Split cart into 4 microservices: relations, likes, orders, page-config→blog

Phase 1 - Relations service (internal): owns ContainerRelation, exposes
get-children data + attach/detach-child actions. Retargeted events, blog,
market callers from cart to relations.

Phase 2 - Likes service (internal): unified Like model replaces ProductLike
and PostLike with generic target_type/target_slug/target_id. Exposes
is-liked, liked-slugs, liked-ids data + toggle action.

Phase 3 - PageConfig → blog: moved ownership to blog with direct DB queries,
removed proxy endpoints from cart.

Phase 4 - Orders service (public): owns Order/OrderItem + SumUp checkout
flow. Cart checkout now delegates to orders via create-order action.
Webhook/return routes and reconciliation moved to orders.

Phase 5 - Infrastructure: docker-compose, deploy.sh, Dockerfiles updated
for all 3 new services. Added orders_url helper and factory model imports.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

orders/bp/__init__.py

@@ -0,0 +1,6 @@
+from .order.routes import register as register_order
+from .orders.routes import register as register_orders
+from .checkout.routes import register as register_checkout
+from .data.routes import register as register_data
+from .actions.routes import register as register_actions
+from .fragments.routes import register as register_fragments

orders/bp/actions/routes.py

@@ -0,0 +1,108 @@
+"""Orders app action endpoints."""
+from __future__ import annotations
+
+from quart import Blueprint, g, jsonify, request
+
+from shared.infrastructure.actions import ACTION_HEADER
+
+
+def register() -> Blueprint:
+    bp = Blueprint("actions", __name__, url_prefix="/internal/actions")
+
+    @bp.before_request
+    async def _require_action_header():
+        if not request.headers.get(ACTION_HEADER):
+            return jsonify({"error": "forbidden"}), 403
+        from shared.infrastructure.internal_auth import validate_internal_request
+        if not validate_internal_request():
+            return jsonify({"error": "forbidden"}), 403
+
+    _handlers: dict[str, object] = {}
+
+    @bp.post("/<action_name>")
+    async def handle_action(action_name: str):
+        handler = _handlers.get(action_name)
+        if handler is None:
+            return jsonify({"error": "unknown action"}), 404
+        try:
+            result = await handler()
+            return jsonify(result)
+        except Exception as exc:
+            import logging
+            logging.getLogger(__name__).exception("Action %s failed", action_name)
+            return jsonify({"error": str(exc)}), 500
+
+    # --- create-order ---
+    async def _create_order():
+        """Create an order from cart data. Called by cart during checkout."""
+        from shared.browser.app.payments.sumup import create_checkout as sumup_create_checkout
+        from shared.infrastructure.urls import orders_url
+        from services.checkout import (
+            create_order,
+            resolve_page_config_from_post_id,
+            build_sumup_description,
+            build_sumup_reference,
+            build_webhook_url,
+        )
+
+        data = await request.get_json(force=True)
+
+        cart_items = data.get("cart_items", [])
+        calendar_entries = data.get("calendar_entries", [])
+        tickets = data.get("tickets", [])
+        user_id = data.get("user_id")
+        session_id = data.get("session_id")
+        product_total = data.get("product_total", 0)
+        calendar_total = data.get("calendar_total", 0)
+        ticket_total = data.get("ticket_total", 0)
+        page_post_id = data.get("page_post_id")
+
+        order = await create_order(
+            g.s, cart_items, calendar_entries,
+            user_id, session_id,
+            product_total, calendar_total,
+            ticket_total=ticket_total,
+            page_post_id=page_post_id,
+        )
+
+        page_config = None
+        if page_post_id:
+            page_config = await resolve_page_config_from_post_id(page_post_id)
+
+        if page_config:
+            order.page_config_id = page_config.id
+
+        order.sumup_reference = build_sumup_reference(order.id, page_config=page_config)
+        description = build_sumup_description(cart_items, order.id, ticket_count=len(tickets))
+
+        # Build URLs using orders service's own domain
+        redirect_url = orders_url(f"/checkout/return/{order.id}/")
+        webhook_base_url = orders_url(f"/checkout/webhook/{order.id}/")
+        webhook_url = build_webhook_url(webhook_base_url)
+
+        checkout_data = await sumup_create_checkout(
+            order,
+            redirect_url=redirect_url,
+            webhook_url=webhook_url,
+            description=description,
+            page_config=page_config,
+        )
+        order.sumup_checkout_id = checkout_data.get("id")
+        order.sumup_status = checkout_data.get("status")
+        order.description = checkout_data.get("description")
+        hosted_cfg = checkout_data.get("hosted_checkout") or {}
+        hosted_url = hosted_cfg.get("hosted_checkout_url") or checkout_data.get("hosted_checkout_url")
+        order.sumup_hosted_url = hosted_url
+        await g.s.flush()
+
+        return {
+            "order_id": order.id,
+            "sumup_hosted_url": hosted_url,
+            "page_config_id": order.page_config_id,
+            "sumup_reference": order.sumup_reference,
+            "description": order.description,
+        }
+
+    _handlers["create-order"] = _create_order
+
+    return bp

orders/bp/checkout/routes.py

@@ -0,0 +1,99 @@
+"""Checkout webhook + return routes (moved from cart/bp/cart/global_routes.py)."""
+from __future__ import annotations
+
+from quart import Blueprint, g, request, render_template, make_response
+from sqlalchemy import select
+
+from shared.models.order import Order
+from shared.browser.app.csrf import csrf_exempt
+
+from services.checkout import validate_webhook_secret, get_order_with_details
+from services.check_sumup_status import check_sumup_status
+
+
+def register() -> Blueprint:
+    bp = Blueprint("checkout", __name__, url_prefix="/checkout")
+
+    @csrf_exempt
+    @bp.post("/webhook/<int:order_id>/")
+    async def checkout_webhook(order_id: int):
+        """Webhook endpoint for SumUp CHECKOUT_STATUS_CHANGED events."""
+        if not validate_webhook_secret(request.args.get("token")):
+            return "", 204
+        try:
+            payload = await request.get_json()
+        except Exception:
+            payload = None
+        if not isinstance(payload, dict):
+            return "", 204
+        if payload.get("event_type") != "CHECKOUT_STATUS_CHANGED":
+            return "", 204
+        checkout_id = payload.get("id")
+        if not checkout_id:
+            return "", 204
+        result = await g.s.execute(select(Order).where(Order.id == order_id))
+        order = result.scalar_one_or_none()
+        if not order:
+            return "", 204
+        if order.sumup_checkout_id and order.sumup_checkout_id != checkout_id:
+            return "", 204
+        try:
+            await check_sumup_status(g.s, order)
+        except Exception:
+            pass
+        return "", 204
+
+    @bp.get("/return/<int:order_id>/")
+    async def checkout_return(order_id: int):
+        """Handle the browser returning from SumUp after payment."""
+        order = await get_order_with_details(g.s, order_id)
+        if not order:
+            html = await render_template(
+                "_types/cart/checkout_return.html",
+                order=None, status="missing", calendar_entries=[],
+            )
+            return await make_response(html)
+
+        if order.page_config_id:
+            from shared.infrastructure.data_client import fetch_data
+            from shared.contracts.dtos import CalendarEntryDTO, TicketDTO, dto_from_dict
+            raw_pc = await fetch_data("blog", "page-config-by-id",
+                                      params={"id": order.page_config_id}, required=False)
+            post = await fetch_data("blog", "post-by-id",
+                                    params={"id": raw_pc["container_id"]}, required=False) if raw_pc else None
+            if post:
+                g.page_slug = post["slug"]
+                mps = await fetch_data(
+                    "market", "marketplaces-for-container",
+                    params={"type": "page", "id": post["id"]}, required=False,
+                ) or []
+                if mps:
+                    g.market_slug = mps[0].get("slug")
+
+        if order.sumup_checkout_id:
+            try:
+                await check_sumup_status(g.s, order)
+            except Exception:
+                pass
+
+        status = (order.status or "pending").lower()
+
+        from shared.infrastructure.data_client import fetch_data
+        from shared.contracts.dtos import CalendarEntryDTO, TicketDTO, dto_from_dict
+        raw_entries = await fetch_data("events", "entries-for-order",
+                                       params={"order_id": order.id}, required=False) or []
+        calendar_entries = [dto_from_dict(CalendarEntryDTO, e) for e in raw_entries]
+        raw_tickets = await fetch_data("events", "tickets-for-order",
+                                       params={"order_id": order.id}, required=False) or []
+        order_tickets = [dto_from_dict(TicketDTO, t) for t in raw_tickets]
+        await g.s.flush()
+
+        html = await render_template(
+            "_types/cart/checkout_return.html",
+            order=order, status=status,
+            calendar_entries=calendar_entries,
+            order_tickets=order_tickets,
+        )
+        return await make_response(html)
+
+    return bp

orders/bp/data/routes.py

@@ -0,0 +1,30 @@
+"""Orders app data endpoints."""
+from __future__ import annotations
+
+from quart import Blueprint, g, jsonify, request
+
+from shared.infrastructure.data_client import DATA_HEADER
+
+
+def register() -> Blueprint:
+    bp = Blueprint("data", __name__, url_prefix="/internal/data")
+
+    @bp.before_request
+    async def _require_data_header():
+        if not request.headers.get(DATA_HEADER):
+            return jsonify({"error": "forbidden"}), 403
+        from shared.infrastructure.internal_auth import validate_internal_request
+        if not validate_internal_request():
+            return jsonify({"error": "forbidden"}), 403
+
+    _handlers: dict[str, object] = {}
+
+    @bp.get("/<query_name>")
+    async def handle_query(query_name: str):
+        handler = _handlers.get(query_name)
+        if handler is None:
+            return jsonify({"error": "unknown query"}), 404
+        result = await handler()
+        return jsonify(result)
+
+    return bp

orders/bp/fragments/routes.py

@@ -0,0 +1,42 @@
+"""Orders app fragment endpoints.
+
+Fragments:
+  account-nav-item   "orders" link for account dashboard
+"""
+from __future__ import annotations
+
+from quart import Blueprint, Response, request
+from shared.infrastructure.fragments import FRAGMENT_HEADER
+
+
+def register():
+    bp = Blueprint("fragments", __name__, url_prefix="/internal/fragments")
+
+    async def _account_nav_item():
+        from shared.infrastructure.urls import orders_url
+        href = orders_url("/")
+        return (
+            '<div class="relative nav-group">'
+            f'<a href="{href}" class="justify-center cursor-pointer flex flex-row '
+            'items-center gap-2 rounded bg-stone-200 text-black p-3" data-hx-disable>'
+            'orders</a></div>'
+        )
+
+    _handlers = {
+        "account-nav-item": _account_nav_item,
+    }
+
+    @bp.before_request
+    async def _require_fragment_header():
+        if not request.headers.get(FRAGMENT_HEADER):
+            return Response("", status=403)
+
+    @bp.get("/<fragment_type>")
+    async def get_fragment(fragment_type: str):
+        handler = _handlers.get(fragment_type)
+        if handler is None:
+            return Response("", status=200, content_type="text/html")
+        html = await handler()
+        return Response(html, status=200, content_type="text/html")
+
+    return bp

orders/bp/order/filters/qs.py

@@ -0,0 +1,74 @@
+# suma_browser/app/bp/order/filters/qs.py
+from quart import request
+
+from typing import Iterable, Optional, Union
+
+from shared.browser.app.filters.qs_base import KEEP, build_qs
+from shared.browser.app.filters.query_types import OrderQuery
+
+
+def decode() -> OrderQuery:
+    """
+    Decode current query string into an OrderQuery(page, search).
+    """
+    try:
+        page = int(request.args.get("page", 1) or 1)
+    except ValueError:
+        page = 1
+
+    search = request.args.get("search") or None
+    return OrderQuery(page, search)
+
+
+def makeqs_factory():
+    """
+    Build a makeqs(...) that starts from the current filters + page.
+
+    Behaviour:
+    - If filters change and you don't explicitly pass page,
+      the page is reset to 1 (same pattern as browse/blog).
+    - You can clear search with search=None.
+    """
+    q = decode()
+    base_search = q.search or None
+    base_page = int(q.page or 1)
+
+    def makeqs(
+        *,
+        clear_filters: bool = False,
+        search: Union[str, None, object] = KEEP,
+        page: Union[int, None, object] = None,
+        extra: Optional[Iterable[tuple]] = None,
+        leading_q: bool = True,
+    ) -> str:
+        filters_changed = False
+
+        # --- search logic ---
+        if search is KEEP and not clear_filters:
+            final_search = base_search
+        else:
+            filters_changed = True
+            final_search = (search or None)
+
+        # --- page logic ---
+        if page is None:
+            final_page = 1 if filters_changed else base_page
+        else:
+            final_page = page
+
+        # --- build params ---
+        params: list[tuple[str, str]] = []
+
+        if final_search:
+            params.append(("search", final_search))
+        if final_page is not None:
+            params.append(("page", str(final_page)))
+
+        if extra:
+            for k, v in extra:
+                if v is not None:
+                    params.append((k, str(v)))
+
+        return build_qs(params, leading_q=leading_q)
+
+    return makeqs

orders/bp/order/routes.py

@@ -0,0 +1,124 @@
+from __future__ import annotations
+
+from quart import Blueprint, g, render_template, redirect, url_for, make_response
+from sqlalchemy import select
+from sqlalchemy.orm import selectinload
+
+from shared.models.order import Order
+from shared.browser.app.payments.sumup import create_checkout as sumup_create_checkout
+from shared.config import config
+
+from shared.infrastructure.cart_identity import current_cart_identity
+from services.check_sumup_status import check_sumup_status
+from shared.browser.app.utils.htmx import is_htmx_request
+
+from .filters.qs import makeqs_factory, decode
+
+
+def _owner_filter():
+    """Return SQLAlchemy clause restricting orders to current user/session."""
+    ident = current_cart_identity()
+    if ident["user_id"]:
+        return Order.user_id == ident["user_id"]
+    if ident["session_id"]:
+        return Order.session_id == ident["session_id"]
+    return None
+
+
+def register() -> Blueprint:
+    bp = Blueprint("order", __name__, url_prefix='/<int:order_id>')
+
+    @bp.before_request
+    def route():
+        g.makeqs_factory = makeqs_factory
+
+    @bp.get("/")
+    async def order_detail(order_id: int):
+        """Show a single order + items."""
+        owner = _owner_filter()
+        if owner is None:
+            return await make_response("Order not found", 404)
+        result = await g.s.execute(
+            select(Order)
+            .options(selectinload(Order.items))
+            .where(Order.id == order_id, owner)
+        )
+        order = result.scalar_one_or_none()
+        if not order:
+            return await make_response("Order not found", 404)
+        if not is_htmx_request():
+            html = await render_template("_types/order/index.html", order=order)
+        else:
+            html = await render_template("_types/order/_oob_elements.html", order=order)
+        return await make_response(html)
+
+    @bp.get("/pay/")
+    async def order_pay(order_id: int):
+        """Re-open the SumUp payment page for this order."""
+        owner = _owner_filter()
+        if owner is None:
+            return await make_response("Order not found", 404)
+        result = await g.s.execute(select(Order).where(Order.id == order_id, owner))
+        order = result.scalar_one_or_none()
+        if not order:
+            return await make_response("Order not found", 404)
+
+        if order.status == "paid":
+            return redirect(url_for("orders.order.order_detail", order_id=order.id))
+
+        if order.sumup_hosted_url:
+            return redirect(order.sumup_hosted_url)
+
+        redirect_url = url_for("checkout.checkout_return", order_id=order.id, _external=True)
+        sumup_cfg = config().get("sumup", {}) or {}
+        webhook_secret = sumup_cfg.get("webhook_secret")
+        webhook_url = url_for("checkout.checkout_webhook", order_id=order.id, _external=True)
+        if webhook_secret:
+            from urllib.parse import urlencode
+            sep = "&" if "?" in webhook_url else "?"
+            webhook_url = f"{webhook_url}{sep}{urlencode({'token': webhook_secret})}"
+
+        checkout_data = await sumup_create_checkout(
+            order,
+            redirect_url=redirect_url,
+            webhook_url=webhook_url,
+        )
+        order.sumup_checkout_id = checkout_data.get("id")
+        order.sumup_status = checkout_data.get("status")
+        hosted_cfg = checkout_data.get("hosted_checkout") or {}
+        hosted_url = hosted_cfg.get("hosted_checkout_url") or checkout_data.get("hosted_checkout_url")
+        order.sumup_hosted_url = hosted_url
+        await g.s.flush()
+
+        if not hosted_url:
+            html = await render_template(
+                "_types/cart/checkout_error.html",
+                order=order,
+                error="No hosted checkout URL returned from SumUp when trying to reopen payment.",
+            )
+            return await make_response(html, 500)
+
+        return redirect(hosted_url)
+
+    @bp.post("/recheck/")
+    async def order_recheck(order_id: int):
+        """Manually re-check this order's status with SumUp."""
+        owner = _owner_filter()
+        if owner is None:
+            return await make_response("Order not found", 404)
+        result = await g.s.execute(select(Order).where(Order.id == order_id, owner))
+        order = result.scalar_one_or_none()
+        if not order:
+            return await make_response("Order not found", 404)
+
+        if not order.sumup_checkout_id:
+            return redirect(url_for("orders.order.order_detail", order_id=order.id))
+
+        try:
+            await check_sumup_status(g.s, order)
+        except Exception:
+            pass
+
+        return redirect(url_for("orders.order.order_detail", order_id=order.id))
+
+    return bp

orders/bp/orders/filters/qs.py

@@ -0,0 +1,77 @@
+# suma_browser/app/bp/orders/filters/qs.py
+from quart import request
+
+from typing import Iterable, Optional, Union
+
+from shared.browser.app.filters.qs_base import KEEP, build_qs
+from shared.browser.app.filters.query_types import OrderQuery
+
+
+def decode() -> OrderQuery:
+    """
+    Decode current query string into an OrderQuery(page, search).
+    """
+    try:
+        page = int(request.args.get("page", 1) or 1)
+    except ValueError:
+        page = 1
+
+    search = request.args.get("search") or None
+    return OrderQuery(page, search)
+
+
+def makeqs_factory():
+    """
+    Build a makeqs(...) that starts from the current filters + page.
+
+    Behaviour:
+    - If filters change and you don't explicitly pass page,
+      the page is reset to 1 (same pattern as browse/blog).
+    - You can clear search with search=None.
+    """
+    q = decode()
+    base_search = q.search or None
+    base_page = int(q.page or 1)
+
+    def makeqs(
+        *,
+        clear_filters: bool = False,
+        search: Union[str, None, object] = KEEP,
+        page: Union[int, None, object] = None,
+        extra: Optional[Iterable[tuple]] = None,
+        leading_q: bool = True,
+    ) -> str:
+        filters_changed = False
+
+        # --- search logic ---
+        if search is KEEP and not clear_filters:
+            final_search = base_search
+        else:
+            filters_changed = True
+            if search is KEEP:
+                final_search = None
+            else:
+                final_search = (search or None)
+
+        # --- page logic ---
+        if page is None:
+            final_page = 1 if filters_changed else base_page
+        else:
+            final_page = page
+
+        # --- build params ---
+        params: list[tuple[str, str]] = []
+
+        if final_search:
+            params.append(("search", final_search))
+        if final_page is not None:
+            params.append(("page", str(final_page)))
+
+        if extra:
+            for k, v in extra:
+                if v is not None:
+                    params.append((k, str(v)))
+
+        return build_qs(params, leading_q=leading_q)
+
+    return makeqs

orders/bp/orders/routes.py

@@ -0,0 +1,138 @@
+from __future__ import annotations
+
+from quart import Blueprint, g, render_template, redirect, url_for, make_response
+from sqlalchemy import select, func, or_, cast, String, exists
+from sqlalchemy.orm import selectinload
+
+from shared.models.order import Order, OrderItem
+
+from shared.infrastructure.http_utils import vary as _vary, current_url_without_page as _current_url_without_page
+from shared.infrastructure.cart_identity import current_cart_identity
+from shared.browser.app.utils.htmx import is_htmx_request
+from bp.order.routes import register as register_order
+
+from .filters.qs import makeqs_factory, decode
+
+
+def register(url_prefix: str) -> Blueprint:
+    bp = Blueprint("orders", __name__, url_prefix=url_prefix)
+    bp.register_blueprint(register_order())
+
+    ORDERS_PER_PAGE = 10
+
+    oob = {
+        "extends": "_types/root/_index.html",
+        "child_id": "auth-header-child",
+        "header": "_types/auth/header/_header.html",
+        "nav": "_types/auth/_nav.html",
+        "main": "_types/auth/_main_panel.html",
+    }
+
+    @bp.context_processor
+    def inject_oob():
+        return {"oob": oob}
+
+    @bp.before_request
+    def route():
+        g.makeqs_factory = makeqs_factory
+
+    @bp.before_request
+    async def _require_identity():
+        """Orders require a logged-in user or at least a cart session."""
+        ident = current_cart_identity()
+        if not ident["user_id"] and not ident["session_id"]:
+            return redirect(url_for("auth.login_form"))
+
+    @bp.get("/")
+    async def list_orders():
+        ident = current_cart_identity()
+        if ident["user_id"]:
+            owner_clause = Order.user_id == ident["user_id"]
+        elif ident["session_id"]:
+            owner_clause = Order.session_id == ident["session_id"]
+        else:
+            return redirect(url_for("auth.login_form"))
+
+        q = decode()
+        page, search = q.page, q.search
+        if page < 1:
+            page = 1
+
+        where_clause = None
+        if search:
+            term = f"%{search.strip()}%"
+            conditions = [
+                Order.status.ilike(term),
+                Order.currency.ilike(term),
+                Order.sumup_checkout_id.ilike(term),
+                Order.sumup_status.ilike(term),
+                Order.description.ilike(term),
+            ]
+            conditions.append(
+                exists(
+                    select(1)
+                    .select_from(OrderItem)
+                    .where(
+                        OrderItem.order_id == Order.id,
+                        or_(
+                            OrderItem.product_title.ilike(term),
+                            OrderItem.product_slug.ilike(term),
+                        ),
+                    )
+                )
+            )
+            try:
+                search_id = int(search)
+            except (TypeError, ValueError):
+                search_id = None
+            if search_id is not None:
+                conditions.append(Order.id == search_id)
+            else:
+                conditions.append(cast(Order.id, String).ilike(term))
+            where_clause = or_(*conditions)
+
+        count_stmt = select(func.count()).select_from(Order).where(owner_clause)
+        if where_clause is not None:
+            count_stmt = count_stmt.where(where_clause)
+
+        total_count_result = await g.s.execute(count_stmt)
+        total_count = total_count_result.scalar_one() or 0
+        total_pages = max(1, (total_count + ORDERS_PER_PAGE - 1) // ORDERS_PER_PAGE)
+
+        if page > total_pages:
+            page = total_pages
+
+        offset = (page - 1) * ORDERS_PER_PAGE
+        stmt = (
+            select(Order)
+            .where(owner_clause)
+            .order_by(Order.created_at.desc())
+            .offset(offset)
+            .limit(ORDERS_PER_PAGE)
+        )
+        if where_clause is not None:
+            stmt = stmt.where(where_clause)
+
+        result = await g.s.execute(stmt)
+        orders = result.scalars().all()
+
+        context = {
+            "orders": orders,
+            "page": page,
+            "total_pages": total_pages,
+            "search": search,
+            "search_count": total_count,
+        }
+
+        if not is_htmx_request():
+            html = await render_template("_types/orders/index.html", **context)
+        elif page > 1:
+            html = await render_template("_types/orders/_rows.html", **context)
+        else:
+            html = await render_template("_types/orders/_oob_elements.html", **context)
+
+        resp = await make_response(html)
+        resp.headers["Hx-Push-Url"] = _current_url_without_page()
+        return _vary(resp)
+
+    return bp