feat(HRT-80): API Token personnel + Webhook alertes (Pro)

- Nouveaux fichiers: api_tokens_db.py, api_v1/routes/user_tokens.py, api_v1/utils_webhook.py - Migration DB idempotente: tables user_api_tokens + user_webhooks - Endpoints POST/DELETE /api/v1/user/api-token (Pro only) - Endpoints POST/DELETE /api/v1/user/webhook (Pro only, HTTPS requis) - HMAC-SHA256 fire-and-forget dispatch webhook - auth.py: validate_api_key() + X-API-Key fallback dans jwt_required_middleware - saas_auth.py: import logging au niveau module, validate_api_key(), X-API-Key fallback - api_v1/__init__.py: enregistrement user_tokens_bp - 24 tests pytest — tous passent Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-29 17:25:30 +02:00
parent bc5ee3fa1a
commit f300e44c74
7 changed files with 811 additions and 4 deletions
--- a/api_tokens_db.py
+++ b/api_tokens_db.py
@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+"""
+api_tokens_db.py — DB migration for personal API tokens + user webhooks
+HRT-80: API Token personnel + Webhook alertes (Pro)
+"""
+
+import logging
+import os
+import sqlite3
+
+DB_PATH = os.environ.get("TURF_SAAS_DB", "/home/h3r7/turf_saas/turf_saas.db")
+logger = logging.getLogger("turf_saas.api_tokens_db")
+
+
+def get_db() -> sqlite3.Connection:
+    conn = sqlite3.connect(DB_PATH)
+    conn.row_factory = sqlite3.Row
+    return conn
+
+
+def migrate_api_tokens_tables() -> None:
+    """Idempotent migration: create user_api_tokens and user_webhooks."""
+    conn = get_db()
+    c = conn.cursor()
+    c.executescript("""
+        CREATE TABLE IF NOT EXISTS user_api_tokens (
+            id           INTEGER  PRIMARY KEY AUTOINCREMENT,
+            user_id      TEXT     NOT NULL,
+            token_hash   TEXT     NOT NULL UNIQUE,
+            token_prefix TEXT     NOT NULL,
+            created_at   DATETIME NOT NULL DEFAULT (datetime('now')),
+            last_used_at DATETIME,
+            revoked      INTEGER  NOT NULL DEFAULT 0
+        );
+        CREATE INDEX IF NOT EXISTS idx_api_tokens_user ON user_api_tokens(user_id);
+        CREATE INDEX IF NOT EXISTS idx_api_tokens_hash ON user_api_tokens(token_hash);
+
+        CREATE TABLE IF NOT EXISTS user_webhooks (
+            id         INTEGER  PRIMARY KEY AUTOINCREMENT,
+            user_id    TEXT     NOT NULL UNIQUE,
+            url        TEXT     NOT NULL,
+            secret     TEXT     NOT NULL,
+            created_at DATETIME NOT NULL DEFAULT (datetime('now'))
+        );
+        CREATE INDEX IF NOT EXISTS idx_webhooks_user ON user_webhooks(user_id);
+    """)
+    conn.commit()
+    conn.close()
+    logger.info(
+        "[api_tokens_db] Tables user_api_tokens + user_webhooks created/verified."
+    )
+
+
+if __name__ == "__main__":
+    logging.basicConfig(level=logging.INFO)
+    migrate_api_tokens_tables()
+    print("[api_tokens_db] Migration complete.")