feat(loyalty): Phase 1 production launch hardening
Some checks failed
Some checks failed
Phase 1 of the loyalty production launch plan: config & security hardening, dropped-data fix, DB integrity guards, rate limiting, and constant-time auth compare. 362 tests pass. - 1.4 Persist customer birth_date (new column + migration). Enrollment form was collecting it but the value was silently dropped because create_customer_for_enrollment never received it. Backfills existing customers without overwriting. - 1.1 LOYALTY_GOOGLE_SERVICE_ACCOUNT_JSON validated at startup (file must exist and be readable; ~ expanded). Adds is_google_wallet_enabled and is_apple_wallet_enabled derived flags. Prod path documented as ~/apps/orion/google-wallet-sa.json. - 1.5 CHECK constraints on loyalty_cards (points_balance, stamp_count non-negative) and loyalty_programs (min_purchase, points_per_euro, welcome_bonus non-negative; stamps_target >= 1). Mirrored as CheckConstraint in models. Pre-flight scan showed zero violations. - 1.3 @rate_limit on store mutating endpoints: stamp 60/min, redeem/points-earn 30-60/min, void/adjust 20/min, pin unlock 10/min. - 1.2 Constant-time hmac.compare_digest for Apple Wallet auth token (pulled forward from Phase 9 — code is safe whenever Apple ships). See app/modules/loyalty/docs/production-launch-plan.md for the full launch plan and remaining phases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -62,6 +62,7 @@ from app.modules.loyalty.services import (
|
||||
stamp_service,
|
||||
)
|
||||
from app.modules.tenancy.models import User # API-007
|
||||
from middleware.decorators import rate_limit
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -267,7 +268,9 @@ def delete_pin(
|
||||
|
||||
|
||||
@router.post("/pins/{pin_id}/unlock", response_model=PinResponse)
|
||||
@rate_limit(max_requests=10, window_seconds=60)
|
||||
def unlock_pin(
|
||||
request: Request,
|
||||
pin_id: int = Path(..., gt=0),
|
||||
current_user: User = Depends(get_current_store_api),
|
||||
db: Session = Depends(get_db),
|
||||
@@ -598,6 +601,7 @@ def get_card_transactions(
|
||||
|
||||
|
||||
@router.post("/stamp", response_model=StampResponse)
|
||||
@rate_limit(max_requests=60, window_seconds=60)
|
||||
def add_stamp(
|
||||
request: Request,
|
||||
data: StampRequest,
|
||||
@@ -624,6 +628,7 @@ def add_stamp(
|
||||
|
||||
|
||||
@router.post("/stamp/redeem", response_model=StampRedeemResponse)
|
||||
@rate_limit(max_requests=30, window_seconds=60)
|
||||
def redeem_stamps(
|
||||
request: Request,
|
||||
data: StampRedeemRequest,
|
||||
@@ -650,6 +655,7 @@ def redeem_stamps(
|
||||
|
||||
|
||||
@router.post("/stamp/void", response_model=StampVoidResponse)
|
||||
@rate_limit(max_requests=20, window_seconds=60)
|
||||
def void_stamps(
|
||||
request: Request,
|
||||
data: StampVoidRequest,
|
||||
@@ -683,6 +689,7 @@ def void_stamps(
|
||||
|
||||
|
||||
@router.post("/points/earn", response_model=PointsEarnResponse)
|
||||
@rate_limit(max_requests=60, window_seconds=60)
|
||||
def earn_points(
|
||||
request: Request,
|
||||
data: PointsEarnRequest,
|
||||
@@ -711,6 +718,7 @@ def earn_points(
|
||||
|
||||
|
||||
@router.post("/points/redeem", response_model=PointsRedeemResponse)
|
||||
@rate_limit(max_requests=30, window_seconds=60)
|
||||
def redeem_points(
|
||||
request: Request,
|
||||
data: PointsRedeemRequest,
|
||||
@@ -738,6 +746,7 @@ def redeem_points(
|
||||
|
||||
|
||||
@router.post("/points/void", response_model=PointsVoidResponse)
|
||||
@rate_limit(max_requests=20, window_seconds=60)
|
||||
def void_points(
|
||||
request: Request,
|
||||
data: PointsVoidRequest,
|
||||
@@ -767,6 +776,7 @@ def void_points(
|
||||
|
||||
|
||||
@router.post("/cards/{card_id}/points/adjust", response_model=PointsAdjustResponse)
|
||||
@rate_limit(max_requests=20, window_seconds=60)
|
||||
def adjust_points(
|
||||
request: Request,
|
||||
data: PointsAdjustRequest,
|
||||
|
||||
Reference in New Issue
Block a user