sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
914967edcc532224e3746c819f11dbc3d0d18c27
orion/.architecture-rules/auth.yaml
Samir Boulahtit 7c43d6f4a2 refactor: fix all architecture validator findings (202 → 0) 
Eliminate all 103 errors and 96 warnings from the architecture validator:

Phase 1 - Validator rules & YAML:
- Add NAM-001/NAM-002 exceptions for module-scoped router/service files
- Fix API-004 to detect # public comments on decorator lines
- Add module-specific exception bases to EXC-004 valid_bases
- Exclude storefront files from AUTH-004 store context check
- Add SVC-006 exceptions for loyalty service atomic commits
- Fix _get_rule() to search naming_rules and auth_rules categories
- Use plain # CODE comments instead of # noqa: CODE for custom rules

Phase 2 - Billing module (5 route files):
- Move _resolve_store_to_merchant to subscription_service
- Move tier/feature queries to feature_service, admin_subscription_service
- Extract 22 inline Pydantic schemas to billing/schemas/billing.py
- Replace all HTTPException with domain exceptions

Phase 3 - Loyalty module (4 routes + points_service):
- Add 7 domain exceptions (Apple auth, enrollment, device registration)
- Add service methods to card_service, program_service, apple_wallet_service
- Move all db.query() from routes to service layer
- Fix SVC-001: replace HTTPException in points_service with domain exception

Phase 4 - Remaining modules:
- tenancy: move store stats queries to admin_service
- cms: move platform resolution to content_page_service, add NoPlatformSubscriptionException
- messaging: move user/customer lookups to messaging_service
- Add ConfigDict(from_attributes=True) to ContentPageResponse

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 18:49:24 +01:00

176 lines
6.4 KiB
YAML
Raw Blame History

# Architecture Rules - Authentication & Authorization Rules
# Rules for auth patterns and multi-tenancy
auth_rules:
- id: "AUTH-001"
name: "Use JWT tokens in Authorization header"
severity: "error"
description: |
Authentication must use JWT tokens in Authorization: Bearer header
pattern:
file_pattern:
- "app/api/**/*.py"
- "app/modules/*/routes/api/**/*.py"
enforcement: "middleware"
- id: "AUTH-002"
name: "Role-based access control with Depends"
severity: "error"
description: |
Use Depends(get_current_admin/vendor/customer) for role checks
pattern:
file_pattern:
- "app/api/v1/**/*.py"
- "app/modules/*/routes/api/**/*.py"
required: "Depends\\(get_current_"
- id: "AUTH-003"
name: "Never store plain passwords"
severity: "error"
description: |
Always hash passwords with bcrypt before storing
pattern:
file_pattern: "app/services/auth_service.py"
required: "bcrypt"
- id: "AUTH-004"
name: "Vendor context pattern - use appropriate dependency for endpoint type"
severity: "error"
description: |
Two vendor context patterns exist - use the appropriate one:
1. STOREFRONT ENDPOINTS (public, no authentication required):
- Use: vendor: Vendor = Depends(require_vendor_context())
- Vendor is detected from URL/subdomain/domain
- File pattern: app/api/v1/storefront/**/*.py, app/modules/*/routes/api/storefront*.py
- Mark as public with: # public
2. VENDOR API ENDPOINTS (authenticated):
- Use: current_user.token_vendor_id from JWT token
- Or use permission dependencies: require_vendor_permission(), require_vendor_owner
- These dependencies get vendor from token and set request.state.vendor
- File pattern: app/api/v1/vendor/**/*.py
DEPRECATED for vendor APIs:
- require_vendor_context() - only for storefront endpoints
- getattr(request.state, "vendor", None) without permission dependency
See: docs/backend/vendor-in-token-architecture.md
pattern:
file_pattern:
- "app/api/v1/vendor/**/*.py"
- "app/modules/*/routes/api/store*.py"
anti_patterns:
- "require_vendor_context\\(\\)"
file_pattern:
- "app/api/v1/storefront/**/*.py"
- "app/modules/*/routes/api/storefront*.py"
required_patterns:
- "require_vendor_context\\(\\)|# public"
- id: "AUTH-005"
name: "Routes must use UserContext, not User model attributes"
severity: "error"
description: |
When using current_user from dependency injection, it is a UserContext
(Pydantic schema), NOT a User (SQLAlchemy model). Do not access:
FORBIDDEN (SQLAlchemy relationships/columns not in UserContext):
- current_user.admin_platforms → Use accessible_platform_ids
- current_user.vendors → Use token_vendor_id
- current_user.owned_companies → Query via service
- current_user.hashed_password → Never needed in routes
- current_user.created_at → Query User if needed
- current_user.updated_at → Query User if needed
CORRECT ALTERNATIVES:
- current_user.accessible_platform_ids # list[int] | None
- current_user.token_platform_id # Selected platform from JWT
- current_user.token_vendor_id # Vendor from JWT
- current_user.is_super_admin # Boolean
- current_user.can_access_platform(id) # Helper method
See: docs/architecture/user-context-pattern.md
pattern:
file_pattern: "app/modules/*/routes/**/*.py"
anti_patterns:
- "current_user\\.admin_platforms"
- "current_user\\.vendors"
- "current_user\\.owned_companies"
- "current_user\\.hashed_password"
- id: "AUTH-006"
name: "JWT token context fields must be defined in UserContext"
severity: "error"
description: |
When adding new context to JWT tokens, ensure the field is:
1. Added to UserContext schema (models/schema/auth.py)
2. Extracted in verify_token() (middleware/auth.py)
3. Attached to User in get_current_user() (middleware/auth.py)
4. Copied in UserContext.from_user() method
Pattern: token_* prefix for JWT-derived fields
- token_platform_id, token_platform_code (admin platform context)
- token_vendor_id, token_vendor_code, token_vendor_role (vendor context)
If getattr(current_user, "token_X", None) is needed, the field is missing
from UserContext and should be added.
See: docs/architecture/user-context-pattern.md
pattern:
file_pattern: "app/modules/*/routes/**/*.py"
anti_patterns:
- "getattr\\(current_user,\\s*['\"]token_"
- id: "AUTH-007"
name: "Response models must match available UserContext data"
severity: "error"
description: |
When returning user data from endpoints that use UserContext:
1. Do NOT return LoginResponse(user=current_user) if LoginResponse.user
expects UserResponse with created_at/updated_at
2. Create dedicated response models for different contexts:
- LoginResponse: Full user data (from login, has timestamps)
- PlatformSelectResponse: Token + platform info (no user data)
- TokenRefreshResponse: Just new token data
3. If user timestamps are needed, query the User model explicitly
See: docs/architecture/user-context-pattern.md
pattern:
file_pattern: "app/modules/*/routes/**/*.py"
enforcement: "review"
# ============================================================================
# MULTI-TENANCY RULES
# ============================================================================
multi_tenancy_rules:
- id: "MT-001"
name: "All queries must be scoped to vendor_id"
severity: "error"
description: |
In vendor/shop contexts, all database queries must filter by vendor_id
pattern:
file_pattern:
- "app/services/**/*.py"
- "app/modules/*/services/**/*.py"
context: "vendor_shop"
required_pattern: ".filter\\(.*vendor_id.*\\)"
- id: "MT-002"
name: "No cross-vendor data access"
severity: "error"
description: |
Queries must never access data from other vendors
pattern:
file_pattern:
- "app/services/**/*.py"
- "app/modules/*/services/**/*.py"
enforcement: "database_query_level"
Reference in New Issue View Git Blame Copy Permalink