giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

phase A: user accounts + session-cookie auth

Browse source 
Replaces the static bearer-token gate with a real auth boundary. The
existing CASSANDRA_TOKEN path is retained as an admin / scripting escape
hatch — kept compatible by aliasing require_token to require_auth.

- New users table (migration 0007): email, argon2 password_hash, tier,
  email_verified (declared but not enforced until phase E), settings_json
  for the tone/analysis/anchor knobs we'll wire in phase D.
- app/services/auth_service.py: argon2-cffi password hashing with timing-
  attack-resistant authenticate() (always runs a hash verify even on
  unknown-email to deny a username-enumeration oracle).
- app/auth.py rewritten: require_auth returns a CurrentUser with either
  is_admin=True (bearer path) or a User object (session path). Failing
  requests get 303 → /login for HTML, 401 for API. Sessions signed with
  itsdangerous against CASSANDRA_SESSION_SECRET; 14-day TTL.
- app/routers/auth.py: /login, /signup, /logout. Login form preserves the
  ?next=… param for redirect-after-login. Signup respects a new
  CASSANDRA_SIGNUP_ENABLED flag.
- Standalone /login + /signup templates (no app chrome). base.html grows
  a user chip + logout link in the header (reads request.state.current_user).

Phase A's main known limitations are documented in the plan: email
verification is declared but not enforced; session revocation is
best-effort (cookie-only, not DB-backed). Both land in phase E.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Giorgio Gilestro 2026-05-16 11:12:10 +01:00
parent 8a155ef157
commit 480fd311c5
12 changed files with 644 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/config.py
View file

@ -40,6 +40,13 @@ class Settings(BaseSettings):
# App
CASSANDRA_TOKEN: str = ""
CASSANDRA_PORT: int = 8000
# Signing key for session cookies. Generate with:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# Falls back to CASSANDRA_TOKEN if unset (acceptable for single-host dev).
CASSANDRA_SESSION_SECRET: str = ""
# Set to false (or 0/no) to disable /signup after the first account is
# created. Phase A leaves this open so the operator can self-onboard.
CASSANDRA_SIGNUP_ENABLED: bool = True
CASSANDRA_BASE_CURRENCY: str = "GBP"
CASSANDRA_ANCHOR_DATE: str = ""
CASSANDRA_MOCK: bool = False