feat(auth): PG migration + grade field + routing + settings

Phase 1 of auth-and-beginner-flow plan:

- Migrate auth from SheetsClient to PgMemberRepository
  - login(): sheets.find_row → repo.find_by_email
  - register(): sheets.append_row → repo.create
- Add grade field to RegisterRequest and members table
- RegisterResponse returns routing ("beginner" | "conversion")
  based on admin-configurable grade_threshold setting
- New setting package: key-value admin settings (app_settings table)
- Migration 003: grade column + app_settings table
- PgMemberRepository: add find_by_email, create, update_status

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ImTotem

alembic/versions/003_grade_and_settings.py

@@ -0,0 +1,30 @@
+"""add grade column and app_settings table
+
+Revision ID: 003
+Revises: 002
+"""
+
+import sqlalchemy as sa
+from alembic import op
+
+revision = "003"
+down_revision = "002"
+
+
+def upgrade() -> None:
+    op.add_column("members", sa.Column("grade", sa.String))
+    op.create_table(
+        "app_settings",
+        sa.Column("key", sa.String, primary_key=True),
+        sa.Column("value", sa.String, nullable=False),
+        sa.Column("updated_at", sa.String),
+        sa.Column("updated_by", sa.String),
+    )
+    op.execute(
+        "INSERT INTO app_settings (key, value) VALUES ('grade_threshold', '3')"
+    )
+
+
+def downgrade() -> None:
+    op.drop_table("app_settings")
+    op.drop_column("members", "grade")

src/bcsd_api/auth/router.py

@@ -1,11 +1,12 @@
 from fastapi import APIRouter, Depends, Response
+from sqlalchemy import Connection
 
 from bcsd_api.config import Settings
 from bcsd_api.dependencies import (
-    current_user, get_email_sender, get_settings, get_sheets,
+    current_user, get_conn, get_email_sender, get_member_repo, get_settings,
 )
 from bcsd_api.email.sender import EmailSender
-from bcsd_api.sheets.client import SheetsClient
+from bcsd_api.member.pg_repository import PgMemberRepository
 
 from . import service
 from .schema import (
@@ -16,6 +17,7 @@
     MeResponse,
     MessageResponse,
     RegisterRequest,
+    RegisterResponse,
     VerifyEmailRequest,
 )
 
@@ -39,9 +41,9 @@ def post_login(
     body: LoginRequest,
     response: Response,
     settings: Settings = Depends(get_settings),
-    sheets: SheetsClient = Depends(get_sheets),
+    repo: PgMemberRepository = Depends(get_member_repo),
 ) -> LoginResponse:
-    token = service.login(body.google_token, settings, sheets)
+    token = service.login(body.google_token, settings, repo)
     _set_cookie(response, token, settings)
     return LoginResponse(access_token=token)
 
@@ -61,20 +63,22 @@ def post_confirm(body: ConfirmEmailRequest) -> ConfirmEmailResponse:
     return ConfirmEmailResponse(verified=result)
 
 
-@router.post("/register", response_model=LoginResponse)
+@router.post("/register", response_model=RegisterResponse)
 def post_register(
     body: RegisterRequest,
     response: Response,
     settings: Settings = Depends(get_settings),
-    sheets: SheetsClient = Depends(get_sheets),
-) -> LoginResponse:
-    token = service.register(
+    repo: PgMemberRepository = Depends(get_member_repo),
+    conn: Connection = Depends(get_conn),
+) -> RegisterResponse:
+    token, routing = service.register(
         body.google_token, body.name, body.department,
         body.student_id, body.school_email,
-        body.phone, body.track, settings, sheets,
+        body.phone, body.track, body.grade,
+        settings, repo, conn,
     )
     _set_cookie(response, token, settings)
-    return LoginResponse(access_token=token)
+    return RegisterResponse(access_token=token, routing=routing)
 
 
 @router.get("/me", response_model=MeResponse)

src/bcsd_api/auth/schema.py

@@ -31,6 +31,13 @@ class RegisterRequest(BaseModel):
     school_email: str
     phone: str
     track: str
+    grade: str
+
+
+class RegisterResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    routing: str
 
 
 class MeResponse(BaseModel):

src/bcsd_api/auth/service.py

@@ -1,20 +1,25 @@
 from datetime import datetime
 
+from sqlalchemy import Connection, select
+
 from bcsd_api.config import Settings
 from bcsd_api.email.sender import EmailSender
 from bcsd_api.exception import Conflict, Unauthorized
 from bcsd_api.id_gen import generate_id
-from bcsd_api.sheets.client import SheetsClient
+from bcsd_api.member.pg_repository import PgMemberRepository
+from bcsd_api.tables import app_settings
+from bcsd_api.timezone import KST
 
 from . import google as google_auth
 from . import token as jwt_token
 from . import verify
-from bcsd_api.timezone import KST
 
 
-def login(google_token: str, settings: Settings, sheets: SheetsClient) -> str:
+def login(
+    google_token: str, settings: Settings, repo: PgMemberRepository,
+) -> str:
     profile = google_auth.verify_token(google_token, settings.google_client_id)
-    member = sheets.find_row("members", "email", profile["email"])
+    member = repo.find_by_email(profile["email"])
     if not member:
         raise Unauthorized("member not found, registration required")
     payload = {"sub": member["id"], "email": profile["email"]}
@@ -30,26 +35,22 @@ def confirm_verify(email: str, code: str) -> bool:
 
 
 def register(
-    google_token: str,
-    name: str,
-    department: str,
-    student_id: str,
-    school_email: str,
-    phone: str,
-    track: str,
-    settings: Settings,
-    sheets: SheetsClient,
-) -> str:
+    google_token: str, name: str, department: str,
+    student_id: str, school_email: str, phone: str,
+    track: str, grade: str,
+    settings: Settings, repo: PgMemberRepository, conn: Connection,
+) -> tuple[str, str]:
     profile = google_auth.verify_token(google_token, settings.google_client_id)
-    _check_duplicate(profile["email"], sheets)
+    _check_duplicate(profile["email"], repo)
     member_id = generate_id("M")
     row = _build_row(
         member_id, name, profile["email"],
-        department, student_id, school_email, phone, track,
+        department, student_id, school_email, phone, track, grade,
     )
-    sheets.append_row("members", row)
-    payload = {"sub": member_id, "email": profile["email"]}
-    return _issue_jwt(payload, settings)
+    repo.create(row)
+    routing = _resolve_routing(grade, conn)
+    token = _issue_jwt({"sub": member_id, "email": profile["email"]}, settings)
+    return token, routing
 
 
 def _issue_jwt(payload: dict, settings: Settings) -> str:
@@ -59,8 +60,8 @@ def _issue_jwt(payload: dict, settings: Settings) -> str:
     )
 
 
-def _check_duplicate(email: str, sheets: SheetsClient) -> None:
-    if sheets.find_row("members", "email", email):
+def _check_duplicate(email: str, repo: PgMemberRepository) -> None:
+    if repo.find_by_email(email):
         raise Conflict("member already registered")
 
 
@@ -71,24 +72,34 @@ def _now_kst() -> str:
 def _build_row(
     member_id: str, name: str, email: str,
     department: str, student_id: str,
-    school_email: str, phone: str, track: str,
+    school_email: str, phone: str, track: str, grade: str,
 ) -> dict:
     now = _now_kst()
-    base = _base_fields(member_id, name, email)
-    extra = {
+    return {
+        "id": member_id, "name": name, "email": email,
         "department": department, "student_id": student_id,
-        "school_email": school_email, "phone": phone, "track": track,
+        "school_email": school_email, "phone": phone,
+        "track": track, "grade": grade,
+        "status": "Beginner", "team": "", "payment_status": "미납",
+        "join_date": now, "last_updated": now,
     }
-    timestamps = {"join_date": now, "last_updated": now}
-    return {**base, **extra, **timestamps}
 
 
-def _base_fields(member_id: str, name: str, email: str) -> dict:
-    return {
-        "id": member_id,
-        "name": name,
-        "email": email,
-        "status": "Beginner",
-        "team": "",
-        "payment_status": "미납",
-    }
+_GRADE_MAP = {"1학년": 1, "2학년": 2, "3학년": 3, "4학년": 4, "대학원": 5}
+
+
+def _resolve_routing(grade: str, conn: Connection) -> str:
+    threshold = _grade_threshold(conn)
+    level = _GRADE_MAP.get(grade, 1)
+    if level >= threshold:
+        return "conversion"
+    return "beginner"
+
+
+def _grade_threshold(conn: Connection) -> int:
+    row = conn.execute(
+        select(app_settings.c.value).where(app_settings.c.key == "grade_threshold"),
+    ).first()
+    if not row:
+        return 3
+    return int(row[0])

src/bcsd_api/dependencies.py

@@ -12,6 +12,7 @@
 from .email.sender import EmailSender
 from .exception import Unauthorized
 from .member.pg_repository import PgMemberRepository
+from .setting.pg_repository import PgSettingRepository
 from .sheets.client import SheetsClient
 from .shorten.pg_repository import PgLinkRepository
 
@@ -67,6 +68,10 @@ def get_link_repo(conn: Connection = Depends(get_conn)) -> PgLinkRepository:
     return PgLinkRepository(conn)
 
 
+def get_setting_repo(conn: Connection = Depends(get_conn)) -> PgSettingRepository:
+    return PgSettingRepository(conn)
+
+
 def current_user(
     request: Request,
     settings: Settings = Depends(get_settings),

src/bcsd_api/graphql/context.py

@@ -8,18 +8,21 @@
     get_conn,
     get_link_repo,
     get_member_repo,
+    get_setting_repo,
     get_settings,
 )
 from bcsd_api.exception import Unauthorized
 from bcsd_api.member.pg_repository import PgMemberRepository
+from bcsd_api.setting.pg_repository import PgSettingRepository
 from bcsd_api.shorten.pg_repository import PgLinkRepository
 
 
 class GqlContext(BaseContext):
-    def __init__(self, conn, member_repo, link_repo, user):
+    def __init__(self, conn, member_repo, link_repo, setting_repo, user):
         self.conn = conn
         self.member_repo = member_repo
         self.link_repo = link_repo
+        self.setting_repo = setting_repo
         self.user = user
 
 
@@ -42,11 +45,13 @@ async def context_getter(
     conn: Connection = Depends(get_conn),
     member_repo: PgMemberRepository = Depends(get_member_repo),
     link_repo: PgLinkRepository = Depends(get_link_repo),
+    setting_repo: PgSettingRepository = Depends(get_setting_repo),
 ) -> GqlContext:
     user = _try_auth(request, settings)
     return GqlContext(
         conn=conn,
         member_repo=member_repo,
         link_repo=link_repo,
+        setting_repo=setting_repo,
         user=user,
     )

src/bcsd_api/graphql/schema.py

@@ -7,6 +7,7 @@
 
 from bcsd_api.exception.base import AppException
 from bcsd_api.member import resolvers as member_resolvers
+from bcsd_api.setting import resolvers as setting_resolvers
 from bcsd_api.member.types import (
     FiltersType,
     MeType,
@@ -44,6 +45,8 @@ def health(self) -> str:
     link: LinkDetailType = strawberry.field(resolver=link_resolvers.resolve_link)
     link_filters: LinkFiltersType = strawberry.field(resolver=link_resolvers.resolve_link_filters)
 
+    setting: str | None = strawberry.field(resolver=setting_resolvers.resolve_setting)
+
 
 @strawberry.type
 class Mutation:
@@ -52,6 +55,8 @@ class Mutation:
     toggle_link: LinkType = strawberry.mutation(resolver=link_resolvers.resolve_toggle)
     delete_link: bool = strawberry.mutation(resolver=link_resolvers.resolve_delete)
 
+    set_setting: bool = strawberry.mutation(resolver=setting_resolvers.resolve_set_setting)
+
 
 logger = logging.getLogger("strawberry.execution")
 

src/bcsd_api/member/pg_repository.py

@@ -1,4 +1,4 @@
-from sqlalchemy import Connection
+from sqlalchemy import Connection, insert, select, update
 
 from bcsd_api.repository import BaseRepository
 from bcsd_api.tables import members
@@ -7,3 +7,19 @@
 class PgMemberRepository(BaseRepository):
     def __init__(self, conn: Connection):
         super().__init__(conn, members)
+
+    def find_by_email(self, email: str) -> dict | None:
+        row = self._conn.execute(
+            select(members).where(members.c.email == email),
+        ).first()
+        if not row:
+            return None
+        return row._asdict()
+
+    def create(self, row: dict) -> None:
+        self._conn.execute(insert(members).values(**row))
+
+    def update_status(self, member_id: str, status: str) -> None:
+        self._conn.execute(
+            update(members).where(members.c.id == member_id).values(status=status),
+        )

src/bcsd_api/setting/__init__.py

@@ -0,0 +1,36 @@
+from sqlalchemy import Connection, select
+
+from bcsd_api.tables import app_settings
+
+
+class PgSettingRepository:
+    def __init__(self, conn: Connection):
+        self._conn = conn
+
+    def get(self, key: str) -> str | None:
+        row = self._conn.execute(
+            select(app_settings.c.value).where(app_settings.c.key == key),
+        ).first()
+        if not row:
+            return None
+        return row[0]
+
+    def upsert(self, key: str, value: str, updated_by: str) -> None:
+        from datetime import datetime
+
+        from bcsd_api.timezone import KST
+
+        now = datetime.now(KST).strftime("%Y-%m-%d %H:%M:%S")
+        existing = self.get(key)
+        if existing is not None:
+            self._conn.execute(
+                app_settings.update().where(app_settings.c.key == key).values(
+                    value=value, updated_at=now, updated_by=updated_by,
+                ),
+            )
+            return
+        self._conn.execute(
+            app_settings.insert().values(
+                key=key, value=value, updated_at=now, updated_by=updated_by,
+            ),
+        )