siftlode/backend/app/routes
npeter83 8f5e26d2ee feat(auth): email+password registration with two-gate activation (5a backend)
Add email+password auth alongside Google: argon2id hashing; users gains
password_hash/email_verified/is_active and google_sub becomes nullable (migration
0022); a single-use, hashed auth_tokens table for email verification + password
reset. Registration creates a pending (inactive, unverified) account + an access
request; sign-in needs verified email AND admin approval. Anti-enumeration: uniform
register/login/reset responses (a correct-password owner still gets a specific
pending reason). allow_registration flag (DB-tunable). Admin users-list + role
endpoint (guards: not self, not demo, not the last admin); approving access (or a
manual whitelist add) now activates the matching pending account. current_user
rejects deactivated accounts. Verified end-to-end via curl + DB.
2026-06-19 14:03:11 +02:00
..
__init__.py feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens 2026-06-11 01:01:37 +02:00
admin.py feat(auth): email+password registration with two-gate activation (5a backend) 2026-06-19 14:03:11 +02:00
channels.py refactor(quota): canonical <entity>_<action> taxonomy for quota events 2026-06-19 11:48:11 +02:00
config.py feat(config): DB-backed system_config infrastructure + SMTP group 2026-06-19 12:22:36 +02:00
feed.py refactor(quota): canonical <entity>_<action> taxonomy for quota events 2026-06-19 11:48:11 +02:00
health.py feat: M1 foundation — compose stack, FastAPI, Google OAuth, encrypted tokens 2026-06-11 01:01:37 +02:00
me.py feat(demo): hidden /auth/demo login + require_human guard 2026-06-16 09:17:21 +02:00
notifications.py feat(notifications): durable per-user inbox (P1) + maintenance schema 2026-06-18 03:20:17 +02:00
playlists.py refactor(quota): canonical <entity>_<action> taxonomy for quota events 2026-06-19 11:48:11 +02:00
quota.py feat(stats): per-user API quota attribution + admin usage page 2026-06-12 02:47:55 +02:00
scheduler.py feat(config): move operational params to DB (quota/backfill/shorts/batch) 2026-06-19 13:07:45 +02:00
sync.py refactor(quota): canonical <entity>_<action> taxonomy for quota events 2026-06-19 11:48:11 +02:00
tags.py fix(ux): modal error dialog for server-refused actions + ESC closes only the topmost 2026-06-18 01:17:31 +02:00
version.py feat(version): /api/version + build-time version/commit stamping 2026-06-15 00:06:57 +02:00