giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
read.markets/app/services/referral_service.py
Giorgio Gilestro 9759080134 phase D milestones 1+2: referral system + paid-access gate 
Lays the billing-prep spine before Paddle lands in D.3.

D.1 — referrals
- users.referral_code: unique 8-char URL-safe code (alphabet excludes the
  ambiguous 0/O/1/I/L). Generated lazily on first /settings hit so existing
  accounts pick one up without a backfill migration.
- users.referred_by_user_id + new referrals audit table (referrer,
  referred, created_at, converted_at, credited_at). converted_at /
  credited_at stay null until D.3 fills them via the Paddle webhook.
- POST /login accepts ?ref=<code>; the code rides on the signed
  pending-verify cookie so it survives the GET → POST → /verify hop.
- /settings page: email, tier badge, referral code chip + invite link
  with one-click copy, pending/converted/active-credits stats grid.
  Settings nav link added to the top bar.

Reward shape: when the referred user makes their first paid Paddle
subscription, both they and the referrer get 50% off for 3 months.
(D.3 wires the actual credit application via the Paddle webhook.)

D.2 — paid-access gate
- users.credit_until: timestamp until which a free-tier account has
  paid-tier access. Null = no credit. Populated by admin CLI now and the
  D.3 webhook later.
- app.services.access exposes paid_status(user) → PaidStatus dataclass
  (active / source / expires_at / days_remaining), is_paid_active() with
  admin-bearer-token bypass, and a require_paid FastAPI dependency that
  raises 402 Payment Required for free-tier callers.
- POST /api/analyze (portfolio AI commentary) gated behind require_paid.
- Settings page surfaces credit window when active ("free · credit · N
  day(s) remaining (expires YYYY-MM-DD)") and the upgrade hint when not.
- Admin CLI: python -m app.cli {grant-credit,revoke-credit,show-status}.
  grant-credit is idempotent — extends from max(now, current expiry) so
  re-running the command never erodes an existing grant.

Migrations 0013 (referrals) and 0014 (credit_until). Tests cover the
paid-status truth table, code generation + normalisation, CLI argument
parsing, and the pending-cookie ref roundtrip (29 new tests).
2026-05-21 23:25:35 +01:00

119 lines
4.1 KiB
Python
Raw Blame History

"""Referral-code generation, lookup, and signup-time linkage.
D.1 lays down the bookkeeping only — actual credit application happens
in D.3 when the Paddle webhook fires. The flow:
1. /login renders an "invited" banner when the URL carries `?ref=<code>`.
2. The code travels through the email-OTP flow inside the pending cookie
so it survives the GET /login → POST /login → /verify hops.
3. When the new user's row is first created (POST /login on an unknown
email), `referred_by_user_id` is set and a `Referral` row is written.
4. On the new user's first paid subscription (D.3), we read the
`Referral` row to apply discounts to both parties.
The code itself is 8 characters from an unambiguous alphabet so users
can read it off a phone screen or dictate it over the phone.
"""
from __future__ import annotations
import secrets
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession
from app.db import utcnow
from app.logging import get_logger
from app.models import Referral, User
log = get_logger("referral")
# Unambiguous alphabet — no 0/O, no 1/I/L. 32 chars → 8 positions ≈ 1e12
# combinations, plenty for our scale, and a unique-constraint catches
# collisions if we ever generate the same one twice.
_ALPHABET = "ABCDEFGHJKMNPQRSTUVWXYZ23456789"
_CODE_LEN = 8
def generate_code() -> str:
"""Cryptographically random 8-char code from the unambiguous alphabet."""
return "".join(secrets.choice(_ALPHABET) for _ in range(_CODE_LEN))
def normalise_code(raw: str | None) -> str | None:
"""Trim, uppercase, strip non-alphabet characters. Used on inbound
`?ref=<code>` params so users can paste with spaces / lowercase.
Returns None if the result isn't a plausible code."""
if not raw:
return None
cleaned = "".join(c for c in raw.upper() if c in _ALPHABET)
if len(cleaned) != _CODE_LEN:
return None
return cleaned
async def assign_code_if_missing(session: AsyncSession, user: User) -> User:
"""Generate + persist a referral code on `user` if they don't have
one yet. Retries on the (very rare) collision."""
if user.referral_code:
return user
for _ in range(8):
code = generate_code()
existing = (await session.execute(
select(User.id).where(User.referral_code == code)
)).scalar_one_or_none()
if existing is None:
user.referral_code = code
await session.commit()
await session.refresh(user)
log.info("referral.code_assigned", user_id=user.id, code=code)
return user
# 8 collisions in a row would be a statistical event we'd want to
# know about.
raise RuntimeError("referral_service: exhausted code-collision retries")
async def lookup_referrer(session: AsyncSession, code: str | None) -> User | None:
"""Return the User whose `referral_code` matches, or None. Normalises
the input via `normalise_code` so URL-paste variations all resolve."""
code = normalise_code(code)
if not code:
return None
return (await session.execute(
select(User).where(User.referral_code == code)
)).scalar_one_or_none()
async def link_new_user(
session: AsyncSession,
new_user: User,
referrer: User | None,
) -> Referral | None:
"""Record a referral if the supplied referrer is valid. Idempotent
(safe to call multiple times for the same new user — the unique
constraint on `referred_user_id` makes duplicate inserts a no-op).
Self-referral is silently rejected.
"""
if referrer is None or new_user.id is None or referrer.id == new_user.id:
return None
if new_user.referred_by_user_id is not None:
# Already linked; this user can't be referred twice.
return None
new_user.referred_by_user_id = referrer.id
ref = Referral(
referrer_user_id=referrer.id,
referred_user_id=new_user.id,
created_at=utcnow(),
)
session.add(ref)
await session.commit()
await session.refresh(new_user)
await session.refresh(ref)
log.info(
"referral.linked",
referrer_id=referrer.id, referred_id=new_user.id,
)
return ref
Reference in a new issue View git blame Copy permalink