identity-plan-kit 0.3.0__tar.gz → 0.3.2__tar.gz

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/Makefile

@@ -20,6 +20,9 @@ ENV_FILE ?= $(shell \
 	else echo ""; \
 	fi)
 
+# PyPI config file (override with: make publish PYPIRC=path/to/.pypirc)
+PYPIRC ?= $(HOME)/.pypirc
+
 help: ## Show this help message
 	@echo "Usage: make [target]"
 	@echo ""
@@ -116,13 +119,33 @@ build-wheels: ## Build binary wheels for distribution
 	@echo "✓ Wheels built in dist/"
 	@ls -lh dist/*.whl
 
-publish-test: build ## Publish package to TestPyPI
+publish-test: build ## Publish package to TestPyPI (uses ~/.pypirc if present)
 	@echo "Publishing to TestPyPI..."
+ifeq ($(wildcard $(PYPIRC)),)
 	$(UV) publish --index testpypi
+else
+	@echo "Using credentials from $(PYPIRC)"
+	@TOKEN=$$(awk '/^\[testpypi\]/{found=1} found && /^password/{print $$3; exit}' $(PYPIRC)); \
+	if [ -n "$$TOKEN" ]; then \
+		$(UV) publish --index testpypi --token "$$TOKEN"; \
+	else \
+		$(UV) publish --index testpypi; \
+	fi
+endif
 
-publish: build ## Publish package to PyPI
+publish: build ## Publish package to PyPI (uses ~/.pypirc if present)
 	@echo "Publishing to PyPI..."
+ifeq ($(wildcard $(PYPIRC)),)
 	$(UV) publish
+else
+	@echo "Using credentials from $(PYPIRC)"
+	@TOKEN=$$(awk '/^\[pypi\]/{found=1} found && /^password/{print $$3; exit}' $(PYPIRC)); \
+	if [ -n "$$TOKEN" ]; then \
+		$(UV) publish --token "$$TOKEN"; \
+	else \
+		$(UV) publish; \
+	fi
+endif
 
 ci: check test-cov ## Run all CI checks (lint, format, typecheck, tests with coverage)
 	@echo "✓ All CI checks passed!"

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: identity-plan-kit
-Version: 0.3.0
+Version: 0.3.2
 Summary: Modern FastAPI library for authentication, RBAC, subscription plans, and usage tracking
 Author-email: harut <harut.avetisyan2002@gmail.com>
 License: MIT

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "identity-plan-kit"
-version = "0.3.0"
+version = "0.3.2"
 description = "Modern FastAPI library for authentication, RBAC, subscription plans, and usage tracking"
 readme = "README.md"
 authors = [
@@ -140,7 +140,7 @@ testpaths = ["tests"]
 addopts = "-v --tb=short"
 
 [tool.bumpversion]
-current_version = "0.3.0"
+current_version = "0.3.2"
 parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<patch>\\d+)"
 serialize = ["{major}.{minor}.{patch}"]
 tag = true

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/src/identity_plan_kit/plans/cache/plan_cache.py

@@ -27,6 +27,20 @@ class PlanCacheEntry:
         return datetime.now(UTC) > self.expires_at
 
 
+@dataclass
+class AllPlansCacheEntry:
+    """Cache entry for the complete list of all plans."""
+
+    plans: list[Plan]
+    expires_at: datetime
+    fetched_at: float = field(default_factory=time.monotonic)
+
+    @property
+    def is_expired(self) -> bool:
+        """Check if entry has expired."""
+        return datetime.now(UTC) > self.expires_at
+
+
 class PlanCache:
     """
     In-memory plan cache.
@@ -69,6 +83,8 @@ class PlanCache:
         self._invalidated_at: dict[str, float] = {}
         # Global invalidation timestamp for invalidate_all()
         self._global_invalidated_at: float = 0.0
+        # Cache for the complete list of all plans
+        self._all_plans_cache: AllPlansCacheEntry | None = None
 
     async def get(self, plan_code: str) -> Plan | None:
         """
@@ -174,12 +190,80 @@ class PlanCache:
         self._cache[plan_code] = entry
         return True
 
+    async def get_all(self) -> list[Plan] | None:
+        """
+        Get cached list of all plans.
+
+        This operation is lock-free for better performance under high concurrency.
+
+        Returns:
+            List of all Plan entities or None if not cached/expired
+        """
+        if not self._enabled:
+            return None
+
+        entry = self._all_plans_cache
+        if entry is None:
+            return None
+
+        if entry.is_expired:
+            return None
+
+        logger.debug("all_plans_cache_hit", count=len(entry.plans))
+        return entry.plans
+
+    async def set_all(
+        self,
+        plans: list[Plan],
+        fetched_at: float | None = None,
+    ) -> bool:
+        """
+        Cache the complete list of all plans.
+
+        Also populates individual plan entries for single-plan lookups.
+
+        Args:
+            plans: List of all Plan entities to cache
+            fetched_at: Monotonic timestamp when plans were fetched from DB.
+                If provided, rejects stale writes after invalidation.
+
+        Returns:
+            True if cached, False if rejected as stale
+        """
+        if not self._enabled:
+            return False
+
+        # Check for stale write if fetched_at is provided
+        if fetched_at is not None and fetched_at < self._global_invalidated_at:
+            logger.debug(
+                "all_plans_cache_stale_write_rejected",
+                reason="global_invalidation",
+                fetched_at=fetched_at,
+                invalidated_at=self._global_invalidated_at,
+            )
+            return False
+
+        # Cache the all-plans list
+        self._all_plans_cache = AllPlansCacheEntry(
+            plans=plans,
+            expires_at=datetime.now(UTC) + self._ttl,
+            fetched_at=fetched_at or time.monotonic(),
+        )
+
+        # Also populate individual plan entries
+        for plan in plans:
+            await self.set(plan.code, plan, fetched_at=fetched_at)
+
+        logger.debug("all_plans_cached", count=len(plans))
+        return True
+
     async def invalidate(self, plan_code: str) -> None:
         """
         Invalidate cached plan by code.
 
         Records the invalidation timestamp to prevent stale writes from
         concurrent requests that fetched data before invalidation.
+        Also invalidates the all-plans cache since it contains stale data.
 
         Args:
             plan_code: Plan code to invalidate
@@ -189,6 +273,8 @@ class PlanCache:
         self._invalidated_at[plan_code] = time.monotonic()
         # dict.pop() is atomic in Python
         self._cache.pop(plan_code, None)
+        # Also invalidate the all-plans cache since it now contains stale data
+        self._all_plans_cache = None
         logger.debug("plan_cache_invalidated", plan_code=plan_code)
 
     async def invalidate_all(self) -> None:
@@ -202,6 +288,7 @@ class PlanCache:
             # Record global invalidation timestamp BEFORE clearing
             self._global_invalidated_at = time.monotonic()
             self._cache.clear()
+            self._all_plans_cache = None
             # Also clear key-specific invalidation timestamps to prevent memory growth
             self._invalidated_at.clear()
             logger.info("plan_cache_cleared")

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/src/identity_plan_kit/plans/dependencies.py

@@ -60,16 +60,9 @@ def requires_plan(plan_code: str | None = None) -> Callable[..., Any]:
                     detail=f"Required plan: {plan_code}",
                 )
 
-        except UserPlanNotFoundError:
-            raise HTTPException(
-                status_code=status.HTTP_402_PAYMENT_REQUIRED,
-                detail="No active subscription plan",
-            ) from None
-        except PlanExpiredError:
-            raise HTTPException(
-                status_code=status.HTTP_402_PAYMENT_REQUIRED,
-                detail="Subscription plan has expired",
-            ) from None
+        except (UserPlanNotFoundError, PlanExpiredError):
+            # Let exception handlers process these with proper error codes
+            raise
 
     return Depends(dependency)
 
@@ -156,31 +149,10 @@ def requires_feature(
 
             return usage_info
 
-        except UserPlanNotFoundError:
-            raise HTTPException(
-                status_code=status.HTTP_402_PAYMENT_REQUIRED,
-                detail="No active subscription plan",
-            ) from None
-        except PlanExpiredError:
-            raise HTTPException(
-                status_code=status.HTTP_402_PAYMENT_REQUIRED,
-                detail="Subscription plan has expired",
-            ) from None
-        except FeatureNotAvailableError as e:
-            raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail=str(e),
-            ) from None
-        except QuotaExceededError as e:
-            raise HTTPException(
-                status_code=status.HTTP_429_TOO_MANY_REQUESTS,
-                detail=str(e),
-                headers={
-                    "X-Quota-Limit": str(e.limit),
-                    "X-Quota-Used": str(e.used),
-                    "X-Quota-Remaining": str(e.remaining),
-                },
-            ) from None
+        except (QuotaExceededError, UserPlanNotFoundError, PlanExpiredError, FeatureNotAvailableError):
+            # Let exception handlers process these with proper error codes
+            # Quota headers are added by quota_exceeded_handler
+            raise
 
     return Depends(dependency)
 

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/src/identity_plan_kit/plans/services/plan_service.py

@@ -1150,7 +1150,7 @@ class PlanService:
         This is an optimized method that loads all plans with their
         nested relationships in a minimal number of queries.
 
-        Plans are cached individually after being fetched for subsequent
+        Plans are cached as a complete list and individually for subsequent
         single-plan lookups.
 
         Args:
@@ -1159,15 +1159,19 @@ class PlanService:
         Returns:
             List of all Plan entities with permissions and limits
         """
+        # Check cache first
+        cached_plans = await self._plan_cache.get_all()
+        if cached_plans is not None:
+            return cached_plans
+
         # Get fetch timestamp BEFORE DB query for stale write prevention
         fetch_ts = self._plan_cache.get_fetch_timestamp()
 
         async with self._create_uow(session=session) as uow:
             plans = await uow.plans.get_all_plans()
 
-            # Cache each plan for future single-plan lookups
-            for plan in plans:
-                await self._plan_cache.set(plan.code, plan, fetched_at=fetch_ts)
+            # Cache the complete list and individual plans
+            await self._plan_cache.set_all(plans, fetched_at=fetch_ts)
 
             logger.debug(
                 "all_plans_loaded",

{identity_plan_kit-0.3.0 → identity_plan_kit-0.3.2}/src/identity_plan_kit/shared/exception_handlers.py

@@ -295,7 +295,7 @@ async def quota_exceeded_handler(request: Request, exc: QuotaExceededError) -> J
         feature=exc.feature_code,
         path=request.url.path,
     )
-    return create_error_response(
+    response = create_error_response(
         request=request,
         status_code=429,
         code=exc.code,
@@ -307,6 +307,11 @@ async def quota_exceeded_handler(request: Request, exc: QuotaExceededError) -> J
             "period": exc.period,
         },
     )
+    # Add quota headers for client visibility
+    response.headers["X-Quota-Limit"] = str(exc.limit)
+    response.headers["X-Quota-Used"] = str(exc.used)
+    response.headers["X-Quota-Remaining"] = str(exc.remaining)
+    return response
 
 
 async def plan_expired_handler(request: Request, exc: PlanExpiredError) -> JSONResponse:

identity_plan_kit-0.3.2/tests/plans/test_dependencies.py

@@ -0,0 +1,344 @@
+"""Tests for plan dependencies (requires_plan, requires_feature).
+
+These tests verify that domain exceptions propagate correctly through
+the dependency layer with proper error codes and context, not generic
+HTTPException codes.
+
+The key bug this tests for: dependencies were catching domain exceptions
+and re-raising them as HTTPException, which lost the specific error codes.
+"""
+
+from datetime import date
+from typing import Annotated
+from unittest.mock import AsyncMock, MagicMock
+from uuid import uuid4
+
+import pytest
+from fastapi import Depends, FastAPI, Response
+from starlette.testclient import TestClient
+
+from identity_plan_kit.auth.dependencies import get_current_user
+from identity_plan_kit.auth.domain.entities import User
+from identity_plan_kit.plans.dependencies import (
+    FeatureUsage,
+    requires_feature,
+    requires_plan,
+)
+from identity_plan_kit.plans.domain.exceptions import (
+    FeatureNotAvailableError,
+    PlanExpiredError,
+    QuotaExceededError,
+    UserPlanNotFoundError,
+)
+from identity_plan_kit.plans.dto.usage import UsageInfo
+from identity_plan_kit.shared.exception_handlers import register_exception_handlers
+
+
+@pytest.fixture
+def mock_user():
+    """Create a mock authenticated user."""
+    return User(
+        id=uuid4(),
+        email="test@example.com",
+        role_id=uuid4(),
+        is_active=True,
+        created_at=date.today(),
+    )
+
+
+@pytest.fixture
+def mock_plan_service():
+    """Create a mock plan service."""
+    return AsyncMock()
+
+
+@pytest.fixture
+def app_with_mocked_auth(mock_plan_service, mock_user):
+    """Create a FastAPI app with properly mocked dependencies."""
+    app = FastAPI()
+
+    # Mock the kit on app state
+    mock_kit = MagicMock()
+    mock_kit.plan_service = mock_plan_service
+    app.state.identity_plan_kit = mock_kit
+
+    # Register exception handlers
+    register_exception_handlers(app)
+
+    # Override the auth dependency to return our mock user
+    app.dependency_overrides[get_current_user] = lambda: mock_user
+
+    return app
+
+
+class TestRequiresFeatureQuotaExceeded:
+    """Test that QuotaExceededError propagates with correct error code."""
+
+    def test_quota_exceeded_returns_quota_exceeded_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """
+        QUOTA_EXCEEDED code should be returned, not RATE_LIMIT_EXCEEDED.
+
+        This was the bug: the dependency was converting QuotaExceededError
+        to HTTPException(429), which then got the generic RATE_LIMIT_EXCEEDED
+        code from http_exception_handler's status code mapping.
+        """
+        app = app_with_mocked_auth
+
+        # Configure mock to raise QuotaExceededError
+        mock_plan_service.check_and_consume_quota.side_effect = QuotaExceededError(
+            feature_code="ai_generation",
+            limit=10,
+            used=10,
+            period="daily",
+        )
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("ai_generation", consume=1)],
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 429
+        data = response.json()
+        assert data["success"] is False
+        # THIS IS THE KEY ASSERTION - must be QUOTA_EXCEEDED, not RATE_LIMIT_EXCEEDED
+        assert data["error"]["code"] == "QUOTA_EXCEEDED"
+        assert data["error"]["context"]["feature"] == "ai_generation"
+        assert data["error"]["context"]["limit"] == 10
+        assert data["error"]["context"]["used"] == 10
+        assert data["error"]["context"]["period"] == "daily"
+
+    def test_quota_exceeded_includes_headers(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """X-Quota-* headers should be set on quota exceeded."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.check_and_consume_quota.side_effect = QuotaExceededError(
+            feature_code="api_calls",
+            limit=100,
+            used=100,
+            period="monthly",
+        )
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("api_calls", consume=1)],
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 429
+        assert response.headers.get("X-Quota-Limit") == "100"
+        assert response.headers.get("X-Quota-Used") == "100"
+        assert response.headers.get("X-Quota-Remaining") == "0"
+
+
+class TestRequiresFeatureUserPlanNotFound:
+    """Test that UserPlanNotFoundError propagates with correct error code."""
+
+    def test_user_plan_not_found_returns_proper_error_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """USER_PLAN_NOT_FOUND code should be returned, not generic codes."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.check_and_consume_quota.side_effect = UserPlanNotFoundError()
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("ai_generation", consume=1)],
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 404
+        data = response.json()
+        assert data["success"] is False
+        assert data["error"]["code"] == "USER_PLAN_NOT_FOUND"
+
+
+class TestRequiresFeaturePlanExpired:
+    """Test that PlanExpiredError propagates with correct error code."""
+
+    def test_plan_expired_returns_proper_error_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """PLAN_EXPIRED code should be returned."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.check_and_consume_quota.side_effect = PlanExpiredError()
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("ai_generation", consume=1)],
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 403
+        data = response.json()
+        assert data["success"] is False
+        assert data["error"]["code"] == "PLAN_EXPIRED"
+
+
+class TestRequiresFeatureNotAvailable:
+    """Test that FeatureNotAvailableError propagates with correct error code."""
+
+    def test_feature_not_available_returns_proper_error_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """FEATURE_NOT_AVAILABLE code should be returned with context."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.check_and_consume_quota.side_effect = FeatureNotAvailableError(
+            feature_code="premium_export",
+            plan_code="free",
+        )
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("premium_export", consume=1)],
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 403
+        data = response.json()
+        assert data["success"] is False
+        assert data["error"]["code"] == "FEATURE_NOT_AVAILABLE"
+        assert data["error"]["context"]["feature"] == "premium_export"
+        assert data["error"]["context"]["plan"] == "free"
+
+
+class TestRequiresPlanErrors:
+    """Test that requires_plan dependency propagates errors correctly."""
+
+    def test_user_plan_not_found_returns_proper_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """USER_PLAN_NOT_FOUND from requires_plan should have correct code."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.get_user_plan.side_effect = UserPlanNotFoundError()
+
+        @app.get("/test")
+        async def test_endpoint(
+            _: None = requires_plan(),
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.get("/test")
+
+        assert response.status_code == 404
+        data = response.json()
+        assert data["success"] is False
+        assert data["error"]["code"] == "USER_PLAN_NOT_FOUND"
+
+    def test_plan_expired_returns_proper_code(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """PLAN_EXPIRED from requires_plan should have correct code."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.get_user_plan.side_effect = PlanExpiredError()
+
+        @app.get("/test")
+        async def test_endpoint(
+            _: None = requires_plan(),
+        ):
+            return {"success": True}
+
+        client = TestClient(app)
+        response = client.get("/test")
+
+        assert response.status_code == 403
+        data = response.json()
+        assert data["success"] is False
+        assert data["error"]["code"] == "PLAN_EXPIRED"
+
+
+class TestSuccessfulFeatureAccess:
+    """Test successful feature access returns usage info."""
+
+    def test_successful_quota_consumption(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """Successful quota consumption should return usage info and headers."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.check_and_consume_quota.return_value = UsageInfo(
+            feature_code="ai_generation",
+            used=5,
+            limit=10,
+            remaining=5,
+            period="daily",
+        )
+
+        @app.post("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("ai_generation", consume=1)],
+        ):
+            return {
+                "success": True,
+                "remaining": usage.remaining,
+            }
+
+        client = TestClient(app)
+        response = client.post("/test")
+
+        assert response.status_code == 200
+        data = response.json()
+        assert data["success"] is True
+        assert data["remaining"] == 5
+
+        # Check headers
+        assert response.headers.get("X-Quota-Limit") == "10"
+        assert response.headers.get("X-Quota-Used") == "5"
+        assert response.headers.get("X-Quota-Remaining") == "5"
+        assert response.headers.get("X-Quota-Period") == "daily"
+
+    def test_get_usage_info_only(
+        self, app_with_mocked_auth, mock_plan_service
+    ):
+        """consume=0 should just check access without consuming."""
+        app = app_with_mocked_auth
+
+        mock_plan_service.get_usage_info.return_value = UsageInfo(
+            feature_code="exports",
+            used=2,
+            limit=5,
+            remaining=3,
+            period="monthly",
+        )
+
+        @app.get("/test")
+        async def test_endpoint(
+            usage: Annotated[UsageInfo, requires_feature("exports", consume=0)],
+        ):
+            return {
+                "success": True,
+                "remaining": usage.remaining,
+            }
+
+        client = TestClient(app)
+        response = client.get("/test")
+
+        assert response.status_code == 200
+        # Verify get_usage_info was called, not check_and_consume_quota
+        mock_plan_service.get_usage_info.assert_called_once()
+        mock_plan_service.check_and_consume_quota.assert_not_called()