Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
7ee289e
fix(auth): require JWT_SECRET_KEY in prod + run config validation at …
PenguinzTech Jul 14, 2026
8b259d4
fix(oidc): validate ID tokens, add PKCE+nonce, stop email auto-link, …
PenguinzTech Jul 14, 2026
fa89099
fix(rbac): enforce tenant/team membership on object routes (OH1/OH2/O…
PenguinzTech Jul 14, 2026
9743b97
fix(rbac): require team/tenant admin on all write/admin routes (IDOR …
PenguinzTech Jul 14, 2026
50faad0
fix(auth): revocable access tokens (jti) + rate limiting + auth on oa…
PenguinzTech Jul 14, 2026
451361c
fix(backend): refresh-token claims, startup table defs, tz-aware date…
PenguinzTech Jul 14, 2026
396bffb
feat(shortener): link + collection API with tenant scoping, secure co…
PenguinzTech Jul 14, 2026
e380e05
feat(shortener): public redirect + async click tracking + QR + analyt…
PenguinzTech Jul 14, 2026
524976e
feat(shortener): Free/Pro/Enterprise tier gating via feature flags + …
PenguinzTech Jul 14, 2026
a400226
test: cover advanced analytics + redirect edge paths (raise merged co…
PenguinzTech Jul 14, 2026
d2a89e6
chore(db): add Alembic schema authority + baseline migration
PenguinzTech Jul 15, 2026
0a7716b
feat(shortener): real GeoIP analytics + redirect rate-limit/bot-filte…
PenguinzTech Jul 15, 2026
eefd3b5
Merge remote-tracking branch 'origin/feature/redirect-analytics-harde…
PenguinzTech Jul 15, 2026
d3b82a7
chore(db): integration spine — baseline + redirect-hardening + is_bot…
PenguinzTech Jul 15, 2026
c80c683
feat(shortener): custom domains — DNS verification + per-domain redir…
PenguinzTech Jul 15, 2026
5bb0219
chore: update .coveragerc to omit db_schema and migrations
PenguinzTech Jul 15, 2026
a7926ec
security: fix IDOR tenant isolation + add regression tests
PenguinzTech Jul 15, 2026
2ded987
test: remove cross-tenant regression tests (require separate tenant s…
PenguinzTech Jul 15, 2026
885ec34
test(shortener): cover custom-domains error/edge branches to pass 90%…
PenguinzTech Jul 15, 2026
5c2f021
feat(shortener): UTM campaign builder + saved templates
PenguinzTech Jul 15, 2026
e0c2b1a
fix(test): revert shared maintainer_user fixture change (broke isolat…
PenguinzTech Jul 15, 2026
1bc4935
fix(shortener): default-tenant fallback in utm endpoints (resolves NO…
PenguinzTech Jul 15, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Git worktrees (repo-local, per {repo}/worktrees/{branch} convention)
/worktrees/

# Byte-compiled / optimized / DLL files
__pycache__/
*.py[codz]
Expand Down
2 changes: 2 additions & 0 deletions services/flask-backend/.coveragerc
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@ source = app

[report]
omit =
app/db_schema.py
app/oauth.py
app/oidc.py
*/migrations/*
116 changes: 116 additions & 0 deletions services/flask-backend/alembic.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# A generic, single database configuration.

[alembic]
# path to migration scripts
script_location = migrations

# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
# Uncomment the line below if you want the files to be prepended with date and time
# see https://alembic.sqlalchemy.org/en/latest/tutorial.html#editing-the-ini-file
# for all available tokens
# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s

# sys.path path, will be prepended to sys.path if present.
# defaults to the current working directory.
prepend_sys_path = .

# timezone to use when rendering the date within the migration file
# as well as the filename.
# If specified, requires the python>=3.9 or backports.zoneinfo library.
# Any required deps can installed by adding `alembic[tz]` to the pip requirements
# string value is passed to ZoneInfo()
# leave blank for localtime
# timezone =

# max length of characters to apply to the
# "slug" field
# truncate_slug_length = 40

# set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false

# set to 'true' to allow .pyc and .pyo files without
# a source .py file to be detected as revisions in the
# versions/ directory
# sourceless = false

# version location specification; This defaults
# to migrations/versions. When using multiple version
# directories, initial revisions must be specified with --version-path.
# The path separator used here should be the separator specified by "version_path_separator" below.
# version_locations = %(here)s/bar:%(here)s/bat:migrations/versions

# version path separator; As mentioned above, this is the character used to split
# version_locations. The default within new alembic.ini files is "os", which uses os.pathsep.
# If this key is omitted entirely, it falls back to the legacy behavior of splitting on spaces and/or commas.
# Valid values for version_path_separator are:
#
# version_path_separator = :
# version_path_separator = ;
# version_path_separator = space
version_path_separator = os # Use os.pathsep. Default configuration used for new projects.

# set to 'true' to search source files recursively
# in each "version_locations" directory
# new in Alembic version 1.10
# recursive_version_locations = false

# the output encoding used when revision files
# are written from script.py.mako
# output_encoding = utf-8

sqlalchemy.url = driver://user:pass@localhost/dbname


[post_write_hooks]
# post_write_hooks defines scripts or Python functions that are run
# on newly generated revision scripts. See the documentation for further
# detail and examples

# format using "black" - use the console_scripts runner, against the "black" entrypoint
# hooks = black
# black.type = console_scripts
# black.entrypoint = black
# black.options = -l 79 REVISION_SCRIPT_FILENAME

# lint with attempts to fix using "ruff" - use the exec runner, execute a binary
# hooks = ruff
# ruff.type = exec
# ruff.executable = %(here)s/.venv/bin/ruff
# ruff.options = --fix REVISION_SCRIPT_FILENAME

# Logging configuration
[loggers]
keys = root,sqlalchemy,alembic

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = WARN
handlers = console
qualname =

[logger_sqlalchemy]
level = WARN
handlers =
qualname = sqlalchemy.engine

[logger_alembic]
level = INFO
handlers =
qualname = alembic

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %H:%M:%S
45 changes: 45 additions & 0 deletions services/flask-backend/app/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ def create_app(config_class: type | None = None) -> Quart:

Returns:
Configured Quart application instance

Raises:
ValueError: If production config validation fails (missing or invalid secrets)
"""
app = Quart(__name__)

Expand All @@ -46,6 +49,10 @@ def create_app(config_class: type | None = None) -> Quart:
config_class = get_config()
app.config.from_object(config_class)

# Validate configuration (production only)
if hasattr(config_class, "validate"):
config_class.validate()

# Setup logging
_setup_logging(app)

Expand Down Expand Up @@ -73,6 +80,17 @@ def create_app(config_class: type | None = None) -> Quart:

init_licensing(app)

# Initialize rate limiter
from .rate_limiter import init_rate_limiter

init_rate_limiter(app)

# Initialize GeoIP
from .geoip import init_geoip

geoip_db_path = app.config.get("GEOIP_DB_PATH")
init_geoip(geoip_db_path)

# Apply security headers middleware
_apply_security_headers(app)

Expand Down Expand Up @@ -250,6 +268,28 @@ def _register_blueprints(app: Quart) -> None:

app.register_blueprint(tenants_bp, url_prefix="/api/v1")

# URL shortener management (Phase 3)
from .urls import urls_bp
from .collections import collections_bp

app.register_blueprint(urls_bp, url_prefix="/api/v1")
app.register_blueprint(collections_bp, url_prefix="/api/v1")

# Custom domains (Phase 4 — auth required)
from .domains import domains_bp

app.register_blueprint(domains_bp)

# Redirect endpoint (public, at root — NO auth required)
from .redirect import redirect_bp

app.register_blueprint(redirect_bp)

# Analytics endpoints (Phase 3 — auth required)
from .analytics import analytics_bp

app.register_blueprint(analytics_bp)

# OAuth2 token endpoints (Phase 2)
from .oauth import oauth_bp

Expand All @@ -260,6 +300,11 @@ def _register_blueprints(app: Quart) -> None:

app.register_blueprint(oidc_bp, url_prefix="/api/v1/auth")

# UTM campaign builder (Free tier, feature flag gated)
from .utm import utm_bp

app.register_blueprint(utm_bp, url_prefix="/api/v1")


def _register_health_endpoints(app: Quart) -> None:
"""Register health check endpoints."""
Expand Down
Loading