sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): pair POS terminal devices with one-time setup QR
Some checks failed
CI / ruff (push) Successful in 47s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
Adds the backend half of the Android tablet rollout. Merchants can
pair tablets to specific stores from /merchants/loyalty/devices (or
admins can pair on behalf from the merchant detail page). Each
pairing issues a long-lived JWT shown ONCE in the response with a
server-rendered QR PNG containing {api_url, store_code, auth_token} —
the tablet scans it on first boot and persists the three fields.

The store API (/api/v1/store/loyalty/*) now accepts these device JWTs
alongside user JWTs. Revoking a device row immediately rejects its
token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year;
re-pair to renew.

- Migration loyalty_010 + TerminalDevice model
- create_device_token / verify_device_token JWT helpers
- 5 endpoints x 2 portals (merchant + admin on-behalf)
- Bearer-auth wiring in app/api/deps.py
- Pages, shared list partial with one-time pairing-QR modal,
  Alpine.js factories
- Locale strings (en authoritative; fr/de/lb seeded with EN copy
  for translation)
- 6 integration tests covering pair, list, revoke, idempotency,
  cross-merchant rejection, store-API auth via device JWT

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-05-05 20:18:57 +02:00
parent c7ab5eb900
commit 6276e9e3ac
28 changed files with 1971 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
app/modules/loyalty/schemas/terminal_device.py Normal file
View File

@@ -0,0 +1,72 @@
# app/modules/loyalty/schemas/terminal_device.py
"""Pydantic schemas for terminal device pairing & management."""
from datetime import datetime
from pydantic import BaseModel, ConfigDict, Field
class TerminalDeviceCreate(BaseModel):
"""Pair a new terminal device. Issues a long-lived JWT shown once."""
store_id: int = Field(..., gt=0, description="Store the device is bound to")
label: str = Field(
...,
min_length=1,
max_length=100,
description="Merchant-facing name e.g. 'Counter 1'",
)
class TerminalDeviceUpdate(BaseModel):
"""Update a paired device's label. Token is not affected."""
model_config = ConfigDict(from_attributes=True)
label: str | None = Field(None, min_length=1, max_length=100)
class TerminalDeviceRevoke(BaseModel):
"""Revoke a device's token, optionally with a reason for the audit log."""
reason: str | None = Field(None, max_length=255)
class TerminalDeviceResponse(BaseModel):
"""Read view of a paired device. Never includes the JWT."""
model_config = ConfigDict(from_attributes=True)
id: int
merchant_id: int
store_id: int
store_name: str | None = None
label: str
status: str # active | revoked | expired
expires_at: datetime
last_seen_at: datetime | None = None
last_seen_ip: str | None = None
revoked_at: datetime | None = None
revoked_by_id: int | None = None
revoked_reason: str | None = None
created_by_id: int | None = None
created_at: datetime
class TerminalDevicePairingResponse(TerminalDeviceResponse):
"""Returned by POST only. Carries the one-time setup token + QR PNG."""
setup_token: str = Field(..., description="The signed JWT — shown once")
setup_payload: dict = Field(
...,
description="Decoded {api_url, store_code, auth_token} payload encoded in the QR",
)
qr_png_base64: str = Field(
...,
description="Base64-encoded PNG of the setup QR (data:image/png;base64,...)",
)
class TerminalDeviceListResponse(BaseModel):
devices: list[TerminalDeviceResponse]
total: int