Samir Boulahtit
6276e9e3ac
Some checks failed
Adds the backend half of the Android tablet rollout. Merchants can
pair tablets to specific stores from /merchants/loyalty/devices (or
admins can pair on behalf from the merchant detail page). Each
pairing issues a long-lived JWT shown ONCE in the response with a
server-rendered QR PNG containing {api_url, store_code, auth_token} —
the tablet scans it on first boot and persists the three fields.
The store API (/api/v1/store/loyalty/*) now accepts these device JWTs
alongside user JWTs. Revoking a device row immediately rejects its
token (401 TERMINAL_DEVICE_REVOKED). Tokens expire after 1 year;
re-pair to renew.
- Migration loyalty_010 + TerminalDevice model
- create_device_token / verify_device_token JWT helpers
- 5 endpoints x 2 portals (merchant + admin on-behalf)
- Bearer-auth wiring in app/api/deps.py
- Pages, shared list partial with one-time pairing-QR modal,
Alpine.js factories
- Locale strings (en authoritative; fr/de/lb seeded with EN copy
for translation)
- 6 integration tests covering pair, list, revoke, idempotency,
cross-merchant rejection, store-API auth via device JWT
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
73 lines
2.1 KiB
Python
73 lines
2.1 KiB
Python
# app/modules/loyalty/schemas/terminal_device.py
|
|
"""Pydantic schemas for terminal device pairing & management."""
|
|
|
|
from datetime import datetime
|
|
|
|
from pydantic import BaseModel, ConfigDict, Field
|
|
|
|
|
|
class TerminalDeviceCreate(BaseModel):
|
|
"""Pair a new terminal device. Issues a long-lived JWT shown once."""
|
|
|
|
store_id: int = Field(..., gt=0, description="Store the device is bound to")
|
|
label: str = Field(
|
|
...,
|
|
min_length=1,
|
|
max_length=100,
|
|
description="Merchant-facing name e.g. 'Counter 1'",
|
|
)
|
|
|
|
|
|
class TerminalDeviceUpdate(BaseModel):
|
|
"""Update a paired device's label. Token is not affected."""
|
|
|
|
model_config = ConfigDict(from_attributes=True)
|
|
|
|
label: str | None = Field(None, min_length=1, max_length=100)
|
|
|
|
|
|
class TerminalDeviceRevoke(BaseModel):
|
|
"""Revoke a device's token, optionally with a reason for the audit log."""
|
|
|
|
reason: str | None = Field(None, max_length=255)
|
|
|
|
|
|
class TerminalDeviceResponse(BaseModel):
|
|
"""Read view of a paired device. Never includes the JWT."""
|
|
|
|
model_config = ConfigDict(from_attributes=True)
|
|
|
|
id: int
|
|
merchant_id: int
|
|
store_id: int
|
|
store_name: str | None = None
|
|
label: str
|
|
status: str # active | revoked | expired
|
|
expires_at: datetime
|
|
last_seen_at: datetime | None = None
|
|
last_seen_ip: str | None = None
|
|
revoked_at: datetime | None = None
|
|
revoked_by_id: int | None = None
|
|
revoked_reason: str | None = None
|
|
created_by_id: int | None = None
|
|
created_at: datetime
|
|
|
|
|
|
class TerminalDevicePairingResponse(TerminalDeviceResponse):
|
|
"""Returned by POST only. Carries the one-time setup token + QR PNG."""
|
|
|
|
setup_token: str = Field(..., description="The signed JWT — shown once")
|
|
setup_payload: dict = Field(
|
|
...,
|
|
description="Decoded {api_url, store_code, auth_token} payload encoded in the QR",
|
|
)
|
|
qr_png_base64: str = Field(
|
|
...,
|
|
description="Base64-encoded PNG of the setup QR (data:image/png;base64,...)",
|
|
)
|
|
|
|
|
|
class TerminalDeviceListResponse(BaseModel):
|
|
devices: list[TerminalDeviceResponse]
|
|
total: int
|