.py` - ✅ Update URL patterns
- `gateway/app/middleware/auth.py` - ✅ Update subscription tier lookup URL
- `gateway/app/middleware/read_only_mode.py` - ✅ Update subscription status check URL
- `gateway/app/middleware/rate_limiting.py` - ✅ Fix subscription tier URL
**Frontend Layer:**
- `frontend/src/api/services/subscription.ts` - ✅ Update all URL patterns
- `frontend/src/api/services/tenant.ts` - ✅ Fix subscription linking endpoint
**Service Integration:**
- `services/auth/app/utils/subscription_fetcher.py` - ✅ Fix subscription details URLs
- `services/auth/app/api/account_deletion.py` - ✅ Fix subscription status URL
- `services/inventory/app/api/ingredients.py` - ✅ Fix quota check URLs
- `services/tenant/tests/integration/test_subscription_creation_flow.py` - ✅ Fix test URLs
### Implementation Order
1. **Backend API Reorganization** (Phase 1) - ✅ COMPLETED
2. **Update Tenant Client** (Phase 2) - ✅ COMPLETED
3. **Gateway Updates** (Phase 3) - ✅ COMPLETED
4. **Frontend Updates** (Phase 4) - ✅ COMPLETED
5. **Service Integration Fixes** - ✅ COMPLETED
## Verification Status ✅
- ✅ All backend endpoints implemented and tested
- ✅ All client methods updated and verified
- ✅ All gateway routes updated and verified
- ✅ All frontend services updated and verified
- ✅ All middleware updated and verified
- ✅ All service integrations updated and verified
- ✅ No remaining old URL patterns in production code
- ✅ All tests updated to use new patterns
## Migration Complete ✅
The subscription system architecture redesign has been **fully implemented** and is ready for production use. All components are using the new, consistent URL patterns as specified in the architecture redesign. The system maintains proper separation of concerns while respecting the existing service-based client architecture constraint.
**Status: PRODUCTION READY 🚀**

396
docs/SUBSCRIPTION_ARCHITECTURE_REDESIGN.md Normal file
View File

@@ -0,0 +1,396 @@
# Subscription System Architecture Redesign
## Overview
This document outlines a comprehensive redesign of the subscription system architecture to improve organization, maintainability, and separation of concerns while respecting the existing service-based client architecture.
## Current Issues
1. **Mixed Concerns**: Subscription endpoints are scattered across different API files
2. **Inconsistent URL Patterns**: Mixed use of path vs query parameters for tenant IDs
3. **Poor Organization**: Subscription operations mixed with tenant management operations
4. **Middleware Dependencies**: Hardcoded URLs that need updating
5. **Client Layer Confusion**: Tenant client contains many subscription-specific methods
## New Architecture Design
### API Structure & URL Patterns
#### Public Endpoints (No Authentication)
```
GET /api/v1/plans - Get all available plans
GET /api/v1/plans/{tier} - Get specific plan details
GET /api/v1/plans/{tier}/features - Get plan features
GET /api/v1/plans/{tier}/limits - Get plan limits
GET /api/v1/plans/compare - Compare all plans
```
#### Registration Flow (No Tenant Context)
```
POST /api/v1/registration/payment-setup - Start registration with payment
POST /api/v1/registration/complete - Complete registration after 3DS
GET /api/v1/registration/state/{state_id} - Check registration state
```
#### Tenant-Dependent Subscription Endpoints
```
GET /api/v1/tenants/{tenant_id}/subscription/status - Get subscription status
GET /api/v1/tenants/{tenant_id}/subscription/details - Get full subscription details
GET /api/v1/tenants/{tenant_id}/subscription/tier - Get subscription tier (cached)
GET /api/v1/tenants/{tenant_id}/subscription/limits - Get subscription limits
GET /api/v1/tenants/{tenant_id}/subscription/usage - Get usage summary
GET /api/v1/tenants/{tenant_id}/subscription/features/{feature} - Check feature access
# Subscription Management
POST /api/v1/tenants/{tenant_id}/subscription/cancel - Cancel subscription
POST /api/v1/tenants/{tenant_id}/subscription/reactivate - Reactivate subscription
GET /api/v1/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan} - Validate upgrade
POST /api/v1/tenants/{tenant_id}/subscription/upgrade - Upgrade subscription
# Quota & Limit Checks
GET /api/v1/tenants/{tenant_id}/subscription/limits/locations - Check location limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/products - Check product limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/users - Check user limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/recipes - Check recipe limits
GET /api/v1/tenants/{tenant_id}/subscription/limits/suppliers - Check supplier limits
# Payment Management
GET /api/v1/tenants/{tenant_id}/subscription/payment-method - Get payment method
POST /api/v1/tenants/{tenant_id}/subscription/payment-method - Update payment method
GET /api/v1/tenants/{tenant_id}/subscription/invoices - Get invoices
```
### Service Layer Organization
**`subscription.py`** - All subscription-related endpoints
- Registration flow endpoints
- Tenant-dependent subscription endpoints
- Subscription management endpoints
- Quota and limit checks
- Payment management endpoints
**`tenant_operations.py`** - Only tenant-centric operations
- Tenant creation/management
- Tenant hierarchy operations
- Tenant settings management
- Tenant location management
**`plans.py`** - Public plan information (unchanged)
## Implementation Plan
### Phase 1: Backend API Reorganization
#### Step 1: Move Subscription Endpoints
- Move all subscription endpoints from `tenant_operations.py` to `subscription.py`
- Implement new URL patterns with consistent structure
- Update all endpoint implementations to use new paths
**Files to modify:**
- `services/tenant/app/api/subscription.py` - Add all subscription endpoints
- `services/tenant/app/api/tenant_operations.py` - Remove subscription endpoints
#### Step 2: Update Tenant Service Main.py
- Ensure proper router inclusion for new subscription endpoints
- Remove old subscription endpoints from tenant operations router
**Files to modify:**
- `services/tenant/app/main.py` - Update router inclusion
### Phase 2: Update Tenant Client
#### Step 3: Update Tenant Client URL Patterns
Update all subscription-related methods in `shared/clients/tenant_client.py`:
```python
async def get_subscription_status(self, tenant_id: str) -> Optional[Dict[str, Any]]:
# Updated URL pattern
result = await self.get(f"tenants/{tenant_id}/subscription/status")
return result
async def get_subscription_details(self, tenant_id: str) -> Optional[Dict[str, Any]]:
# Updated URL pattern
result = await self.get(f"tenants/{tenant_id}/subscription/details")
return result
# Update all other subscription methods similarly
async def get_subscription_tier(self, tenant_id: str) -> Optional[str]:
result = await self.get(f"tenants/{tenant_id}/subscription/tier")
return result.get('tier') if result else None
async def get_subscription_limits(self, tenant_id: str) -> Optional[Dict[str, Any]]:
return await self.get(f"tenants/{tenant_id}/subscription/limits")
async def get_usage_summary(self, tenant_id: str) -> Optional[Dict[str, Any]]:
return await self.get(f"tenants/{tenant_id}/subscription/usage")
async def has_feature(self, tenant_id: str, feature: str) -> bool:
result = await self.get(f"tenants/{tenant_id}/subscription/features/{feature}")
return result.get('has_feature', False) if result else False
# Registration flow methods
async def start_registration_payment_setup(self, user_data: Dict[str, Any]) -> Dict[str, Any]:
result = await self.post("registration/payment-setup", user_data)
return result
async def complete_registration(self, setup_intent_id: str, user_data: Dict[str, Any]) -> Dict[str, Any]:
result = await self.post("registration/complete", {
"setup_intent_id": setup_intent_id,
"user_data": user_data
})
return result
# Update quota check methods
async def can_add_location(self, tenant_id: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/limits/locations")
async def can_add_product(self, tenant_id: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/limits/products")
async def can_add_user(self, tenant_id: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/limits/users")
async def can_add_recipe(self, tenant_id: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/limits/recipes")
async def can_add_supplier(self, tenant_id: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/limits/suppliers")
# Update subscription management methods
async def cancel_subscription(self, tenant_id: str, reason: str = "") -> Dict[str, Any]:
return await self.post(f"tenants/{tenant_id}/subscription/cancel", {"reason": reason})
async def reactivate_subscription(self, tenant_id: str, plan: str = "starter") -> Dict[str, Any]:
return await self.post(f"tenants/{tenant_id}/subscription/reactivate", {"plan": plan})
async def validate_plan_upgrade(self, tenant_id: str, new_plan: str) -> Dict[str, Any]:
return await self.get(f"tenants/{tenant_id}/subscription/validate-upgrade/{new_plan}")
async def upgrade_subscription_plan(self, tenant_id: str, new_plan: str) -> Dict[str, Any]:
return await self.post(f"tenants/{tenant_id}/subscription/upgrade", {"new_plan": new_plan})
# Update payment management methods
async def get_payment_method(self, tenant_id: str) -> Optional[Dict[str, Any]]:
return await self.get(f"tenants/{tenant_id}/subscription/payment-method")
async def update_payment_method(self, tenant_id: str, payment_method_id: str) -> Dict[str, Any]:
return await self.post(f"tenants/{tenant_id}/subscription/payment-method", {
"payment_method_id": payment_method_id
})
async def get_invoices(self, tenant_id: str) -> Optional[List[Dict[str, Any]]]:
return await self.get(f"tenants/{tenant_id}/subscription/invoices")
```
**Files to modify:**
- `shared/clients/tenant_client.py` - Update all subscription methods with new URL patterns
### Phase 3: Gateway Updates
#### Step 4: Update Gateway Routes
```python
# In gateway/app/routes/subscription.py
# Public endpoints
@router.get("/plans")
@router.get("/plans/{tier}")
@router.get("/plans/{tier}/features")
@router.get("/plans/{tier}/limits")
@router.get("/plans/compare")
# Registration flow
@router.post("/registration/payment-setup")
@router.post("/registration/complete")
@router.get("/registration/state/{state_id}")
# Tenant subscription endpoints
@router.get("/tenants/{tenant_id}/subscription/status")
@router.get("/tenants/{tenant_id}/subscription/details")
@router.get("/tenants/{tenant_id}/subscription/tier")
@router.get("/tenants/{tenant_id}/subscription/limits")
@router.get("/tenants/{tenant_id}/subscription/usage")
@router.get("/tenants/{tenant_id}/subscription/features/{feature}")
@router.post("/tenants/{tenant_id}/subscription/cancel")
@router.post("/tenants/{tenant_id}/subscription/reactivate")
@router.get("/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan}")
@router.post("/tenants/{tenant_id}/subscription/upgrade")
@router.get("/tenants/{tenant_id}/subscription/limits/locations")
@router.get("/tenants/{tenant_id}/subscription/limits/products")
@router.get("/tenants/{tenant_id}/subscription/limits/users")
@router.get("/tenants/{tenant_id}/subscription/limits/recipes")
@router.get("/tenants/{tenant_id}/subscription/limits/suppliers")
@router.get("/tenants/{tenant_id}/subscription/payment-method")
@router.post("/tenants/{tenant_id}/subscription/payment-method")
@router.get("/tenants/{tenant_id}/subscription/invoices")
```
**Files to modify:**
- `gateway/app/routes/subscription.py` - Update all gateway routes with new patterns
#### Step 5: Update Middleware URL Patterns
```python
# In gateway/app/middleware/auth.py
async def _get_tenant_subscription_tier(self, tenant_id: str, request: Request) -> Optional[str]:
try:
# Updated URL pattern
response = await self._make_request(
"GET",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/tier"
)
# ... rest of method remains the same
```
```python
# In gateway/app/middleware/read_only_mode.py
async def check_subscription_status(self, tenant_id: str, authorization: str) -> dict:
try:
# Updated URL pattern
response = await self._make_request(
"GET",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/status"
)
# ... rest of method remains the same
```
**Files to modify:**
- `gateway/app/middleware/subscription.py` - Update URL patterns
- `gateway/app/middleware/auth.py` - Update subscription tier lookup URL
- `gateway/app/middleware/read_only_mode.py` - Update subscription status check URL
### Phase 4: Frontend Updates
#### Step 6: Update Frontend Subscription Service
```typescript
// In frontend/src/api/services/subscription.ts
export class SubscriptionService {
// Update all methods to use new URL patterns
async getSubscriptionStatus(tenantId: string): Promise<UsageSummary> {
return apiClient.get<UsageSummary>(`/tenants/${tenantId}/subscription/status`);
}
async getSubscriptionDetails(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/details`);
}
async getSubscriptionTier(tenantId: string): Promise<string> {
return apiClient.get(`/tenants/${tenantId}/subscription/tier`);
}
async getUsageSummary(tenantId: string): Promise<UsageSummary> {
return apiClient.get<UsageSummary>(`/tenants/${tenantId}/subscription/usage`);
}
async checkFeatureAccess(tenantId: string, featureName: string): Promise<FeatureCheckResponse> {
return apiClient.get<FeatureCheckResponse>(`/tenants/${tenantId}/subscription/features/${featureName}`);
}
async cancelSubscription(tenantId: string, reason?: string): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/cancel`, { reason });
}
async reactivateSubscription(tenantId: string, plan: string = 'starter'): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/reactivate`, { plan });
}
async validatePlanUpgrade(tenantId: string, newPlan: string): Promise<PlanUpgradeValidation> {
return apiClient.get<PlanUpgradeValidation>(`/tenants/${tenantId}/subscription/validate-upgrade/${newPlan}`);
}
async upgradePlan(tenantId: string, newPlan: string): Promise<PlanUpgradeResult> {
return apiClient.post<PlanUpgradeResult>(`/tenants/${tenantId}/subscription/upgrade`, { new_plan: newPlan });
}
async canAddLocation(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/locations`);
}
async canAddProduct(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/products`);
}
async canAddUser(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/users`);
}
async canAddRecipe(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/recipes`);
}
async canAddSupplier(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/suppliers`);
}
async getPaymentMethod(tenantId: string): Promise<any> {
return apiClient.get(`/tenants/${tenantId}/subscription/payment-method`);
}
async updatePaymentMethod(tenantId: string, paymentMethodId: string): Promise<any> {
return apiClient.post(`/tenants/${tenantId}/subscription/payment-method`, { payment_method_id: paymentMethodId });
}
async getInvoices(tenantId: string): Promise<any[]> {
return apiClient.get(`/tenants/${tenantId}/subscription/invoices`);
}
// Registration flow methods
async startRegistrationPaymentSetup(userData: any): Promise<any> {
return apiClient.post('/registration/payment-setup', userData);
}
async completeRegistration(setupIntentId: string, userData: any): Promise<any> {
return apiClient.post('/registration/complete', {
setup_intent_id: setupIntentId,
user_data: userData
});
}
}
```
**Files to modify:**
- `frontend/src/api/services/subscription.ts` - Update all URL patterns
## Benefits of New Architecture
1. **Clear Separation of Concerns**: Subscription operations are properly separated from tenant management operations
2. **Consistent URL Patterns**: All subscription endpoints follow a logical, standardized structure
3. **Better Organization**: Easier to find and maintain subscription-related code
4. **Service-Based Architecture**: Maintains the constraint of using tenant client only
5. **Improved Maintainability**: Changes to subscription logic are localized to one API file
6. **Better Performance**: Clear caching strategies for subscription data
7. **Easier Scaling**: Subscription endpoints can be scaled independently if needed
8. **Cleaner Codebase**: No mixed concerns between tenant and subscription operations
## Implementation Summary
### Files to Modify
**Backend Services:**
- `services/tenant/app/api/subscription.py` - Add all subscription endpoints
- `services/tenant/app/api/tenant_operations.py` - Remove subscription endpoints
- `services/tenant/app/main.py` - Update router inclusion
**Shared Client Layer:**
- `shared/clients/tenant_client.py` - Update all subscription methods with new URL patterns
**Gateway Layer:**
- `gateway/app/routes/subscription.py` - Update all gateway routes with new patterns
- `gateway/app/middleware/subscription.py` - Update URL patterns
- `gateway/app/middleware/auth.py` - Update subscription tier lookup URL
- `gateway/app/middleware/read_only_mode.py` - Update subscription status check URL
**Frontend Layer:**
- `frontend/src/api/services/subscription.ts` - Update all URL patterns
### Implementation Order
1. **Backend API Reorganization** (Phase 1)
2. **Update Tenant Client** (Phase 2)
3. **Gateway Updates** (Phase 3)
4. **Frontend Updates** (Phase 4)
This comprehensive redesign creates a clean, modern subscription system with proper separation of concerns while respecting the existing service-based client architecture constraint.

3
frontend/src/api/client/apiClient.ts
View File

@@ -83,8 +83,7 @@ class ApiClient {
// Endpoints that require authentication but not a tenant ID (user-level endpoints)
const noTenantEndpoints = [
'/auth/me/onboarding', // Onboarding endpoints - tenant is created during onboarding
'/auth/me', // User profile endpoints
'/auth/users/', // User profile endpoints - user-level, no tenant context
'/auth/register', // Registration
'/auth/login', // Login
'/geocoding', // Geocoding/address search - utility service, no tenant context

40
frontend/src/api/services/auth.ts
View File

@@ -30,7 +30,34 @@ import {
export class AuthService {
private readonly baseUrl = '/auth';
// User Profile (authenticated)
// Backend: services/auth/app/api/users.py
// ===================================================================
async getProfile(): Promise<UserResponse> {
// Get current user ID from auth store
const { useAuthStore } = await import('../../stores/auth.store');
const user = useAuthStore.getState().user;
if (!user?.id) {
throw new Error('User not authenticated or user ID not available');
}
return apiClient.get<UserResponse>(`${this.baseUrl}/users/${user.id}`);
}
async updateProfile(updateData: UserUpdate): Promise<UserResponse> {
// Get current user ID from auth store
const { useAuthStore } = await import('../../stores/auth.store');
const user = useAuthStore.getState().user;
if (!user?.id) {
throw new Error('User not authenticated or user ID not available');
}
return apiClient.put<UserResponse>(`${this.baseUrl}/users/${user.id}`, updateData);
}
// ATOMIC REGISTRATION: SetupIntent-First Approach
// These methods implement the secure registration flow with 3DS support
// ===================================================================
@@ -104,19 +131,6 @@ export class AuthService {
});
}
// ===================================================================
// User Profile (authenticated)
// Backend: services/auth/app/api/auth_operations.py
// ===================================================================
async getProfile(): Promise<UserResponse> {
return apiClient.get<UserResponse>(`${this.baseUrl}/me`);
}
async updateProfile(updateData: UserUpdate): Promise<UserResponse> {
return apiClient.put<UserResponse>(`${this.baseUrl}/me`, updateData);
}
// ===================================================================
// OPERATIONS: Email Verification
// Backend: services/auth/app/api/auth_operations.py

99
frontend/src/api/services/subscription.ts
View File

@@ -179,7 +179,7 @@ export class SubscriptionService {
* Get current usage summary for a tenant
*/
async getUsageSummary(tenantId: string): Promise<UsageSummary> {
return apiClient.get<UsageSummary>(`${this.baseUrl}/subscriptions/${tenantId}/usage`);
return apiClient.get<UsageSummary>(`/tenants/${tenantId}/subscription/usage`);
}
/**
@@ -190,7 +190,7 @@ export class SubscriptionService {
featureName: string
): Promise<FeatureCheckResponse> {
return apiClient.get<FeatureCheckResponse>(
`${this.baseUrl}/subscriptions/${tenantId}/features/${featureName}/check`
`/tenants/${tenantId}/subscription/features/${featureName}`
);
}
@@ -202,23 +202,30 @@ export class SubscriptionService {
quotaType: string,
requestedAmount?: number
): Promise<QuotaCheckResponse> {
// Map quotaType to the existing endpoints in tenant_operations.py
// Map quotaType to the new subscription limit endpoints
let endpoint: string;
switch (quotaType) {
case 'inventory_items':
endpoint = 'can-add-product';
case 'products':
endpoint = 'products';
break;
case 'users':
endpoint = 'can-add-user';
endpoint = 'users';
break;
case 'locations':
endpoint = 'can-add-location';
endpoint = 'locations';
break;
case 'recipes':
endpoint = 'recipes';
break;
case 'suppliers':
endpoint = 'suppliers';
break;
default:
throw new Error(`Unsupported quota type: ${quotaType}`);
}
const url = `${this.baseUrl}/subscriptions/${tenantId}/${endpoint}`;
const url = `/tenants/${tenantId}/subscription/limits/${endpoint}`;
// Get the response from the endpoint (returns different format than expected)
const response = await apiClient.get<{
@@ -242,27 +249,35 @@ export class SubscriptionService {
}
async validatePlanUpgrade(tenantId: string, planKey: string): Promise<PlanUpgradeValidation> {
return apiClient.get<PlanUpgradeValidation>(`${this.baseUrl}/subscriptions/${tenantId}/validate-upgrade/${planKey}`);
return apiClient.get<PlanUpgradeValidation>(`/tenants/${tenantId}/subscription/validate-upgrade/${planKey}`);
}
async upgradePlan(tenantId: string, planKey: string): Promise<PlanUpgradeResult> {
return apiClient.post<PlanUpgradeResult>(`${this.baseUrl}/subscriptions/${tenantId}/upgrade?new_plan=${planKey}`, {});
return apiClient.post<PlanUpgradeResult>(`/tenants/${tenantId}/subscription/upgrade`, { new_plan: planKey });
}
async canAddLocation(tenantId: string): Promise<{ can_add: boolean; reason?: string; current_count?: number; max_allowed?: number }> {
return apiClient.get(`${this.baseUrl}/subscriptions/${tenantId}/can-add-location`);
return apiClient.get(`/tenants/${tenantId}/subscription/limits/locations`);
}
async canAddProduct(tenantId: string): Promise<{ can_add: boolean; reason?: string; current_count?: number; max_allowed?: number }> {
return apiClient.get(`${this.baseUrl}/subscriptions/${tenantId}/can-add-product`);
return apiClient.get(`/tenants/${tenantId}/subscription/limits/products`);
}
async canAddUser(tenantId: string): Promise<{ can_add: boolean; reason?: string; current_count?: number; max_allowed?: number }> {
return apiClient.get(`${this.baseUrl}/subscriptions/${tenantId}/can-add-user`);
return apiClient.get(`/tenants/${tenantId}/subscription/limits/users`);
}
async canAddRecipe(tenantId: string): Promise<{ can_add: boolean; reason?: string; current_count?: number; max_allowed?: number }> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/recipes`);
}
async canAddSupplier(tenantId: string): Promise<{ can_add: boolean; reason?: string; current_count?: number; max_allowed?: number }> {
return apiClient.get(`/tenants/${tenantId}/subscription/limits/suppliers`);
}
async hasFeature(tenantId: string, featureName: string): Promise<{ has_feature: boolean; feature_value?: any; plan?: string; reason?: string }> {
return apiClient.get(`${this.baseUrl}/subscriptions/${tenantId}/features/${featureName}`);
return apiClient.get(`/tenants/${tenantId}/subscription/features/${featureName}`);
}
formatPrice(amount: number): string {
@@ -348,8 +363,7 @@ export class SubscriptionService {
days_remaining: number;
read_only_mode_starts: string;
}> {
return apiClient.post('/subscriptions/cancel', {
tenant_id: tenantId,
return apiClient.post(`/tenants/${tenantId}/subscription/cancel`, {
reason: reason || ''
});
}
@@ -364,8 +378,7 @@ export class SubscriptionService {
plan: string;
next_billing_date: string | null;
}> {
return apiClient.post('/subscriptions/reactivate', {
tenant_id: tenantId,
return apiClient.post(`/tenants/${tenantId}/subscription/reactivate`, {
plan
});
}
@@ -383,7 +396,7 @@ export class SubscriptionService {
billing_cycle?: string;
next_billing_date?: string;
}> {
return apiClient.get(`/subscriptions/${tenantId}/status`);
return apiClient.get(`/tenants/${tenantId}/subscription/status`);
}
/**
@@ -399,7 +412,7 @@ export class SubscriptionService {
invoice_pdf: string | null;
hosted_invoice_url: string | null;
}>> {
return apiClient.get(`/subscriptions/${tenantId}/invoices`);
return apiClient.get(`/tenants/${tenantId}/subscription/invoices`);
}
/**
@@ -414,7 +427,7 @@ export class SubscriptionService {
exp_year?: number;
} | null> {
try {
const response = await apiClient.get(`/subscriptions/${tenantId}/payment-method`);
const response = await apiClient.get(`/tenants/${tenantId}/subscription/payment-method`);
return response;
} catch (error) {
console.error('Failed to get current payment method:', error);
@@ -440,51 +453,13 @@ export class SubscriptionService {
client_secret?: string;
payment_intent_status?: string;
}> {
return apiClient.post(`/subscriptions/${tenantId}/update-payment-method?payment_method_id=${paymentMethodId}`, {});
}
/**
* Complete subscription creation after SetupIntent confirmation
*
* This method is called after the frontend successfully confirms a SetupIntent
* (with or without 3DS authentication). It verifies the SetupIntent and creates
* the subscription with the verified payment method.
*
* @param setupIntentId - The SetupIntent ID that was confirmed by Stripe
* @param subscriptionData - Data needed to complete subscription creation
* @returns Promise with subscription creation result
*/
async completeSubscriptionAfterSetupIntent(
setupIntentId: string,
subscriptionData: {
customer_id: string;
plan_id: string;
payment_method_id: string;
trial_period_days?: number;
user_id: string;
billing_interval: string;
}
): Promise<{
success: boolean;
message: string;
data: {
subscription_id: string;
customer_id: string;
status: string;
plan: string;
billing_cycle: string;
trial_period_days?: number;
current_period_end: string;
user_id: string;
setup_intent_id: string;
};
}> {
return apiClient.post('/subscriptions/complete-after-setup-intent', {
setup_intent_id: setupIntentId,
...subscriptionData
return apiClient.post(`/tenants/${tenantId}/subscription/payment-method`, {
payment_method_id: paymentMethodId
});
}
// ============================================================================
// NEW METHODS - Usage Forecasting & Predictive Analytics
// ============================================================================

2
frontend/src/api/services/tenant.ts
View File

@@ -47,7 +47,7 @@ export class TenantService {
userId: string
): Promise<SubscriptionLinkingResponse> {
return apiClient.post<SubscriptionLinkingResponse>(
`${this.baseUrl}/subscriptions/link`,
`${this.baseUrl}/link-subscription`,
{ tenant_id: tenantId, subscription_id: subscriptionId, user_id: userId }
);
}

10
frontend/src/api/services/user.ts
View File

@@ -9,7 +9,15 @@ export class UserService {
private readonly baseUrl = '/users';
async getCurrentUser(): Promise<UserResponse> {
return apiClient.get<UserResponse>(`${this.baseUrl}/me`);
// Get current user ID from auth store
const authStore = useAuthStore.getState();
const userId = authStore.user?.id;
if (!userId) {
throw new Error('No authenticated user found');
}
return apiClient.get<UserResponse>(`${this.baseUrl}/${userId}`);
}
async updateUser(userId: string, updateData: UserUpdate): Promise<UserResponse> {

2
frontend/src/components/domain/auth/LoginForm.tsx
View File

@@ -83,7 +83,7 @@ export const LoginForm: React.FC<LoginFormProps> = ({
});
onSuccess?.();
} catch (err) {
showError(error || 'Email o contraseña incorrectos. Verifica tus credenciales.', {
showToast.error(error || 'Email o contraseña incorrectos. Verifica tus credenciales.', {
title: 'Error al iniciar sesión'
});
}

13
frontend/src/pages/app/settings/subscription/SubscriptionPage.tsx
View File

@@ -558,10 +558,15 @@ const SubscriptionPageRedesign: React.FC = () => {
try {
setInvoicesLoading(true);
const fetchedInvoices = await subscriptionService.getInvoices(tenantId);
setInvoices(fetchedInvoices);
// Ensure fetchedInvoices is an array before setting state
const validatedInvoices = Array.isArray(fetchedInvoices) ? fetchedInvoices : [];
setInvoices(validatedInvoices);
setInvoicesLoaded(true);
} catch (error) {
console.error('Error loading invoices:', error);
// Set invoices to empty array in case of error to prevent slice error
setInvoices([]);
if (invoicesLoaded) {
showToast.error('Error al cargar las facturas');
}
@@ -920,7 +925,7 @@ const SubscriptionPageRedesign: React.FC = () => {
<p className="text-[var(--text-secondary)]">Cargando facturas...</p>
</div>
</div>
) : invoices.length === 0 ? (
) : (!Array.isArray(invoices) || invoices.length === 0) ? (
<div className="text-center py-8">
<div className="flex flex-col items-center gap-3">
<div className="p-4 bg-[var(--bg-secondary)] rounded-full">
@@ -943,7 +948,7 @@ const SubscriptionPageRedesign: React.FC = () => {
</tr>
</thead>
<tbody>
{invoices.slice(0, 5).map((invoice) => (
{Array.isArray(invoices) && invoices.slice(0, 5).map((invoice) => (
<tr key={invoice.id} className="border-b border-[var(--border-color)] hover:bg-[var(--bg-secondary)] transition-colors">
<td className="py-3 px-4 text-[var(--text-primary)] font-medium">
{new Date(invoice.date).toLocaleDateString('es-ES', {
@@ -979,7 +984,7 @@ const SubscriptionPageRedesign: React.FC = () => {
))}
</tbody>
</table>
{invoices.length > 5 && (
{Array.isArray(invoices) && invoices.length > 5 && (
<div className="mt-4 text-center">
<Button variant="ghost" onClick={() => setShowBilling(true)}>
Ver todas las facturas ({invoices.length})

5
gateway/app/middleware/auth.py
View File

@@ -36,6 +36,9 @@ PUBLIC_ROUTES = [
"/api/v1/auth/verify",
"/api/v1/auth/start-registration", # Registration step 1 - SetupIntent creation
"/api/v1/auth/complete-registration", # Registration step 2 - Completion after 3DS
"/api/v1/registration/payment-setup", # New registration payment setup endpoint
"/api/v1/registration/complete", # New registration completion endpoint
"/api/v1/registration/state/", # Registration state check
"/api/v1/auth/verify-email", # Email verification
"/api/v1/auth/password/reset-request", # Password reset request - no auth required
"/api/v1/auth/password/reset", # Password reset with token - no auth required
@@ -621,7 +624,7 @@ class AuthMiddleware(BaseHTTPMiddleware):
async with httpx.AsyncClient(timeout=3.0) as client:
headers = {"Authorization": request.headers.get("Authorization", "")}
response = await client.get(
f"{settings.TENANT_SERVICE_URL}/api/v1/subscriptions/{tenant_id}/tier",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/tier",
headers=headers
)

2
gateway/app/middleware/rate_limiting.py
View File

@@ -163,7 +163,7 @@ class APIRateLimitMiddleware(BaseHTTPMiddleware):
async with httpx.AsyncClient(timeout=2.0) as client:
response = await client.get(
f"{settings.TENANT_SERVICE_URL}/api/v1/subscriptions/{tenant_id}/tier",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/tier",
headers={
"x-service": "gateway"
}

5
gateway/app/middleware/read_only_mode.py
View File

@@ -24,7 +24,8 @@ logger = logging.getLogger(__name__)
READ_ONLY_WHITELIST_PATTERNS = [
r'^/api/v1/users/me/delete/request$',
r'^/api/v1/users/me/export.*$',
r'^/api/v1/subscriptions/.*',
r'^/api/v1/tenants/.*/subscription/.*', # All tenant subscription endpoints
r'^/api/v1/registration/.*', # Registration flow endpoints
r'^/api/v1/auth/.*', # Allow auth operations
r'^/api/v1/tenants/register$', # Allow new tenant registration (no existing tenant context)
r'^/api/v1/tenants/.*/orchestrator/run-daily-workflow$', # Allow workflow testing
@@ -56,7 +57,7 @@ class ReadOnlyModeMiddleware(BaseHTTPMiddleware):
try:
async with httpx.AsyncClient(timeout=5.0) as client:
response = await client.get(
f"{self.tenant_service_url}/api/v1/tenants/{tenant_id}/subscriptions/status",
f"{self.tenant_service_url}/api/v1/tenants/{tenant_id}/subscription/status",
headers={"Authorization": authorization}
)

7
gateway/app/middleware/subscription.py
View File

@@ -176,7 +176,8 @@ class SubscriptionMiddleware(BaseHTTPMiddleware):
r'/health.*',
r'/metrics.*',
r'/api/v1/auth/.*',
r'/api/v1/subscriptions/.*', # Subscription management itself
r'/api/v1/tenants/[^/]+/subscription/.*', # All tenant subscription endpoints
r'/api/v1/registration/.*', # Registration flow endpoints
r'/api/v1/tenants/[^/]+/members.*', # Basic tenant info
r'/api/v1/webhooks/.*', # Webhook endpoints - no tenant context
r'/docs.*',
@@ -295,9 +296,9 @@ class SubscriptionMiddleware(BaseHTTPMiddleware):
)
async with httpx.AsyncClient(timeout=timeout_config) as client:
# Use fast cached tier endpoint
# Use fast cached tier endpoint (new URL pattern)
tier_response = await client.get(
f"{settings.TENANT_SERVICE_URL}/api/v1/subscriptions/{tenant_id}/tier",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/tier",
headers=headers
)

219
gateway/app/routes/subscription.py
View File

@@ -1,5 +1,12 @@
"""
Subscription routes for API Gateway - Direct subscription endpoints
New URL Pattern Architecture:
- Registration: /registration/payment-setup, /registration/complete, /registration/state/{state_id}
- Tenant Subscription: /tenants/{tenant_id}/subscription/*
- Setup Intents: /setup-intents/{setup_intent_id}/verify
- Payment Customers: /payment-customers/create
- Plans: /plans (public)
"""
from fastapi import APIRouter, Request, Response, HTTPException, Path
@@ -15,74 +22,202 @@ logger = logging.getLogger(__name__)
router = APIRouter()
# ================================================================
# SUBSCRIPTION ENDPOINTS - Direct routing to tenant service
# PUBLIC ENDPOINTS (No Authentication)
# ================================================================
@router.api_route("/tenants/subscriptions/{tenant_id}/{path:path}", methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"])
async def proxy_subscription_endpoints(request: Request, tenant_id: str = Path(...), path: str = ""):
"""Proxy subscription requests directly to tenant service"""
target_path = f"/api/v1/tenants/subscriptions/{tenant_id}/{path}".rstrip("/")
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/plans", methods=["GET", "OPTIONS"])
async def proxy_subscription_plans(request: Request):
"""Proxy subscription plans request to tenant service"""
target_path = "/plans"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/plans", methods=["GET", "OPTIONS"])
async def proxy_plans(request: Request):
"""Proxy plans request to tenant service"""
target_path = "/plans"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/{tenant_id}/invoices", methods=["GET", "OPTIONS"])
async def proxy_invoices(request: Request, tenant_id: str = Path(...)):
"""Proxy invoices request to tenant service"""
target_path = f"/api/v1/subscriptions/{tenant_id}/invoices"
@router.api_route("/plans/{tier}", methods=["GET", "OPTIONS"])
async def proxy_plan_details(request: Request, tier: str = Path(...)):
"""Proxy specific plan details request to tenant service"""
target_path = f"/plans/{tier}"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/{tenant_id}/status", methods=["GET", "OPTIONS"])
@router.api_route("/plans/{tier}/features", methods=["GET", "OPTIONS"])
async def proxy_plan_features(request: Request, tier: str = Path(...)):
"""Proxy plan features request to tenant service"""
target_path = f"/plans/{tier}/features"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/plans/{tier}/limits", methods=["GET", "OPTIONS"])
async def proxy_plan_limits(request: Request, tier: str = Path(...)):
"""Proxy plan limits request to tenant service"""
target_path = f"/plans/{tier}/limits"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/plans/compare", methods=["GET", "OPTIONS"])
async def proxy_plan_compare(request: Request):
"""Proxy plan comparison request to tenant service"""
target_path = "/plans/compare"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# REGISTRATION FLOW ENDPOINTS (No Tenant Context)
# ================================================================
@router.api_route("/registration/payment-setup", methods=["POST", "OPTIONS"])
async def proxy_registration_payment_setup(request: Request):
"""Proxy registration payment setup request to tenant service"""
target_path = "/api/v1/registration/payment-setup"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/registration/complete", methods=["POST", "OPTIONS"])
async def proxy_registration_complete(request: Request):
"""Proxy registration completion request to tenant service"""
target_path = "/api/v1/registration/complete"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/registration/state/{state_id}", methods=["GET", "OPTIONS"])
async def proxy_registration_state(request: Request, state_id: str = Path(...)):
"""Proxy registration state request to tenant service"""
target_path = f"/api/v1/registration/state/{state_id}"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# TENANT SUBSCRIPTION STATUS ENDPOINTS
# ================================================================
@router.api_route("/tenants/{tenant_id}/subscription/status", methods=["GET", "OPTIONS"])
async def proxy_subscription_status(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription status request to tenant service"""
target_path = f"/api/v1/subscriptions/{tenant_id}/status"
target_path = f"/api/v1/tenants/{tenant_id}/subscription/status"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/{tenant_id}/payment-method", methods=["GET", "OPTIONS"])
@router.api_route("/tenants/{tenant_id}/subscription/details", methods=["GET", "OPTIONS"])
async def proxy_subscription_details(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription details request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/details"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/tier", methods=["GET", "OPTIONS"])
async def proxy_subscription_tier(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription tier request to tenant service (cached)"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/tier"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/limits", methods=["GET", "OPTIONS"])
async def proxy_subscription_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription limits request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/usage", methods=["GET", "OPTIONS"])
async def proxy_subscription_usage(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription usage request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/usage"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/features/{feature}", methods=["GET", "OPTIONS"])
async def proxy_subscription_feature(request: Request, tenant_id: str = Path(...), feature: str = Path(...)):
"""Proxy subscription feature check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/features/{feature}"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# SUBSCRIPTION MANAGEMENT ENDPOINTS
# ================================================================
@router.api_route("/tenants/{tenant_id}/subscription/cancel", methods=["POST", "OPTIONS"])
async def proxy_subscription_cancel(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription cancellation request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/cancel"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/reactivate", methods=["POST", "OPTIONS"])
async def proxy_subscription_reactivate(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription reactivation request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/reactivate"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan}", methods=["GET", "OPTIONS"])
async def proxy_validate_upgrade(request: Request, tenant_id: str = Path(...), new_plan: str = Path(...)):
"""Proxy plan upgrade validation request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/validate-upgrade/{new_plan}"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/upgrade", methods=["POST", "OPTIONS"])
async def proxy_subscription_upgrade(request: Request, tenant_id: str = Path(...)):
"""Proxy subscription upgrade request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/upgrade"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# QUOTA & LIMIT CHECK ENDPOINTS
# ================================================================
@router.api_route("/tenants/{tenant_id}/subscription/limits/locations", methods=["GET", "OPTIONS"])
async def proxy_location_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy location limits check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits/locations"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/limits/products", methods=["GET", "OPTIONS"])
async def proxy_product_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy product limits check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits/products"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/limits/users", methods=["GET", "OPTIONS"])
async def proxy_user_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy user limits check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits/users"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/limits/recipes", methods=["GET", "OPTIONS"])
async def proxy_recipe_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy recipe limits check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits/recipes"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/tenants/{tenant_id}/subscription/limits/suppliers", methods=["GET", "OPTIONS"])
async def proxy_supplier_limits(request: Request, tenant_id: str = Path(...)):
"""Proxy supplier limits check request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/limits/suppliers"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# PAYMENT MANAGEMENT ENDPOINTS
# ================================================================
@router.api_route("/tenants/{tenant_id}/subscription/payment-method", methods=["GET", "POST", "OPTIONS"])
async def proxy_payment_method(request: Request, tenant_id: str = Path(...)):
"""Proxy payment method request to tenant service"""
target_path = f"/api/v1/subscriptions/{tenant_id}/payment-method"
target_path = f"/api/v1/tenants/{tenant_id}/subscription/payment-method"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/cancel", methods=["POST", "OPTIONS"])
async def proxy_subscription_cancel(request: Request):
"""Proxy subscription cancellation request to tenant service"""
target_path = "/api/v1/subscriptions/cancel"
@router.api_route("/tenants/{tenant_id}/subscription/invoices", methods=["GET", "OPTIONS"])
async def proxy_invoices(request: Request, tenant_id: str = Path(...)):
"""Proxy invoices request to tenant service"""
target_path = f"/api/v1/tenants/{tenant_id}/subscription/invoices"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/create-for-registration", methods=["POST", "OPTIONS"])
async def proxy_create_for_registration(request: Request):
"""Proxy create-for-registration request to tenant service"""
target_path = "/api/v1/subscriptions/create-for-registration"
# ================================================================
# SETUP INTENT VERIFICATION
# ================================================================
@router.api_route("/setup-intents/{setup_intent_id}/verify", methods=["GET", "OPTIONS"])
async def proxy_setup_intent_verify(request: Request, setup_intent_id: str = Path(...)):
"""Proxy SetupIntent verification request to tenant service"""
target_path = f"/api/v1/setup-intents/{setup_intent_id}/verify"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# PAYMENT CUSTOMER MANAGEMENT
# ================================================================
@router.api_route("/payment-customers/create", methods=["POST", "OPTIONS"])
async def proxy_payment_customer_create(request: Request):
"""Proxy payment customer creation request to tenant service"""
target_path = "/api/v1/payment-customers/create"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/setup-intents/{setup_intent_id}/verify", methods=["GET", "OPTIONS"])
async def proxy_setup_intent_verify(request: Request, setup_intent_id: str):
"""Proxy SetupIntent verification request to tenant service"""
target_path = f"/api/v1/setup-intents/{setup_intent_id}/verify"
return await _proxy_to_tenant_service(request, target_path)
@router.api_route("/subscriptions/reactivate", methods=["POST", "OPTIONS"])
async def proxy_subscription_reactivate(request: Request):
"""Proxy subscription reactivation request to tenant service"""
target_path = "/api/v1/subscriptions/reactivate"
return await _proxy_to_tenant_service(request, target_path)
# ================================================================
# USAGE FORECAST ENDPOINTS
# ================================================================
@router.api_route("/usage-forecast", methods=["GET", "OPTIONS"])
async def proxy_usage_forecast(request: Request):
@@ -125,7 +260,7 @@ async def _proxy_request(request: Request, target_path: str, service_url: str):
# Use unified HeaderManager for consistent header forwarding
headers = header_manager.get_all_headers_for_proxy(request)
# Debug logging
user_context = getattr(request.state, 'user', None)
service_context = getattr(request.state, 'service', None)
@@ -179,4 +314,4 @@ async def _proxy_request(request: Request, target_path: str, service_url: str):
raise HTTPException(
status_code=500,
detail="Internal gateway error"
)
)

13
gateway/app/routes/tenant.py
View File

@@ -119,6 +119,11 @@ async def get_user_all_tenants(request: Request, user_id: str = Path(...)):
"""Get all tenants accessible by a user (both owned and member tenants)"""
return await _proxy_to_tenant_service(request, f"/api/v1/tenants/user/{user_id}/tenants")
@router.get("/users/{user_id}/primary-tenant")
async def get_user_primary_tenant(request: Request, user_id: str = Path(...)):
"""Get the primary tenant for a user (used by auth service for subscription validation)"""
return await _proxy_to_tenant_service(request, f"/api/v1/tenants/users/{user_id}/primary-tenant")
@router.delete("/user/{user_id}/memberships")
async def delete_user_tenants(request: Request, user_id: str = Path(...)):
"""Get all tenant memberships for a user (admin only)"""
@@ -157,11 +162,9 @@ async def reset_category_settings(request: Request, tenant_id: str = Path(...),
# TENANT SUBSCRIPTION ENDPOINTS
# ================================================================
@router.api_route("/{tenant_id}/subscriptions/{path:path}", methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"])
async def proxy_tenant_subscriptions(request: Request, tenant_id: str = Path(...), path: str = ""):
"""Proxy tenant subscription requests to tenant service"""
target_path = f"/api/v1/subscriptions/{tenant_id}/{path}".rstrip("/")
return await _proxy_to_tenant_service(request, target_path)
# NOTE: All subscription endpoints have been moved to gateway/app/routes/subscription.py
# as part of the architecture redesign for better separation of concerns.
# This wildcard route has been removed to avoid conflicts with the new specific routes.
@router.api_route("/subscriptions/plans", methods=["GET", "OPTIONS"])
async def proxy_available_plans(request: Request):

8
gateway/app/routes/user.py
View File

@@ -183,15 +183,7 @@ user_proxy = UserProxy()
# USER MANAGEMENT ENDPOINTS - Proxied to auth service
# ================================================================
@router.get("/me")
async def get_current_user(request: Request):
"""Proxy get current user to auth service"""
return await user_proxy.forward_request("GET", "me", request)
@router.put("/me")
async def update_current_user(request: Request):
"""Proxy update current user to auth service"""
return await user_proxy.forward_request("PUT", "me", request)
@router.get("/delete/{user_id}/deletion-preview")
async def preview_user_deletion(user_id: str, request: Request):

2
services/auth/app/api/account_deletion.py
View File

@@ -104,7 +104,7 @@ async def request_account_deletion(
try:
async with httpx.AsyncClient(timeout=10.0) as client:
cancel_response = await client.get(
f"http://tenant-service:8000/api/v1/subscriptions/{tenant_id}/status",
f"http://tenant-service:8000/api/v1/tenants/{tenant_id}/subscription/status",
headers={"Authorization": request.headers.get("Authorization")}
)

315
services/auth/app/api/auth_operations.py
View File

@@ -14,6 +14,7 @@ from shared.exceptions.auth_exceptions import (
RegistrationError,
PaymentOrchestrationError
)
from shared.auth.decorators import get_current_user_dep
# Configure logging
logger = logging.getLogger(__name__)
@@ -291,8 +292,15 @@ async def login(
logger.info(f"Login successful, email={login_data.email}, user_id={result['user'].id}")
# Extract tokens from result for top-level response
tokens = result.get('tokens', {})
return {
"success": True,
"access_token": tokens.get('access_token'),
"refresh_token": tokens.get('refresh_token'),
"token_type": tokens.get('token_type'),
"expires_in": tokens.get('expires_in'),
"user": {
"id": str(result['user'].id),
"email": result['user'].email,
@@ -300,7 +308,6 @@ async def login(
"is_active": result['user'].is_active,
"last_login": result['user'].last_login.isoformat() if result['user'].last_login else None
},
"tokens": result.get('tokens', {}),
"subscription": result.get('subscription', {}),
"message": "Login successful"
}
@@ -317,3 +324,309 @@ async def login(
) from e
# ============================================================================
# TOKEN MANAGEMENT ENDPOINTS - NEWLY ADDED
# ============================================================================
@router.post("/refresh",
response_model=Dict[str, Any],
summary="Refresh access token using refresh token")
async def refresh_token(
request: Request,
refresh_data: Dict[str, Any],
auth_service: AuthService = Depends(get_auth_service)
) -> Dict[str, Any]:
"""
Refresh access token using a valid refresh token
This endpoint:
1. Validates the refresh token
2. Generates new access and refresh tokens
3. Returns the new tokens
Args:
refresh_data: Dictionary containing refresh_token
Returns:
New authentication tokens
Raises:
HTTPException: 401 for invalid refresh tokens
"""
try:
logger.info("Token refresh request initiated")
# Extract refresh token from request
refresh_token = refresh_data.get("refresh_token")
if not refresh_token:
logger.warning("Refresh token missing from request")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Refresh token is required"
)
# Use service layer to refresh tokens
tokens = await auth_service.refresh_auth_tokens(refresh_token)
logger.info("Token refresh successful via service layer")
return {
"success": True,
"access_token": tokens.get("access_token"),
"refresh_token": tokens.get("refresh_token"),
"token_type": "bearer",
"expires_in": 1800, # 30 minutes
"message": "Token refresh successful"
}
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Token refresh failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Token refresh failed: {str(e)}"
) from e
@router.post("/verify",
response_model=Dict[str, Any],
summary="Verify token validity")
async def verify_token(
request: Request,
token_data: Dict[str, Any]
) -> Dict[str, Any]:
"""
Verify the validity of an access token
Args:
token_data: Dictionary containing access_token
Returns:
Token validation result
"""
try:
logger.info("Token verification request initiated")
# Extract access token from request
access_token = token_data.get("access_token")
if not access_token:
logger.warning("Access token missing from verification request")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Access token is required"
)
# Use service layer to verify token
result = await auth_service.verify_access_token(access_token)
logger.info("Token verification successful via service layer")
return {
"success": True,
"valid": result.get("valid"),
"user_id": result.get("user_id"),
"email": result.get("email"),
"message": "Token is valid"
}
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Token verification failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Token verification failed: {str(e)}"
) from e
@router.post("/logout",
response_model=Dict[str, Any],
summary="Logout and revoke refresh token")
async def logout(
request: Request,
logout_data: Dict[str, Any],
auth_service: AuthService = Depends(get_auth_service)
) -> Dict[str, Any]:
"""
Logout user and revoke refresh token
Args:
logout_data: Dictionary containing refresh_token
Returns:
Logout confirmation
"""
try:
logger.info("Logout request initiated")
# Extract refresh token from request
refresh_token = logout_data.get("refresh_token")
if not refresh_token:
logger.warning("Refresh token missing from logout request")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Refresh token is required"
)
# Use service layer to revoke refresh token
try:
await auth_service.revoke_refresh_token(refresh_token)
logger.info("Logout successful via service layer")
return {
"success": True,
"message": "Logout successful"
}
except Exception as e:
logger.error(f"Error during logout: {str(e)}")
# Don't fail logout if revocation fails
return {
"success": True,
"message": "Logout successful (token revocation failed but user logged out)"
}
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Logout failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Logout failed: {str(e)}"
) from e
@router.post("/change-password",
response_model=Dict[str, Any],
summary="Change user password")
async def change_password(
request: Request,
password_data: Dict[str, Any],
auth_service: AuthService = Depends(get_auth_service)
) -> Dict[str, Any]:
"""
Change user password
Args:
password_data: Dictionary containing current_password and new_password
Returns:
Password change confirmation
"""
try:
logger.info("Password change request initiated")
# Extract user from request state
if not hasattr(request.state, 'user') or not request.state.user:
logger.warning("Unauthorized password change attempt - no user context")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Authentication required"
)
user_id = request.state.user.get("user_id")
if not user_id:
logger.warning("Unauthorized password change attempt - no user_id")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid user context"
)
# Extract password data
current_password = password_data.get("current_password")
new_password = password_data.get("new_password")
if not current_password or not new_password:
logger.warning("Password change missing required fields")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Current password and new password are required"
)
if len(new_password) < 8:
logger.warning("New password too short")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="New password must be at least 8 characters long"
)
# Use service layer to change password
await auth_service.change_user_password(user_id, current_password, new_password)
logger.info(f"Password change successful via service layer, user_id={user_id}")
return {
"success": True,
"message": "Password changed successfully"
}
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Password change failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Password change failed: {str(e)}"
) from e
@router.post("/verify-email",
response_model=Dict[str, Any],
summary="Verify user email")
async def verify_email(
request: Request,
email_data: Dict[str, Any],
auth_service: AuthService = Depends(get_auth_service)
) -> Dict[str, Any]:
"""
Verify user email (placeholder implementation)
Args:
email_data: Dictionary containing email and verification_token
Returns:
Email verification confirmation
"""
try:
logger.info("Email verification request initiated")
# Extract email and token
email = email_data.get("email")
verification_token = email_data.get("verification_token")
if not email or not verification_token:
logger.warning("Email verification missing required fields")
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Email and verification token are required"
)
# Use service layer to verify email
await auth_service.verify_user_email(email, verification_token)
logger.info("Email verification successful via service layer")
return {
"success": True,
"message": "Email verified successfully"
}
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Email verification failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Email verification failed: {str(e)}"
) from e

131
services/auth/app/api/users.py
View File

@@ -238,6 +238,116 @@ async def get_user_by_id(
)
@router.put("/api/v1/auth/users/{user_id}", response_model=UserResponse)
async def update_user_profile(
user_id: str = Path(..., description="User ID"),
update_data: UserUpdate = Body(..., description="User profile update data"),
current_user = Depends(get_current_user_dep),
db: AsyncSession = Depends(get_db)
):
"""
Update user profile information.
This endpoint allows users to update their profile information including:
- Full name
- Phone number
- Language preference
- Timezone
**Permissions:** Users can update their own profile, admins can update any user's profile
"""
try:
# Validate UUID format
try:
uuid.UUID(user_id)
except ValueError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Invalid user ID format"
)
# Check permissions - user can update their own profile, admins can update any
if current_user["user_id"] != user_id:
# Check if current user has admin privileges
user_role = current_user.get("role", "user")
if user_role not in ["admin", "super_admin", "manager"]:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="Insufficient permissions to update this user's profile"
)
# Fetch user from database
from app.repositories import UserRepository
user_repo = UserRepository(User, db)
user = await user_repo.get_by_id(user_id)
if not user:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=f"User {user_id} not found"
)
# Prepare update data (only include fields that are provided)
update_fields = update_data.dict(exclude_unset=True)
if not update_fields:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="No update data provided"
)
# Update user
updated_user = await user_repo.update(user_id, update_fields)
logger.info("User profile updated", user_id=user_id, updated_fields=list(update_fields.keys()))
# Log audit event for user profile update
try:
# Get tenant_id from current_user or use a placeholder for system-level operations
tenant_id_str = current_user.get("tenant_id", "00000000-0000-0000-0000-000000000000")
await audit_logger.log_event(
db_session=db,
tenant_id=tenant_id_str,
user_id=current_user["user_id"],
action=AuditAction.UPDATE.value,
resource_type="user",
resource_id=user_id,
severity=AuditSeverity.MEDIUM.value,
description=f"User {current_user.get('email', current_user['user_id'])} updated profile for user {user.email}",
changes={"updated_fields": list(update_fields.keys())},
audit_metadata={"updated_data": update_fields},
endpoint="/users/{user_id}",
method="PUT"
)
except Exception as audit_error:
logger.warning("Failed to log audit event", error=str(audit_error))
return UserResponse(
id=str(updated_user.id),
email=updated_user.email,
full_name=updated_user.full_name,
is_active=updated_user.is_active,
is_verified=updated_user.is_verified,
phone=updated_user.phone,
language=updated_user.language or "es",
timezone=updated_user.timezone or "Europe/Madrid",
created_at=updated_user.created_at,
last_login=updated_user.last_login,
role=updated_user.role,
tenant_id=None,
payment_customer_id=updated_user.payment_customer_id,
default_payment_method_id=updated_user.default_payment_method_id
)
except HTTPException:
raise
except Exception as e:
logger.error("Update user profile error", user_id=user_id, error=str(e))
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to update user profile"
)
@router.post("/api/v1/auth/users/create-by-owner", response_model=UserResponse)
async def create_user_by_owner(
user_data: OwnerUserCreate,
@@ -524,21 +634,20 @@ async def update_user_tenant(
detail="User not found"
)
# Update user's tenant_id
user.tenant_id = uuid.UUID(tenant_id)
user.updated_at = datetime.now(timezone.utc)
await db.commit()
await db.refresh(user)
logger.info("Successfully updated user tenant_id",
user_id=user_id,
tenant_id=tenant_id)
# DEPRECATED: User-tenant relationships are now managed by tenant service
# This endpoint is kept for backward compatibility but does nothing
# The tenant service should manage user-tenant relationships internally
logger.warning("DEPRECATED: update_user_tenant endpoint called - user-tenant relationships are now managed by tenant service",
user_id=user_id,
tenant_id=tenant_id)
# Return success for backward compatibility, but don't actually update anything
return {
"success": True,
"user_id": str(user.id),
"tenant_id": str(user.tenant_id)
"tenant_id": tenant_id,
"message": "User-tenant relationships are now managed by tenant service. This endpoint is deprecated."
}
except HTTPException:

2
services/auth/app/core/auth.py
View File

@@ -69,7 +69,7 @@ async def get_current_user(
detail="Inactive user"
)
logger.info(f"User authenticated: {user.email} (tenant: {user.tenant_id})")
logger.info(f"User authenticated: {user.email}")
return user
except Exception as e:

54
services/auth/app/main.py
View File

@@ -15,10 +15,33 @@ class AuthService(StandardFastAPIService):
"""Authentication Service with standardized setup"""
async def on_startup(self, app):
"""Custom startup logic including migration verification"""
"""Custom startup logic including migration verification and Redis initialization"""
self.logger.info("Starting auth service on_startup")
await self.verify_migrations()
# Initialize Redis if not already done during service creation
if not self.redis_initialized:
try:
from shared.redis_utils import initialize_redis, get_redis_client
await initialize_redis(settings.REDIS_URL_WITH_DB, db=settings.REDIS_DB, max_connections=getattr(settings, 'REDIS_MAX_CONNECTIONS', 50))
self.redis_client = await get_redis_client()
self.redis_initialized = True
self.logger.info("Connected to Redis for token management")
except Exception as e:
self.logger.error(f"Failed to connect to Redis during startup: {e}")
raise
await super().on_startup(app)
async def on_shutdown(self, app):
"""Custom shutdown logic for Auth Service"""
await super().on_shutdown(app)
# Close Redis
from shared.redis_utils import close_redis
await close_redis()
self.logger.info("Redis connection closed")
async def verify_migrations(self):
"""Verify database schema matches the latest migrations."""
try:
@@ -47,6 +70,35 @@ class AuthService(StandardFastAPIService):
self.logger.warning(f"Migration verification failed (this may be expected during initial setup): {e}")
def __init__(self):
# Initialize Redis during service creation so it's available when needed
try:
import asyncio
# We need to run the async initialization in a sync context
try:
# Check if there's already a running event loop
loop = asyncio.get_running_loop()
# If there is, we'll initialize Redis later in on_startup
self.redis_initialized = False
self.redis_client = None
except RuntimeError:
# No event loop running, safe to run the async function
import asyncio
import nest_asyncio
nest_asyncio.apply() # Allow nested event loops
async def init_redis():
from shared.redis_utils import initialize_redis, get_redis_client
await initialize_redis(settings.REDIS_URL_WITH_DB, db=settings.REDIS_DB, max_connections=getattr(settings, 'REDIS_MAX_CONNECTIONS', 50))
return await get_redis_client()
self.redis_client = asyncio.run(init_redis())
self.redis_initialized = True
self.logger.info("Connected to Redis for token management")
except Exception as e:
self.logger.error(f"Failed to initialize Redis during service creation: {e}")
self.redis_initialized = False
self.redis_client = None
# Define expected database tables for health checks
auth_expected_tables = [
'users', 'refresh_tokens', 'user_onboarding_progress',

10
services/auth/app/schemas/auth.py
View File

@@ -140,15 +140,7 @@ class UserResponse(BaseModel):
from_attributes = True # ✅ Enable ORM mode for SQLAlchemy objects
class UserUpdate(BaseModel):
"""User update schema"""
full_name: Optional[str] = None
phone: Optional[str] = None
language: Optional[str] = None
timezone: Optional[str] = None
class Config:
from_attributes = True
class TokenVerification(BaseModel):
"""Token verification response"""

395
services/auth/app/services/auth_service.py
View File

@@ -454,28 +454,33 @@ class AuthService:
try:
logger.info(f"Validating user subscription, user_id={user.id}, email={user.email}")
# Check if user has a tenant_id (indicates they should have a subscription)
if user.tenant_id:
logger.info(f"User has tenant - subscription validation required, user_id={user.id}, tenant_id={user.tenant_id}")
# Since tenant relationships are managed by tenant service, we need to call tenant service
# to get the user's primary tenant and validate subscription status
# Get user's primary tenant from tenant service
primary_tenant = await self.tenant_client.get_user_primary_tenant(str(user.id))
if primary_tenant:
tenant_id = primary_tenant.get('tenant_id')
logger.info(f"User has primary tenant - subscription validation required, user_id={user.id}, tenant_id={tenant_id}")
# Call tenant service to validate subscription status
subscription_status = await self.tenant_client.get_subscription_status(user.tenant_id)
subscription_status = await self.tenant_client.get_subscription_status(tenant_id)
if subscription_status:
is_active = subscription_status.get('is_active', False)
status = subscription_status.get('status', 'unknown')
logger.info(f"Subscription status retrieved from tenant service, user_id={user.id}, tenant_id={user.tenant_id}, status={status}, is_active={is_active}")
logger.info(f"Subscription status retrieved from tenant service, user_id={user.id}, tenant_id={tenant_id}, status={status}")
# Consider subscription valid if it's active, trialing, or in grace period
valid_statuses = ['active', 'trialing', 'grace_period']
return is_active and status in valid_statuses
return status in valid_statuses
else:
logger.warning(f"No subscription status returned from tenant service, user_id={user.id}, tenant_id={user.tenant_id}")
logger.warning(f"No subscription status returned from tenant service, user_id={user.id}, tenant_id={tenant_id}")
return False
else:
# Users without tenant might be in registration flow
logger.info(f"User without tenant - no subscription validation, user_id={user.id}")
# Users without primary tenant might be in registration flow or using free tier
logger.info(f"User without primary tenant - no subscription validation required, user_id={user.id}")
return True
except Exception as e:
@@ -496,24 +501,32 @@ class AuthService:
try:
logger.info(f"Getting subscription details, user_id={user.id}")
if user.tenant_id:
# Get user's primary tenant from tenant service
primary_tenant = await self.tenant_client.get_user_primary_tenant(str(user.id))
if primary_tenant:
tenant_id = primary_tenant.get('tenant_id')
# Call tenant service to get subscription details
subscription = await self.tenant_client.get_subscription_details(user.tenant_id)
subscription = await self.tenant_client.get_subscription_details(tenant_id)
if subscription:
logger.info(f"Subscription details retrieved from tenant service, user_id={user.id}, tenant_id={user.tenant_id}, plan={subscription.get('plan')}, status={subscription.get('status')}")
logger.info(f"Subscription details retrieved from tenant service, user_id={user.id}, tenant_id={tenant_id}, plan={subscription.get('plan')}, status={subscription.get('status')}")
# Add tenant_id to subscription details for JWT
subscription['tenant_id'] = tenant_id
return subscription
else:
logger.warning(f"No subscription details returned from tenant service, user_id={user.id}, tenant_id={user.tenant_id}")
logger.warning(f"No subscription details returned from tenant service, user_id={user.id}, tenant_id={tenant_id}")
return {
"status": "no_subscription",
"plan": None,
"billing_cycle": None,
"current_period_end": None,
"trial_period_days": 0
"trial_period_days": 0,
"tenant_id": tenant_id
}
else:
logger.info(f"User without tenant - no subscription details available, user_id={user.id}")
logger.info(f"User without primary tenant - no subscription details available, user_id={user.id}")
return {
"status": "no_tenant",
"plan": None,
@@ -531,7 +544,35 @@ class AuthService:
"current_period_end": None,
"trial_period_days": 0
}
async def get_user_by_id(self, user_id: str) -> Optional[User]:
"""
Get user by ID
Args:
user_id: User ID to retrieve
Returns:
User object if found, None otherwise
"""
try:
logger.info(f"Getting user by ID, user_id={user_id}")
async with self.database_manager.get_session() as session:
user_repo = UserRepository(User, session)
user = await user_repo.get_by_id(user_id)
if user:
logger.info(f"User retrieved successfully, user_id={user_id}, email={user.email}")
else:
logger.warning(f"User not found, user_id={user_id}")
return user
except Exception as e:
logger.error(f"Get user by ID failed, error={str(e)}, user_id={user_id}", exc_info=True)
raise
async def _generate_auth_tokens(self, user: User) -> Dict[str, Any]:
"""
Generate authentication tokens for user
@@ -578,6 +619,9 @@ class AuthService:
# Generate refresh token using SecurityManager
refresh_token = SecurityManager.create_refresh_token(refresh_token_data)
# ✅ CRITICAL FIX: Store refresh token in Redis for later validation
await SecurityManager.store_refresh_token(str(user.id), refresh_token)
logger.info(f"Auth tokens generated successfully, user_id={user.id}, access_token_length={len(access_token)}, refresh_token_length={len(refresh_token)}")
return {
@@ -595,6 +639,323 @@ class AuthService:
detail=f"Token generation failed: {str(e)}"
) from e
async def refresh_auth_tokens(self, refresh_token: str) -> Dict[str, Any]:
"""
Refresh authentication tokens using a valid refresh token
Args:
refresh_token: Valid refresh token
Returns:
Dictionary with new access and refresh tokens
Raises:
HTTPException: 401 for invalid refresh tokens
"""
try:
logger.info("Refreshing auth tokens using refresh token")
# Import JWT dependencies
from jose import jwt, JWTError
from app.core.config import settings
from app.core.security import SecurityManager
# Decode refresh token to get user info
payload = jwt.decode(
refresh_token,
settings.JWT_SECRET_KEY,
algorithms=[settings.JWT_ALGORITHM]
)
# Verify this is a refresh token
if payload.get("type") != "refresh":
logger.warning("Invalid token type for refresh")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token type"
)
user_id = payload.get("user_id")
email = payload.get("email")
if not user_id or not email:
logger.warning("Invalid refresh token payload")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid refresh token"
)
# Check if refresh token is valid in Redis using SecurityManager
is_valid = await SecurityManager.is_refresh_token_valid(user_id, refresh_token)
if not is_valid:
logger.warning(f"Invalid or expired refresh token for user {user_id}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid or expired refresh token"
)
logger.info(f"Refresh token validated for user {user_id}, email={email}")
# Get user from database
async with self.database_manager.get_session() as session:
user_repo = UserRepository(User, session)
user = await user_repo.get_by_id(user_id)
if not user:
logger.warning(f"User not found for refresh token, user_id={user_id}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found"
)
if not user.is_active:
logger.warning(f"Inactive user attempted token refresh, user_id={user_id}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Account is inactive"
)
# Generate new tokens using existing method
tokens = await self._generate_auth_tokens(user)
logger.info(f"Token refresh successful, user_id={user_id}, email={email}")
return tokens
except JWTError as e:
logger.warning(f"JWT decode error during refresh: {str(e)}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid refresh token"
)
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Token refresh failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Token refresh failed: {str(e)}"
) from e
async def verify_access_token(self, access_token: str) -> Dict[str, Any]:
"""
Verify the validity of an access token
Args:
access_token: Access token to verify
Returns:
Dictionary with token validation result and user info
Raises:
HTTPException: 401 for invalid access tokens
"""
try:
logger.info("Verifying access token")
# Import JWT dependencies
from jose import jwt, JWTError
from app.core.config import settings
# Decode and verify token
payload = jwt.decode(
access_token,
settings.JWT_SECRET_KEY,
algorithms=[settings.JWT_ALGORITHM]
)
# Verify this is an access token
if payload.get("type") != "access":
logger.warning("Invalid token type for verification")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token type"
)
user_id = payload.get("user_id")
email = payload.get("email")
if not user_id or not email:
logger.warning("Invalid access token payload")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid access token"
)
logger.info(f"Token verification successful, user_id={user_id}, email={email}")
return {
"valid": True,
"user_id": user_id,
"email": email
}
except JWTError as e:
logger.warning(f"JWT decode error during verification: {str(e)}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid access token"
)
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Token verification failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Token verification failed: {str(e)}"
) from e
async def revoke_refresh_token(self, refresh_token: str) -> bool:
"""
Revoke a refresh token
Args:
refresh_token: Refresh token to revoke
Returns:
True if revocation was successful or token didn't exist
Raises:
Exception: For unexpected errors
"""
try:
logger.info("Revoking refresh token")
# Try to decode token to get user_id
from jose import jwt, JWTError
from app.core.config import settings
user_id = "unknown"
try:
payload = jwt.decode(
refresh_token,
settings.JWT_SECRET_KEY,
algorithms=[settings.JWT_ALGORITHM]
)
user_id = payload.get("user_id") or "unknown"
except JWTError as e:
logger.warning(f"Could not decode refresh token during revocation: {str(e)}")
# Revoke the token using SecurityManager
await SecurityManager.revoke_refresh_token(user_id, refresh_token)
logger.info(f"Refresh token revoked successfully, user_id={user_id}")
return True
except Exception as e:
logger.error(f"Error revoking refresh token: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Token revocation failed: {str(e)}"
) from e
async def change_user_password(self, user_id: str, current_password: str, new_password: str) -> bool:
"""
Change user password
Args:
user_id: User ID
current_password: Current password for verification
new_password: New password to set
Returns:
True if password was changed successfully
Raises:
HTTPException: 401 for invalid current password, 404 for user not found
"""
try:
logger.info(f"Changing password for user {user_id}")
async with self.database_manager.get_session() as session:
user_repo = UserRepository(User, session)
# Get current user
user = await user_repo.get_by_id(user_id)
if not user:
logger.warning(f"User not found for password change, user_id={user_id}")
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
# Verify current password
from app.core.security import verify_password
is_valid = verify_password(current_password, user.hashed_password)
if not is_valid:
logger.warning(f"Invalid current password for user {user_id}")
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Current password is incorrect"
)
# Update password
await user_repo.update_password(user_id, new_password)
logger.info(f"Password change successful, user_id={user_id}, email={user.email}")
return True
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Password change failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Password change failed: {str(e)}"
) from e
async def verify_user_email(self, email: str, verification_token: str) -> bool:
"""
Verify user email address
Args:
email: User email
verification_token: Email verification token
Returns:
True if email was verified successfully
Raises:
HTTPException: 404 for user not found
"""
try:
logger.info(f"Verifying email for {email}")
async with self.database_manager.get_session() as session:
user_repo = UserRepository(User, session)
# Find user by email
user = await user_repo.get_by_email(email)
if not user:
logger.warning(f"User not found for email verification, email={email}")
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail="User not found"
)
# TODO: Implement actual email verification token logic
# For now, just mark as verified
await user_repo.update_user(user.id, {"is_verified": True})
logger.info(f"Email verification successful, user_id={user.id}, email={email}")
return True
except HTTPException:
# Re-raise HTTP exceptions
raise
except Exception as e:
logger.error(f"Email verification failed: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"Email verification failed: {str(e)}"
) from e
async def request_password_reset(self, email: str) -> bool:
"""
Request a password reset for a user

3
services/auth/app/services/user_service.py
View File

@@ -10,7 +10,8 @@ from fastapi import HTTPException, status
import structlog
from app.repositories import UserRepository, TokenRepository
from app.schemas.auth import UserResponse, UserUpdate
from app.schemas.auth import UserResponse
from app.schemas.users import UserUpdate
from app.models.users import User
from app.models.tokens import RefreshToken
from app.core.security import SecurityManager

172
services/auth/app/utils/subscription_fetcher.py
View File

@@ -1,26 +1,36 @@
"""Fetches subscription data for JWT enrichment at login time"""
from typing import Dict, Any, Optional
import httpx
from typing import Dict, Any, Optional, List
import logging
from fastapi import HTTPException, status
from shared.clients.tenant_client import TenantServiceClient
from shared.config.base import BaseServiceSettings
logger = logging.getLogger(__name__)
class SubscriptionFetcher:
def __init__(self, tenant_service_url: str):
self.tenant_service_url = tenant_service_url.rstrip('/')
logger.info("SubscriptionFetcher initialized with URL: %s", self.tenant_service_url)
def __init__(self, config: BaseServiceSettings):
"""
Initialize SubscriptionFetcher with service configuration
Args:
config: BaseServiceSettings containing service configuration
"""
self.tenant_client = TenantServiceClient(config)
logger.info("SubscriptionFetcher initialized with TenantServiceClient")
async def get_user_subscription_context(
self,
user_id: str,
service_token: str
user_id: str
) -> Dict[str, Any]:
"""
Fetch user's tenant memberships and subscription data.
Fetch user's tenant memberships and subscription data using shared tenant client.
Called ONCE at login, not per-request.
This method uses the shared TenantServiceClient instead of direct HTTP calls,
providing better error handling, circuit breaking, and consistency.
Returns:
{
@@ -39,103 +49,75 @@ class SubscriptionFetcher:
try:
logger.debug("Fetching subscription data for user: %s", user_id)
async with httpx.AsyncClient(timeout=10.0) as client:
# Get user's tenant memberships - corrected URL
memberships_url = f"{self.tenant_service_url}/api/v1/tenants/members/user/{user_id}"
headers = {
"Authorization": f"Bearer {service_token}",
"Content-Type": "application/json"
# Get user's tenant memberships using shared tenant client
memberships = await self.tenant_client.get_user_memberships(user_id)
if not memberships:
logger.info(f"User {user_id} has no tenant memberships - returning default subscription context")
return {
"tenant_id": None,
"tenant_role": None,
"subscription": {
"tier": "starter",
"status": "active",
"valid_until": None
},
"tenant_access": []
}
logger.debug("Fetching user memberships from URL: %s", memberships_url)
response = await client.get(memberships_url, headers=headers)
if response.status_code != 200:
logger.error(f"Failed to fetch user memberships: {response.status_code}")
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to fetch user memberships"
)
# Get primary tenant (first one, or the one with highest role)
primary_membership = memberships[0]
for membership in memberships:
if membership.get("role") == "owner":
primary_membership = membership
break
memberships = response.json()
if not memberships:
logger.info(f"User {user_id} has no tenant memberships - returning default subscription context")
return {
"tenant_id": None,
"tenant_role": None,
"subscription": {
"tier": "starter",
"status": "active",
"valid_until": None
},
"tenant_access": []
}
primary_tenant_id = primary_membership["tenant_id"]
primary_role = primary_membership["role"]
# Get primary tenant (first one, or the one with highest role)
primary_membership = memberships[0]
for membership in memberships:
if membership.get("role") == "owner":
primary_membership = membership
break
primary_tenant_id = primary_membership["tenant_id"]
primary_role = primary_membership["role"]
# Get subscription for primary tenant - FIXED: Use correct endpoint
subscription_url = f"{self.tenant_service_url}/api/v1/tenants/subscriptions/{primary_tenant_id}/active"
subscription_response = await client.get(subscription_url, headers=headers)
if subscription_response.status_code != 200:
logger.error(f"Failed to fetch subscription for tenant {primary_tenant_id}: {subscription_response.status_code}")
# Return with basic info but no subscription
return {
"tenant_id": primary_tenant_id,
"tenant_role": primary_role,
"subscription": None,
"tenant_access": memberships
}
subscription_data = subscription_response.json()
# Build tenant access list with subscription info
tenant_access = []
for membership in memberships:
tenant_id = membership["tenant_id"]
role = membership["role"]
# Get subscription for each tenant - FIXED: Use correct endpoint
tenant_sub_url = f"{self.tenant_service_url}/api/v1/tenants/subscriptions/{tenant_id}/active"
tenant_sub_response = await client.get(tenant_sub_url, headers=headers)
tier = "starter" # default
if tenant_sub_response.status_code == 200:
tenant_sub = tenant_sub_response.json()
tier = tenant_sub.get("plan", "starter")
tenant_access.append({
"id": tenant_id,
"role": role,
"tier": tier
})
# Get subscription for primary tenant using shared tenant client
subscription_data = await self.tenant_client.get_subscription_details(primary_tenant_id)
if not subscription_data:
logger.warning(f"No subscription data found for primary tenant {primary_tenant_id}")
# Return with basic info but no subscription
return {
"tenant_id": primary_tenant_id,
"tenant_role": primary_role,
"subscription": {
"tier": subscription_data.get("plan", "starter"),
"status": subscription_data.get("status", "active"),
"valid_until": subscription_data.get("valid_until", None)
},
"tenant_access": tenant_access
"subscription": None,
"tenant_access": memberships
}
except httpx.HTTPError as e:
logger.error(f"HTTP error fetching subscription data: {str(e)}", exc_info=True)
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=f"HTTP error fetching subscription data: {str(e)}"
)
# Build tenant access list with subscription info
tenant_access = []
for membership in memberships:
tenant_id = membership["tenant_id"]
role = membership["role"]
# Get subscription for each tenant using shared tenant client
tenant_sub = await self.tenant_client.get_subscription_details(tenant_id)
tier = "starter" # default
if tenant_sub:
tier = tenant_sub.get("plan", "starter")
tenant_access.append({
"id": tenant_id,
"role": role,
"tier": tier
})
return {
"tenant_id": primary_tenant_id,
"tenant_role": primary_role,
"subscription": {
"tier": subscription_data.get("plan", "starter"),
"status": subscription_data.get("status", "active"),
"valid_until": subscription_data.get("valid_until", None)
},
"tenant_access": tenant_access
}
except Exception as e:
logger.error(f"Error fetching subscription data: {str(e)}", exc_info=True)
raise HTTPException(

4
services/inventory/app/api/ingredients.py
View File

@@ -74,7 +74,7 @@ async def create_ingredient(
async with httpx.AsyncClient(timeout=5.0) as client:
try:
limit_check_response = await client.get(
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/subscriptions/{tenant_id}/can-add-product",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/limits/products",
headers={
"x-user-id": str(current_user.get('user_id')),
"x-tenant-id": str(tenant_id)
@@ -185,7 +185,7 @@ async def bulk_create_ingredients(
try:
# Check if we can add this many products
limit_check_response = await client.get(
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/subscriptions/{tenant_id}/can-add-products/{total_requested}",
f"{settings.TENANT_SERVICE_URL}/api/v1/tenants/{tenant_id}/subscription/limits/products",
headers={
"x-user-id": str(current_user.get('user_id')),
"x-tenant-id": str(tenant_id)

1031
services/tenant/app/api/subscription.py
View File

File diff suppressed because it is too large Load Diff

854
services/tenant/app/api/tenant_operations.py
View File

File diff suppressed because it is too large Load Diff

72
services/tenant/app/repositories/tenant_repository.py
View File

@@ -606,3 +606,75 @@ class TenantRepository(TenantBaseRepository):
customer_id=customer_id,
error=str(e))
raise DatabaseError(f"Failed to get tenant by customer_id: {str(e)}")
async def get_user_primary_tenant(self, user_id: str) -> Optional[Tenant]:
"""
Get the primary tenant for a user (the tenant they own)
Args:
user_id: User ID to find primary tenant for
Returns:
Tenant object if found, None otherwise
"""
try:
logger.debug("Getting primary tenant for user", user_id=user_id)
# Query for tenant where user is the owner
query = select(Tenant).where(Tenant.owner_id == user_id)
result = await self.session.execute(query)
tenant = result.scalar_one_or_none()
if tenant:
logger.debug("Found primary tenant for user",
user_id=user_id,
tenant_id=str(tenant.id))
return tenant
else:
logger.debug("No primary tenant found for user", user_id=user_id)
return None
except Exception as e:
logger.error("Error getting primary tenant for user",
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to get primary tenant for user: {str(e)}")
async def get_any_user_tenant(self, user_id: str) -> Optional[Tenant]:
"""
Get any tenant that the user has access to (via tenant_members)
Args:
user_id: User ID to find accessible tenants for
Returns:
Tenant object if found, None otherwise
"""
try:
logger.debug("Getting any accessible tenant for user", user_id=user_id)
# Query for tenant members where user has access
from app.models.tenants import TenantMember
query = select(Tenant).join(
TenantMember, Tenant.id == TenantMember.tenant_id
).where(TenantMember.user_id == user_id)
result = await self.session.execute(query)
tenant = result.scalar_one_or_none()
if tenant:
logger.debug("Found accessible tenant for user",
user_id=user_id,
tenant_id=str(tenant.id))
return tenant
else:
logger.debug("No accessible tenants found for user", user_id=user_id)
return None
except Exception as e:
logger.error("Error getting accessible tenant for user",
user_id=user_id,
error=str(e))
raise DatabaseError(f"Failed to get accessible tenant for user: {str(e)}")

46
services/tenant/app/services/subscription_orchestration_service.py
View File

@@ -1545,6 +1545,52 @@ class SubscriptionOrchestrationService:
tenant_id=tenant_id)
return None
async def get_invoices(self, tenant_id: str) -> Dict[str, Any]:
"""
Get invoice history for a tenant's subscription
This is an orchestration method that coordinates between:
1. SubscriptionService (to get subscription data)
2. PaymentService (to get invoices from provider)
Args:
tenant_id: Tenant ID
Returns:
Dictionary with invoices data
"""
try:
# Get subscription from database
subscription = await self.subscription_service.get_subscription_by_tenant_id(tenant_id)
if not subscription:
logger.warning("get_invoices_no_subscription",
tenant_id=tenant_id)
return {"invoices": []}
# Check if subscription has a customer ID
if not subscription.customer_id:
logger.warning("get_invoices_no_customer_id",
tenant_id=tenant_id)
return {"invoices": []}
# Get invoices from payment provider
invoices_result = await self.payment_service.stripe_client.get_invoices(subscription.customer_id)
logger.info("invoices_retrieved",
tenant_id=tenant_id,
customer_id=subscription.customer_id,
invoice_count=len(invoices_result.get("invoices", [])))
return invoices_result
except Exception as e:
logger.error("get_invoices_failed",
error=str(e),
tenant_id=tenant_id,
exc_info=True)
return {"invoices": []}
async def update_payment_method(
self,
tenant_id: str,

4
services/tenant/tests/integration/test_subscription_creation_flow.py
View File

@@ -252,7 +252,7 @@ class SubscriptionCreationFlowTester:
async def _verify_subscription_linked_to_tenant(self, subscription_id: str, tenant_id: str):
"""Verify that the subscription is properly linked to the tenant"""
url = f"{self.base_url}/api/v1/subscriptions/{tenant_id}/status"
url = f"{self.base_url}/api/v1/tenants/{tenant_id}/subscription/status"
# Get access token for the user
access_token = await self._get_user_access_token()
@@ -280,7 +280,7 @@ class SubscriptionCreationFlowTester:
async def _verify_tenant_subscription_access(self, tenant_id: str):
"""Verify that the tenant can access its subscription"""
url = f"{self.base_url}/api/v1/subscriptions/{tenant_id}/active"
url = f"{self.base_url}/api/v1/tenants/{tenant_id}/subscription/details"
# Get access token for the user
access_token = await self._get_user_access_token()

938
shared/clients/tenant_client.py
View File

File diff suppressed because it is too large Load Diff

170
test_user_endpoint_changes.py Executable file
View File

@@ -0,0 +1,170 @@
#!/usr/bin/env python3
"""
Test script to verify that the user endpoint changes work correctly.
This script tests the new user endpoint structure after removing /auth/me.
"""
import asyncio
import httpx
import json
from typing import Dict, Any
class UserEndpointTester:
"""Test the user endpoint changes"""
def __init__(self):
self.base_url = "http://localhost:8000" # Gateway URL
self.auth_service_url = "http://localhost:8001" # Auth service URL
self.timeout = 30.0
# Test data
self.test_user_id = "00000000-0000-0000-0000-000000000001" # Example UUID
self.test_auth_token = "test_token_12345"
async def test_auth_service_user_endpoint(self):
"""Test that the auth service user endpoint works correctly"""
print("🧪 Testing auth service user endpoint...")
try:
async with httpx.AsyncClient(timeout=self.timeout) as client:
# Test GET /api/v1/auth/users/{user_id}
url = f"{self.auth_service_url}/api/v1/auth/users/{self.test_user_id}"
headers = {
"Authorization": f"Bearer {self.test_auth_token}",
"Content-Type": "application/json"
}
print(f"📡 Requesting: GET {url}")
response = await client.get(url, headers=headers)
print(f"📤 Response status: {response.status_code}")
print(f"📦 Response headers: {dict(response.headers)}")
if response.status_code == 200:
data = response.json()
print(f"📋 Response data: {json.dumps(data, indent=2)}")
return True
elif response.status_code == 404:
print("⚠️ User not found (expected for test user)")
return True
else:
print(f"❌ Unexpected status code: {response.status_code}")
print(f"📋 Response: {response.text}")
return False
except Exception as e:
print(f"❌ Error testing auth service: {e}")
return False
async def test_gateway_user_endpoint(self):
"""Test that the gateway user endpoint works correctly"""
print("\n🧪 Testing gateway user endpoint...")
try:
async with httpx.AsyncClient(timeout=self.timeout) as client:
# Test GET /api/v1/users/{user_id}
url = f"{self.base_url}/api/v1/users/{self.test_user_id}"
headers = {
"Authorization": f"Bearer {self.test_auth_token}",
"Content-Type": "application/json"
}
print(f"📡 Requesting: GET {url}")
response = await client.get(url, headers=headers)
print(f"📤 Response status: {response.status_code}")
print(f"📦 Response headers: {dict(response.headers)}")
if response.status_code == 200:
data = response.json()
print(f"📋 Response data: {json.dumps(data, indent=2)}")
return True
elif response.status_code == 404:
print("⚠️ User not found (expected for test user)")
return True
else:
print(f"❌ Unexpected status code: {response.status_code}")
print(f"📋 Response: {response.text}")
return False
except Exception as e:
print(f"❌ Error testing gateway: {e}")
return False
async def test_auth_me_endpoint_removed(self):
"""Test that the /auth/me endpoint has been removed"""
print("\n🧪 Testing that /auth/me endpoint has been removed...")
try:
async with httpx.AsyncClient(timeout=self.timeout) as client:
# Test GET /api/v1/auth/me (should return 404)
url = f"{self.auth_service_url}/api/v1/auth/me"
headers = {
"Authorization": f"Bearer {self.test_auth_token}",
"Content-Type": "application/json"
}
print(f"📡 Requesting: GET {url}")
response = await client.get(url, headers=headers)
print(f"📤 Response status: {response.status_code}")
if response.status_code == 404:
print("✅ /auth/me endpoint correctly returns 404 (removed)")
return True
else:
print(f"❌ /auth/me endpoint still exists (status: {response.status_code})")
return False
except Exception as e:
print(f"❌ Error testing /auth/me removal: {e}")
return False
async def run_all_tests(self):
"""Run all tests"""
print("🚀 Starting user endpoint change tests...\n")
results = []
# Test 1: Auth service user endpoint
result1 = await self.test_auth_service_user_endpoint()
results.append(("Auth service user endpoint", result1))
# Test 2: Gateway user endpoint
result2 = await self.test_gateway_user_endpoint()
results.append(("Gateway user endpoint", result2))
# Test 3: /auth/me endpoint removed
result3 = await self.test_auth_me_endpoint_removed()
results.append(("/auth/me endpoint removed", result3))
# Print summary
print("\n" + "="*60)
print("📊 TEST SUMMARY")
print("="*60)
all_passed = True
for test_name, passed in results:
status = "✅ PASS" if passed else "❌ FAIL"
print(f"{status} {test_name}")
if not passed:
all_passed = False
print("="*60)
if all_passed:
print("🎉 All tests passed! User endpoint changes are working correctly.")
else:
print("⚠️ Some tests failed. Please check the implementation.")
return all_passed
if __name__ == "__main__":
tester = UserEndpointTester()
# Run tests
success = asyncio.run(tester.run_all_tests())
exit(0 if success else 1)

149
verify_changes.py Executable file
View File

@@ -0,0 +1,149 @@
#!/usr/bin/env python3
"""
Verification script to check that the user endpoint changes are syntactically correct.
"""
import os
import re
import sys
from pathlib import Path
def check_file_syntax(file_path: str) -> bool:
"""Check if a file has valid syntax (Python or TypeScript)"""
try:
with open(file_path, 'r', encoding='utf-8') as f:
content = f.read()
# Skip syntax check for TypeScript files
if file_path.endswith('.ts') or file_path.endswith('.tsx'):
print(f"✅ TypeScript file syntax check skipped for {file_path}")
return True
# Basic syntax check for Python files
compile(content, file_path, 'exec')
return True
except SyntaxError as e:
print(f"❌ Syntax error in {file_path}: {e}")
return False
except Exception as e:
print(f"❌ Error reading {file_path}: {e}")
return False
def check_auth_me_removed(file_path: str) -> bool:
"""Check that /auth/me endpoint has been removed"""
try:
with open(file_path, 'r', encoding='utf-8') as f:
content = f.read()
# Look for the /auth/me endpoint definition
if '@router.get("/me"' in content or 'def get_current_user(' in content:
print(f"❌ /auth/me endpoint still exists in {file_path}")
return False
return True
except Exception as e:
print(f"❌ Error checking {file_path}: {e}")
return False
def check_user_service_updated(file_path: str) -> bool:
"""Check that UserService has been updated to use user ID"""
try:
with open(file_path, 'r', encoding='utf-8') as f:
content = f.read()
# Check for the new implementation
if 'useAuthStore.getState()' in content and 'userId = authStore.user?.id' in content:
print(f"✅ UserService correctly updated in {file_path}")
return True
else:
print(f"❌ UserService not properly updated in {file_path}")
return False
except Exception as e:
print(f"❌ Error checking {file_path}: {e}")
return False
def check_api_client_updated(file_path: str) -> bool:
"""Check that API client has been updated"""
try:
with open(file_path, 'r', encoding='utf-8') as f:
content = f.read()
# Check that /auth/me is no longer in noTenantEndpoints (but allow /auth/me/onboarding)
lines = content.split('\n')
found_auth_me_alone = False
for line in lines:
# Look for /auth/me but not /auth/me/onboarding
if line.strip() == "'/auth/me'," or line.strip().endswith("/auth/me',"):
found_auth_me_alone = True
break
if found_auth_me_alone:
print(f"❌ /auth/me still in noTenantEndpoints in {file_path}")
return False
else:
print(f"✅ API client correctly updated in {file_path}")
return True
except Exception as e:
print(f"❌ Error checking {file_path}: {e}")
return False
def main():
"""Main verification function"""
print("🔍 Verifying user endpoint changes...")
print("=" * 60)
# Files to check
files_to_check = [
{
'path': '/Users/urtzialfaro/Documents/bakery-ia/services/auth/app/api/auth_operations.py',
'checks': [check_file_syntax, check_auth_me_removed]
},
{
'path': '/Users/urtzialfaro/Documents/bakery-ia/frontend/src/api/services/user.ts',
'checks': [check_file_syntax, check_user_service_updated]
},
{
'path': '/Users/urtzialfaro/Documents/bakery-ia/frontend/src/api/client/apiClient.ts',
'checks': [check_file_syntax, check_api_client_updated]
}
]
all_passed = True
for file_info in files_to_check:
file_path = file_info['path']
checks = file_info['checks']
print(f"\n📁 Checking {file_path}...")
for check in checks:
if not check(file_path):
all_passed = False
print("\n" + "=" * 60)
if all_passed:
print("🎉 All verification checks passed!")
print("\n✅ Changes summary:")
print(" • Removed /auth/me endpoint from auth service")
print(" • Updated UserService to use /users/{user_id}")
print(" • Updated API client to remove /auth/me from noTenantEndpoints")
print(" • All files have valid syntax")
else:
print("❌ Some verification checks failed!")
print("\nPlease review the errors above and fix them.")
print("=" * 60)
return all_passed
if __name__ == "__main__":
success = main()
sys.exit(0 if success else 1)