feat(m5c): onboarding — DB invites, request-access, admin approval, email
Move the access whitelist from the ALLOWED_EMAILS env var into a DB Invite table (env kept as bootstrap fallback), and add a self-service request + admin approval flow with fail-soft email. - models: Invite(email, status pending|approved|denied, requested_at, decided_*) - migration 0008: invites table; seed env ALLOWED_EMAILS u ADMIN_EMAILS as approved - auth: is_allowed() (DB-first, env fallback); a denied Google login records a pending request and bounces to /?access=requested instead of a raw 403; public POST /auth/request-access; upsert is idempotent so repeats don't re-spam admins - routes/admin.py (admin-only): list/approve/deny invites + manual add - email.py: smtplib + Gmail App Password, fail-soft (skips if SMTP unset) - /api/me exposes pending_invites; config + .env.example gain SMTP_* - UI: Login 'Request access' form + access=requested/denied handling; Settings -> Access requests (approve/deny + add); admin nudge toast on pending requests Verified locally: request-access creates a pending invite and emails the admin; seed approved npeter83; guinea-pig yt.trash2023 denied until approved.
This commit is contained in:
parent
d6ca4ccd4e
commit
49ab652692
13 changed files with 605 additions and 15 deletions
58
backend/alembic/versions/0008_invites.py
Normal file
58
backend/alembic/versions/0008_invites.py
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
"""invites: DB-backed access whitelist / request queue
|
||||
|
||||
Revision ID: 0008_invites
|
||||
Revises: 0007_deep_requested
|
||||
Create Date: 2026-06-12
|
||||
"""
|
||||
from typing import Sequence, Union
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
from app.config import settings
|
||||
|
||||
revision: str = "0008_invites"
|
||||
down_revision: Union[str, None] = "0007_deep_requested"
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
op.create_table(
|
||||
"invites",
|
||||
sa.Column("id", sa.Integer(), primary_key=True),
|
||||
sa.Column("email", sa.String(length=320), nullable=False),
|
||||
sa.Column(
|
||||
"status", sa.String(length=16), nullable=False, server_default="pending"
|
||||
),
|
||||
sa.Column("note", sa.Text(), nullable=True),
|
||||
sa.Column(
|
||||
"requested_at",
|
||||
sa.DateTime(timezone=True),
|
||||
server_default=sa.func.now(),
|
||||
nullable=False,
|
||||
),
|
||||
sa.Column("decided_at", sa.DateTime(timezone=True), nullable=True),
|
||||
sa.Column("decided_by", sa.String(length=320), nullable=True),
|
||||
)
|
||||
op.create_index("ix_invites_email", "invites", ["email"], unique=True)
|
||||
|
||||
# Seed the current env-based whitelist as already-approved invites so existing access
|
||||
# is preserved and shows up in the admin UI. Idempotent on re-run via the unique email.
|
||||
seed = sorted(settings.allowed_email_set | settings.admin_email_set)
|
||||
if seed:
|
||||
invites = sa.table(
|
||||
"invites",
|
||||
sa.column("email", sa.String),
|
||||
sa.column("status", sa.String),
|
||||
sa.column("decided_by", sa.String),
|
||||
)
|
||||
op.bulk_insert(
|
||||
invites,
|
||||
[{"email": e, "status": "approved", "decided_by": "seed"} for e in seed],
|
||||
)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
op.drop_index("ix_invites_email", table_name="invites")
|
||||
op.drop_table("invites")
|
||||
Loading…
Add table
Add a link
Reference in a new issue