sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): pair POS terminal devices with one-time setup QR
Some checks failed
CI / ruff (push) Successful in 47s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
Adds the backend half of the Android tablet rollout. Merchants can
pair tablets to specific stores from /merchants/loyalty/devices (or
admins can pair on behalf from the merchant detail page). Each
pairing issues a long-lived JWT shown ONCE in the response with a
server-rendered QR PNG containing {api_url, store_code, auth_token} —
the tablet scans it on first boot and persists the three fields.

The store API (/api/v1/store/loyalty/*) now accepts these device JWTs
alongside user JWTs. Revoking a device row immediately rejects its
token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year;
re-pair to renew.

- Migration loyalty_010 + TerminalDevice model
- create_device_token / verify_device_token JWT helpers
- 5 endpoints x 2 portals (merchant + admin on-behalf)
- Bearer-auth wiring in app/api/deps.py
- Pages, shared list partial with one-time pairing-QR modal,
  Alpine.js factories
- Locale strings (en authoritative; fr/de/lb seeded with EN copy
  for translation)
- 6 integration tests covering pair, list, revoke, idempotency,
  cross-merchant rejection, store-API auth via device JWT

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-05-05 20:18:57 +02:00
parent c7ab5eb900
commit 6276e9e3ac
28 changed files with 1971 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
middleware/auth.py
View File

@@ -206,6 +206,57 @@ class AuthManager:
"expires_in": self.token_expire_minutes * 60, # Convert minutes to seconds
}
def create_device_token(
self,
*,
device_id: int,
jti: str,
merchant_id: int,
store_id: int,
store_code: str,
expires_at: datetime,
) -> str:
"""Create a long-lived JWT for a paired terminal device.
Carries `device_setup: True` to distinguish from user tokens, plus
`jti` so the device row remains the source of truth for revocation.
Returns the encoded token only — caller stores `jti`, never the token.
"""
payload = {
"sub": str(device_id),
"jti": jti,
"device_setup": True,
"merchant_id": merchant_id,
"store_id": store_id,
"store_code": store_code,
"exp": expires_at,
"iat": datetime.now(UTC),
}
return jwt.encode(payload, self.secret_key, algorithm=self.algorithm)
def verify_device_token(self, token: str) -> dict[str, Any]:
"""Verify a device JWT and return its payload.
Validates signature, expiration, the `device_setup` claim, and the
presence of jti / store_id. Raises InvalidTokenException for any
non-device or malformed token, TokenExpiredException for expired.
"""
try:
payload = jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
except jwt.ExpiredSignatureError:
raise TokenExpiredException()
except jwt.JWTError as e:
logger.error(f"Device JWT decode error: {e}")
raise InvalidTokenException("Could not validate device token")
if not payload.get("device_setup"):
raise InvalidTokenException("Not a device token")
if not payload.get("jti"):
raise InvalidTokenException("Device token missing jti")
if payload.get("store_id") is None:
raise InvalidTokenException("Device token missing store context")
return payload
def verify_token(self, token: str) -> dict[str, Any]:
"""Verify and decode a JWT token, returning the user data.