giles
dd52417241
page_configs table lives in db_cart but blog was querying it directly, causing UndefinedTableError. Move all PageConfig read/write endpoints to cart service and have blog proxy via fetch_data/call_action. Also fix OAuth callback to use code_hash lookup (codes are now stored hashed) and pass grant_token in redirect URL to prevent auth loops. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
"""Blog app action endpoints.
|
|
|
|
Exposes write operations at ``/internal/actions/<action_name>`` for
|
|
cross-app callers via the internal action client.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from quart import Blueprint, g, jsonify, request
|
|
|
|
from shared.infrastructure.actions import ACTION_HEADER
|
|
|
|
|
|
def register() -> Blueprint:
|
|
bp = Blueprint("actions", __name__, url_prefix="/internal/actions")
|
|
|
|
@bp.before_request
|
|
async def _require_action_header():
|
|
if not request.headers.get(ACTION_HEADER):
|
|
return jsonify({"error": "forbidden"}), 403
|
|
from shared.infrastructure.internal_auth import validate_internal_request
|
|
if not validate_internal_request():
|
|
return jsonify({"error": "forbidden"}), 403
|
|
|
|
_handlers: dict[str, object] = {}
|
|
|
|
@bp.post("/<action_name>")
|
|
async def handle_action(action_name: str):
|
|
handler = _handlers.get(action_name)
|
|
if handler is None:
|
|
return jsonify({"error": "unknown action"}), 404
|
|
result = await handler()
|
|
return jsonify(result or {"ok": True})
|
|
|
|
# --- update-page-config (proxy to cart, where page_configs table lives) ---
|
|
async def _update_page_config():
|
|
"""Create or update a PageConfig — proxies to cart service."""
|
|
from shared.infrastructure.actions import call_action
|
|
|
|
data = await request.get_json(force=True)
|
|
return await call_action("cart", "update-page-config", payload=data)
|
|
|
|
_handlers["update-page-config"] = _update_page_config
|
|
|
|
return bp
|