fix: correct tojson|safe usage in templates and update validator

- Remove |safe from |tojson in HTML attributes (x-data) - quotes must become " for browsers to parse correctly - Update LANG-002 and LANG-003 architecture rules to document correct |tojson usage patterns: - HTML attributes: |tojson (no |safe) - Script blocks: |tojson|safe - Fix validator to warn when |tojson|safe is used in x-data (breaks HTML attribute parsing) - Improve code quality across services, APIs, and tests 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-13 22:59:51 +01:00
parent 94d268f330
commit 9920430b9e
123 changed files with 1408 additions and 840 deletions
--- a/models/database/init.py
+++ b/models/database/init.py
@@ -14,12 +14,17 @@ from .architecture_scan import (
    ViolationAssignment,
    ViolationComment,
 )
-from .test_run import TestCollection, TestResult, TestRun
 from .base import Base
 from .company import Company
 from .content_page import ContentPage
 from .customer import Customer, CustomerAddress
 from .inventory import Inventory
+from .letzshop import (
+    LetzshopFulfillmentQueue,
+    LetzshopOrder,
+    LetzshopSyncLog,
+    VendorLetzshopCredentials,
+)
 from .marketplace_import_job import MarketplaceImportError, MarketplaceImportJob
 from .marketplace_product import (
    DigitalDeliveryMethod,
@@ -28,14 +33,9 @@ from .marketplace_product import (
 )
 from .marketplace_product_translation import MarketplaceProductTranslation
 from .order import Order, OrderItem
-from .letzshop import (
-    LetzshopFulfillmentQueue,
-    LetzshopOrder,
-    LetzshopSyncLog,
-    VendorLetzshopCredentials,
-)
 from .product import Product
 from .product_translation import ProductTranslation
+from .test_run import TestCollection, TestResult, TestRun
 from .user import User
 from .vendor import Role, Vendor, VendorUser
 from .vendor_domain import VendorDomain
--- a/models/database/letzshop.py
+++ b/models/database/letzshop.py
@@ -89,7 +89,9 @@ class LetzshopOrder(Base, TimestampMixin):
    customer_name = Column(String(255), nullable=True)

    # Order totals from Letzshop
-    total_amount = Column(String(50), nullable=True)  # Store as string to preserve format
+    total_amount = Column(
+        String(50), nullable=True
+    )  # Store as string to preserve format
    currency = Column(String(10), default="EUR")

    # Raw data storage (for debugging/auditing)
--- a/models/database/marketplace_import_job.py
+++ b/models/database/marketplace_import_job.py
@@ -33,7 +33,9 @@ class MarketplaceImportError(Base, TimestampMixin):
    identifier = Column(String)  # marketplace_product_id, gtin, mpn, etc.

    # Error details
-    error_type = Column(String(50), nullable=False)  # missing_title, missing_id, parse_error, etc.
+    error_type = Column(
+        String(50), nullable=False
+    )  # missing_title, missing_id, parse_error, etc.
    error_message = Column(Text, nullable=False)

    # Raw row data for review (JSON)
@@ -64,7 +66,9 @@ class MarketplaceImportJob(Base, TimestampMixin):
    # Import configuration
    marketplace = Column(String, nullable=False, index=True, default="Letzshop")
    source_url = Column(String, nullable=False)
-    language = Column(String(5), nullable=False, default="en")  # Language for translations
+    language = Column(
+        String(5), nullable=False, default="en"
+    )  # Language for translations

    # Status tracking
    status = Column(
--- a/models/database/marketplace_product.py
+++ b/models/database/marketplace_product.py
@@ -17,7 +17,6 @@ from sqlalchemy import (
    Index,
    Integer,
    String,
-    Text,
 )
 from sqlalchemy.dialects.sqlite import JSON
 from sqlalchemy.orm import relationship
--- a/models/database/product_translation.py
+++ b/models/database/product_translation.py
@@ -154,7 +154,9 @@ class ProductTranslation(Base, TimestampMixin):
            # Description
            "description": self.get_effective_description(),
            "description_overridden": self.description is not None,
-            "description_source": mp_translation.description if mp_translation else None,
+            "description_source": mp_translation.description
+            if mp_translation
+            else None,
            # Short Description
            "short_description": self.get_effective_short_description(),
            "short_description_overridden": self.short_description is not None,
--- a/models/database/test_run.py
+++ b/models/database/test_run.py
@@ -5,7 +5,6 @@ Database models for tracking pytest test runs and results

 from sqlalchemy import (
    JSON,
-    Boolean,
    Column,
    DateTime,
    Float,
@@ -53,7 +52,9 @@ class TestRun(Base):
    pytest_args = Column(String(500))  # Command line arguments used

    # Status
-    status = Column(String(20), default="running", index=True)  # 'running', 'passed', 'failed', 'error'
+    status = Column(
+        String(20), default="running", index=True
+    )  # 'running', 'passed', 'failed', 'error'

    # Relationship to test results
    results = relationship(
@@ -77,18 +78,20 @@ class TestResult(Base):
    __tablename__ = "test_results"

    id = Column(Integer, primary_key=True, index=True)
-    run_id = Column(
-        Integer, ForeignKey("test_runs.id"), nullable=False, index=True
-    )
+    run_id = Column(Integer, ForeignKey("test_runs.id"), nullable=False, index=True)

    # Test identification
-    node_id = Column(String(500), nullable=False, index=True)  # e.g., 'tests/unit/test_foo.py::test_bar'
+    node_id = Column(
+        String(500), nullable=False, index=True
+    )  # e.g., 'tests/unit/test_foo.py::test_bar'
    test_name = Column(String(200), nullable=False)  # e.g., 'test_bar'
    test_file = Column(String(300), nullable=False)  # e.g., 'tests/unit/test_foo.py'
    test_class = Column(String(200))  # e.g., 'TestFooClass' (optional)

    # Result
-    outcome = Column(String(20), nullable=False, index=True)  # 'passed', 'failed', 'error', 'skipped', 'xfailed', 'xpassed'
+    outcome = Column(
+        String(20), nullable=False, index=True
+    )  # 'passed', 'failed', 'error', 'skipped', 'xfailed', 'xpassed'
    duration_seconds = Column(Float, default=0.0)

    # Failure details (if applicable)
--- a/models/database/vendor.py
+++ b/models/database/vendor.py
@@ -47,7 +47,9 @@ class Vendor(Base, TimestampMixin):
    subdomain = Column(
        String(100), unique=True, nullable=False, index=True
    )  # Unique, non-nullable subdomain column with indexing
-    name = Column(String, nullable=False)  # Non-nullable name column for the vendor (brand name)
+    name = Column(
+        String, nullable=False
+    )  # Non-nullable name column for the vendor (brand name)
    description = Column(Text)  # Optional text description column for the vendor

    # Letzshop URLs - multi-language support (brand-specific marketplace feeds)
@@ -287,13 +289,16 @@ class Vendor(Base, TimestampMixin):
        company = self.company
        return {
            "contact_email": self.effective_contact_email,
-            "contact_email_inherited": self.contact_email is None and company is not None,
+            "contact_email_inherited": self.contact_email is None
+            and company is not None,
            "contact_phone": self.effective_contact_phone,
-            "contact_phone_inherited": self.contact_phone is None and company is not None,
+            "contact_phone_inherited": self.contact_phone is None
+            and company is not None,
            "website": self.effective_website,
            "website_inherited": self.website is None and company is not None,
            "business_address": self.effective_business_address,
-            "business_address_inherited": self.business_address is None and company is not None,
+            "business_address_inherited": self.business_address is None
+            and company is not None,
            "tax_number": self.effective_tax_number,
            "tax_number_inherited": self.tax_number is None and company is not None,
        }
--- a/models/schema/admin.py
+++ b/models/schema/admin.py
@@ -489,10 +489,18 @@ class LogSettingsResponse(BaseModel):
 class LogSettingsUpdate(BaseModel):
    """Update log settings."""

-    log_level: str | None = Field(None, description="Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL")
-    log_file_max_size_mb: int | None = Field(None, ge=1, le=1000, description="Max log file size in MB")
-    log_file_backup_count: int | None = Field(None, ge=0, le=50, description="Number of backup files to keep")
-    db_log_retention_days: int | None = Field(None, ge=1, le=365, description="Days to retain logs in database")
+    log_level: str | None = Field(
+        None, description="Log level: DEBUG, INFO, WARNING, ERROR, CRITICAL"
+    )
+    log_file_max_size_mb: int | None = Field(
+        None, ge=1, le=1000, description="Max log file size in MB"
+    )
+    log_file_backup_count: int | None = Field(
+        None, ge=0, le=50, description="Number of backup files to keep"
+    )
+    db_log_retention_days: int | None = Field(
+        None, ge=1, le=365, description="Days to retain logs in database"
+    )

    @field_validator("log_level")
    @classmethod
--- a/models/schema/letzshop.py
+++ b/models/schema/letzshop.py
@@ -12,8 +12,7 @@ Covers:
 from datetime import datetime
 from typing import Any

-from pydantic import BaseModel, ConfigDict, Field, field_validator
-
+from pydantic import BaseModel, ConfigDict, Field

 # ============================================================================
 # Credentials Schemas
@@ -28,9 +27,7 @@ class LetzshopCredentialsCreate(BaseModel):
        None,
        description="Custom API endpoint (defaults to https://letzshop.lu/graphql)",
    )
-    auto_sync_enabled: bool = Field(
-        False, description="Enable automatic order sync"
-    )
+    auto_sync_enabled: bool = Field(False, description="Enable automatic order sync")
    sync_interval_minutes: int = Field(
        15, ge=5, le=1440, description="Sync interval in minutes (5-1440)"
    )
--- a/models/schema/marketplace_product.py
+++ b/models/schema/marketplace_product.py
@@ -73,7 +73,9 @@ class MarketplaceProductBase(BaseModel):

    # Categories
    google_product_category: str | None = None
-    product_type_raw: str | None = None  # Original feed value (renamed from product_type)
+    product_type_raw: str | None = (
+        None  # Original feed value (renamed from product_type)
+    )
    category_path: str | None = None

    # Custom labels
@@ -95,7 +97,9 @@ class MarketplaceProductBase(BaseModel):
    source_url: str | None = None

    # Product type classification
-    product_type_enum: str | None = None  # 'physical', 'digital', 'service', 'subscription'
+    product_type_enum: str | None = (
+        None  # 'physical', 'digital', 'service', 'subscription'
+    )
    is_digital: bool | None = None

    # Digital product fields
@@ -124,8 +128,6 @@ class MarketplaceProductUpdate(MarketplaceProductBase):
    All fields are optional - only provided fields will be updated.
    """

-    pass
-

 class MarketplaceProductResponse(BaseModel):
    """Schema for marketplace product API response."""
--- a/models/schema/media.py
+++ b/models/schema/media.py
@@ -14,7 +14,6 @@ from typing import Any

 from pydantic import BaseModel, Field

-
 # ============================================================================
 # SHARED RESPONSE SCHEMAS
 # ============================================================================
--- a/models/schema/notification.py
+++ b/models/schema/notification.py
@@ -14,7 +14,6 @@ from typing import Any

 from pydantic import BaseModel, Field

-
 # ============================================================================
 # SHARED RESPONSE SCHEMAS
 # ============================================================================
@@ -134,7 +133,9 @@ class TestNotificationRequest(BaseModel):

    template_id: int | None = Field(None, description="Template to use")
    email: str | None = Field(None, description="Override recipient email")
-    notification_type: str = Field(default="test", description="Type of notification to send")
+    notification_type: str = Field(
+        default="test", description="Type of notification to send"
+    )


 # ============================================================================
--- a/models/schema/payment.py
+++ b/models/schema/payment.py
@@ -15,7 +15,6 @@ from typing import Any

 from pydantic import BaseModel, Field

-
 # ============================================================================
 # PAYMENT CONFIGURATION SCHEMAS
 # ============================================================================
@@ -152,7 +151,9 @@ class PaymentBalanceResponse(BaseModel):
 class RefundRequest(BaseModel):
    """Request model for processing a refund."""

-    amount: float | None = Field(None, gt=0, description="Partial refund amount, or None for full refund")
+    amount: float | None = Field(
+        None, gt=0, description="Partial refund amount, or None for full refund"
+    )
    reason: str | None = Field(None, max_length=500)


--- a/models/schema/vendor.py
+++ b/models/schema/vendor.py
@@ -43,7 +43,10 @@ class VendorCreate(BaseModel):
        ..., description="Unique subdomain for the vendor", min_length=2, max_length=100
    )
    name: str = Field(
-        ..., description="Display name of the vendor/brand", min_length=2, max_length=255
+        ...,
+        description="Display name of the vendor/brand",
+        min_length=2,
+        max_length=255,
    )
    description: str | None = Field(None, description="Vendor/brand description")

@@ -53,10 +56,16 @@ class VendorCreate(BaseModel):
    letzshop_csv_url_de: str | None = Field(None, description="German CSV URL")

    # Contact Info (optional - if not provided, inherited from company)
-    contact_email: str | None = Field(None, description="Override company contact email")
-    contact_phone: str | None = Field(None, description="Override company contact phone")
+    contact_email: str | None = Field(
+        None, description="Override company contact email"
+    )
+    contact_phone: str | None = Field(
+        None, description="Override company contact phone"
+    )
    website: str | None = Field(None, description="Override company website")
-    business_address: str | None = Field(None, description="Override company business address")
+    business_address: str | None = Field(
+        None, description="Override company business address"
+    )
    tax_number: str | None = Field(None, description="Override company tax number")

    # Language Settings
@@ -113,10 +122,16 @@ class VendorUpdate(BaseModel):
    is_verified: bool | None = None

    # Contact Info (set value to override, set to empty string to reset to inherit)
-    contact_email: str | None = Field(None, description="Override company contact email")
-    contact_phone: str | None = Field(None, description="Override company contact phone")
+    contact_email: str | None = Field(
+        None, description="Override company contact email"
+    )
+    contact_phone: str | None = Field(
+        None, description="Override company contact phone"
+    )
    website: str | None = Field(None, description="Override company website")
-    business_address: str | None = Field(None, description="Override company business address")
+    business_address: str | None = Field(
+        None, description="Override company business address"
+    )
    tax_number: str | None = Field(None, description="Override company tax number")

    # Special flag to reset contact fields to inherit from company
@@ -212,17 +227,33 @@ class VendorDetailResponse(VendorResponse):
    tax_number: str | None = Field(None, description="Effective tax number")

    # Inheritance flags (True = value is inherited from company, not overridden)
-    contact_email_inherited: bool = Field(False, description="True if contact_email is from company")
-    contact_phone_inherited: bool = Field(False, description="True if contact_phone is from company")
-    website_inherited: bool = Field(False, description="True if website is from company")
-    business_address_inherited: bool = Field(False, description="True if business_address is from company")
-    tax_number_inherited: bool = Field(False, description="True if tax_number is from company")
+    contact_email_inherited: bool = Field(
+        False, description="True if contact_email is from company"
+    )
+    contact_phone_inherited: bool = Field(
+        False, description="True if contact_phone is from company"
+    )
+    website_inherited: bool = Field(
+        False, description="True if website is from company"
+    )
+    business_address_inherited: bool = Field(
+        False, description="True if business_address is from company"
+    )
+    tax_number_inherited: bool = Field(
+        False, description="True if tax_number is from company"
+    )

    # Original company values (for reference in UI)
-    company_contact_email: str | None = Field(None, description="Company's contact email")
-    company_contact_phone: str | None = Field(None, description="Company's phone number")
+    company_contact_email: str | None = Field(
+        None, description="Company's contact email"
+    )
+    company_contact_phone: str | None = Field(
+        None, description="Company's phone number"
+    )
    company_website: str | None = Field(None, description="Company's website URL")
-    company_business_address: str | None = Field(None, description="Company's business address")
+    company_business_address: str | None = Field(
+        None, description="Company's business address"
+    )
    company_tax_number: str | None = Field(None, description="Company's tax number")