orion

sboulahtit/orion

Fork 0

Commit Graph

Author	SHA1	Message	Date
Samir Boulahtit	d99633345f	feat(loyalty): attribute transactions to the acting POS tablet Adds acting_terminal_device_id to loyalty_transactions so the audit log can distinguish between operations performed via the web terminal (human user JWT) and operations performed via a paired tablet (device JWT). The principal-of-record stays the pairing user — existing reports keep working — and this column adds "which tablet did it" alongside. Threaded through every store-API endpoint that creates a transaction (stamp add/redeem/void, points earn/redeem/void/adjust, enrollment + welcome bonus, card deactivate/reactivate). The route reads current_user.terminal_device_id, which the bearer-auth dep populates when a device JWT is presented. User-token requests leave the column NULL, as covered by the new test. Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery tasks (point expiration) are not threaded — they always come from a human admin or the scheduler, never a tablet. - Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id - 9 service signatures gain the optional kwarg - 8 store-API routes pass it through - Integration tests: device JWT populates the column, user JWT leaves it NULL Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 21:04:56 +02:00
Samir Boulahtit	6276e9e3ac	feat(loyalty): pair POS terminal devices with one-time setup QR Some checks failed CI / ruff (push) Successful in 47s Details CI / validate (push) Has been cancelled Details CI / dependency-scanning (push) Has been cancelled Details CI / docs (push) Has been cancelled Details CI / deploy (push) Has been cancelled Details CI / pytest (push) Has been cancelled Details Adds the backend half of the Android tablet rollout. Merchants can pair tablets to specific stores from /merchants/loyalty/devices (or admins can pair on behalf from the merchant detail page). Each pairing issues a long-lived JWT shown ONCE in the response with a server-rendered QR PNG containing {api_url, store_code, auth_token} — the tablet scans it on first boot and persists the three fields. The store API (/api/v1/store/loyalty/*) now accepts these device JWTs alongside user JWTs. Revoking a device row immediately rejects its token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year; re-pair to renew. - Migration loyalty_010 + TerminalDevice model - create_device_token / verify_device_token JWT helpers - 5 endpoints x 2 portals (merchant + admin on-behalf) - Bearer-auth wiring in app/api/deps.py - Pages, shared list partial with one-time pairing-QR modal, Alpine.js factories - Locale strings (en authoritative; fr/de/lb seeded with EN copy for translation) - 6 integration tests covering pair, list, revoke, idempotency, cross-merchant rejection, store-API auth via device JWT Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-05 20:18:57 +02:00

Author

SHA1

Message

Date

Samir Boulahtit

d99633345f

feat(loyalty): attribute transactions to the acting POS tablet

Adds acting_terminal_device_id to loyalty_transactions so the audit
log can distinguish between operations performed via the web terminal
(human user JWT) and operations performed via a paired tablet (device
JWT). The principal-of-record stays the pairing user — existing
reports keep working — and this column adds "which tablet did it"
alongside.

Threaded through every store-API endpoint that creates a transaction
(stamp add/redeem/void, points earn/redeem/void/adjust, enrollment +
welcome bonus, card deactivate/reactivate). The route reads
current_user.terminal_device_id, which the bearer-auth dep populates
when a device JWT is presented. User-token requests leave the column
NULL, as covered by the new test.

Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery
tasks (point expiration) are not threaded — they always come from a
human admin or the scheduler, never a tablet.

- Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id
- 9 service signatures gain the optional kwarg
- 8 store-API routes pass it through
- Integration tests: device JWT populates the column, user JWT leaves
  it NULL

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-05 21:04:56 +02:00

Samir Boulahtit

6276e9e3ac

feat(loyalty): pair POS terminal devices with one-time setup QR

CI / ruff (push) Successful in 47s

Details

CI / validate (push) Has been cancelled

Details

CI / dependency-scanning (push) Has been cancelled

Details

CI / docs (push) Has been cancelled

Details

CI / deploy (push) Has been cancelled

Details

CI / pytest (push) Has been cancelled

Details

Adds the backend half of the Android tablet rollout. Merchants can
pair tablets to specific stores from /merchants/loyalty/devices (or
admins can pair on behalf from the merchant detail page). Each
pairing issues a long-lived JWT shown ONCE in the response with a
server-rendered QR PNG containing {api_url, store_code, auth_token} —
the tablet scans it on first boot and persists the three fields.

The store API (/api/v1/store/loyalty/*) now accepts these device JWTs
alongside user JWTs. Revoking a device row immediately rejects its
token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year;
re-pair to renew.

- Migration loyalty_010 + TerminalDevice model
- create_device_token / verify_device_token JWT helpers
- 5 endpoints x 2 portals (merchant + admin on-behalf)
- Bearer-auth wiring in app/api/deps.py
- Pages, shared list partial with one-time pairing-QR modal,
  Alpine.js factories
- Locale strings (en authoritative; fr/de/lb seeded with EN copy
  for translation)
- 6 integration tests covering pair, list, revoke, idempotency,
  cross-merchant rejection, store-API auth via device JWT

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-05 20:18:57 +02:00

2 Commits