sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4aa6f76e4698d91c2cc048c43394eed402699c19
orion/app/api/v1/platform/signup.py
Samir Boulahtit f20266167d
Some checks failed
CI / ruff (push) Failing after 7s
Details
CI / pytest (push) Failing after 1s
Details
CI / architecture (push) Failing after 9s
Details
CI / dependency-scanning (push) Successful in 27s
Details
CI / audit (push) Successful in 8s
Details
CI / docs (push) Has been skipped
Details
fix(lint): auto-fix ruff violations and tune lint rules 
- Auto-fixed 4,496 lint issues (import sorting, modern syntax, etc.)
- Added ignore rules for patterns intentional in this codebase:
  E402 (late imports), E712 (SQLAlchemy filters), B904 (raise from),
  SIM108/SIM105/SIM117 (readability preferences)
- Added per-file ignores for tests and scripts
- Excluded broken scripts/rename_terminology.py (has curly quotes)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-12 23:10:42 +01:00

280 lines
7.6 KiB
Python
Raw Blame History

# app/api/v1/platform/signup.py
"""
Platform signup API endpoints.
Handles the multi-step signup flow:
1. Start signup (select tier)
2. Claim Letzshop store (optional)
3. Create account
4. Setup payment (collect card via SetupIntent)
5. Complete signup (create subscription with trial)
All endpoints are public (no authentication required).
"""
import logging
from fastapi import APIRouter, Depends, Response
from pydantic import BaseModel, EmailStr
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.environment import should_use_secure_cookies
from app.modules.marketplace.services.platform_signup_service import (
platform_signup_service,
)
router = APIRouter()
logger = logging.getLogger(__name__)
# =============================================================================
# Request/Response Schemas
# =============================================================================
class SignupStartRequest(BaseModel):
"""Start signup - select tier."""
tier_code: str
is_annual: bool = False
class SignupStartResponse(BaseModel):
"""Response from signup start."""
session_id: str
tier_code: str
is_annual: bool
class ClaimStoreRequest(BaseModel):
"""Claim Letzshop store."""
session_id: str
letzshop_slug: str
letzshop_store_id: str | None = None
class ClaimStoreResponse(BaseModel):
"""Response from store claim."""
session_id: str
letzshop_slug: str
store_name: str | None
class CreateAccountRequest(BaseModel):
"""Create account."""
session_id: str
email: EmailStr
password: str
first_name: str
last_name: str
merchant_name: str
phone: str | None = None
class CreateAccountResponse(BaseModel):
"""Response from account creation."""
session_id: str
user_id: int
store_id: int
stripe_customer_id: str
class SetupPaymentRequest(BaseModel):
"""Request payment setup."""
session_id: str
class SetupPaymentResponse(BaseModel):
"""Response with Stripe SetupIntent client secret."""
session_id: str
client_secret: str
stripe_customer_id: str
class CompleteSignupRequest(BaseModel):
"""Complete signup after card collection."""
session_id: str
setup_intent_id: str
class CompleteSignupResponse(BaseModel):
"""Response from signup completion."""
success: bool
store_code: str
store_id: int
redirect_url: str
trial_ends_at: str
access_token: str | None = None # JWT token for automatic login
# =============================================================================
# Endpoints
# =============================================================================
@router.post("/signup/start", response_model=SignupStartResponse) # public
async def start_signup(request: SignupStartRequest) -> SignupStartResponse:
"""
Start the signup process.
Step 1: User selects a tier and billing period.
Creates a signup session to track the flow.
"""
session_id = platform_signup_service.create_session(
tier_code=request.tier_code,
is_annual=request.is_annual,
)
return SignupStartResponse(
session_id=session_id,
tier_code=request.tier_code,
is_annual=request.is_annual,
)
@router.post("/signup/claim-store", response_model=ClaimStoreResponse) # public
async def claim_letzshop_store(
request: ClaimStoreRequest,
db: Session = Depends(get_db),
) -> ClaimStoreResponse:
"""
Claim a Letzshop store.
Step 2 (optional): User claims their Letzshop shop.
This pre-fills store info during account creation.
"""
store_name = platform_signup_service.claim_store(
db=db,
session_id=request.session_id,
letzshop_slug=request.letzshop_slug,
letzshop_store_id=request.letzshop_store_id,
)
return ClaimStoreResponse(
session_id=request.session_id,
letzshop_slug=request.letzshop_slug,
store_name=store_name,
)
@router.post("/signup/create-account", response_model=CreateAccountResponse) # public
async def create_account(
request: CreateAccountRequest,
db: Session = Depends(get_db),
) -> CreateAccountResponse:
"""
Create user and store accounts.
Step 3: User provides account details.
Creates User, Merchant, Store, and Stripe Customer.
"""
result = platform_signup_service.create_account(
db=db,
session_id=request.session_id,
email=request.email,
password=request.password,
first_name=request.first_name,
last_name=request.last_name,
merchant_name=request.merchant_name,
phone=request.phone,
)
return CreateAccountResponse(
session_id=request.session_id,
user_id=result.user_id,
store_id=result.store_id,
stripe_customer_id=result.stripe_customer_id,
)
@router.post("/signup/setup-payment", response_model=SetupPaymentResponse) # public
async def setup_payment(request: SetupPaymentRequest) -> SetupPaymentResponse:
"""
Create Stripe SetupIntent for card collection.
Step 4: Collect card details without charging.
The card will be charged after the trial period ends.
"""
client_secret, stripe_customer_id = platform_signup_service.setup_payment(
session_id=request.session_id,
)
return SetupPaymentResponse(
session_id=request.session_id,
client_secret=client_secret,
stripe_customer_id=stripe_customer_id,
)
@router.post("/signup/complete", response_model=CompleteSignupResponse) # public
async def complete_signup(
request: CompleteSignupRequest,
response: Response,
db: Session = Depends(get_db),
) -> CompleteSignupResponse:
"""
Complete signup after card collection.
Step 5: Verify SetupIntent, attach payment method, create subscription.
Also sets HTTP-only cookie for page navigation and returns token for localStorage.
"""
result = platform_signup_service.complete_signup(
db=db,
session_id=request.session_id,
setup_intent_id=request.setup_intent_id,
)
# Set HTTP-only cookie for page navigation (same as login does)
# This enables the user to access store pages immediately after signup
if result.access_token:
response.set_cookie(
key="store_token",
value=result.access_token,
httponly=True, # JavaScript cannot access (XSS protection)
secure=should_use_secure_cookies(), # HTTPS only in production/staging
samesite="lax", # CSRF protection
max_age=3600 * 24, # 24 hours
path="/store", # RESTRICTED TO STORE ROUTES ONLY
)
logger.info(f"Set store_token cookie for new store {result.store_code}")
return CompleteSignupResponse(
success=result.success,
store_code=result.store_code,
store_id=result.store_id,
redirect_url=result.redirect_url,
trial_ends_at=result.trial_ends_at,
access_token=result.access_token,
)
@router.get("/signup/session/{session_id}") # public
async def get_signup_session(session_id: str) -> dict:
"""
Get signup session status.
Useful for resuming an incomplete signup.
"""
session = platform_signup_service.get_session_or_raise(session_id)
# Return safe subset of session data
return {
"session_id": session_id,
"step": session.get("step"),
"tier_code": session.get("tier_code"),
"is_annual": session.get("is_annual"),
"letzshop_slug": session.get("letzshop_slug"),
"store_name": session.get("store_name"),
"created_at": session.get("created_at"),
}
Reference in New Issue View Git Blame Copy Permalink