phase A: user accounts + session-cookie auth
Replaces the static bearer-token gate with a real auth boundary. The existing CASSANDRA_TOKEN path is retained as an admin / scripting escape hatch — kept compatible by aliasing require_token to require_auth. - New users table (migration 0007): email, argon2 password_hash, tier, email_verified (declared but not enforced until phase E), settings_json for the tone/analysis/anchor knobs we'll wire in phase D. - app/services/auth_service.py: argon2-cffi password hashing with timing- attack-resistant authenticate() (always runs a hash verify even on unknown-email to deny a username-enumeration oracle). - app/auth.py rewritten: require_auth returns a CurrentUser with either is_admin=True (bearer path) or a User object (session path). Failing requests get 303 → /login for HTML, 401 for API. Sessions signed with itsdangerous against CASSANDRA_SESSION_SECRET; 14-day TTL. - app/routers/auth.py: /login, /signup, /logout. Login form preserves the ?next=… param for redirect-after-login. Signup respects a new CASSANDRA_SIGNUP_ENABLED flag. - Standalone /login + /signup templates (no app chrome). base.html grows a user chip + logout link in the header (reads request.state.current_user). Phase A's main known limitations are documented in the plan: email verification is declared but not enforced; session revocation is best-effort (cookie-only, not DB-backed). Both land in phase E. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
8a155ef157
commit
480fd311c5
12 changed files with 644 additions and 21 deletions
|
|
@ -187,6 +187,23 @@ class Position(Base):
|
|||
snapshot: Mapped[PortfolioSnapshot] = relationship(back_populates="positions")
|
||||
|
||||
|
||||
class User(Base):
|
||||
"""A multi-user account. Phase A wires login + session cookies; phase C
|
||||
adds owner_user_id FKs across portfolios/snapshots/positions so data
|
||||
becomes properly tenant-scoped."""
|
||||
__tablename__ = "users"
|
||||
id: Mapped[int] = mapped_column(Integer, primary_key=True, autoincrement=True)
|
||||
email: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
password_hash: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||
tier: Mapped[str] = mapped_column(String(16), default="free") # free | paid | enterprise
|
||||
email_verified: Mapped[bool] = mapped_column(Boolean, default=False)
|
||||
settings_json: Mapped[dict | None] = mapped_column(JSON)
|
||||
created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), default=utcnow)
|
||||
last_login_at: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
|
||||
|
||||
__table_args__ = (UniqueConstraint("email", name="uq_users_email"),)
|
||||
|
||||
|
||||
class InstrumentMap(Base):
|
||||
"""Maps T212's tickers/shortnames to Yahoo Finance tickers so we can
|
||||
refresh prices via Yahoo after a user uploads a T212 pie CSV.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue