sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3531ab8405246384adf79627a603833f9de11b23
orion/app/modules/loyalty/models/terminal_device.py
Samir Boulahtit 6276e9e3ac
Some checks failed
CI / ruff (push) Successful in 47s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details
feat(loyalty): pair POS terminal devices with one-time setup QR 
Adds the backend half of the Android tablet rollout. Merchants can
pair tablets to specific stores from /merchants/loyalty/devices (or
admins can pair on behalf from the merchant detail page). Each
pairing issues a long-lived JWT shown ONCE in the response with a
server-rendered QR PNG containing {api_url, store_code, auth_token} —
the tablet scans it on first boot and persists the three fields.

The store API (/api/v1/store/loyalty/*) now accepts these device JWTs
alongside user JWTs. Revoking a device row immediately rejects its
token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year;
re-pair to renew.

- Migration loyalty_010 + TerminalDevice model
- create_device_token / verify_device_token JWT helpers
- 5 endpoints x 2 portals (merchant + admin on-behalf)
- Bearer-auth wiring in app/api/deps.py
- Pages, shared list partial with one-time pairing-QR modal,
  Alpine.js factories
- Locale strings (en authoritative; fr/de/lb seeded with EN copy
  for translation)
- 6 integration tests covering pair, list, revoke, idempotency,
  cross-merchant rejection, store-API auth via device JWT

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:18:57 +02:00

128 lines
3.8 KiB
Python
Raw Blame History

# app/modules/loyalty/models/terminal_device.py
"""
Terminal device model.
A TerminalDevice represents a paired Android (or other) POS tablet bound
to a single store. Each row owns the unique `jti` that we encode in the
device's long-lived JWT — that's the only handle we keep on the issued
token, since the JWT itself is shown once at pairing time and then never
stored. Two states render a device's token unusable: explicit `revoked_at`
(merchant action, row stays for audit) or `expires_at < now` (1y default).
Multiple devices per store are allowed — a store can have several cashiers
each with their own tablet — so there is no unique constraint across
(store_id), only an index for lookups.
"""
from datetime import UTC, datetime
from sqlalchemy import (
CheckConstraint,
Column,
DateTime,
ForeignKey,
Index,
Integer,
String,
)
from sqlalchemy.orm import relationship
from app.core.database import Base
from models.database.base import TimestampMixin
class TerminalDevice(Base, TimestampMixin):
"""A paired POS terminal device (typically an Android tablet)."""
__tablename__ = "loyalty_terminal_devices"
id = Column(Integer, primary_key=True, index=True)
merchant_id = Column(
Integer,
ForeignKey("merchants.id", ondelete="CASCADE"),
nullable=False,
index=True,
)
store_id = Column(
Integer,
ForeignKey("stores.id", ondelete="CASCADE"),
nullable=False,
index=True,
)
label = Column(
String(100),
nullable=False,
comment="Merchant-facing device name e.g. 'Counter 1'",
)
# The only handle we keep on the issued JWT. The token itself is shown
# once at creation and never stored.
jti = Column(String(36), nullable=False, unique=True, index=True)
expires_at = Column(DateTime(timezone=True), nullable=False)
last_seen_at = Column(DateTime(timezone=True), nullable=True)
last_seen_ip = Column(String(45), nullable=True)
revoked_at = Column(DateTime(timezone=True), nullable=True, index=True)
revoked_by_id = Column(
Integer,
ForeignKey("users.id", ondelete="SET NULL"),
nullable=True,
)
revoked_reason = Column(String(255), nullable=True)
# The user who paired the device. Used as the principal of record when
# the device performs operations on the store API.
created_by_id = Column(
Integer,
ForeignKey("users.id", ondelete="SET NULL"),
nullable=True,
)
merchant = relationship("Merchant", backref="terminal_devices")
store = relationship("Store", backref="terminal_devices")
revoked_by = relationship("User", foreign_keys=[revoked_by_id])
created_by = relationship("User", foreign_keys=[created_by_id])
__table_args__ = (
CheckConstraint(
"expires_at > created_at",
name="ck_loyalty_terminal_devices_expiry_after_creation",
),
Index(
"idx_loyalty_terminal_devices_store_active",
"store_id",
"revoked_at",
),
)
def __repr__(self) -> str:
return (
f"<TerminalDevice(id={self.id}, label='{self.label}', "
f"store_id={self.store_id}, revoked={self.revoked_at is not None})>"
)
@property
def is_revoked(self) -> bool:
return self.revoked_at is not None
@property
def is_expired(self) -> bool:
if not self.expires_at:
return False
expiry = self.expires_at
if expiry.tzinfo is None:
expiry = expiry.replace(tzinfo=UTC)
return datetime.now(UTC) >= expiry
@property
def status(self) -> str:
"""One of: active, revoked, expired."""
if self.is_revoked:
return "revoked"
if self.is_expired:
return "expired"
return "active"
Reference in New Issue View Git Blame Copy Permalink