sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
168 Commits 1 Branch 0 Tags
9f8ad71d8545c625997bb73489cf8d2bac753c4e
Commit Graph

28 Commits

Author SHA1 Message Date
Samir Boulahtit
6735d99df2 feat: implement customer authentication with JWT tokens 
Implement secure customer authentication system with dedicated JWT tokens,
separate from admin/vendor authentication.

Backend Changes:
- Add customer JWT token support in deps.py
  - New get_current_customer_from_cookie_or_header dependency
  - Validates customer-specific tokens with type checking
  - Returns Customer object instead of User for shop routes
- Extend AuthService with customer token support
  - Add verify_password() method
  - Add create_access_token_with_data() for custom token payloads
- Update CustomerService authentication
  - Generate customer-specific JWT tokens with type="customer"
  - Use vendor-scoped customer lookup
- Enhance exception handler
  - Sanitize validation errors to prevent password leaks in logs
  - Fix shop login redirect to support multi-access routing
- Improve vendor context detection from Referer header
  - Consistent "path" detection method for cookie path logic

Schema Changes:
- Rename UserLogin.username to email_or_username for flexibility
- Update field validators accordingly

API Changes:
- Update admin/vendor auth endpoints to use email_or_username
- Customer auth already uses email field correctly

Route Changes:
- Update shop account routes to use Customer dependency
- Add /account redirect (without trailing slash)
- Change parameter names from current_user to current_customer

Frontend Changes:
- Update login forms to use email_or_username in API calls
- Change button text from "Log in" to "Sign in" for consistency
- Improve loading spinner layout with flexbox

Security Improvements:
- Customer tokens scoped to vendor_id
- Token type validation prevents cross-context token usage
- Password inputs redacted from validation error logs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-25 21:08:49 +01:00
Samir Boulahtit
5a9f44f3d1 Complete shop API consolidation to /api/v1/shop/* with middleware-based vendor context 
## API Migration (Complete)

### New Shop API Endpoints Created
- **Products API** (app/api/v1/shop/products.py)
  - GET /api/v1/shop/products - Product catalog with pagination/search/filters
  - GET /api/v1/shop/products/{id} - Product details

- **Cart API** (app/api/v1/shop/cart.py)
  - GET /api/v1/shop/cart/{session_id} - Get cart
  - POST /api/v1/shop/cart/{session_id}/items - Add to cart
  - PUT /api/v1/shop/cart/{session_id}/items/{product_id} - Update quantity
  - DELETE /api/v1/shop/cart/{session_id}/items/{product_id} - Remove item
  - DELETE /api/v1/shop/cart/{session_id} - Clear cart

- **Orders API** (app/api/v1/shop/orders.py)
  - POST /api/v1/shop/orders - Place order (authenticated)
  - GET /api/v1/shop/orders - Order history (authenticated)
  - GET /api/v1/shop/orders/{id} - Order details (authenticated)

- **Auth API** (app/api/v1/shop/auth.py)
  - POST /api/v1/shop/auth/register - Customer registration
  - POST /api/v1/shop/auth/login - Customer login (sets cookie at path=/shop)
  - POST /api/v1/shop/auth/logout - Customer logout
  - POST /api/v1/shop/auth/forgot-password - Password reset request
  - POST /api/v1/shop/auth/reset-password - Password reset

**Total: 18 new shop API endpoints**

### Middleware Enhancement
Updated VendorContextMiddleware (middleware/vendor_context.py):
- Added is_shop_api_request() to detect /api/v1/shop/* routes
- Added extract_vendor_from_referer() to extract vendor from Referer header
  - Supports path-based: /vendors/wizamart/shop/* → wizamart
  - Supports subdomain: wizamart.platform.com → wizamart
  - Supports custom domain: customshop.com → customshop.com
- Modified dispatch() to handle shop API specially (no longer skips)
- Vendor context now injected into request.state.vendor for shop API calls

### Frontend Migration (Complete)
Updated all shop templates to use new API endpoints:
- app/templates/shop/account/login.html - Updated login endpoint
- app/templates/shop/account/register.html - Updated register endpoint
- app/templates/shop/product.html - Updated 4 API calls (products, cart)
- app/templates/shop/cart.html - Updated 3 API calls (get, update, delete)
- app/templates/shop/products.html - Activated product loading from API

**Total: 9 API endpoint migrations across 5 templates**

### Old Endpoint Cleanup (Complete)
Removed deprecated /api/v1/public/vendors/* shop endpoints:
- Deleted app/api/v1/public/vendors/auth.py
- Deleted app/api/v1/public/vendors/products.py
- Deleted app/api/v1/public/vendors/cart.py
- Deleted app/api/v1/public/vendors/orders.py
- Deleted app/api/v1/public/vendors/payments.py (empty)
- Deleted app/api/v1/public/vendors/search.py (empty)
- Deleted app/api/v1/public/vendors/shop.py (empty)

Updated app/api/v1/public/__init__.py to only include vendor lookup endpoints:
- GET /api/v1/public/vendors/by-code/{code}
- GET /api/v1/public/vendors/by-subdomain/{subdomain}
- GET /api/v1/public/vendors/{id}/info

**Result: Only 3 truly public endpoints remain**

### Error Page Improvements
Updated all shop error templates to use base_url:
- app/templates/shop/errors/*.html (10 files)
- Updated error_renderer.py to calculate base_url from vendor context
- Links now work correctly for path-based, subdomain, and custom domain access

### CMS Route Handler
Added catch-all CMS route to app/routes/vendor_pages.py:
- Handles /{vendor_code}/{slug} for content pages
- Uses content_page_service for two-tier lookup (vendor override → platform default)

### Template Architecture Fix
Updated app/templates/shop/base.html:
- Changed x-data to use {% block alpine_data %} for component override
- Allows pages to specify custom Alpine.js components
- Enables page-specific state while extending shared shopLayoutData()

### Documentation (Complete)
Created comprehensive documentation:
- docs/api/shop-api-reference.md - Complete API reference with examples
- docs/architecture/API_CONSOLIDATION_PROPOSAL.md - Analysis of 3 options
- docs/architecture/API_MIGRATION_STATUS.md - Migration tracking (100% complete)
- Updated docs/api/index.md - Added Shop API section
- Updated docs/frontend/shop/architecture.md - New API structure and component pattern

## Benefits Achieved

### Cleaner URLs (~40% shorter)
Before: /api/v1/public/vendors/{vendor_id}/products
After:  /api/v1/shop/products

### Better Architecture
- Middleware-driven vendor context (no manual vendor_id passing)
- Proper separation of concerns (public vs shop vs vendor APIs)
- Consistent authentication pattern
- RESTful design

### Developer Experience
- No need to track vendor_id in frontend state
- Automatic vendor context from Referer header
- Simpler API calls
- Better documentation

## Testing
- Verified middleware extracts vendor from Referer correctly
- Tested all shop API endpoints with vendor context
- Confirmed products page loads and displays products
- Verified error pages show correct links
- No old API references remain in templates

Migration Status:  100% Complete (8/8 success criteria met)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-22 23:03:05 +01:00
Samir Boulahtit
92a2610b70 renaming properly all middleware test cases and fixing bugs 2025-11-19 21:21:29 +01:00
Samir Boulahtit
c10bdfdf42 fixing vendor context detection bug 2025-11-18 23:41:51 +01:00
Samir Boulahtit
d947fa5ca0 removing legacy code on path_rewrite_middleware 2025-11-18 23:32:07 +01:00
Samir Boulahtit
b3009e3795 Fixed middleware authentication issues 2025-11-18 22:50:55 +01:00
Samir Boulahtit
807033be16 revamping documentation 2025-11-17 22:59:42 +01:00
Samir Boulahtit
adbcee4ce3 middleware fix for path-based vendor url 2025-11-09 18:47:53 +01:00
Samir Boulahtit
79dfcab09f frontend error management enhancement 2025-11-05 21:52:22 +01:00
Samir Boulahtit
9611c03a36 migrating vendor frontend to new architecture 2025-10-31 20:51:30 +01:00
Samir Boulahtit
c88775134d Multitenant implementation with custom Domain, theme per vendor 2025-10-26 20:05:02 +01:00
Samir Boulahtit
1a43a4250c admin panel migration to jinja 2025-10-25 07:31:44 +02:00
Samir Boulahtit
06bb463468 Bug fix in init files 2025-10-19 15:59:12 +02:00
Samir Boulahtit
d7439fce46 Created target project structure 2025-10-11 12:14:49 +02:00
Samir Boulahtit
dd16198276 major refactoring adding vendor and customer features 2025-10-11 09:09:25 +02:00
Samir Boulahtit
6b9817f179 test updates to take into account exception management 2025-09-27 13:47:36 +02:00
Samir Boulahtit
3e720212d9 Product tests update 2025-09-25 20:00:50 +02:00
Samir Boulahtit
cea88a46c5 Marketplace tests update 2025-09-24 22:28:44 +02:00
Samir Boulahtit
f9879126c8 Auth service tests update 2025-09-24 21:44:48 +02:00
Samir Boulahtit
98285aa8aa Exception handling enhancement 2025-09-23 22:42:26 +02:00
Samir Boulahtit
c494c5b5c6 API and database models refactoring 2025-09-20 20:17:16 +02:00
Samir Boulahtit
f042616fdd fixing DQ issues 2025-09-19 16:54:13 +02:00
Samir Boulahtit
0ce708cf09 fixing DQ issues 2025-09-14 15:47:38 +02:00
Samir Boulahtit
3eb18ef91e code quality run 2025-09-13 21:58:54 +02:00
Samir Boulahtit
b9fe91ab88 Application fully migrated to modular approach 2025-09-13 21:30:40 +02:00
Samir Boulahtit
f9ed3bdf11 Refactoring code for modular approach 2025-09-11 21:16:18 +02:00
Samir Boulahtit
71153a1ff5 Refactoring code for modular approach 2025-09-09 21:27:58 +02:00
Samir Boulahtit
9dd177bddc Initial commit 2025-09-05 17:27:39 +02:00