feat: add customer profile, VAT alignment, and fix shop auth

Customer Profile: - Add profile API (GET/PUT /api/v1/shop/profile) - Add password change endpoint (PUT /api/v1/shop/profile/password) - Implement full profile page with preferences and password sections - Add CustomerPasswordChange schema Shop Authentication Fixes: - Add Authorization header to all shop account API calls - Fix orders, order-detail, messages pages authentication - Add proper redirect to login on 401 responses - Fix toast message showing noqa comment in shop-layout.js VAT Calculation: - Add shared VAT utility (app/utils/vat.py) - Add VAT fields to Order model (vat_regime, vat_rate, etc.) - Align order VAT calculation with invoice settings - Add migration for VAT fields on orders Validation Framework: - Fix base_validator.py with missing methods - Add validate_file, output_results, get_exit_code methods - Fix validate_all.py import issues Documentation: - Add launch-readiness.md tracking OMS status - Update to 95% feature complete 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-02 20:31:48 +01:00
parent b5b32fb351
commit 82c07c165f
21 changed files with 2224 additions and 85 deletions
--- a/app/api/v1/shop/orders.py
+++ b/app/api/v1/shop/orders.py
@@ -13,15 +13,19 @@ Customer Context: get_current_customer_api returns Customer directly

 import logging
 from datetime import UTC, datetime
+from pathlib import Path as FilePath

 from fastapi import APIRouter, Depends, Path, Query, Request
+from fastapi.responses import FileResponse
 from sqlalchemy.orm import Session

 from app.api.deps import get_current_customer_api
 from app.core.database import get_db
 from app.exceptions import VendorNotFoundException
+from app.exceptions.invoice import InvoicePDFNotFoundException
 from app.services.cart_service import cart_service
 from app.services.email_service import EmailService
+from app.services.invoice_service import invoice_service
 from app.services.order_service import order_service
 from app.utils.money import cents_to_euros
 from models.database.customer import Customer
@@ -226,3 +230,101 @@ def get_order_details(
        raise OrderNotFoundException(str(order_id))

    return OrderDetailResponse.model_validate(order)
+
+
+@router.get("/orders/{order_id}/invoice")
+def download_order_invoice(
+    request: Request,
+    order_id: int = Path(..., description="Order ID", gt=0),
+    customer: Customer = Depends(get_current_customer_api),
+    db: Session = Depends(get_db),
+):
+    """
+    Download invoice PDF for a customer's order.
+
+    Vendor is automatically determined from request context.
+    Customer can only download invoices for their own orders.
+    Invoice is auto-generated if it doesn't exist.
+
+    Path Parameters:
+    - order_id: ID of the order to get invoice for
+    """
+    from app.exceptions import OrderNotFoundException
+
+    # Get vendor from middleware
+    vendor = getattr(request.state, "vendor", None)
+
+    if not vendor:
+        raise VendorNotFoundException("context", identifier_type="subdomain")
+
+    logger.debug(
+        f"[SHOP_API] download_order_invoice: order {order_id}",
+        extra={
+            "vendor_id": vendor.id,
+            "vendor_code": vendor.subdomain,
+            "customer_id": customer.id,
+            "order_id": order_id,
+        },
+    )
+
+    # Get order
+    order = order_service.get_order(db=db, vendor_id=vendor.id, order_id=order_id)
+
+    # Verify order belongs to customer
+    if order.customer_id != customer.id:
+        raise OrderNotFoundException(str(order_id))
+
+    # Only allow invoice download for orders that are at least processing
+    allowed_statuses = ["processing", "partially_shipped", "shipped", "delivered", "completed"]
+    if order.status not in allowed_statuses:
+        from app.exceptions import ValidationException
+        raise ValidationException("Invoice not available for pending orders")
+
+    # Check if invoice exists for this order (via service layer)
+    invoice = invoice_service.get_invoice_by_order_id(
+        db=db, vendor_id=vendor.id, order_id=order_id
+    )
+
+    # Create invoice if it doesn't exist
+    if not invoice:
+        logger.info(f"Creating invoice for order {order_id} (customer download)")
+        invoice = invoice_service.create_invoice_from_order(
+            db=db,
+            vendor_id=vendor.id,
+            order_id=order_id,
+        )
+        db.commit()
+
+    # Get or generate PDF
+    pdf_path = invoice_service.get_pdf_path(
+        db=db,
+        vendor_id=vendor.id,
+        invoice_id=invoice.id,
+    )
+
+    if not pdf_path:
+        # Generate PDF
+        pdf_path = invoice_service.generate_pdf(
+            db=db,
+            vendor_id=vendor.id,
+            invoice_id=invoice.id,
+        )
+
+    # Verify file exists
+    if not FilePath(pdf_path).exists():
+        raise InvoicePDFNotFoundException(invoice.id)
+
+    filename = f"invoice-{invoice.invoice_number}.pdf"
+
+    logger.info(
+        f"Customer {customer.id} downloading invoice {invoice.invoice_number} for order {order.order_number}"
+    )
+
+    return FileResponse(
+        path=pdf_path,
+        media_type="application/pdf",
+        filename=filename,
+        headers={
+            "Content-Disposition": f'attachment; filename="{filename}"'
+        },
+    )