read.markets

giorgio/read.markets

Fork 0

Commit graph

Author	SHA1	Message	Date
Giorgio Gilestro	ce36ce36fd	referrals: close D.3 — both parties get 45 days credit on conversion The referral feature was half-built: codes captured, banner shown, counts displayed — but no money flowed when a referred user paid. The Settings page hard-coded "— (D.3)" for Active credits and the marketing copy promised "50% off for 3 months" with nothing behind it. Closing the loop: - New `convert_referral(session, user)` in referral_service.py looks up the user's Referral row, stamps `converted_at` + `credited_at`, and extends `credit_until` by 45 days on BOTH the buyer and the referrer. Idempotent — replayed webhooks and renewals are no-ops. Stacks correctly when the user already has a credit window running (anchors at max(now, current_credit_until) like cli.grant_credit). - Stripe webhook wires this into `_grant_paid`. A captured `first_paid_transition = user.tier != "paid"` gate avoids the DB lookup on every renewal event; convert_referral's own idempotency is the second line of defence. - `_grant_paid` now takes `session` as its first positional arg so the conversion runs inside the same transaction as the tier flip and audit-row write. A mid-flight failure rolls everything back together — no partial state. - Settings page replaces the "— (D.3)" placeholder with the live count of conversions still inside their 45-day credit window, plus a "+N days on your account" hint when the user has any credit of their own (referrer bonus, admin grant, or future refund-as-credit). - Marketing copy on pricing.html + settings.html switches from "50% off for 3 months" to "45 days of paid access" — same economic value, honest about the actual mechanism (full free access rather than discounted billing). Credit-amount rationale: 50% × 3 months ≈ 1.5 months of free service ≈ 45 days. Pure-credit delivery is processor-agnostic, needs no Stripe coupon plumbing, and stacks cleanly across referrals. 7 new tests in test_referral_conversion.py cover the happy path, idempotency, no-referral no-op, credit stacking, deleted-referrer survival, end-to-end webhook → credit landing, and the renewal-event no-double-credit guarantee. Also bundled: the Restore-button class fix from earlier (portfolio.js — the cloud-restore "Restore" submit was unstyled and picked up browser defaults; now uses .settings-btn like the rest of the action-button family). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-26 23:05:29 +02:00
Giorgio Gilestro	f326b41a08	sync: encrypted cloud backup for portfolios + settings UX rework Adds opt-in client-side-encrypted portfolio sync (paid). Browser PBKDF2(PIN) → AES-GCM, server HKDF(pepper, user_id) outer wrap; server stores opaque bytes only. Sliding-window rate limit on GET. - new portfolio_sync table (migration 0015) - POST/GET/DELETE /api/portfolio/sync + /status - app/services/portfolio_sync.py crypto + rate limit - app/routers/sync.py paid-gated - app/static/js/portfolio-sync.js WebCrypto wrapper - settings page: enable/disable + PIN modal - PORTFOLIO_SYNC_PEPPER setting (warn on startup if missing) Settings + import rework: - /upload merged into /settings#import (legacy route 302s) - drop CSV → auto-parse → preview → Import only / Import & sync - nav slimmed to Dashboard / News / Log - Settings + Logout moved to a user dropdown - brand logo links to / Collateral fixes: - settings 500: re-fetch User in current session before mutating referral_code (assign_code_if_missing was refreshing a User loaded in the auth dep's now-closed session) - csv_import: distinct error for unfunded T212 pies (all qty=0) - db.py: drop pool_pre_ping (aiomysql 0.3.2 incompat); pin isolation_level=READ COMMITTED to avoid gap-lock deadlocks - alembic env: disable_existing_loggers=False so in-process migrations don't silence uvicorn's loggers - docker-compose.override.yml: dev-only volume mount + --reload Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-23 16:15:54 +02:00
Giorgio Gilestro	9759080134	phase D milestones 1+2: referral system + paid-access gate Lays the billing-prep spine before Paddle lands in D.3. D.1 — referrals - users.referral_code: unique 8-char URL-safe code (alphabet excludes the ambiguous 0/O/1/I/L). Generated lazily on first /settings hit so existing accounts pick one up without a backfill migration. - users.referred_by_user_id + new referrals audit table (referrer, referred, created_at, converted_at, credited_at). converted_at / credited_at stay null until D.3 fills them via the Paddle webhook. - POST /login accepts ?ref=<code>; the code rides on the signed pending-verify cookie so it survives the GET → POST → /verify hop. - /settings page: email, tier badge, referral code chip + invite link with one-click copy, pending/converted/active-credits stats grid. Settings nav link added to the top bar. Reward shape: when the referred user makes their first paid Paddle subscription, both they and the referrer get 50% off for 3 months. (D.3 wires the actual credit application via the Paddle webhook.) D.2 — paid-access gate - users.credit_until: timestamp until which a free-tier account has paid-tier access. Null = no credit. Populated by admin CLI now and the D.3 webhook later. - app.services.access exposes paid_status(user) → PaidStatus dataclass (active / source / expires_at / days_remaining), is_paid_active() with admin-bearer-token bypass, and a require_paid FastAPI dependency that raises 402 Payment Required for free-tier callers. - POST /api/analyze (portfolio AI commentary) gated behind require_paid. - Settings page surfaces credit window when active ("free · credit · N day(s) remaining (expires YYYY-MM-DD)") and the upgrade hint when not. - Admin CLI: python -m app.cli {grant-credit,revoke-credit,show-status}. grant-credit is idempotent — extends from max(now, current expiry) so re-running the command never erodes an existing grant. Migrations 0013 (referrals) and 0014 (credit_until). Tests cover the paid-status truth table, code generation + normalisation, CLI argument parsing, and the pending-cookie ref roundtrip (29 new tests).	2026-05-21 23:25:35 +01:00

Author

SHA1

Message

Date

Giorgio Gilestro

ce36ce36fd

referrals: close D.3 — both parties get 45 days credit on conversion

The referral feature was half-built: codes captured, banner shown,
counts displayed — but no money flowed when a referred user paid.
The Settings page hard-coded "— (D.3)" for Active credits and the
marketing copy promised "50% off for 3 months" with nothing behind it.

Closing the loop:

- New `convert_referral(session, user)` in referral_service.py looks
  up the user's Referral row, stamps `converted_at` + `credited_at`,
  and extends `credit_until` by 45 days on BOTH the buyer and the
  referrer. Idempotent — replayed webhooks and renewals are no-ops.
  Stacks correctly when the user already has a credit window running
  (anchors at max(now, current_credit_until) like cli.grant_credit).

- Stripe webhook wires this into `_grant_paid`. A captured
  `first_paid_transition = user.tier != "paid"` gate avoids the DB
  lookup on every renewal event; convert_referral's own idempotency
  is the second line of defence.

- `_grant_paid` now takes `session` as its first positional arg so
  the conversion runs inside the same transaction as the tier flip
  and audit-row write. A mid-flight failure rolls everything back
  together — no partial state.

- Settings page replaces the "— (D.3)" placeholder with the live
  count of conversions still inside their 45-day credit window, plus
  a "+N days on your account" hint when the user has any credit of
  their own (referrer bonus, admin grant, or future refund-as-credit).

- Marketing copy on pricing.html + settings.html switches from "50%
  off for 3 months" to "45 days of paid access" — same economic value,
  honest about the actual mechanism (full free access rather than
  discounted billing).

Credit-amount rationale: 50% × 3 months ≈ 1.5 months of free
service ≈ 45 days. Pure-credit delivery is processor-agnostic, needs
no Stripe coupon plumbing, and stacks cleanly across referrals.

7 new tests in test_referral_conversion.py cover the happy path,
idempotency, no-referral no-op, credit stacking, deleted-referrer
survival, end-to-end webhook → credit landing, and the renewal-event
no-double-credit guarantee.

Also bundled: the Restore-button class fix from earlier
(portfolio.js — the cloud-restore "Restore" submit was unstyled and
picked up browser defaults; now uses .settings-btn like the rest of
the action-button family).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-26 23:05:29 +02:00

Giorgio Gilestro

f326b41a08

sync: encrypted cloud backup for portfolios + settings UX rework

Adds opt-in client-side-encrypted portfolio sync (paid). Browser
PBKDF2(PIN) → AES-GCM, server HKDF(pepper, user_id) outer wrap;
server stores opaque bytes only. Sliding-window rate limit on GET.

  - new portfolio_sync table (migration 0015)
  - POST/GET/DELETE /api/portfolio/sync + /status
  - app/services/portfolio_sync.py crypto + rate limit
  - app/routers/sync.py paid-gated
  - app/static/js/portfolio-sync.js WebCrypto wrapper
  - settings page: enable/disable + PIN modal
  - PORTFOLIO_SYNC_PEPPER setting (warn on startup if missing)

Settings + import rework:

  - /upload merged into /settings#import (legacy route 302s)
  - drop CSV → auto-parse → preview → Import only / Import & sync
  - nav slimmed to Dashboard / News / Log
  - Settings + Logout moved to a user dropdown
  - brand logo links to /

Collateral fixes:

  - settings 500: re-fetch User in current session before mutating
    referral_code (assign_code_if_missing was refreshing a User
    loaded in the auth dep's now-closed session)
  - csv_import: distinct error for unfunded T212 pies (all qty=0)
  - db.py: drop pool_pre_ping (aiomysql 0.3.2 incompat); pin
    isolation_level=READ COMMITTED to avoid gap-lock deadlocks
  - alembic env: disable_existing_loggers=False so in-process
    migrations don't silence uvicorn's loggers
  - docker-compose.override.yml: dev-only volume mount + --reload

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-23 16:15:54 +02:00

Giorgio Gilestro

9759080134

phase D milestones 1+2: referral system + paid-access gate

Lays the billing-prep spine before Paddle lands in D.3.

D.1 — referrals
- users.referral_code: unique 8-char URL-safe code (alphabet excludes the
  ambiguous 0/O/1/I/L). Generated lazily on first /settings hit so existing
  accounts pick one up without a backfill migration.
- users.referred_by_user_id + new referrals audit table (referrer,
  referred, created_at, converted_at, credited_at). converted_at /
  credited_at stay null until D.3 fills them via the Paddle webhook.
- POST /login accepts ?ref=<code>; the code rides on the signed
  pending-verify cookie so it survives the GET → POST → /verify hop.
- /settings page: email, tier badge, referral code chip + invite link
  with one-click copy, pending/converted/active-credits stats grid.
  Settings nav link added to the top bar.

Reward shape: when the referred user makes their first paid Paddle
subscription, both they and the referrer get 50% off for 3 months.
(D.3 wires the actual credit application via the Paddle webhook.)

D.2 — paid-access gate
- users.credit_until: timestamp until which a free-tier account has
  paid-tier access. Null = no credit. Populated by admin CLI now and the
  D.3 webhook later.
- app.services.access exposes paid_status(user) → PaidStatus dataclass
  (active / source / expires_at / days_remaining), is_paid_active() with
  admin-bearer-token bypass, and a require_paid FastAPI dependency that
  raises 402 Payment Required for free-tier callers.
- POST /api/analyze (portfolio AI commentary) gated behind require_paid.
- Settings page surfaces credit window when active ("free · credit · N
  day(s) remaining (expires YYYY-MM-DD)") and the upgrade hint when not.
- Admin CLI: python -m app.cli {grant-credit,revoke-credit,show-status}.
  grant-credit is idempotent — extends from max(now, current expiry) so
  re-running the command never erodes an existing grant.

Migrations 0013 (referrals) and 0014 (credit_until). Tests cover the
paid-status truth table, code generation + normalisation, CLI argument
parsing, and the pending-cookie ref roundtrip (29 new tests).

2026-05-21 23:25:35 +01:00

3 commits