cbfbbb4654
fix: customer authentication and shop error page styling
...
## Customer Authentication Fixes
- Fix get_current_customer_api to properly decode customer tokens (was using User model)
- Add _validate_customer_token() helper for shared customer token validation
- Add vendor validation: token.vendor_id must match request URL vendor
- Block admin/vendor tokens from shop endpoints (type != "customer")
- Update get_current_customer_optional to use proper customer token validation
- Customer auth functions now return Customer object (not User)
## Shop Orders API
- Update orders.py to receive Customer directly from auth dependency
- Remove broken get_customer_from_user() helper
- Use VendorNotFoundException instead of HTTPException
## Shop Error Pages
- Fix all error templates (400, 401, 403, 404, 422, 429, 500, 502, generic)
- Templates were using undefined CSS classes (.btn, .status-code, etc.)
- Now properly extend base.html and override specific blocks
- Use Tailwind utility classes for consistent styling
## Documentation
- Update docs/api/authentication.md with new Customer return types
- Document vendor validation security features
- Update docs/api/authentication-quick-reference.md examples
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-12-04 22:48:02 +01:00
3c7af0ccdf
refactor: standardize markdown file naming to kebab-case convention
...
Renamed all documentation files to follow kebab-case naming standard:
- UPPERCASE files → lowercase (e.g., RBAC.md → rbac.md)
- snake_case files → kebab-case (e.g., icons_guide.md → icons-guide.md)
- SCREAMING_SNAKE_CASE → kebab-case (e.g., DATABASE_SETUP_GUIDE.md → database-setup-guide.md)
Files renamed (15 total):
API Documentation:
- api/RBAC.md → api/rbac.md
Architecture:
- architecture/API_CONSOLIDATION_PROPOSAL.md → api-consolidation-proposal.md
- architecture/API_MIGRATION_STATUS.md → api-migration-status.md
Development:
- development/AUTH_DEPENDENCIES_GUIDE.md → auth-dependencies-guide.md
- development/CUSTOMER_AUTHENTICATION_IMPLEMENTATION.md → customer-authentication-implementation.md
- development/CUSTOMER_AUTH_SUMMARY.md → customer-auth-summary.md
- development/icons_guide.md → icons-guide.md
Database Seeder:
- database-seeder/DATABASE_INIT_GUIDE.md → database-init-guide.md
- database-seeder/DATABASE_QUICK_REFERENCE_GUIDE.md → database-quick-reference-guide.md
- database-seeder/DATABASE_SEEDER_DOCUMENTATION.md → database-seeder-documentation.md
- database-seeder/MAKEFILE_DATABASE_SEEDER.md → makefile-database-seeder.md
Error Rendering:
- error-rendering/ERROR_RENDERING_DEVELOPER_DOCUMENTATION.md → error-rendering-developer-documentation.md
- error-rendering/HTML_ERROR_RENDERING_FLOW_DIAGRAM.md → html-error-rendering-flow-diagram.md
Getting Started:
- getting-started/DATABASE_QUICK_REFERENCE.md → database-quick-reference.md
- getting-started/DATABASE_SETUP_GUIDE.md → database-setup-guide.md
Updates:
- Updated all references in mkdocs.yml
- Updated all cross-references in markdown files
- Verified mkdocs builds without warnings or errors
Standard: Use kebab-case (lowercase-with-hyphens) for all markdown files
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-28 07:58:33 +01:00
e619776054
docs: update documentation for cart implementation
...
Updated API reference, error handling, and architecture docs to reflect
the new persistent cart system with database storage.
API Reference Updates (shop-api-reference.md):
- Updated last modified date to 2025-11-23
- Updated cart response schemas to match CartResponse/CartItemResponse models
- Added detailed schema tables for all cart endpoints
- Documented all cart exceptions with examples (CART_ITEM_NOT_FOUND, INSUFFICIENT_INVENTORY_FOR_CART, etc.)
- Added implementation notes about cart persistence and duplicate prevention
- Updated all endpoint documentation with proper request/response schemas
- Added CartOperationResponse and ClearCartResponse documentation
Error Handling Updates (error-handling.md):
- Added Shopping Cart Exceptions section with 6 cart-specific exceptions
- Added Product Exceptions section
- Added Inventory Exceptions section
- Updated error response format to show structured WizamartException format
- Added examples with error_code, message, status_code, and details fields
- Documented the difference between structured and generic error formats
Architecture Updates (overview.md):
- Added cart_items table to database schema diagram
- Documented session-based shopping cart in data model hierarchy
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-23 20:27:50 +01:00
756e12fe7b
removing references to letzshop, replacing by wizamart
2025-11-23 20:19:00 +01:00
5a9f44f3d1
Complete shop API consolidation to /api/v1/shop/* with middleware-based vendor context
...
## API Migration (Complete)
### New Shop API Endpoints Created
- **Products API** (app/api/v1/shop/products.py)
- GET /api/v1/shop/products - Product catalog with pagination/search/filters
- GET /api/v1/shop/products/{id} - Product details
- **Cart API** (app/api/v1/shop/cart.py)
- GET /api/v1/shop/cart/{session_id} - Get cart
- POST /api/v1/shop/cart/{session_id}/items - Add to cart
- PUT /api/v1/shop/cart/{session_id}/items/{product_id} - Update quantity
- DELETE /api/v1/shop/cart/{session_id}/items/{product_id} - Remove item
- DELETE /api/v1/shop/cart/{session_id} - Clear cart
- **Orders API** (app/api/v1/shop/orders.py)
- POST /api/v1/shop/orders - Place order (authenticated)
- GET /api/v1/shop/orders - Order history (authenticated)
- GET /api/v1/shop/orders/{id} - Order details (authenticated)
- **Auth API** (app/api/v1/shop/auth.py)
- POST /api/v1/shop/auth/register - Customer registration
- POST /api/v1/shop/auth/login - Customer login (sets cookie at path=/shop)
- POST /api/v1/shop/auth/logout - Customer logout
- POST /api/v1/shop/auth/forgot-password - Password reset request
- POST /api/v1/shop/auth/reset-password - Password reset
**Total: 18 new shop API endpoints**
### Middleware Enhancement
Updated VendorContextMiddleware (middleware/vendor_context.py):
- Added is_shop_api_request() to detect /api/v1/shop/* routes
- Added extract_vendor_from_referer() to extract vendor from Referer header
- Supports path-based: /vendors/wizamart/shop/* → wizamart
- Supports subdomain: wizamart.platform.com → wizamart
- Supports custom domain: customshop.com → customshop.com
- Modified dispatch() to handle shop API specially (no longer skips)
- Vendor context now injected into request.state.vendor for shop API calls
### Frontend Migration (Complete)
Updated all shop templates to use new API endpoints:
- app/templates/shop/account/login.html - Updated login endpoint
- app/templates/shop/account/register.html - Updated register endpoint
- app/templates/shop/product.html - Updated 4 API calls (products, cart)
- app/templates/shop/cart.html - Updated 3 API calls (get, update, delete)
- app/templates/shop/products.html - Activated product loading from API
**Total: 9 API endpoint migrations across 5 templates**
### Old Endpoint Cleanup (Complete)
Removed deprecated /api/v1/public/vendors/* shop endpoints:
- Deleted app/api/v1/public/vendors/auth.py
- Deleted app/api/v1/public/vendors/products.py
- Deleted app/api/v1/public/vendors/cart.py
- Deleted app/api/v1/public/vendors/orders.py
- Deleted app/api/v1/public/vendors/payments.py (empty)
- Deleted app/api/v1/public/vendors/search.py (empty)
- Deleted app/api/v1/public/vendors/shop.py (empty)
Updated app/api/v1/public/__init__.py to only include vendor lookup endpoints:
- GET /api/v1/public/vendors/by-code/{code}
- GET /api/v1/public/vendors/by-subdomain/{subdomain}
- GET /api/v1/public/vendors/{id}/info
**Result: Only 3 truly public endpoints remain**
### Error Page Improvements
Updated all shop error templates to use base_url:
- app/templates/shop/errors/*.html (10 files)
- Updated error_renderer.py to calculate base_url from vendor context
- Links now work correctly for path-based, subdomain, and custom domain access
### CMS Route Handler
Added catch-all CMS route to app/routes/vendor_pages.py:
- Handles /{vendor_code}/{slug} for content pages
- Uses content_page_service for two-tier lookup (vendor override → platform default)
### Template Architecture Fix
Updated app/templates/shop/base.html:
- Changed x-data to use {% block alpine_data %} for component override
- Allows pages to specify custom Alpine.js components
- Enables page-specific state while extending shared shopLayoutData()
### Documentation (Complete)
Created comprehensive documentation:
- docs/api/shop-api-reference.md - Complete API reference with examples
- docs/architecture/API_CONSOLIDATION_PROPOSAL.md - Analysis of 3 options
- docs/architecture/API_MIGRATION_STATUS.md - Migration tracking (100% complete)
- Updated docs/api/index.md - Added Shop API section
- Updated docs/frontend/shop/architecture.md - New API structure and component pattern
## Benefits Achieved
### Cleaner URLs (~40% shorter)
Before: /api/v1/public/vendors/{vendor_id}/products
After: /api/v1/shop/products
### Better Architecture
- Middleware-driven vendor context (no manual vendor_id passing)
- Proper separation of concerns (public vs shop vs vendor APIs)
- Consistent authentication pattern
- RESTful design
### Developer Experience
- No need to track vendor_id in frontend state
- Automatic vendor context from Referer header
- Simpler API calls
- Better documentation
## Testing
- Verified middleware extracts vendor from Referer correctly
- Tested all shop API endpoints with vendor context
- Confirmed products page loads and displays products
- Verified error pages show correct links
- No old API references remain in templates
Migration Status: ✅ 100% Complete (8/8 success criteria met)
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-22 23:03:05 +01:00
0d7915c275
docs: update authentication dependency names across documentation
...
Updated all documentation to use correct authentication dependency names:
- HTML pages: get_current_admin_from_cookie_or_header, get_current_vendor_from_cookie_or_header, get_current_customer_from_cookie_or_header
- API endpoints: get_current_admin_api, get_current_vendor_api, get_current_customer_api
Changes:
- Updated authentication flow diagrams with correct dependency names for admin and vendor flows
- Added comprehensive customer/shop authentication flow documentation
- Updated cookie isolation architecture to show all three contexts (admin, vendor, shop)
- Expanded security boundary enforcement diagram to include shop routes
- Added customer cross-context prevention examples
- Updated all code examples in frontend and backend documentation
- Fixed import statements to use app.api.deps instead of app.core.auth
Files updated:
- docs/api/authentication-flow-diagrams.md (added customer flows)
- docs/frontend/admin/page-templates.md
- docs/frontend/admin/architecture.md
- docs/frontend/shared/ui-components.md
- docs/frontend/shared/sidebar.md
- docs/development/exception-handling.md
- docs/architecture/diagrams/vendor-domain-diagrams.md
- docs/backend/admin-integration-guide.md
- docs/backend/admin-feature-integration.md
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Co-Authored-By: Claude <noreply@anthropic.com >
2025-11-22 18:21:23 +01:00
608fa8b95c
Fixed login redirecting issues
2025-11-21 23:38:03 +01:00
f14686c131
Fixed url pattern in the doc for path-based shops
2025-11-18 23:18:13 +01:00
b3009e3795
Fixed middleware authentication issues
2025-11-18 22:50:55 +01:00
807033be16
revamping documentation
2025-11-17 22:59:42 +01:00
af23f5b88f
replacing letzshop by wizamart
2025-11-13 15:23:47 +01:00
dd16198276
major refactoring adding vendor and customer features
2025-10-11 09:09:25 +02:00
c971674ec2
marketplace refactoring
2025-10-04 13:38:10 +02:00
6b9817f179
test updates to take into account exception management
2025-09-27 13:47:36 +02:00
5ef018d4ff
Added placeholder for documentation
2025-09-21 17:16:55 +02:00
d0924f90c4
MkDocs documentation integration
2025-09-19 21:23:19 +02:00
