refactor(arch): move auth schemas to tenancy module and add cross-module service methods

Move all auth schemas (UserContext, UserLogin, LoginResponse, etc.) from
legacy models/schema/auth.py to app/modules/tenancy/schemas/auth.py per
MOD-019. Update 84 import sites across 14 modules. Legacy file now
re-exports for backwards compatibility.

Add missing tenancy service methods for cross-module consumers:
- merchant_service.get_merchant_by_owner_id()
- merchant_service.get_merchant_count_for_owner()
- admin_service.get_user_by_id() (public, was private-only)
- platform_service.get_active_store_count()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/routes/api/admin_auth.py

@@ -21,9 +21,7 @@ from app.modules.core.services.auth_service import auth_service
 from app.modules.tenancy.exceptions import (
     InvalidCredentialsException,
 )
-from app.modules.tenancy.services.admin_platform_service import admin_platform_service
-from middleware.auth import AuthManager
-from models.schema.auth import (
+from app.modules.tenancy.schemas.auth import (
     LoginResponse,
     LogoutResponse,
     PlatformSelectResponse,
@@ -31,6 +29,8 @@ from models.schema.auth import (
     UserLogin,
     UserResponse,
 )
+from app.modules.tenancy.services.admin_platform_service import admin_platform_service
+from middleware.auth import AuthManager
 
 admin_auth_router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_merchant_domains.py

@@ -16,6 +16,7 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.merchant_domain import (
     MerchantDomainCreate,
     MerchantDomainDeletionResponse,
@@ -30,7 +31,6 @@ from app.modules.tenancy.schemas.store_domain import (
 from app.modules.tenancy.services.merchant_domain_service import (
     merchant_domain_service,
 )
-from models.schema.auth import UserContext
 
 admin_merchant_domains_router = APIRouter(prefix="/merchants")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_merchants.py

@@ -16,6 +16,7 @@ from app.modules.tenancy.exceptions import (
     ConfirmationRequiredException,
     MerchantHasStoresException,
 )
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.merchant import (
     MerchantCreate,
     MerchantCreateResponse,
@@ -27,7 +28,6 @@ from app.modules.tenancy.schemas.merchant import (
     MerchantUpdate,
 )
 from app.modules.tenancy.services.merchant_service import merchant_service
-from models.schema.auth import UserContext
 
 admin_merchants_router = APIRouter(prefix="/merchants")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_module_config.py

@@ -21,8 +21,8 @@ from app.api.deps import get_current_super_admin, get_db
 from app.exceptions import ValidationException
 from app.modules.registry import MODULES
 from app.modules.service import module_service
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.services.platform_service import platform_service
-from models.schema.auth import UserContext
 
 logger = logging.getLogger(__name__)
 router = APIRouter(prefix="/module-config")

app/modules/tenancy/routes/api/admin_modules.py

@@ -21,8 +21,8 @@ from sqlalchemy.orm import Session
 from app.api.deps import get_current_super_admin, get_db
 from app.modules.registry import MODULES, get_core_module_codes
 from app.modules.service import module_service
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.services.platform_service import platform_service
-from models.schema.auth import UserContext
 
 logger = logging.getLogger(__name__)
 router = APIRouter(prefix="/modules")

app/modules/tenancy/routes/api/admin_platform_users.py

@@ -15,8 +15,7 @@ from sqlalchemy.orm import Session
 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
 from app.modules.core.services.stats_aggregator import stats_aggregator
-from app.modules.tenancy.services.admin_service import admin_service
-from models.schema.auth import (
+from app.modules.tenancy.schemas.auth import (
     OwnedMerchantSummary,
     StoreMembershipSummary,
     UserContext,
@@ -29,6 +28,7 @@ from models.schema.auth import (
     UserStatusToggleResponse,
     UserUpdate,
 )
+from app.modules.tenancy.services.admin_service import admin_service
 
 admin_platform_users_router = APIRouter(prefix="/users")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_platforms.py

@@ -22,8 +22,8 @@ from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_admin_from_cookie_or_header, get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.services.platform_service import platform_service
-from models.schema.auth import UserContext
 
 logger = logging.getLogger(__name__)
 admin_platforms_router = APIRouter(prefix="/platforms")

app/modules/tenancy/routes/api/admin_store_domains.py

@@ -16,6 +16,7 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.store_domain import (
     DomainDeletionResponse,
     DomainVerificationInstructions,
@@ -27,7 +28,6 @@ from app.modules.tenancy.schemas.store_domain import (
 )
 from app.modules.tenancy.services.store_domain_service import store_domain_service
 from app.modules.tenancy.services.store_service import store_service
-from models.schema.auth import UserContext
 
 admin_store_domains_router = APIRouter(prefix="/stores")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_store_roles.py

@@ -21,6 +21,7 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.team import (
     PermissionCatalogResponse,
     RoleCreate,
@@ -33,7 +34,6 @@ from app.modules.tenancy.services.permission_discovery_service import (
 )
 from app.modules.tenancy.services.store_team_service import store_team_service
 from app.utils.i18n import translate
-from models.schema.auth import UserContext
 
 admin_store_roles_router = APIRouter(prefix="/store-roles")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_stores.py

@@ -16,6 +16,7 @@ from sqlalchemy.orm import Session
 from app.api.deps import get_current_admin_api
 from app.core.database import get_db
 from app.modules.tenancy.exceptions import ConfirmationRequiredException
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.store import (
     StoreCreate,
     StoreCreateResponse,
@@ -26,7 +27,6 @@ from app.modules.tenancy.schemas.store import (
 )
 from app.modules.tenancy.services.admin_service import admin_service
 from app.modules.tenancy.services.store_service import store_service
-from models.schema.auth import UserContext
 
 admin_stores_router = APIRouter(prefix="/stores")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/admin_users.py

@@ -24,8 +24,8 @@ from app.exceptions import ValidationException
 from app.modules.tenancy.models import (
     User,  # API-007 - Internal helper uses User model
 )
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.services.admin_platform_service import admin_platform_service
-from models.schema.auth import UserContext
 
 admin_users_router = APIRouter(prefix="/admin-users")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/merchant.py

@@ -21,8 +21,8 @@ from app.modules.tenancy.schemas import (
     MerchantPortalProfileUpdate,
     MerchantPortalStoreListResponse,
 )
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.services.merchant_service import merchant_service
-from models.schema.auth import UserContext
 
 from .email_verification import email_verification_api_router
 from .merchant_auth import merchant_auth_router

app/modules/tenancy/routes/api/merchant_auth.py

@@ -22,14 +22,14 @@ from app.modules.core.services.auth_service import auth_service
 from app.modules.tenancy.models.user_password_reset_token import (
     UserPasswordResetToken,  # noqa: API-007
 )
-from app.modules.tenancy.services.user_auth_service import user_auth_service
-from models.schema.auth import (
+from app.modules.tenancy.schemas.auth import (
     LoginResponse,
     LogoutResponse,
     UserContext,
     UserLogin,
     UserResponse,
 )
+from app.modules.tenancy.services.user_auth_service import user_auth_service
 
 merchant_auth_router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/store_auth.py

@@ -26,10 +26,15 @@ from app.modules.tenancy.exceptions import InvalidCredentialsException
 from app.modules.tenancy.models.user_password_reset_token import (
     UserPasswordResetToken,  # noqa: API-007
 )
+from app.modules.tenancy.schemas.auth import (
+    LogoutResponse,
+    StoreUserResponse,
+    UserContext,
+    UserLogin,
+)
 from app.modules.tenancy.services.user_auth_service import user_auth_service
 from middleware.platform_context import get_current_platform
 from middleware.store_context import get_current_store
-from models.schema.auth import LogoutResponse, StoreUserResponse, UserContext, UserLogin
 
 store_auth_router = APIRouter(prefix="/auth")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/store_profile.py

@@ -13,9 +13,9 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_store_api
 from app.core.database import get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.store import StoreResponse, StoreUpdate
 from app.modules.tenancy.services.store_service import store_service
-from models.schema.auth import UserContext
 
 store_profile_router = APIRouter(prefix="/profile")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/api/store_team.py

@@ -22,6 +22,7 @@ from app.api.deps import (
     require_store_permission,
 )
 from app.core.database import get_db
+from app.modules.tenancy.schemas.auth import UserContext
 from app.modules.tenancy.schemas.team import (
     BulkRemoveRequest,
     BulkRemoveResponse,
@@ -48,7 +49,6 @@ from app.modules.tenancy.services.permission_discovery_service import (
 )
 from app.modules.tenancy.services.store_team_service import store_team_service
 from app.utils.i18n import translate
-from models.schema.auth import UserContext
 
 store_team_router = APIRouter(prefix="/team")
 logger = logging.getLogger(__name__)

app/modules/tenancy/routes/pages/merchant.py

@@ -16,8 +16,8 @@ from sqlalchemy.orm import Session
 from app.api.deps import get_current_merchant_from_cookie_or_header, get_db
 from app.modules.core.utils.page_context import get_context_for_frontend
 from app.modules.enums import FrontendType
+from app.modules.tenancy.schemas.auth import UserContext
 from app.templates_config import templates
-from models.schema.auth import UserContext
 
 router = APIRouter()