Giorgio Gilestro
6e7f57c6b2
Server no longer holds portfolios. Holdings live in the browser (localStorage); the server publishes an anonymous ticker_universe and a gzipped /api/universe payload identical for every authenticated user, so access patterns can't betray which tickers a user holds. AI commentary is generated ephemerally from the browser-supplied pie and the cost ledger row records no positions. Migrations 0009-0011 added the universe table and dropped positions / portfolio_snapshots / portfolios. Authentication is now e-mail OTP only. Migration 0010 dropped password_hash and email_verified (every active session is by construction proof of email control). The /signup endpoint is gone; signup and login share a single email-entry page. Email rendering is HTML+plain-text multipart with a shared brand palette (app/branding.py) asserted in sync with the CSS by a drift-detection test. LLM provider defaults to DeepSeek-direct (cheaper, api.deepseek.com) with OpenRouter as automatic fallback if DeepSeek fails. ai_log_job and indicator_summary_job now iterate the two tones (NOVICE, INTERMEDIATE) per cycle so the dashboard's tone toggle is instant; PROMPT_VERSION bumped to 6 with an educational anti-TA / anti-gambling stance baked into _CORE. NOVICE mode renders a curated glossary inline (CBOE VIX, yield curve, HY OAS, etc.) with JS-positioned tooltips that survive viewport edges and sticky bars. Model name and tokens hidden from the user UI; still recorded in StrategicLog.model and AICall for admin. Layout adds a sticky top nav, a sticky bottom markets bar (one chip per exchange with status LED + headline index + 1d change), and Phase H feedback reporting is queued in tasks/todo.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
71 lines
2.4 KiB
Python
71 lines
2.4 KiB
Python
"""User authentication primitives.
|
|
|
|
Cassandra is **passwordless**. Every login is an email-OTP round-trip
|
|
(see app.services.otp_service + app.services.email_service). This module
|
|
just handles user-row lookup and create-on-first-sight.
|
|
|
|
The trade-off (see Phase G plan in tasks/todo.md):
|
|
- Server holds: email, tier, AI cost ledger. No portfolio, no broker keys.
|
|
- Loss of password gives up nothing of value to protect; gains: no
|
|
password-reset flows, no hash rotation, no stuffing/breach exposure.
|
|
- Every successful session is by construction proof of email control.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from email_validator import EmailNotValidError, validate_email
|
|
from sqlalchemy import select
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.db import utcnow
|
|
from app.models import User
|
|
|
|
|
|
class AuthError(Exception):
|
|
"""Raised on bad input. The message is safe to surface to the user."""
|
|
|
|
|
|
def _validate_email_or_raise(email: str) -> str:
|
|
try:
|
|
info = validate_email(email, check_deliverability=False)
|
|
return info.normalized.lower()
|
|
except EmailNotValidError as e:
|
|
raise AuthError(f"Invalid email: {e}")
|
|
|
|
|
|
async def get_user(session: AsyncSession, user_id: int) -> User | None:
|
|
return (await session.execute(
|
|
select(User).where(User.id == user_id)
|
|
)).scalar_one_or_none()
|
|
|
|
|
|
async def get_user_by_email(session: AsyncSession, email: str) -> User | None:
|
|
email = email.strip().lower()
|
|
return (await session.execute(
|
|
select(User).where(User.email == email)
|
|
)).scalar_one_or_none()
|
|
|
|
|
|
async def get_or_create_user(
|
|
session: AsyncSession,
|
|
email: str,
|
|
*,
|
|
create_if_missing: bool = True,
|
|
tier: str = "free",
|
|
) -> User:
|
|
"""Look up the user by email; create if absent and create_if_missing.
|
|
Raises AuthError on malformed email, or if create_if_missing=False
|
|
and the email is unknown.
|
|
|
|
Callers should set create_if_missing=False when CASSANDRA_SIGNUP_ENABLED
|
|
is false — i.e., the operator is running a closed deployment."""
|
|
email = _validate_email_or_raise(email)
|
|
user = await get_user_by_email(session, email)
|
|
if user is not None:
|
|
return user
|
|
if not create_if_missing:
|
|
raise AuthError("Sign-ups are currently disabled. Ask the operator.")
|
|
user = User(email=email, tier=tier, settings_json={}, created_at=utcnow())
|
|
session.add(user)
|
|
await session.commit()
|
|
await session.refresh(user)
|
|
return user
|