siftlode/backend/app/routes/me.py
npeter83 2add173760 feat(m5c): onboarding — DB invites, request-access, admin approval, email
Move the access whitelist from the ALLOWED_EMAILS env var into a DB Invite table
(env kept as bootstrap fallback), and add a self-service request + admin approval
flow with fail-soft email.

- models: Invite(email, status pending|approved|denied, requested_at, decided_*)
- migration 0008: invites table; seed env ALLOWED_EMAILS u ADMIN_EMAILS as approved
- auth: is_allowed() (DB-first, env fallback); a denied Google login records a pending
  request and bounces to /?access=requested instead of a raw 403; public POST
  /auth/request-access; upsert is idempotent so repeats don't re-spam admins
- routes/admin.py (admin-only): list/approve/deny invites + manual add
- email.py: smtplib + Gmail App Password, fail-soft (skips if SMTP unset)
- /api/me exposes pending_invites; config + .env.example gain SMTP_*
- UI: Login 'Request access' form + access=requested/denied handling; Settings ->
  Access requests (approve/deny + add); admin nudge toast on pending requests

Verified locally: request-access creates a pending invite and emails the admin;
seed approved npeter83; guinea-pig yt.trash2023 denied until approved.
2026-06-12 01:43:07 +02:00

50 lines
1.3 KiB
Python

from fastapi import APIRouter, Depends
from sqlalchemy import func, select
from sqlalchemy.orm import Session
from app.auth import current_user, has_write_scope
from app.db import get_db
from app.models import Invite, User
router = APIRouter(prefix="/api/me", tags=["me"])
@router.get("")
def get_me(
user: User = Depends(current_user), db: Session = Depends(get_db)
) -> dict:
pending_invites = 0
if user.role == "admin":
pending_invites = (
db.scalar(
select(func.count())
.select_from(Invite)
.where(Invite.status == "pending")
)
or 0
)
return {
"id": user.id,
"email": user.email,
"display_name": user.display_name,
"avatar_url": user.avatar_url,
"role": user.role,
"can_write": has_write_scope(user),
"pending_invites": pending_invites,
"preferences": user.preferences or {},
}
@router.put("/preferences")
def update_preferences(
preferences: dict,
user: User = Depends(current_user),
db: Session = Depends(get_db),
) -> dict:
# Merge so partial updates don't wipe other keys.
merged = dict(user.preferences or {})
merged.update(preferences)
user.preferences = merged
db.add(user)
db.commit()
return {"preferences": merged}