phase D milestones 1+2: referral system + paid-access gate

Lays the billing-prep spine before Paddle lands in D.3. D.1 — referrals - users.referral_code: unique 8-char URL-safe code (alphabet excludes the ambiguous 0/O/1/I/L). Generated lazily on first /settings hit so existing accounts pick one up without a backfill migration. - users.referred_by_user_id + new referrals audit table (referrer, referred, created_at, converted_at, credited_at). converted_at / credited_at stay null until D.3 fills them via the Paddle webhook. - POST /login accepts ?ref=<code>; the code rides on the signed pending-verify cookie so it survives the GET → POST → /verify hop. - /settings page: email, tier badge, referral code chip + invite link with one-click copy, pending/converted/active-credits stats grid. Settings nav link added to the top bar. Reward shape: when the referred user makes their first paid Paddle subscription, both they and the referrer get 50% off for 3 months. (D.3 wires the actual credit application via the Paddle webhook.) D.2 — paid-access gate - users.credit_until: timestamp until which a free-tier account has paid-tier access. Null = no credit. Populated by admin CLI now and the D.3 webhook later. - app.services.access exposes paid_status(user) → PaidStatus dataclass (active / source / expires_at / days_remaining), is_paid_active() with admin-bearer-token bypass, and a require_paid FastAPI dependency that raises 402 Payment Required for free-tier callers. - POST /api/analyze (portfolio AI commentary) gated behind require_paid. - Settings page surfaces credit window when active ("free · credit · N day(s) remaining (expires YYYY-MM-DD)") and the upgrade hint when not. - Admin CLI: python -m app.cli {grant-credit,revoke-credit,show-status}. grant-credit is idempotent — extends from max(now, current expiry) so re-running the command never erodes an existing grant. Migrations 0013 (referrals) and 0014 (credit_until). Tests cover the paid-status truth table, code generation + normalisation, CLI argument parsing, and the pending-cookie ref roundtrip (29 new tests).
2026-05-21 23:25:35 +01:00 · 2026-05-21 23:25:35 +01:00 · 9759080134
commit 9759080134
parent 2013bfa8cc
18 changed files with 1159 additions and 21 deletions
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@ -0,0 +1,49 @@
+"""Unit tests for app.cli.
+
+Sub-command parsing only — the DB-touching paths (`grant_credit`,
+`revoke_credit`, `show_status`) are exercised manually inside the dev
+container. The parser-level tests are enough to catch the common
+shapes: bad args, missing args, unknown sub-command."""
+from __future__ import annotations
+
+import pytest
+
+from app.cli import build_parser
+
+
+def test_grant_credit_parses():
+    args = build_parser().parse_args(["grant-credit", "user@example.com", "3"])
+    assert args.cmd == "grant-credit"
+    assert args.email == "user@example.com"
+    assert args.months == 3.0
+
+
+def test_grant_credit_accepts_fractional_months():
+    args = build_parser().parse_args(["grant-credit", "user@x.com", "0.5"])
+    assert args.months == 0.5
+
+
+def test_revoke_credit_parses():
+    args = build_parser().parse_args(["revoke-credit", "user@example.com"])
+    assert args.cmd == "revoke-credit"
+    assert args.email == "user@example.com"
+
+
+def test_show_status_parses():
+    args = build_parser().parse_args(["show-status", "user@example.com"])
+    assert args.cmd == "show-status"
+
+
+def test_grant_credit_requires_months():
+    with pytest.raises(SystemExit):
+        build_parser().parse_args(["grant-credit", "user@example.com"])
+
+
+def test_unknown_command_rejected():
+    with pytest.raises(SystemExit):
+        build_parser().parse_args(["bogus-cmd"])
+
+
+def test_no_command_rejected():
+    with pytest.raises(SystemExit):
+        build_parser().parse_args([])