read.markets

giorgio/read.markets

Fork 0

Commit graph

Author	SHA1	Message	Date
Giorgio Gilestro	78ce8c8b0d	alembic: make migration chain SQLite-compatible (fresh upgrade) Five existing migrations used op.alter_column / op.create_unique_constraint / op.drop_constraint / op.create_foreign_key directly on the users + quotes + quotes_daily tables. SQLite has no native support for those operations and requires Alembic's batch_alter_table copy-and-rename workaround. This wasn't noticed until now because the test suite uses Base.metadata.create_all to materialise schema, not the migration chain itself; and prod is MariaDB. But running `alembic upgrade head` against a fresh SQLite database (developer onboarding, CI smoke tests, the test container's own bootstrap) would fail at 0005. Fixes: - alembic/env.py: set render_as_batch=True when the dialect is SQLite. This auto-wraps any future autogenerated migration but doesn't retroactively rewrite existing op.* calls. - 0005 (widen quotes.symbol), 0013 (referrals), 0018 (polar webhook), 0019 (stripe), 0023 (users.lang index + qd_symbol widen) explicitly wrap their problematic ops in `with op.batch_alter_table(...) as bop`. Now `alembic upgrade head` + `alembic downgrade base` round-trip cleanly on a fresh SQLite database. MariaDB prod behaviour unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-28 00:16:09 +02:00
Giorgio Gilestro	410afe0078	stripe: wire checkout, customer portal, and webhook for read.markets Stripe is the merchant-on-record for read.markets after Polar/Paddle both declined the financial-media category. This commit lands the full subscription flow: an "Upgrade" button on /pricing now opens a real Stripe-hosted Checkout, completes the subscription, and the webhook flips user.tier to "paid" idempotently. Endpoints - POST /api/stripe/checkout (require_auth) — creates a hosted Checkout Session in subscription mode, passes user.id as client_reference_id + email as customer_email, returns the URL for the page-side JS to redirect to. Reuses an existing stripe_customer_id to avoid duplicate Stripe customers on repeat checkouts. allow_promotion_codes=True so the referral-credit redemption can attach a coupon at checkout once that flow ships. - POST /api/stripe/portal (require_auth) — mints a Stripe Customer Portal session. Used by /settings; returns 404 until the user has a stripe_customer_id (i.e. completed at least one checkout). - POST /api/stripe/webhook — signature-verified via stripe.Webhook.construct_event. Idempotent via UNIQUE on stripe_events.event_id. Event dispatch: checkout.session.completed → grant paid, store IDs customer.subscription.created → grant paid (active/trialing) customer.subscription.updated → grant paid (active/trialing) customer.subscription.deleted → drop to free, clear sub id invoice.paid / failed → audit only charge.refunded → audit only Stripe-SDK objects don't expose dict.get(); we use the SDK for signature verification then re-parse the JSON body for handler dispatch — cleaner than reaching into StripeObject internals. Schema (migration 0019) - users.stripe_customer_id, users.stripe_subscription_id (nullable String(64), UNIQUE on customer_id). - stripe_events table mirroring polar_events: event_id (unique), event_type, received_at, processed_at, error, raw payload (truncated to 16 KiB). Settings (.env) - STRIPE_API_KEY (rk_test_… for dev, rk_live_… for GA) - STRIPE_WEBHOOK_SECRET (whsec_… from the dashboard endpoint) - STRIPE_PRICE_MONTHLY (price_xxx for £7/month) - STRIPE_PRICE_ANNUAL (price_xxx for £70/year) Pricing page - Free tier CTA unchanged. - Paid CTA branches three ways: paid → "Manage subscription" to /settings; logged-in free → two buttons (£7/mo, £70/yr) that POST to /api/stripe/checkout and redirect; anonymous → /login?next=/pricing. - Inline JS intercepts the button click, calls the checkout endpoint, redirects on success, surfaces errors via alert(). No Stripe.js dep — we use the hosted-checkout URL directly. Polar handler stays in place for berengar.io / flyroom.net which still ship through Polar. polar_* and stripe_* columns coexist independently on the User row. Tests - 9 in tests/test_stripe_billing.py covering: bad signature → 401, missing signature → 400, checkout.session.completed flips tier + stores IDs, subscription.updated active grants paid, subscription.deleted drops to free with customer id preserved, replayed event id is no-op (one row in stripe_events), unknown event acked 200, checkout endpoint mocks the SDK and returns the hosted URL, checkout requires login. - Full suite: 221 passed, 5 skipped. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-26 18:45:13 +02:00

Author

SHA1

Message

Date

Giorgio Gilestro

78ce8c8b0d

alembic: make migration chain SQLite-compatible (fresh upgrade)

Five existing migrations used op.alter_column / op.create_unique_constraint /
op.drop_constraint / op.create_foreign_key directly on the users + quotes +
quotes_daily tables. SQLite has no native support for those operations and
requires Alembic's batch_alter_table copy-and-rename workaround.

This wasn't noticed until now because the test suite uses
Base.metadata.create_all to materialise schema, not the migration chain
itself; and prod is MariaDB. But running `alembic upgrade head` against
a fresh SQLite database (developer onboarding, CI smoke tests, the
test container's own bootstrap) would fail at 0005.

Fixes:
- alembic/env.py: set render_as_batch=True when the dialect is SQLite.
  This auto-wraps any future autogenerated migration but doesn't
  retroactively rewrite existing op.* calls.
- 0005 (widen quotes.symbol), 0013 (referrals), 0018 (polar webhook),
  0019 (stripe), 0023 (users.lang index + qd_symbol widen) explicitly
  wrap their problematic ops in `with op.batch_alter_table(...) as bop`.

Now `alembic upgrade head` + `alembic downgrade base` round-trip cleanly
on a fresh SQLite database. MariaDB prod behaviour unchanged.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-28 00:16:09 +02:00

Giorgio Gilestro

410afe0078

stripe: wire checkout, customer portal, and webhook for read.markets

Stripe is the merchant-on-record for read.markets after Polar/Paddle
both declined the financial-media category. This commit lands the
full subscription flow: an "Upgrade" button on /pricing now opens a
real Stripe-hosted Checkout, completes the subscription, and the
webhook flips user.tier to "paid" idempotently.

Endpoints
- POST /api/stripe/checkout (require_auth) — creates a hosted
  Checkout Session in subscription mode, passes user.id as
  client_reference_id + email as customer_email, returns the URL
  for the page-side JS to redirect to. Reuses an existing
  stripe_customer_id to avoid duplicate Stripe customers on repeat
  checkouts. allow_promotion_codes=True so the referral-credit
  redemption can attach a coupon at checkout once that flow ships.
- POST /api/stripe/portal (require_auth) — mints a Stripe Customer
  Portal session. Used by /settings; returns 404 until the user has
  a stripe_customer_id (i.e. completed at least one checkout).
- POST /api/stripe/webhook — signature-verified via
  stripe.Webhook.construct_event. Idempotent via UNIQUE on
  stripe_events.event_id. Event dispatch:
    checkout.session.completed       → grant paid, store IDs
    customer.subscription.created    → grant paid (active/trialing)
    customer.subscription.updated    → grant paid (active/trialing)
    customer.subscription.deleted    → drop to free, clear sub id
    invoice.paid / failed            → audit only
    charge.refunded                  → audit only
  Stripe-SDK objects don't expose dict.get(); we use the SDK for
  signature verification then re-parse the JSON body for handler
  dispatch — cleaner than reaching into StripeObject internals.

Schema (migration 0019)
- users.stripe_customer_id, users.stripe_subscription_id (nullable
  String(64), UNIQUE on customer_id).
- stripe_events table mirroring polar_events: event_id (unique),
  event_type, received_at, processed_at, error, raw payload
  (truncated to 16 KiB).

Settings (.env)
- STRIPE_API_KEY            (rk_test_… for dev, rk_live_… for GA)
- STRIPE_WEBHOOK_SECRET     (whsec_… from the dashboard endpoint)
- STRIPE_PRICE_MONTHLY      (price_xxx for £7/month)
- STRIPE_PRICE_ANNUAL       (price_xxx for £70/year)

Pricing page
- Free tier CTA unchanged.
- Paid CTA branches three ways: paid → "Manage subscription" to
  /settings; logged-in free → two buttons (£7/mo, £70/yr) that POST
  to /api/stripe/checkout and redirect; anonymous → /login?next=/pricing.
- Inline JS intercepts the button click, calls the checkout
  endpoint, redirects on success, surfaces errors via alert(). No
  Stripe.js dep — we use the hosted-checkout URL directly.

Polar handler stays in place for berengar.io / flyroom.net which
still ship through Polar. polar_* and stripe_* columns coexist
independently on the User row.

Tests
- 9 in tests/test_stripe_billing.py covering: bad signature → 401,
  missing signature → 400, checkout.session.completed flips tier +
  stores IDs, subscription.updated active grants paid,
  subscription.deleted drops to free with customer id preserved,
  replayed event id is no-op (one row in stripe_events),
  unknown event acked 200, checkout endpoint mocks the SDK and
  returns the hosted URL, checkout requires login.
- Full suite: 221 passed, 5 skipped.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-26 18:45:13 +02:00

2 commits