chore: 整合 migration 文件并优化配置
- 整合 18 个分散的 migration 文件为 5 个模块化文件 - settings.py 支持 .env.local 覆盖 .env - 移除 user schema 中未使用的 country 字段正则 - 更新 profile protocol 文档移除 country 字段 - pyproject.toml 添加 ruff 到 dev 依赖 - 简化 integration test conftest 邮箱 fixture
This commit is contained in:
ZL-Q
@@ -0,0 +1,81 @@
|
||||
"""Create Apple IAP schema and mark the squashed chain head.
|
||||
|
||||
Revision ID: 20260428_0004
|
||||
Revises: 20260428_squash_0004
|
||||
Create Date: 2026-04-28 00:04:00
|
||||
|
||||
Squashed history: creates the Apple IAP table with the corrected RLS policy
|
||||
from the start. The revision id intentionally remains the previous head so
|
||||
databases already stamped at 20260428_0004 stay recognized as current.
|
||||
"""
|
||||
|
||||
from typing import Sequence, Union
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
from sqlalchemy.dialects import postgresql
|
||||
|
||||
revision: str = "20260428_0004"
|
||||
down_revision: Union[str, Sequence[str], None] = "20260428_squash_0004"
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
op.create_table(
|
||||
"apple_iap_transactions",
|
||||
sa.Column("id", postgresql.UUID(as_uuid=True), nullable=False),
|
||||
sa.Column("user_id", postgresql.UUID(as_uuid=True), nullable=False),
|
||||
sa.Column("product_code", sa.String(length=32), nullable=False),
|
||||
sa.Column("app_store_product_id", sa.String(length=128), nullable=False),
|
||||
sa.Column("transaction_id", sa.String(length=64), nullable=False),
|
||||
sa.Column("original_transaction_id", sa.String(length=64), nullable=True),
|
||||
sa.Column("web_order_line_item_id", sa.String(length=64), nullable=True),
|
||||
sa.Column("environment", sa.String(length=16), nullable=False),
|
||||
sa.Column("bundle_id", sa.String(length=128), nullable=False),
|
||||
sa.Column("app_account_token", postgresql.UUID(as_uuid=True), nullable=True),
|
||||
sa.Column("purchase_date", sa.Text(), nullable=False),
|
||||
sa.Column("revocation_date", sa.Text(), nullable=True),
|
||||
sa.Column("status", sa.String(length=24), nullable=False),
|
||||
sa.Column("credits", sa.BigInteger(), nullable=False),
|
||||
sa.Column("currency", sa.String(length=8), nullable=True),
|
||||
sa.Column("price_milliunits", sa.BigInteger(), nullable=True),
|
||||
sa.Column("ledger_event_id", sa.String(length=64), nullable=True),
|
||||
sa.Column("signed_transaction_info", sa.Text(), nullable=False),
|
||||
sa.Column("apple_payload", postgresql.JSONB(astext_type=sa.Text()), server_default=sa.text("'{}'::jsonb"), nullable=False),
|
||||
sa.Column("failure_code", sa.String(length=64), nullable=True),
|
||||
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
|
||||
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
|
||||
sa.CheckConstraint("environment in ('Sandbox', 'Production')", name="ck_apple_iap_transactions_environment"),
|
||||
sa.CheckConstraint("status in ('received', 'verified', 'granted', 'failed', 'refunded', 'refunded_insufficient', 'revoked')", name="ck_apple_iap_transactions_status"),
|
||||
sa.PrimaryKeyConstraint("id"),
|
||||
sa.UniqueConstraint("transaction_id", name="uq_apple_iap_transactions_transaction_id"),
|
||||
sa.UniqueConstraint("ledger_event_id", name="uq_apple_iap_transactions_ledger_event_id"),
|
||||
)
|
||||
op.create_index("ix_apple_iap_transactions_user_created_at", "apple_iap_transactions", ["user_id", sa.text("created_at DESC")])
|
||||
op.create_index("ix_apple_iap_transactions_status_updated_at", "apple_iap_transactions", ["status", sa.text("updated_at DESC")])
|
||||
_enable_service_only_rls("apple_iap_transactions")
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
_drop_service_only_rls("apple_iap_transactions")
|
||||
op.drop_table("apple_iap_transactions")
|
||||
|
||||
|
||||
def _enable_service_only_rls(table_name: str) -> None:
|
||||
for role in ["anon", "authenticated"]:
|
||||
for action in ["select", "insert", "update", "delete"]:
|
||||
op.execute(f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}")
|
||||
op.execute(f"ALTER TABLE {table_name} ENABLE ROW LEVEL SECURITY")
|
||||
for role in ["anon", "authenticated"]:
|
||||
op.execute(f"CREATE POLICY {role}_select_{table_name} ON {table_name} FOR SELECT TO {role} USING (false)")
|
||||
op.execute(f"CREATE POLICY {role}_insert_{table_name} ON {table_name} FOR INSERT TO {role} WITH CHECK (false)")
|
||||
op.execute(f"CREATE POLICY {role}_update_{table_name} ON {table_name} FOR UPDATE TO {role} USING (false) WITH CHECK (false)")
|
||||
op.execute(f"CREATE POLICY {role}_delete_{table_name} ON {table_name} FOR DELETE TO {role} USING (false)")
|
||||
|
||||
|
||||
def _drop_service_only_rls(table_name: str) -> None:
|
||||
for role in ["anon", "authenticated"]:
|
||||
for action in ["select", "insert", "update", "delete"]:
|
||||
op.execute(f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}")
|
||||
op.execute(f"ALTER TABLE {table_name} DISABLE ROW LEVEL SECURITY")
|
||||
Reference in New Issue
Block a user