feat(m5c): onboarding — DB invites, request-access, admin approval, email

Move the access whitelist from the ALLOWED_EMAILS env var into a DB Invite table
(env kept as bootstrap fallback), and add a self-service request + admin approval
flow with fail-soft email.

- models: Invite(email, status pending|approved|denied, requested_at, decided_*)
- migration 0008: invites table; seed env ALLOWED_EMAILS u ADMIN_EMAILS as approved
- auth: is_allowed() (DB-first, env fallback); a denied Google login records a pending
  request and bounces to /?access=requested instead of a raw 403; public POST
  /auth/request-access; upsert is idempotent so repeats don't re-spam admins
- routes/admin.py (admin-only): list/approve/deny invites + manual add
- email.py: smtplib + Gmail App Password, fail-soft (skips if SMTP unset)
- /api/me exposes pending_invites; config + .env.example gain SMTP_*
- UI: Login 'Request access' form + access=requested/denied handling; Settings ->
  Access requests (approve/deny + add); admin nudge toast on pending requests

Verified locally: request-access creates a pending invite and emails the admin;
seed approved npeter83; guinea-pig yt.trash2023 denied until approved.
This commit is contained in:
npeter83 2026-06-12 01:43:07 +02:00
parent a4b1ea5c19
commit d9caf12202
13 changed files with 605 additions and 15 deletions

View file

@ -1,4 +1,33 @@
import { useState } from "react";
import { api } from "../lib/api";
type Phase = "idle" | "sending" | "requested" | "approved" | "error";
export default function Login() {
// A denied Google login bounces back here with ?access=requested (we recorded it) or
// ?access=denied (no usable email). Surface that so the user isn't left on a raw error.
const params = new URLSearchParams(window.location.search);
const bounced = params.get("access"); // "requested" | "denied" | null
const [email, setEmail] = useState("");
const [phase, setPhase] = useState<Phase>(bounced === "requested" ? "requested" : "idle");
const [error, setError] = useState("");
async function submit(e: React.FormEvent) {
e.preventDefault();
setError("");
setPhase("sending");
try {
const r = await api.requestAccess(email.trim());
setPhase(r.status === "approved" ? "approved" : "requested");
} catch {
setError("Couldn't submit — check the address and try again.");
setPhase("error");
}
}
const done = phase === "requested" || phase === "approved";
return (
<div className="min-h-screen grid place-items-center bg-bg text-fg">
<div className="glass w-[min(92vw,420px)] rounded-2xl p-10 text-center">
@ -16,7 +45,47 @@ export default function Login() {
>
Sign in with Google
</a>
<div className="text-xs text-muted mt-6">Invite-only access.</div>
<div className="mt-7 pt-6 border-t border-border text-left">
{phase === "approved" ? (
<p className="text-sm text-fg/80">
You're already approved just sign in with Google above.
</p>
) : done ? (
<p className="text-sm text-fg/80">
Thanks your request is in. We'll email you when it's approved.
</p>
) : (
<>
<div className="text-xs uppercase tracking-wide text-muted mb-2">
No access yet?
</div>
{bounced === "denied" && (
<p className="text-xs text-muted mb-2">
That Google account isn't approved. Request access below.
</p>
)}
<form onSubmit={submit} className="flex items-center gap-2">
<input
type="email"
required
value={email}
onChange={(e) => setEmail(e.target.value)}
placeholder="you@gmail.com"
className="flex-1 min-w-0 bg-card border border-border rounded-xl px-3 py-2 text-sm outline-none focus:border-accent"
/>
<button
type="submit"
disabled={phase === "sending"}
className="shrink-0 px-3 py-2 rounded-xl text-sm font-semibold bg-card border border-border hover:border-accent disabled:opacity-50 transition"
>
{phase === "sending" ? "Sending…" : "Request access"}
</button>
</form>
{error && <p className="text-xs text-red-400 mt-2">{error}</p>}
</>
)}
</div>
</div>
</div>
);