ZL-Q
adb2b3bcc3
- 整合 18 个分散的 migration 文件为 5 个模块化文件 - settings.py 支持 .env.local 覆盖 .env - 移除 user schema 中未使用的 country 字段正则 - 更新 profile protocol 文档移除 country 字段 - pyproject.toml 添加 ruff 到 dev 依赖 - 简化 integration test conftest 邮箱 fixture
82 lines
4.6 KiB
Python
82 lines
4.6 KiB
Python
"""Create Apple IAP schema and mark the squashed chain head.
|
|
|
|
Revision ID: 20260428_0004
|
|
Revises: 20260428_squash_0004
|
|
Create Date: 2026-04-28 00:04:00
|
|
|
|
Squashed history: creates the Apple IAP table with the corrected RLS policy
|
|
from the start. The revision id intentionally remains the previous head so
|
|
databases already stamped at 20260428_0004 stay recognized as current.
|
|
"""
|
|
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
import sqlalchemy as sa
|
|
from sqlalchemy.dialects import postgresql
|
|
|
|
revision: str = "20260428_0004"
|
|
down_revision: Union[str, Sequence[str], None] = "20260428_squash_0004"
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
op.create_table(
|
|
"apple_iap_transactions",
|
|
sa.Column("id", postgresql.UUID(as_uuid=True), nullable=False),
|
|
sa.Column("user_id", postgresql.UUID(as_uuid=True), nullable=False),
|
|
sa.Column("product_code", sa.String(length=32), nullable=False),
|
|
sa.Column("app_store_product_id", sa.String(length=128), nullable=False),
|
|
sa.Column("transaction_id", sa.String(length=64), nullable=False),
|
|
sa.Column("original_transaction_id", sa.String(length=64), nullable=True),
|
|
sa.Column("web_order_line_item_id", sa.String(length=64), nullable=True),
|
|
sa.Column("environment", sa.String(length=16), nullable=False),
|
|
sa.Column("bundle_id", sa.String(length=128), nullable=False),
|
|
sa.Column("app_account_token", postgresql.UUID(as_uuid=True), nullable=True),
|
|
sa.Column("purchase_date", sa.Text(), nullable=False),
|
|
sa.Column("revocation_date", sa.Text(), nullable=True),
|
|
sa.Column("status", sa.String(length=24), nullable=False),
|
|
sa.Column("credits", sa.BigInteger(), nullable=False),
|
|
sa.Column("currency", sa.String(length=8), nullable=True),
|
|
sa.Column("price_milliunits", sa.BigInteger(), nullable=True),
|
|
sa.Column("ledger_event_id", sa.String(length=64), nullable=True),
|
|
sa.Column("signed_transaction_info", sa.Text(), nullable=False),
|
|
sa.Column("apple_payload", postgresql.JSONB(astext_type=sa.Text()), server_default=sa.text("'{}'::jsonb"), nullable=False),
|
|
sa.Column("failure_code", sa.String(length=64), nullable=True),
|
|
sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
|
|
sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.text("now()"), nullable=False),
|
|
sa.CheckConstraint("environment in ('Sandbox', 'Production')", name="ck_apple_iap_transactions_environment"),
|
|
sa.CheckConstraint("status in ('received', 'verified', 'granted', 'failed', 'refunded', 'refunded_insufficient', 'revoked')", name="ck_apple_iap_transactions_status"),
|
|
sa.PrimaryKeyConstraint("id"),
|
|
sa.UniqueConstraint("transaction_id", name="uq_apple_iap_transactions_transaction_id"),
|
|
sa.UniqueConstraint("ledger_event_id", name="uq_apple_iap_transactions_ledger_event_id"),
|
|
)
|
|
op.create_index("ix_apple_iap_transactions_user_created_at", "apple_iap_transactions", ["user_id", sa.text("created_at DESC")])
|
|
op.create_index("ix_apple_iap_transactions_status_updated_at", "apple_iap_transactions", ["status", sa.text("updated_at DESC")])
|
|
_enable_service_only_rls("apple_iap_transactions")
|
|
|
|
|
|
def downgrade() -> None:
|
|
_drop_service_only_rls("apple_iap_transactions")
|
|
op.drop_table("apple_iap_transactions")
|
|
|
|
|
|
def _enable_service_only_rls(table_name: str) -> None:
|
|
for role in ["anon", "authenticated"]:
|
|
for action in ["select", "insert", "update", "delete"]:
|
|
op.execute(f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}")
|
|
op.execute(f"ALTER TABLE {table_name} ENABLE ROW LEVEL SECURITY")
|
|
for role in ["anon", "authenticated"]:
|
|
op.execute(f"CREATE POLICY {role}_select_{table_name} ON {table_name} FOR SELECT TO {role} USING (false)")
|
|
op.execute(f"CREATE POLICY {role}_insert_{table_name} ON {table_name} FOR INSERT TO {role} WITH CHECK (false)")
|
|
op.execute(f"CREATE POLICY {role}_update_{table_name} ON {table_name} FOR UPDATE TO {role} USING (false) WITH CHECK (false)")
|
|
op.execute(f"CREATE POLICY {role}_delete_{table_name} ON {table_name} FOR DELETE TO {role} USING (false)")
|
|
|
|
|
|
def _drop_service_only_rls(table_name: str) -> None:
|
|
for role in ["anon", "authenticated"]:
|
|
for action in ["select", "insert", "update", "delete"]:
|
|
op.execute(f"DROP POLICY IF EXISTS {role}_{action}_{table_name} ON {table_name}")
|
|
op.execute(f"ALTER TABLE {table_name} DISABLE ROW LEVEL SECURITY")
|