ClassroomCopilot/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: explicit apikey header + resilient dev-stack seed-count baselines
Some checks failed
api-ci-deploy / test-build-deploy (push) Has been cancelled
Details

Browse Source 
- client.py: set apikey explicitly in _create_base_client headers (Kong needs it
  on every request; for per-user clients apikey stays anon while Authorization
  carries the user JWT). Fixes the 2 stale header unit tests that asserted apikey
  in options.headers, and is robust against supabase-py default-header changes.
- test_dev_stack: exact == seed counts → >= baselines. The greenfield seed sets a
  floor; additive exam-marker fixtures (S4-4 cohort) legitimately push live .94
  counts above the old snapshot. >= still catches a broken/missing seed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
CC Worker 2026-06-06 19:25:39 +00:00
parent 49f84655f7
commit f3da9f3b59
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/database/supabase/utils/client.py
View File

@ -23,8 +23,13 @@ def _create_base_client(url: str, key: str, access_token: Optional[str] = None,
# If an access token is provided, use it for Authorization (enables per-user RLS)
# Otherwise fall back to the API key
auth_header = f"Bearer {access_token}" if access_token else f"Bearer {key}"
# apikey is required by the Supabase gateway (Kong) on every request and is independent of
# Authorization: for a per-user client apikey stays the anon key while Authorization carries
# the user's JWT (so RLS sees auth.uid()). Set it explicitly rather than relying on
# create_client's internal default-header behaviour, which our options.headers override.
headers = {
"apikey": key,
"Authorization": auth_header,
}
if options:

14
tests/test_dev_stack.py
View File

@ -55,15 +55,19 @@ def test_dev_api_health_endpoint_is_healthy():
assert payload['services']['redis']['database'] == 0
# NOTE: these are >= baselines, not exact counts. The greenfield seed produces this floor;
# additive exam-marker fixtures (S4-4 cohort adds ~10 students/memberships; ad-hoc classes) push
# the live .94 counts above it. Exact == froze a snapshot that any new fixture breaks, while >=
# still catches a broken or missing seed.
def test_supabase_dev_seed_core_counts():
assert _rest_count('profiles') == 21
assert _rest_count('institute_memberships') == 21
assert _rest_count('institutes') == 2
assert _rest_count('profiles') >= 21
assert _rest_count('institute_memberships') >= 21
assert _rest_count('institutes') >= 2
def test_supabase_dev_seed_timetable_counts():
assert _rest_count('classes') == 17
assert _rest_count('taught_lessons') == 1462
assert _rest_count('classes') >= 17
assert _rest_count('taught_lessons') >= 1462
def test_runtime_identity_does_not_expose_secret_values():