giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
read.markets/app/config.py
Giorgio Gilestro 410afe0078 stripe: wire checkout, customer portal, and webhook for read.markets 
Stripe is the merchant-on-record for read.markets after Polar/Paddle
both declined the financial-media category. This commit lands the
full subscription flow: an "Upgrade" button on /pricing now opens a
real Stripe-hosted Checkout, completes the subscription, and the
webhook flips user.tier to "paid" idempotently.

Endpoints
- POST /api/stripe/checkout (require_auth) — creates a hosted
  Checkout Session in subscription mode, passes user.id as
  client_reference_id + email as customer_email, returns the URL
  for the page-side JS to redirect to. Reuses an existing
  stripe_customer_id to avoid duplicate Stripe customers on repeat
  checkouts. allow_promotion_codes=True so the referral-credit
  redemption can attach a coupon at checkout once that flow ships.
- POST /api/stripe/portal (require_auth) — mints a Stripe Customer
  Portal session. Used by /settings; returns 404 until the user has
  a stripe_customer_id (i.e. completed at least one checkout).
- POST /api/stripe/webhook — signature-verified via
  stripe.Webhook.construct_event. Idempotent via UNIQUE on
  stripe_events.event_id. Event dispatch:
    checkout.session.completed       → grant paid, store IDs
    customer.subscription.created    → grant paid (active/trialing)
    customer.subscription.updated    → grant paid (active/trialing)
    customer.subscription.deleted    → drop to free, clear sub id
    invoice.paid / failed            → audit only
    charge.refunded                  → audit only
  Stripe-SDK objects don't expose dict.get(); we use the SDK for
  signature verification then re-parse the JSON body for handler
  dispatch — cleaner than reaching into StripeObject internals.

Schema (migration 0019)
- users.stripe_customer_id, users.stripe_subscription_id (nullable
  String(64), UNIQUE on customer_id).
- stripe_events table mirroring polar_events: event_id (unique),
  event_type, received_at, processed_at, error, raw payload
  (truncated to 16 KiB).

Settings (.env)
- STRIPE_API_KEY            (rk_test_… for dev, rk_live_… for GA)
- STRIPE_WEBHOOK_SECRET     (whsec_… from the dashboard endpoint)
- STRIPE_PRICE_MONTHLY      (price_xxx for £7/month)
- STRIPE_PRICE_ANNUAL       (price_xxx for £70/year)

Pricing page
- Free tier CTA unchanged.
- Paid CTA branches three ways: paid → "Manage subscription" to
  /settings; logged-in free → two buttons (£7/mo, £70/yr) that POST
  to /api/stripe/checkout and redirect; anonymous → /login?next=/pricing.
- Inline JS intercepts the button click, calls the checkout
  endpoint, redirects on success, surfaces errors via alert(). No
  Stripe.js dep — we use the hosted-checkout URL directly.

Polar handler stays in place for berengar.io / flyroom.net which
still ship through Polar. polar_* and stripe_* columns coexist
independently on the User row.

Tests
- 9 in tests/test_stripe_billing.py covering: bad signature → 401,
  missing signature → 400, checkout.session.completed flips tier +
  stores IDs, subscription.updated active grants paid,
  subscription.deleted drops to free with customer id preserved,
  replayed event id is no-op (one row in stripe_events),
  unknown event acked 200, checkout endpoint mocks the SDK and
  returns the hosted URL, checkout requires login.
- Full suite: 221 passed, 5 skipped.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-26 18:45:13 +02:00

177 lines
6.9 KiB
Python
Raw Blame History

"""Runtime configuration — environment via Pydantic Settings + TOML-loaded data tables.
Settings come from .env / process env. The TOML files (default.toml, portfolio.toml)
define *what to track* — they're declarative content, not config knobs, so they
stay separate from the settings model.
"""
from __future__ import annotations
import tomllib
from functools import lru_cache
from pathlib import Path
from typing import Any
from pydantic import Field
from pydantic_settings import BaseSettings, SettingsConfigDict
CONFIG_DIR = Path(__file__).resolve().parent.parent / "config"
class Settings(BaseSettings):
"""All runtime knobs. Read from process env, .env not needed in-container
because compose injects vars directly; .env is supported for local dev."""
model_config = SettingsConfigDict(
env_file=".env",
env_file_encoding="utf-8",
extra="ignore",
)
# Database
DATABASE_URL: str = "mysql+aiomysql://cassandra:changeme@db:3306/cassandra"
# Redis: ephemeral pie storage during /api/analyze + batch buffer for
# ticker_universe additions. No persistence — see compose service.
REDIS_URL: str = "redis://redis:6379/0"
# API keys (mirror prototype .env names)
API_KEY: str = "" # Trading 212 key
SECRET_KEY: str = "" # Trading 212 secret
FRED_API_KEY: str = ""
OPENROUTER_API_KEY: str = ""
# App
CASSANDRA_TOKEN: str = ""
CASSANDRA_PORT: int = 8000
# Signing key for session cookies. Generate with:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# Falls back to CASSANDRA_TOKEN if unset (acceptable for single-host dev).
CASSANDRA_SESSION_SECRET: str = ""
# Set to false (or 0/no) to disable /signup after the first account is
# created. Phase A leaves this open so the operator can self-onboard.
CASSANDRA_SIGNUP_ENABLED: bool = True
# SMTP for email OTP verification. If SMTP_SERVER is empty, OTP codes
# are written to stdout instead of sent — convenient for local dev.
SMTP_SERVER: str = ""
SMTP_PORT: int = 587
SMTP_USER: str = ""
SMTP_PASSWORD: str = ""
SMTP_USE_TLS: bool = True
SMTP_FROM: str = "" # Defaults to SMTP_USER if blank
CASSANDRA_BASE_CURRENCY: str = "GBP"
CASSANDRA_ANCHOR_DATE: str = ""
CASSANDRA_MOCK: bool = False
# Server-side pepper for the cloud-sync outer wrap. Generate with:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# When empty, the outer layer degrades to "salt by user_id only" — fine
# for dev, but a prod DB leak would then suffice to brute-force PINs
# offline. The startup log warns if this is empty on a non-sqlite DB.
PORTFOLIO_SYNC_PEPPER: str = ""
# AI log — provider abstraction with fallback chain.
# `LLM_PROVIDER` is the primary; `LLM_FALLBACK` kicks in if the primary
# raises (after its own internal retries). Set LLM_FALLBACK="" to
# disable the fallback.
LLM_PROVIDER: str = "deepseek"
LLM_FALLBACK: str = "openrouter"
# DeepSeek-direct (cheaper, primary).
DEEPSEEK_API_KEY: str = ""
DEEPSEEK_URL: str = "https://api.deepseek.com/chat/completions"
DEEPSEEK_MODEL: str = "deepseek-v4-flash"
# OpenRouter (fallback, also a valid primary).
OPENROUTER_MODEL: str = "deepseek/deepseek-v4-flash"
OPENROUTER_MONTHLY_CAP_USD: float = 20.0
# Tone axis. PRO was dropped in PROMPT_VERSION 6 (audience pivot to
# young investors); legacy values are silently mapped to INTERMEDIATE
# by app.services.openrouter._resolve_tone.
CASSANDRA_TONE: str = "INTERMEDIATE" # NOVICE | INTERMEDIATE
CASSANDRA_ANALYSIS: str = "SPECULATIVE" # DRY | SPECULATIVE
BETA_MODE: bool = True # Shows a "BETA" pill in the app header. Flip to False at GA.
# Polar (merchant-of-record). Webhook secret is base64-encoded with a
# `whsec_` prefix in the Polar dashboard; paste it verbatim into the
# env var. Empty = webhook endpoint refuses with 503 (so a misconfig
# is loud rather than silently accepting unsigned events).
POLAR_WEBHOOK_SECRET: str = ""
POLAR_API_KEY: str = ""
# Stripe (merchant-on-record for read.markets after Polar/Paddle
# both declined the financial-media category). Test-mode keys are
# `sk_test_*` / `whsec_*`; live-mode keys are `sk_live_*` — swap at
# GA cutover. Empty values make the corresponding endpoints 503 so
# a misconfig is loud rather than silently accepting unsigned events.
STRIPE_API_KEY: str = ""
STRIPE_WEBHOOK_SECRET: str = ""
STRIPE_PRICE_MONTHLY: str = "" # price_xxx for £7/month subscription
STRIPE_PRICE_ANNUAL: str = "" # price_xxx for £70/year subscription
# Config file locations (overridable for tests)
BASELINE_TOML: Path = Field(default_factory=lambda: CONFIG_DIR / "default.toml")
PORTFOLIO_TOML: Path = Field(default_factory=lambda: CONFIG_DIR / "portfolio.toml")
@lru_cache
def get_settings() -> Settings:
return Settings()
# --- TOML data tables --------------------------------------------------------
def _merge_toml(*paths: Path) -> dict[str, Any]:
"""Read TOML files in order; later ones override earlier at the top level
(with shallow dict-merge for nested tables)."""
out: dict[str, Any] = {}
for path in paths:
if not path.exists():
continue
with path.open("rb") as f:
data = tomllib.load(f)
for k, v in data.items():
if isinstance(v, dict) and isinstance(out.get(k), dict):
out[k].update(v)
else:
out[k] = v
return out
def load_groups(*paths: Path) -> dict[str, list[tuple[str, str, str]]]:
"""[(symbol, label, note), ...] per group name."""
data = _merge_toml(*paths)
out: dict[str, list[tuple[str, str, str]]] = {}
for name, items in (data.get("groups") or {}).items():
out[name] = [
(it["symbol"], it.get("label", it["symbol"]), it.get("note", ""))
for it in items
]
return out
def load_feeds(*paths: Path) -> dict[str, list[tuple[str, str]]]:
"""[(name, url), ...] per category name."""
data = _merge_toml(*paths)
out: dict[str, list[tuple[str, str]]] = {}
for cat, items in (data.get("feeds") or {}).items():
out[cat] = [(it["name"], it["url"]) for it in items]
return out
def load_presets(*paths: Path) -> dict[str, list[str]]:
"""Keyword presets for news filtering."""
data = _merge_toml(*paths)
presets = (data.get("news") or {}).get("presets") or {}
return {name: list(kw) for name, kw in presets.items()}
def load_all() -> tuple[dict, dict, dict]:
"""Shortcut: groups, feeds, presets using the configured TOML paths."""
s = get_settings()
return (
load_groups(s.BASELINE_TOML, s.PORTFOLIO_TOML),
load_feeds(s.BASELINE_TOML, s.PORTFOLIO_TOML),
load_presets(s.BASELINE_TOML, s.PORTFOLIO_TOML),
)
Reference in a new issue View git blame Copy permalink