2d1bb83c3b
Establishes the safety net required before any structural refactor. Tests (tests/): - conftest.py rewritten for Flask-SQLAlchemy 3.x (drop-recreate per test, StaticPool-shared in-memory SQLite, admin_user + auth_headers fixtures). Removes deprecated db.create_scoped_session pattern. - test_smoke.py: 8 baseline tests (app boot, JWT login valid+invalid, protected routes, paginated response shape, plugin auto-discovery). - test_security_config.py: 7 tests pinning ProductionConfig.validate failure modes (missing/dev SECRET_KEY, missing JWT_SECRET_KEY, missing DATABASE_URL, wildcard CORS, empty CORS) and one happy-path. Production hardening (shopdb/config.py, shopdb/__init__.py): - ProductionConfig.validate() raises ConfigError on missing or insecure SECRET_KEY, JWT_SECRET_KEY, DATABASE_URL, CORS_ORIGINS. No silent fallback to dev defaults in production. - create_app invokes validate() when config_name == 'production'. - CORS_ORIGINS default no longer wildcard; defaults to localhost Vite dev origin. - Drop os.path.exists probe in serve_frontend (path-traversal risk surface). send_from_directory handles safe-join + 404 itself. - Replace User.query.get with db.session.get (SQLAlchemy 2.0 API). TestingConfig (shopdb/config.py): - Add StaticPool + check_same_thread connect_args so SQLite in-memory is shared across the test session. Index dedup (plugins/printers/models/printer_extension.py): - Rename idx_printer_windowsname -> idx_printerdata_windowsname. Two model classes (Printer, PrinterData) declared the same index name; SQLite enforces global index uniqueness even across tables. Per CONTRIBUTING.md naming convention, indexes follow idx_<table>_<column>. Dependency pinning (requirements.in, requirements.txt): - requirements.in holds the loose source pins (the human-edited file). - requirements.txt is now a uv-compiled lockfile (every transitive dep pinned to an exact version). Reproducible builds. Run `uv pip compile requirements.in -o requirements.txt` to refresh. Test count: 0 -> 15 passing. All naming/style checks still green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
120 lines
2.4 KiB
Plaintext
120 lines
2.4 KiB
Plaintext
# This file was autogenerated by uv via the following command:
|
|
# uv pip compile requirements.in -o requirements.txt
|
|
alembic==1.18.4
|
|
# via flask-migrate
|
|
blinker==1.9.0
|
|
# via flask
|
|
cachelib==0.13.0
|
|
# via flask-caching
|
|
certifi==2026.4.22
|
|
# via requests
|
|
charset-normalizer==3.4.7
|
|
# via requests
|
|
click==8.3.3
|
|
# via
|
|
# -r requirements.in
|
|
# flask
|
|
coverage==7.13.5
|
|
# via pytest-cov
|
|
dnspython==2.8.0
|
|
# via email-validator
|
|
email-validator==2.3.0
|
|
# via -r requirements.in
|
|
flask==3.1.3
|
|
# via
|
|
# -r requirements.in
|
|
# flask-caching
|
|
# flask-cors
|
|
# flask-jwt-extended
|
|
# flask-marshmallow
|
|
# flask-migrate
|
|
# flask-sqlalchemy
|
|
# pytest-flask
|
|
flask-caching==2.4.0
|
|
# via -r requirements.in
|
|
flask-cors==6.0.2
|
|
# via -r requirements.in
|
|
flask-jwt-extended==4.7.3
|
|
# via -r requirements.in
|
|
flask-marshmallow==1.5.0
|
|
# via -r requirements.in
|
|
flask-migrate==4.1.0
|
|
# via -r requirements.in
|
|
flask-sqlalchemy==3.1.1
|
|
# via
|
|
# -r requirements.in
|
|
# flask-migrate
|
|
greenlet==3.5.0
|
|
# via sqlalchemy
|
|
idna==3.13
|
|
# via
|
|
# email-validator
|
|
# requests
|
|
iniconfig==2.3.0
|
|
# via pytest
|
|
itsdangerous==2.2.0
|
|
# via flask
|
|
jinja2==3.1.6
|
|
# via flask
|
|
mako==1.3.12
|
|
# via alembic
|
|
markupsafe==3.0.3
|
|
# via
|
|
# flask
|
|
# jinja2
|
|
# mako
|
|
# werkzeug
|
|
marshmallow==4.3.0
|
|
# via
|
|
# flask-marshmallow
|
|
# marshmallow-sqlalchemy
|
|
marshmallow-sqlalchemy==1.5.0
|
|
# via -r requirements.in
|
|
mysql-connector-python==9.7.0
|
|
# via -r requirements.in
|
|
packaging==26.2
|
|
# via pytest
|
|
pluggy==1.6.0
|
|
# via
|
|
# pytest
|
|
# pytest-cov
|
|
pygments==2.20.0
|
|
# via pytest
|
|
pyjwt==2.12.1
|
|
# via flask-jwt-extended
|
|
pymysql==1.1.3
|
|
# via -r requirements.in
|
|
pytest==9.0.3
|
|
# via
|
|
# -r requirements.in
|
|
# pytest-cov
|
|
# pytest-flask
|
|
pytest-cov==7.1.0
|
|
# via -r requirements.in
|
|
pytest-flask==1.3.0
|
|
# via -r requirements.in
|
|
python-dotenv==1.2.2
|
|
# via -r requirements.in
|
|
requests==2.33.1
|
|
# via -r requirements.in
|
|
sqlalchemy==2.0.49
|
|
# via
|
|
# alembic
|
|
# flask-sqlalchemy
|
|
# marshmallow-sqlalchemy
|
|
tabulate==0.10.0
|
|
# via -r requirements.in
|
|
typing-extensions==4.15.0
|
|
# via
|
|
# alembic
|
|
# sqlalchemy
|
|
urllib3==2.7.0
|
|
# via requests
|
|
werkzeug==3.1.8
|
|
# via
|
|
# -r requirements.in
|
|
# flask
|
|
# flask-cors
|
|
# flask-jwt-extended
|
|
# pytest-flask
|