chore: checkpoint current backend/runtime changes

backend/src/v1/auth/gateway.py

@@ -5,10 +5,10 @@ from collections.abc import Mapping
 from typing import Any, cast
 
 from fastapi import HTTPException
-from supabase import AuthError, create_client
+from supabase import AuthError
 
-from core.config.settings import SupabaseSettings, config
 from core.logging import get_logger
+from services.base.supabase import supabase_service
 from v1.auth.schemas import (
     AuthUser,
     PasswordResetConfirmRequest,
@@ -28,17 +28,16 @@ logger = get_logger("v1.auth.gateway")
 
 
 class SupabaseAuthGateway(AuthServiceGateway):
-    _client: Any
-    _admin_client: Any
+    def _get_client(self) -> Any:
+        return supabase_service.get_client()
 
-    def __init__(self) -> None:
-        settings: SupabaseSettings = config.supabase
-        self._client = create_client(settings.url, settings.anon_key)
-        self._admin_client = create_client(settings.url, settings.service_role_key)
+    def _get_admin_client(self) -> Any:
+        return supabase_service.get_admin_client()
 
     async def create_verification(
         self, request: VerificationCreateRequest
     ) -> VerificationCreateResponse:
+        client = self._get_client()
         metadata: dict[str, Any] = {"username": request.username}
         if request.invite_code:
             metadata["invite_code"] = request.invite_code
@@ -50,7 +49,7 @@ class SupabaseAuthGateway(AuthServiceGateway):
         if request.redirect_to:
             payload["options"] = {"email_redirect_to": request.redirect_to}
         try:
-            sign_up = cast(Any, self._client.auth.sign_up)
+            sign_up = cast(Any, client.auth.sign_up)
             await asyncio.to_thread(sign_up, payload)
             return VerificationCreateResponse(email=request.email)
         except AuthError as exc:
@@ -62,13 +61,14 @@ class SupabaseAuthGateway(AuthServiceGateway):
     async def verify_verification(
         self, request: VerificationVerifyRequest
     ) -> SessionResponse:
+        client = self._get_client()
         payload: dict[str, Any] = {
             "type": "signup",
             "email": request.email,
             "token": request.token,
         }
         try:
-            verify_otp = cast(Any, self._client.auth.verify_otp)
+            verify_otp = cast(Any, client.auth.verify_otp)
             response = await asyncio.to_thread(verify_otp, payload)
             return _map_auth_response(response, "Invalid verification code")
         except AuthError as exc:
@@ -78,17 +78,19 @@ class SupabaseAuthGateway(AuthServiceGateway):
             ) from exc
 
     async def resend_verification(self, request: VerificationResendRequest) -> None:
+        client = self._get_client()
         payload: dict[str, Any] = {"type": "signup", "email": request.email}
         try:
-            resend = cast(Any, self._client.auth.resend)
+            resend = cast(Any, client.auth.resend)
             await asyncio.to_thread(resend, payload)
         except AuthError as exc:
             logger.warning("Signup resend failed", error_type=type(exc).__name__)
 
     async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
+        client = self._get_client()
         payload: dict[str, Any] = {"email": request.email, "password": request.password}
         try:
-            sign_in = cast(Any, self._client.auth.sign_in_with_password)
+            sign_in = cast(Any, client.auth.sign_in_with_password)
             response = await asyncio.to_thread(sign_in, payload)
             return _map_auth_response(response, "Invalid credentials")
         except AuthError as exc:
@@ -96,9 +98,10 @@ class SupabaseAuthGateway(AuthServiceGateway):
             raise HTTPException(status_code=401, detail="Invalid credentials") from exc
 
     async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
+        client = self._get_client()
         try:
             response = await asyncio.to_thread(
-                self._client.auth.refresh_session,
+                client.auth.refresh_session,
                 request.refresh_token,
             )
             return _map_auth_response(response, "Invalid refresh token")
@@ -111,20 +114,21 @@ class SupabaseAuthGateway(AuthServiceGateway):
     async def delete_session(self, refresh_token: str | None) -> None:
         if not refresh_token:
             raise HTTPException(status_code=401, detail="Missing refresh token")
+        client = self._get_client()
         try:
             response = await asyncio.to_thread(
-                self._client.auth.refresh_session,
+                client.auth.refresh_session,
                 refresh_token,
             )
             session = getattr(response, "session", None)
             if session is None:
                 raise HTTPException(status_code=401, detail="Invalid refresh token")
             await asyncio.to_thread(
-                self._client.auth.set_session,
+                client.auth.set_session,
                 str(session.access_token),
                 str(session.refresh_token),
             )
-            await asyncio.to_thread(self._client.auth.sign_out)
+            await asyncio.to_thread(client.auth.sign_out)
         except AuthError as exc:
             logger.warning("Logout failed", error_type=type(exc).__name__)
             raise HTTPException(
@@ -132,7 +136,8 @@ class SupabaseAuthGateway(AuthServiceGateway):
             ) from exc
 
     async def get_user_by_email(self, email: str) -> UserByEmailResponse:
-        users = await asyncio.to_thread(_list_auth_users, self._admin_client)
+        admin_client = self._get_admin_client()
+        users = await asyncio.to_thread(_list_auth_users, admin_client)
         normalized_email = email.lower()
         user = next(
             (
@@ -157,8 +162,9 @@ class SupabaseAuthGateway(AuthServiceGateway):
         )
 
     async def request_password_reset(self, request: PasswordResetRequest) -> None:
+        client = self._get_client()
         try:
-            reset_email = cast(Any, self._client.auth.reset_password_email)
+            reset_email = cast(Any, client.auth.reset_password_email)
             email = _coerce_reset_email(request.email)
             if request.redirect_to:
                 options: dict[str, str] = {"redirect_to": request.redirect_to}
@@ -174,13 +180,15 @@ class SupabaseAuthGateway(AuthServiceGateway):
     async def confirm_password_reset(
         self, request: PasswordResetConfirmRequest
     ) -> None:
+        client = self._get_client()
+        admin_client = self._get_admin_client()
         verify_payload: dict[str, Any] = {
             "type": "recovery",
             "email": request.email,
             "token": request.token,
         }
         try:
-            verify_otp = cast(Any, self._client.auth.verify_otp)
+            verify_otp = cast(Any, client.auth.verify_otp)
             response = await asyncio.to_thread(verify_otp, verify_payload)
             session = getattr(response, "session", None)
             user = getattr(response, "user", None)
@@ -190,7 +198,7 @@ class SupabaseAuthGateway(AuthServiceGateway):
                     status_code=401, detail="Invalid or expired verification code"
                 )
             await asyncio.to_thread(
-                self._admin_client.auth.admin.update_user_by_id,
+                admin_client.auth.admin.update_user_by_id,
                 user_id,
                 {"password": request.new_password},
             )