Giorgio Gilestro
9759080134
Lays the billing-prep spine before Paddle lands in D.3.
D.1 — referrals
- users.referral_code: unique 8-char URL-safe code (alphabet excludes the
ambiguous 0/O/1/I/L). Generated lazily on first /settings hit so existing
accounts pick one up without a backfill migration.
- users.referred_by_user_id + new referrals audit table (referrer,
referred, created_at, converted_at, credited_at). converted_at /
credited_at stay null until D.3 fills them via the Paddle webhook.
- POST /login accepts ?ref=<code>; the code rides on the signed
pending-verify cookie so it survives the GET → POST → /verify hop.
- /settings page: email, tier badge, referral code chip + invite link
with one-click copy, pending/converted/active-credits stats grid.
Settings nav link added to the top bar.
Reward shape: when the referred user makes their first paid Paddle
subscription, both they and the referrer get 50% off for 3 months.
(D.3 wires the actual credit application via the Paddle webhook.)
D.2 — paid-access gate
- users.credit_until: timestamp until which a free-tier account has
paid-tier access. Null = no credit. Populated by admin CLI now and the
D.3 webhook later.
- app.services.access exposes paid_status(user) → PaidStatus dataclass
(active / source / expires_at / days_remaining), is_paid_active() with
admin-bearer-token bypass, and a require_paid FastAPI dependency that
raises 402 Payment Required for free-tier callers.
- POST /api/analyze (portfolio AI commentary) gated behind require_paid.
- Settings page surfaces credit window when active ("free · credit · N
day(s) remaining (expires YYYY-MM-DD)") and the upgrade hint when not.
- Admin CLI: python -m app.cli {grant-credit,revoke-credit,show-status}.
grant-credit is idempotent — extends from max(now, current expiry) so
re-running the command never erodes an existing grant.
Migrations 0013 (referrals) and 0014 (credit_until). Tests cover the
paid-status truth table, code generation + normalisation, CLI argument
parsing, and the pending-cookie ref roundtrip (29 new tests).
47 lines
1.6 KiB
HTML
47 lines
1.6 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>Cassandra · Sign in</title>
|
|
<script>
|
|
(function() {
|
|
try { document.documentElement.dataset.theme = localStorage.getItem('cassandra.theme') || 'dark'; }
|
|
catch (e) { document.documentElement.dataset.theme = 'dark'; }
|
|
})();
|
|
</script>
|
|
<link rel="stylesheet" href="{{ url_for('static', path='/css/cassandra.css') }}" />
|
|
</head>
|
|
<body>
|
|
<div class="auth-shell">
|
|
<div class="auth-card">
|
|
<div class="auth-card__brand">Cassandra</div>
|
|
<div class="auth-card__hint">sign in with email</div>
|
|
|
|
{% if referrer_present %}
|
|
<div class="auth-info auth-info--invited">
|
|
<strong>You've been invited.</strong>
|
|
When you subscribe, you and your friend both get
|
|
<strong>50% off for 3 months</strong>. Sign up below to lock it in.
|
|
</div>
|
|
{% endif %}
|
|
|
|
<p class="auth-card__lede">
|
|
Enter your email and we'll send you a 6-digit code. No password.
|
|
First-time visitors get an account; returning visitors get a sign-in.
|
|
</p>
|
|
|
|
{% if error %}<div class="auth-error">{{ error }}</div>{% endif %}
|
|
|
|
<form method="post" action="/login" autocomplete="on">
|
|
<input type="hidden" name="next" value="{{ next_path or '/' }}">
|
|
{% if ref %}<input type="hidden" name="ref" value="{{ ref }}">{% endif %}
|
|
<label>Email
|
|
<input type="email" name="email" value="{{ email or '' }}" required autofocus>
|
|
</label>
|
|
<button type="submit">Send code</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|