feat: build core API, fraud engine, notifier, and frontend

Phase 1 — Core API (Go): - Events, guests, tokens, RSVPs CRUD on PostgreSQL via pgx/v5 - HMAC-signed per-guest tokens with format validation - Health endpoint with DB ping, slog JSON logging, graceful shutdown Phase 2 — NATS + Fraud Engine: - NATS JetStream pub/sub with explicit-ack consumers - Python/FastAPI fraud engine with heuristic risk scoring (fingerprint mismatch, IP change, missing signals, repeated access) - gRPC sync scoring with 250ms fail-open timeout - Per-guest baseline tracking; risk bands low/medium/high/block Phase 3 — Notifications + Frontend: - Notification worker scaffolding (Twilio/SES stubs, retry/backoff) - Nuxt 3 frontend with Tailwind dark theme + brand green - Live monitor via WebSocket with auto-reconnect - Activity history endpoint backfills monitor with RSVPs + scored access checks (including blocked attempts) UX polish: - Marketing-friendly landing page (hero mockup, how-it-works, features, use cases, testimonials, FAQ, final CTA) - Animated layered card mockups on landing + new-event page - Plus-ones stepper, RSVP status badges, filter buttons - Friendly access-check labels (Verified/Review/Suspicious/Blocked) - Dashboard hydration fix via ClientOnly wrapper Infrastructure: - docker-compose for full local dev (postgres, nats, api, fraud-engine, notifier, frontend) - Multi-stage Dockerfiles, non-root UID 1000 - Integration tests with testcontainers-go Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-11 21:08:56 +01:00
parent f760fc3e21
commit 3f8bc58ca9
89 changed files with 22729 additions and 0 deletions
@@ -0,0 +1,111 @@
+"""Integration test for the gRPC FraudService over an in-process channel."""
+
+from __future__ import annotations
+
+from uuid import uuid4
+
+import grpc
+import pytest
+
+from app.grpc_server import FraudServicer, serve_grpc, stop_grpc
+from app.scoring import HeuristicScorer
+from fraud.v1 import fraud_pb2, fraud_pb2_grpc
+
+
+@pytest.mark.asyncio
+async def test_score_low_risk_first_access():
+    scorer = HeuristicScorer()
+    server = await serve_grpc(scorer, "127.0.0.1:0")
+    # add_insecure_port returns 0 so we need to fish out the actual bound port via _server's state.
+    # Easier: rebind on a known free port for the test.
+    await stop_grpc(server)
+
+    addr = "127.0.0.1:50951"
+    server = await serve_grpc(scorer, addr)
+    try:
+        async with grpc.aio.insecure_channel(addr) as channel:
+            stub = fraud_pb2_grpc.FraudServiceStub(channel)
+            resp = await stub.Score(
+                fraud_pb2.ScoreRequest(
+                    event_id=str(uuid4()),
+                    guest_id=str(uuid4()),
+                    token_id=str(uuid4()),
+                    access_log_id=str(uuid4()),
+                    fingerprint={"ua": "Chrome", "platform": "macOS"},
+                    ip_address="203.0.113.7",
+                    user_agent="Mozilla/5.0",
+                ),
+                timeout=2.0,
+            )
+            assert resp.score <= 30
+            assert resp.risk == fraud_pb2.RISK_LOW
+    finally:
+        await stop_grpc(server)
+
+
+@pytest.mark.asyncio
+async def test_score_high_risk_after_baseline_change():
+    scorer = HeuristicScorer()
+    addr = "127.0.0.1:50952"
+    server = await serve_grpc(scorer, addr)
+    try:
+        guest_id = str(uuid4())
+        async with grpc.aio.insecure_channel(addr) as channel:
+            stub = fraud_pb2_grpc.FraudServiceStub(channel)
+
+            await stub.Score(
+                fraud_pb2.ScoreRequest(
+                    event_id=str(uuid4()),
+                    guest_id=guest_id,
+                    token_id=str(uuid4()),
+                    access_log_id=str(uuid4()),
+                    fingerprint={"ua": "Chrome"},
+                    ip_address="203.0.113.7",
+                    user_agent="Mozilla/5.0",
+                ),
+                timeout=2.0,
+            )
+
+            resp = await stub.Score(
+                fraud_pb2.ScoreRequest(
+                    event_id=str(uuid4()),
+                    guest_id=guest_id,
+                    token_id=str(uuid4()),
+                    access_log_id=str(uuid4()),
+                    fingerprint={"ua": "curl/8"},
+                    ip_address="198.51.100.42",
+                    user_agent="",
+                ),
+                timeout=2.0,
+            )
+            assert resp.score >= 60
+            assert resp.risk in {fraud_pb2.RISK_HIGH, fraud_pb2.RISK_BLOCK}
+    finally:
+        await stop_grpc(server)
+
+
+@pytest.mark.asyncio
+async def test_invalid_uuid_returns_invalid_argument():
+    scorer = HeuristicScorer()
+    addr = "127.0.0.1:50953"
+    server = await serve_grpc(scorer, addr)
+    try:
+        async with grpc.aio.insecure_channel(addr) as channel:
+            stub = fraud_pb2_grpc.FraudServiceStub(channel)
+            with pytest.raises(grpc.RpcError) as excinfo:
+                await stub.Score(
+                    fraud_pb2.ScoreRequest(
+                        event_id="not-a-uuid",
+                        guest_id=str(uuid4()),
+                        token_id=str(uuid4()),
+                    ),
+                    timeout=2.0,
+                )
+            assert excinfo.value.code() == grpc.StatusCode.INVALID_ARGUMENT
+    finally:
+        await stop_grpc(server)
+
+
+def test_servicer_constructs():
+    # Ensures the servicer wires up against the generated stub.
+    FraudServicer(HeuristicScorer())
@@ -0,0 +1,81 @@
+from datetime import UTC, datetime
+from uuid import uuid4
+
+from app.schemas import AccessAttempted
+from app.scoring import HeuristicScorer, risk_band
+
+
+def _evt(
+    *,
+    guest_id=None,
+    fingerprint=None,
+    ip=None,
+    user_agent="Mozilla/5.0",
+):
+    return AccessAttempted(
+        event_id=uuid4(),
+        guest_id=guest_id or uuid4(),
+        token_id=uuid4(),
+        access_log_id=uuid4(),
+        fingerprint=fingerprint,
+        ip_address=ip,
+        user_agent=user_agent,
+        occurred_at=datetime.now(UTC),
+    )
+
+
+def test_first_access_with_full_signals_is_low_risk():
+    scorer = HeuristicScorer()
+    evt = _evt(
+        fingerprint={"ua": "Chrome", "platform": "macOS"},
+        ip="203.0.113.7",
+    )
+    res = scorer.score(evt)
+    assert res.score <= 30
+    assert risk_band(res.score) == "low"
+
+
+def test_fingerprint_change_drives_score_up():
+    scorer = HeuristicScorer()
+    guest = uuid4()
+    first = _evt(guest_id=guest, fingerprint={"ua": "Chrome"}, ip="203.0.113.7")
+    scorer.score(first)
+
+    second = _evt(guest_id=guest, fingerprint={"ua": "Safari"}, ip="203.0.113.7")
+    res = scorer.score(second)
+
+    assert res.score >= 40
+    assert any("fingerprint" in r for r in res.reasons)
+
+
+def test_ip_change_and_fingerprint_change_classify_high_or_block():
+    scorer = HeuristicScorer()
+    guest = uuid4()
+    scorer.score(_evt(guest_id=guest, fingerprint={"ua": "Chrome"}, ip="203.0.113.7"))
+
+    suspicious = _evt(
+        guest_id=guest,
+        fingerprint={"ua": "Curl/8"},
+        ip="198.51.100.42",
+        user_agent=None,
+    )
+    res = scorer.score(suspicious)
+
+    assert res.score >= 60
+    assert risk_band(res.score) in {"high", "block"}
+
+
+def test_missing_fingerprint_and_user_agent_flagged():
+    scorer = HeuristicScorer()
+    res = scorer.score(_evt(fingerprint=None, ip="203.0.113.1", user_agent=None))
+    assert "no device fingerprint provided" in res.reasons
+    assert "missing user agent" in res.reasons
+
+
+def test_score_clamped_to_0_100():
+    scorer = HeuristicScorer()
+    # 10 successive accesses with no fingerprint, no UA, changing IPs
+    guest = uuid4()
+    for i in range(12):
+        res = scorer.score(_evt(guest_id=guest, fingerprint=None, ip=f"10.0.{i}.1", user_agent=None))
+        assert 0 <= res.score <= 100